From: cvs2svn Import User Date: Fri, 12 Apr 2002 03:54:14 +0000 (+0000) Subject: This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to... X-Git-Url: http://git.samba.org/samba.git/?a=commitdiff_plain;h=ef3197889f53794a54274df5c2a6ff057d8afe51;hp=0e8fd3398771da2f016d72830179507f3edda51b;p=jra%2Fsamba%2F.git This commit was manufactured by cvs2svn to create branch 'SAMBA_3_0'.(This used to be commit 1c221b3e72b24b6b8bd0d14b6ce32cf701684a81) --- diff --git a/.cvsignore b/.cvsignore new file mode 100644 index 00000000000..30433041802 --- /dev/null +++ b/.cvsignore @@ -0,0 +1,2 @@ +ID +testtmp diff --git a/Manifest b/Manifest new file mode 100644 index 00000000000..18e2d89c3e9 --- /dev/null +++ b/Manifest @@ -0,0 +1,95 @@ +Copyright (C) 1997-1998 - Samba-Team + +The Samba package you have just unpacked contains the following: + +Directory Notes: +========= ====== + +docs (Samba Documentation): +---- ---------------------- + + The Samba documentation for the 2.0 release has had all the man pages + converted to YODL source format. Because of this the man pages + are now available in both traditional man page format (in + the doc/manpages directory) and in HTML format (in the + docs/htmldocs directory). + + The text documentation files have been moved into a + docs/textdocs directory and are in the (slow) process + of being converted to YODL source format to allow them + to be easily converted to HTML/SGML. + + Note in particular two files - docs/textdocs/_INSTALL.txt + and docs/textdocs/DIAGNOSIS.txt. + + There is the potential for there to be many *INSTALL.txt files, one + for each OS that Samba supports. However we are moving all this into + the new structure. For now, most people will be using UNIX_INSTALL.txt. + + Please pay close attention to all the files with a .txt extension + in the docs/textdocs directory. Most problems can be solved by reference + to the two files mentioned. + + The FAQ documentation can be accessed starting from Samba-meta-FAQ.html, + in the docs/faq directory. This is incomplete, but to quote from the + abstract, it: + + "contains overview information for the Samba suite of programs, + a quick-start guide, and pointers to all other Samba documentation. + Other FAQs exist for specific client and server issues, and HOWTO + documents for more extended topics to do with Samba software." + + +examples (Example configuration files): +-------- ------------------------------ + + Please pay close attention to the reference smb.conf file + smb.conf.default that has now been included as the master guide. + + Do read the smb.conf manual page in considering what settings are + appropriate for your site. + + +packaging (Only for those wishing to build binary distributions): +--------- ------------------------------------------------------- + + Currently support is included for the following Linux Distributions : + + Pacfic HiTech, RedHat and SuSE. + + In addition, packaging support is available for SGI and Solaris systems. + We hope that other Unix OS vendors will contribute their binary + distribution packaging control files - and we hope to make their binary + packages available on the master ftp site under: + + ftp://samba.org/pub/samba/Binary_Packages/"OS_Vendor" + + +source (The official Samba source files - expect more of these!): +------ ---------------------------------------------------------- + + To build your own binary files you will need a suitable ansi C + compiler. + + For Samba 2.0 the GNU autoconf system has been adopted. In + order to build a default Samba for your platform cd into + the source/ directory and then type : + + ./configure + + followed by : + + make + + To install the binaries built by the above type : + + make install + + then set up your configuration files. + + NOTE: OS Vendors who provide Samba binary packages will generally + integrate all Samba files into their preferred directory locations. + These may differ from the default location ALWAYS used by the Samba + sources. Please be careful when upgrading a vendor provided binary + distribution from files you have built yourself. + diff --git a/README b/README index b7ef5d55957..93c8cb133e7 100644 --- a/README +++ b/README @@ -1,60 +1,126 @@ -This is version 1.9 of Samba, the free SMB client and server for unix. +This is a development version of Samba, the free SMB and CIFS client and +server for unix and other operating systems. Samba is maintained by +the Samba Team, who support the original author, Andrew Tridgell. >>>> Please read THE WHOLE of this file as it gives important information >>>> about the configuration and use of Samba. +NOTE: Installation instructions may be found in + docs/htmldocs/UNIX_INSTALL.html + This software is freely distributable under the GNU public license, a copy of which you should have received with this software (in a file called COPYING). + +WHAT IS SMB? +============ + +This is a big question. + +The very short answer is that it is the protocol by which a lot of +PC-related machines share files and printers and other informatiuon +such as lists of available files and printers. Operating systems that +support this natively include Windows NT, OS/2, and Linux and add on +packages that achieve the same thing are available for DOS, Windows, +VMS, Unix of all kinds, MVS, and more. Apple Macs and some Web Browsers +can speak this protocol as well. Alternatives to SMB include +Netware, NFS, Appletalk, Banyan Vines, Decnet etc; many of these have +advantages but none are both public specifications and widely +implemented in desktop machines by default. + +The Common Internet Filesystem (CIFS) is what the new SMB initiative +is called. For details watch http://samba.org/cifs. + + +WHY DO PEOPLE WANT TO USE SMB? +============================== + +1. Many people want to integrate their Microsoft or IBM style desktop + machines with their Unix or VMS (etc) servers. + +2. Others want to integrate their Microsoft (etc) servers with Unix + or VMS (etc) servers. This is a different problem to integrating + desktop clients. + +3. Others want to replace protocols like NFS, DecNet and Novell NCP, + especially when used with PCs. + + WHAT CAN SAMBA DO? ================== -Here is a very short list of what samba includes, and what it does +Here is a very short list of what samba includes, and what it does. For +many networks this can be simply summarised by "Samba provides a complete +replacement for Windows NT, Warp, NFS or Netware servers." -- a SMB server, to provide LanManager style file and print services to PCs +- a SMB server, to provide Windows NT and LAN Manager-style file and print + services to SMB clients such as Windows 95, Warp Server, smbfs and others. -- a Netbios (rfc1001/1002) nameserver +- a NetBIOS (rfc1001/1002) nameserver, which amongst other things gives + browsing support. Samba can be the master browser on your LAN if you wish. - a ftp-like SMB client so you can access PC resources (disks and -printers) from unix +printers) from unix, Netware and other operating systems - a tar extension to the client for backing up PCs +- limited command-line tool that supports some of the NT administrative + functionality, which can be used on Samba, NT workstation and NT server. + +For a much better overview have a look at the web site at +http://samba.org/samba, and browse the user survey. + Related packages include: -- ksmbfs, a linux-only filesystem allowing you to mount remote SMB -filesystems from PCs on your linux box +- smbfs, a linux-only filesystem allowing you to mount remote SMB +filesystems from PCs on your linux box. This is included as standard with +Linux 2.0 and later. - tcpdump-smb, a extension to tcpdump to allow you to investigate SMB -networking problems over netbeui and tcp/ip +networking problems over netbeui and tcp/ip. + +- smblib, a library of smb functions which are designed to make it +easy to smb-ise any particular application. See +ftp://samba.org/pub/samba/smblib. CONTRIBUTIONS ============= If you want to contribute to the development of the software then -please join the mailing list. I accept patches (preferably in -"diff -u" format) and am always glad to receive feedback or suggestions. +please join the mailing list. The Samba team accepts patches +(preferably in "diff -u" format, see docs/BUGS.txt for more details) +and are always glad to receive feedback or suggestions to the address +samba-bugs@samba.org. We have recently put a new bug tracking +system into place which should help the throughput quite a lot. You +can also get the Samba sourcecode straight from the CVS tree - see +http://samba.org/cvs.html. You could also send hardware/software/money/jewelry or pizza -vouchers directly to me. The pizza vouchers would be especially -welcome :-) +vouchers directly to Andrew. The pizza vouchers would be especially +welcome, in fact there is a special field in the survey for people who +have paid up their pizza :-) -If you like a particular feature then look through the change-log and -see who added it, then send them an email. +If you like a particular feature then look through the CVS change-log +(on the web at http://samba.org/cgi-bin/cvsweb/samba) and see +who added it, then send them an email. Remember that free software of this kind lives or dies by the response we get. If noone tells us they like it then we'll probably move onto -something else. +something else. However, as you can see from the user survey quite a lot of +people do seem to like it at the moment :-) Andrew Tridgell -Email: samba-bugs@anu.edu.au +Email: samba-bugs@samba.org 3 Ballow Crescent Macgregor, A.C.T. 2615 Australia +Samba Team +Email: samba-bugs@samba.org + MORE INFO ========= @@ -64,26 +130,34 @@ DOCUMENTATION There is quite a bit of documentation included with the package, including man pages, and lots of .txt files with hints and useful -info. +info. This is also available from the web page. There is a growing +collection of information under docs/faq; by the next release expect +this to be the default starting point. -FTP SITE --------- +A list of Samba documentation in languages other than English is +available on the web page. + +If you would like to help with the documentation (and we _need_ help!) +then have a look at the mailing list samba-docs, archived at +http://lists.samba.org/ -The main anonymous ftp distribution site for this software is -nimbus.anu.edu.au in the directory pub/tridge/samba/. MAILING LIST ------------ There is a mailing list for discussion of Samba. To subscribe send -mail to listproc@anu.edu.au with a body of "subscribe samba Your Name" +mail to listproc@samba.org with a body of "subscribe samba Your Name" +Please do NOT send this request to the list alias instead. To send mail to everyone on the list mail to samba@listproc.anu.edu.au -There is also an announcement mailing list where I announce new -versions. To subscribe send mail to listproc@anu.edu.au with a body -of "subscribe samba-announce Your Name". All announcements also go to -the samba list. +There is also an announcement mailing list where new versions are +announced. To subscribe send mail to listproc@samba.org with a +body of "subscribe samba-announce Your Name". All announcements also +go to the samba list. + +For details of other Samba mailing lists and for access to archives, see +http://lists.samba.org/ NEWS GROUP @@ -94,7 +168,7 @@ comp.protocols.smb as it often contains lots of useful info and is frequented by lots of Samba users. The newsgroup was initially setup by people on the Samba mailing list. It is not, however, exclusive to Samba, it is a forum for discussing the SMB protocol (which Samba -implements). +implements). The samba list is gatewayed to this newsgroup. WEB SITE @@ -102,10 +176,9 @@ WEB SITE A Samba WWW site has been setup with lots of useful info. Connect to: -http://lake.canberra.edu.au/pub/samba/ - -It is maintained by Paul Blackman (thanks Paul!). You can contact him -at ictinus@lake.canberra.edu.au. - +http://samba.org/samba/ +As well as general information and documentation, this also has searchable +archives of the mailing list and a user survey that shows who else is using +this package. Have you registered with the survey yet? :-) diff --git a/Read-Manifest-Now b/Read-Manifest-Now new file mode 100644 index 00000000000..e69de29bb2d diff --git a/Roadmap b/Roadmap new file mode 100644 index 00000000000..83b0bcc0e6b --- /dev/null +++ b/Roadmap @@ -0,0 +1,45 @@ +Copyright (C) 1997-1999 - Samba-Team + +The Samba-Team are committed to an aggressive program to deliver quality +controlled software to a well defined roadmap. + +The current Samba release 2.0.4 is called the "NT Security update". + +It correctly implements the Windows NT specific SMB calls, +and will operate correctly as a client in a Windows NT +Domain environment. + +In addition, the first implementation of the Web-based GUI +management tool ships with 2.0.0, thus fullfilling some of +the commitments made in the 1.9.18 release Roadmap document. + +Some work has been done on ensuring compatibility with +Windows NT 5.0 (now Windows 2000 :-) although this is +a somewhat (slowly) moving target. + +The following development objectives for future releases +are in place: + +---------------------------------------------------------------------------- +2.0.x - "NT Security update" - Allowing Windows NT Clients to + manipulate file security and ownership using native tools. + +Note that the "NT Security update" part of the Roadmap has been +achieved with the Samba 2.0.4 release. + +2.0.xx - "Thin Server" mode, allowing a Samba server to be + inserted into a network with no UNIX setup required. + Some management capabilities for Samba using native NT tools. + Provision of command-line equivalents to native NT tools. + +2.X - "Domain Controller" - able to serve as a Windows NT PDC. + +X.XX - "Full Domain Integration" - allowing both PDC and BDC modes. + +Note that it is a given that the Samba Team will continue to track +Windows (NT/2000) update releases, ensuring that Samba will work +well with whatever "Beta" releases Redmond throws our way :-). + +You may also note that the release numbers get fuzzier the +further into the future the objectives get. This is intentional +as we cannot yet commit to exact timeframes. diff --git a/WHATSNEW.txt b/WHATSNEW.txt new file mode 100644 index 00000000000..3a30b7b1efc --- /dev/null +++ b/WHATSNEW.txt @@ -0,0 +1,317 @@ + WHATS NEW IN Samba 3.0 alphaX + ============================= + +Changes in alpha17 +- OpenLinux packaging updates (jht) +- Locking updates - fix zero timeout (tridge, jra) +- Default ACL support (jra, based on code from Olaf Frczyk ) +- printing updates - spoolss stuff (tpot) +- 'make install' directory creation fixes (abartlet) +- Lots of fixes for SID handling, local v domain sids etc +- better mangle debugging (abartlet) +- fixes to allow 'net' to return more than 1000 users from ADS (jmcd) + - winbind support to come very shortly +- lock some more tdbs to allow concurrent access for backups +- 'net' help cleanups (jmcd) +- 'net join' automatic transport detection + +Changes in alpha16 +- LDAP schema updates (jerry) +- initial ADS LDAP printer advertising (jmcd) +- spoolss and printing updates (tpot, jerry) + (the is the major update in this alpha, and work continues) +- Winbindd connection cache improvements (abartlet) +- spnego segfault fixes (abartlet) +- net ads segfault fixes ( Alexander Bokovoy ) +- header cleanups (tpot) +- Serialise domain auth requests - win2k bug (tridge) +- fix winbind talloced memory leak (dleducq@arkoon.net, tridge) +- call unmangle in don_unmangle (abartlet) +- UTF8 Charset functions - for ADS LDAP calls (Hasch@t-online.de) +- Fix security tab for mapped drives on unicode clients (tridge) +- Better configure tests for snprintf and immidiate structures (abartlet) +- allow 'passdb backend = plugin : /path/to/plugin.so : plguin args' + (loads a passdb module) (Jelmer Vernooij ) +- change the way we store our domain join info - you will need to +rejoin the domain (tridge) +- xcopy /o fixes (tridge) +- fix the 'convert_string' level 0 debugs. +- Patch for Domain users not showing up from "Ivan Zhakov" +- tdb backup support +- The beginning of trusted and trusting domain support - net commands + (Rafal Szczesniak ) +- nmbd signal processing fixes (jra) +- lseek-on-pipe support (jra) +- Allow Samba to trust NT4 Domains (abartlet) +- LDAPsam updates (abartlet): + - Now runtime selectable (when configured) + - ldap user suffix and ldap group suffix support. + - non unix account support + - select with 'passdb backend = ldapsam' or 'passdb backend = + ldapsam_nua' +- start to allow NT4 domains to trust Samba, netlogon fixes (abartlet) +- make default unix charset UTF8 (tridge) +- Fix SIGSEGV on error message when trying to add a user to smbpasswd +file without a unix account (jmcd) +- better detection of dead ADS connections, so we have some chance of +reconnecting (tridge) +- removed bogus prepend_domain() call which was screwing up getpwuid() +with the new default domain code +- Domain/workstation SID fixes. +- patch from Alexey Kotovich that adds + the security decsriptor code for ADS workstation accounts. + (allow self password change, self remove) + (after much review and disscussion with abartlet and tridge) + +Changes in alpha15 +- Improvements in pam_winbind/winbindd_pam.c: (abartlet) + - Much better error reporting + - Password changing is now stackable + - now returns multiple PAM errors based on the NTSTATUS + that winbind got. + - returns an error string the client can use in their own logs. +- Print form updates (tpot) +- added 'wbinfo --sequence' to show sequence numbers of + all domains (tridge) +- better winbind memory mangement (tridge) +- make signal processing work correctly in winbindd + Michael Steffens +- Inital ADS printer publishing work. (jmcd) +- Debian packaging +- large debian packaging checking from Eloy. (merge by jerry) +- Make smbgroupedit a little easier on the user (select groups + by name rather than by sid) (abartlet) +- rework parts of smbtorture (tridge) + +Changes in alpha14 +- 'Winbind Default Domain' support: + This allows winbind to supply usernames without a 'DOMAIN\' + prefix. Particularly handy for shell and e-mail servers, + as well as Unix workstations in NT domains. +- Associated cleanups in winbindd and smbd. + (Alexander Bokovoy and + abartlet) +- Winbind protocol changes for better Squid intergration + (current version is 3) (abartlet) +- pam_winbind password changing + (Samuel Ziegler , tpot) +- runtime selectable pluggable passdb interface. + (abartlet) +- 'non unix account' support (abartlet) + (This allows machines and even users not to exist + in /etc/passwd) +- Inital implementation of the WINS replication deamon + (jfm) +- Changes for better winbind PDC/BDC failover support + (tpot) +- Various Winbind/ADS mode stabilty and flexablity fixes + (tridge) +- Mangle names like .bashrc properly (trige) +- CIFS UNIX extensions (client and server) (jra) +- Universal group support outside smbd (via a cache) + (Alexander Bokovoy ) +- Write cache fixes (jra) + +Changes in alpha13 +- updates to try to get more out-of-the-box compiles + (mostly kerberos and ldap stuff) (various) +- 'net rpc shutdown' remote shutdown of servers + (abartlet, original code from idra) +- authentication subsystem rework, including move to + new RPC client code (abartlet) +- winbind changes: + - use new client code (abartlet) + - change winbind_auth_pam_crap interface for squid's + benifit. (abartlet) + - new interface versioning functionality (abartlet) + - cope better when inteface does change (tpot) + - better winbind trusted domain code (tpot) +- doc updates (jerry) +- new NTSTAUS -> DOS error map (abartlet) +- large user list (> 1500) enumeration (jra) +- dmalloc support (mbp) +- spoolss changes (tpot) +- talloc accounting (mbp) +- rename fixes (jra) +- smbmount trivial fixup (abartlet) +- start of new unix extenions to CIFS (jra) + +Changes in alpha12 +- doc updates (jerry) +- store domain sid on ADS join (tridge) +- allow a winbind username on ADS connection (tridge) + +Changes in alpha11 +- fixed fallback to "ads server" option (tridge) +- fix ACL failure on HP HFS (jra) +- net ads password and net ads chostpass commands (Remus Koos) +- fixed valid char array generation (tridge) +- fixed QFS_INFO for win98 long filenames (tridge) +- added net lookup command (tridge) +- fixed map to guest with spnego (tridge) +- fixed irix warnings (tridge) + + +Changes in alpha10 +- hide unreadable fix using acl fns (jra) +- lsa_open_policy cleanup (jfm) +- mangled directories fix (jra) +- fix error return on bad pipe (jra) +- fix homes share with no home dir (tpot) +- fixed handling of dead or empty domains in winbindd (tridge) +- added talloc torture program (mbp) +- talloc debug code (mbp) +- added trusted domains to winbindd/ADS (tridge) +- fix trusted domains in auth code (tridge) +- new gss error handling code (a.bokovoy@sam-solutions.net & tridge) +- support mixed ADS/NT4 domains (tridge) + +Changes in alpha9 +- nicer net error messages (tpot) +- trust account patches (mimir) +- solaris link option update (davecb) +- added lsa_query_secobj() server fn (jfm) +- spoolss changeid fix (jerry) +- domain auth error fix (jmcd) +- HPUX acl code (jra) +- set filetime on close fix (jra) +- allow select of org unit in ads join (tridge) + +Changes in alpha8 +- fixed compile of wb_client.c (tridge) +- fixed net time to use localtime (tridge) +- net help cleanups (jmcd) +- debug level fix (tpot) +- utmp string length fixes (monyo) + + +Changes in alpha7 + +- added "net ads info" to probe basic into on your ads server without + any authentication +- improved some error handling + +Changes in alpha6 + +- added "net time zone" command (tridge) +- pam_smbpass updates (a.bokovoy@sam-solutions.net) +- irix updates (herb) +- net rpc join handles existing machine acct (tridge) + +Changes in alpha5 + +- added "net time" command (tridge) +- allow client tools to specify a hostname of form HOST#xx (tridge) +- added wbinfo --set-auth-user (tpot) +- added lsaquerysecobj to rpcclient (tpot) + +Changes in alpha4 + +- fixed nexus/win9x user list (jfm) +- fixed large user/group lists in winbindd (tridge) +- fixed gssapi headers in redhat (jmcd) +- fixed rap error code handling (jra) +- more usermanager rpc calls (jfm) +- re-added RAP calls at top level to net command (tridge) + +Changes in alpha3 + +- fixed a silly tdb bug in alpha2 that affected internal databases + +Changes in alpha2 + +- we no longer use cyrus-sasl for LDAP SASL/gssapi. This makes our ADS + code much more robust. +- winbindd cache code rewritten to be much more efficient. It also + copes much better with server outages. +- jfm implemented full group mapping and smb.conf option 'domain admin + group' is now gone. Consult the GROUP-MAPPING-HOWTO.txt to know how + to gain back administrator rights. +- docs update started +- numerous small bugfixes + +Changes in alpha1 + + - winbindd now uses LDAP and works correctly with an ADS server in + native mode + - XFS quotas code on Linux + - group mapping code from JFM + - "net rpc join" command replaces smbpasswd -j + - fixed winbind initgroups + +-------------- + +This is a pre-release of Samba 3.0 alpha0. This is NOT a stable +release. Use at your own risk. + +The purpose of this alpha release is to get wider testing of the major +new pieces of code in the current Samba 3.0 development tree. We are +planning on ceasing development on the 2.2.x release of Samba very +shortly and after that we will be concentrating on Samba 3.0. To +reduce the time before the final Samba 3.0 release we need as many +poeple as possible to start testing these alpha releases, and +hopefully giving us some high quality feedback on what needs fixing. + +Note that Samba 3.0 is not anywhere near feature complete yet. There +is a lot more coding we have planned, but unless we get what we have +done already more widely tested we will have a hard time doing a +stable release in a reasonable time frame. + +This release is also missing major pieces of documentation, and there +are many parts of the docs that have not been updated to reflect the +new options and features in 3.0. + +Major new features: +------------------- + +- Active Directory support. This release is able to join a ADS realm + as a member server and authenticate users using + LDAP/kerberos. Please read ADS-HOWTO.txt in the release for a very + rough guide on how to set this up. + +- Unicode support. Samba will now negotiate unicode on the wire and + interally there is now a much better infrastructure for multi-byte + and unicode character sets. You may need the "dos charset", "unix + charset" and "display charset" options. The unicode support is not + yet documented. + +- New authentication system. The internal authentication system has + been almost completely rewritten. Most of the changes are internal, + but the new auth system is also very configurable. Not documented + yet. + +- new filename mangling system. The filename mangling system has been + completely rewritten. An internal database now stores mangling maps + persistantly. This needs lots of testing. + +- new "net" command. A new "net" command has been added. It is + somewhat similar to the "net" command in windows. Eventually we plan + to replace a bunch of other utilities (such as smbpasswd) with + subcommands in "net", at the moment only a few things are + implemented. + +- Samba now negotiates NT-style status32 codes on the wire. This + improves error handling a lot. + +- better w2k printing support. The support for printing from win2000 + clients has improved greatly. + +Plus lots of other changes! + +Note that many new features are not documented. Don't let this stop +you from using Samba 3.0. It is particularly important that the basic +file/print serving abilities of Samba 3.0 are widely tested to ensure +that we have not broken any of the basic functionality. As we do more +alpha releases we will start to document the new features. + + +Reporting bugs & Development Discussion +--------------------------------------- + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.openprojects.net + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. + diff --git a/docs/OID/allocated-arcs.txt b/docs/OID/allocated-arcs.txt new file mode 100644 index 00000000000..acef4930eae --- /dev/null +++ b/docs/OID/allocated-arcs.txt @@ -0,0 +1,19 @@ +!=========================================================================================== +!== +!== Allocated Arcs from the Samba Team Private Enterprise Number +!== ISO(1) org(3) dod(6) internet(1) private(4) enterprise(1) Samba(7165) +!== +!== Arc allocation is maintained by jerry carter . Please notify +!== me if you need an OID and update this file. +!== +!== File Created : Tue May 8 09:33:31 CDT 2001 +!== +!=========================================================================================== + +ARC Owner Contact Purpose +--- ----- ------- ------- +.1 Plainjoe.org Jerry Carter Use for Plainjoe.org domain + and examples in O'Reilly LDAP book +.2 Samba 2.2. Release jerry@samba.org schema for representing smbpasswd +.3 Jean-Francois.Micouleau@dalalu.fr Experiemental SNMP fun + diff --git a/docs/OID/samba-oid.mail b/docs/OID/samba-oid.mail new file mode 100644 index 00000000000..d1ad668f880 --- /dev/null +++ b/docs/OID/samba-oid.mail @@ -0,0 +1,27 @@ +From gruiz@icann.org Tue May 8 04:27:07 2001 +Date: Tue, 26 Sep 2000 15:29:02 -0700 +From: GIGI RUIZ +To: jerry@samba.org +Cc: "Iana-Mib (E-mail)" +Subject: PEN 7165 RE: Application for Enterprise-number + + [ The following text is in the "iso-8859-1" character set. ] + [ Your display is set for the "US-ASCII" character set. ] + [ Some characters may be displayed incorrectly. ] + +Gerald, + +We have assigned Private Enterprise Number 7165 to SAMBA Team, with you as +the point of contact. Please confirm the information listed below. + +7165 SAMBA Team Gerald Carter jerry@samba.org + +Sincerely, + +Gigi Ruiz +Internet Assigned Numbers Authority - MIB + +Voice: (310) 823-9358 +Fax: (310) 823-8649 +EMAIL: iana-mib@iana.org + diff --git a/docs/README.Win2kSP2 b/docs/README.Win2kSP2 new file mode 100644 index 00000000000..49a8fbf4ae1 --- /dev/null +++ b/docs/README.Win2kSP2 @@ -0,0 +1,56 @@ +!== +!== README.Win2kSP2 +!== + +Author: Gerald (Jerry) Carter + +================================================================== + +There are several annoyances with Windows 2000 SP2. One of which +only appears when using a Samba server to host user profiles +to Windows 2000 SP2 clients in a Windows domain. This assumes +that Samba is a member of the domain, but the problem will +likely occur if it is not. + +In order to server profiles successfully to Windows 2000 SP2 +clients (when not operating as a PDC), Samba must have + + nt acl support = no + +added to the file share which houses the roaming profiles. +If this is not done, then the Windows 2000 SP2 client will +complain about not being able to access the profile (Access +Denied) and create multiple copies of it on disk (DOMAIN.user.001, +DOMAIN.user.002, etc...). See the smb.conf(5) man page +for more details on this option. Also note that the "nt acl support" +parameter was formally a global parameter in releases prior +to Samba 2.2.2. + +The following is a minimal profile share + + [profile] + path = /export/profile + create mask = 0600 + directory mask = 0700 + nt acl support = no + read only = no + +The reason for this bug is that the Win2k SP2 client copies +the security descriptor for the profile which contains +the Samba server's SID, and not the domain SID. The client +compares the SID for SAMBA\user and realizes it is +different that the one assigned to DOMAIN\user. Hence the reason +for the "access denied" message. + +By disabling the "nt acl support" parameter, Samba will send +the Win2k client a response to the QuerySecurityDescriptor +trans2 call which causes the client to set a default ACL +for the profile. This default ACL includes + + DOMAIN\user "Full Control" + + +NOTE : This bug does not occur when using winbind to +create accounts on the Samba host for Domain users. + + diff --git a/docs/README.Win32-Viruses b/docs/README.Win32-Viruses new file mode 100644 index 00000000000..07f03360cbc --- /dev/null +++ b/docs/README.Win32-Viruses @@ -0,0 +1,58 @@ +While this article is specific to the recent Nimda worm, +the information can be applied to preventing the spread +of many Win32 viruses. Thanks to the Samba Users Group of Japan +(SUGJ) for this article. +=============================================================================== +Steps againt Nimba Worm for Samba + +Author: HASEGAWA Yosuke +Translator: TAKAHASHI Motonobu + +The information in this article applies to + Samba 2.0.x + Samba 2.2.x + Windows 95/98/Me/NT/2000 + +SYMPTOMS + This article has described the measure against Nimba Worm for Samba + server. + +DESCRIPTION + Nimba Worm is infected through the shared disk on a network besides + Microsoft IIS, Internet Explorer and mailer of Outlook series. + + At this time, the worm copies itself by the name *.nws and *.eml on + the shared disk, moreover, by the name of Riched20.dll in the folder + where *.doc file is included. + + To prevent infection through the shared disk offered by Samba, set + up as follows: + +----- +[global] + ... + # This can break Administration installations of Office2k. + # in that case, don't veto the riched20.dll + veto files = /*.eml/*.nws/riched20.dll/ +----- + + Setting up "veto files" parameter, the matched files on the Samba + server are completely hidden from the clients and become impossible + to access them at all. + + In addition to it, the following setting are also pointed out by the + samba-jp:09448 thread: when the + "(Jreadme.txt.{3050F4D8-98B5-11CF-BB82-00AA00BDCE0B}"(B file exists on + a Samba server, it is visible only with "readme.txt" and a dangerous + code may be performed when this file is double-clicked. + + Setting the following, +----- + veto files = /*.{*}/ +----- + no files having CLSID in its file extension can be accessed from any + clients. + +This technical article is created based on the discussion of +samba-jp:09448 and samba-jp:10900 threads. + diff --git a/docs/README.ldap b/docs/README.ldap new file mode 100644 index 00000000000..451e27b8bf3 --- /dev/null +++ b/docs/README.ldap @@ -0,0 +1 @@ +The schema file is stored in ../examples/LDAP/samba.schema diff --git a/docs/Registry/NT4-Locking.reg b/docs/Registry/NT4-Locking.reg new file mode 100644 index 00000000000..6175fd51459 --- /dev/null +++ b/docs/Registry/NT4-Locking.reg @@ -0,0 +1,24 @@ +REGEDIT4 + +;Contributor: John H Terpstra +;Corrected: Stefan Kanthak +;Updated: Jun 25, 2001 +; +;Subject: Registry Entries That Affect Locking and Caching + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters] +"BufFilesDenyWrite"=dword:00000000 +"BufNamedPipes"=dword:00000000 +"UseOpportunisticLocking"=dword:00000000 +"DormantFileLimit"=dword:00000000 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkstation\Parameters\Linkage] +"UtilizeNtCaching"=dword:00000000 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Filesystem] +"Win95TruncatedExtensions"=dword:00000000 +"NTFSDisable8dot3NameCreation"=dword:00000001 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters] +"EnableOpLockForceClose"=dword:00000001 +"EnableOpLocks"=dword:00000000 diff --git a/docs/Registry/NT4_PlainPassword.reg b/docs/Registry/NT4_PlainPassword.reg new file mode 100644 index 00000000000..b30db150c24 --- /dev/null +++ b/docs/Registry/NT4_PlainPassword.reg @@ -0,0 +1,11 @@ +REGEDIT4 + +;Contributor: Tim Small (tim.small@virgin.net) +;Updated: 20 August 1997 +;Status: Current +; +;Subject: Registry file to enable plain text passwords in NT4-SP3 and later + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] +"EnablePlainTextPassword"=dword:00000001 + diff --git a/docs/Registry/Win2000_PlainPassword.reg b/docs/Registry/Win2000_PlainPassword.reg new file mode 100644 index 00000000000..e0ae280b1c2 --- /dev/null +++ b/docs/Registry/Win2000_PlainPassword.reg @@ -0,0 +1,11 @@ +REGEDIT4 + +;Contributor: Herb Lewis (herb@sgi.com) +;Updated: 16 July 1999 +;Status: Current +; +;Subject: Registry file to enable plain text passwords in Windows 2000 + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanWorkStation\Parameters] +"EnablePlainTextPassword"=dword:00000001 + diff --git a/docs/Registry/Win95_PlainPassword.reg b/docs/Registry/Win95_PlainPassword.reg new file mode 100644 index 00000000000..9dd3103689c --- /dev/null +++ b/docs/Registry/Win95_PlainPassword.reg @@ -0,0 +1,4 @@ +REGEDIT4 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP] +"EnablePlainTextPassword"=dword:00000001 diff --git a/docs/Registry/Win98_PlainPassword.reg b/docs/Registry/Win98_PlainPassword.reg new file mode 100644 index 00000000000..9dd3103689c --- /dev/null +++ b/docs/Registry/Win98_PlainPassword.reg @@ -0,0 +1,4 @@ +REGEDIT4 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP] +"EnablePlainTextPassword"=dword:00000001 diff --git a/docs/Registry/Win9X-CacheHandling.reg b/docs/Registry/Win9X-CacheHandling.reg new file mode 100644 index 00000000000..265e335b402 --- /dev/null +++ b/docs/Registry/Win9X-CacheHandling.reg @@ -0,0 +1,7 @@ +REGEDIT4 + +; Contributor: John H Terpstra +; Date: Feb 15, 1999 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VREDIR] +"DiscardCacheOnOpen"=string:00000001 diff --git a/docs/Registry/WinME_PlainPassword.reg b/docs/Registry/WinME_PlainPassword.reg new file mode 100644 index 00000000000..9dd3103689c --- /dev/null +++ b/docs/Registry/WinME_PlainPassword.reg @@ -0,0 +1,4 @@ +REGEDIT4 + +[HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\VxD\VNETSUP] +"EnablePlainTextPassword"=dword:00000001 diff --git a/docs/Registry/WinXP_SignOrSeal.reg b/docs/Registry/WinXP_SignOrSeal.reg new file mode 100644 index 00000000000..f6f4b4cd91c --- /dev/null +++ b/docs/Registry/WinXP_SignOrSeal.reg @@ -0,0 +1,11 @@ +Windows Registry Editor Version 5.00 + +; +; This registry key is needed for a Windows XP Client to join +; and logon to a Samba domain. Note: Samba 2.2.3a contained +; this key in a broken format which did nothing to the registry - +; however XP reported "registry key imported". If in doubt +; check the key by hand with regedit. + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters] +"requiresignorseal"=dword:00000000 diff --git a/docs/Registry/WindowsTerminalServer.reg b/docs/Registry/WindowsTerminalServer.reg new file mode 100644 index 00000000000..73c3b177d20 --- /dev/null +++ b/docs/Registry/WindowsTerminalServer.reg @@ -0,0 +1,7 @@ +REGEDIT4 + +;Subject: Registry file to force multiple NT terminal server users to have their own connections. + +[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Rdr\Parameters] +"MultipleUsersOnConnection"=dword:00000000 + diff --git a/docs/Samba-HOWTO-Collection.pdf b/docs/Samba-HOWTO-Collection.pdf new file mode 100644 index 00000000000..2d9a2009ac3 --- /dev/null +++ b/docs/Samba-HOWTO-Collection.pdf @@ -0,0 +1,3370 @@ +%PDF-1.2 +%âãÏÓ +1 0 obj<>endobj +2 0 obj<>endobj +3 0 obj<>endobj +4 0 obj<>endobj +5 0 obj<>endobj +6 0 obj<>endobj +7 0 obj<>endobj +8 0 obj<>endobj +9 0 obj<>endobj +10 0 obj<>endobj +11 0 obj<>endobj +12 0 obj<>endobj +13 0 obj<>endobj +14 0 obj<>endobj +15 0 obj<>endobj +16 0 obj<>endobj +17 0 obj<>endobj +18 0 obj<>endobj +19 0 obj[14 0 R +16 0 R +18 0 R +]endobj +20 0 obj<>endobj +21 0 obj<>endobj +22 0 obj[21 0 R +]endobj +23 0 obj<>endobj +24 0 obj<>endobj +25 0 obj<>endobj +26 0 obj<>endobj +27 0 obj<>endobj +28 0 obj<>endobj +29 0 obj[24 0 R +26 0 R +28 0 R +]endobj +30 0 obj<>endobj +31 0 obj<>endobj +32 0 obj<>endobj +33 0 obj<>endobj +34 0 obj[31 0 R +33 0 R +]endobj +35 0 obj<>endobj +36 0 obj<>endobj +37 0 obj[36 0 R +]endobj +38 0 obj<>endobj +39 0 obj<>endobj +40 0 obj<>endobj +41 0 obj<>endobj +42 0 obj[39 0 R +41 0 R +]endobj +43 0 obj<>endobj +44 0 obj<>endobj +45 0 obj<>endobj +46 0 obj<>endobj +47 0 obj<>endobj +48 0 obj<>endobj +49 0 obj[44 0 R +46 0 R +48 0 R +]endobj +50 0 obj<>endobj +51 0 obj<>endobj +52 0 obj[51 0 R +]endobj +53 0 obj<>endobj +54 0 obj<>endobj +55 0 obj<>endobj +56 0 obj<>endobj +57 0 obj<>endobj +58 0 obj<>endobj +59 0 obj<>endobj +60 0 obj<>endobj +61 0 obj<>endobj +62 0 obj<>endobj +63 0 obj<>endobj +64 0 obj<>endobj +65 0 obj[54 0 R +56 0 R +58 0 R +60 0 R +62 0 R +64 0 R +]endobj +66 0 obj<>endobj +67 0 obj<>endobj +68 0 obj<>endobj +69 0 obj<>endobj +70 0 obj<>endobj +71 0 obj<>endobj +72 0 obj[67 0 R +69 0 R +71 0 R +]endobj +73 0 obj<>endobj +74 0 obj<>endobj +75 0 obj<>endobj +76 0 obj<>endobj +77 0 obj<>endobj +78 0 obj<>endobj +79 0 obj<>endobj +80 0 obj<>endobj +81 0 obj<>endobj +82 0 obj<>endobj +83 0 obj<>endobj +84 0 obj[73 0 R +75 0 R +77 0 R +79 0 R +81 0 R +83 0 R +]endobj +85 0 obj<>endobj +86 0 obj<>endobj +87 0 obj[86 0 R +]endobj +88 0 obj<>endobj +89 0 obj<>endobj +90 0 obj<>endobj +91 0 obj<>endobj +92 0 obj<>endobj +93 0 obj<>endobj +94 0 obj<>endobj +95 0 obj<>endobj +96 0 obj[89 0 R +91 0 R +93 0 R +95 0 R +]endobj +97 0 obj<>endobj +98 0 obj<>endobj +99 0 obj<>endobj +100 0 obj<>endobj +101 0 obj<>endobj +102 0 obj<>endobj +103 0 obj<>endobj +104 0 obj<>endobj +105 0 obj[98 0 R +100 0 R +102 0 R +104 0 R +]endobj +106 0 obj<>endobj +107 0 obj<>endobj +108 0 obj[107 0 R +]endobj +109 0 obj<>endobj +110 0 obj<>endobj +111 0 obj<>endobj +112 0 obj<>endobj +113 0 obj<>endobj +114 0 obj<>endobj +115 0 obj[110 0 R +112 0 R +114 0 R +]endobj +116 0 obj<>endobj +117 0 obj<>endobj +118 0 obj<>endobj +119 0 obj<>endobj +120 0 obj<>endobj +121 0 obj<>endobj +122 0 obj[117 0 R +119 0 R +121 0 R +]endobj +123 0 obj<>endobj +124 0 obj<>endobj +125 0 obj<>endobj +126 0 obj<>endobj +127 0 obj<>endobj +128 0 obj<>endobj +129 0 obj<>endobj +130 0 obj<>endobj +131 0 obj[124 0 R +126 0 R +128 0 R +130 0 R +]endobj +132 0 obj<>endobj +133 0 obj<>endobj +134 0 obj<>endobj +135 0 obj<>endobj +136 0 obj<>endobj +137 0 obj<>endobj +138 0 obj<>endobj +139 0 obj<>endobj +140 0 obj[133 0 R +135 0 R +137 0 R +139 0 R +]endobj +141 0 obj<>endobj +142 0 obj<>endobj +143 0 obj<>endobj +144 0 obj<>endobj +145 0 obj<>endobj +146 0 obj<>endobj +147 0 obj<>endobj +148 0 obj<>endobj +149 0 obj<>endobj +150 0 obj<>endobj +151 0 obj<>endobj +152 0 obj<>endobj +153 0 obj<>endobj +154 0 obj<>endobj +155 0 obj<>endobj +156 0 obj<>endobj +157 0 obj<>endobj +158 0 obj<>endobj +159 0 obj<>endobj +160 0 obj<>endobj +161 0 obj<>endobj +162 0 obj<>endobj +163 0 obj<>endobj +164 0 obj<>endobj +165 0 obj<>endobj +166 0 obj<>endobj +167 0 obj<>endobj +168 0 obj<>endobj +169 0 obj<>endobj +170 0 obj<>endobj +171 0 obj<>endobj +172 0 obj<>endobj +173 0 obj<>endobj +174 0 obj<>endobj +175 0 obj<>endobj +176 0 obj<>endobj +177 0 obj<>endobj +178 0 obj<>endobj +179 0 obj<>endobj +180 0 obj<>endobj +181 0 obj<>endobj +182 0 obj<>endobj +183 0 obj<>endobj +184 0 obj<>endobj +185 0 obj[142 0 R +144 0 R +146 0 R +148 0 R +150 0 R +152 0 R +154 0 R +156 0 R +158 0 R +160 0 R +162 0 R +164 0 R +166 0 R +168 0 R +170 0 R +172 0 R +174 0 R +176 0 R +178 0 R +180 0 R +182 0 R +184 0 R +]endobj +186 0 obj<>endobj +187 0 obj<>endobj +188 0 obj<>endobj +189 0 obj<>endobj +190 0 obj<>endobj +191 0 obj<>endobj +192 0 obj[187 0 R +189 0 R +191 0 R +]endobj +193 0 obj<>endobj +194 0 obj<>endobj +195 0 obj<>endobj +196 0 obj<>endobj +197 0 obj[194 0 R +196 0 R +]endobj +198 0 obj<>endobj +199 0 obj<>endobj +200 0 obj[199 0 R +]endobj +201 0 obj<>endobj +202 0 obj<>endobj +203 0 obj<>endobj +204 0 obj<>endobj +205 0 obj<>endobj +206 0 obj<>endobj +207 0 obj<>endobj +208 0 obj<>endobj +209 0 obj[202 0 R +204 0 R +206 0 R +208 0 R +]endobj +210 0 obj<>endobj +211 0 obj<>endobj +212 0 obj<>endobj +213 0 obj<>endobj +214 0 obj<>endobj +215 0 obj<>endobj +216 0 obj<>endobj +217 0 obj<>endobj +218 0 obj<>endobj +219 0 obj<>endobj +220 0 obj<>endobj +221 0 obj<>endobj +222 0 obj<>endobj +223 0 obj<>endobj +224 0 obj<>endobj +225 0 obj<>endobj +226 0 obj[211 0 R +213 0 R +215 0 R +217 0 R +219 0 R +221 0 R +223 0 R +225 0 R +]endobj +227 0 obj<>endobj +228 0 obj<>endobj +229 0 obj<>endobj +230 0 obj<>endobj +231 0 obj[228 0 R +230 0 R +]endobj +232 0 obj<>endobj +233 0 obj<>endobj +234 0 obj[233 0 R +]endobj +235 0 obj<>endobj +236 0 obj<>endobj +237 0 obj<>endobj +238 0 obj<>endobj +239 0 obj<>endobj +240 0 obj<>endobj +241 0 obj<>endobj +242 0 obj<>endobj +243 0 obj<>endobj +244 0 obj<>endobj +245 0 obj<>endobj +246 0 obj<>endobj +247 0 obj[236 0 R +238 0 R +240 0 R +242 0 R +244 0 R +246 0 R +]endobj +248 0 obj<>endobj +249 0 obj<>endobj +250 0 obj<>endobj +251 0 obj<>endobj +252 0 obj<>endobj +253 0 obj<>endobj +254 0 obj<>endobj +255 0 obj<>endobj +256 0 obj[249 0 R +251 0 R +253 0 R +255 0 R +]endobj +257 0 obj<>endobj +258 0 obj<>endobj +259 0 obj<>endobj +260 0 obj<>endobj +261 0 obj<>endobj +262 0 obj<>endobj +263 0 obj<>endobj +264 0 obj<>endobj +265 0 obj<>endobj +266 0 obj<>endobj +267 0 obj<>endobj +268 0 obj<>endobj +269 0 obj<>endobj +270 0 obj<>endobj +271 0 obj[258 0 R +260 0 R +262 0 R +264 0 R +266 0 R +268 0 R +270 0 R +]endobj +272 0 obj<>endobj +273 0 obj<>endobj +274 0 obj[273 0 R +]endobj +275 0 obj<>endobj +276 0 obj<>endobj +277 0 obj[276 0 R +]endobj +278 0 obj<>endobj +279 0 obj<>endobj +280 0 obj[279 0 R +]endobj +281 0 obj<>endobj +282 0 obj<>endobj +283 0 obj[282 0 R +]endobj +284 0 obj<>endobj +285 0 obj<>endobj +286 0 obj[285 0 R +]endobj +287 0 obj<>endobj +288 0 obj<>endobj +289 0 obj<>endobj +290 0 obj<>endobj +291 0 obj<>endobj +292 0 obj<>endobj +293 0 obj<>endobj +294 0 obj<>endobj +295 0 obj<>endobj +296 0 obj<>endobj +297 0 obj<>endobj +298 0 obj<>endobj +299 0 obj[288 0 R +290 0 R +292 0 R +294 0 R +296 0 R +298 0 R +]endobj +300 0 obj<>endobj +301 0 obj<>endobj +302 0 obj<>endobj +303 0 obj<>endobj +304 0 obj[301 0 R +303 0 R +]endobj +305 0 obj<>endobj +306 0 obj<>endobj +307 0 obj<>endobj +308 0 obj<>endobj +309 0 obj<>endobj +310 0 obj<>endobj +311 0 obj<>endobj +312 0 obj<>endobj +313 0 obj[306 0 R +308 0 R +310 0 R +312 0 R +]endobj +314 0 obj<>endobj +315 0 obj<>endobj +316 0 obj[315 0 R +]endobj +317 0 obj<>endobj +318 0 obj<>endobj +319 0 obj<>endobj +320 0 obj<>endobj +321 0 obj<>endobj +322 0 obj<>endobj +323 0 obj[318 0 R +320 0 R +322 0 R +]endobj +324 0 obj<>endobj +325 0 obj<>endobj +326 0 obj[325 0 R +]endobj +327 0 obj<>endobj +328 0 obj<>endobj +329 0 obj<>endobj +330 0 obj<>endobj +331 0 obj<>endobj +332 0 obj<>endobj +333 0 obj<>endobj +334 0 obj<>endobj +335 0 obj<>endobj +336 0 obj<>endobj +337 0 obj<>endobj +338 0 obj<>endobj +339 0 obj<>endobj +340 0 obj<>endobj +341 0 obj<>endobj +342 0 obj<>endobj +343 0 obj<>endobj +344 0 obj<>endobj +345 0 obj<>endobj +346 0 obj<>endobj +347 0 obj<>endobj +348 0 obj<>endobj +349 0 obj<>endobj +350 0 obj<>endobj +351 0 obj<>endobj +352 0 obj<>endobj +353 0 obj<>endobj +354 0 obj<>endobj +355 0 obj<>endobj +356 0 obj<>endobj +357 0 obj<>endobj +358 0 obj<>endobj +359 0 obj<>endobj +360 0 obj<>endobj +361 0 obj<>endobj +362 0 obj<>endobj +363 0 obj<>endobj +364 0 obj<>endobj +365 0 obj<>endobj +366 0 obj<>endobj +367 0 obj<>endobj +368 0 obj<>endobj +369 0 obj<>endobj +370 0 obj<>endobj +371 0 obj<>endobj +372 0 obj[327 0 R +328 0 R +329 0 R +330 0 R +331 0 R +332 0 R +333 0 R +334 0 R +335 0 R +336 0 R +337 0 R +338 0 R +339 0 R +340 0 R +341 0 R +342 0 R +343 0 R +344 0 R +345 0 R +346 0 R +347 0 R +348 0 R +349 0 R +350 0 R +351 0 R +352 0 R +353 0 R +354 0 R +355 0 R +356 0 R +357 0 R +358 0 R +359 0 R +360 0 R +361 0 R +362 0 R +363 0 R +364 0 R +365 0 R +366 0 R +367 0 R +368 0 R +369 0 R +370 0 R +371 0 R +]endobj +373 0 obj<>endobj +374 0 obj<>endobj +375 0 obj<>endobj +376 0 obj<>endobj +377 0 obj<>endobj +378 0 obj<>endobj +379 0 obj<>endobj +380 0 obj<>endobj +381 0 obj<>endobj +382 0 obj<>endobj +383 0 obj<>endobj +384 0 obj<>endobj +385 0 obj<>endobj +386 0 obj<>endobj +387 0 obj<>endobj +388 0 obj<>endobj +389 0 obj<>endobj +390 0 obj<>endobj +391 0 obj<>endobj +392 0 obj<>endobj +393 0 obj<>endobj +394 0 obj<>endobj +395 0 obj<>endobj +396 0 obj<>endobj +397 0 obj<>endobj +398 0 obj<>endobj +399 0 obj<>endobj +400 0 obj<>endobj +401 0 obj<>endobj +402 0 obj<>endobj +403 0 obj<>endobj +404 0 obj<>endobj +405 0 obj<>endobj +406 0 obj<>endobj +407 0 obj<>endobj +408 0 obj<>endobj +409 0 obj<>endobj +410 0 obj<>endobj +411 0 obj<>endobj +412 0 obj<>endobj +413 0 obj<>endobj +414 0 obj<>endobj +415 0 obj<>endobj +416 0 obj<>endobj +417 0 obj[373 0 R +374 0 R +375 0 R +376 0 R +377 0 R +378 0 R +379 0 R +380 0 R +381 0 R +382 0 R +383 0 R +384 0 R +385 0 R +386 0 R +387 0 R +388 0 R +389 0 R +390 0 R +391 0 R +392 0 R +393 0 R +394 0 R +395 0 R +396 0 R +397 0 R +398 0 R +399 0 R +400 0 R +401 0 R +402 0 R +403 0 R +404 0 R +405 0 R +406 0 R +407 0 R +408 0 R +409 0 R +410 0 R +411 0 R +412 0 R +413 0 R +414 0 R +415 0 R +416 0 R +]endobj +418 0 obj<>endobj +419 0 obj<>endobj +420 0 obj<>endobj +421 0 obj<>endobj +422 0 obj<>endobj +423 0 obj<>endobj +424 0 obj<>endobj +425 0 obj<>endobj +426 0 obj<>endobj +427 0 obj<>endobj +428 0 obj<>endobj +429 0 obj<>endobj +430 0 obj<>endobj +431 0 obj<>endobj +432 0 obj<>endobj +433 0 obj<>endobj +434 0 obj<>endobj +435 0 obj<>endobj +436 0 obj<>endobj +437 0 obj<>endobj +438 0 obj<>endobj +439 0 obj<>endobj +440 0 obj<>endobj +441 0 obj<>endobj +442 0 obj<>endobj +443 0 obj<>endobj +444 0 obj<>endobj +445 0 obj<>endobj +446 0 obj<>endobj +447 0 obj<>endobj +448 0 obj<>endobj +449 0 obj<>endobj +450 0 obj<>endobj +451 0 obj<>endobj +452 0 obj<>endobj +453 0 obj<>endobj +454 0 obj<>endobj +455 0 obj<>endobj +456 0 obj<>endobj +457 0 obj<>endobj +458 0 obj<>endobj +459 0 obj<>endobj +460 0 obj<>endobj +461 0 obj<>endobj +462 0 obj<>endobj +463 0 obj[418 0 R +419 0 R +420 0 R +421 0 R +422 0 R +423 0 R +424 0 R +425 0 R +426 0 R +427 0 R +428 0 R +429 0 R +430 0 R +431 0 R +432 0 R +433 0 R +434 0 R +435 0 R +436 0 R +437 0 R +438 0 R +439 0 R +440 0 R +441 0 R +442 0 R +443 0 R +444 0 R +445 0 R +446 0 R +447 0 R +448 0 R +449 0 R +450 0 R +451 0 R +452 0 R +453 0 R +454 0 R +455 0 R +456 0 R +457 0 R +458 0 R +459 0 R +460 0 R +461 0 R +462 0 R +]endobj +464 0 obj<>endobj +465 0 obj<>endobj +466 0 obj<>endobj +467 0 obj<>endobj +468 0 obj<>endobj +469 0 obj<>endobj +470 0 obj[464 0 R +465 0 R +466 0 R +467 0 R +468 0 R +469 0 R +]endobj +471 0 obj<>endobj +472 0 obj<>endobj +473 0 obj<>endobj +474 0 obj<>endobj +475 0 obj<>endobj +476 0 obj<>endobj +477 0 obj<>endobj +478 0 obj<>endobj +479 0 obj<>endobj +480 0 obj<>endobj +481 0 obj<>endobj +482 0 obj<>endobj +483 0 obj<>endobj +484 0 obj<>endobj +485 0 obj<>endobj +486 0 obj<>endobj +487 0 obj<>endobj +488 0 obj<>endobj +489 0 obj<>endobj +490 0 obj<>endobj +491 0 obj<>endobj +492 0 obj<>endobj +493 0 obj<>endobj +494 0 obj<>endobj +495 0 obj<>endobj +496 0 obj<>endobj +497 0 obj<>endobj +498 0 obj<>endobj +499 0 obj<>endobj +500 0 obj<>endobj +501 0 obj<>endobj +502 0 obj<>endobj +503 0 obj<>endobj +504 0 obj<>endobj +505 0 obj<>endobj +506 0 obj<>endobj +507 0 obj<>endobj +508 0 obj<>endobj +509 0 obj<>endobj +510 0 obj<>endobj +511 0 obj<>endobj +512 0 obj<>endobj +513 0 obj<>endobj +514 0 obj<>endobj +515 0 obj<>endobj +516 0 obj<>endobj +517 0 obj<>endobj +518 0 obj<>endobj +519 0 obj<>endobj +520 0 obj<>endobj +521 0 obj<>endobj +522 0 obj<>endobj +523 0 obj<>endobj +524 0 obj<>endobj +525 0 obj<>endobj +526 0 obj<>endobj +527 0 obj<>endobj +528 0 obj<>endobj +529 0 obj<>endobj +530 0 obj<>endobj +531 0 obj<>endobj +532 0 obj<>endobj +533 0 obj<>endobj +534 0 obj<>endobj +535 0 obj<>endobj +536 0 obj<>endobj +537 0 obj<>endobj +538 0 obj<>endobj +539 0 obj<>endobj +540 0 obj<>endobj +541 0 obj<>endobj +542 0 obj<>endobj +543 0 obj<>endobj +544 0 obj<>endobj +545 0 obj<>endobj +546 0 obj<>endobj +547 0 obj<>endobj +548 0 obj<>endobj +549 0 obj<>endobj +550 0 obj<>endobj +551 0 obj<>endobj +552 0 obj<>endobj +553 0 obj<>endobj +554 0 obj<>endobj +555 0 obj<>endobj +556 0 obj<>endobj +557 0 obj<>endobj +558 0 obj<>endobj +559 0 obj<>endobj +560 0 obj<>endobj +561 0 obj<>endobj +562 0 obj<>endobj +563 0 obj<>endobj +564 0 obj<>endobj +565 0 obj<>endobj +566 0 obj<>endobj +567 0 obj<>endobj +568 0 obj<>endobj +569 0 obj<>endobj +570 0 obj<>endobj +571 0 obj<>endobj +572 0 obj<>endobj +573 0 obj<>endobj +574 0 obj<>endobj +575 0 obj<>endobj +576 0 obj<>endobj +577 0 obj<>endobj +578 0 obj<>endobj +579 0 obj<>endobj +580 0 obj<>endobj +581 0 obj<>endobj +582 0 obj<>endobj +583 0 obj<>endobj +584 0 obj<>endobj +585 0 obj<>endobj +586 0 obj<>endobj +587 0 obj<>endobj +588 0 obj<>endobj +589 0 obj<>endobj +590 0 obj<>endobj +591 0 obj<>endobj +592 0 obj<>endobj +593 0 obj<>endobj +594 0 obj<>endobj +595 0 obj<>endobj +596 0 obj<>endobj +597 0 obj<>endobj +598 0 obj<>endobj +599 0 obj<>endobj +600 0 obj<>endobj +601 0 obj<>endobj +602 0 obj<>endobj +603 0 obj<>endobj +604 0 obj<>endobj +605 0 obj<>endobj +606 0 obj<>endobj +607 0 obj<>endobj +608 0 obj<>endobj +609 0 obj<>endobj +610 0 obj<>endobj +611 0 obj<>endobj +612 0 obj<>endobj +613 0 obj<>endobj +614 0 obj<>endobj +615 0 obj<>endobj +616 0 obj<>endobj +617 0 obj<>endobj +618 0 obj<>endobj +619 0 obj<>endobj +620 0 obj<>endobj +621 0 obj<>endobj +622 0 obj<>endobj +623 0 obj<>endobj +624 0 obj<>endobj +625 0 obj<>endobj +626 0 obj<>endobj +627 0 obj<>endobj +628 0 obj<>endobj +629 0 obj<>endobj +630 0 obj<>endobj +631 0 obj<>endobj +632 0 obj<>endobj +633 0 obj<>endobj +634 0 obj<>endobj +635 0 obj<>endobj +636 0 obj<>>>/Annots 19 0 R>>endobj +637 0 obj<>stream +x}SMsÚ0½ó+vr"3‰±lÇN%iK;“4´8ÓK.²-ÀÔ¶\I.åß÷I6Ði‡Á kwõ¾ôsÀÈLJÑ8 0¦¬Ü%ƒÑÇ[ +|JV؉Ȓœ|Ï÷ñ&.gw3Z(¹™¡÷2k+Qn +Y_&[×ÊÐa[¯Ç¾7Asߓ^ْÉÓèæ†a7šŒñ?ÀW ZuaìÅçg¨¢Û؍>⚥Ú(ž™DLŒõ ‚‰X\znrnDWõ5CšÒ£¬iÖ(‚þd§AL÷Ë*ø­™ ö¬ÃdShJ¥üAøå”ɲ„ OrEŸž¾'Oxç"'#iÉ«”S~ªÉ_B‘ÙÚ ®´GŸÉ¨½-µn¡‚ÙpC¼,ûsYØáçØÊZ¥ ö¥­!-+aŠJh7́)¹ZcøV¦v +Ղ¡4ÀeXV¼€UEí%8¿’PD‰  ˜tÏÁ€ =»ó é€õÄìãÛ|À˜•!bä¯(`cë¡[•´´Ùñ±¼9óæÀ߁Há³lëœÀÒQ´“g¨5 7Æ4ÓÑh·ÛyÚ +èIµ½­u ¶ÿ‹7Q¼ †¯x.JÁµ -p`ë̇\òH"Ÿ!m/·80ù ¸ùªOïÃV(µ÷ +ó(=÷þ,DYÜå±iÊ d¸€·êc2ÿòLsQ ÅKZ´iYdôPÀ4ÐzÎ/—ôj_Ê3d²ÙÛ4"dý¹‡¡Ù5â°¢ÎÊÖÆtW˜“° «–­ÊÄ RqjSôj ¬¯Ë ãîÒõ×:Œ&. ×;¤nõAÃèö,,'æ¯ôÊYߣ֣uSzæ·;Îàø@NîèýF ÏWäÌéÍþ:ø®c´endstream +endobj +638 0 obj +652 +endobj +639 0 obj<>>>/Annots 22 0 R>>endobj +640 0 obj<>stream +xV]sÛ6|ׯ¸¦‰:cS¢>,Éov§NóÐf륏 Š¨H€À(šéïޑ´å4êԏeK{»{ þ5JiŠŸ”V3šßPVî·£ÉÆfSÚøæfµ¦mNÓd:Å'Ùø§R5Q{JúÅ):zoCTUEÊæ´Õ!Òãݯ÷w?nÿ”:颫s=O“*Ó[£nhzKµÊ)–šje©Q{º} JÓ~ßlÅ»¶çk(7!z³k£ÎéhbÙI™³QKT¹ÈÔ]´[8œ¢"h©«†ïu¤“k ð=*%Dï þ€!Lé:w€sgßF:Xt[v{Fý„˜ñ[ŠþD\­ciìž*sз]/`÷©—›täã¨û*í¿[®¹f¨wy²¦¿©v^˺Ÿ·#¦_4ïøïã»Ñl³J6´\ඦùf“Lûw=v">“¸\αì\Æ큷õ™ª˜#_«hœ%…ƒg,Ó žhwU½StÔ; +&ê+¡é%.¿§1•16·“ÉñxLïHœßóÚmHCXŽ¿´\ÌñºX¯ð:Ã/N/öYN7¢Æ³a§ÞGé-Ý·¦Ê™wöÒ½±Ê›ËVr”³L¸¢ÂxÖ·Ðïö^Õ½8ËAœdcfßözLfÇ°–ì숄/½Î¢ó§„¶¨O¡tm•“j£cj3Œ \òTM|6ZÇ/d`zrö؄¦Â)D]'½=©TŸ4µ¶ ­ªˆ¬Öy`VÌ\«\J}u>ûŠ½sñû/mxÞéõµÌIW`hc1ë=ÜQ‡S‚Ötäá +Î ¹†]NGk«v•Æxm¤þ¬³–Ûz´ZôE,2ÖÆ2j‘c×; ¡6Ódâ[hÑf°z@tԍ©ào‰¨èÙø¿d1"è/áwø闼&a‰ig%öú£>á5`^Ú:Gžó§ ßÄæPdõEe„úëu*3ċÌüæD,øÆHêJê´ P™Ç@a"õ'ãÚ@Ÿ´Mœêݜ°pµÙ—Q²–í.-1ÏÃì0xý.¹TÎ5^ª!þÙi$Uõp§(z“ È86j˧w"‰]öŽv*;ð±]r|“o¥o íj/“ÖSUܵœ`C‡  +w¢BLøïøØ.k)­‘šÿ¬›…ÜIçÁ:ïƒuvË#K|¹›ºq>*‹)ÇÕýoQ咾‹(ŒÄ^wiÔ"^ ³’ßú «P‘€EÔ€Äìyʽ±Ù …h궒ìK蝎‚L³çÇ ¶Þ0†3M‡Qñb žh¹ŒMë Êâq!;œ®ð¡#‚sÞïM'ÉP¤DÒ×"®{èò¶¯sÈ¥†šp¨¤M—»râÁ4ì,N~°$å&ë³û%×ð«¢ëi²Áƒ?:õÒþ>úµ¶è!endstream +endobj +641 0 obj +1091 +endobj +642 0 obj<>>>>>endobj +643 0 obj<>stream +xV]oÓH}ï¯¸Ë A¢ÎG“4©´ÀªÛ¦ÚEtµÛc{¨=fÆ-ù÷{îŒÝÓò° BZ_ßÏsνߎ¦4Áß)ÎèdIYsôrsôzs4IV+ÚØ?Lh¾^&+š¯Nñý”¿ZIl'ðqÿÑÙ.WëdÞÙÎ`Lá|üfMÓ9m +„].ɒ6yx{B›l4Mæ ]z¹¥“3ze¥ð’|%É5)eFªl­ðÊh*T-“g›¯p8§é4:<žÂÝhSI„øçD³­å¯:R:x–߃‰#rmš++3o쮚+ç­J[™Ð9lÊR:O;Ó¢"‘³‹†³˜Ðñô$™qô ‹¶®wäL0̄&'%Uæ.„4[vç¨4äM)áÂr<ÚZ‘y•ItÖ\vƒ7·¢D—%Qׇ¯‡âv¶DŸcÑä—‹üZÇ)G‹¹uV>”¥Ú”˜£$cûT;T< ¥>!áÂÙ FŒº}0éÂd¢pœôÁð ¡¾ÂãKѤ‚”.,r*"X^^|üëòüÃÛÄ÷ƒÀ \z¡jwý¬E‡™}T~0~³è˜4j¡´óèP|ԓl„ƈÚøþ9:DÑBˆ8]¦ëðÕ@Zú òh)ACYä¸òÄT±NÖ¨ˆ_;@ö{NƵ 3ÓnÛÆÆô1‚ô|ß%mkÎc·•™*bEºòdϜÓ0Ïë³/—…hkԉ‘ÂtÍM—YOuî-R‡ïãqëì¸6™¨ÇH)ãZ¥ãA”ëgC +¿»Æ N¥á¹‰B'RƒŠÌZ«<4Ez๠œ%u$"W±âÿÂIp¡`XBa¸“µÔCd\}8ÿûßËׯ®.Î7Ÿ9!Ÿ þ:™­ïµþ1ýž­‡ê½èÔ{~F›N'm§BqNUäñ ø ʹç(7[c½ñîyôüZ(èVÔ*çn˜"ÀfØ~ޏ°c.7¦ÏÒkJ+š„è¼ØÿÖ¶Ú &þñ' yê5DH©6"Ì:^;,‹‚"K:ËRÝb'i’Öò˜¥sö!öPGO(4ïpŸSî8ÍsF‹K.• `Mr#‘HÝÛ, 2ôã„дብ[Ô/»Ã0ƒŒº+&¡ Ë3o#•µµÝY†0ˆ°ŽVR€9ÊØÃÇI¬¾_¸F¿±y”¬ˆ‘¸é˜‘šï Ý |•s¡‡apa‰ +v°:6hU#à\䷐>¥ !9vå~T ËA£Äf?#~t )¸ 1©Y "œAv_€ƒIÇã]AMVº­Š\­ÊÊ㎠Ëà[«²ü€–·J+¯D8íº£…EàI‡ò½˜?ÂöU·£§ËӄÏ~œÝ÷÷å‹÷/_Ð'k¾â ±âÞ‹ˆs=ŽoÇ×þϵ>_M’5N3öuúóè?Å¬endstream +endobj +644 0 obj +1435 +endobj +645 0 obj<>>>>>endobj +646 0 obj<>stream +x•WaOã8ýί¸×ÕÒ´iK[¸O¬v¹Cºe9èiµÒJ'7qZC÷l‡¶ÿþÞØM[²ôX@ +E±Çã÷Þ¼™þ{S¿1zÔRR}˜}šu£ñ˜v3Ã?]÷¢1 Æ#| ¢I–â¿áîM¿ ÄÂKÄß>§suNñ€&ŽŽñ!õï»4IZq4Œâˆî\Й¸Àaœ*g”]*¥K£D—Ù»ÉÃQçj@qâ´{#ÄiÝ|™|ú&sd¥ó\/yçRå9M%¥*ˤ‘¥#•­uE••ts}OÚðŸ÷ä4YgÔ´r2%+͓J¤¥B,lÄ'v©ÝâÖ8éO­I8Žc(d}6­ŽtI§Þý<ÓVDôuŽ}ÊR*3\(å( mÅýóŽK]gTj7çä÷–‘›Ë’DŠ ”c#r“U܏zœ6ًpb¼‡Í&g 7UÚ¶­-©>íyz{´ªP¹0ùP¬uªtáa³s]å)Íœ$Q5kŸÌë'—¶Žtðܹr$Sõ?Ð’A é ä–ÚcdÉêB(.`¸¨K笝œžN©ñ³d!EAàÜ,Ò3Z;êTÖtrˆ¼cE1©*;¶˜B=ü¨éA1=øTXҙAx†ø•à%Çõç¶q‘¾/–¿\‰Ä‘]—N¬Hg/*ô0ŒOÂ(è~*ÝRBsU©VÒFTkB$èSÏ=¯Tå^m’WŒ¨ï¾‘æ¬R©lV×+Šm!‘çtÔÅÒâ𞺠Xÿ,úÞB0›¼/•Æ&ÚÈïï8€ÊÏÖâ7]5ò,* ý©p=–Დ4–“7ƒÃPÃs +á…) ‚³Y®ý2P_J,.×à‹ +뫱kè6‚HlhŒ ¨ÒI“ ¸× é…Sš bMz÷äµv!•­ýúë[®#­m€ÁõÜ aYEÞìv¡#º«jÀÏjóSû³šj‡FiÚP10_öÞT—¿:zD-ђýÓž-ÒDØ»Ž?ðpt®êC`Sµãq%4 +¢a7—@¡`¯8Ä ]rª§‹§L¨Ü a“تü^­L>>>>>endobj +649 0 obj<>stream +x­V]OëF}çWL¥V q’‡J÷SºÒ½Ð6iQÕôaco’%ö®ïîÈ¿¿gvíKH€>´ ÀÁö̙3çÌìדõñ= qJç#Êʓ·ó“ÞÇ! 4_áÎh2¦yNý¤ßïÓ<ëÌ mUQòä¤ÎIďN­µ(ÈòI•5™tN::ß"ÜE®Cº\æñmŠ „9xÎ?–ð#}ꦣdD«ëù‡)}ZÑÎÔT;Ïþü}HÎï +IJ3ĝó²ä[šÂƒ¥ØQ¡¶xÚPa̖„ç»1=xhªîΓ”³ÈQV…t=wg‡]ç…õuuX€Ë¬ªÇP)z&Ê¥ Ò+AŽ$Ôða~6it>JF4œŒqâÇJZEò/i€ +ùý4™<¡ŒšyYÑhJsËÅ8¯ô:Tï6‚sq'T!–àÀh.ÚZeï¤=ª2åÞv~lØ´]ûY¡¤öÔýÜÜ;oã¼eC[ÛɽæüÅYÝÆÔENkéi)2PÀ’YáÎ1Ј4MÚ¾æFÿ¤É™Rú —ªˆÍŒµ2óÅ®‘EÛ0'Ñ „èÊx–Dh/^àwMN™Ð$ +gh)Y39÷ÌII÷ü`ƒŠ€í)‡ +±ôYè/B‹5.#;î õ¢ãêlCÂÑÍêf½8=Tl£Õlc äŠô– +y' Èj«ü.ê”õÌ2])ø"–eå×Z:S%œ»76G+¸ÐÚ=»’ÕÀQÅÊÀÊ µâö3v‹%E…´ í‡F®5¤i,åÒCX.¡E‡12ñÿ,¤g?5É["ï8¯ý¸‡íyÞª×T^A°Ý?~jÇHfJÈX˄æô1T© Ê5vKøè7¤îF†¢zÜâ”ëh|6¼¸ÄÀxÝgÃô^ÜsƒdÒøl}–­¡7’2‹µV"q{ä_­ßxôU¯ÇVmÕ\‹Ê^¶Ø|W©LEPMÓдué~¨ÃžÞWÂ\»˜ÉלNÐ÷WiŒ»¢€Ib„Ç!þÜtF{ZY}Gñ| ˜#b\´¦zFê ©7âNBnp²+½'ٖá0$èÉê°º•*X+˜ŒÌAtY(RÅMq[£È_ÐßÌ÷û/H©b¸6ËÄòzü#|Òì Šeȅ€—X*¬¼€¯0kÔۀ»+‹‚™üØ$¿«äôR»_™Û½^ÈÓ ñ8@c†t’b¯½n†t8 öqç’ËÆ “#3¬¬)áð÷׳³0öð[éˇðçj~Fü1ݞ1fsöYçzÖKÏHú,I’'jGœ¸“¥©up^®ÜóG®_&åÝt±¸ùtõþúf¶XüÒH÷ûfÓØE|Vȧ´ÀWœ,xÍú‹tïãhŒ¤²Xé˜ÿ†¢òƒ)㨌)ž˜Omë_¯2 Äþ(dPþ‹½“…\ZáåA¶á8‡i hY¯q©Œõ?ìig„™ø¬t&ÍÔŒÆ $qNÜ;0ÎÞ|yû†~µæ.£÷&«Kœ,ŽƒCüV7¾ÖùÏç›á¤Ÿ\â܊sÍ°ÿÛÉ7ã7endstream +endobj +650 0 obj +1189 +endobj +651 0 obj<>>>>>endobj +652 0 obj<>stream +xWÙnã8|ÏW4ò²`+¶ã\ƒ=à\‰'3öÂX /´DٜP¤G¤âø﷚”r(³‚ŠE²««««é{êãg@§C::¡´Ø»˜ïޜÓ`DóoNÎðQ?é÷û4O;ƒdÐOh±ž&9Í×ʬ]Y󋧅-ÿ8˜Çþ qoxŠý¬5ÖójÚb™#a2Úيœ¥'o‰_>Òþvmi[Z/‰?q´QZ’Íɗ­÷ñ™44!W­VÒùpBfqˆÜАÄJ(CœÍ0úÔ%CÞ<WZ‡M©Ðevk’zåð$áD;sÀÀ +µZ{*¥È8(åŒãj2þ<ý2›ÌÿìC +üŠnÆ_fƒ·‰R‡q¾J#`_îÂ!…Pš)Ð +ØmÙiäÖ­J[m‚¶ö‘ Ÿÿíz|uwM¹-)“G¸‡ƒ„f¢X +Z GK È $M¥sy¥õ;Á«Ö2#ÔɯmåÀ‰còÒµ£":ÛªLvÉY*Än‰¤œ-¤5’¤v2„Y«ÀwI›Ò.µ,Bþß>É2ÅjR>¡¿ÀAj+ Ó*ìæ$‹E+*#á»TZ +p¥œ«d@É;'Ø˺]¥ES¥\=‡ãL÷·×ãÙ59 y'AÕ&H:Š ™e6­ +i¼ðʲ\À«³U™JÏ$T؞-ÌF¢îY:lÜr‘s…@ †¤pJ– ñ†ëùú…Ž‡§ÐÔèìÏCüBy»½FçGÉÉÇ$t¥ÄÊXÇr¹„‡²ý¼·Xykñ„ÄÂÇÔjR9ÓµBV6à;¼ALJþ켗4ƒ Ð Œ±tm̓«ÒT?T¤Ntt|œœýW¢CnĖ !ãÔn$M®þ)¹‹DŸ‹JûZñ܃–ZÀ.\½;a'r¨¸0Ž…š¼D‰ zbŸ±©¨ÐuA”ªwg´ê<¹J¨éhX·ÔV˜àS,h33½÷"É\ˆ 2Ýæšè)ú5Àýì&(/M±Ìº­ØŽ? ÍExLµ‚T79Ý_º¡ ’©Š—Þ³fØ- ¤ [. +Êg†Ѯ耶K6lº·Å= ÐWñfÂÙÇò%t¹¶Qà :ö6µšnå“ÔïųŽ“bŽ…³» ÖY\ÌS(¡eêN­Ê¬ *µ(\µÙØÒ;:ïòË·ënø{ûç¬K·ãéÝx:h³?Æì@O烶Ñ;ƒ?¥œ‡¤-ÛB!žUQ¯Áp €ώɽ´ +™¤ÖäïsÂڕ/"GÁG=\+øÁ‡–<ü¸ÄLë“À?…ønKåw/ßÎdbÈêL–·v0¾à³qˆ°háúÑAr[Ֆf$ €e̔2™±V…ŠÊ”Y÷¶¥æ Á ÑÂ:®X˜V°m™A‘!=c·ØëÆâ£ÄŠpcŠ:Ûxaޛ¦œŠ5z׊[J [Ý ²'´®XÁ»0ÿš"¯@Í,†1a—.­àÑèw¶÷E¾X¡ÄÒÉò æ˜NXÀ!áz*kÒ0°Q°F»]FòyNA}£AªŸ†¸„jc‚@Á£wC¯¿„a€Èm2¤ÓJõ/ºÄI¤œ+³öÆsö›SÀ/:î·ýÆz4äⵕÂrdòÞ0‡œ[Âü5¢g +I[vܒŒ(ÃVùu#8˜Ã •«O¯–ÖnÄEíÕÓ9êTþ=?æ{Nps?›ÉxŸh:ꡃU€k*Á¤¡ÊŒ¦`ÆêËR;½).—ŸhþÚ³›RÁÚT²âⳏ4TrS„ ÿªÉè¶ÑÖç—÷‡“{By¹ ›1Õ¿U©¨€ «„n€1 ›Š—G-y†O¥_ÊJµÏåkZbO¸WBf?nM+räv¸$ðκéXÙU!–è7µ¾¬VªÃ›³úv089Mønð³ñÝŘ-ü;<7þ7w(Ž×‹‹{§C|MÈþ×ׄÑY?9ÇW ,?æ#p›øº÷7¡‚ñ¡endstream +endobj +653 0 obj +1513 +endobj +654 0 obj<>>>>>endobj +655 0 obj<>stream +x•WßoÓH~ï_1êË©õ%iš–RZtèhË5©mì5Y°½fwݐÿþ¾™]‡`¸“N)µ½óã›ï›™ýz0¦þé|B§3ÊëƒËåÁõò`”hvñ4›Òôâ¿'øï4•üú÷Oi<¥e‰ƒ³³³lF˂p`4¢e~4ÎÆ£lšÑkgš`šOT:[ӛۗS°¤èyetèõó'ËÏ05¥ñ8š:™œÃÐÑÒRç5>lـvÖ*ñ¤•©ÔªÒôhÞûzu²R^D^»G|)žuùFkëmmGSUÔh|÷¹­[ a­ÙýˆNƧلÝÂZ#kýäTÑ{œÆ‡Íî´i|P°†‡äsgÚ@tˆƒéaF÷ZÁ ^ò‡®Ëƒ± ~s¤ò •ÖQmÝÐw¡Ró¥˜&3àÎP¬50çÔ+ÏÐ-Þ/ޒ[$Ü 6…Õžê._SŒL՜ CŸ#Z$ÞûÏüÖ?fô2‡.¿©ÏØ}ªýÙì ÿïڟŽ»AíÏ2zeó/ðÿ/¾kP^§mÖA{[ë`jä+TÞSp¶ã2#ñ*’ÈP¬ +KaÛâ”-û¯“ݾæ+MÔjìk`±Ú27—‰3d*[àïÐéܺ¢·t8 I  Ú ŠB‰0àljN5Ÿ4G²Ú„„Ò+²-T‚t‰/MÁΘ)‡…n¶àD¡ý!€éœ•ounJ£‹ŸüÖkÄØö›û2@šµ‚sYÐÈŽB/[¢Â”%8=Šv~Ì>xgšùfôV;F{B†ƒÀª^)Zi€¬Ñ+&´V(ŽC +,;4gÛ¨`ðœÊ¼ ÕÃÑÓ¨UÐ2èZØÊ_›º­tÍAAŠ¨¥¯ÊÀ÷J‡.ßs‰ÑÄê îåùæ +:¶,èPvUµ… *:g Qœ)$#1¼Änôõ*UþcÕ(Áԓ.…'€ÄáEbIײ×É‡Ó ¡+L>̦ÇTh´`å¢q0`‰at·xž¥Ñ%‰àrò]ÛZüž#^<±«qF à+Tg0Zë½a©!’A•|É:‰¼vúk§ý0mµ²(e4 + ¡îÌ\éŒ_»zäÚÁïà ¨ *^ò79¤ “èeÇßs¡ÏZ:z¥ƒFÜà©àḈ?á|µeD,ŠTC,I ÐdͦÚH¹¤®{EH0€þkÕ¢N°¥’çæºÜEýN•cŠ™¬‘Π!sð‚$AOÍÀ{² ò샜ö…]'u€‘žÄ@Ð3åÑÌ$-€¾Q۟„þò`öùµíª‚òµFËâÄɂ0Q»Ä*ز€=ðß8TxŽ0%cëÉÐDp0t3ã¾1a=Ì`BÚSúÆ:¸8 NmTœÔødBvÚǾH®Í3Ž¬y%jâXÕ<×UÛÜÑ vyå¶ÿ +‚—iФ¡².xUÌ{4Aðµú:Æ1#yî ` øx-0“ù>iŒ8S :.{Bé°F\n¡ëRuºH¤„H•ï\ò¼ámCk+“)œÿ‚˜Ù”Œ­˜Ò1­:(¸äífàÝ뀅DʾËémãli(_Ö¡ïYGô»& +üÿ‚?­&¼qe3)Œ—½ AFìðĺ•Ä‰À^ûWÏЍ±2IoFu1!Е…«ȱFݘ jØx +ÛüúN·KDŽ/dì#ч#Ï+3¡ÀꞀIMbŽ½1£”:ˆzuè\ƒŽ‚a¼·N 0f-ˆô ä¯v4“n!ЁâH9Ýý9Tä²Hó?¯¨¾·´à±¿HÏG ‘¨-³˜·L4iKƒlyà•„ ðe3Líjƒ½ °cì6&•³~úžM"9»ç0ø@XÕhÛù$qÌ@ Y9hÞO&–®òÒH>¯®oß¼½»½>&ùy=¿J?ßÝ¿\^c‹pñÍüÕ+É4¡”l@˜Æ¼°#ӕ©LH{ÒÀOÚq£©Ï/E°ñ¯+ŒÍôu¿9ö¼í)+4‹ûWÏÐýG‰¥‘¦œ+ JT•v¸Öêџʪ‚Q‹÷p¥ÄÍ&W̱ÝÆ}ƒY3úèq̂óÅòãâùýõǛ»«ëÀjûÛ¿¿i¥ÔÜÀ±H#24‰bXw^t¢’’߸ö• +=4êQ¢*¨Ö˜Ù[h&¶‡…£WÖØíp6én0âÊ÷««ÁEºËgçß(qÜ».æ7—s\ ígÞº®lÞñŽ'4fã'ñÔI<öÿ®‘Ó‹Qö·Qܙf)пþ'íՃendstream +endobj +656 0 obj +1764 +endobj +657 0 obj<>>>>>endobj +658 0 obj<>stream +x“_OÛ0Åßû)ŽúT¤ÕKš6i‰4¦fo¼熘&vf»|û]'tƒJC(Še+÷ïïœüš¤HøIQ,åPÝ䢜|¾Ú ]¢¬ùK¾æM…D$I‚RÍR‘&"¸‘}¯Í~zrFväÏÊGN\"MÇÄù¢àÄÙug»G#„J×592ûc¬Ah·—ÒT{£ŸÀrñÌrGh­ÝA†!fz,NöÓØ<Á<ÍÄ"6µ}ÐÖ`K4Dûî^(kj6è塶©[/bö×rÂ3"Ï2^—ë‚׿Ž#O‘¬6›¡Í ”Bà;ßÖᲑNªÀ»-…p靽o©óŒ%"­uKRüÖ¡TŠ‘³QÇÂzÀÖánÖjf~#ÇÓ}ÂV ¬;²U XyÐÌà_-üÝÙúšV¶ëˆ¥ˆ²½!~­®†D?FÆñ"áFeëí ×I÷·ê ¥â8,‡ÚEEƑ@O²ë[òì¾K°îùµ>«lõ}Ö/ÎKóBD;³[_Ùv{~sqŽ[g¹&¾XµçƒŒ6‰Yó1í}“/׉ØðŸÁ>+^œócòp›ûendstream +endobj +659 0 obj +452 +endobj +660 0 obj<>>>>>endobj +661 0 obj<>stream +x¥V]sê6}çWì#™)66ÞhÚLïL“¹í¥s_ò"ljlɵdÿ¾gå0靶sÃLléh÷œÝ³úkÑŸˆ1Í攣7£Ÿ7£i°\Òå_µÇ,[̃%%˾Ç1¾V’v¼/ÓÿÃòðéâ)mv@Ÿ/–´Éü{ Â#>`2‹‚˜ßÆAÐz/uÖ®I(ŠÚ5ñ‚Wl ©Lj§vgrIoòL»Z§N-r*dzZÙ’ÙýCD'9CR‹m.=B&Ëܜ `ò–>>D͚¨„%d¡=¨<9ÄÇ@Bg¡©,–¹Ho(xلñ¬:D¤Mnöç #bx*¾JГç$O¢PZ®ø54œÄíûQH`[“ל)0Êšý¡Õ)üUéúD›ÇÏá§Ï„„Žª2Ú§Á@ð±²1åßøÙçs Œüj+3/¹Ò±’s Bú[Ô_Ì;m+¨Ï‹;IÀœÎè€W ½aš¬óÜû7xÄb³ýÞÚ#x!†‡Î>z«•i])w&S2]ƒ“)5z§öÌ]ƒ»ƒnVÊ"—ւضˆAò Ëäく-J«»‚!aWí÷ÍÖdqÑs͙ël"r£%N¯Žè¡æ¼)*«%ÚùA¯×z ÉˆfÁ)LÐÃ}ʙ)”+d±í1[ý·sžÈÑÀIÑR\«~uÂO 0²v•Éó¼8mà½åL)AË$Á ÀÎ_®›}¶xæ¨Ì‹ŸÄÊÉåïÿRí0•Í—˜Q ÎVí·æ*“•¡E³²yNh2%l‚%ʝp€óf´lP´°ôÒXÉfÒ,ìjñ›d 5Œ¶-+sÄ4Už‹ëaÑB²5/[¼¥Ì6¶Žfp¦Ë³s•l „@µè¨¾[/Íl§R¤oÒ!G#¡©x„²©ñ`.g«@M7BÈU ¥©Q.ÎX¾ŠZc“>¨£ƒƒi[»Û +¤Â3†Oy–vÑ:MÙÈ[›êbÿàòÏëÇî7®+ƒBÌÂÎÏD³˜¶ +ùÀ#r©÷ý½¥¿ â8Mw.9/l)Q‹Ø *1Aw¦®èuœ¼ÞaÎ¥ª@æ¤köãE¥Àm ;¶g¨–AŠ×1‚,e¥Löz狙|q­Q›w%àd.=EáµMÔfX'-Bàö‹KJ.Nj ej¯péBn#¾¡ÝÊ«°S\ftÓvDÉtµ”«©XEñj–¬îç¼3|Z^®m˜€h¡ÿye¼\Òå4xhÌvÉØ0¤ßF£<öendstream +endobj +662 0 obj +1213 +endobj +663 0 obj<>>>>>endobj +664 0 obj<>stream +xWÉrÛ8½û+ºr¥Ê¢ےœ99[Uª&‰'Qj.¾@$("&-ëïç5ÀML25–7’zy¯_7\,hŽÏ‚ÖKºZQZ]¼Þ^¼Û^̓͆ú_v ,›ß&+ºÞ¬ñÿr™lÈJÊyâ˜î–ÏÞ_ÓbAÛ§¯6kÚfáùœ¶éäݓ´'Òҍ}$¥½´¹©¤ªvž +ñ$Ihúx÷†D–Yé\BwΙT /3:*_‰ásò…„+•8ÑN’Ñø±/·ß/æ4]\%KŸT >Ü·'Jœ¹ ›”£OŸ ‘”Â+£]¡8Ä¥ÔìE¿WÙ¹ÙKeI®N Ω½®¤öndXÀ®°;åb6–2åR+ÙßPš´ðµ•ÑsTä`'œJ©”O² 6ºd¥¦ªj­Òè+yñ(JN^í”ޏŒrˆ‡ }U+ùnŸˆ˜uäm_š: ü¨%¢CÀ{©¥ w­¬„ÒŽrõ r„‚§‘Áƒ°^¥u)lƒ+<» qõ"“2[…0œÔNåÖTÈsKJh±—œY:Hë2õêI&#»^_0FZŠ[LŠhŽã!uúŒ ϺT0«*†¨?ìrdÔ ¾yu{|ð (x£À¹¶F3/ºûr{‡òÔº¿\%×ÌÎ +f „sH¬€q“‚øt`yC=ð2V€ÐGZ>-B°Í›Ô”¤ªC’ˆBÈ,86¦fð•ýzÑ¢E%_°/ +¦!¸É×›Mù„HàÊyU 4'4hÂx^í­)K¬§Ý‰=enûæ~†¼b]®öµN6»@°²)Ïð/ñÞÙ{¨O“ ͤOgì_ˆ§š ›føCEò)¿L3ÜcÊdä;™t^¡Q—=s¡E8<‡JUH4k@—敁;Àuö…ÁUr’Fñª üUù)¢4¨ÊÖ<Ôa/‘» …¨ÈŽs%ˆŠ wQ ‰¾0uðó¾A;V*‚#³;kD– + i¬‚p­’¾0ð‘b¾9úööž&ߘzo…{+*jO~xɀ£09j+¡ +8‹)~÷ÎrÖriž®ŽÜ‡"2R·,þpgr”Ч³¶€T ,Ô6RΞU!»LǃSpMdõ ½Øltyú“í)”ÖQ7âÖÕ+kãßÖ/åù«óïÐ(bÙÒA¤€)J”fŒF¶ÛuÍ ^ae£?KLÀZ¢¤é³x‹lvP¿/ .®‹ÜÔ: ô&-‚ß´zžý¥týLMEBà=p ‘xÆį«ºŠÂÆuŠ¨F‘s<ñ ¼óÿŽÚƒâcl›üw¹`ÉAѝèX(¤Ǟ5£ÇÍÿ÷¦[1L͝ƒæà Y‚„r¶¹I ïuu îpˆ³n 9`x èêŒ{ˆ|Vܗ%jq,fè‚Ôhq,®öŒÁØ çxŸ„*ŮѦ0iÍéjsƒaª™«0[ïa¬š½¿¥QW7<ÇôCÔ2áOC„E³lˆì>%¬®‘'ý(6]ò(6é³ãeYƸ\ª ÷ŠÁp8m»0¬nµÓðdÀ¬ê0k‘àÞ[½w£i£âÓ5Æ0˜M–«uó°u“Ÿuƒ[kìaâ F°Èé΂EöºÂÔeCHj'˜@ÀátKØ´€b¹½z{ Ä^Æü§ƒ±Ö?jQª\aG.²Èùt˜×³hÚIówýœ=;(…YË z3JŸ˜Š_¥ÅÀÜÛ̸Â=F%Ä8JVŸúN§jÞ +íbY£.Íc’ø?14]^݀–ÿMÐå|FísŠ^ýš¢œÞAÛæ4"A;A,jéú|(ãfB«$‚cÉðÏI~¾çÉk\àfxOyŽaRf }S˸{¦V&Æ”0X ¦™[b›¡‘ö¾Œ«Šm£—¥2CgnûӁéÊ` ¸è¼­S~/€v‡úc±¿e%X E7qj¤æ+Ú ÑåNé¬= ïo\aí²ª.½B?Œ¸·Ùœò«ø’„¤jÚAËÚvÁê««fº/¥À¨neÎC_(âýqé¸Òá®òÚâh¼ûH4ŽÒ…†Ö0k}Ý¿Qž)ߦQŠÅjðë)‹EO­¯w_ßñ˜ò¢\Қ‡‹Ð¶8¼iÜ5Û&VŽ‰À+¯7óä6*Ñ-_í¿/þ0WÈendstream +endobj +665 0 obj +1684 +endobj +666 0 obj<>>>>>endobj +667 0 obj<>stream +xWÛnã6}ÏW ܇zÑD¶¼Þ8»oIÛè^ŠèK€‚’h‹‰TIʎÿ¾gHÉV”¸ÛHli8sævføÏEJsü¦´ZÐÛkÊ닻õÅïë‹yrsC§?v‹/sZ¦i² åÍ +Ÿé +Ÿ­¤ Á[è9þüìã{J—´Þ@ýõ >áýœÖùt‘,’eBoÖß/fÓNl:“>ŸiçöÊçe’½‰KJÓ¨çj±‚žéºTŽ6ª’!oMåȗ’Dî[Q‘µ.gªÖ+£É »•Þ%´†L<æÊEU¨.Êî¤%“}—¹'×È\m ÀÇ Ç0æt•¾…Ã0¿1UeöîCD7§÷ .¥«Å»„ÝœR÷ó½î«BhŸ‰ö&ÆÏé {s/íNåøBÃ^oÔ¶µ`ð(9w¾{¾H“롽F ÌŇ)4֍ðç”Ðmå¥Õ0·“$q%c)¨1¶ Ñ"Úw1#aeˆÎkžÆCGÛÑrp‘F^«B4´W:Sº8ȕ¢0ûÿ‰~kMۜdŸ»:ŽKiœwa.²«ÐÇ2x‘£sáam/Êñ?cóÜ~´Ë!0Î/T¢®UAEÖùq ×9tZú½±G§8ÄG½gªC"™öx‚‚õpæL>k¼Éц]äŽ6ÎÈÛ&ÄøÇú],ÿ^ýs<³=?\q^ÇýºA€Zëä%I‘—d6LNR-óR`Í}ÿO«@x#|d®4V ÏL!rU)ϵ.t1C¹÷8¸¾¡ÞZ°EuèìØ¡oNYôM L>ZJÓVe’´ñ²ˆ–["ƒêr€Içg5‹-0·¨#œí/iýë·Ù§o½4C¡jŸ S«žN}V·z@j®…z%ø«sՀ9$pŸxTzKFƒ÷hjØɇ=Œý¹u&Äé˜f™Óçhܪ"Qô‡Òí¹¶iŒõ,䓗šEpC!ށª»¨Rä}Rzc…󶛳c&iäT´ç•‚Ó.å‰ 3ÊMæ…ÒÃ!×>ßÓ_à07}‘þîÓ×ûЛ ÂI·Ebp’'…¡-+ð4#˛Vç<Jã@1ZÊ"¨æ3ä¢  ò%‰AEa!æ QT‹Çp F}ÑÃTÉÝH|×M¼)KŒôrV© ŸÿUºÄ–:µÂôáMœwð¨­<'âIìKhŽŽ{ŒB Ëv‚0t§lg¤œ +´Mî ´1òà˄qLFXa1¾0;PD§¡<¸ôc &‘ò&À§LÔ ž0ü`3˜Æ!H·ÜÆ ¸Æ(íIyNê1Ç°1Ω®VŽÐ‡a}Ô  †“ äçS½ cñî%×feø42ÊÒ¿N¾Ò£ppɌÃH +M°/È)3¨~éBGõj8¶ütP¸ý«L²áАaY‹ëØM¿š¡ûÅl¸†¥/Ö°·I\0ëœiò=ïè ñz^˜òq/=ÉçÃʂ©jEfÚH¶¡ù9÷^±è;†æÚÅç ÿÚì5í„U¦u/÷aʁ‡Y”ǀ“ÞpRBô&ܑm¨A$mrI“Þ«çffiG™2Dhrÿùn”Ì — 㤖‚#d,„ôo#ð3ù”Ë&¬£`¢`ò¤4ËUã8è´+*f½Ølfd9βA%a4± *LͬÅGb÷G`“cÍMB¿N¢¾ H¬ {ðw1NՌુÎ"R6ÖéÁ.irž™E Çsv Vä–sèMqÅ(A +99îvL­­/#Úôڗ#WÂ\(R,l…0Jñ Ô)âä@E Ì,nYÌZNzŒ*ÏõÓ&w²"¼À[w+tŒàÈøЏNƒØr‘¡ áìqôÑ8–,Bd% p€ûq +ò6ҏ<ÜC"̑eø†Ed§˜'ÁA!»qØÍBìx¯‘‘x- l³Ý爐3ó="؍Àâ%¢¿ÌÜt¬Ÿ^¯’׶4^Sîo?ßÝÒ7kÂýè7“‡9bÇȯ¢øÕjÛ]Ñßî^¿ü,WKè r霃¿þ¼ø&wÂendstream +endobj +668 0 obj +1574 +endobj +669 0 obj<>>>>>endobj +670 0 obj<>stream +x¥X]S7}çWÜÉéÔÆëP ´3@œÔS ›Ix‘we[aWÚHZ ÿ¾çJ«µ³™iši°¥ûqî¹çÞåËAF#üÏètLoN(¯.“ÅÁhxvF»»Æ/#úåô ¯Çg§xÍÆüŽ•´â+øvºœ?ú0¢·´XÁö l-Šðñˆù!µÿîµúÒHº–þbz3§kQI÷ëëÅçƒ 28Ç¥îlº3;¿ücz=¹>ŸMލF¿Óo4—öIÚðM咔#Ûh­ôšŒ¦½ã?bø þ(µ´*§™È7J#NÄG‡)\_^ÿ€Õq÷Jè™Ð)j‡àÿOԟnîþüxwsû.[rÌïM%ÒΓ k¶ðÐÆ8Ά'û~´¦©ÿê;7£¯  X¹VìN´|!Q–TÉj)­#³¢îæw€êνËò½D.ö֔%[;b¦”f²Æš»ÿn³`›W&e›°!ÙÆT#S-}dÝt¦û‚•£ǔeLùAFƒñÉpÌhO=¹iJ€#I”üFø€S¢Ræ¶PâˆT–ÌV1Ï G5*Š÷I,͓Òbªó—¦'”;añ&ºÍ8¼MÞÐâòöhzK8é<Ê#¼2ÚÑvƒ’ŠßÀ/Á¼{A1+E¥4êj…7–¶ +e¥B"y¼.Óáì‘ôùÑÆ8ßÁغǕöÈûë9‹¥p>‘yLˆ¼ çL®ƒ²U~C@BEa¥sÃÄܓá1cyÏ«ÆKµQÚ3ÃòRXµRyH«õÏ!L6Ãz«søuÔ»²ÒJ•Js‰$qäVæÆŽ +õ£Úš'UÈÖ|8•’“#ÿR3D+c«ì!ñٜ>)] '´’Úî¬%܁ҨS ~z܆¹`É%}àû=¯•x¡À)) Y é\“|U pÑ·ìˆoD 7¡äé}ÑVp8» Rf)é9íÇQI;$p{…„¢³j‚×֑!—@a@Ñ öz P›ÁbÑ€ÁEn<¤o Ej‚Þ)ÑSáŽåÒ éÓFù$kÏw›€¶¸he æ´a€9Ž€T“ÁcêìJ„ÁòM -p"dýjkìãšGÀ+~¯b¹_ÁCP‚4`AFVcÓxÁt…´10Ù +ŒœœZëЂ|Ĭz€!¡;a$°1¢óÆ* ‹ëeÌZîÊ}ŠBm9VV<¢ýØ[ëÀ$ ßóÍ1ÖVU¾ í}­UçIY£+.iˆ  t)¥x3àïhTN”G톫xÏcÇ:Ö7ˆX ­UK4%³”ñku=¥ÿsЛ5ïx׀éCŽ¨TÀA“j€=b£Ï ¨ÐïŒb +œ +4ΣæɁ‘1ÿãünB³¼$“¯CDuóM; ¢þ~•r‹PâœÇ9ÇÛY+óۍaŠðˆÞK­ƒ Ž § J/dêÐ3:ÚtñðFâALmm\„ éƖ½ŸOîÂûIè”÷Ø~Iö +Êêßp7~i”å<ÀX]Î&6땀XxÞò֔`ìϞ=ñÞ&0.jl?i8v¥J­Û<&2 2_†ª[Ya!HBÕËS߉5苺"°H´º79ÐFüP+M‰çq žµ—.0KÁ„ùì%§ù‹'³—bgsåz¾¯Û•¼sÖ^îBº;ñT׍§›Æó·yؘX髡Թ¨]ƒ•£óvuu‰¸®ÌšÐï+¥©]ùvç}À5Þ‰„䣄ÜÖè­¦ô¡d ¤×ÂÁLî§ð„Ÿöâž<{¨¦,zùÞ3ân·9Öú¯S¥3œ,»—…xÿ ÓidûǭȱÒä9ß½†™] +hÆP²åKÏõ5 ‚ó#ª†b«¿ì1ºl—¸„‰£>(ßäï÷bÁºÏ@-â–Ä?òsXÈ0ºû—&èši¡rüz†–[ì%©0dP#S6a(W’AQ®Â´£y&[\„HF}VeKλv»¶„Ŧ@ã`™mç=·ÁžJ†0,Bôáa«ßÉ‹q|tï=¸}xK–Ë?cgç=s÷¤:¾f±ó:×¼2\bµ=³[¡ŠãS^RÏQÍ=±èp’ÈàùH3™ñ„d0’–Íj:uìæLömäÌåL>£€´‹æÇô¶WÌvÏÂL"#At‹¥ž’ºðΩm_xMà‡¡$Qð%¬Í£:A˜À°yÊFƒì—žgìlç » ¢GVèúÖqÞoyf™¥ÇÉiï6ŠavÞWÖT!áTÎèr¤€*eCkƒ7°­¬7½XQCˆ¼ª¨5Vˆâ߸×Þn+}8åÅ4€i.â"ÍvcHáÍCµ”¼n }X“1j—¸‡í(^ß~ÜÃù\+DÄ^>œµ ÙÉéÿ*rŸÇç糋sºµæ3V <ÁçØdµs™ï âñÁé<)¿KÉãÓcüé$œÍ26€øëàí¯ˆendstream +endobj +671 0 obj +1999 +endobj +672 0 obj<>>>>>endobj +673 0 obj<>stream +x•WïOã8ýÎ_1*Ž•hi»,¿´:©”rW ºÍÞj¥J'7q[‰ ÷×ß;i §À-H¥$¶gæÍ{3ã{=êâ·G§}úxBq¶w퍢½nç쌶Åÿt©ßÇÇñÙ)~:ïô©´àx‰c6X~t}L½E œ~rvJQâßw)Š„Nh‘–v%ñ·0¹•¤XÄ+yÈ_5‘Ð$œ“YîÈ’ÏñJè¥$A™´Vàۓr+¬Ž2ìSšŸ¤)Í%Ùrþ·Œaã‡èï½.µ{ái”8•É¶)%2kÛ!%/hì~±¤E&IYRz×k`п*¤5i锁k©1eÌÙ2Ž¥LiŽS9ˆÚ™XèWƵq@ËæF'ŠV0†5ì/(­+„SzI SPiea©íÏTŽÝ„ø ;Y(ëTLfá­å…q&6i§²Õ?és <¹Ò7¥ód Ž§Ê­\"Mù™|™Ò0ŠªÓ&Ò]Ž¿L)„ìÓÁÆcì@žZzÅÞKšŠl.^…(”êQ¤R»p$6¿8 ›ìZÞ_O2p£×Ev§˜]5£Ž®Ï©‡h˜?ŸNC`[õ;Èiðäæö÷/ÓhJ •Jvh—xí>xÀ~ÏDDkä1!ç;XM":†Hõ»à´òy<º†D*2oè4¼˜Í¾'“h6›~ŸF£ÛýÙìê~üçè~:›¢áKo@ê„b£PÈ0]Æw4HÐ9ÆË]Jj0ÊAÉ+¨s¡ +˜3¬ÔþP…Çkã>ü\`Xf©Îµ·Âƒ'¢ò$yÎ\4…B*eòš]cP}+æ£h,¥êA^ԎœsÒzÔî +l¤êgŸ†&_j¹r4;ˆg¨w~~F·*.Œ5 ‡×E^+Î8u›Í5¯Ÿ-!¯‚¬Èräx—,¦„æÌ}Hbc Ê°4L9>¸RÑhÁ<ʂ¢áÝÑøNCñƒj¥¯ó³¦MσÏ>#>„Ü{ä-Ëg›i9A fl²¼D à¤ÙƳ7ñÀW¿²C4B$[¬É®L™IÕòGB¡P*0J-“à ·õlç°<q²;üMËL*.9›44:›¢*Ì¾Ý`Ñk~ÖJágn£µ2G eÁƒ h©pÑ qØ®³â˜K­ýÖ¶â6ž Î-¥–…ׁçҔHzé颾¢|›, \³2¼DKü¨¾Í‰œKÀ6ûИŒFÇ^”;F e~aøž¹ÁÍ`B·B£›Ôïá>ǜ7ù줶˜/Ü~_K¶Ñq/öý»ûÑ;+®¾Ü^|NL†Búë;KǓáÍ׫}f·Yïm¸ý6žü5¸‰F÷“Aôž'£ÉÕÿ];›uŸµF¹ÑF·óBißð7sKž›ÂÍ>4EÔôœ®7à ½®d^M2¾ÆT³F¬zŠ°Ôb˜[aŠ‰ØÛx:§7”Ðe#/ÀK‘x±ã ¿ö]Ä º\C Q¦îÐoSL–¢ùxž‹6G†A +Ë båÊm4zŒX@攬a³7¶3-„Jíϋd´*¾ N­ý]†µP–)a­‰ª‡ÝˆX@ksZ *ʌŒÕB…T³—ë ÷.()v–Væé͓çf7`Á%05Koü÷¨b`<—+ñˆG×:–úQFsÝáIÁÔ(7ºÍ™dé„7¡&¡n0$§C +S©–°kz +h Rž–“„6CákÕ3Ž—²ße|7©‘ðsnú„¹¼vH‰Ô¡]-WlÑÏ÷`K£ÿ<û@MO|…xÉK>ýQIt¡ŸgÊÔ'nÍÅ­µÿßzR‰sº[½¿næ+4ã˨YÒÄsÏó¸ 5<ø¶LÙV-Ÿr/ +ÆBલð È7¤ÅnÚÙ)}ŒÂ¶e ú:¶ç‚uÆ¢:Üè8gsc&·HÕ?ØTuŠ0Y#$€K2Ï·x˓…§§,1Çí‹}Ü||ŸÒ Bánƒ‰Ä_ùªy”ïFŒïÎün.Œ`q@-(¶¼50¯Î`¥¼zØÍpãaÑ[ðLMTMªÇ7¦¡1BL‡bÇ,Ê«¤V^ÎS·XŠü”oZ<–úvNÞ€ +/=¿­yüOqé㑰5)Ót +Í¡»NٖõFL‘ HF'mu 屑 ]ŸU——ÞÉI§G'ç½Î ÏÖÓÁíå€î +ãïËW&.¹Xø;!ïk÷NN±¼}ÚÇ¥=9xãÊu|zŒiݯêõy+îvìý Ì£Åîendstream +endobj +674 0 obj +1741 +endobj +675 0 obj<>>>>>endobj +676 0 obj<>stream +x•W]OÛH}çW\%›• $!å£o@Ân$HYânµ’¥jbÉ´öŒ;cù÷{îØqZïBiilïç¹çžü8Ò?C:ÑÉ)EÙÁUp0 ýósÚþ²¸ÐÉè¢Jãó3þ|zÞ“•”ð+x +;Í/œ?¾Ð lŸÂVûÇ +¢Õº´”$–©¤ÂÀ’ˆ©XIJ³•q…£Dá+£H:—”iºîS°RŽ¾Ë5á¿RÇÒþ|;ÐÑ‘ÂÎá0ÌD´RZ†¡[»Bfa•ÖJ]DFÖ¤Nx$퓂ý0L…΄ækiÃ0Vd²O4\;„ Œv+a¥kõ©´ßÊGå +‹p*ËÓ5‰8¦N^.Su8SŸ$ŽPb_ZÙo³ÚvµÔ½šþ1›%3Ýé|òõò6˜>Ì/ƒ)WéÙØؑHSóLY™*GA»³ùõíçÉ´Õ®+ʅB9Ž z´¦Ì%â4’cíÓ¥^“Súq¯?¤t”–±l5ü¬Ò”"Q:´±{³ì·XÆï¯ÀÒHn}HÚè£Ü*] &ŠÐ$qïàLs2[Ê8FhP&ò§-×­&Ê¢9páþ°MŽw.‹«Ù§i ƒ-ý( *Ũ8äçšJ. l5†ƒ­nõ¢O>—‘J€ZÉzi‰2׿NêýU +{bž|À$HÓ E«=BÈ$9Z#_ +©=Ø?¶åÑvŸ†ƒQÿø¿g~Ä-&Ðl¦º÷SêN>Ý}Ô²8¿s@ÔÅE†ßM®ß`nØf­ôÍ ®ëpÜií|è:.°H ‡©ï·x°Üäe*쎹*‡½Δ6Qyêx‹í¡¯Mj"‘:û´cË×gçšK#· tçÿ&¬ÕyM 9´¬É%Ö‚=wáNÅÌo{Ý÷þïîÑW›‹¶û4«¸W,Íc؃ÜÏe“NÝ"â ”î©G«Õ†Kxà‘ñV›­ÁÑñäÛÙ«ñÂ'ᶳAnejú{èMpƒ;¾h{6xÕù0$8ƒ06¼&[C±¦˜nÛ>ҍÀê–)4¶Ä?˜Ü[·ÊÓmÓiµ_mÕj‹'¡RÞãïg§¹)xˆÂüyeÀM~ñ#mladX£ž¹"2Yµ˜Œ&‰õN©1ßËü°=Hƒ=(™ð½y]bXæºÆÊ$(SZeeF~Cag[Q.-æ¢ jO‹—°•8†Ù,¸ v¬û'å6ªÆm%À^¡¹ +½ hMAbµ{r†u.Œ/±h,džb•áÓFŒß\ÐpÌÚk@#ˆµÑžúõOðC~Z o’}ߌi8¬^9±˜òbkӋҕ8ŒóÂ7…îôEéØ<;š4†ÐÔh¨teºrcrxâ£è] Ã/³ù<ÃÅ?‹`zw2 +ÃÉÃìïéÃ" §çÿm0=?ÍÄú.Îîé2Ž!Ä0^•|"Üb͸Y͙(¢Õv6j×¹À^ïÓ¬™lld²\WØൣ&-y©#‡Ä +lÈ2*Jn¯ÞÉ÷b™£1~áì +‹Ç7¸¾?žÝoZY»•úIY£¸Œ䒨G˜Œk9»©0<„ú\Ó³¨B’?JEÀ/Vë™>kõr|«tùBûîË":öºy¿›½Ÿ@3\@,ÿ7h†g§?AfܧÉ|A·~äö@ï@&¹XªT^¦oóån«6.ʜ RlÔª€šyyE‰ˆ¼5´.!©y²btþu™A@†õL%Ðv:éPG‰)&.¥„`€#G +šG ßcùy¥@+ÊUý\y›5=Õð•ç¹‰Ñúu{›¯ û†Îƒf¦í98P&ñ}ƒ!H´\Z샨£° +²ôyòM͑ðwŸŽ—ªÇ5uWŠÈ3*Òå,]¹ü&#!¨J†yE›ü>óUõ-¤nN¢?÷*ÏŒ+}¼õœïhÆÅaÍ'<‘·w· ·Pã2úÎXGïÐq–¼;…8¯¥³Ø”à•KàýU9xøV•¾ãÙ¨”´² …—a|Ï,yÁÝël—Ooc=ÜÚìzbAcM™ió:ŠÅeÞ¥ß-ì{^óÞðô¬Ï߬ñ¥wçÛïâòîê’î­ñ]™˜¨dnðXçôª·Žª×z¿dëñÙ3Ìf{Ã~ ᯃ§Ç•Ìendstream +endobj +677 0 obj +1654 +endobj +678 0 obj<>>>>>endobj +679 0 obj<>stream +xWËnÛ8Ýç+.ºrD¶\ÇN t‘ôhÓ ìA1@6´DGlhR©8þû9—¤YMÁ4¨a‹ä}žs.õë$§ þrZLé͜ŠíÉÕêäÓêd’]\ÐóGs:Ïgٌf |ŸN³ j$m°+‹9~ƕ|Ša¶°‡~KùŒVø_àKÖ'´*FÓìMvžÑë›%}µö¡­_¯~žŒ?Ï(Ï㉳é'F—qÏÝè‡2¥Ý9º6^6Fzº[IKÙ<Êæî59|Q…$åÈW’ä¯V= +i<ÙMx@ͦÈ'“|Œ)¹Zj£dI7W7Kv=¡³üM6e—w£鯮¿/]d”baW²!çm#ë±8¦¤ë[e‰‡¾ž*ÔÈ{å7®÷$(%3p\hÅ“Š!¯>܎aÎIßÖT Gk) Ý«G|®–Â!=#c…b%ØÿeôŸ%ëÓ9Z‰´V– +k6ê¾E@K±] ò69nCJ‹«·±Z۝2÷T‹©!r2R–œm÷Ù;›gs$Ôçï,£/vGë¤d¤lZSxeÑ>¦A…%À£”µ¶{PE¬5ڂ~$MÉ¿»b±  XKm°zœ*›Dñ£mbmå)}[v”¢­(*e@¾ŽsÜWÕPÇéHUº)ù.´< ^ò’°ÐŖ$¡S¿¯!1†l-ÁÙBy¬á`Wjkh„vö”@Öãƒ&=‰ÂØTÙ »JB€dß1àhwàߋdTk®dFn‘e²“`(B7ևœzõˆ¢2NìþMGúÜ8M:vJÀaßÁ×o_¾/WKÒA·!WŽ¤á†–§Ôë#ä„+Ù¯9úá¬n¹hG'¤/†Ju¹XP9r€Ým7¶0 ­¯¡ÚI¬áK(m 52¾dɄ +ÿýñv0(Jxõ­¸+ +eÉF?¤|ÚBC®Ö˜G§Ô Ù§®<0- +*©!þ!ÖMdÈõÐûald˜q0 +l8åÛ3—»nì£*‘Ž¸†•0÷|æˆ<ì·9—´d"J\÷CסêX1 ºÖ{²kÏ%ˆ|[k}ŒZœ†Ýᦠ,qµ3ú|æùY~N˜Àú1ðX‹+©ƒLÆJ’”>0Žv3ÂÕ”ñ|ÁDéΠôX6JQŒ-}¶Ÿ¨[©ûJ‚×míÕcõ‡—ë­Å'Â*¨äma5!K…#@xÒùÃøbíÀÅò8ž /bjÈàáVî`ÁuèMî•wY ÂûŠÊ +zJ떙éÂM×\ÆbâQ(-ÖJ3ðL›R0HõùaŸ˜¤xñxàë~÷¾1î d§»ú_šýáîæ J7ˆ5ãáw‘ÆǨ큺Ð0§ +žª\Kù='Ûð;I!8mĵ«ƒ*(Aø…€öÒsא’eWáæ«€MÉP‡ÞðJ‚—º(ªãÏéœÏYNóyß–—ß®.鶱<Ìè£-Ú-Øòä`Îâö³ÅožåÞãS¸ÿuò/9šë©endstream +endobj +680 0 obj +1693 +endobj +681 0 obj<>>>/Annots 29 0 R>>endobj +682 0 obj<>stream +x¥XÛnãF}÷WæI,ڔus€}¯g’ƞ$V0»À¼´È¦Ô1ÉVºIy”¯Ï©ê&E3Ùd± ‚l6ëzΩjÿz‘Ò5~RZÍèfIYuq·¹x·¹¸NÖk:¸~¹Æ!|Ì×+|Îfɚœ¦‚_À3Xé?púêýœÒ”6Œ/×+Úäòüš6ÙäIU[E¾=¬k<)*´jZØjöª!U–öÅSa]¦sò§:ÛÛÚxÕ[ق¶Ï5•Æó˙³Þ“³mƒÓµn^¬{öÔzSï`O³ùå⚦éM2C “7NW¶ÑÔaóo蠜ªt£™š_"_m“ÌÖ¦Ô möÆS¦Z¯=…ੱ„Êy¡´™*©Rž„ÝÈ5¢W(˜¸q’ªsbSNÿÚjßtQqj!sק£ÐE¡³ÆuyÂi“ï!ésê\đk…ÚzÍYr‘¶§P.çÙ&ªŽ·»²ô¬Ô EÔ¤ ê!)©Wÿïštpöhr$>@ÂȳÀæ\<šÆR3ÀÐË65zW8[…dЕçH `êóºd@X©X¹¿d\RÀœo·(×ȱ„$سT´pÁ¨Í¬sèZ†´ážàE׍däÿ"ªt¶W @ŕŠ©ç (GÎÏG³®´G£èþñé’øèÕ{0]H9¹ÒMvµ· PxбurIR*oÉÖ ?1¸¦Åú„Üÿ;ê_½¿¥tˆ¾X€ß¢Ï’EBOôÙÔ9sÚë¬u¦9‘=p]À^ào_"› +³cˆC¡»ô–ð òz­«’dêFïfØx=˜>c­™ œf¥A­=È]gît`À”÷ÒURž5 auQD¨wYêZïô p@ šT  eYСÊæºì‹Úòe¢’çD%ô¸ùøpL¿|C€ +äÌÖú’¿f¥VŽýÐo0""GÞT‡ÁD‚&ôaH§Ui~Óù(Ó +šôôpG ˜Æf–6ð ²?ÔÀÁn~ÖIR$<ÿP*ÖCáë®nÀàìÈûDé”õa” •k¼ Š;µL€›|ò…=[ï t Р=é«#)îѯ­Æ[x ‚‹Ð4N§¡á~`€¾½¨“ÿ–ãŌë¿­éá~N°¶çた?üóÓý»î×ÞmìX¤»x®í ÝËk±’D–e‘eӀ˔˜|™-WñaÇ4~Öϥͨ;˜-hŒ¨¢% J¤õŽ„2ˆ݁\qÑ>×–ø ·§FCÚÃÔ +HÑá·F-S°\³Í"¼ÊÉ?þüñ#óÀaÀiˆê%ä >X+)ëbI[üíþÝ=ëja»Ò“¹zS©Á¬]‹:ª²Åd•’µ%ôxG)ìqô¢²Üª~Põ.n‡¡¾¾A­â2’òFòÓwéõž™³ŽT(Ñm²Š¿•ôÄûËp[¹™sg†2öoÛvÃÊé‚ùb¥ëœ!ü íÁúí:Y¾¶~^Œ$ lG]@cO?t"ð.- +Üـ|ƒ 7"7àñûOŸ7Ÿ0i \aèð ª,(”ëF™ÒCÏ%jS×Z”u¢è1ț«Rl\Wځ”Þ. 'z +’MÆr’=Sz9Tx¸õ"î7É××øšclüáý`¯Ké`ó`¥eDž%àµ'ô¶,ÏNqr°¨Eš`Æpòò>¼ÚŽ +¡Þ¡ q/ª_'PÊY(Àu¬b¯ÝÄÙ«#ÀËA`¹³‡üÓÚ +ü“9 qâ ΋®™˜^Sejì¶h_?ã¼ ñ&$úÉdõSM£«æ•ëÈOØXž;,Ž¼·Ö#¯ÕTâcÁ<<ºÙ1ª«¯®%'zٛ, ñ ÄÅÊÀ`µU[,µ{›9 d*ãß3{À>Ô·«ó¸¶’áƒáµË C +qÆnœÑÁx¹äÐ)®7Îu傊[îA粟q£,ûX‚ŽVZa_‘z½°úrœÞat'ÆfÀE¡ ×ê©®‘ºô†]FjçëÌx’r·T—[Ȭ Wüª>«6ÜièªÉ1 xÓdbQî“BÄrýxÍ QâÌnÐ ·À†|_½~þ÷µî‡Ì 8p 1BWLm¾¤° E;ksÂή8§¾*#σâô>z÷ä¾È"¹ÆÙ èÜܾ|m‚ 2¹œX,l‹Í“+‚h}+Ó-©·_£óÜe“L.¾õtòØÝ(y…íZ ¸c œX*ÓÈLƒ Ë01˜U±¾ÒÍ@†Ábøº3’$O§¬ß­ù.ßãè:φn¸ð–Ë yJkž{ÃQƑÊÎK¥ÆRÐ_ÛÏÃåqW™CY¸ÃԈá¬nGE«%†|ÿoÂYñ¾wþ?@WÒÿ9–ó؞¦²ÖÉÿ®×èx“`Õ¼DIß{ß±e‘EÜiôª´ö¹=ô»­ÄR|§e&ˍ`Âý¿Âÿ$pý•#¡;-ÿ5àµò_g±ù2ak\4 ~5>ð7Œévû8ûýKôŒ}]½_ÇÕ2]®’ÿYY„úéíÃÝ[úÁÙ_ ìto³¶‚ƒþ†4 ǧ«™l£ÿï½ þó›Ø|ŀé‚Z~¼øÚÚèÙendstream +endobj +683 0 obj +2036 +endobj +684 0 obj<>>>>>endobj +685 0 obj<>stream +x½WMoÛ8½çW |r‹F±ÇNÈ¡Ý6ØštÝ´DÙLDQ%©8þ÷û†”äXMÅ¶-RÙ"çã͛7“G)Mð7¥Å”Nç”é£Ë£OË£Ir~Nûv8vzšÌiv¾Àól–ÌÈJ*pŸ¦i2m߄Cá lá%ô?`èäjJiJË~çç Zæáý„–Ù¸qÒVBK*å“,ß,ŽN®fíé1ÕÂ❗–”#+¬,w„sURæ2Oøü„Ž§sD¶Ìǘ-ÞÚw¸çÜÖ؜LEwןÿ"·s^jG¦ð¸­Å£$xÆGÒêYæ” |Ê6p—Á›Kˆ–¸ÔRTŽüFxRÁ ")Œmݦ§@nÛ²ìKÐ7Uåfëè♲RÉʓ7”™ª’Yxt+ôJ. R\TÕ'¥°äå³'Ñø n©Lxeªwð-)¢Òa8î’Dñ*€ºqžVî‚w¶¦Å³Ò¦ªÑ+Žº ¦®ñ (¥g´·•mZ¿ó®™iÊ<Ʋ¯À]ĬD:л6^ÜAâÇÐfsËÈů¼¹âœEI?ÝÐqøÄñevWûûñý›£ü D^',œÓV•%È뚒K9ˆ*¤®*'+‡ždŸ ²r”)¬Ñ}q¹Ü=G‚eQ:³7O¥©Ö€±4kÐÆ+a(T~àz#Ü&RD×MÀ ޥՍ`Æĺ¢“ó–)#ªœÈÛ¿Ô ž¤Õ.ü׀<% Ò£„À»4à(~?þ™¸À$3z¥ªÖY!TyÿfØVKTl%A$Ss8\‘ã™­ãYVbU¢¦ ‘±žû_…šÁk·#JB#¸AÛÀu ™'è5~ƒö€ã7V¢-MU¨ucCŒTçÔJ•(P Þ:πêÇ¿±Ñ p:;MYº‚œMñÔiÖÉÕ¥V¨ÙÅ"´õ^£¦ÉY’&t‰ørۓàzÉ5 ãA˶Üf§{%cbÝ·ªâ7& ŸLùÔÒ_ä‘ý}Á S–fË¥îEé2¸ô*aX¨P¥ ž\Mè‚Háê,Ê!µZP^Ôâ’þ–®¢Ï¡u§Ì«üŽ._¤‚ÒÁ¹®²]3_ÒèZúŸon¿³ 7Å÷¯qÌáÍ£löU'¿5´»»ÊYþŠgÆ [h”¥Ê@ƒÎ†ièßGP ÍB5žD© úáxB7è +֗.ÑV®@+kŒU¬h&umÍ|£«`ƒí±óåE/;¶F]¬Éð!j´ ²7¢]ŽPZûSÏe&—¯5¦FuìAô‹ÞÐ8äï€ÿÜsH À ÂSl®hV +g0³â” ÚYËùΆ½VŒ­ÌºAøH"ŽdN¡û¶?Í_ªˆŒ•še¾½ÏÚôà>„i‡0;[ßl¤·ª‡øÐIøWbþ°A…Œ@ˉv(ò7¡Ð±p½Š|‹*BÐðX÷ÞÅÀ;ñ‘Lƒa°H1“Ö ´Ö~$r2à öÃQ×yÞgJȕÕö¦Ý°ÄwqÛ÷ºÂ¬çä±òG£ KL'ü4<¼¡ó€L`¡¹«Ô3‰ ³«K-“Qf"¦öÕ ã ÈÂЊ£cŠÃnmy‘ò<£˜/<=Ø'¬àì ™‹[ĻUÑéÙ¬_ý~¥¢Óé$ˆÐ¡ŠNú»Wd'†”ìvC§ÐÖ^†r£QNèßêiÐÒ¸:0:%åýîÖÑ} +¯è(öÔǵ5M Áq¿@¼ôó•[}÷´ÝwIo!(-s$*‹¤ÑÛ†íºÑíz:Efg‚︰®2câ"cãÉì-æhƒî¬áâ ¬s d¸8ÒvȚóÞ²U î宗ÃîùübùŽ<Ço¼§¯Öýûh²q)Æå8?^Lñ«O>þ¯kÅl1ÃÄ&Ò9ÛE[þyôøfhendstream +endobj +686 0 obj +1525 +endobj +687 0 obj<>>>/Annots 34 0 R>>endobj +688 0 obj<>stream +xVïoÛ6ýî¿âÐ|ñ€Z²äŸí–I“t»›C7 ´DÛl%Ñi;þï÷Ž”,ÇHV` àXy¼{÷Þ;~oEÔÅoD£˜zCJòÖõ¼u;ouƒñ˜šr…‡.ûAŸú㾇ø(%-±´Kñɛ¨‡}þbá-8~ Pxק(¢ù’ŽG4O݂.͓ö´ »–t?£ÏªHõÞÐdN©Î…*(х-u–É’¶F+rKg²Üá?÷¢+üiJ‚r‘¬U!I$‰Þ––ºäÅ?Í¿¶ºÔ‰zAŒSÛ3‘/ ~Þ%UnŠ¨þGÕû:w~݉‡À&òѾ&ísÿ¨Ší#™ƒ±2'ù(“­•o«Ýƒ*z›L¾Øcö)uJútóîŸÉÕý-u¾ÒÍôþêÃÄ=>“@JÛϤӉǨé˜Ðƒ‘¤—(YÊuêÄV%Â*¤šjiÐ¥ï[….â jZH|Ɗ"eJ…z<àgôC—)¾X}†*ªR«Q¶*&‰‹~ ²‡H¼oґ)-®™¥Ìµ•ÇÞß¼ ˆæ\DÝÈDØ~vâ"ÓÉ7Aþ›RîP$ez¥ œt Ò\¢cç ­’La[”Š•!³Mք쌴–Ù…õªØ‰ U˜µÌ2.¹âPxÉ8 +Ÿ°)”6 }O}ãjª´ '•‡€ÿë¤U+"bYüñ¾Õï ƒ74ŽÐœú£XåŸ2š± »xäþž*å +fV–Ú¹s½óÀsên £Qkˆ;f˜Ÿ‚È“>—ù¨xîpiE_¦#l£[—*ÄÛFÈ”ÙÔBƒA€¼{œ¶{hÒ ž$=…TwJî]¦àŽáà”¬Å5ùÕoÓÏó)„Ñ'ÌÚ iÐïïFqmF+¼{Cd¹„¯ ¢®Shc0q0z½ÓÅR­¶ ½Ç}G¿O8Éñè>>>>>endobj +691 0 obj<>stream +x•Tßo›0~Ï_qêöÐIÃByLÛU{é-H}©49Æ$nÁN±IÖÿ~w’(ê4 $ØwßÝ÷Ýç·Qc¼#˜Å0IAÔ£«|ô-Y–ÁñѬñc ÓyÆH²¾O&,…FBI¸ˆiÜÞÎ!Š /1{šÍ /ºõ1äâ2fS6a1ƒ»%<)]˜½…ûî¸Ø(-a!„iµ³_ò—Qx›ÒqŠèyq™o¤•À¼‘o­jdFWï°ßH K^¯8( ­Åÿ܇ÂÔ\ia´kLUɆü”¥lÀp郂ǛëàûÃSþ¥i} A„…fm®Ž«Ê2_ÙæÔ_A<õ…A}"ð†•ÒaÉ+,9( ,ä.ÔmUÁEíûý¥y-/žŸ?ˆH;!“m¹µ{Ìõ?1¶^ a‚ú  :•QÓlŽx^Óu$íDºIÀé4=0epm´¨Z«Œþ@)üÒK±mÌN’„(+ù[­* µäÚùf‹<9Ó2ÖъCxÐyKÇuðÊàX £;T,€{v+…âpáŸÔÖR¨7”eÝpMéE#);©{ýX±Ó¬ç½ÊÃâÄÀýCÐ׎ÙÝÞ4¯P™5ÂÑ.%¤ýÚõ¡ôšðôzb_ô…˜ø‚• …ûœg€Ø>ÎZ}R°j(mä¦}í:ð3nJÀ´òÔ:>d¿QbCLTF 3~°ÏÐNüԏuœø }Û h{x+zÇ3ŒÉmŽZ>Çé¬_IËÁ4öӺЧ%¡›'ìw˜à>>>>>endobj +694 0 obj<>stream +xW[oÛ6~ϯ8@6ÌùçÒ{h»õi:Ä{ Ñmq•H—¤â¸¿~ß!EKV4,› +(5ÅsûÎw¿Íi†sº]ÐÕ åõهÕÙ¯«³YvwGÝËnñcF7 ¼–w·xϗó솬¤ öÎh±¼ÊéÓõ"[ÆOP†¯°p|AÓôÓ[ZÌhµá›Û;Zá;VòÉÇRì¼´t•ÑG£7jÛX¥·ôåýgÚK…rÞªuãeAx¿Yýu6£ËÅ:&¹Ôފª:ÕB‹-¶ˆÆ—XU¹ðÊhÞͶçØζ/¯æð’WÙ<£{Q¯ ]°±¸uIóy»uqËߓnê5Ü3úC«grçeíèa"·ïè¾Ñto*a•{xsAÂÑ^Vÿ…DÏx>ÜÿBQ+xɦ~Sºy¾ möÔxU©ï’·¶aÍRXýR5Û­XW’ÞŸÄCôÙM%Ù<|~xÍ9”øyC;kžT! ˆ p¸ °`¬úp žXéLcó¡íÜTS‘“öIåÒeôÅ*$BLŠ?MÎø2*ðS!såx û'4ü@^5 >!FCA<ÂG;áÜÞØbw!¼X H?Lb>ÀºÉTú|¤‚ÌôSÊÔ ÐÞ4Uþ}køÉn,‚?p±çˆ ¤b„°ck2éKáØ!ìô‡g÷M^"Þ¼4@§µ¬ô“©å‰ÕS³À±äѬpï(y‚¬ÌVµœ=†w1ܱ¢ðbüÛ¿Ð5 +˜fíÒâÌÌCم( +LP-óRhåꈊôÐ2÷àHT‚«‹‹6ÖðvI.¤­¨æÝÓ"òώšJo¬@̓a•`=Aäbl§¥óª)ä;vx¬ éZé)Š|Š§éLz_ýJpƒx˜ÏÌM!ǵJÕʧM¡÷RÌB:ß=2Gƒ$/XáÝ鎰ÎԘ–~F‚/[œg}oXs…ñ74ôàäHD]é¶Yc¼ùÚÅZ>>>/Annots 37 0 R>>endobj +697 0 obj<>stream +xÕXÛnÛF}÷W PQ‹”]ì}pàºPi­¾hWäR܄ä2»¤dõë{f—)*6ŒZeqw®gfÎèËŔ&øÒjFo–åïÖ?®/&ÁÕu/f‹&4›¿ f4¿Záýj\‘‘”àì„Þ\-ñúµ'‹é"Xž=\ƒêã T„w°dJë-¯V´ŽÝó ­£Q)ò?l¾)…µÕ¯×Ÿ.»yszDûTE)ÕVZªRI"ߢXTb#¬lGº¨„*ü‘{muRÑýíœd™CYɘXÁ^›˜5LhÈÞû ÒáL> +¾=¡»ºÀ`E£FCÍEŒGš‡¸;AÇ×Í[¹ÃA7˜ê*"—Ö6&Í æÊÇdR‘ë!=Ô ÌZ…¨é,&‘¡ì1 œV–Èàâ +`ôֈœDÓޝÆÓÚâ +†Tv†¶DA9éQ*Š-ºNmÛ©Ó¨huü¿ðÞ8ú¢ŽùB ý·à}î £§ÒCð§Oƒÿ]É·®¥:Ô0OÑgFæç)F)—ŒesðKP´cÏRctl¸`´ƒæ)AØ0—•CžÊÇÛyÃ¥ªÔèz‹AŒóB>Ví3Ï Üigb@2ɜÙÈl¶¹qÊ&P/ƒpô¯7#<ý£¯ÅXÂîÌBüVÇ4Ù"ÏÍPÒ n¥Ø¨ S\±b7œÊ͓i‘ÅN]0ÉA™ë\6ƒ‰•™W-*½å’Î}Ÿµ–«yRÅÙ9GmªTT¾ü]8?HgSú-ïs» îHekÈ(·y†?eŽ¬R÷L˃ÐÙvÛ¾í‚.SKå¹gò¤‡+êè ·>¤[!Õ"ÎPó‹£0] ‰ý&m| ”©„4ê’А¾™⒋ϼ4ö±N rªyQ@Ó=Ð^€YñDˆ]V\¦ÏpFImC©Ìʤ†%IvÍÓíªÈåìú¸ÎðÎ-¦X2ûkš‚}òJy½pì§Û)12ºm©+úôÍÉðð8iG7ã•t´^…­ê +º!Ž{…H)2õè•Ñ9üj#Î çmd£Š†à'ý蔓ž*]ží+ nŸm<¶üåv·éՌ±‡"â§>lÍþ J>¡ß~º˜_×´˜#|9M“àÿ'£þV £’ ô+Z,Œ.–ôqÄ«Ëîvz'‹ý(­ªòm:õہ6Ûðô´»Ç§?¾ö±<\’èM›Lٔ ۵ж’²àTLÙËn ñÕÀ‹Çª[áA, h›_ï;Ná +‚×Ŗàœ[9÷”GrûÖ7X&öàj8ÚH‚(ˬ!ÍWαNµ0†‰€3Þ­¦©Ø1Ýh95œ(QÃpMÄ;ܱnw…*p®B æFè‰Ýw7Q¥ é¶ÝÎXoxwÕ,µÓå +{ñòzê÷¯‡›ûw7ôÁèOXå趿 ò½±?>^Íð…K>>>/Annots 42 0 R>>endobj +700 0 obj<>stream +xUÁnã6¼û+Þ­°b$ٖ=8ÍîžRlk{Ʌ–(‹[ŠtI*^ÿý)9¼Z1DÓä̼7óôï,£­sZTu³ÇrvÿiIYFeƒb³¦²¦”¥iJe5ß û*+A/óíÓî厤&g¨á–¸#²¢î+/&ÓÐIւ¸œ´ð'cÿ!ÞûVh/+ã-oY±»òÛìc9ë‚å´Ü¬ñœãß +jJ”-GJ˜áqBjÁŒ¾lŸé£yèípàÖíY…/¯ -”…¿?ϲ"ÙWv”=¤l1®í~*F¶ºA.[ŠÒ‡äcT5A¥Š+%jѧ·w”gAà€°¦kì){˜ì¢-‘÷•¼=Ѕü-+³g:òåsÞÊØH\¯ˆO¸bΈ ‚£”9I}bk:B«ÈèDI-¨ꈟX|)ãEɝd T¯¬çWí»¯Ûò·ˆEI^ÄrÍ¿¢ë´ãݞ£©y@= ä Í÷Jĺþx4ÖÃ^’  wÿ ݊nœS’œ¤oH WŸÎ_î>DnPmy'¼°°ŸR€¼5j$t¡{jäY‚"müH͵¦W5ÅâÁL¿ ©Uezí Ý­É ç‚³;®ùAtð1ÕÒ +÷U8‹X‹†÷ÊÓ^´üU{ƒ +ÝPÛ»Aj(g¥’ãÅw› £Õ9ÂâɃ6(×øj¤„Ã?bô§ñ(iË}€F¦òu(øj±ÂgG‹,eëq5Ú;Å2$`§¡S\ø™À]lOà|bØ=8¥â…Џ¸S$஫EÀ®±[lÞ8ÆÝÉ»›A¸ž}7™·J`­Êž¶p#¨vô;Åd#Ë¡Ñ¡]c%“àÍîaÖt¦î•€•¹º87£ ¹×qFinË։ªåZºÃQԘc8Ò¡–7îÙ=?қŽ‹0rHIzMÛÓàÂ_Çô¬.éyw* ڌMÃL % S¼;€7ã=Y±fá}×Ádï¶Ï[úbÍ7$‚žLՇ„Ä9nǼ§’áØüÿ ìåzÉ6xa¾äÙÈñ¯ÙʁçFendstream +endobj +701 0 obj +822 +endobj +702 0 obj<>>>/Annots 49 0 R>>endobj +703 0 obj<>stream +x¥WÛnÛF}÷W Ї*€D‹º;@ +ØIÕä!(Z«ŠªKr%nBrU.)Eß3C.))M‹ à˜ÜÙ¹ž93üë.¤1þ…´œÐtAq~÷´¹ûqs7V+ê•{<Œi2›3š­–øûa…?KM;¾C¨é~Aü~ý@“1mvоX®h“È9Þăש:Tº¤Y@o­«L±'EïM\Zgw½1®*MTW:¡µÉô‹ÍÇ»1&3(<Ÿ]¥sªJ­Éô¬òH±Û !ÁöFÓ0˜°ð,zW@]WÆ®‘œQ¶’“%ËmRý…Uj-m¶¤7;·}A‡ÒM¢¼Íµ*Ù‘ÓU* ¢‚šÌîM¬2:}âóÀ…"¡Ä”:®li´¸7Ãiãf•ªŠj§KÇêÒÒ"B(SqUC×!=;QšÙ–k†€Ó¨€³uòÁw¨ÐÕɖŸxE*ËìÉÑ!¤fŸê²Í¥·¬ŽÊd*2™©ÎCr¹µPQ’ƒ›j¯I> LS E*SEÌÓUÐzs ˜&rñTdkqç†pnm•e«*’¡òëOŒšÏçHCN³E¶=ß]<æ¨WÌ/¯ 'Ê¡XHF{¨õ¨Jl\纨ÄIICW. jó3YÜ ãÈßätdÊ û©=!*üçbµÃ£¢ß +ó™(Wqj +MÛç#uRHTœøyKQ‰ÒhÀªvHèMa×Á­7–t¡¢LÓóû§Q¤äÍúYÊ+†Ûbgö5—¤¢“©RÁë¹_OZØh4â£Qî’ÝMK Èaý\Ě¢ÚdÕ1ö†:N–ó`E³åÕËiΙä‰ ÇµÁ#7V_€û(Ī H#; À-‰k¢3_u]´Ï, FY›¡Ó¤,0|i +†gLA׆»šzPôa{¯¯kŠØe¢ç0Šûµ§‹q§çš©Ë4ÍÖ$ü)|2pypøµ¸ àz‚lÁÝù’³&OmžzÝÈØbŠã˜1uô»­ œcö…ª8i.e)&!^‰–m$•nN)ÓG}‘½ àÎj†^¹r§þËìMсË­“$©7­]þ5=vÞó506«ïÑså™Y­ÁžÊÉ­ÌŸœ/Ó¡;ç‘ÍLLÍ©pêÁš¢"n¶–×…®!.ýYå‡LÝâxoüJ“@ï~ݕ˜>օ̒Ñù˖+ÃíVr²²¾®vó¢2}`àvÔLÀ³…ôz}Ó{Šþê‚ZéDU˜ƒ‡ŠƒS1ø¿ÑäµH†¬üLŒ—R7–Á|ƒz’÷C\%¨6·ã)Ñ i‹ŸÛX·/¼·ž09žÍ2Ž„“ˆ‡QCE˜F‘x*,U±ç‰ÒŒ½¦Hxd=ÌÙÏÉx<¾5ñV—ú{©àc© T¿%úÐö…_T‹Ð 3(ãr>ðb«`òÓGÎIÛÀ2¶_z\`b‘?Vúóæ5µ?˜»‘±Ž +P½¢çÇ÷O_•ÁÑ4AôÜmî6•ìÜ×ìXýÝcÙ²º‡$sÀW,õÝÙÛéÑ9B¦²½køìFi·³œé„äh0́°nŒú>³tÝ\~ñk;Ö÷ïqíle¯¿kÛ+ô 'ÿØ7ÜÇh.R¼‰åýHs›Ðr>ÿîd\C‘ž(¥‘˜Ä%…íöê æ¿t¥Q ýÔ)6ݽQ¹Ÿbx´¸ÔÖYâk˼pÐeno}Íފ„b3M *u—%®HL¶÷žÆd¹:æÅ[­-²³‡f»ívà TÔ,½¼Ä¥Æ|bÔe°$‹ebvg1Ø Xˆ“#s– + ¡ÆèšO¤ïœKØæÆ2va]2›hv,v™ÉM³‚Jðсõœ“ª#,þ® u´&Ÿ%H°GÏ +°gå‘ÁD–,áÒ½pE ó¦%›U nd~Ú²Í7~ùoOjâ7[ÎÀMø¨J“ ¿ÀÖñËÝßgc!uendstream +endobj +704 0 obj +1534 +endobj +705 0 obj<>>>>>endobj +706 0 obj<>stream +xuTËnÛ0¼û+æVˆUKvý8&MskÑ¢.zñ…&鈉Eª$eAß¡$'¨‘Z0 ˆ\ÎÎcùg’cÎ'ǺÀbYMîw“Kä9vG®¬6kìæÙ|>ÇNN§S‡ #š±Ô]up'#q2ö% :ÔÎؘ^Ò2¬Ž­ó/¥ð: s Zaã-„UQøˆŸ¢:ˆìf÷<™cV¬²%1§¿‚öÎâáf¢e1äÉh¤°°®ÅÁ»6膛½&+n&ûôgí!"öü…„³ß«cÈp'¥ÁØ' èù"+z"#à|¿xÀ~ږF–u­Ï PÆk7ä4RÚÛßQ¼ðsÓ36R³qð®öFDj7h2´|ÕÁ¨[/˗݄`U,¨Ír³æ{Á?%9Žm‘S´äاÍ6[ýãÙ2Ëùà›‹:$Œ7iù¬HO«¨å«ÂVk•>h‚K`Ž¨½>ת\cӂuvFM60•Pš[Ó7xSÇ+rg#5èLt‚(1Ò¥Vt©š°Ìwªá‘ԎG§ÄT”†ñ¢Ç Ÿaà%ÇÜÎÖÙ'÷Åj=®_r–_sö¹ñž©J•Ú끘 jôFFÓ;ÃôT¡'ì§`ÀŠŠþ†Ò5'DÒéäZí¥úÝn8=jú¿V.­>2oAËƛءn|í‚·Õ1n ØcË & }ýûÃeÆÎJqÖp­¥Î¥©YiՕµö•á8K:œé†–|¥Jód™S5F9Í]Wæ؋u=úf˜¼Ëdtï +qáúªÅ˜íåvËD¿—mZÙßFùj¥›*Iùv#ý¼ûz‡ïÞ=sñàdSÑM‘¬K\gCÕl(›^ÏÂr½dzsŠEÚÏn~Lþ©pendstream +endobj +707 0 obj +687 +endobj +708 0 obj<>>>/Annots 52 0 R>>endobj +709 0 obj<>stream +x•XMoÛF½ûW rb›–dYŠ{s ; P$iì´=ø²"Wæ6ä.³$­êß÷Í,—¢hEaÀEr>ß{3«'sšáoNë]¬(«NÞ?œœß]ÑbF[ÜY­ßÑCN³t6Ã7YrS¨ºÕž.Súöéã_ôEûÊ4q–Þ›¶!esúÓØÜíúôðöá-–°‘\g™nºq¶õ®¤ßLÓ6ü»›ã vwv1Oüðe:Oé£wÆ>‰Ñ¬Pö‰/Äm=¸m¨køë¶ÐpHÔè¬ó¦Ý÷®ç«”Hr£J÷Ôû[Ò|Þû[¬ùî'½#cÅƽª6Šé,]’×¥V&ÓÈ-µ1%,ÓÖù!Gö™•F[äÞ:Ä¢ùQãɪÖ<ë!|h[Ä) ÏùEÈ3ÄE÷¿NÏÈXÒ­\n¶{qÛÙ\ûrÿZîi,ð +Ñr®eÿªÅ?ÆÇLy½íJ²÷e®ª½Cç4‰X5r[¹–"®i)Ô|g-Çàì)GëÛçÑ´¦,Émônñ‰Û±5¥¦C§`¡Ô\I„§z»¤òÊX Á«U͔åBIZ·'Œ:ÍùÓ×'‹õ,]ÓòêºZÑâjÎû«’î»3\^I˘ýh{o¡« Qµqh™ë­êʖžUÙé˜>ÕÊ«J3Ð9O„2vUÑÅâ"½9_ãîêj2†uœ‰¢ó»EÂ˜Ó4l²¨SVRÓÕµó­|0#¥3Ì ª¡Ö–„+:§-Z̯ßâ‚ø³àl€ßV•ìÇo%­ï¦OR¼Vʚº+u°sèv#¬é¼E¸·ÙÇJšKËõ%zµ|·NgL9Ž¶Q¢$,—,‡n^¦‹”~u;†±ÐE`v°ÀÕýqr,FÂø;”0fú.á8P9á¥>Ãeöv¦-#Þ<-’uLïM׶œ,üXhcÈ͍× ¼g‰èÆ ¶ÕSªäž…¡„^xõÛ§à­-Rú³@󔕶ծnκú”ƒC4ì‘ï…„V}C“/Þ¡è­ÑmKš„pD µCÔ·hpÅ#JÑKÆƳHQWËcÖùJ•=‘GH–Å”XµN¹¡RcåùÙ±$ +É*²ÐµVm  .ˆ5§1ÒÁÖՌ&ÿp™dx?Rôó»¦)ÝH]¤,ˆ\¬ƒÚ{ׂëF3Å=þ‡ž5§SÓ_cä'ɋGéºË +ø‹YO&!ÞYí›Âԓ‡_–üE?â&ÂNËQž@£X{ U¯êIÓ5xô£Ó  G5Àˆâ[”ˆÅ¿ÐeŽÎ…Ñ`&qœ£n¨ºÖʓ ÃÎð9¼ÎdÒ\uû”a¬",v…É +~Þü˜]933”E¨ÇoÊ­|Ê՗Zò±@‡0^U€bO[ `| +2䧦$àîq‹ÐP +{¶ílÆÂ¥ÊIúBüHbQ‘@#¼ØšJcþ7Ζ{â(x²ŒŠÿÐöËÈÑëá¼Gíä¶`iñȒíõ¥¢c„ÄÆ9ûƒÒ3ÀíXN˜‹«ÿÓÅj9—éÅaÕ +zö:|ñâ…]àµtß ð +1p6¦=’™6²é²d»Ìá]áÈíl¨ô$ÓJ󹕀 îh?)ÅÈÌGmúE»ZE¿÷ƒóè¦7÷·_ÿ¸ýúø(PzL~cub;o'±^‚LcP›qˆ'ÁÐ4_F ãQ·ï?~¾˃½D;Ÿµr3˜ãx~bLB•\£šË¶&_£hüֈÊC ¹³²¹M#?Êú'>sÝdÞÔa¥myFÉWì¨ü™sì+Fp¼ÅðËû­zӇÛckXŠú>…­^5ÍÎùœr5ÇæýøöHåcÑbݔB8¹ŸÐà¤#ìyèC Tà€AâŽ÷½Ãn–¼ÜÁÆ,†Y¬«ÌÆC\³’×÷ª8Þ$ p.èTè×1ÛQSßÜ3{gõ¤É4=æJ-ZIÔwMŸ_gx *c†u)ˆ‘Y†ÅRÚ-ä:ˆJHVxäõ.·ô˜Èæ„bÃKftnšºTXSâô`àÓI©p.hõŒà‹…Kôr¸®ÅŸ&8…ì€£ê 2Z\V9ÔÉÖ"”…ÏáÀÉF²S'Ã|ÅPåE,lÂØЧ“¤Õ³2¥ÚðÆȓ£8ôgXè¼s²ëqƹ§tc¯<¡ H¡öX—€OÜ2P±YVu8çñ©¹?ãç0 -6“ígQ`t_^Ìò¡¼ý¶âö+s6iS`y~÷®ˆAKW|b½ù_¿'ÐÏ~CX®yªáŠ>>>>>endobj +712 0 obj<>stream +x•XÁrÛ6½û+vx3£Ð’lËN/Û±;î$N«I¾@$h¡& €,«_ß·)‘T’™Nf2²»oß¾}ð?GSšàߔÎgt2§´<ºZߞÒtJ‹+ó‹sZd4I&“ -Òx±’F’²$*º_PºÒ›ŠR]–¢ÊÈ­„£* +ÚhóŒOnE¢\ +ÂöŒDQè Z[iÂâeVªJYg„Ó†j£^T!Ÿä›ÅßGz;=If¸øfq„"ÓüdžÌéô⟁0¡ØyàÄ;šž6œ˜Ì’‹+Βӄ¾*¹QՓ“ʔAÕ4R¨¥)•µJW6àÐfŒ"Ϙ_L+D§LF˵sÈXîa;ka‹>ïOŠúGÅÍ7º.Tú́àœiiið“¥u¢gJú xÅØjA`ì`Fð…ˆ;{sHÞßý˜Õ֖‰ÕK8!¢¡g’)[b ö{>#צ¤_BmrŒÅŒÑÃ͗¯7_}§<Æ4²©D)ß ²î|é›ïÌpæ¬,4Dª÷^º«»Oþä}B[‚îŽãx~p˜•cÜä +½¾Òü­NK£3C;ðê0ˆ¼—õî̤MªZ "\s•ÉÊ©|˟éÁ +€C~¶@~»B1ývs 0r%‹¬­¬O¡ÖBÏ2ʄKaQß1ìïB“£á€ƒ ’©‰´ »®kmÜw²±ÒkWX{õsQXOɽ"ǜUC"O;–¸ ¹´ +^¡=œ;Ôd_°ÍZ]n []É©â×».éށó£Û5ÔþZWÎè"²@Ý +Øö"Sy«œ¯iDÚÐꇒvLVÓÝW…’# +Np#PPF¡sÉ ¨¶o¿\ëºrwòî-÷s¹;9{IìA–»iB·|uG‘úuezì´Í:P\€C»¦8~2z]ƒX ¸[óÌ5}b©6FÚZWó82Rdј"’?ÈWL |üIâáHL$PŠº†ø,·ð«ÊÏQ·2R’,d ü™-—×( fFwdFcmðÇ5zÑR9ÛæÏÀ¶ÞýÈùÐNmxN6òî¬uõg{ ž +½ôCš<\áïP¹er¿ñýΦƒ­²ç¬0,ýPî]Ýì,‡ùè:Ñ6zÏ8ìâè¨Yï¬áЉÁ(õ#;ÙΘŒŽÇú»_ veWü7™1¸CßKMNÝ´!kƒrõ"ï ÀHí¨êcòyü’éPmÃÖýY01 J¦«‘cº@nٗÁ$"?¦ 5LaÃl£•mQãÀöƒBŒ‚Ï;.”p°5Ê¡Qƒ¼´W¬Á5Ì„¸¶k?,…}Vv§€µ‘¹z Å{x:äAÑÊ»A—i*­=ˆ´ñÀ£(ÏÍ!ÄWkXjv*+nbLMf×½à«t/Fo²™ïLfá=¨Jׅh˜í硯%;ÏóhJ+¯t[i2 6֍úF¼ÄSA9nRCÓ"ðX6ö_cÒZ%Æë~Ñ/Q§•¢…x–ô©5î ±D qƒO”Dñf¥@£ˆRŠÊ»€ÊSòñÈHžºèDæ`“››»AòÝjەxiÊÔ:Ž>Ddî{ÿ‡1·Áx!Y wžêµ±\=±µÐúEÇ‚þ•F©I`¯u‹œÐGÍ2#^þIèf`{lTc¥Pï}ýkŒëó]à%¨awNOØéÿ|N'á!¶òœ%ô~çð?ï}y@©UµÝl÷bš³1·{|‘ ¯/„6 ÛÎ1~ÚiöӜ—ÝÎ*Ásd|˜:~s°O­½Ø¢Vù8†²µí¿÷ ;ßÎþaw#Fk…ƒ-2jz9ØÌ>Oºäþòí€2à•uÛ¢}Cþ0'ĕÂð´3ljä«HÙý7ƽ×éš †pà&‡ò6l{>Ã_²øÿ½OÏOñöô_œñix·þqô©B6¦endstream +endobj +713 0 obj +1783 +endobj +714 0 obj<>>>>>endobj +715 0 obj<>stream +x•WÁrÛ6½û+vtRfÙRlÉéÍ©›i&Ý6ê´_ ”“¦õ÷}»€$ +r:ÓñØֈÀâí¾·ËïgSºÄϔ3z7§¬:û°<»øxEÓ)- <™ß,h™Óåäòò’–Ùx¹ÑäufëÿZ²åÆ鬵nKv•ñÞØÚÓFyª-9­Jª´ªM½&25µØÿ×ý§Ž÷֕9)ÄtºqÚëºõo–ßÎ.éíôÝdcÞÇ_]|¼ŽØÆ42õF;Óê|í`¢·Õ"ø– +SjÊ ;¨7íxÈøA½í%žD³ùäŠA|UÕJ‘ßÖ@ã×žÓñz·Q‡%(¬£û%­¶„´ÚÎI PUó×·?ÿöZ1’´+›k,ã¨Ö}HaŸBH– ‹<üF9M!°¢Í³–~YžAšÏÞ!‘«›>Ïð‹µE ü=M‘!~}ó~2?¢üzr=¡/67ŖY”*"µWy?æüÍX>ãd73ýêvB¨7Uªøc¶QõšeäÆ7¥Ú&uŽªÊ*í:©ßʾœ‹°(+Mö´ `î•ôðù÷˜V]ÛÚzB¿Ú^?kwÎÇ£Z\]*MeZՊÌ#5×ü芰´Âž—Ú"®Jo`¦nµSYˆ"b” }‹Ú(—G^r¢Jù'ÖNŽOMÉ ÷î¾¢Jmë ‹¡ÆÁ0øT`InՓ®¡X^e¶«ÛTåŸ +Ò(§* ”±ïf»¾«!Ƭ$ß5umZ9V!ŒáØ‹Xɸs°—1TKo" ]5²·³ÇthícSéMYR¡L™äĽÌmNÜÓ:ºÍ2í=ÝéÚÀ#âãƒITx¨Ö¡CXª±Ë—PZaœ8”gád-ºœÛõe%žœ”ŸzPиhˆ&€F. bƒ=VgS MŒŽDw>ŽMö¬Ñ½`·N’ÕΡû"v“baüNW ¹q6Óy)f*–Úå&Tú•nuꠏo&´dKaóŽ‰om‡85ÙºÜ& *8|ӕpV)¸s0qÉðbíl×\?ÚK€&˜077÷/¡cãÉ莨·ð3éïàôÔë2e.J`ÃÜrLŽ<²báM®}P\P¯_ ¶ڊmèq¬¡/ôóuN’Î9Iéñ î5/F6…³•€Ø‘<Ì8:ÜÿÇfśkêù璒ûð9e*zƒà»ÓsI£‚ĉš¦„úÙKG¸pF¨“œ!…ñ&×Bïƒå„\ADÏ÷C„ µV1©“àà3¨†¥•?çÈÿ$­“¬ŠR­áž¸›µÏào:OP©•ÅíD +¯+mï»8_~|¯Tö$ß¿ryÙ:ƒbxãF¡ß¸q˜Gଙ*97ª"³Uck$™ªèև'ú£jä¼GntN£~$ý7zÑÊ´x\pCF¸sAd|ØáÀæ}—ÁïÒit§Kø5¢‰íáôƒÇwÏ;ˆ'lGJpG™umžˆÖ@‘È’’㨣n¿4ÿ9\ºewª›Õàbçœã¬ÈË9Óáj8]Ðßñ<‰{Uå†öè-¨TBA® Օ¸†"h¹ìp3`¾ór—J`Xõ~ÈeˈÄٍ{¶r¦½W0*þPu°å®Î6šÕì©HÿԘ>²ôB¦„è¸;FМÈZ¢ÃãØöø ôÂÞù4&F8õnPI?mý”˜Ð½¨€ß°Üƒ–¹7Žê.¥èԜi¯é )ŠÚR´¿YoJüÊ ˜0rØÉŠ¤ðƒr{T%\•çpn'JáÊB"¾rBƒò#ßè ·Å AKÌ6 °‡¾Æ%»1ÍəÞàð‡ÉŽsRøÓÑÊܗCçÂCœ±§73¼±ü÷Œ=½º‘ŠÃkÕõd‰fBQ±T0™Ãë‹LƒDûM¬à0Wíçî{äò“é0g\slˆ-¢°¯ý <À‚8¸-±-3˜W'ÓÝÝ·?…bí†ÃÁµ7.ž\#+» B‡ëVà-'Y±ïÜÁªçâãMœ)§óÅdJóÅbr#¯g·_>ÜÒïÎ~ƒåѝͺ +N"“:G–¿]Ìð&›ÿïkÍÕâ +ÇÈÖٜãð?Îþ²ãÓcendstream +endobj +716 0 obj +1613 +endobj +717 0 obj<>>>/Annots 65 0 R>>endobj +718 0 obj<>stream +x¥XMÛ6½ï¯ä²°«•ü½zHФŠ4mãc.\™^3+‰Ž$¯×ùõ}3¤$Jv¢E€$’Èá|¼yóèoW Åø“ÐbL“9¥ùÕÛÕÕÝû1% ­6ø2_.hµ¦8Šã˜VéhcËTÓڔ:­my¤J§ûÒÔGÊíZ¿^}Åæi»ùv<¦Ø>úT`“¢}¥KJ3“>UäÖÎüÚÑ«O¿½êoQmIívّê­&Úé27UelQÑg•?(ÊÕ®’oæY½¦àÍl0¦ÛdÙ >þî±´ûÝÝÁ–Ùš¨¼;ܽP]š]¦J}CªX³É‚&Ë(ÝêôIŽH·ªxÔëÞ!È‚¢Áfõ¨LQÕ²öÁÔ[#S°ïVWœ>É!%ü¿¿~½Jæði>aÏrZŽÛ‡Œ>s øÉT¼îRÏYðö‚ 9%ñ2š{[Íöþyå#u5õ'­•TՓd®5"¦¶#Ú©RåºÖeDoŠ#IÌõVÕD]jdÎåK^)¼(l-9A]®“k¤©2Ug†xQ¦75}+N¶…S™-€Ù£]¾4Dâ,µ`{WUº¨Ê²ã }×¥uÎùݼ¸KƨÃï«žð¢Ó‰V5 *Ԝ‹k7MÐÚÑ8ãóԈٽéÒ¯ìfjë½nÀéæÈÑJB9'õÖVüwwJgç9jp1^Σ{šÍ¦Q XM¯Ä?5ÀÀã¬×Ð6miô˽ijé¸^mðÀ!£vìG…ÂÓ³Êö€}EòŠƒÎÃqþ|~r~‹)i„0çûþ¥’wW +IYká"*Ù×]iŸc¥[g¼ETjóªÍƒÉ˜»¦ÞzNG1(‹[±ChË;>Û´Q©ß‡ðÁ4¥]ïS½ŽhÎáú6TwRd¤ÙyQ[Ð!¨&[À sˍË}¿[8¾x±Xø9ó³j>‹!”©ü랺ÊÇL3!™ÿ®_j·0cÓ¦uCgÕõ˜N"¨.ÄAx~NSÁcߛ¶Š§8@(dè+¹ÉÓô«0@ÓåRà.ÃÆ=´1O—÷½ˆ›)ÕòE܆ð@n§Ü–Ú²ÔÕÎòÜðLã[å<Í ÏI,gH<ƒÍ í\Æ>ëgI¦²g¥ŽƒZêþܦ0Ñ 2ȂQê€lŠGøë@€×–¬¶Ì–ÙA[þ@„׶¸n`ëÚrŠ ¶dÂB g䞺Æ÷øÂöÿQsV0JÃ3áÁâ>š„Ïr<‹ÁWÔ€Ü7ôßՈfó©³t’@cHhžë¨Ol§ÌÖ›”ÌymHlÂÝ®îÿ±f™x Kè ˆ°´q'íÓg;&»8öÅÊ ¢þ-yt³›á8gmçÞ5úÖËÙÄ ?„ÛÚv–1X’™à#ǖ’úÛQ8‘¢dîýbË5”’Ï[£Šß‹~ì´´Sµ"<Á½@I.'ȸµxƒÅâ—gîZWiiX<Øgh"1%ü¬_R½«!I¸;ôA±Úh†©8+êÏd‘e®VkÖ?ƒd¶É—ií>¶¬ã”Í`‡ë„6W[{\• ,öÏ9û—í «rU­ƒPÎd¦K-=Q¢ÚgDË}Ì:}íÄo)iÏ$C´¨[Ûæ4TÏîÞ2´6Hpçÿ™ûZ é/û?ðìT  9tàbƒ¢Lv"ÑZ"xÓ©–Z£C_¯ùM;~ðWŒ+/Št!î»yîѕ»ô(¨µun +"S¸SŠ7Ìd2]gW[ðS“UC‚¨j¾oŠzä¾å«*Kë–Y)¢8'r«0 \ãòh÷¾ÏNíw|‰awÀØ-çVþÔ͞o¾–um&—.GîžNN¼@€pΔ¢UÁNÅzP‘ÑFËW—ÕUq]{E§p{DçÔ&Ýgªôw*()‘B"nø—MNÃƲÆfw:ü³oÈÎÝ·)™$¸焉º—‡FSœ™Ùø Äÿâ‘LÆØê*ˆÍ—ÑìËké°Ë³Zh¸)ŒËrµÓ©Ù˜”Yœ~â$u}‚QÑÀ°c+¾}þ,*€Ôs´†…ƒUMÞÃi~`òÜæ^oüîýÒ§)™/pµ›ßO¨Ñç7ß¾¡?JûÁÑ/6Ý縀˴b—p™çÅ·‹1~AZfÑ,¢râJ²Ð/ÝÑÌ+Þ>]L¡ÿdëxÁ/Pß?¯þÑ)œKendstream +endobj +719 0 obj +1658 +endobj +720 0 obj<>>>>>endobj +721 0 obj<>stream +x­•MSÛ0†ïù;œÂ qãHÚôc¦Óii3큋"+X`K©$“É¿ï»ò®n.1’vß}ö]é÷$¥9þRZ-èü’d5¹Î&o>-)M)Ûbår½¢,§y2ŸÏ)“Ó+O¹òÒéÊÏHºÕFÐ"™'K +…¢p¢RA9OïN³G[ôÁf‹KìÊò©tJE•ðO¼gNýÊÖ:©¨[·¹­çÚ)¬;¼~x°¥=?,¨Ï´WNQíUŽ*|P"'»Wk/kÏ{ +ìNXËÇlt±\& Z®Wøâ ±¶ »·”¢Ffw‘2”!½‹d•Ðg:Bm íu(bR„É…Ë[ž[]*!€s P(v·Óæ¡úҝق»3mz€=ž¼­TWȇ›ÛAŒžî§¾– O'hANdMy8¹?ƒ`£»oŸÑN¹J{…žƒ b= e…öm?Òs”Ô•؃Æ€†hÝ$­Ù–Z|…½R¦áÚ¥¨Å«@ÏZ4å+Y;D¹¥} Ð8vh”ClqãˆX ,¡öDç¼£h/øˆöQ°/ìžêáSw•R@ÆRd9 )•÷D°gÌf÷F9Ò ,KêbôX#U0Éåù虾ôÅCÕHèÎ Y¨ ¥lõ¶l 5Šð44PáCf¬Ü,µ]´—È”Nn¾œðї¡žr悐Oü›Uöœû)Š„;ƒu3¯ä9–Ë FÂ;½È +ÿËZO@눾êD2“C ã4„=í™<9îC´|‹æý‹®QpÚL(u3‰@b‹»†0&¡ÿ5×>>>/Annots 72 0 R>>endobj +724 0 obj<>stream +x•WËvÚHÝû+j‘9Ç$0†ìœ‡g2c;N '‹qÔ@g$µ¢–ÀÎ×Ï­~ð2™™ÛÇ GwÕ­[÷V?‹©Ÿ˜.Œ(-Î^ÏÎz×Jú4[àÎèrL³ŒúQ¿+içÍJT¬iÑ}­ÊF•Kš¶U¥ë†TISQÌ%Q=¾œ}³+ÅC·RwG Öꌢ8¢÷eSë¬M¥K÷äâØ?™\òs¯åR•%o°Q͊š•´ ÷©–¹Fžû݌Ûސ}¤ZKú¢ÊLo Ýͨ +q2]‰R™Â*ª\²ldÆ»÷©\tk%ˆn§ÝO÷oè¡£"Ùe§÷>ÜL§TŠBfT©J>¼Œȵҭ¡µ¬ R1¤äãÒeþD>8¼s#Ê[Qn£9Ú6yn"1E-ë̐²È2Å ‰œmiñ¹jž°^« ϟ\ârƒ}˜~[”$ÍÛLšW¼2 +Ü K‡š-tMªÌµÈj ê›Õ@±&Z¨\jôÐÉEo2îÝÍz 3"Í@4ÔVº¤L¢Ì"â½zש¯g÷2ƒHHç!]ú›¡Ø|o ýç*DÀ¨ S`*{•eŽ…ˆô‹ú!ê %»ºÿò𒐖}ú}aâtNF6Ü»ÙÚ²šbþôé·³ËatA–è?Žþ[NSî + w-IvíðЩå» [»ÃUë%uVMS½êõ@8¦¡‰ŒnëTö¥ŒJÎ.û‰ßbr€1ôgHžª.Ãà›ÂÓÚFÂÅ&Ë:p4]‘04mDݼÕé=G*ëszW¶ÅznÏ9É&"pþ¡3•¨ÖõXÆà ø:PL@7šD±ÿ¶ƒn8æRï+Éíôí¨—¶Ü†hZH4ÿba²2*TZk£M”ê¢wû@bbº–h|,Ü؃á€8 ’ŸuâÕý{ðçøܟ?˜D#¦ù~k1IÓTCo4+^N7Ê _@Ó77؆‘-8¤çßdŠ{'¶þ_íÃT×kBh~† ,þ½•­$ô§ªÚ܁(jÝ.²¶F²tA líYn2ш9tÖX,M…z¦–ßôœ>ü¿¶›ŒÑP݀Ül%Q°¨8—²$£ .äѤº\´,±$æºmh³[ šÈB*¤€öB}p]¢Ä@³¦RÓð‹ðŒï­ª­äs:–5;å (9Õ³z7ÅUilHy[/ë+m¬Õé:sඋp[-j]le*H$çŠæíòhgù>`ƒïì# …ž,D¶ïd‡’R@‚iíÌ×Ț•»Ò¥ãÔ×ð‹c—óòÎ á7}þˆqÆhâw¡£Š-¾ºLaJK¡ÊómŽÇn‚FL(,}”n®!9‰¶œòø2f‡ÈãeT’]? éFZp^§M{‘rü® ά̸&ù¸RsõÜÚa”a,˜<îêrÅ X)f;UdÄgùDNˆµåmŒW#"mœ|‡8Ë VÈ?[É'`wÛ¨\ý@&P=#‚÷oo¥áÅ 6xXå¹Þ0L·Súó5ÖiTš#Ô!€¨h\Û++™W¤ô¤[»W&Qz¼e‘ ©ïûö+/6#ïÕú]oÔQÕö|Ö¸Åî4}FEˆç8Y ;–0‡÷7áEœÓÂ8¼a<ˆ0[ÚoÞvægæ×»ÓAì(´s\茶éŽÌÀ_íý=ïyŒLïc<žôâ^ÿ"ºšÞïbòî ÿ)¹H àìTøŒ?Tkæá0Å&ñøÈÇFvYÝjÙÖVYy“Þõ…Ç4ž$ȹ›LØþ²ü}ñ•Ö&"÷EÖ/¾ž C ‡´V<^".;‘ì€J(¾¸<êähê$¢–pNØ.OÐT0 °bvºñvXè3¾ÂCÅßPf«pÏ»Û7ç Û¬ +:‘ÖR°ºv^h=ÖjÖUÿš]߆rË$tj¸ï”Í0X{»Èш®©·Ø.'¥~Z6Od];š gÌ·Œl{ôð3·6 b)ÆÉ£5 æ–+…ãêkÏF…ß™åôù ªÃ²4?–^«©ÖÇ*¬îÊ {‡ÖãiSÉT-ÜA",j2¬®~3wJ:U¶ªþX÷ña¡lWLØïQ~)+—rЀ ¬;èçóлL.(˜Ë¡bÉj!Kx#ªûœ¬No­Ü•â¦·7ŠÑq¶Í¼œ¸³kÍÂk†kT¯k½ë±/°÷ß_;Bq.ñç§dÂР؏gÿ<­ÉÆendstream +endobj +725 0 obj +1754 +endobj +726 0 obj<>>>/Annots 84 0 R>>endobj +727 0 obj<>stream +xXێÛF}Ÿ¯¨##Hê#ÀÚÎÎÂv6™Y,™<´È–D›d+Ýä(úû=UݼH#g7<ÓÓ·ªS§ªN󏛈¦ø?¢eLɂÒòæÃÓÍߟn¦“ÕŠúìƒ)%Ód² Ùj‰ß£Õl²"«iË[0‹sº°þþaFQDO[Ši±šÓS&óSzJGO{í4”U¥®µuw”WiÑdyµ£·O_oîâ°wt°y…%”Ùü?¶y¡ýŠöôQÎ)سÑ|L¦V§¹ªuFªÊÈíMSdT™š°‚/[«#6ý×Ü$ëédM‹%\§’fÉr² £‚ÙQ8³Œ09t§q¸$¯¨ÒGüpµ* +Uç¦r¢c©40+¯¶Æ–òw2ÕûÜQºWÕNߝLÓZhõ~Ö+´€;‡vÀªÅª³1XÕ#/Žþ֑K[?ç;ëp:e#Š~»ü†í#2[ž'+¾l%“>Äì̤M©«zò +FÙñ“óx2ÚÌæ` x¼ñÔ¹6ÓB0¿Š”¹YÔýLŒÓ[âÝ?¬)š1Ípcv h¶˜Ä“hB­†ÇàÄoB¦7¿³Ù==§4Ž—ìÛ§ŠŒÍ<ø®9Œ­%Í¡0J¸i¶tÁG!$øË,Wclñojªm¾k`¤’.S³߳Ё··Ø"+d ÷ôð›ÀlÎpfæiö¨Êºu`£R…#gH,åó ë‘)'ÊKö@U5=û,zÃSÌ*§íKžJ ®oNDÿΫÌ}yòÞÊzd)“ò`ÍKžáˆ€8ý +l®±ç·­‡ñLÂÿéi^š,ߞ:s´…C®ÜL9nSY&+v…Ù¨¢Ot'))‡VËښ¢0GŽs[$Îy(ŸG€65uH:g–@=(Eô¢ŠF# ®I÷¤ÝT½¿•Â¢ì&¯­´ƒ‚²Ñ â¡P)bsÌ뽤SSubà [鏆–ébÉåµ~~ûƒgã”ÖLâdœ{°~ó^ [Ù.IÀðß;*u¹áû«Ze%*ÐΚæÐV˜¦6¾\¾ÚÀõUÕÃét݅’Ö¶Îµký9»Ý”Q +ò4¯ @¤B©Sn¯l<[@?Ò߂Ùai¡LÀÃaš^ÎÁÀÆûÆÙû¤ª¸wœ ÷áäkÖîΚÌ7l;]ugcAvÍH}w X–¡hÃÍïòѬRf"`éò¶+èA< §Ü1a+:"ݵήõŽáù +tÕ4vP× s µ ÂÁÁ·¼nYˆúdHÿ 7®ž\þêô` -oîøb>õj+Öh\ñr…l*i¾žÌà ´Ìaˆ—kɹ3…Ò6ßÁ֒VóîÐï¶Þ^½.ïH:Õ$ÝóL:8ˤ03Ø\ßP‘è@“»ø‹&*ô‹.x¥‰æ^aÒ_„?kÇí¢ooÍ!CE +ÐEñ*'^ÌÑâKŠ– vQF­‹¢—"7{€˜…Ž¼’oµ/ÆíɃ³JŠ§Ñ$œ<c6F³̞‰ÊVÕ´¦^ZÓvŽçÑüù-!*4‹Ï…WðŽ¤_em¾¶MÄûåZ³û“•hÃ(Z1¥dÔ㔬/´!7u«ÿhr«Y2ÉÕ-:ƒ€{Â*©?o8ÆìlÆ1ênŽ1 ŽÙnö*v÷ó ªƒ—¦úJy^*_×§Íˆ5¶®2ôA»7»¶Æ´mÁԙ/(LQ‡Yà´k þ!`Ð6kÀŒÅªN Ñh[R·LñƒË\*T5\çKŠa£%^½»x׌[ò¾©÷†µÆSëÂc£{Jp°¸ É)^-)4º-§žwn ¼?,ëÎ| ¯‹öP¸¡ÏSyŒ@aq¥õ~°Câ>Z¹¡(3¥Bªú¤——;ØIæS}¯º^”¹*¸¿œp=Z ¤FΞQ¸î'êGSÕ: w⎾fÇoÿèè}ä¸ AD) Yôž0¡¼0\üºª4W¨$Dýç^má:EGc¿y‰¢«—ÜšJRâ¸×¶k[ÁÖÓ_YOYÀ° føWiö"¶LƒÆÚ'¬Úð}¸@ŸîJ¡H56h¦'ovȾ$æ²%|aI +xHÈ(d3h%³‹²×‘Z‚è= :p€e†ÇžCéނ3ÐQ(‹Sç+ÚրÁ•0`1;3`8Æìšß<½yÃ1ÞK(¬Ñ`v8Æ,Êûpïÿ(-.—ž—J:¾÷óGú D¸ ó& >^.AŸ]uƒŒ1¾ zÇ¿@{¡Ö_V0†¥•ÁHy¯²’:ê¢ÈŸ!w ԑòþj*<ÞðúÆkÿ¸GÞJeè>2 ±zùX¶ÑˆFF1 Y°Å4»ý„Æ㯴b#ÇÃòñ©í¡sõ½—“´} ‰틈¯b|Ëpœ eSÔùª.-r +fð„°éJ0­á()©ýC3<}\³ÉÐ[ÒÚX¨uɊ8ɓ7¿K Ás äxÓ¤ÈíP±¹ð’Vø“D\\@ ñVá 4°c +˜tAq°îśR¤O8¯­¼_ôŸPý{­µåÐB5l4‹ xg·¼™¥cŠ™C$àÇÜíX‡²¿ +].Z,‘ ´y{>¾ÿüá=ýӚ¯‹~ +Ÿ0äSˆ„Ù//cþ†0ú«O³%ù’eɔ÷" ~¹ù/)¹¦endstream +endobj +728 0 obj +2102 +endobj +729 0 obj<>>>/Annots 87 0 R>>endobj +730 0 obj<>stream +xWmoâFþž_1E•Ž“ó 퇊¼õÂ÷R5UµØ ìÅör^;U|ŸÙµ 8½HmPx±wwfžyæ™ñד5ñjQ¿MùÑÉåüäf~ÒôÚ¿%+ühR¯ÓÆ{wÐçï=¼%’–¼7qLù†åÛ&]Ð|‰£{8jØÛMšûõß7‰ŠÓÿ8ã¿·ó/'M:kÁÕ)ÿûûìS§ýyÐ+~ãógª}Rq ·†Æsú6èÕ¾¿w4î6¶î½8o\ ^ÙÚiï&ï†åîc³Ãp³?O^=á~4™•‡ãÓn³Ù|u÷drµß\Ù=Ñ[™L®ìþÆí9µZãNßëÒY{àµÄá|~3žÆ?MoÞMo®ir3½Íf¸:cÜlŽ’6ý•ÓHç^/Ïqë"Ç3Îq㶛›kÓy¿ƒ‡IŤ“@&”jò³$‘qîH Šå–‚D=»»;ÑLD AkmÒS"KÒKJ·Ø©ã@¥Jdž¢Ì¤X”&™ü‰}AÏÚ=k¸>_K¾¯³8¥ÌH¬²»cé§ü5Åí½ÊOÏØD™ +Ø^“ëʓ®$Z§Åio‰m5ný<Ú³>¨ âõÇv¯oo×bÚ¼N¯……ç(‘EÔmu£ûVìðºŽeü¾,þOD Ž'’ÑÐ2„ˆ:Oî¡}xsÞE&¼ÙW« À–l;¹¥ê¢-\˜B^#³¥ý)ö›=¥ IBeR¯ +g§Óòú@÷Ür$.Óü°'²ÄÈSøÁFº‹Ü[š˜T…!m´1Ò¾Å`Óo©Bi08&[*Á :Q¸º±éš +EòlHP£Ž+¤©Ì±Mׁ >ÌZ$؍72ÒÒíM"H‡»7´ØQ —" S{ÜW,Hy¡uƒRL[­ØRT$¶W…þ!ö%q鬙Ä>ì1 +S"¿fˆ)(£€SɳÂrH•1ÚWvõqô§dT´A‘†z׋¦Ÿ‡¬gFÅ+èÊå±®“<µmê?JzìóZG]9[&:Â1jÞõšöù¡‚nxDSm,¡ ÉSś±T«õ¤XkÔ :T»ßQ¾–&¡@ök6öE‚f…% Ô^Øž¡öK<]´§«±xV+¬)Ä¥6á&&ãy^ &BhŸG¿!Af­3¨–‘œR1ôL„¶>TiŽHɬŠDꯙ¡ð°ÀϬâH¥b¤YÇ̃ä0^éxFè.à®kÑܬ‹ݸ½ $›u¯ƒÞ}¬Þ=¯Ídš²“×V¬Eî折/³±}^Ñ»Û}Ç9ü-XW’ðÆPyf m¹Ž-Ãc ׁ[IÞ?Àfµb‡ +>0Bb/Ëò;…?9J]ö•)Q,"I[aŠ +vQõr¬Óø&ÓÑx~3¥ëéè#>†‡£»áåÝ Ý>Liþndû(Ï.¹Zäëñ©{tÚ$„ +2¶±ùk¯líÂ)¸»#“‚P+{! õւ…Ɔ Nי¢! ¡hy"P?‰„ùPb>>>/Annots 96 0 R>>endobj +733 0 obj<>stream +xµXïoÛ6ýž¿âl˜ Ċ$;¶ œ5m3´I»í»‰²ÕJ¢FÊq²¿~ï(іdh6EÐüqïŽïÞóÏA@>þ4 ©7 (?8Ÿ\L|o4¢í‡^`àS8ð½>õGÃÍïZRÂ[0‹s6XüºOA@ÓÇFCšÆvÞ§iÔªZJMiQI-M• 2i, ßKJ UKQѧ´ˆÕÚÐՔ¢,•Ee(V¼„VFb‰¤Éûs*µ=…ÌRhyDw«Š´°§G¢x1ýràS7èy!tìZŠS-£*{$ª‰âqs„*0¬‘µl/•a‹Œñý¤{{ó‡G4]¤J(R+ ,˜U.Ø°ý”YÞ_»AKÁKᭌ¤1B[÷i&8 xN˜ca©ïy;߸k1HŠe"VYE¥ÔyjLª +³gÐÒE!cº{l”=wgÑ"½·à%Þp4ÛçqØðáŽԏª‡´–YÖýZ¨uA ­V¥Ç6-ipÕ½7pMAŽ_ŸRÐoèà‡Þh‡/ôzMVe©th™Ð h•ß&tã¶õ®Í¬nÈÌê\L³bZ€9`¡S# ŠWð¨],ïe¦ÊL¢K$<ù ü°´ãKA°à³i°ÄÑÑ`޺Ȕˆ÷ã›(MïÿféàPâv>XÂpàZTß|b3FårÍ8I¬¿®…®í‰Gç,5ö_&”+þà„¥Tâ&ÏN¶Û7Á`ètÒ!3s +ƒ‘7lFMljbxŠÉv6@$ÙP›‘’98e>²`š‹mŸ +ƒ®¸¶È6Úãœz¿ÁãltÁ‚¶âp҈ƒƒ¿P—Q-ˆ¬‘Us ‘ÊsQĖã›C­ìì(N‡ûtǾ5—)+ëOs ’BE©¨¤=©[cبÄ:­–¨“©D–á„z[“s‰Ê2µfRá*åƒÈËÌ2i©Ö°ï +ò ²o‰ ]ÊøŒ1¿öé”s  nxbï¤ó ñLgã/•j¡¨û´RÕ¯FFØ»JdC ÄÚ@× ÐLÿW*iñrv5¾½º¦ëÉËه"}øLH‡Ô/gš{~Wd`ïssFà2qƬÅӇÑÀM;V¯êt¸,EuŠõµÁAüÓ¬¸—Îhöö†Þ!ÕôŸð¢ïƒ²@”Bmn&΂ð#,„Hşk¡?IñÿýßOxð]Wé´âGÞåÎ=$™X˜³™ÿ0BØ}߅{gMÁ—4›ãçæúÍõ|¾,»ד‹ci"–ªÌÙ¬^¿¿ïèêš^Ý^~¼¸¥ñÇñå»ñù» z}}KÓ·—º¹½¼š^Ü=y:§6”ùlæf/¾)ªóù^Jü^§•Íœ­~8ÿh>?|ž™˜ü·2YE\ï“U†Þ˜hƒå¦ÎlzT»È†'¿éÞ)²ÐìÉçÛ÷hÇ,]WrMMºO…Uǖ Rq@Ÿ(µç®ë8jŠ§J©Qp³Ì•éºC»&“”{´°·ÁòW·„“ßy‘*’]#^i› ‡Íó¼C‚âÆRC~ǙQ\TH+¿ûíUßz±«æ-—Øuç3Šò¿\wS`hdkó:…nÃZ® +\Sj¢3Z¯§(”Ø…Þ åƒ ÚX8‡"`»†ÖªŒVèâPL®KY4N]<Ì;œrØ +mž¿€Y.8qžð Í+ŽKw·su ⼓zÒ³åÐ|Ô ]`mú“=n/ºó^³rêì¿4R;ßNG¶0o_M—h5yÆÝEC9÷bï3½Ûöù˜MÎB˜|;]^ °¡Éí`Û¾îžoíÖ>b6ï¢Ë\lÞX̽j’Dö÷Æ{ŸFuS´õù›¾|…WÚRÜ#.Ù¹Ù +™‚׿›ÔB‹*õ•ìbӖcFÊ×éÒ¡â¡y4•Ì©N¹:›œ„µ’óXVѱ݉r/ç8EE ë˜GÃI žy9.v_éYQL¶OE[`ÛÉѧ%9õë”3 ­rD¡nŸ aÖ.õ[ªÛ×25èÄì‹ÚŠêQƒÈõæ¬Ò¶CÞÒ²Sk¤66Y;ì­ƒHò7­ð¸˜B67Ý{ûD…–¥à—t÷ÝP?[-˜Ð.¨Dw¯(SG˜1(oάu,À‹Ê^)ÿ’]›€8Ù¿QÔOü¢ùÉøýùÅB}ÌÓ+áy_TPfekŽ{1 C›àßõzíYí¾^È üæ^endstream +endobj +734 0 obj +1839 +endobj +735 0 obj<>>>/Annots 105 0 R>>endobj +736 0 obj<>stream +x¥WMsÛ6½ûWìø¤ÌØ´(ʔ•KÇùpë™ÄueÒC. IHHB@Ûʯï[€ h%v;ÓIb‡Âî¾÷öíêûQJcüIi6¡,§¢>zµ8:»šRšÒb…'ùŌ%“ñxL‹bdª*j´£R®T#Ë Ic´!½¢ãË¢ÖÒÙ(Y“²d¤k ^$§Ém$•’Kˆn´“¸#œ¿ýbñ']à‰²¤­Q“†é4͒ rm^Q‡ÄLGJ>È¢uÕ6¥4!šÆ ŽsóÁuÓÈ¿b¥9ñ…àRFU;d4jE¡[$É1Þ.Ž¸z¥ü¿¿¥é,É(ŸæɔjJó,9ï®*úÈ¹é ‡Ø-6ÒHÎSP¡ëm%k¡š5ua†ÇÔ4Ió>:¼ÆÓ|òSÈÇYš5íñŒù¦TÊJ‚…hN«MéïOóÕûÓö`¯@·‘µ¾ãôQ…QÒÒÊèÚ£||ˆ³I’ÓJW`c€%åYžä4½˜%cšàPYáÍ)f^xãIrñ¾ˆìS•ÍæpšÏa”5M³ tP¸ê\iïìÙdš¤4½§îýõY ;í"ÐÒû€÷¾G®2’M[{±v À*hzžã'£_»‹Þ§ç§Éö›ûBO5@§µaš„ äçÏC âg`ײ‘P¢¯¥‚Æ=9«ŽÂ¡Ü‡é‡¼Ÿõ¦i:9°vXuÂFA×µïK HÑJÇ'ïQïméÑ«¯Â’g§JŸî§›ë¿‰Er'ª®k bê[çfA—˜±“?«”Ðø†‹“]U“,Å Éf©WEÊçÝUÏK6›è@5,n᫺°@¨pÅc5Ìñ¾Ò{¹$«ØCÝŠÑƹí˳3Õ¡“XݚB"ÄZ&tgœê~ÊƉƒ-Ý*±pà7Ê÷oí=¶ÔE˖â³$ô|Qµ%¤áMœÑŠáÐCŽJhÀ¨eËUE?°Xp‰!Œ÷ÒH`‰¹æ› ÄÅõÖbtنOuX¬¤À’â`n—áÀ˲sîŒgE•™ á¾À¢JúÌ;Šÿö„¦âó`¹…®ª®4Þ}XÁNÂÈáV`ˆÖƒuû*±ö|ëµÈ¯a[á /*ðwPN›ÀîõÁºXC}üntvȓ'ôüül~Ç•FÁi+Šob °BEgf§3¸vÌrôe’Ϻ‡qãàg=ûÔ¸‚PZ\âv¾È~é»Ý×Øã[$æÏÙÕÿÉΤë0q‚Ãhèaß +âÒK'08—îÕdüæ­ +½¿Ì(ô7€xˆëÌ/눲íA û,¥sÞŸ—$/¤ùO’œ$ô:âýçM ö¶£ö ….@<ÎC€({–žà……¼”; À<¶Ð[É-æxÇî§/£Þ—"Ӊ{ðÎ;€Íï[½Eì=¢Û0ÎàTk^Õ÷"ÿò†qݐÝøuŠ‡N v 'ß~ À øú‡Únyh ƒ5¡‚CõT›0ž°R•´Xž$D„·¯o®¨»Å¢áo ì=•¿I”lvKl¤€5Jj¨¾¡Íýfð¬åç¿ ûp¬…Íù~{T›ŒF¿;–‰%O’î™ß~¨;žêß[ ·-éNa u(–B,·TËb#eklŠôËùºQ>þ‹[“G¤¶Áð]ý®_Ò§ï<É œ(\ kƒœîÞã˜/1H5¨¹ /Cík¥ù {T>ŸzìF/ß¿ºÄTÖ_á½ôf8 øs§áõÓÙÄÝ¿£™Î¦Ñ³ŒO@÷þuô)ÅHendstream +endobj +737 0 obj +1730 +endobj +738 0 obj<>>>>>endobj +739 0 obj<>stream +xW]s7}÷¯¸“'2 0œ—Žãĉ'qãÖt҇}»/ÒFÒB˜Nÿ{ϕ´|¬=әÚ Öê~œs ¨ïM†t1¦|}önvöavÖïM§tx±K|èÓÅàª7¤Ñt‚÷ƒ>¿·’|§°³Áóç·# h¶€ùñtB³"œ÷i–w”£B-•e¹#§–ZD%裮>Òv¥òåBÓ\Rípè m¤U‹ù•ðT‰üI,%f«K# +¾›"÷u0éW’Œ–¯gßÏúÔ\ ÐYѱr!­Å³J̤»ue•öˆEx1Nöˆî<â‹ç·ã‡´ññOMJ$ž›õZjöbò+\t2¯­ò;ÊW2"Ž¿PNÌKYôØB@xŒ/€`Äqˆw Šç·W4%̆Œï1jãÞEoÔ£‡®ƒ'¼2šnJ%u+@¤=dÌ;÷ƕ^»ŽO[¹¶PzyŠ:¶˜‹ӍP%'P‹8€þDíÝÍn §ûéë·Ù×^åÚÀ-T°•—5C·U~Q ÎÔ6— Å5NfÜ.E'$ß<úRÌ`EºëÖgí‚ h{oC€&OfA̠ЕJKz¶$—[UA1èŽ'鰑ŸíA€‚gŸ!SAK+*(Y”ÇK»H B鞸®þ§ëîp +‰ìóbl^‚$ë@ðs Ùkª¬Ù¨8 ZK¡1?jiwÏtÑÔ0³(A6A‚á9*,(+_ñM é²O• 7!qZ›B–¤3#meYòïÆ9cÒT21)‰TaÜ:”3ªdm|»¨Åz.­oJà +rùm=§£ZC*oÅÂ(¹tÐNÏ2$çe…8Žr$Âç[0[aaMÃ¨–˦]¸õ<P[úl¨õ¬­òŸ ¢=¿íÓwƒH¾Œü¥@wÌ:®®*c}ð{‰îǍ„ ¢%PÓÁË^7|¡¡³Šÿn}&þ ûí£yKQ"Ü$‘¨5 Rx´âŠ›-:šŸ7v’a$»Á¿€,¾ K4¼äsŸ{´ÞҟÑ>_‘7‹ÐAÚ^.N£½s®fqiº.Š‡(»÷A9Yz¿ìþñpӊàŸôy8荴Öc‚ÉS‹~YãRnNË2Cƒ&@ƹ¤2à‡C±ËœŽã`úŠöƒŒÏôÚµ#©sh mƒ›ä +\¢Aâ>?Ût\Dbк@ØUÅ'\jä0%Y­ŒL`š„sé·6i#¬25æÖ^K©õ {”0·P•ü)8†7t\iJ‡NÎ՜8c罺®ðlËïôEû äî…úm.½é+:©à«K ÿ²D¢sõó” ¡ö’—hŸè¹ÉWÉéñȀ†V®Ý•Ù2uÜ¡,–‰”q´‹s±‘<¸OÔ;’‰5•x×H×ùü‚åÉlUY¶r…øåzŽ30/LKƒTÒ(~t¯ ÞB‰Ò,Q;؉ö¨&9,4”j§åúG­°|”Æ<ÁPð|ìz„…ÃíÐÚֈ~‰†Bi}8šë |Ÿ>¹Ï²Çp!ËnjlPÚßí­)¥ÇŸâû, 9eÙ½QÖh–jkTõ` î7Ó1às„(·bçxñ‹j\‰ô l$<ã] ?HŠ~ÕJ@`ŸÉ>8¥{qÝ=Ú3¨á­‚E$ÿŸÌ¡Û7§Oa)vĨ0Ýâ#… Qó–ò@}ƒ[Ô˒7ޝ©9óÀÚ!ñPÐjô‹ŒÙ‰’Å·‹RM#S¿¾ ~ÀÉåãxäc¢UqÈ#£R­±„‡%ŸP)Ò¤YDyh2Iý içY@\0žç~‡VÒ G˜‚W—çWӖšã  GX͔æ:TÖùãEzÊô¥=zš†ñ`<éñ?7¼½þÿx¼¾w͵÷ƒŒÞ›¼fn _7ÞêÆkÿÞ»G“Q³!^ŒØöüßÏþ­°5Œendstream +endobj +740 0 obj +1527 +endobj +741 0 obj<>>>/Annots 108 0 R>>endobj +742 0 obj<>stream +x­WMoÛ8½çWÌÞ –-ÙñGo ºéöÐEwc  Z¢-¶’¨%é8ù÷û†mEIEP}‘œyï͛ñ¿W)Mñ/¥eF³åõÕÝæjr¿¦tN›=Þ,V¸(hšL§SÚä£E2OèzóýjôUŒpJ7ä4퍮éAÔ;AY2MžùY–dÉ3:¹ŸSš†ýÆÙû>«'‰…¥pÔÕ8i¨0xf¨8ÈZ6ŽJa)/EsmG'I¥n%©º5úIÛkR ñ)„[ÃûhCFVRXi?Pãã¦4NgøGûPECòYY§šYéŽm0åxC{]Uú„ØWTÔ +WڄþF’ÀŸ+%µÚZµ«$Ù\6G[¬2t9õ# HÇ ãs¿ìéE©ÐÔhG…´ªÛª‘'zTM¡O–þÜP$Âam«ûÀ‹JŽ¶‘²°íNb¯F&D·UuÎfl+Œ¨%àµtÒæ‡ÝâIàprŸwȗɊ"BÛl±ô_ˆã×ÃLN!'~—â ·`Žôž³ˆ¬ò Ý¹âú@T€•ÖÏÝ +˙Œ{¼ñIžÑòŒ}ð·`û),=óÉ '÷µ—Ü(†b“Bîû(ÇíUÅ>–P£­w çdÝ:KœY¥sá!¬°Z™s/‡NÄP$ßn>ݑh +Ú UYRŽè¤@Rat‹ìO¾dŽ–éì-öBè¼PTÕ0a­Îâ) ÈÈêöÑopbHì&&]ƒ“:ÞIÛi]…De5Š¦ˆœ“Ù‰üÇIH,×5„¯vªRî…y à3bb5×#W#gÓÈg‡*þ~)ÆwÅv“AR(‹Ÿ‰m±èj¬$`"ÊY'>jI&‚¡ÌLgF¥¶v¡y@uð³½f)/³žÊTêàk!C/ïÖÈ\²É¡ÐÃyºÒH¨½L>o{á¥#è¨C£70ÕäÕ±ÀwCfýúX(^spUf6úªF£›ü ¶Ù:é7¬±¾ï…ÝÏuÒ©å§e~ß/Áüh Ûµnª²º:rSˆEyË:ÚPª‘D6ŠÛo\j‘aFOCyÙ3Ø ;>ó‚Ç~ìÔÀ×æFµ(Š!¨¡¼BŽç²@‰ç•B°áùŘÔÁ·¦Íßýç?€x”¾ ”xhÐMX+áß\qóô”R¾úû3úB2¥ù|Ž¨)]fɺ»«è;ð`…9psžÏo|É\šqé\ûq2áŽÈQ$ÂÏ%|I#݄Ͽl寰\µé• ê–ý/dþJgQG=EÓõ,™ÑxáË÷6/ݱ9üö&URÅÿ4OSôÞùj‰ëtKt>Ÿç¥Á`üXÝ â/ÉmphÄ\Z!ijXAd’ë损÷*;5>±ª@ßFÉjò-Sr){eÎ}‰÷<Ìj݀àO¡CA¯ÂËðÖk6:îB¯H÷>2¹Ï:î7þ®°bsˁ%}Þ^¿;f¬W–÷óý7öçÁ†ÛÑÃÿ¶Wtø+›qÓ,e3ü®WwÞò;¥lµòÖôšá’Û÷Nò0x耵Oaá»Jœ+yԍ¬^,A£6ԍG>>>/Annots 115 0 R>>endobj +745 0 obj<>stream +x•WÑnÛF|÷W,P`‹)Y²ƒ´€Dž Øicµ/uŽäIdLòÔ;Ò²þ¾³w<Š’í‡ IÇÝÙÙÙÙã'Mð'¢ELÓ9¥ÕÉÕòd|sAñ„–+ü2_œÓ2£I8™à›4øœ‹M#5-B22muÑìèÊT%Ššð÷AT‰ 8|ù°ünE3h4Â¡‚E…ô»*ê¢^“¨é~I×îñmÑä}€Ø˜Quâ?~iL[IÚ©–rñ,IôO¼‘~6Gнl®n¿>P-p^­ÈD±6`@_¾ýf (#¡%}?Ø՗Š²”Ùaœ ¢©«ìúëÝQ¸SÚæEš©Ð?®?¿‰í p…ÓGÑ,¸f«(éS»ñ¬§ªn´2mÈÅï*çÇð˜sÌ]]~“†Ã:w2îø¾viâyˆVgÁmMJghC£,‹Ô䲃zJ«B›†L£6.»ÖeBVªx&_·µ}"UU…ÏQ ŸG+ÕüÔ¡‰|SM•l„1یFß ˆi¤ùfžF¹XSø2« BÓhÑ(ý³}ÈÝ!_ß !z¸…ÞâØWfs1|þŠ³­ÈEã›Dÿ¤êrG•Hó¢–îw–Æc„Èi*m¡^Vƒ,—w”‰F$ÂÈÇD…éª i‰èzü#õâ.Õók‡…aðäغ0´ÀªÚºțQ֒+zG´ÑÅsQÊ5ªT$²ÌÍõÙtn¤B¢Û>DaŽršÖ²jK²ã¾- #™7I²kù¾LfáŽ?=›ÂñݧÎñ¡ØÉفËß«í):Á‡J!%m-–Kr"ö¾¤Vì—$³¢qàmu¯6Àø¦ @ˆ+Ýê18{oì§6pÒà*ûûR9ZŽ˜¬Ázà ß뙸À͜æ3쿊¢ùÔèi˜ŸÙ ÞÁ»ûèc€Æ`ÅãBbÛÓ;Áñ.À« îã½Á7‡ä8Ýà…ãD¿ ‡´”|ÁÂÜrSþY—*å¿ )xÉàmÀ)©ãšeȚíF÷¬»A,Þ=aý Ãߜw§¡Ùé߀èi¶˜áw«,˜Î;êþ<ùˆ›¾endstream +endobj +746 0 obj +1500 +endobj +747 0 obj<>>>/Annots 122 0 R>>endobj +748 0 obj<>stream +xW]oÛF|÷¯Øú%jaÓ"eKr€ ðG]¨´VuNäIbBò˜»£eýûÎÞiŠ6š¢HàYܝ]};ˆiŒ1ÍšL)-.¿,Æѯ󗘿üñëÁì4Jh:ŸFc*)>Fóð[A÷üÐÉÍ)Å1-V7Ïh‘¹çÇ´HGwòÉRºÕZ’ÝHúqñ…“ô£ æÙ$:ݏ9@¡×tr“„,Ï~"Ú*ýu­USÓ;NòÀýä´0GT䕤¼rþZj)Š¿ÉÈÔæ +/*ÒRdoؓ›³öØå=N¦ÀºÈF½|týá–sö‰èÞ' ²ä†ðŸ ¨D)I­Üϙ*@l% -é‹Ê«¼ZGGgI4£é˜ù.)‰“(¿ÞÁöx†?öùþS5T6ƒ(Œ¢xô´×B#¯•º Þ‡à³8:ߗÁ^â€l˜œd•ê]m©ƀŸÌ|¿FZ&ÜÓÍ9v҄—ž{¦%¬”¦j45Fj°ªøácê8ž@¬hhÀveóTXP ßw úx}ñÛYƒñüžMgxœ3Ûþ·Žß³éÜE{ÖóM^‰¢Ø‘È2zI©²|µ{ø‘DËm?¸MæÑy/pÿwüuræ÷ÓþóóVÇ8D¬ÁÑÿïg­SwÛé./ÏHæo—×Wqøžøþ¶ÍS`±‘Æ럧£Öy)ôŽD•ÑR¤_1ÍaHRUY­Š‚;~/Ê¥ ÚæEAÂZYBrh1¿E¤–çÚ ¯õeÀ¹UˆSO‚¹Xd‘ºHŠtf=³äþˆ0aÐ!•bG[Q9 ìZ»ÃÈ9f±}b™LÍNCªÁÃ(¿‡–¨Pø‰RUëWhp:î1yQ`¾+aóGÉÍWœfÊeƅ!>,‡‡¦Œ ¡d'tÉT8Óµw¥>áxlñà JØ|ÔѲ¸"Gâãù¥¤·^­Ÿö ¿TÑOþ½¯ +Qáe•Ñv“£E[xlÎòȚTfL·WH£é, +µmej‘O +H`Ú {r)yMå¦ÄKÂê„sdJšˆ\SHO2ÇӚ–}J…±ºc¢ ¼àóû»{ʄKæZ0´Ê¡îWd퍬§Ð»ÐÆ»ÂØa×;CÒÒX¡­wF_&$´4È·FCXk;gŸ”9ܑ͝Y^c°{ZT؄Îíî¦Áß4™LpœÎgø +bŒV~ûŸã(ðÛ?9?ø%̵1Fñ¥s+’1N /4·#ö7'oöÑ­¨vTKUÒï1a¾¢¹Z®…Ϋëœe{‡h]ÁoPê2/œëÂ΃Òóšßђ—É[6[Ohu“ðºK¤F ö(L íåý‹¬ƒ˜¡§ª–CˆH[æO@ ]øÉäu!Û¬í)±€Š€²n f Þ +ÝÀü/¥ÝJ鯔4×iS¢ÅU +}±DAÅ·&ǃ‚]–CœËL¾,˜ !÷»øÙþ6 +Δ +ÎBf›Ûtœ¨öÐõÁ"¢‹×¢¿P/£W橒2ã\µt¿œ$ì.éåS°Çn +}`¤½dZ‰¦°ØµÏ5Ñ=€~ Ë«À4u­ô‹Ñ•öòý‡{ÇÆÝâ·ÛÇØM@o¶˜j4³€²Ò]7†{¶·ª9r!Vp +_¡à1wßÉA•ÎQBJ7hN@m,c_O¯ˆ‚Œ•µñp3§yÑ9[B®,ÏÀNè Ÿ’œòÖÍ' ‹²düÒuº’̶'©ï±|JeíNetÝIÑe<¼÷·&W¬¥>¤•V¥ã l 3Q˺lÒË݀2Æ|x 'ë5dZ…mü (1zP2]©²n°±Ì!ÝÞ^áøºÍS­ŒZYò™h¼«2ª¸Çꢁ±9Zƒ…ñí’|ÇÂpòyÿ|ñÍ¢IDŸ7;À£`L%Ò¨»‚x£¤wÁ~æª^q³«FkÀãÅúÔ= +I»Æ†©ÞXÐ&¥Û¤Ž?6?gw8p`à0³BaÓ§*ê.`æ € fݡÇÎŽÄSîîg¯€°ÔJ)°*\71¼$?:¼ÍqÙ=<cöâB÷)؞B‚A©\¾jâˆqC¹lX°[ÃR™gRýrá„&xd 9^°c iv˜Ÿ2”çýïäf>bĸûñyêŸ7²ÑýÅíå}Ôê d‡½§•ðpU1æcÿæãY‚Ï´Ùè?î´S|^œã#1ž˜Ì8 TøûÁ?»Û¯–endstream +endobj +749 0 obj +1709 +endobj +750 0 obj<>>>/Annots 131 0 R>>endobj +751 0 obj<>stream +x}WMsÛ6½ûWìQ‘i}KîLNœt<Ó8n¬Œ{è"! 0iÙýõ} @$D7eÁ°oß¾ýà‹)Mð3¥õŒæ+JˋwۋۋI2ÁÿùcÊ_~¿˜M–É5­6«dB%Í«dV=ò©« šNi»Ç}«Íš¶™»`BÛtô,ëW²ªT…¨©1Ôä’L‘ÉšE¹deÚÖªy¥Òd’~Ù~c ± X\.Ï,Æk<Ý̒é9ž õN.œcëÿ†¯5 ²ýþ´û†Ó£1Ñ1—µ ˜¦-2ª„µp§6í!g·øì¥7t9ñ6‰t£RÑ(£©–?ZiæAГҙ9Z¢ûm°NJ;~¬(%Å+ í»^’©»Sכ2u¶äDäfʑ›3š’¦³93åV!rˆ×|á ö{(¤°X÷RˆXˆK|î[N’ùà¾sñ€»€`hÎïà?Å꧴Ó+ÏÒó +¡˜WÛÈÒqØ6†Ÿ¤¢(^ lYuÐôõþî/jUî`àÀ_ã‚ã°tLøý·¸Ü·A8…¨V6!ÚæÊRÊÒÄ_ñ, ã]…¦L>ËÂT%ÂK»Zè4—–ŒCå¥ágc'©>>»¶¡£* +ÚñŽg™±#µôœw÷XctNÎVɂµ´Å"{ºɧ2‡ú²` ½”³ÉèaÿìËh I=€ÌÎDa}yxOi.´†e\*_DÚÀsÞىס:’·Ï›ÌjÏ,•RhëÓj`Õ'¤%mŽI(«J4žz®¦n‘KàΉÃ檲 æ¿ÑtIfá"ý=R‰LÆôjZJQdÙÀü©:qUàkÁ7´WKkÚ:•F§°\<#çq²Bñm_›2>|:ýpû>HsÒ „Ѥ©i!++¶¡îdÅEe 95¹Kø«ËP‡G]Y+[_§GÑ 0{/)²NŸ^®RŽÚŸ¿KYzjêÔÕ0SIT)WÈ”EQúpªiœÃ¸«0øßÉÚ ö +a$™Ï1øÕœ…ŽËÈà‰sÎ.@ù¤ÒÚX³oÖ»» ¤É 1ҺťygöQ +÷áéÿ)ô`ƒ…h +¹92cÙq9åå +âø ¼qD¯Þ!ø®\Ä1CH`p-­àG´zq™;/¡:fÍT ``º÷@›¼u 8©86¬¼~C'k;ÔÙ *è^i®¯°à,BÔåyÉ%ÀÅ÷,ÑcÌ|„½p6}ºûÊ`]ZsPނ|æTÀŠ°Ý81é –”t¥›Tƽvê¶qç°mšs‡è7?ÞÝú …*böú §ƒký‰ê½>pZŒI6iB7(ãxŒ€Å¦\uc¨[+¼G±—/ÔŠgàoß6-&ŠPYÖÝ0Ä~….Ã5sR ÿPf¹ß‘¨ªB¡ípÉdB(  +¯qmrØH_µz íÔw:y9 L{ÌnëA"¸\s݃žêŠCŒ}5o'Òï¾êñÆ'NÞ';°…[fc*ÅwV85Ê=|¯ŠO ˪À€Ädzå…Z)õ³ªæ΋¬ ¢Îùå˜á6>0ÜõÙ««n„½>>>/Annots 140 0 R>>endobj +754 0 obj<>stream +xXMsÓH½çWtqY§*Vüm‡[>ÈB-„@̲‡Tm¥±= iÄHŠ×ÿ~_÷H²¬À!+ÒôÇëׯ{øq2¤þ i>¢ñŒÂääjyr~{A£-×x3›/hÑ  ð—°w½UY¡-zkwTXº¶éÚlJ§éA%+E£`D*'uºüv2 þh‚ó½{gåötceR>S8ÇÚñWìoˆÏØ_<ÄyœXÀîvúGirShú¬Udҍ?1¡á°:1šó÷WzmÃޖºIKMΟ x,¶&§ÐFY¬U®)Qß5å:Þ«B+<…6±B­bM;SlÙ¢ä÷´R¹ «ä†cìÚÄ:§\»'âüåÉ*àS¤Òˆ¶)ŠEþ‹Š“šœ‘ÌTžï¬‹ˆtº}V›²A3 Znu›ÅβÓ7Ë®…„†üëóŸ'Ãá Ót¶&”Ðp1 +.ª§˜¸¢<^àe»’…ÍLˆ:I¾OÀ9ò8i’䎝¸ ß‚'‚y¯Nî±7}<­¢Í^'Á´CcQ‹u됻1¢Bi¦6ZP,¶>4@Ð6g“Ù³„g‚œÕñu]¼9€^Ñã8ý:ØÙµgÑۏ_—AaÐ7äb‡ºÐtºf4ỸaÒºn©šâÓÑ$8nªE0 +èJ…ß7ΖiÄöÎo§Úh˾§ø-ôk©Îùí¬®ÅeYl­û#'yëÖ°ö@Ð>²a™è´ üVLî•I•ÐŒsºQO&‚÷4µ)̼:tñý͵`Aýšç’ú+©FõÝݲîéÛËO¯@×+‹~©=zzåe¦]®#0lµ÷ÚT l}Én&Ôìý¯€gÎQù(2g¬c‘qÚw,‹ËVEà…Û ‰˜B•©•‰Ma¸G,©°õ¡¯&ì°,i‚B P'­ƒ=ööã)2ùʝߠ Îh"¢¢ª‰3`V¦¡FÀk„ƒT3(A>:ôóbëŽãÈËal7œöÚÙ¤sJ ®S(£ßÃØ –¹(Ô&„NÙ²ˆMÊ  M ,YN©†å,»§ã¹­h>GÖlBî0üN¨r8\·ê É„ê;‹ ?Â‚Ç +VWÉ$VfÂqT BǎfÜ“ÁD$j<BüS#Q“Á´#Qk€Ëô߇çÊϽÇS©FEÚú&5"i·ÒÎúŽ!>‘ucXU­Ûÿ<ç_é@‡X÷~ûk4²ÅM¡Ž¨x­hZàf¡Ä"äS5_x'À$— ÇOëŠ{‡1.jÙ*íü8€üóâQØÐÆp½jB©ú©¢gµTȔá¹\h̖Ȭװˆ]P´än9épåø°\^P‚•Öi³äÀLå½ÃIå6á”IüNǗ¾ª!ßµ‚6cC ¹H©X&Ã*½MÑ +Êù5F i«?¶µæ2ƨú€séãŽ"UÅõ‘ŸñØ4Â5àV%*ÜbY"iaìŒ!Ö8´2§ûÍâbâUkò²Bð +˜#ØÚåy4=¤,2ø‰ ýD‘.”‰qE,Ã-sZfG-§g] <#]„A€¹;6Œ;ãpa­9V¯f&Þs-Âä™ –QYO[ÐÀgRù†©½X‚Ø©‚·'Ûðœj\5ý–‡õ$ÔYµkâÐÎÄ1¸À.ÏoÕ<…óñT.4/øρÎ>ÞùÉœoHRÅñ{úõéäòñ…endstream +endobj +755 0 obj +1781 +endobj +756 0 obj<>>>/Annots 185 0 R>>endobj +757 0 obj<>stream +x•XMsÚH½ûWôek‰kI 6•Úr’u’Ã:ÙØ·8‡A  D_ &Þ_¿¯{HÄ@bW µ43ýúuOw¾]øäáߧ8 QDI~ñòîâï» o0™Ðþb–<Šñ„ÂIŒÛ0Ž!M ž—XfwÁðáuH¾Ow ¬Mbº›Ë{î’^® ›–…žSYd43©^àw¥<»ûâôcTº*·Ê†×SòÃfé0Œöâ“Áh@¯Êb‘.×&-–dWšnU>SôºÌUZðKkÊ,ӆ•µöڻÌEjjKµÕaJb´²¼˜¢Mi¾ò[òÃëW”ÖdK¢u1ט£Š¹¨¬”Q¹¶xD…Nt]+óÈKÕùlÞ€èmÒ,Û[ÜPè3ß\Œ¦Ñ`D‘烅œBŒ_'et+¬C ð°m~QZRÖê¼²ŒÊè¾þ^el6óÐÅl“ô•~$…û¼ÄÅ®æÏõ·µ²>IÊŒ›3ðgP'ƒ¨…ª-ãmwÞv"EÌD¤lÍ<´DoÙ¢\{¢h<™ r +8 °ãd<™v©ÔRóÔ}xÊ4÷àƒëÒÀÈâA©.ýÇ4©M3­ ÊÒâ+˜Ø¤v%ƒTb×*Ûù“æºNLZqdK{Ôx  Þ2×Uþ®ò*ÓÂæð;OöHok'ÝGd€Ez˜Oˆ·?ݏ`æ;·Œ–Oˬœ©ì³K}Ÿ¹rÂßsz©ê4¡Zø?–—¬y$6{ÀKc?Ä5'ìî°¶”îöõÖë́1&tbOÛYZ"Þøb7qÇ8½h,üއ÷oÞw`x#ÀÎ)樋pó'$8<^(ïó oÕ¥)×Õς¹¹úxóîŠGï–î>¬t×™Mõª\gsöM³‰hî² ïÿ¬L¹Bú0Hoå¼· a]#£1;ᨑb[¦9Мé-Ùã‰ÈÏQØQyâ^ߛröéŒÎˆ-oû·2z¡ §gÚqZu'¶Âp*Nl¯gt]ðî}Ù°û«ŠGlmÔ¡g‡¨P­RÕöäYsŸŒ•Z'¨Cöq·é辗¯Q[Ö +sa"ÂôçÛ6þíúDZ3 ~û$x¤DóXYx¼Ruý4G⺁ÂòmÍ¥Ü%)NMmð£8”ºå#¯„ä¤ÓèG1W¸6úFý^ùq3šˆ{Ҋz]U¥±Ûš•Ë²èÄç(ô÷ñé„3PÑvprý!>÷k?½)OÁÜHIFÑ®-—b‰Ê”‹4Óõ_j±‡9} ?Šh$¸¨Ý.Ip‚W»:Né=þ~»¹¿ßb€´æÑOrìÀsà¿×´*sMsÄHsÐb /ºAMêL­¨>,T3îDÖǜ²³ƒˆûAlfnpÚì Šʙ=7éÉõV*ì¶.c.¯ ÙN8£uìªþ>6œVæã4Ù<ÂUè“TוNÒ¥¥.´AYw +\ûávc–‰$Êшt{»‚ŸÄUFgèkÑá\^¾~{y)Á}#7‹Ÿ +meåϨvØõ ~NJÏíZ“Xΰ⏞ô…}œ0Hò99ˆ¼ç­ÎZŠíM¥@S×êò[ìÍjäG®R„œµœpÚ ?îVŠÓ{i¸®ÍPŠÉ°æ³È0KgÃ-¿h¨™Xé|ÎàOˆÅYŝ¬Ž³zPŸý›¾&ƝpFi89H(Ô8¹v»ú':¿ÂªyžJW¬ÛzîOÜÊI‘ÛàNZ ÷áýi›ª¤ÞƪÆPNPâZÎXç¢3ÎÅ õeˆ&~XØC۩ӑ£—{Z¹?­Ê³]\~£EÙVˆ)½¿s"}J‚öÇ­rAU™VŽê8¯púg2w,V3sù( ›#ÜðzÒÐ|”_$ؑÐp{õÏË+ú`Ê/¨nø®¬¹’‰ÌHß ïÇçˆÞ¯~’Ñ:áë O · ÿ{ñ?DŠ†mendstream +endobj +758 0 obj +1576 +endobj +759 0 obj<>>>/Annots 192 0 R>>endobj +760 0 obj<>stream +x­WÛnÛF}÷W Ü•‹º[vßd§nSÄIš¨(Šº(VäÊbBî*Ü¥eõë{f/4©(iŠ$ˆx›Ë™3gf?Œhˆ?#širAiyr½<ÜNi4¢åšo]\Îi™Ñ0‡´L{?¨´Úo­Ìh+ŒÙé*3TÖÆÒJ’TbUÈ,!ºÕ•º’”I+òV´Ñ;"«)Ód7¹9§J®e…;gË'?,O؅óC#þõîǓÉE2¤‹ù8¹¤’FãËḫ‚Þs _T.àùïwB~}óî÷·Ë—o^'[ìîùK÷ _öâƒÛ4äޟÃÌh’Œa«w?¾˜‡ç~Ü_$S~¾ÜH2²zD> So·º²Èµ¹¢B?heH¨ŒD0ÐÄ=úCIë^øÓôÈl <*ñå˜ḃ1¡@a†Ja,¢]Uz‡À A¢”ø±Få~ËU†ÛDi‘Ke¹h…N…õBžù8(©=¾¸AéßRÙ×ù|U®k|--(ó‘®Ùm®MZ—ð!lŠä*-ê ÜÚåvãXBYnl•¯j÷Á¸ ü:Z¼Xœ#ÅëƒLcêϘZ€raè½(W‚Ƹ›iiHiKzÍü”êr[HdŸóÿÏÑê5=TºÞR)¶[Nf…ì¤T ~¯—þWy,ŸŽg õìrâ”4]6W‘Ôx8r¬znº_UþMÝ÷¸{+)ŠbOŸê±¹ s.RÆõ’Oۂ™‡¿څfsÀTÒd˜LÂÇÞº,i6K®ZϸYqÉ ·;Sd%t v7]I¦\%©VkÈM%JTÁS4WàBéYƒ:¤ÀÂr N_øŽ[°esJÆî I"Mu­¬IÚYÌæ@yz9GFcüC§­½ú]ÑM½†.ÎÆhN;âËdšÐMôv'ÒM®$-+VÀEðâúüg+èƵášp÷ùð8Œg•BGXd{ 0É´Î`›k-Aã-»–ï×Æ×[Ô°®¬#SÖ7n4wß«žCl7‚ ¯ªû3ùs÷†}#ø&G;¿|¦3°¨Zµ?÷͉>*½ƒIŽðôRs…Éip;q âØ@{á›a7a‘Zh,«,‚Ô5¶Nžð³FµÀø²Vœ1KGPŒ6ÂÀ5*ӍV¶ÒE!+¤´ ýƒÆ`K¹ÝÓôa›À`[ÉG=U+†UWùß FÚ82 # ÚõË7ïIñźÒå¨ 8“ ¼<ЛÌ”SGŽð+3ðªJmqd +=æYìKìpà3FÚÁó"ÚXºzj `Cíàå'©RyŽ¢DwÍKÌ4XX aUR)˕<ÔbWАÇJ¦¹PÎ30èéVÃÙ~¡êðŒÜìsbƒÚ+}PúüA¶Á!4"Vø€t‹&Ÿ·/n XK I4ZSÒP,™\­Â;ùÀ#h€¡ açœ×Fäü œ·ïì@4QYT©®ÁLÌÃïݨÇÎÕ¬Ña Â¹>‹!:ºÉÌCÌ¢WBÝq›M¦é7€ºAæ÷=p¾Ë=‡>¸›H«] ºî³Ì¿Ñl$÷g ºGh…ÂÂ8ûD¼ïa21Œ‡Ô±MLêΚµ@Ó#v³Õ*ãöqs±Çî·P‰®¦nŠ=H›Žæ–™ÛÚ©@%Ýc *EA°(ó°ý°½~ )%½þú —µiïËî°,c¯‘&¹?;¶á}‘°»L®ÜhâÕÂŋ"V+ډ½“7ѧÇæ‰ùž³hó t©E¦¨V ]k·5•FY»Èw w޽njV{´¯Â!ÀCßY§ÿÓÞzúFõÁœþºØŸ¶Bzæ]7©8Üݔ¬-Æ?OAfA+"?Ô02a˜ãjUÐæPn܎3“í°jûºò¯0ŽXŽãÌxüÖžGRñöŠ5e£3®ìò3w]ÛF±ö|ŠjâÆðieÃ'*W¦RtÛ8c›òG*]òRûõ=g4Å^óٞ3J(ãÆ-<ÐHüÝѝÇ…ðúùÓ:¯°á´±e݊9„Êò <ÎR®Æq÷ýP©ÏDà ¦A؟ì?4d\ RH'ªiìuµ;£x³x`{Ì·»nº=œñýNdN«ïÜ~â'š_Õ/¬ÌK¤Ö6 u¨:Æì®Ó[<þŠnF°è„(ŸŸFÜB$èU®ê'Záà•qö œëôŽÄGšTZÛo:MjƒÚT³Ê~ȊSé?ÐËF?£A&ª† öÓðÝ$Br[’°}ä]Èm~ƒÛÆ2õ ØðZƵàà6~ÞÂ!Øù‹MÀþíA)™cáô}4/òÔ/ƒýšïç~w6á 3¢‹+\d½÷‹»ë½­ô™Zìñ­s+Õ÷/÷çc'rÿß9a:ŸâêŒNGì }ýËÉ?IïnHendstream +endobj +761 0 obj +1878 +endobj +762 0 obj<>>>/Annots 197 0 R>>endobj +763 0 obj<>stream +xWkoÛ6ýž_q—vˆ IJå·Óm@Ó.[‡¥Ýð -Ñ6[‰tE)Ž÷ëw.)ʏ$0±-‘¼ÏsϽü|S1{ÔQ’Ÿ\ÎN¾Ÿt£É„vÅ]šö£ &cüìóÏBÒ[»4Âc¯^‰{xáV +‹ß|@Nçj@qL³Ԏ&cš¥n½K³¤5[Iz1ûxÒ¹‚InO«#ˤ³ÖnR¿N·Hê²ØÒFeeʖTât.’•Ò’´È%a­\‘ Óç§$Ök©S™žÓÆ賒VâNbÉI6¿f9ü–Õt©³G³´%HWX±+‰O¡S҆he >U…LJSl#º2É{‘¯3ºoDJg©Y¯·gÐ[ei­Wz¹§î?ýÍÔ' W•½2¦̘ڽa4`‹¾ç÷Ãîÿq½±Gnc«¶îo­’O¦1­‹N*ï:ìòEg®tg!2[o ‘o³®‘Î«¹¹“çuÒz!i«ç[”MsDJo)•6)ÔºTH‡KÚ¡äL&™B‚ÏIE2:§KaeŽç×&_W¥,"ouиÀFwãÚN¯˜[“áx¶¥¼b`«z'ËË·ïo¼~³ØSO¥áM 0•òoOM.”Žˆfx¶Ø”}jÉqáØ´Àå‘Ï…¡6%ê'1K­þñ©&a÷`UÐp¤T$‰©téÂ[…wf“…¯Ä…´k£S¥—ô›V÷T*-ü”š’BŠ’«„Õò¾$[Ê5)Ë^øErkÞÞpI;2ˆÏûRbt‰€±R~»A!µ?i³Ñ„—¥5ã\k¬ +ÅéB jؤ^ÙZëu„ˆ&f¶ùðƒã¥a<Må4áË?dt÷ã$·ßÓ°!¦aÌö©ÉæsÏB·­Éí çlÃjNÖµâ&ϙ-8uvÅήd!›š Ødª0¦|V×Q°£Õ(¥¶ v^/÷”Ù¨ïA`ÃzŸ,Ð'[.×HS]Ggö [bícì¾rARškB—ȝK”=r5—ù\6 |Ï%7$XŽ+™ª„ÖLK8-—…Ä«âKÁk Ä\” +)‚S¶B}¤,²ð‡©üÀŒ{¤z# +tš¯\½zV£~<ù©kÊÀwð€©ß6Àݺ:WSŠÁÿ,s] Eèz¢ ÷ƒöÒt#ø3Éj)¡ˆFãô×ȄèÇ»wøÐ)o”N$Iø^«}ÔT¸‡ŠEEêŸ&­s†£/tžfDUbb(UÂlÁjmWýa7S< Ã9fñ)¾ýSèXxôÞ.— c°Ç~WÖó“­ÖkðcúqÁëÆdm¡–XºÎ< ©íÛ×k¦ÝköŸsă€s–[›ÞºkpïØ‘¦¾hüè²ÒµE"à©\½ì®m/¶ÖÑ0#v‹ÅìÐÚ +Ď}ýŒår‰aýY‚*_~!§ n`ð§H4|q×´öZð¥dD#ô{Ã-Áƒ>ÈôGÐ0Ó?+]ݓÝbÞʝöòx´ÿs™™¹ÈþraÂ74®B"zFßDQTHM™-QÈkQ€1,[¬|÷ðÈQèé[êT¶èXû™Çx½Rs! ö’bÌVmK»«µ¯éë*À†Yi2|‚”&õ܏Æ_8qåÛ»ûݼº¾=æ#.UôÆ$Ïû›lz۟jûc­ÿObƒñAcÝ­A%£=ù5»€Jendstream +endobj +764 0 obj +1656 +endobj +765 0 obj<>>>>>endobj +766 0 obj<>stream +x¥WÛnÛF}÷WL– ‹¶.±œháÈ1 MSXEP@/+r%mLî*»¤ý}Ï̒2EÄAƒú™\ÎåÌ93Ã/'ºÂ÷€&C]SZœ¼›Ÿ\Þ¿¡Á˜æ+ܹ¾Á‡Œ®’««+š§½›dœŒúÝkìšÊ¦in´-©tòߝ+”±çóÏ03¦Á šé'0ӛãøÖ»Tg•×´rž>׆¥Gf21COÊhgʍXÒ>gɭ蓱™Û…$ºº®]!‰þð:á {õ "öx*­Oõ'É ’ÙÅðzBÇÑò½gmÅs´'ë´ œ*Ç-ןÃVƒ¾hBãT‹-Îs¢¤,©4u R6£­ +aç|ƾ¯¨?%CŽ§Ü¨’LÀ£æÉäz­³#oÑCBtKô Š¥"•(E(½*͓>¸XôL¢“ RͱڵØߨÐqë+éÙi `̵>:€_œSQ…’–šPoíÚ‘ƒä¶šCÀs;“ç´R&'³â¬‘¤±Êï‰!ìømAÆk„o‘™p¤G+7¸Û WåÇ@A é»Y­€m@EHpŒºîBp©Q%Bç;—÷ ¾0´G—ºL/åy)É3y{œ­ß_H,A§•7åžÈkœ ‰ꣂ ë8þ ƒÐôQÏH¾P-ŬRø±o©ßoI~œ¹ƒLËZm„ ×^ +•nŒÕTz®TƒZ" ßk•jÎ 1.Îön•#c×-WµÍä +k@ãÏd{Ò_Á¿®[ˆ4:ü0 ÿ¸ +gÃ2pMô…²•Ê%öH`še(ŸY™4’s +b¬ÑQ +m«Hã†&\ÃF…u÷±ªÐ´¬J(›,+$ÝèôQê¹t_ét* AdS½‚&è¶ÖYÝ%§D3ŽDNU€ÍÆi˧ ÈUþv–xú9N ÖýG:b þèf­ú ‚øŸ1l¥SCHCîxÿ »6xõÌèHEV;•£³(©¥C[d54äq@Ô4Ƚ«b[ Õv›ïŸæQ_íø:ˆ‡§CÝæu¶8èßÏO0.i4&×4¾™àó¿<ðºÓutuƒas<__'̦ô£wË\Ü2zï½óÒ¶/ Öxe™¡Æ¦y•aÐÙ«3ü‡ K¸õ´üqÞÒYێ˜^ôÊý‚Þ0¢¶ õ;ý´Ó«8®8ácÐj»Õ6ÓYB÷^ëwwl¹­ÎEq(¸'ÜÆ$؇8ý†(vΞ•u;@î2µe{8‚ÇŒZÆÞÝRÊ<®' :Ï`gÁ‡ZÈ ÔÚ«â ÁB=¢Ëâ|=œM1’ +•AÜh˜ìâÚ¯°0äû„\T7™VŒ†Mrå8CvVÃúº™SOf»‹H7ËU¬38m…£2ÌܸžÁZBú9µÛ¸¼]g‹-í²Þ¬Ü<"%I7ðÒÆ×8.…ð¬ùRiú›7£ÙýTÇÚ°³ìŒÖ2¬1¹Oÿfrl¯,”:k/G[d‚/´Nh÷té-kWTù…d‚Æ/ ^墍6MDÐ-æW¹IQ^#eÆòÄb€0YÙŎu,3„/>K&ŽÑZíßÒN30^Z#GoÐdñŸ6ÂìÐ ‹¥‚Ӎ£ë%§´Â)™tlÊ sÞ¬²Ž*¶P]ôt²N`ÒÊ(Ãn©¡ö®(lʺèåÙÇé+\?Úý>ÞMë¥låòÜí ýIÊËCÇ«×7\4²ºdD­"‡·fÑbÊôíbñiöáÃ|±ø5òü@}¶'Ôû™.;;ZËÀ}å¡ï ÀËr½± ºX‚·èEJÔºö®Úžiìß,~SàÎ$í +_ˆÌëd̊`›W™Eo©22™VÀ’oʊÀ@åP­5PËˆXf $„è• ®Ðطα2D0nê>0 ’^ÎÞ0¹nÿxwËÓâ3DDw.­°Ý”²ïðSýÁõ‡û“¡¼ñüÀÜx2nޓÆ#6…Ñö×É¿Ô½t(endstream +endobj +767 0 obj +1534 +endobj +768 0 obj<>>>>>endobj +769 0 obj<>stream +xW]OÛJ}çWŒªVM¥à|&—+(Л[¸Š¤jmoÛ›î® ù÷÷Ìî:qÝÒJ7­Åöì̙sΌ¿ ¨š éhLIqp6?¸˜ô£é”ö?ôW£>MѐFý÷Ñ1 ‡Ñ”´¤?яú³ûÛ{—# h¾à°ãé„æ©»¡Oó¤“Y¢TIC¥²Tk¥¦ÍJØ.ÆJá·(S²zKb)²2¢wóo½ËqˆØ§Ãá8!dg¾’d¶ÆʂQºx¹ZÒVU¤Jzè|èã38>{xáãÃ$!Ìá Ÿ´ó0OÂuÖ|mwʌ¾©¬”H Ç¥ª@Ndª$‘Æ,ª<ßR\Y .£Z/µH³rId *åß>Im2$¤.ĝ(bA‰J%Íh)-ɹ¢²Á FN‚‹¥ìÒ«F*²K7¹FzìˆÁ#¥qRiªÜ2,š^|^ã8‘Y™«…Uúº!KâÆkËÅ àªB+8Ï}2C*I*müS ŒîfçdÈ!>ÈæhÑ¡µÎž„•½ûëÛOo¯¿ÜD¸ßßTw¡CNÉJ”K™FD—(F>‹bËn«n¹–…zBñèÒ"Ë¥c‘ø¾>ÕqÚ>CT=µY"¸—”h‰´Œoh$qðµvœ ¼Ùˆõš1‰EòèŽX(mW­tbi7Ö­74ŒúѤK󫏞ÝHòï‹ÓsŠµ(“•gÃC‡¡e¢ŠB–©LÁ["&ò@n±E+ZG%Jã G"`ªâblh™–}ˆÒÙ2+E^ó—¸9€³Y`v’g²´´Ðª¨‰Ù J¸‰ª%Ëâê,D²‚vÀÈÊ@$I¢*Ž“í +Y¢ÒuÅ‘Ú¦÷¶€>ƒŽœ!îbTð($‘¡¼ÿ­ã{fõ̉èpòšPÒNŠ´ç¥WP§þûÜ[½áÄ_.äUD÷°½·àøF«rù—ÓH[\ž&¢2S €7ç2+ñÄ|ð¤Ì +Oýè`Òl±£qeœ®½ñô.‡{o­H¤)á8M&ÑÙÚ¶USH»R°DCusA=ÆÙµw£ªœÅŸB\–•),ÁýWÂ÷t£ô#„Ýín¡q‰¡5äì)dãí¬à§Q„'`µÓ„*!è' Ídûš²T†à¹Î õB”•È\€ªtðƬco +)øêĖoÛIðŸ7Šd;r¸ +>†%Փÿ….±S¤Ö˜Mêm ƒQZ ù +4ښÂ1l5W}“1ešÁ‡ îÎ"CJ€Ð8Ž*›å™ÝvÈcûÄ}q\S}D) +éìßÕ´»’ölv}Gîm lóíë·çt¶Æ¬ àsÃajKøʏ¿&¶À9²Fxv˜m½FXÅ +Ñ{Ò&½™[Ì Ft§èZ*̎”®OZ®aãÀÑIKšp ¶BSÅ%¦t!Ì£AÞÙßh~çêWs´Ú{(Gn$ìÔ”¶ØƒØâ>>>/Annots 200 0 R>>endobj +772 0 obj<>stream +xXMsÛ6½ûWìMJÇ¢õ-+—Œ“8§ušÆJ3í𑐄˜T‚´¬ß·IALÚi›Œ5¢ì.Þ¾}»ôŸ#âÿˆcšÌ)É/^¯.nWÃhHóëe4¥éõßÇø)$mxùêݒFSZmpp>›EsZ¥„Ã!­’þu4èáhK™ÓG“©DIKB§ô±0•Iûbõ&¦4yƒñú÷U²#³¡r'Ié)rQ*£IËDZ+Š#•†T¾Ïd.uù]ŸÌ“Ò[úleÑzƒ-ô òµ`ÇCŒ&ј¦&XTÖ¹´"—$ø»( Þéä‹m"*+ÉmR¸™õf¿(šƒ¥+š o1"úÝTdw¦ÊRöéá̀ˆFüñéNjåQ̇#|æ4šÍ£Eý”у h‡¼%„¶"uÁv‚öb‹ÖB0¸œœ ŸsÆÑ$p>cuºŒ–ájðŒÕ9‡ìçPÃçœ&Ãy4 +VÃg¬Ž'Ñ,\ ž±:YœEÅ 0X'؊-Õ°u‘¹kxÁ¹jˆæY×P©>O—£CëÀyƒ>‰'¡2±ÎÀöÂät¯’ÂX³)#>0p ÆsT8ô^¢(~¬aú¤©bΊŒRYŠ}Ég®ÞÍk²£ÂÚ£_˜hbmª2ŒËȖnaȯüé¤>=XD×(9¸Çó…Kü©Žx­µ½2”€,àˆ,a«Þ ú¹¢ëë21z£¶ÑÞdÞIS}:‚¼yeKªÀxG7ÐûAO\UŒfÞemuÖX…1vÉgÙ5 +Æ¢¼Ql¼¡ÒIV¥2¥ƒ*w\Gµ£5`ñ6ìúڔ¼á‹)mé´¡ã…·ÚqBPÒâY`üÞ$¸pé֝¢ûBáí§º˜ŠJÓNì÷*;’Ô DÇ%§…ov`ìšZâ¾Ж¬­.)1ynt$Ò¼»«öÎɃҺüÎވîPOR+î'Ü]ö•ãÃ$@í`è6Bþ²’Ž›äe;WqŒÎՍËSt;8r:ØÖJsGs eÆ<ºŽsª4Z$ڐñ½#ˆÅ`½8(+#ú`PÚ"³Æ "îƒRUȪqdj÷v*M¥îE.VXik…,5DD¶êürقð\8lõ¼*9±Ì6•Hú(’GšPÜçŽNL‰"~á¢?e‚¸Ñ#º}. ‘p¨Už .§ÊjÄz7{xÑܐ¯ž;h^BC" ÀWîÙ:íñåÔîç;ž¿sօY{@óÄEæÂk; Uà •odŽAû;cXøŽÂZ“(ÀƒÇºvê{Ç}G& æ'’$éáÁnŒ ™eˆËQ´ƒ¥ËÎÞX«¸?²?tf+(»­o]Ö>yžùe³A— W'[T¸@-íÍÈuve×ê‚Þ@\@>˜¯=Sf?ž1¯YºÙû²0t“æJ³ÄøõŸ OAGE MÈN5:÷;5Û:µú ~ÅÙ ¢©i'ÌÿÝ*ï¼Êºø·…©ö †;¤2Ý;v÷ìB5Øãwú­èÈÖÏ\Ő3Ɓ·_ӛ·¨#OßFÊHã¸4&³q\Hû¨Ê8֘º8®é叶}™QÇÄÉõëm>Ä$sb¶îJ{j*f€åäñTvMX}ø¾Õ¯Wۂ%Göµå±™ÙSagþP©òzÈ·íwS#°‡7ú¾“äóðq¯Ï<F¹ Q”;pŠûz5ŽêH†MÜvŽu2r‘ì~í´ÍÍú;t\9Vs‚𯫄w›:Í&öÓC7åÊ ¹GX–lµÝJ‹/¨š’ÑãWûÔU7¤Çò—îQ×î~ fŠ¶Œ›ubB¦ÜKÃò9ây¥"CÉ°þn ±^£š}O½’eråìùðO£dPhÈ\ +wõÜÛϽÐb+‹žËYϏ +ÔüÒë¿O•h n>>>/Annots 209 0 R>>endobj +775 0 obj<>stream +x•XÛrÛÈ}×Wôé*$Hš’ö%勔¸J²“^ïVée ȱ€.f ZµÉ¿çt HHI%å2%âÒ×Ó§Ï菋˜¦øÓåŒæKJŠ‹÷닛õÅ4šâ:Äüñõ¯³ømtMË«e4¥‚Ë+ü¬¿å´â·&· ŠcZglhyuIëT,Li ?ä&y¤.5G©;ØÜ©”ÂN“*“yÒ)e&×ôfý£ï¼ÜÒ0 û_&|F…IJç]¢Ä“~ÉÍfr¿º»ýtw³š|¾ùíÛ*ºùíæܐ¤CSϖѱ ×ðýÝXÄâéóšÈçI—Þ8K.“Èß¼.é^YµÅÏ̕D]¡ŒõR6¥ÁJ—x¥}‘žzR&W›\s¨d¼\DsZ.Ø+ê6_F¨Ž|kêÆÕZ\JL]½²ÒtߦJOF’'’ëç©Iƒþ¯­¾þºþòåîX¦³~+Åý•hW—ø}†ÿH/«[}M1Š˜¡žËé,º:ëõUtÑ÷ +äÐß]Ï÷”(KŸh«Ã_8ú+܆ +·ƒ«‡ÿ…²Ïä]U&Ús+ŒEé ¸3Çêâªôˆo?…¾äÆn)7>ø}½ý0ðÒ¥Ô%U¡mIiÏ£»ÆÆ0 ¥‰&ìĸWÅFQ +‹¥ÙT@â` ¾Ñ÷gÚ:—’þ¹Ï¾+á"I«K…îÞ¿Ø÷Æ}•ìHùžßM ì!æ¨.ɲŸ#H¥Œ\ϑ¥Fm­óMçr’ra+_•ÞT[ <˜RíK‡RÖÕ8H™ënd@/$4¬h:”4áŒ/Ñ߶T³å¥Ìh×A¾=ž_Ö(å«ÛéÙhN"næ)J9Î-7 ‘aR +OÆÓJŠm‚×y†6ýîª.7Œê8%·ç"÷"fƒ|±I¥á–Ëø½NLöLî, Ä+åúIç˜Ô€ËMÁseeáo¥QCøúhG/­Ø±Ã1pÚÖ@ì‹'¾²™CáЧS°Â@—j¼¯X_§:I³Tv‹éⱏ{> 9®TgªÊÃÃ9žÒÃ01÷Ê©¼?¸2õo¢šI;º{g»i̪œ +v@/&§‹]€q Áž©¸FÅ•ÊpX“Û· ,†´Mo{hR–«­d k“ç(I’W鋡°žÕ«鍱ª4hs¬Êsw g€‘©z¶M7ü«Âͳ tBқïâS-(é…)ô\ G…ëŠ‹Ø ¨ç£¯Éc„UÔ`1q~r‹MêQ ÔkðauÂȍèï%æÃMB™UÆ©Îuï!Õ­ã;¼Ûìš1Þ¸ŸÄâ«,3‰—¡û@p®•#Æ)JÑóZG Xƒ‹÷¶%æÚd¢†©Ø= ±U±.+tÚé²Ô* ºõ“î¹äÍÈÜȍìj $µ©$C„Yj”VʄOÇ†³ï•¿í*Òô¾*jªÐsȉíԓ¶ƒ@=QXPÀ –ÇΕ¸Ä<@&”¹®âᡕñîØèpÐqÚ  ”%©VI¨Ø";>¥€ð¼ç˜`1”à‹zîFRk&W†hƒVn-o c+ýb*WLë ožÈzÞ0}  ³ƒvpñ5[ì»ýE† ‚á¸nîU© +ú' ÿp¤“Û#wCA¥Ã‡ÙÛioRqëHi(U’ °Æw4™üiuØçÉ*„Š€ÂÂûWcá?[‡’˜]M£˜fó ¡ 9ôbûí58›ÏdqtÊ睕ũ-k¨ôL’%û´*ö<  øo‚ˆvAdãápˆ¿¼\¹ŠŽú¶Õ;CÐōTåÜ|aK~9Í߲ڝÅWµ†[²Z«¿un_÷4œ¨ƒ½JMoM–5"ò›5?e >ç3¢6: óÐjcļ Σ=Š½“Ô@ä<¢9 âó§Or“nnÁo¡TI=Yø”uC'¢³Ç#úŒqÒ½³&à]& G€R8‹¹:kÊ«ŒÔ©Ù¼ƒAåÑ쇏T@ø¥óŠ•,òŒ0„ôácK"@È +_Í6mrk÷ó‰ŠoâƒaХߙ=¯$L¿/›Å×°âJÔÍòGr`!Š¼IVb +ôÈÛDZۉ"€l*©Ù£T +\¨ËL%, x­Æ'•«<Æ4Õ¼Ÿ™Y;x×ìŒ}ó2ifÉ^ŠÎ‚å$˜“Žpø<©­{4——X‰å05 3w ¤)üðRaj‚Ui‚ErDd#žéyôÕ¦õ{Ðõ©Ô´˜ZÃhéØæ¡4X*56pfõÎ1ð =cӓÛVîžÉþ†UŸ:ˆÚ¶åƒÏç¸ð²Ãœ þïÝ^FâØÖÇÃÜõONî5ÛPáë¶=~ªáÆm28úäÆ6Z«æ +µÕKFˆ2è}«ñ2Çڅíp¹XQ4iáR¯ºH}¤_qFóÅõ¨Q§|ñ́¤›Ÿ—#‚÷D¼x¦ïgMg…Ã{ Û3Vg•¦ÀA¶>÷ÖÒñt°Nb˜ð#|XúÝU=²â­FóE¤¿Î0ÜÏ÷| o:p:ð§Ý>¤…Î(òLJ›'ÆßÞ +Wïîß¿ƒîr?08¾Ÿœ9Òq 2Ç"¼œ 6þ‡£ëâr<½X² ì‡\ü‡,b¯endstream +endobj +776 0 obj +2019 +endobj +777 0 obj<>>>/Annots 226 0 R>>endobj +778 0 obj<>stream +xÕXMoã6½çWLEÜ"–-ÙñG/E7Û ›ÝíÚÅ¢€/´DÛj$QKRqréoïRòW’nºè¡E€À²¨!gæ½yOþ|R! #ê (ÎO.g'ë>…!͖üÕ`4¤YBÝ ÛíÒ,nÝ©ME–=Ò£ªh“fR&d¥…±¸C§ï¤Ý(}G· +‹•¦™R™!Q$t±’…=%RÙµ¤w3šJ}/u@XD‰Â·©¡ïfœ`ëv4úؼõF!úÔ +m©¬M‹•ÁÇ+UX­2ú +™áššy•¾OcÉ«.’ÄEì\ÇuZmd‡d’Ö<:ïÖ÷š”q«ö‚ˆoOe&cëNúåœ8=Š³4¾ãìNßÿr|å¶W.GØÖ©.èAÂ_þ¦0•äúJ‹Dm̮ԺÛ>^Mˆ6kYP©U^Z™ü“ÛÑù®¼[ª´ð;£S9Ê´L3ôȬU•%$Rc±{]6Àҁ°EßNŸÎ~ºýøþýìÛù|úh¬Ì{Ñ|^¸ óù÷Á÷ ™n[Œ§â/ÛÝ]?MµHR–*b[¿Ÿ0´‘Yvv¼k)4êdæó£Ð(I¯)öïêXH@ÍýH“·oO -z~8­ïs¶hï4¥ˆï¤%Jª¼ ¿|•­ãÊ- +nõ'pLµ©*Îv,F/4ÊLfӀÿ¸ž ¿kV/«Ý´‡&ìÿ:±ëd˜ÎžÍÿK:ïõø€ÓRÿ;œ~§6 Aùè:îy¼Àv®3›_Á^pØñš§jÙϕÛf˜U¥Ôyj 0å1äpžH™m#J ·R§ÂJÇZˆš&“ZÐïúF"ÉÓJƒ8÷’tºZ[³Ð3Z¨¦Ÿ® +pˆéþ„¥P¸F"ëñǔÜáñƒ‹Ñ,aâ!RDsB*X>‰¶unæ7½še6oÍçîÌnNº°˜ßñ|\K- CY–X(Ә2£ ¤Ý®÷†%iëzbו˜ÒåѾl ÜA²˜ƒ¹›3\§5ƒÕ"\=ƒAœ0ÏMsäݔ̅ñ%å‘ÞL>d¾e™Úð3.›Ì©È’Ö2+—UF¿}|ë͇BI5eiqg~8–æa0j,Á`ènþ4;aÓ㜅üé㛓pÐzÔë²AÈ)êð˜¿ÊhzèØQuûÎHìÜÓÏ +uVKšŠ|!ÎÜ^GéµhmmùC§cxe ôʕy{ ÷¯ 蓤µ"å©ÖPžB +íðþÍq–¯ô=\TÞ®s=h4x"ïe¦Êøów¿ÔBC㊿ߺ:Ÿœ?ŒÁ¡@âà" Ò¨Õ"“y@7K2ê á‚îicóË®…· ‰?4™Ûà„!b=0^ãâ^0y ‚¦õ4§±²–n¥ÖìiMšWxÀô¸œ\ÑB¢Æ)Š+ÜQŽa«ÿ‹ +$ ûAX_ÕHxÚS ":¥Ý!¢nóf³ Ì]Z–HßH«‡ŽÉmͪ`móìEø†ì›ÛW¦~‘Y8¯ÕšJ0Šm–+¸€µHPUC‰xäé)èÃäêŒ&(AB—¢(PtgýéNÊÒM Ëø4(OvƒsŠ"6”\ŸWË]ÕõájÀ#î¿[”˜oØÌ~‰‹TÁšÝË”d “*•çÊ e¢¼çÊÍx̘5OºGù:Ü ›(Œ‚1EÈi„lzÝ1ºè¯žã}†X·ŸÙmjb?yx^Ý\O¦ãá™Ý°yvtâti:‡«›IpþÃ×îðQ8Π7Þ^=—A8aÝ~ô‰Êãewû[‘>|©MX­¦ ^„A¬òΟÙ]œu +›àóW%uG¿á¨ïH׏Ñõl£ó#²]Ï>ø¡Ë)¨Œóôö’L)ãZž²¶EK7ˆñ?ÈÓX+£–H )ÔIw½êpO¿"©Ýˆ=xaú ByC+x²æsUÉ,sæG.ã^矕±h4ùÂ^è[?`û«'Uƒ9{ÑQë½Sà™+¨¨òª¶•0-yJ&tpª€ÞàM^½„W*ÛÙîmÚ©˚4nüî¿ÔÕ¢ç^  ðÅî)_›óF¦UY*ýD¾Ø1þísµX?›©ßb«…^†x^DcèÁ˜%d;ï¡¢î¢.8Ê<îÐë€ü\!=gXÝ^ÜdÑ«éìÝL°¿)j㜐°ghÛbžáP¶è†Ç¼²¡fZºÍùwÈ­ãæ]¢ŠS‹÷whÃî˜b¡*ëØæâ´¨$1 +‚S–"¯ïÀÔqå…úshæ…ß W’ƒ¨Â™$Žå¤2“Â໅ûn“é[Ui hGãëp÷ÛÃ<¤Á`à ݚ^Ü^^Эþàßu&µqq֒ÏÖC,o#7>GÁîŠí‡wŽŽ‡1,‰£¥£^º_ÇþC ÷¿žü‡äŒendstream +endobj +779 0 obj +1869 +endobj +780 0 obj<>>>/Annots 231 0 R>>endobj +781 0 obj<>stream +x¥X]sÛº}÷¯Ø>YéH´$ȹ/wœÏúÁŽo¬ÛL§îH‚bÐA+ê¯ïÙiɬÛÉ̝LñÀâìÙ³üãhFSü™ÑbN§TÔGï–G'ŸÎh6£eÅw/.´,išM§SZ£+»U»†‚®uë@q­"þÑTê'mýF‡†TÐôämë¢Æå˜ïä&9i£LIʕé¶Ã°ðfùýhJ“Ùi6Çb£U«‚âÁ=m‚/ÛB“ÂÀMÑZ¨Ò*¶Xk¿|M­3ºr;â_dÓ)žã\7‘V­nšc^nr°ƒÈÖÆ­¨öð'ŸŠ† И_dgÛÃü|Ú=îQÂÓÉéÛì‚wðÔÚEãml°á _Q£ê\ÑηGÛðŠ¼º¼GŒžŠ|¯Ù5Q×d"nÃ­D­+uÈ蘩Yû֖ŒS®r»Ãž±QÎ’dõ€¤FNÃ!`ñ@Mg…wUÆê1ÃhµJÆàøMJÆÑ?W‹Øaz QU…yéîÃ{jÚÍƇø'€»v¤ÊÒjÈ:Çßá6&#Q“Ï£B>KºŸŒ"zÿ÷{êÁª¨¦v²Åž†û)ÖºxÄ$&’o_¸§áÿHuτe©‘»Z=ê„ê`—l šAæÁèjLÖ#“ßz·z®ˆ0ú1 ­tDY»ƒdçº+S½pm¾Þð{HvЪ¤¿}ðî¥å‘Ãu¬-iWøÓ×à»Z¡FŠ…ràƒåÌނ ƒÅ<ªËƒ3Ԙka OøðæÏä6åL&ï4ã×¾ÑäLwt|}\ã>­½5%´åOAø&¥ñ¹XtgœÀn¸ôQƒÈ™Ðf…g/R£\³…FÕÊ@VRÍkûøɌ'‹à›F Î蛏L#ÄjŠ5™Fˆ+R“ÊúÅ9Aì~}Õ¾ñôž&óó½ú›ß0ºñU"á þu²Šî’ÝÕÅbà®øÙ¤_zéIø&Ûp,D0¢þ [š©½ÃÅÆxœš¤]ËÔdjm»”[;ÐÖČcû¸m•Çµùé"›Ò锝|MóóËlÑ]u íur<ÏððLLÿ±Œ¾  t@‹DÛB§à©Ù`<M@¿|Öc5™Í9Ï´9”ÕԐ{1ì(5½FZ؀æÓkœˆÂ]ë{ °Ó£ +‚•º"ÓJå  D²?ÃÀÌ"9ì»Zgù‡Xf˜ô‚/*@‡ñ(?î‹k“e4µCûv§ ØÙ%ã9Ç_H~•Ngoi†£H…Š™Ï¹jöÐ]f—¬ ãX›bðVšà7ãJ¿mè폓›¼Æɧž ídÎG¼Ñ­ú—Añ–Ø^å­õ[–·î! ktÍ«k3>˜•qÊŒ~¹¹º¾Í"ZŸ/p4ÑOÆ·Ý @êÚ*Î?Üۅ]le¸#ö]¢ՂÁ¬ðV9zcÉô %Å{ §þ± ¾¥ÑýFʋZ‘é˜1¦ßåü%Ë&Pž‹bLùŽ¾ÂÒ±™¸Ç¿-º0¸º£àTN æÊS°-áq|»‘³þ†fÂü@esc{ÁÕ¡–Ã:%¡< 7xˆ­3Ü¥Á¹*ÀÀÃãv´QÜJX:x¹6âÀúµX¦ ÀÙà” +·ÙE`´j¸ZbîdòXht²“†“_T!̔6ÓE†€®l㥿¨@ È/ãºI‡xáÎXœaãàlQøÑí€ETµNNûÊœ®PG)DŽ,èIŠ´ ÏOp2Â"+o‚=؍Eb’P½ûúåÛýõíg.댮ñQ!}w@ÆaÈuɟy€iOfᮏ° ˆ!༇„¢Š™äv°áþûß>ùtÙu¬ÙÅ"›á Ô¹ôÔÑýÕÍ»+º þ;^?t–L`àq“ôúd!¢8úi-<[œõöãì’'Bûíè?ˆ>ôendstream +endobj +782 0 obj +2245 +endobj +783 0 obj<>>>>>endobj +784 0 obj<>stream +xW]oÓH}ﯸ+m‘Ó¤!iØÕJý (…. }™Øãf¨í13ã–üû=÷Ž¤¦íRMƞ{ï¹ç܏oC:Æϐ¦#:™PZœ/^^i8¤eŽ“É锖'ÇÇÇ´LçÞ7ړӅ +:£`)¬5ySÝzPØ;[Q¥Ã£u÷TÚL¤œ¦Ìø´ñϛ +ÏO^§ÁØ*!Z¨r¥È7um]ð”ÙR™êÅòëÁ1 †'ÉÖå^´½9Úñ©3uÀתʨñÚQíln +¸—[G× úlªÌ>Əìҝ³Míåù½Óٗ—×ozÓÂè +î<®Mº¦GS´Òjn +Ùüiíë£I2f‡?¯u3´¸>§xG®ÚèpŸ_ÃK€#1VΪ,U>Úo@¶9Õ>è´\K ‡çl‡lÏo§ëbCw¯s^¾ÚU„çA&CÆ<ÕÊ{àÁ¨!q'¸žJ®Ue|)/Ç̨¬4ø*8àÏZùžESù ŠBg Í!µµõÞ¬ +M·‡«&îݐMm²Ûrê4Ì큱֠{+9„—j¥¼æ«*ȯÁ  è‡G­ûĈ°€&Ñ ß±¾éž(õôÉóBŒ->«¿ë´áña%Uª•ŠìYІØΑºå.Ï]"•[oûxp¿ØÁÑ%e¼ƒãgô‚Ð2–?Å9z«Ã¼Êm׏; FŽÃ=>‰A µ¤{!Gk i +€m^{þ ˆC&'/à +´Ýä’ÐÂTil‡¸? +´3ýDŽ_Ü*«´g°lPÂK.«)Œ»ž›qñ3Óì˶•\Z,Ù“mõ̐„Ù3”Ô ›úÔ¯vè¿%§¿÷–ò;8Ÿã#bjãicHèŒGB‹Dµ²M8ê9ÙuM_ë´m’Ýû¦òïøËÈÅ=eFCÌÛ¼§ g'Ò4v›Êirš ©\<æ{ƒÃkV:‡$QËt·¿ú F¼úHâd;ÅAží4 +ŽÜ\^H8joÆh»aׁóþèÂå]Fvº¸éFr]¥nSwó#˚çH+y>c'20"öò*mW·Á:Ãʖގ&Si·»àøl»]u[Òþpċ˜Œß<Íó$S*ÈP˜\ƒÝC¥) +ðÿÉè`tŠunžÂ€ˆº„ ¥ÝLÙµTá-ŒÀ䝃O‘•éñåÕ«6âáä8Áô+²ƒaÅlœ ÙC%G%Ö+Ô.LoÀLò†ûmüçã[áÜd¢EÊ gpœ[<ݍ±0Ϥ”í(=â9V¶Âœþˆ‚\²še`‘1,ÂÚÅ-{³A‘«És¿@\ΈPÜñpV-ð #‹ðLc×d1Û³V{UÍðVÎætœ:X‘ìEÍÙ{¶×сÈÊ-Ð^ʺÍ" Îb‹s<µ=AUTni¥³l5 |XœãqTäâ (+ôé<ËQùPt€žnó7Eþ¦#&íÓÅÙõùÝ8ûͅ.±}3¤²HuNø­A|íð‰~<wZÏøRÄø÷Á¿Ag~iendstream +endobj +785 0 obj +1909 +endobj +786 0 obj<>>>>>endobj +787 0 obj<>stream +x­WïoÛ6ýž¿â–!˜8Ší8N\`’&i,n»ë†z(h‰²ØH¢+Rqýßï)ɶ’}Û¤¶Eޏwïô©‡ÿût1 ³…ÙÁõìàvvÐ ./iû§X⠎õFø;¼¼àÏü)$Å|a¦ùƒã§w8Ò§YL]žÓ,rÏ{4 ;Ÿ¦·Ç³o§wÃêL' š%’tžnÈÈ°,”ÝP¦#I´NT˜à•¦”kKk]þù"©}/¢L‘á·ÒXô, +%¬Ò9ò¦éÃ5•F”Êg™6 ¸ØÑ` 9¢«Ð–l£K6Ae À‘Maª„}«däऑ\ËÈHi8 ]8 §"[Ê8–Ðä³:*§L+ ÎzŠE¡×^ŒÛÊW†e¡ËÛE+Y —|IÁÐÍ[Tôs¢Rga1Õ¥B|p·Òƨ£Š¡Îcµ,A&Ñr +‡Ï𠓦 æ#2$›vÉä¢Uä©^2 LÙµ¦H„Z¸ŒTËBæ–â¿t3?îrpi%h©uÔò¯")8B£‘Îߺ$“è2PÇLf Dbat7o=’…\©{"ÉÓççþ‚&Ò^ߘå"“Žì®x|•]žìÍ'˜ -6ôYåpGeb7KªC.(׋QnŸˆ´Kǧ¾,•I·]KÔÈ_!畦{ðpЊëxåÛ©Æ5Ø M«Z|͓Ù£Fµ™ÊzMى^ÓB„O5#=guÜÔÝqk 9"}Äõ¿†U‡sN‡uÃÒ¯®Uä}Œƒ.ˆVN‰¯rC.×lx£ÜrÐ7r÷u±;æLUÄ@»¦„•\:ÚŠÿ½”ÆnA ê)Ôfn,B&Øa4êéf"LT±ÊQfà5=\ cðCTu8?¦§œ«Ÿi.­v}5ÿ+ñ€Æã#ÄlתLVã‡QC#ê¶Av¶Ði* ÊåÚC·69¯ÏsaZp×¥q Ð!çå¦Ã!­DFsKÔ£ÆH@ƒáÍ0Ù«8k&OfµŸyÇ‘‚Ñ†(¦å÷•ºT¨eb›óYn­š‰3PIb€É†»Ô[èõðrS®1íʈ¡ãƒ@WF2V¹r“€™<ø`žØ <´¢º%†]À"ç#èÒf;NDº›ª:hšÎTÕ|¾aëùë'ž“§×{üøŽ%™†Ã>tŒ? ÎGÁ%˜KÓ/߯>ÚÞÉ*•÷ÇR\sÏÎÁ¨z²+ÿ§wcêCžb¬gãKxڕ{|½­¦¼W¼ûÜØ¢ôƒø M¥uÚ5yÔ"c?±Ø|,t qE?½;¯7ŠÁbx2³ ~EŽó ¸Ç{ÌYe \ÚØRNïFµ:;»p‚ºÝJ&f·?±™µ¤‰fUZ­tá&ËVR\Q@ßñ_<\y$Of;•3®ƒ›ˆWïb¬kÏOŒï°„Bˆý +4sŒŠ +¡:¦zJcPÅeÊg”îZ+¤ZEZäTÙ*…žAё˜±blÚ«‡·V+‘‘ÈT°°q¥ÞI{ŸÇºžu{WÓ!-¹çÑð>>>>>endobj +790 0 obj<>stream +x¥WïO9ýÎ_1é•Â’„R?@9¤ê +åŽTí©©*gãM\víÔö6Ô?þÞØ»ÉfÛJÕY{~¼yófòù O=|÷é|@§#J‹ƒëÉÁ“ƒ^2Óî—]àŸöɘ†ãs¼ðK+)ÃٝõÉ°z‚—½ø¶ð¶¿`èäöŒú}šdìp4>§É<èÑ$=º7^^ҳɧƒ“Ûauìè}þ”æ4‰rq1¢cZKZŠ/’æʥ拴rN‚VÖÌrYÐz‰7è­Òs³v”æJj¿BS!”öø!Áö{tÜ?Mð~”­eê•Ñä ù¥¤÷KSH÷ÜRÀ®Ì¤_K©)7 ¥]B4ùîTQ:O÷¯'lÀÊÌXÉnŽ~f’J‡`9Ž7S¹¤•ðËä °÷h4¼ØÜ@òäö¢gú{°“q2À÷6ï‹wôÂèL-J+8±}DÓ`„z!÷‰!W®VÆz¾‹kb]ژ’BNˆ9€ÒAò€ˆ¡é l+ +é¥MèQ3Š8Òf ¤S¦¾"OÇ` +O-} rØ<‰†øÎÚØ'G0°–yÞ%¡‘ "¡„Ž¸6€ü'1TÖ뤮7ZéE¸²‹zt̎kk¥óV¥á¢ö«Ò{¾¡¨kä¸bìQÛCù,8cì&i¥v]zZ åcŽ0{±§i " %ô2 o8éƒñÌä¹Y³÷ÊÛûEnf" +ršpÁ¹b–€´pÎåe¬m@‰ |<8‹¥m$þœ¦øúý~ÞL§IÅ=oÖ}vÌwG±%­æèì>+h­òœæ¥WY™çƋcW¶¦Mä¶+g[x¨ŽšË½C 0乜·°ÛFFÓ#¿,zö©ªcAK5ŸK=}V^Wšz &[—fˆéŒãjŽƨE>2ÓpD¦O94A™¾Œ]“Ee®.R<‹xµÊÃ~ +÷|ކ@c8d„õw»†½Ž ƶ΀[ºTZvi{†•Ö[“ÓƒÐ2§oøë†Ù ‹ü1–ýzÓîÇ·ðÎÏ}ËSЋ°Ý‡1r§RkœÉ°‚Ç玾q¾Íý94Ø1¡ÃWf¶KC5½1LØCd<XuAÇËAØc9Í« +a7„[èX”ópD ßïCb³; £ÆÀ„Wèÿ_D²^z°ë³»“Ûqõ¡ ?$}Îã`z¼º»¾b|b^ܘ´, ÛÏÇ}DÎøØ5?Š’¾?Îé¥Æj\†ÏEîŠs¸\ÑßCö˜ÆÑ Ï‡ð,žõù lü ;†Mendstream +endobj +791 0 obj +1681 +endobj +792 0 obj<>>>>>endobj +793 0 obj<>stream +x•W]sÛF|ׯ˜â å*’–d}ú%%Ëv¢:YñÅô¹RA*µ䚖Ù]ˆâ¿¿žY,HùK¥¤QÄîÌt÷ô þ<:¥üœÒÕ½º¤¼>z3?zùþœNOi^â›Ëë+št2;99¡y~ü¹)´£/¦)ìÖÓÍń>:[šJ{RNþÛTVº ÒٚÂJãS+·£»´ÍŒîKÚٖVêIÿ5)ÿbþõ脦§¯fgˆ|<¾«Œn•ÖÑ£}ÒUE:l­[ûñ„/hä–MŸESPőÈçÎlm Ž,¾O Iô7~ÒîI»Ù ôßeJ㄃”ö—é¤èCP*›«Šj•¯L£i:ˆ¬ha©¥2R_n›\£[’³ª6͒RÉ2Rå×TëTÅÙåìœü`KÝR âpŸŠ—~0¹³Þ–¡‡”I2 -ì3!bàøô[뵛ÐFy؋ H®ñÅïÄÉiUpN_[5 Žý>#šï6§¤ ¯ê…"Ü àǾ»“UkʎÁµjvdA¯K_­‘?ŽZÒÏƇ -ÚZ•Ã…ƒÈ@ç HξjY1Áä*@¢{€MŸÂلìwr6ˆ °ÀˆÂ t§<©Š|»ÙX<™½˜$"r þ„ºªCÖ~݂“œZ)Z!ußæ¹ö¾l«jGOª2"}pД½®„wÓ wji:I|éJçÆ;íÇÿ³ÄÔE7”ÇfÏm Ci7à- +ò-´_»™H +~eÛªà¦V‹ +0±&¸'"b,\pìY—8:¨°0Yø‘ßèܔ¥v’Eö6*¬F\>Ç=”©à¹šr‡ïº½™&4ú” ôA7íh2;‚M.ªýHnÁÃVÖ#øZGõÑ…ãÜi&uXóº<ùJAb'D—u„q"¡Úh„¶É*…z”Ê•h¶ŽP6äf bˆ€¨ YSÛ È‚Ë‡_O³3êýeï-Ò"Æb5žÊÖáë @‹ƒF¦y< ¸Ã3¦>@Oª­µ[F†»þ‹¦ÆN¯˜ RSÓ^ªâšzÐÃAàdPk¶\T@Þj˜râ{c_Hœz¤ÀڐÂûƒÑÇ0Ë}颗0g£{œÿB‚ÝÄã*˜,u 휅€úy»½¹T‘Æ .Œç¤ù¯~káY‚®7h4Óè8¥øi®Üéڝ€„Ÿ¿QN ++êG‹hœ¼KÑiöCÈ5*ˆi²ª AÇùZâ|n̳€Aíjã½±Cœ&zee6äÌrÅ-þÍôDÞ3´0IÛúÿ±¥ÁajO"c–€tOюrÕð-Ùw>¡ël‹¤Mkhcl¡+»MÓªó%v(f‘‘kô³82Hj„ü]?Ëœcßìdý§ßK6´/LÌZiï¦Ö# ˆ5ošvƒƒ ~p´•Ïfø~ôFáÀ„ Œ#Ò>W=#&`ŠÕ«bq|?ãc¿Ì¹6òå4&Œ 3ý,rbcŒfUY»Fö¯¿½élSÊü§½ûõ‡Ÿïnþøp{÷Óýã»,ëæH–ݵ(üZt² Þ˽õ€½A.Æz™îé;IÜ D✃ž=ic¦²)ӞûÓÒäN`ˆö&$ãä­õ®Z™µ†W¢ÒӃ6eÛ¸BgYÒR–q(ÞxYà»L½JwqøÖ®NAäøNÿÙb¤Å…"âtPÞoïžÑÜñ¹%ÊÇØcà­Ã:Æd½|Ù¯ú=&_ny¼ü1~Ÿ^ŽiÚí1«d‡©µºiKþZ!`œ®’ÁaöÙqX*üqú‡0ñ΋ò긖#y¯`Ï15›âWñUª‘Mt ƒµ2Îm"0ýÝ +‰+ñˆ—y^cžƒñ.†5ïæŠ²ã:Ž ¬ó*_cÁ`”½V“˜×À³ø%ªÑ/P<[S?½º™]rK½Ú7Â¥ücÎ(Ê$èߧtYòÊ5²_?%ž¢eÇûñ²2E‘߁¦Z²É^ˆõÌÞÞÎÙC…A‚\÷4‹«mù½ “„•—uóbÔtÛþÜcÚmB¸°[ŒºIؕ} b559Zç°³_úýyÊ˵2Ù]îtÐgºŒNÓÑ êQ×:ßCœ|N'«×µ-Þ|»]upü"~~ùþºë«Óó³Ù)]^ÝÌ®™ÁO·ÞܲJ¾2IomÞB^AøT$ûò +O¯Î$™ëÙõ æwg›Ò,['Ñ=^»\›óÿv\7ÔõK÷bø™ßxºn“×éó«sD—/Î8Ì»ùÑ¿þ ÍÂK¢endstream +endobj +794 0 obj +1803 +endobj +795 0 obj<>>>>>endobj +796 0 obj<>stream +x¥X]oÛH|÷¯h8œHŒäoûpÞu‚3°ñåÖ:‹Õ‘C‘ÉáÎ ­èß_uϐ’iìÓ%0 ÑätwuUuÓž,hŽÿ º>£ó+J듟–'?_ÐbA˜/]Ý\Ó2£y2ŸÏi™ž¦…N·ä M©i¼n¼#“Ë÷֚¼¬4µÊ´:uZÓ¤2Óȕ eÚ¥¶\ëŒH­Í«^}˜’j2\¯´×rDç´Mî—dì‡å÷“9ÍçÉâŸÊo¾Ü?‘„ȍîŸÕj[6R´Vé¶k©ÌÉê?»Òê,!>h†rú“®â¥³Kšß&W|úcNªªHWNS®ÊÊM©lR«¾;U¯ÕßÒ\wBATéWÜIÞÐZûÖ K!‹y(è#Ò'Û5H¨EBړ·*0Öl¬ªG•¹.-HḴͺºågíkÓ$ú‡VÆl‰kV͞´µ|¼nõ.‰‡]%±½é¨P¯šTšj'iª†ž–l_µ2p `´Îã’'àeªÀØA'ÕHÈDZˆ&7‚øpN¹‡õ‹Ú"䛂§\‹þÁg‡öòçVr@ÅqÔ×2-v%ˆ3¥3‹v…„…—•y®­nP%)‹Ûøq&&·þUUàfh^€_þ´<“éòzŽÆ_Ü\ãó~ðt˜™{@Ž›7Ô¿In’³ä2¡oe“™ã\¿»u^ùø\$sNñ ð·oÌ7]Ó8b\XÆ4Rq¢ôªï +¢ ò(1;=ó›–(9vn„PeҐY +¬55fG®Õi™—€ÛÖt›Ù¡¶ +,…$mPÊÇϗ; +z2^߉¸õžþ^mӊsÕmn¯iF% çPà™g‚qwÄPô +ÿD[³@ÌÕª0µv«U¬Eú?*(+] +瀮q”Hˆ`Q^ª€°dØ 4X Ž Ôªl<~ †`\N¥eÈW8ÊìÈl~—Lþ W¯Š +Í höÒÿBie h¸½HkÑTDAS"«qTÈûâÿöËQå»5² @ΙOoЕ¾ï”[SËoÞ$û‡°|ßµ”³p ‹36=\cF¨W8žZC—l1Œa/įÁÑÝ]oä™-_õD8‡‡]aº*cb± ÐIq7MË KòxÔõð,fŒ#ÆÉ÷® m¤Üè]›{29”ÐûO/0”IP¼ÝK Ô EöÒàj½d +©7vÿ‚Ú=®ð<‰"Â…®àÀ˜X±rªq&´ÍMbŠ†çGuòé•3C{¤EÉׇgX æ¤Ã)1÷r +Wãa €10¥ºƒ%‹uïl‰‰Øj[—Ždpƒà¹å£Ðy‡ÑêZò\e rSe~Àóm>«ô^±¹('Ê+òSˆSžO%0`"RÔYèp¡ÂqÚ V­šƒ6ôH+È*bÁÖ­@(RxKh}"xb£4íº£pÝxFṏ^;˜!ûeôA\][X·¾gÀ1zKѳw{9¥¬Ã¸cà„àz¢]H˜îGá•÷ºn…ÿ‡½'9‚ %2ÅÌb<ñÃÔÔ­iÀµô}~{9èúhž<†qÜ·}hÁ”iòpTlB!pC·˜^ôè‡;&÷m[•qJ<(¯&2ûE®X‚€ÍŽ[¢Ü¨èɃv[oÚɔ&OÚÆdüñÙ+ëé‹nºpÎÂ+ ž1Ì) ît•³&Ä hñhÌõïW ŒœBö¼¶ÕÊ¢"^ÀŽ` ÁÐ`! µmÙµ1í,¶vÍØôqz+ù OL¶B>óy–Õô3ö]k*úª] µM»kyʈ›x Ëd‹+W\†Ñ˜ì幍ŒDµÂQл—E³I ÒO½„•rþe–ÌiŒ¢Õ‡ƒÅI²E³a¢¿µ;ÀãÕÕÅo¼ûÎÂ1Yâî1ËÕC6™b—…—j÷ÿZ" ðŠqÅãËƒž züe2OæʨL¸Ò§6*TÆ'ÚTaVe³>ºÀ‘_,ÐnCêƒY êx}öphÜæ0—xxå妳²nq¨ãuÞñ&ïhÏûv ]ô*¼º`¯õÂ<ß¾„‚9:g()…„ª|ÕT³!‘LÓT¯:{çÁñφMåüPàkVn`¤b†”±S¡lÄc£†—`« +ö®ÐFK*·5Ìw”t+ò¢ƒ‘ÏzåÎ@ð}øíª×I×TüÆ2q-ýžþ)a£— »oÇzi•s;c3‡›÷ÚM¢Ø5!ù§§ŸýíëòñßO‰ÿá1ñ ˆãaùŒ!úÃF¥„{ l•e€+žÉ(Ë>-‡ÂÊÆ+ù'Ì3`F&\Ä´a‰Ø•l¦“Ž|ZŽ©‚J†× VR|…ýo ¥sÌí_ @(Mm*‚`û`ß<öM7FŒ#K7!V~%”ې­e4÷oδÞ3/3b7I+xïÌc§9D +ûøù&¾',ÎÉ9XÈ Ôéóý—Ÿî £à;ûփI1ͱŽ3$Rÿâê·Ï®Ïð†ì4¼e±ÛEó¶“åÛès|€#þ_]ÿËôDî¹ «‹ë D—/Ï9 ^ýþsò?B$“endstream +endobj +797 0 obj +2000 +endobj +798 0 obj<>>>>>endobj +799 0 obj<>stream +x…W]O#G|çW´.á$¼ØƟHyàŽ\Bt‚}º‡8BãÝY<ÇîÌffãŸê™õ¾païzº»ºº«öŸ£µñÛ¡a—Δ–GfGgŸzÔéÐ,珣!Í2j'ív›féÉ_ÅSZP·/êÇñZT+)5e)µwde*Õ³ÌH,Líi2£Êš\Ò]_âFá$™<¼o®¼Ÿ};jS«sžtèä¡ÞKë +wñ—顬 P8~2«´ÉÕ匌=¥ÜXT + oìzôtsßÍåäï„ý:;B%4œãµ7ⵋ?”ÇÊÇMå¸ç¼2ڕ>JFI7$ôUé̬—7•öYZ>z‡ªé’W3[Jœ­iã—J?’7伩hmjr•LU¾æ…FÒÂ/Q²ðáb¡žêbØ +“ +¯Œfè¸p÷ó¦D˜BÜ*O°ä ©©‹l*Ï'6à3¤ÈÇRœ.ȉr×PÔ)  ‰!uiizóa{A8¤Äi»x"®„ŽG««ÊXCêÔ®+8•pnelæöÒŒ’Áÿ4¤>LF¯¸2Lhº–a¼kȆ²üJJM_Ç}”À|¡¯Æ>9aì%íز~ÓîNwˆø­î(¶íÎxÐYkkÁ*Ȓҩ±à¸×@R܀¸ÀÇEraž0+ñåþ·@·~›ÉéÖã-81}=i¸<|=h׀Vé'~uÌ $C óX»SZ`´–âY2«(“…äô”Oh~r¯R`‘D*9¿Ë ÚÀ/fn÷¶Y`z”¿?æàNÎE]x´úäôDsü¼›Ìç_ށz¸®’äù-+ÏTO­NàU¦5ŒæMŽù´@ºVdÌ|ÎüÖ¢”ÉÝÕô˜T¾?*ƒ‡a›ø÷ƒŽi¥ÂHIäyø ¢ÐÐâkd„B¸P‡–@•ç5Ž)Àåq”/¢¬ + û£Èóy3_Ç CÔÐmo˽ÔŠÙp9¥Õf^„ÌÛ\ålë4Eâa¸öÑuÄøiZ ºãÀ EÀH/¬§©k:£+éžxO1E§oãr¼×_`~»½ÛzŽ)JJ§%%ð}‰Î*¬ÌŠÕB¤OÕ° ÚBn‰¥’b +P°—…–>‘/ß­¿QCGl*C¶Ö”[S†¢Ó‹ù|¥´ö`àځ³çÝOƒúÝ-qj³xV¦vºÖ;Äå‹r>¬Ïƒâ!ã~ËhÜ¿4ÎGú¾'a’CÕNzª+¬ì°cŠõè9$ë·–j+~q·mÿ J‹-µkê‹ì¶ª@“³O›5½ßJ×;ð‚¸¤²}§þ¬ ˜oü9 +)çj‘–ÎØP?K]‘ñŠ†‚a"š´Ü¡báó…XD&g¦™_UÊ3^ÁP*Ì+žŠë/75P ’¹gÐ(-!ʀ²Y܏ƒæ@‚¶r r,ó€Y®,zé1«<÷=5•Š» î˜Úÿ~S͎, {8dkoêqz“í­à0('kM‚§‡ÌH÷@¸ª]ŽŒÎš¶pí¨ñÊÎt»½·Õ>$g‹7æí¿¿âGÉ8¡«Û›ËëÉÃÇÛÉìþösâ_<]ìû›+S +äü‘s6ýDSv‘Öt†£V°;fÇsgœSÜÁۍnÞ4RÉ_jüW§ßß&ü¦ vºã Æ;6c)U%u¦^°Æ0‘V=*tZÔ[mZ¬é³Ôô;ͤ­Ðd҅ö†äñ±(ƒ+ýH‹:÷B°àhRap!ô~„QØäßa¥´Ç¥ì}°5£þà“ÛÙ¯t±Û8ìvoØa¶¤ã×XÒ‡,QL³•p ‚RZÉüŒÆXR)•÷¨äÄ`°ƒ‰¶ñ ¦00©ÐØb™´hÞ²»ËB¯Á‰W=GTlEÍ>5¦Á%ÒyÒ¡o |ÿ^ [ò (*¡¶ï¬ž‚å䓟Qt–ËÁã†õÁsöùr²Qh˜ô7©)^ùożÌêTfñnTj3¹omáY‰5“cLA + 9"ñþ<€Œ°:g s)e3&a<öLŸvviVqDð¤ÂžÉ¢ +Ö »îÝnÑn·Ã"è1äíUﶉK—²~ÁŽsسO£} P|T;™^Þ|¸d+üê•Ik~6 Ɨ¿Õꄛ[Ã.žç²“è¡yÀsõXC]ø1ãZ¡:å÷PÞ©ô*HÓ½%£ìBÁáS{ÃØNì÷øLʟGÿVCendstream +endobj +800 0 obj +1723 +endobj +801 0 obj<>>>>>endobj +802 0 obj<>stream +xW]OÛH}çWܗª©(+Q +´"°ÄUÊËØ'SlwfœÔûë÷Ü;¸&ZU•hÏǽçžsîõ?3:¿ÓÉ%ÅÁ×è`úí”f3Š2<9»8§(¥£ÉÑÑEÉÈ­EIn-‰^T™ê­¥yD‹«ûɧèÇÁŸMN±aÔ*ÍFJ°1–¤JëDžË”„%©p”!AU.TI™Ê%‰2¥Ê¨Ò‘ —£—‡§¿þ|zx~¤­6¯Øï”.I›öÎÙÉä˜ï 뗟ð„݈ÙQ%ŒS‰ª„“AЍ.øÊk]:£sZŽnî¯îæTÈ"–fLFÂ4ݺ$¬Ëí»{¿Šäµ®Þ¯\~šP¨¬(·%gjI‚{XLéE˜Š>Å1ݨ•,ô(ÜÚçèaЫ +•‹a²•Ñi8;& I:£íZ%kr/Õ=™Š\—+Úù^ ‡å‹4¢l¨’ºBM‡Å_i +ÛÕ€dµUåjLVS.ÝGN°!§)É¥0ž$B™áÉ·àBÓ»™lc,P€_kÛÕ\ûZ¹R–/H…±°2`»û™ „‚‚S(¨B¹ê‚¤Ò&F„ÈÈ(§D®þ lR%*S„Ï\#F• ¥œµï%Éjµ9.`¼ŸKõ“n„,ti¥'™©K,ˆ… ƒÛ{’åF]8j†ÈæÞ\?BU•«$„iuæ¶ÂH”^â/Ï ÉÁ­iSŠ;ò¼¡\‹TĨg®b#v(q¬ÀUVÒ«+]Nèb‰{¤þcl ¨ÚÁ͒+íÖ H| +ß +ÑP)áˆøµÔ[þz—7b2ÚFZ3R)ò«ZZ°wìșk@„ àÌâò…H‘¤¸!|98¼ °mG•óÒsM…g—œÒô ²µÃ¿]_.—/wóy´\þuž9¢Tú°ð´~ÒÚ}X.דãå’e£V-RYr"=JеñuꟂ_søGk£:f¶#E$òÛ±#•ÉZÿ鞸Pµ‘Þ>-Ó>”¦ݓ¾Ñ5Ì¢¡­€0PJè+årð6Ãåm]‰Øý/A›LÔ9(Š;nïޙyKn<…/‰•Im”k†4W¥ÁÎ{(Žé^%F³Húh²ÄàûðsÛo ì—F¾I¬M nÓeq{ýüt}oƒp=ìýãƒ`]”kDÑåO  ]ªFÀž +ÄÌH‚¦Ã<™%{S +r‡A¢'Ô¼hoå&`£B§2!Zуô6×ótÍw²sÁ¢†"ERúh¯jae¾òb ×ô¿4ž£ h ¦PÖr¿Î .σ·ˆD)Vè¨ Mªo¹i㪠ÀjO­Tï¥'ïg»ëH5_ÛÂDì ½¨q¿|Gíó†Ç~úÛ.P¾LñØ°Öèõ0™8mš1­ŒÆh† +»Vú5‚yuºb·aE ƒK¾;ÐßïõJ´Ç­o ¨¿'Ѝ¶ +$ô4S²Ý2«ƒf'}1,üúabžÅû‡ˆEG¦–àáȯmʁ^¡lkÖ=ˆÏîŠòâYͬã^£iþ *ÎQBha¾q›Íj¤ÑEþvIP%\[Ÿåó^Þ&COâv¤l3"¡¨¿r<à&É] Ï x4ý]¶W ¦K÷¯Àw—/×[AÔv,~fË ·žjX +½’ùYãMS~°ÍB;>#V¾Â)|êéùéäïÀ8ñógþá6:øûà?Q$$¤endstream +endobj +803 0 obj +1722 +endobj +804 0 obj<>>>>>endobj +805 0 obj<>stream +xmR»nÛ0Ýõgt³’¬HB7; C“´Q·, ue1¡H•¤äï{i…÷ò<õ'+óW )±©¡¦l×eßn+º'u۠둋<ÏÑ©ÕÖL.DÐ;ùOôn’ÚâCƒQ¾îoðèõ$yx½ ¯œÞCÏ«Çë«ç »ÐSÐ^¾B%CJ5ž#^t¯YŽu±%+Xñy͐d~g ;©ÞóyvGžBY‹*!t#@Ú¼˜–,fé£Vz–‘À^<ÍF+µ³pCZÁÓözå‹ „àÎÔ~±¨íþ‹èà6ž¥$-Xwt uWnšÙÒq+Ž,CÇÀRö:Dÿ)èM—q¨Ë ›©Ú†ï%O–ÊÚSeE݈T'·uV{Øm¹÷J*rdê01ÛÑfB_/¯Ö˳U+ZQ +puƒÞü’Ɲe1•’ ßñD1²ßd䗓SºþÜ1S ÚPH¨US‰–ÿ!Îþ²>™ø™ý³Á•endstream +endobj +806 0 obj +383 +endobj +807 0 obj<>>>/Annots 234 0 R>>endobj +808 0 obj<>stream +xWÛnÛ8}÷W З°˗Ø.PqÒlóÐ6[Èmh‰¶¹‘DE”êúï{†¤dEIw‹A%‘s9sæÌø±ÒÿBšh|AQÚ[®{ï×½a0ŸÓéO±ÃÐFãYpA“ù ÿñßBҖoà#Ì4püüfA£!­·°~1›Ó:¶ßñ&:»Ú‹¼”-ú TjºŒJ†-EôPåt­S¡²×ë¿{CŒ&¸}v¥³²ÐI‚{*ÃÉ»ªÉ‘V"Ýj>Æ­«Bˆ»Â`#6³€î +YÈÇJUJú"E¬²;;¿™Pú£Ÿ_Ê­F–G]Q„TVIdmopå^Š\>}Ê)Œ¤Tú´öŽºßËLþ€=A•qfù*û¡Öñû“å> +Ÿ^p©3!¾ÕqéÈÞJñǨۃ¡½BÄ{ k…5Éþ3‘J{"ÆÀGÜ|¡ò˜»"3)uQÀc@´ÞËõXÈá ɟ"çíÛ<rF¤î™C5¿y¡· +çž)ÑV±Ê¥m•$d“ƒgƏ_t‰·¶ËÚÁ4jF£\|œbþBZÃïF"‰iuùѲ˜Åå"°ò8·iyÐôFàym¬øÀ݄û96Ì9wì ]BZT*Šãó‹`¾¡Ï¾½¶…Ô 0ÐLYhž`‹†¾-ùFÀõ$îlÖ#¨$8…©0,©‘Ώ7¿jeÙ°»¦²ÿN{È( Ëv­]T”’uÖÂê¾3 Õ´cˆ™göjmh#)F:dхìA£ž¿Mѵû“žæ)àrVu:ƒæw“"ªKµƒ8’r2áE)~äd;²`›­B|P÷H` 8:¢Î‹¹œƒËÐâ‡P ëL@×N¹…N¾¥B‹f5¬ápfX®aÚ´¤¥áµO2–tB¯Oà/ht©~¸XkKVí|ð]²¯T†^…¤È  |n^èíVE +>Ž_yŽa…áaG±  +žr QuÉÊFÿ® YiúèÇ(©êyŠþj˜çuu4ÄTcÈÿºc&ÕRþäáoªúÃ{€lbA° »¼ÄyûªQùzi¯úDŒFrQà6ÚÂ*=›þºKôF$ßÒȹûV1é&ài 3ŒÖ‘å¶z~3¤ï!ÔbêԂ¥ÇWNo¹Í–—µ{¬L¼5ø|S¾¥£l(òô„墁â4 ìî ¥‘F<°0J¶ A_÷HÕ|w3ƒ¾f²´6¿“Ù3×Db4ÄáÈX"#ÛðÞ#Ì# ê¬Ï¼ÁÉW×¾¾Bî”U`ò“,—·ŸWä(Âî`j¯¾ +#W¾rûi…†a=GI6(Z¡E Â4všhŒ0òF­r‚í¢ŽÃ*S؂šÀì˜õAl^ ÂÙ¶çx« WáÆI öևBÚ`㔎¿§ €48ù"¬ð¬S¨P…ÉÌk¿|dG÷ë=ÔÛ 6¦“<£iû´q›HÇçGÚèmY—Nñr”sŒ]ùw[d|‡ú}ç{¬ /Z5/xN>Û£x qno§éï–áyó«¿þÇ¡ÖÀ Ïùñ3™M Eìîl:ó1þÙûù§g~endstream +endobj +809 0 obj +1563 +endobj +810 0 obj<>>>>>endobj +811 0 obj<>stream +x¥WÛnÛ8|ÏW`6lùÇv +,Š\ÔM»ˆÅy¡%Êf#‘®HÅõ~ýÎ!)[U’vEÑϤs™33‡úv2¢!þh6¦³)¥åÉÕòäýòd˜ÌçtüQ­ñeHã1~Læ³æc%)çp Q?p÷àö‚FZæ>ãCæ¯i™ž^$gÉ(¡fG™‘–}1Õ£uÂ)£)W:#å,®•BiJv•) +Y½{³üz2¸Ðh÷Ç3>½¤»%íZ!ð”ÛÈ&ÀýåÇ«KüA8Ú À‚ +“Š‚j++r†V’D´S©p2£°üw_É1gRt–Œ9ë±.ÊME>KB zreiµÇ¥×Èx'ÝÕâÓ=iQJúVËjïŸâèëÊÔÛpÁùm”rœN:am],߇é†Lî»,ñYi\QŽÖí­DúHyeJ™s)¾Ê}?ƒ”ÀN…Æo»…YÝÉ\IÄ°Î&´4¤#³•š¬LëJ¹=mLð+ã6>_{œ;´²)ûpºütóé­= +âk7הnŒ•úáM'ï Ŷ¦D„¨ºÌ’GÌ1Û5 r2ñ¸·”V2ãQ‹Â¢Ϥ“›+ßrDÊÞ08z$ì#˜ ¶ÛÊ<‰"áX^BC:ŸÁ–¨¨¦L[ç“iò\ ㄾ€’<7Ný8i‰Ê³×TÀwË'À ±×Qyºz-‰;mZê!&¾Fžƒÿ™Ñ’ ¾˜Êú@ä溵QŽ:~…å‘Ö+† ,fÀ|þH]b;ü­–Âò4S³Ýw¦p(°3g–£HAÿØB/P²¬]-ŠbÿƒÂ=ëù¾#`ÂH´'8™9ÁÉdþl‚“„®¡«{Q®„wº‚.!ô›`k׿´µ/ +’Â@-»"ŠèA|¡o §|’ìz€œÚl\|èLj@íÀ¬Ö½tÈ&å5ã Êm!K@f>XâPïRŠ’™Ç#æi!r­3”â ohìÑM¤0O Ù$ö5+1Fð<ãR¸ŒN>LÙ ¬Ôj֏n;Ú8e,ìo~¾+P=çFº‚6v –/þÑß’Í +óõ ¤’¢NðCÉáAÔ(ž„*ÄJ°³&oãò‹`²,?¾3Î3|f4#àÖšª²(‡a=O*•Á_1±à¨´‹ší€)Ì3³Óm:ž@µŸÊøb–L;÷¼Ù·@1–Õ4ø^ó”{6lJŒR¯#§ÐM4Œ·\6 ‡!1ä¹*˜ ê ›tðñòúÃâî}r¿¸!å]7ç]Äý/&½N&H}ç +d#ð­Q{¼Û”í #÷Û³å€9‹“(k<œuóËH¬á/L +%½Fú¶ÿ5ÑɤzdÃ.h·vŒÓRLæfû2oâòÀà qÀÁmO0ýY2§†áãé,^oN8|¹vá‡yÊàþ¥Õ÷àî™pb%l»»×é¦2Zýó³ +<¥Ä¾jؗÍâî´:.x{v@Õ'ï,õü2a›k'Q)t0èF qd–e)2Ù#(—‡EØЗåx·¸Ç=~_Dîp±|3›Žq¢“Ž°{c¸”`u¶£R"=ߝ +n +¬‹Ì*X%µ©×^g‡\þz'Yð<+𠀉4•–Ïi¶3C>åò,½›q—9 ©®ä‹|9ƒ8¾Æ—)Kß³%xÒaÇ(Ç?(Ֆ«8í#™>ÝN¯žÞž\Þ'WP¬«Tú¸‡b$Ú¶Z~‡¤qĦz±µÆt_k­‘Ê¥Þ#˜ó‡U²&Ê­šym ÅIp(°°Óԁ“HÔlZ©-¦Ç £±xr¢×v0¼L`ÇóË/\g°µpJ +Šq8`ÝÉv°_æ/BÔ@ðDýñ'•~Ï[¥9¿?¹y5!Ê ¶9¿p5­cœßš_»Üy8ø?W;¸Ò¿|àúçþÐsÊ‚3ül<Ü8&7šN“Þ=-ýI>Wæ+h€£PŠwœÛ˜üT4áæþlŒÅìÿ½(NfÅÇ9ŸspÉÿ<ù1M©5endstream +endobj +812 0 obj +1589 +endobj +813 0 obj<>>>>>endobj +814 0 obj<>stream +x•TMoã6¼ûW< ‡¤‹Z‘GvE‘ìnкM==ÐғŭD*$Wÿ¾óhÉqÜöP,ê}ͼ¾Ì2JñËhµ ëœŠvv¿™}ÞÌÒd½¦·‡Ûá%¥|u“,h¹^áÿb‘¬É1U’(s| üê!¥[ÚT(£Ô¦ŒŸSÚ—¥m•6Ô*ØÑ÷d췛¯³”æ"r +hìΏ€½D\=,)ˤæ<£ù"Ç(F¥P3ý¾kìV5Ì=A[C¶Šç¾Ý&…5Õô~ÿécB›Z{ôÿ“}ŒÁYÓ €³Óq(©hTËô|÷ÓýÝ7Y1Mx}hº×¡Ž©¿=~y&Ïî•ÝX•¥ÎÙmÃ-©C‡wµ!Š¾p¸üù™vÎöÝ¡Y¨U-+(i›nù8 —´¨µàIkxŠZ–1˜:å0¾ð{ñOº/¨²®8o¬´;V?;r°¥}­‹Z )ê~éù"âÃäŽ#¥4ˆü<9Ý*7ЧÃÎ?Zœm°%M¢Ð «4MòIVÖ¤ª«‡[ʖ²ð”nò<ŠãMF·ÉM’%ô£ÝSiéY]£ „&ì½SÞï1Šnø‡÷úÖ+ϯcÎ{Áœ$Ê:<¯ƒ~µjY©%,£Ö÷5Æö©Àv©ýA)iUÉ«è{\ägÄԃª MaJëʱ€4Œ…G]¿ÇAʔ'!—SÛ(ïçsåLqÚìþ…ŠãØ*°‘î†! ¥McÃiXByywÐòÙD0W€¤Wþ+¼aâ—^¿ª†MðߑÔö>ÀAè­:bS¸¡ P´±»3ùíµE½edïÕ `=#¹;Yó#¼_9ÛF Opö¸19Ðá ÄǏ}Ѝp½L1v©€·$ÜûQ÷Á)ã;ëBÏtðÜT1,"Š3¡…* +î}[åáÅÔ +åò°}€`ÁŽwrZÄ':†Ý&‘œºfyÿ‡kÖã5™å«Dnvܺ'×o´3=9û7%ŒYô-6¡äҔ!懬ù!íò»l¹Z¨ÒòòæV +Âä¿Ìþ¶þÄendstream +endobj +815 0 obj +812 +endobj +816 0 obj<>>>/Annots 247 0 R>>endobj +817 0 obj<>stream +xXMs㸽ûWtíeå*‰)É©ÊÁ¯7®šÝqÆڝtHPBL\€´Fÿ>¯B¤d;›¤¦ì1Eýõúõƒþ¸ˆi†1]'4¿¢´¼øÛêbúpKɌV9Þ\]ßÐ*£Y4›á“tôi'êFŠg=7Ú¨jKϢ܈-ýf¥™þ"ҝªäåê_3š$ ìÝ¥©n«†T•kSŠFé +“¨èóýÝÝ+#SœuàMl<Æ.6>™ÇQÂÀZÑSkjmÝÑӇÅq·*¹æ5«²”é´-%LeÒ¦Fm¤¥ÞS£©µòh0  þ†Áë ‰·wÅsïQcD¦8Qw„Ì8¦f'ɖ›ZX»ÏÖ£åú’rUȈèñ[Âçp0Ã:ѸÅFŠŒ-üǁvkh#¬J©­ðÆ6¢Êå3û:÷¹Ku•ÊºÁ¦*ë6ïµyá²ôQ"¤× UáТ¼z@JmäImP.̙IaPÙ•j ÒÊöBᔴcª )c#s˜BÂ9¹. +½gg,vڈOüiuÁhr¢˜ÿúúóE<›EsZ&7Ñ •” Ë·ÝSAόI€s™ÜâíŒ_jY9MÈùzz¬ÙÒh×4õ_¦Óý~i,.2QGÚl§§Ë?X>}H;TM®a +€ÏFëäêڝ¿ãå"‚ñ¿Kšãxéž:/{X²¿ñÖ ýUO…¨dsÌہž}eþÌU»6ÛTÔ2Ju9=Ö÷ÿ f1´¸¹žKº™G³îáM(xq;s¨ïiàWÝHá®¤ƒJŠçÈèéqg%G²½ý7'ùñ«TÜSOí¦P\⡬m(ֈÛ)`ˆ´mU¯´ï níçƒmdIwY©*eѳhulÚ©t×5 '¶’G1qMB‡é „Šv“Âp§·e)Íü8Kœ™ä®If ½&‘Zð´ˆ~°º5):ƛ-Łj£_£I;YÔy[0ŽØ€²%Ãj‘0Ñ •·ËhÙ=õ­°HgY¡ÛNqàZ‹{ÀÑóäéþӄ{eò÷/ßV_N—ö)-…ªü€¡6zÜV"Uš>鶖¢œ…?m’ë ”=s­¼Dcû§7ÈB“,˜Åó…ãøuE¥Ú¢X<'˜Æ™ßr£Ë"|¼ÿéîó??ŠÉQ-ÒK´E ™{5•¢[éÈÞSÙÖ F&pÛÂᥠ`ð9ôÓJs’“ª1 788WÛÖ;ün’Â1C2áüÌo®]£ðï?p28 Áùҏœ¾ùÚ$¢G¶Ÿµ)g‰Ýe~‚¯hž,=tГ7ÝӛÔÃ6`Ëõ?w5œicàUVÇؘÕÁ¹àêy‚r{›leøŒ·‹øôíào¯fw¿<ï è~ü† Î½ýAV©9Ô ¹Y«Mfé¯tö‡p€¢¥ÂK¦Ð=NBŒ0°Á¨Uî?Êbä&÷øDðŠ‰÷舍¡ªñè±nO%J9¦Ï¿Lçà#³ÎÎMKpšÒ¨€ÄF•ü1OÕ >òBl!_ÄkSE‰Â°jé%Çۀ +ä½°0úÑjÀ7†•¢€b°"{`€-øÊÍp–,5ø +ªÎ‹%žã´W͎°Ç)¶A› –ª-7.Lš¬¦,­GNÿõî6;ÝZÄjחŽDA=‹²nPÐ=Ìï¾w‹‚ +­_ÚÚRÙâh³–†µ$Ž´òŠO±CT?«Wd'È«.@Âwé)ÁáÍ^sJ†~w§ãTHH×߅ނ}Ö#]±Œ@£Šµk{Ö210Đã(ÇÌð0]Âw 6HX2/g¶2 'ÖϐÒëË1ÜE¬œê—€ª£nšBÂȋóɕAH}c‰-•”'–i ü•ÉïÝ4„w¬`€'V£2N°b¼ ÈMˆ³÷Ø}~ë$L¯‚z…à +i²Lœ$ƒøf!%·M¡ ¾zçÃW³8‡wDld]¨”G¬èu³k@,ÓJ)EåX+Üý]°Ûõ tҘÑ7µ !¸XdA +Šæ~¸{zì4ŒBRÁ:Ы?Ùß2]çCЗº9¹ûS×°À¶¢Ì6¨. ðÂzTùª©âœ€‘°g©»à¹í\ì‡;~¾8P@b“ÕÄ3êxoýôû35FJfeÜW»q a’Dó1# Èù*×Öµ6gÅ3¼xW7"}‘Àéz$£m¨bzn2áñ1á»–ûëg.pâ?:_ßd›·Ëq½6à° BÖe«¶¥ÁÉP—€šo^ÓðB噿¹`ÆPUZ´|y@ºß7ÿ»¢m4KÒ5‚±ÇÆzä¹µ:Uà6f:œÝ#ïç)ãAî¿Ÿq'zØè¿'9^ø|uð…A¡šC?=x ãšb1áÀÇ/xuN݆;Æôᦫzn¾ô þß~±Cÿ˗9 ܺ{ôՌã†HýÇÅ¿.ƒíendstream +endobj +818 0 obj +2086 +endobj +819 0 obj<>>>/Annots 256 0 R>>endobj +820 0 obj<>stream +x•XasÚHýî_ѕJ•I•H`ÀûéXg}g{}×ÞUùË 0±¤ÑjF&üû{=#„ Nv/¡Ñôë×ݯ{üçYH}ü„4Žh0¢8;ûuqöyqÖ&:¼•k\ô)öƒ! 'c|‚ •’Vünb›æ Ë{7C +CZ¬°ûh2¦Eâî÷iwb­tiÅ2•´UvC•QùšDN&[˜mB+•Ê 2*+ÒÌ©ˆ%}hîð~¸›M)Q¥Œ­.wHå$ҔìF~Z|=ëS7ŒwW™Ì­°JçA}3ÁÜ\l$<ü¢•ÜR¡Un YMƖÒK]YÚn„å­‰ïÝDµƒn—½è¦‰(ŒÈüͽ÷J´4”kKE©ßT""Ø#‡ÜTE&N°–r%ËR& ±E»Q;µ|8ì«ò8­ù ï‚v÷^M)“"7¤W ЖJ¾1˕‘%‰8ÖUn±;‘9NhUêŒ8¨<Ñ[CQAÆV½Iší)&<þ&Ë æ ®9莑 nÒy‰Fãúæž¾×⇕Aõ¤{>òÿ×ÎÝh‚ð63¯FÆ:OHY™Q o–*¼E)³§Ë]n.ó9\NèqzO™NªTÄçîËãÁKƒ\qü!Æe”+}®‡œðO_΢0 +ty9DYd4èO‚«ú*¥¹+\^•@ª–¥@HÌ£^Z¡ràsaxœÎîh®WvËIùÒq Ҕ—³‹ël¬-~éõ¶ÛmPˆ$ àfïx©«I^úò ~ý¦·n]¸”J$,¦Î=0¶RëªD(NRÑ9N…ˆ_Å`ÍRî˜`ÎJëBr~¥§«.O]¶VŒŸð¼ŒÞÍ…¨=–‡áÕØÕèA Â~0hî‹œ¸PÍ]âØ—nÄâÂ%\—”È’%Å:‘\;QÀ¡ÙØ2§î§Àœ¸ [i,>zõa~/dîl1TŸènaœ*HÇ 5Më‚FéKo×lt•"Ӑy,q¨â­._½b=HkbQÈsÓª)ïZËÍgÿ +špN*·'JçÕq/¸†Œ¦•ð±e!ãH¡Æˆ W$• ,ºD qcY­9ÙÁœA(=fÖ)¬ÞˆÒ=¸Rߺ]14 8˜ÑU0â<ŸŒš«&χƒ>n¶Å~§+ðX¨8Ç/¨H¥€QX2€‚!èrqzÂÆÅ_;׿O|p½ÝzÝ?ÜU K—¼À9쏹MÕ8‡“ôÇ_íq6;îëÎÐ÷ØM?€ðLîŽMà~ÛN»†áqÝóGµÀ8Ú졆¨Б ‡æI¦N®ÍFL§íÓÍ5Eƒþ}˨oS¯í û:™3suYԍDc“\Æèt¢Ü¡ª5îÀ–ãªP¹ß3CÝÝe—ßTVš—PÏÅïuŒ¥ƒ¤{éfc‡|l8¶:YQRÉbÃØ8Cæ€5Áë_§5ºú;û©·Cx®Üá£O¢ËKñ±9DàÓníóÃí€÷Fw$ÎôXÑ`Aãl…Ž…çÄ#!ä~m÷Ó©#ˆe4Q8ÂTµ¸:dÍá (Úó%å6GO¬zÞ9ò½)គæå O_×ä§ÚŸâlPh-m±ÍEö‚cÄI`L ¸—.øXÊUÄíÇ'¶½l]ĕ2W)Rk# ÛÌ¢·ù¶7¬r ISˆs¾ªr@uÎn¬q(ŽmºÛ‡™“‘h˜‚O¬¶K9¯Ì&ÎßÚUä¾â9ò ZÑwb€Ñ]`P¶5Ó,ÿ|N#¦ôÄæ¶x¸sjó9îæÒº³hsŒIÅ;‡”Áß*rŒÀ}¸¬b‹ÙM‘½›I­9áh„ø«Êčڝùôþ×)=–š§šµÿHÀ»~yw¹óù_­†ã!„Û-…ü<ôþßgÿ7´ˆSendstream +endobj +821 0 obj +2114 +endobj +822 0 obj<>>>>>endobj +823 0 obj<>stream +xV]oâ8}çW\©¥R „ï>¶3ÛU¥Ýîì–yC™Ä€g“8µþýž›8Rf&•¢_ߏsνö{'¤þBš i4¥(í<-:¿-:ƒ`>§ÓËlð1 ‡)^ãù ïp: +†d$­a; Ñp‚O¿4ããÜÿòn¦óTÆCl.½ nÿùÂ1-ÖÈh:™SZÄåî-¢n8&}ÒÙZm +£² ½‰t%h§Ü–þøüøånñ½3 ÞÖqeôW.3^¤ÈoNéŒMûÏc +Ã*Zo8ãM M*‹’"–d‹<×ÆÑZr[|s¬Ç(ÒEæH¯¾ËÈÁ–DvŠ+ƒ_µ9•æ?iîi­Œuˆœ؇Ï/dà¬ôØh+SËD’Ód‘Ç·ö<[:zªÄÿ1ñ) „7£µ»¡jy◻Q^å]GéKõ5Ib‘÷«ÐýXx—¯rï0çÑÏ*8÷Ò­ +@í-\_À\´6´¸‚2ŒP™%·Ó$œ3jU8iy?Ø®ÑÜmU´¥X¢¸˜Š\g¤‘±¡¾6 2Èm¡âۓ'RûÖ*“13ÚJ8Ò+ÀVÎ`?¾@ìm¬lžˆÃ«Håõ8ðD Èg“Kcuv%$ u<¡:ÒkŽn%¥d¶’5Wq ›•„Š!¯Ÿgð¨·zhóRn77ÔÓ± f–ýۅe“Zv#$S+Øù^ sbZ˜Q$nyWW€Äê®»’NO+|ÙFý†kF&eŒ0ÜÑÍnþåP-a°2Ýk„ÿ‚«æ4ùXz‘E:M%F—ÛòI­é  Ú þ“ÇúldÚÔ:G¯s h1^™Þ&<Ä[˜ ±Ò¢b]c(­$s:‹kª>l® ¯EºÂÄÏ1ÑSñ•ÙæÇÌ¢¬Qõuo©äˆ_=FUÐò67 ÜÚ.ß¹æþ¶Ngßùútºu½=þùôH_Œ.o<ŸuTð9^¢zÕ®^µíÇîhãÙS½¼¥M‡Œ2ü»ó? +endstream +endobj +824 0 obj +1030 +endobj +825 0 obj<>>>/Annots 271 0 R>>endobj +826 0 obj<>stream +x¥WM“ÚF½ó+ºv+A[µć‡=à¬×v•í8^n!‡A@ö !3’1ÿÞoZÀZqœ¬]Å2ôL÷ëî×Ý3wà@ѐF!Ż΋Eçå¢3ð§S:}˜ Ø6šúSO#|M"?$#iíŽ@ +=Íö÷fŒi±†úpŠ/ Ë´ˆ½`àOü¡O¿éln +“fz»•¸Y|êôÆåÁÞ0ÂAo±…­”>¸{aÄNæÒX°/¾ˆT‰•’”fdw+?†Vҙ:Ò!Í·TêV:½^ÏýÚS‰Ø[±»4èÑAX¨‰U‘È„» ê#èÄz·OUƒ×wbWí~àbðñUg"FaúcÚBU E³åŽÂ™?:“]Ē•!–ÈLDPuDçY«ay·?®<îEÈžxËaq8€¸Ä7pnÕøxqÂWɦc¤9ld­øN)sHcŽÕ)Ý%Ri¾Hó °“™£`¶\4`k˜9£“ìl¹£ÙôBöïŽLf`ákÙ ‘ì@³${Ž#QˆŒÔŽðâäH%›ŽíI#û °‘Kówpm±^§_Ÿ6!ÿ5X^œÀV²hæ4id?6t¤úì:U¨ê瀝 Nõ6áÅ l%‹&.²ì'ÀN‚¶ÊÛk“ÿ?¨J9¤ÉpÌt¢ÀEW,ÊiÁä"Ph…=}/‘66é +} +„ÌÑ!/ÑԽë[âқ,o.÷ÔÍ£ÈÐW7М%d5ZŸR”éœV=~/E;[i¤OôZ$Jù–¡ƒî•d¥§Y$äÓõmC s/†•·÷ó”¤Fƹ6GŠu¡{˜0$¬SÕÐÌõÿ€zC—-´®ëkêÖô•Ž…êÃìJôUºê׶jYnûŸ¥WBýõägrÿ¬Œ1qò#Ý9\%ݾ:É[d›ã>GD¬=h“Xì=J‡Y0 ˜¼oÍd¾Jµ¥ # »óÇ׋—¯~o3 MŸ7F{ì{?ÿøþͼÚu¡ðš¸Ï©8æ§a×¾9‘ë4“œÿû÷”ë2Ö[™Ñ*Í7¨ð›cÇ)äp髽¹püšÜ¨­ÝæÜåÛÔTãÓñÁ"k%åêЃ,J˂xÌkÚ–‰d%þÐÁêâ<J¨wh†4çÝCŠŒÌ÷çrïë\aûΡ¶_3ôýÖ®ªŠR—õódńÜ7kŽÈÕEC¿¢/BM’Ÿ„%ފl#í-"M€Ê2‘ q©ÀG¾¸;Ã9¥.lWqvÇWz'2ž¹ÕÅÝ^j”Ómß1ÃÝm6Wí™'»—qº>²/\Ueb»–¶ÚæLÈ¥~ˆBåÖtÅãDUhCXª>±+ŸQø€ÐŽàþĽÇÇ·¤÷yª3:8òá–¡ÂÛøמ¸¥×Õëu÷¼È…É)W ôŽ®ÎºÔø±¼ùx«€¼9ßú¬`\ wqqí©bKGk'UŽ^ˆ»ó­I&\ǀ@gW?@ÉVïh4µ¿S þBŸ*x+`²½rí׺i‡’ÛɌÖù¸­s˳‡J<åK£<†Zߚ‚CÂõQ 3_né¨ ²[žm;¸*u¿È¯©u5Q‡ªzTð#¸€r­3.‘B•sóÈsÌý"—–;MÿaZÝôƒ0ÂU"ÄEŒ‡àãü݋9}0ÚŘîu\8Ù†Ð+·÷¢!?­~“£1tò¾pä#/t¾Ë°Ùöendstream +endobj +827 0 obj +1429 +endobj +828 0 obj<>>>/Annots 274 0 R>>endobj +829 0 obj<>stream +x­W[sÛ6~÷¯8ã>¬²#ђ,Krfü ¦u›[ñVšéìŒ_ ”% ¥èßïw’¢Ù¤ÍÃ&3–(‚À¹|—Ã?®&4Æÿ -¦t;§8¿úq{õóöj-—tùcö¸À²ûûhJ³åßg³hFFRÊOà&¶iÿ`ùÍãŒ&Ú¦Ø}¾\Ð6ñ÷Ç´Ï">¨BZq¬«Âá 6ÊE!ö2¡“rrIVä;± +KHï>ËØř°vHŸ+ë(Sÿ•TYi.ûDô«>É£4CRîöÝöó՘F“[½MUINÓYWüa68Ì´í¢ +”¨4•FŽœ‘’têzúiõB…È¥-E,ßûßìAWYÂQôκÖÕÃ/FW¥&ñC™ U|֒¿k³¿n ½_C¢Hˆy‘ºÌü²o?âSŽè_¨AïÐX©ÚW¨%’4´ÞlüÆ/«g_i“¨bŸéuPÙJdÙU*|¥o¤‹o²D”oAÍ>Â)]Pª2ùú.ªÏšÎÑvócAî Ia%M£it;ôÛù¤ê~æ\F{¶Næ¤,í°4!ìZj«¾ÔéG´=à^.¹ î \غ—].|¿îÄïá«Ü…GDÚP¡O>[šÖۑGL®Ž(`ÎÇø:Øgz'²Þ©R¦c‘Õ±Ö•ðÓÝò6Zք˜‚ nïi‚:1úïîúú'ãhÑFƕQîì;ÔE:Ÿß%ÏhÊäl@¤ç‰;iRy©(m©ˆ62—ùN:d Û¸²÷¥²Íq(]÷4B{ŒzÉ'ʀtڜ}÷oç5¥¡£kæÛÛ ˆ…w=Jv–¿€µ'mÐxCT¸öR8,ÛUNÒQd¢ÐØ ¡ªElÎ¥X<ï@R 0FNŠë@F ”ŸË;xÎõÍ&J¾×’ÿ«a‚úp#‘ä¨@PԒŽJž¾ü_Äþ]¡5š8š.¡Im Ñ\0¨lªt?øfÇ —!'¿8’T +eBÃp ¨ŒQ§W@ÆCR¨ j298¯¥ºr”H£ŽÀB¯¿¼NµWðÝ9Ê¢-ÅÞF䩔C)T›<(èËO&Ò •¡i)==߬·ý†€t”ƒÃr>:°¦vŠ ÛÅo¿°wÐl²’Ã…ð.2Ú\u.sšŒgÌ5¿’o¾±¿»,¼B]ìæçõ‡ßþó²ýøiMñAS®·òßðì Ñ/l£_?ý¾ý4ú ³ `ìÕÅk€¿ ”Kξ©2ð¤–fÊÚJ5¼fa%k³k²ù.(l) Œ‘ ˆ©¨²†Áh1³¼-ø×ÈïuîuÀ?Ü<ÞÕD4‡ÐÔ5ÜkÀ6x}44JPá0ŽžƒÌ^1 úN ÓZ1Zî#)Z ¿³°„â§RÌÍ^d,ƒá 6a_È´U» °ÔŒÊþsã„qÛ§M`9`.‹œ']JÀV[ü0öÂÏGnÌGŸeÇÞ%æ4†Ã ½9óP$koz¬‡0E?a \ +OÛµ¿¬jšþ©¬}H¬µ' Œùá#¥Òh§cq%YBPÁЄõ6Gèaíe¼øxKm=ÚR´•@ÎÍtÓ+9ÖtcÑÎsFæ*Ëøô£J &¶*}ÇÁbœÎ  °\ @e˜‚7ô>Öy^ +Q²ùï¤;It=Î Oï`–¡ÐkÛ/Å1aOíWÔV瓯ü¾(º€Ž<´ +¬Ð/ ãRœÓAHÁõ%’ï÷bâb´ØEÍühQke¢ Þ¹x +në_­>‹cêYFµ——2VÆÑÚ¿%†ew.ñHûúôf]wðc†½1Èxiñå°¶{¡ÍÝaæRå~Ç£WëçÕú‚ÂÉ|´;ƒòlØÍ…@^ì3Z +†Ár ”×ޙ’hÚV¿—äP4V9L88ïWg‰æ5¦3é4Hõ“NãKoáq©áà½Ï¡ïÓÔ$Q¿}Güԉ¸—Ëÿ!þò”< ë6Ò¿Þ¼‰ŸEã®Ü£°Nå|Q‹ N0ˆÉýb쌚ØTi@ßl/TowŒå›íøÄã9ÞNypßÛ¿e­4“ÛetOóù}P‘Íêùǽͯ¼ô“Ž+~Cñøá G“ù"‚è,¦~òýŽ÷‰Ù‚G'¿z>ã-0ˆýûêÅôqendstream +endobj +830 0 obj +1781 +endobj +831 0 obj<>>>/Annots 277 0 R>>endobj +832 0 obj<>stream +xÅX]oÛÆ}÷¯¸¨XŒH}Ú@dKŽ 4Mo¢"¹¸ìÊ\I“\•KFñ¿¿gvIJ¢4)nÓ‘»3sfæÌÙýã§þú4¨?¢(½¸]\Ì=o2¡ýG¾ÆzøLÆøõ½€rI+^€gØ¥ùÀÛ/ﱩO‹ï:šŒiÛz´ˆ:"ŠŠûD¬Í‹Å§‹—÷ƒêÍÎ ™"WٚôŠŠ6"Q!sC¦Ìs]f±ŒiùLæRÀôOŸdaè¿¿\ÙæÒȬàõ0€· ZÕFzÔõÙáEÜ1e´!aè7 +;¥‘yøâŠ>„ÎŸL! +¥3þåcØÉ4m…1x“ü²UyóPd1Ñ,ìÄʈe"ãð…G.”¨ +¥;ö&T[ ƒÑ¸z^ƒÂ»ÁÈ°G‰^ël¡RyÇcVȵÌé³HJI@@€É3•<ÏÙ¾qçkk‡Øàjõ#->©èé›Üîâ;‘ÝmD¶þaÀÂæ›Ò?ÖèF§r–«Ï§Qš­ŒÔJICÅFRÌïP" tšv…NÀ—Tlí ôÛ/w(ùbCõBÛmv•Ë¨Ðù³Ç5zÐM‹öÆ)⧥<ØBev÷•ÎSºüxsI°,ѾI9Ç*—Ðô{7[½“+ëmË,¿xiûƅu ¿s‘J­²G&]z‘ÎVag¾@ÞYƒ°tN©†}•±K¶©Ï¶oݞ_ë¦þµ7²„åj[ü +ÜNú—Ñ1ÍcÚæz+óv” 9¢·á3%ýdÈÅæÖ^‘w÷f†ÏùÇù鼅…w;]ÐJ%Ò#kÏQh„x‘†¬L÷»µÂç2AÐ(`Ì8f²¨¬o±Iƒ¹}êPn™t~ý“ Jù,ê{t…+ç*Ð +Új)]lGÅ­.a«ÆÐ ä! ‰¥ÑIYØ;(~†”‚÷êÖiÃWW)¿z¯?©Ñìÿ·ŠM— ³åzÔíßT±¼‚âš lqY1Ú¶òZAT#þ¨>WdíZ†BNŒ,ˆ‡ì>“€ø¿®ÜûQ³Ñe¶’.l²ÛJÔAÔ…l˂?5ùcéÁÞ[¶ +ñQ|†H 7G6qòv'ÕÓ +•›¯ª¥v]TäÅQYü)uÕÔô5êÐ +œ£{ásR«…Ùy!r–>¿I‰ä*>1Êð«Jø4ªÎÒtœª‘"S1ë> ºœ êÞ=ξ"Ⱦɥm®R‘?¿†ÞÜ>ÎÎzwÎpe·v±Ú…Ö¼ Õ¿ºžp{IŶgµ$î¨ÖF).M*>é\aˆ¸J5r?ú ¡FIg¬YbÎfô^¤KÁ¼)mµ1¾Ñ¯³;^¦Ò©ÀÀ ;y5h¹úÙA{¨U½ÏÒþÝkÖùÔŽð™’ßxãê ½?>Ø|hÀ ÇÚߺӅýîÃÛ‹·ljp°ß°¬cY$–…P‰A@èö+çj]"HdœÖ1êöo„t{"”ä‘n‰±nL‰4,¦ïó×oiƒ:ÊPaK‰~ij,æS¢kžEÅFhÃúÀêt#B¯ˆ§Å¿~Æ¿ÒS÷p‡vžt +Ee(1´žÂÖ-¨‡Z´÷q"ïwµ°ó•2hޘ.—2zz¾t¢šÚé:×ÚW¶‚ÝNÁ©ßmÕtVm‡q°…Í9л0´¶=·­R•x“[•Aˆ•*·ÝÃFÀ¸,UüÊns¥ËW[©9IqôʶÑùú’ãhæ-¾0Á!Ëz'1Ÿ¯\C2ËÕý jCOgºpX²–eö؍´jì3NÇ çKÊm""ю v + +Àòœ É ƒ{i—®–gÎ ŠoÜQÉ­@˜5@ø®{â<‡s®Ý½¦ °#½µgsõæííª<ِ#wòG>n Ü}ßì€WíuÎËûkòq5±â›¡`l9ûÛ¿ç]{4wÍD?ÏïiNäc&Ÿ­Ä]:@ëV@ҝpØ1§X‡q›_ÃútÖ¿ô‡·CÐÌçn\=Ù«74ò|ܾÙ`ÞOßÜN1,5C†a3wáÅ«ºþhŒ—»ãÀj‘ïN2âhvíhÈ¢Æþ}ñ?õ,endstream +endobj +833 0 obj +1836 +endobj +834 0 obj<>>>/Annots 280 0 R>>endobj +835 0 obj<>stream +xUYÛ6~÷¯˜Gˆe’’uX >·²É&VÑEh‰–å•D•¢°q‹þ÷%_a¶Ûµ ˜áßÌ|óç€Á‹BÀÀõ!)óx°ŠÄ C¸ÞT†\F^à;sC'%`‡Ê&Qäø'Q:^/Ac(D—Z¯ DïЫ^â´ˆ“aýœ~äÞ=Jð +"ʼwña@`D1Ô2“Uœ—b +ÄÉíA$zQð¦™BÃË-Ÿ%‰l+méµy:…¬f–ä)OžänכgÔ ¼Ðõ½ÀÒâI¢×ÏÐËï¿üçß–š‰ôm) ñ­ÓƂW‹=¯²sªãµ”ìFFÌÇj ñ« ‹B>çUy¼‚Ëk•VG)h#ÚJ½Ú·Ð v +µlòo'¬ G11(Šfj¢º)وM°ºè5­¦€8Þe WZ¨÷ Û»ZȺïÓä®.x^d÷.Uf¥öJ Ó¼Á³ÇOÜÔ÷^(^¤°è<Ø6ÊG ðY*„o2aaÄ¥óÕr­Ö³Ùҝ{îd>¡ñV+ëh­ò’«ã½’mýa‰è3B-•ï:é×ônaµôÞØ1m#Ô5­¿u¬õ?óú‰Cøõé/ì'ËnßÉ} ~}jË­PSÀî²G%Áò½ +¯Ìòj³E1…ñ6¯Æ[Þì-oêï,OÏaТxÛ¸½@ ̵ºÌ‘-ØËR,s…Ä Õ“1ßcÙh‘Éñ©}­Ì^˜½BéCÛèóhþ'MTúZË0—!¡žOüÅrÆ"?fž‡­J݉»^t Ó/Ò,e.eÈ­É"•Ž×Pœ½26 ýÞr'Ò#þa!Ëç¾1 õöNôK ½0×Åfæ%¸$ÂgÿUÀÆÐÿ•dÐ̈́Zn Á%Ï àEÉÉF™q•šÑ{䠟?ÿ-¡CöÂÿ]¸†¡Ôñ§nbœ3A\´º}a´€ØXKeÒviÁ3o™IC[§\‹]œkçöt¨Ä®ÀbwD·1;˜ÃìBw®Èc¦wZhß!žx–úc¶#®§›=µ™=Ìgð¨¤Y7°<Çu.+c}ԟõdž/T÷ +:6F‡~ÇûXª/ƒµNXendstream +endobj +836 0 obj +860 +endobj +837 0 obj<>>>>>endobj +838 0 obj<>stream +x¥WMoÛF½ûW zrP[¶dGrzK‚0Ð8n­ =ä²"—âÖä.Ã%Ũ¿¾ïí’M‚"Ž“»óñæ͛áד¹\âß\V ¹ZJRž¼[Ÿ\ܾ‘Å¥¬3¼Y®ndÊåìòO’Ó÷¹ª]Ë|>“OÖdF§ò‡Û:ëe£›Nk+ŸM]çå~ýjýÏÉ¥œ/®aâTÙT>Ýßý-­7vËSäú›ã ý_Íg ‡¸x»ñM­’&»†ÛþØbÅCw¶ÑÛZ5ÆYqY4O?LR;ï²fŒ4yíÚm.¢¤í#/¹äŠÁ#òi˜T×ÈIÉ/¹+öë¦ø¥Od~c3¸£‚Ûj«]ë7˪m˜—¶;S;[jÛxÉ\ K…ÃóƔz&ŸµTµöx)1¥eŸÒ©tc@†LOÏpŸÆåäØäZU¹Q“˜|k-Og7….Xô.¨ŽæµP)SVx ÇaŸ8=âü×Ã{ITQø3y(ÚíVÁ¬¼m­mLïpi[hœ`‰˜Ç½*ò£®w&AVi’œqŽë†ÒM\Þ¯%u¥B iíÃñªÒ +@ê«4è£È½'!ý>¥R%¹±¨Ä:7^*…ó’jŸÔfƒ¼Ô¨ ãPr¿÷.ÏD« +8g¥y8kmBtUaš½˜†àï@!$™#<€Ð*3Û´:C`ˆ²Õ¹úɋ‡k(ö3¦úûúÍ&¯çoðûúf…ß ü¯ákèÍ¡W®o^>»M³˜ º¢Ô!0š¼¸èÄfŒëtQȓuؑ«æý“«€MM–¡C@ÆÒ¥ºˆ¯uÏjâº0ÍIá¶è¾ +Ù¢'ÊÈBÁÓ#›NrëЖÕ`÷(Ø#ª†Êe…иRªThf’¶h@‰‰kBL™Ð¡fMç$–“à³EŽ§AWïö¬Õu¨áZ΂z}´š}X‚I‡ŽŠ„»Tí"þ&µ$ûQ[±àzÚc“$®¥<ÀØÆ5 <˜Øú5ôeÓ!àÀbÆ;A$vþ¸ñBÏCÉ ú@W5P”†½ÅԚv€ÈïÀ÷ò1S–Õ®tL¦ ¾ëôN×èfXSiÊÑH¡ƒÆþrôš g€74 xRk&ÅJr²S¡Rý½Jy†Iq¯kýµ5Ôé€Ìv¹v@‚¬ZA^Xc›@ò­ù7ҭ׺ã BêßCí‘Q˜ûà ‘™!½¶&Ð÷ÔPB}¾«µárpt€•q‚µÖâKHhˆö7†ˆÑ|dâ¦éhà$‘ÁÈ^vï_Ü&ýœ9_Ín0f1;¿,–«~ òÀwÅ‹7J;qæû«?o÷¡/¤$¹²[²†hþóç‹èà »TSM99¢¯@Vå:X“ôß/Žt®-Ò^öœDá°Ú8˜8 b)Ñä® {ÉhJ¤mU Ó¤|¦v  Ý>¯ñØvd@¼‹Îr`UÁ󠘤œŒeËuŒ´ãžç"þÊ÷w¿2fžœx$›q7`sî,&ßx#žêåÖ5’ÂNÌÉ “Á>IÌႄ8º˜ -Ç%£w†ڃOãæǺDR3—¹'ì/F ôJKNæ³`ãk«±ØbrŎ3:àŸhšŽFxa `Ó +r}èPÈMü*Š[ê•Fù‰±ÍDÞéD! ss¶ÂxîE^€ŸŸæÜN"_NwF…ÈîÚ1ñòˆßXÙ¸³¸Lå½fS«zÿåþøÈ9ÅX ›#ä¡#=Féâ,Û“^£Âí±¾Â`¶M¨ðÅíÍñSíê2~5ýÔ§c zÏ^"ß7,S»^]3l¹â¬Ìžük~Õ­endstream +endobj +839 0 obj +1670 +endobj +840 0 obj<>>>>>endobj +841 0 obj<>stream +x…WMsÓH½çWtíÉT%Æ_$áhÈn-‡„,1‡\ZÒX"͘ÉZí¯ß×3’?IJ@ÖLw¿~ïuûûŜfø5§›-¯)­.Þm.^ÿ±¢ùœ6[|r}{C›ŒfÓÙlF›tòÙ+çɪ EŸ>|¥ŠÓBE)‡‡†¯èa#9b“Qîl³#2\)OìådG­mÊ,¼ú›áZïÕoñ¶ðÖôÕæÛŌ®æËéÑ'9!÷§…m mu‰›È[\Åu¼"|¦2J:‰žÙŠuÈEÒu¤öÊPis<«åœ¢óì%QטQ`Ž/}½ú¢Mf[òÊ{âQŸ†^\OW}ÂÀ¨ìÈ&{mO8®SÔ€Cθ/Á3Ҟ¥M.H„ÿŒFØEèj~Q!ó­uÕ(Ñ»÷ëÏχƒ4< èOiS ~•¢vÔ kâ²´­?äl2U+WIGc.NeÚ©4æn‰G‘{ SkjgË=G”–Mz(pÚ±«uڔì°/ ƒ Ý:-¨v—Wûkx8µUN™Tecl×Y¦%dÞ]ß9»×™ ÝiÐ_ƒ˜pðp¯Ó¡œH?z<–MžsR*ZŸUyo³FH÷&êÉk`)Ý>yG4ãk‹‹9`AËzŸ'½ìhùó«Ð¤ß7ð z³œãçêö?øƒ(Ûh+oiyˆ­¬ÞÞie>Ÿ.§s À.W5}†ÔŒS/ºZˆMN´S‡—‘?$e]ÎÀ!ô\p£‚÷¨Ù©¿µ¯!ô#a‘ÚÀ7³uìA´ng EOLxΨ­öElyƒÅû€õ‹¯û »P þ8=вÕ@€OúÉÜËØÛô¦Ñ2&‚ÈÜqê{b¡CÀ•E¢ÁÃGb€¹2J”Áúáé)N=jd¬SFL&”AŠc^aÚÈ<Ó\…±²z€J`G& ‰þT…c€%@›:à1ëœÇ„>mýbµ˜^ÿ¢õ‹Ùíôölqƒ¿®Ä_LþˆáRI&î÷%üŒ ၝ%ì’@~ê;Ij ´sðÚDFH¡œˆYV±=»°=q•0mÀ{ªT•È 2•ÚL /àf/úÇöÖëâ™c6ß?}z|˜Î½é ³Ô è 9*‹"z ¢:U6؝к<ÎR ¶@/S¤ßzEÁiÙdÂ:ñ¬Øpz{)±-Ї t?ásï7;kK\͔âõyËAh! —µ +bÉ¡AÖ3[ƒN فO+ytº’5ï.,£"ß·5l4w‚m–<ëøZv)Kb!f[bßî´*3Г)±¶Û-…þEËúàЂr°øQä]ãv³}¬”Á€˜ø@¡Ÿ¸´¶(ÓTA«Ãôx!pÑcXs£4ñ¦MÂ\Œ +B¾˜†Ø™6£|8‘¡*ë9ÖÇ£$ô,|eˆWNé#vg¹ÈW‘¡PD;i0üqå‹éIvµ…M 6yfMé]GqÙFÇá*®^íxhU0·È«¡ìÓò.†Rñnì›ÂÉïdI`Á×T¦úèòã7²~¿[¾ýÉä¹í]}ŽÙ$ß(ggô´¾··ù&SýΦh&Ö‘˜€sO]Åc“Ÿ¬ƒ«›|M.ž\ßÊ1äô×Å¿¶ßڍendstream +endobj +842 0 obj +1691 +endobj +843 0 obj<>>>>>endobj +844 0 obj<>stream +x…XMsÛ6½ûWìøäÎØ´%»²›ã439Øu+eÚ["A‰1H0hUýõ}»%ŠJëÉd¢ˆÀ~¾}û¨ï'ºÂŸ ÝNézFy}òqqrùùž&7´(ñdv‡]eWWW´ÈÏ&“ì&›fô¬jMsíÞªÿnª¯Z|ÃÕšLâՋé-®ž-ÖúG§ÏÉ:zžÏÏ©ò¤¨Ô*tNSX«ÀßPë´× >7T«fK_Ÿ¿üI¶ÕN…ªY‘ßú kŸÑ—@Ê»ñìþŠ.&×ٔÝÆ„û¥u5.ن|—¯IyZ[$àÏa»20P)¯FSPçµ;¸DÁÒR±æMT:[SQ•¥vˆoìÕv.×ë3²Ó«º5úéùÛÊØFSÌdcÝ+¾”°jµíͧ¼‡0¡]…mIT5v\V}°!"Հª›+CòDª•Ñ5:°kF€2lqÐy3 ®mà¬SÊ?ˆi”µD8ðvNRJÄÐPnßØ¥ç/s*TPKԚДãRã;EŸžçœëÚ §úf|úš¥GÓYÆ`ˆ›ÏIµ­©òXãÖٕSuÍØ©š ]©ÜˆÚTͲBï9éî‚צd´ ôÒU.}DÕ‡BÎ9UŽ} lS‚7)ËÊÙ®Dèä=Ôï"K$9òi—AUMGŶ + =/úâužý?Íy$ |pzö­*9°$¦òÜv7ÝtµÌ˜mú²öõU F$;KR3ÕÒ)·0Óx®šh-ŽÓsg€"1P«|DÈuMƒ€GiöáÉôZvl kȼ°ç†ZÓ±·-ׁ%Šþ{ô2¬m·ZsP[Ú`€ÓŒD›#ßì3õ*=¬uU-‰Û&8ÇLð +Ncã+—ŸA­Â†gt©C~Ùx/T™a*Êx¢çË3ƒ'ÕeÞZ½2;Vß; vjañÔXûÚµ1*þH}cø[Ö8 wã‘d`•›³YW`N°h¾¨jSضôxܹ«.ÎÅPO†Ýi«PˆâôÐ +Š†I1q„†ÁҊÃCJf™½º6£FfT®kµŠAûVç̘1øŠ©¸c `Á`šeÙ0×p&Ð0S}Ñ2ª(ۆ’u…vØ5|ESŒþüÁàÄa¶À(­ÕçgNç¶n¡sa ŠáyTqr1¸FXegD>Žœî¶€ÔLîНÎ(G­…VŒcwP–‘”ßW[“W¢[´mÀiÀœÝŒ¼²¶ˆ›K Ò¹Ì [()öÄ[QCˊÀʑAKTaoY°; )±… †âz䥃cž^Ë¢š‡(½Œù©çÄ©mÜLÕ¨•,Q¡å]œÈ~÷@ú°Øð͚Ò;èQXpÖ+ÖX !7•te„tÜñ½L?º±Ï Ÿ’nB,QPò|/ÇN ñŠ_A.ò;Þ +¼˜ E/IÖ}ŠR’£¼3¼þ»,‹\ÁZ¾VÍJ YD¬kÐ9àðhØdì +‘ùýÈ:Òx‘Ì&ðÀOzwÅ1 #Õ±_* øQùàZ–x”ù r|¿Ó§q­¢ÿћžacG2µUuVñ:o¤Á²îÅ#利yŸ"£€Td7 t‡,1X¿µÂÛ ë.ðàŽaË©æÏÓ¸<Æèï’ÊšÌn³ ~±¸ç—ÀùÃÓÇ´Ó~ãò~²9Þk’øã[ñðÅí?kïý¬qs{“ÝáלœÝóu,ŠßNþÕ骛endstream +endobj +845 0 obj +1820 +endobj +846 0 obj<>>>/Annots 283 0 R>>endobj +847 0 obj<>stream +xWÛrÛ6}÷W웕›–(ْßêÄMⶹ4Q&}ÈL"! 6 ()Yß³ R¢é4íxr±ìåìÙ³‹ï'#âgDӔÆW”•'/ç'¯'4Ñ|‰o®fSšç4L†Ã!ͳAa^ù=Î=ª7T­M ʜ­¼+hi +M•£\WڗÆjÚ­UE¥ËëBþ¦p*—W5‘ªñ­L¦*ã,ek=²9+w_ÌïO†t>')8ŸkŸÐœ½ 'K•i*Õ¬«<7v“dõ®o8h¿58ºtž¾»0p±ÕÈD«°?#Uˆ¡Z­s$„Hºç;wÈ~åÏß_¼|Ö`£Ê¿wÑt\ü²ErÐ`@l s£…ž… À{tV{Sí/úvûñæÝSÄgŧ;@y]è­²5‰¯Q°\UÑ52v»gøo¢6ú¬QÌÆaD¡b™ÆÒùgéJ™"$̯óІ®Òq2¡ÉlŠÿ§øƒ(–‘e×4šD–]ή“«'<’ ~è Â:¼ñl»»¥ÄÉòäž2W_Á'p æ›(öJ.2ê^Kîµ…˜¹Ûz?—’˜Š)À†„\=8Y Ü)oQøœiº4¸ûmðéîöۋHÃîpD¡0«uUì)7Ë¥ö¸Ç|úòþî/PÚdkZ+”ƒ¼²+MnÉÞÚ7Äâ2qðÆé^²  iC Jï÷Ýs×° 8<\Ž„„î*¦_SßÓ@÷nÁѽh…Š•ô¨DjòC\앤{p,¨„ˆ1îyn¬F~Û¥YÕ9Wx\@KH—)%.bà(l¸‹Ùz~ª)`{ÊIúôJekdÍuèÆFlnA&úöÀ¡¤ ¬´ÕJ‚à +'”Џ€“åþåZo@ʹÖyˆTªvÎ? /ð/¶Kèëlsµme TÞ%X +˜£ðÀØ焱Êv?clý½ÖŽ¢äP¨…ˆhïŞ¥0w¥zÖ`Íp/Pk´þ—§ºjAá2¯«Ú[8dcŠ>Þ¾1@Hø µÜU…‹v¦ZãTQçM|ªŽ{³1 #œ ,Gí=ÜnóK…Ðó¤ŠN»M±ƒjin-e£¢öœ§E'+&¾ƒcb‹|4(Ã:|``-׏ƒ +žItmF˜<Ãzt¤¡çšÁb~d®„Lâ Z¡,@,½ª5ÊÅnÃ@a m?8PS²`!Š”­ûr‚ ‘-ÓIœ‹—›)¬\ˆÁñº‡ÝŽ™Ý=ˆsÇs‘±DlËÅé6 A:KÑq?ïÊt2zҕèÉ;@¥‹|ã^¹8j䓣,µØXiÄ}zs2JgØ/Òt£%¥ãY2j~+èsåMSìO–‘wÌl}+/øÍ­-Í=ÚS²Š¯£C¿¢Á=Öaþþ—`ÕÖ%¨­Tƒ:^áÓ20¶F6Xí퇯óÍ0ÀX +y?u{"Óø.ÍuȼY@7×ØëæJW‡–ã°ýÊÆΰùÚZٕq®ioèXMøº³”cgä!Ú£+$eïjO[?ÒÂ=âT´‡ÐÛ>?8 ÒçïÐõP¢—7XùçX3MQ¯ÿ Æh<}.חɈ©È!¢ ýXË«¡ƒ-c9—¡ƒleóê¢Þ3hԐ}¹Ç|ÈßâÁ0—¢ö·Åiß*ÇòÌ@‰2µQ <Ð¹Ç27€‹íâò jßSñµ"ûÁ­hs,؈µvµí~qd»Mæ ãÔëU]( +EœAù±$BºÀQ ¢`å…8U¬˜X5– ¾ Õ^jó;îò±.4´d‡— ցØüŠN#Hçk¥ÉNeaØ0—·X« ífI̤ø8 +)ˆÕ éÁ•EÍõìËß(k/ PX:ÎMYÀ›88'/PZbåbcIˆäíz ¹q ºx=k^t£+.îÕô2™ñNÑøèÝ= Û+pŸOS¼”óÁÿ}ÁL¦˜—+ÓaÓ žü‘×ûŸendstream +endobj +848 0 obj +1782 +endobj +849 0 obj<>>>/Annots 286 0 R>>endobj +850 0 obj<>stream +x¥XMsÛ6¼ûW¼žªÌH´H˒==tœ4i3Çn¢Ž/¾€$$"æ‡JVõï» ”Ìƹt2±%xxûvü÷Y(sü eÉÅR’âìíúìüÃRÂPÖ>Z^­dÊ<˜Ïç²N&ÙAlVµy*¥©¤ÉŒýõÍúv%Ý®Ù*¸‚Ñu:yŒ–+ñ/ÝK¾›EË`Á÷kl•çÕސ–¯7·ooD¥…)mjÕT5Ϩu~ªtKDµXY6&QÁ³B'™ÂêÂö+>¯ÏL}â¹s™…Aijî{'ÚÃ9#Rm$­ +eh®ˆum‘ÞŒ´¤¬$¯Ê­®¥Ô:¥W™zÖbõNÁOÍÃf'§©$©Ú²œò‘ÁÒ³®ƒ.%}–±­OÈCVõٍ5âV©)·.Çp0i þÿ’ýÇÝÃúNõT[³- sb¶ÑÅËÄ37r¨ZQµ1Å.×t€ùp~%“»èO‚÷aŠ*SÙ›1Y“25ʨ•5ùáñ –Þ2w¢ÿAµiv”óM]t ¯*ÜƇfvêS5ÉØ°‘¬3ՈU&¶ª`9?¯¯ïonìtÝLÅV.ÞB¼W# źi€lcø´ÇJxÅj#=Œ•ø²ZeŸAî¿>C÷ÈåEˆŸ‹«~Føœn|·]KˆnØ e×+Öc»…apD|Ñ·¦vù·4zþ¡o(¢‡-:éŠå`©k+Iªrc¶-²Ì^a©à2ÑW5ië%E]sT Æàœ¼½y÷I>®å¯ûŸ^<éàq„ONÀF9CûXfy:BýDb•ý^H^¾8öô;Þ^,ƒðd/¢÷Ç8ê­ôqŒ]lP.ŸÎ½Ží­çßÁ‚3 |*€¡cȃ›Ēä él¦®©7ˆ93ؙ?{ÐiS­+SO߾̫^ !¹0›h´Xªƒ1@Ŝ&ä7¯æ^º‰F›Ü4=Y£e;‡l€¡ìèGvJ˜ìužó÷®"ÁØÄü3ð +ní8øDñvuõlR@8>ø°ûx}×MÌ(n[:ŽªÙͦò©30Ê-Íù,]öº`‹¸ÓçAzMÖHù½E췑±S®=†?a€è75œÍ؝ûź¢”ùÃ)"ýïeÑ ®m‘8î…ÄÕ®ˆ f¶LUº^í°Á¹àö¨Fwî3“dbÛ†=çQ?¹ Èy]*“‹'88õü:"úfìÚÖÉ ¢tCpª=…q #Œ®v µåô1t0È ‰¦-Ÿì£—­­Ïq£ð‡êqù˕'wÎ=…rDtZ ´’c & +§£"¸~Q6%nMN2s’À.óP„úwáùëEãmðر:í ¾g=waìk3ˆ¶3—aöÿqÆÅm w4$ íГá1iŠÅó·GLè䮞š _Å¡+ö*Ý )ƒ‡1”`œOZÿ>k¹ +¼Ì鄫Ä.òåþ–¬Dæy—„ŽlpAX¼Æ5nX›Ër,q8ÎՄ¼ë®~äëSãªò 'óíèyy ¦ü^­.GG¨6þB€Ë»Ùf 0 ¦œa!ø¦v2SkҘÞYLÌ_„È(Ý%ÔÄZ…)?Õ;]º[p»Uí3 ì¸+7¼«õ³©ZK"t¨#¾º; èäÌaéüÃUÇ^áÒ$Ëë ޝ<0ïëê.˜üUۅGÏf~ñl͹úµKÙbµèÿò± +¹Eûóì__ÝAendstream +endobj +851 0 obj +1989 +endobj +852 0 obj<>>>/Annots 299 0 R>>endobj +853 0 obj<>stream +x¥WÛnÛF}÷W ‡(ˆEŠÔÕA[ ië"IÚZouQ¬È•Ä„äª\Ҏ~|ÏÌrIÊ!`Híî̙9sÛÏ"šà_D˘¦ JŠ³7ë³_×g“`µ¢þQíð1¡8Æc¶ZâÅÓ`A•¦-öNh:›ãÓ-MVÓþÐb­rZp ª»T„—º õpP¿NeyBëdTS?{±þx^FnÄ΀|ŽTS›Ä”[·ÜŠËú8‚ ¼çÔùB}ҔäZ•ß*¡*ˆd» QÉ^«˜ tR¸h<¾Íê=å&+Óo•È¦}ÏYÊJ[«÷Géêõ»7¯ñEˆ2 +[…¹ITZUlÔ±ŽQ@WZS½×T(vRR“4….kUg¦¤lKw¦ásGS‡æV•5Õæžzk +}»×p¬Î­èm-ˆIåÖЦÉòTTµîNIÖIS«M®I•)åÙ¦RU¦m VH‚Lh¾š"º\ÐsûÈ//ZOaÏ|zÈQÌ@ èg‰æÚYµgF¥µà>Ù}P{y#AÃN|‰ŒÚ±ÿàð3süè~•Z§ÖªšRŒvç^½÷Á±¼¥Jp:ŽT¦ÙíÉÉ,oƒ,2‡Ì Ƭ¢CeºbI†˜sæϞ“5N ê‰DÖõ c;h”(\¸„Ö4U¢C#Gxÿ§…€Wþé؊ü·Žû­iÀoVÊD[«ª;6EJ»ykòÜ@äŽì]±1y–À•å§W_;/ilÎ(þÄO"onÏIYbqtèv#…ºN: "ÊçòˆÍ…+`%5VW`;0| ä‡|KíMf3N‡me +Ö1 ”åÔvL¢€èÝÝ×#ÝfПó  d#QxÔ¶j6,u¼´mdÏ]PûwPH®ô•|±8.\]…e“Ú~á÷Û½JÍíp¿·ýÞFq™ÛG‡—ÞÝãhX7ÉKTPvg‹Ê'WWÎ/nu’E3¿#f% á[‚ÄGXÈS×P9ȤKɁR®½Em­³¾E\Uˆy[ëumƒPCºnššS…àö­ÂRE×#.„©)ŸsµµEŽ\¿hk4Vù`¡Ê†‘w4}Yև=0ôÆÐø†þ£]¥ÞKÇæ r\:ç²½lÇÅâXŠìÊr)þð«ed LÕÉÞXÚ¨ä)B¯ÇÿØ,¤m ñlÖMCO5† ëxÆi[ÃtØl±y$i&^é]©œªR…%È´”¶Ê£qrXx)™ŒaQW&ç҈«½ºÉLEfû…i<@è\7¨ß¾{½[Úi/â‘ïÏßÎâé-9ì +Š/f: |åtÅchŸ5óXvΤÃ÷C!­÷Ú")`oªmReÉ*ŒüRƒDž;ºÌè‡MÁ€‰säɽ­®_0Ô~¼ñ[øw‡±á‘²Õ9×y¢O2©V·Êòïc± ›Q +“fÛ¶Qfe’7©›túnãkoKà_»ÜlTþ7Ypëìè~óŔ{åì‡ ~zláÄrüÔð#Ê tr¤s7(SH€zOÏ_>?we÷—ï^¿}ÿÒ/³@„}¼âKÁ$2£H¨•¯–ÌÞ¯Þ÷1ȟ¸šÓSêë^ ȸ١»$ôœüH/űñòž•Ï85YŠ…Vø㘏åe‹8od „5AÖ„û͌äýöU„ÍÃ+Š‡ÕâäGA š±@9÷ð¥ãáŸ_€ƒ¿¼ŸÂ¿à»ÓCÇCów¡w“„.1¦# xJGUé\Ãï'Œ#ðSö:èBÇÆU”?N¡Ÿ®¤¯?ÄϚ%tExuÃȹÓGš1'3íє闏Sšã弋枔“ªÃK¿L¼ª ®»|›Å]Ê]s~¯ÌG$:ý2¼îH¼D‹%¶—±Ü|ێAkmyúA=ÄÓ҇Fzúl9CٔK™&çœýТe„endstream +endobj +854 0 obj +1521 +endobj +855 0 obj<>>>/Annots 304 0 R>>endobj +856 0 obj<>stream +x­VkoÛFüî_±MXA$Jԃ’ …ہ $NkA|9‘'‰6ÉcîŽRôÇwöŽ”dE6´q@ˆ¼ÇîÎÌÎÝ÷“zø iܧADq~ò~zr5=é“ íz—õûx 'c<à ZÒSñ֋¶#ÿ܎DÑ0Ökƒ ò#‚eˆ¼} B÷ºGg4#›ѧ‰îÑ4nÿ{M‹t%i³´H¨2RØPdd–2Ëè[Kن +)™P:'»”Z +¬²2+¤%ÇҘooßN|™M!gòçǓ>׍£ O9…!'ïß2ºclv»H»?ÁŒ1æï'le^fÂJZª\&©æx»¥î–¶èWêòŒ.Š*l÷Íe÷Í}šO$!$Òcè"÷öb"x<‡Ð iÓîL˜åŠF£`RsÇÌ;RA÷ú Ð0S€ª?z/ ƒQ0†ý®Ò‚  »‹Oï/l­¤&«Ü·/—(Q¹H Ž×½n7ìô} ­«Âò|l0WY¦€Ð‚b•çÜc—\<‚ÕÃíš ´‹Ð¦õR"w©_Gj]Þ~º¸ùü4|‹Rã6-D.y¨Gpà¸m©9ÑFUš¾B}jmêü‰ó9Øú"ÉÓ"5V «õ»]¨ÖïDŒôD +-ÐK®ÒL.¤!äAB~‹ÀÇF֌lÔJÙ×~tÔMÝÊèn¦b‘uÈg¢Ë¼sgè2&‡^Ç8ì:÷ôBÀ¥ái +J­J¥¥)UaÀ‹g¹¡Ë,U•%4“çôŠeædæj À££Ä¼úI™©¼ü¾ÄÔ:МÍÁÏθǼ«=§ò!\,:¦óQ@wVhKUéJªÍ)¡DÈ\NVK©ýÅ×yLé+YØJdÙ¦Í +ƒÃÁËÖ¢°Nç*Iç¯<“ÏÈp8D3±NK7ƒDeÑJ6©p¿´X©º5²9À]áT M%ö5Ä*¯–µiVqòÜ¥2&ež]®Iaè¡Â&³Ž…YÚ¦¨|žjc¢©ò)¡Ãøµ‘³3¤°å6†Z~ÛóhVô¹‡ñ?é½ÁåYFnNsÙZlPµÐ¢Piâ¨ÌRF¶6SÁTœŽ=׌Fà@WE¿ +‚ŸìÎÒPGHú‡Z– ¤É³iN—yÐdhŤŠ%“S‚Ÿ1æµëó°Q&'볬iiúyЃ¥ÿFÔ띻ÿOÒØëûÏjú`ÎÞ¤Ý1ÌRo“ÕiW18Ü HLbrCÌX5ŒZ}€ã›sUøõÿÁ,ìl®¨S½ŒYmH2†óÎDüCÎà׬~­h²úZ{ýöë6YHû¥Ë¿NzÙ¦W/¶=®j`›¤qÇ­‚ëËN§Ï4MZ®nßýà¹|á"֌Ï*àªÓl½7ò±øG¾?؎p:ØéQÏìâ؂©¹á>Ä¡pÖ| +d'tÆϗÖíl•ªÊ°kÝøK[kBù¦qöSTtêßüFÛã·ñ #¹ÃŽŸ“§ïN]í©î/øc, +Dp"Â&!20¨³K¾#ÔÊ[h—Ü—Þ\«œÜ*híYöNÍÐ_G}ЃkhÒ:zx®kÉ-|“ú¨ qÛStæzGý¢ÕƒŒ-]ª¸Êáu®#xU'ŒÆ÷ÝìúESÊ¡Í‹…¡Ûʱ5!7q<àÕ8Çþ8ùçne endstream +endobj +857 0 obj +1268 +endobj +858 0 obj<>>>>>endobj +859 0 obj<>stream +x½VmoÛ6þî_qHÆÅbɒ;)P ‰“Ŗ—-چaÙY¢#6©TFO·èøÈ9 FÁuzõÀþŎ!šc:c ¥Ö<€(éMϯ¿:“EÌœ¤úMô±3€~€9¢ã¦ýÍÔ æ÷ÓæûTee^Üb*…Q2Ïw;M™2pSÍr®³Ý·IƊ¸½sñKÅ5k÷y¯dUÌy²„©b±‘ +®¢Žè_Œ Ë~ýpŒA”¢ V‰Äp)`ÿž&Ì>$±!0cPi–‚‘€&¨Ÿs|,Ähs˜I“A.“8‡X¤ps6¥JÛ·{JH{©%˜Œ5ý!^`ä9Â%\ÜC"‹W¿%j¸Ë[‰IŽÈUIi^9ëamíQB˜+”±Ö‹Ô›7–þ,+Й¬òÔVÛÔ1›Ø`ÚòAãûƒ¥¬<ßó™Iü]»÷Ü.Dcf«ƒÔqѕ¿àˆ Ö̶ ‰™uåOõÜÛg& rÅlg¹”Íã*7˜9ËsíÕë8¨g:Æu&³ða³°Q©ØJl¹ƒšxŸ—·ÑKèÚ½h¥¨ña¸’.)ßj•ë_¯Ú6Vk©wè ½±ü7‚¥Æ:hši±V‰—ú\pƒt1sù6Ûö@›X$øœç̊uMèb·rÅä،‹t‹#=HcV éc©&†Û€â9Šm#ÍÕN€i}± ñ~+¢Øáæ¢a{2U ó" q‚ü/i4P?Wc¨æŠ‰õÃñÓæIi2åsG9¶Œcì6€&ÀDñÒÐqš6¬°•sñ$Q¾A§*ö‰l·T²Dd4{¬˜Hæ¹Ü– Ø^¶gAísPkÂz ¹lûÀxìÀÙÚ¬­ñs%‹¦ºgó¦¨_iåÛ©æ£Îf±üq{¯Ñl$»¬Å›/©È¾}Ë£}XU‡eƒÿÆØ!ÀWS¯>æúá¡zv›»ÞÝø½iC}²Aýó͇«³w{·—§{-,É$ôt÷nI<4,º´;¨žxÂô[h[Z‹c$κ÷ìú&úp}uÛþûóèǓoßu¿n±Sz-&WÚÕÿ^Q º÷/•þƒÚ~rS© ÿÿ¨u›’ ao1Êulø·Êúºn9ôÙ#^ ûqó!üâË°þò+¼~©J2ðŸb«¹_W3½ÔÄ2øô îîZ(‚"¨ ´x(f*…ìwn[NŸé}}„l߉PŲÜ_k8‹qtãÐTŠéRŠ”´„׺ÙàɑUÏ߅™°R—I$w¨¯¢wYþkrDŽ¬ÜmR;5ï_Õ§o0{Íõºw{ryz7J~Ä œÉ¤*°Ì˜®‡X?Oй? ñžöêƒ"¼@"]H4\W†œG“^¬ãdDðñ]ç[j—endstream +endobj +860 0 obj +1172 +endobj +861 0 obj<>>>>>endobj +862 0 obj<>stream +x­WkoÛ6ýž_q‘…ؒåďŠtmÐ`ëc­±aX†–èXµ$:¤Ïößw.IɲgºlŠ÷uôýIDCüG4Ñù„âüäõüäíüdÌf´è;|Òh\ÐÅlŠÑ-i‰­CšÎðxìE45&£Q0ۛŒG{›)¶Þ‘Só@ìðzH/h¾Džä5Oìë!Íãù¿uše­b2ù"9›=Ò BØÜìùüvþëÕϗÏ^y/ã•:ò꧛o.O?¼}zdÛÒ  g§_VUY¦Å%j‹ïlIFê‡4–æ%³oò/þ+ÿÑwð[Z,Ò"9–ÄÿVÄÖÅyºçÇ ùƒž¹fÑ@ރŸQ/Œ¾Y9÷+Òóç¤s,)|:ÌT¼Mµ0;‚Oõíô Z–•F]2ÿð÷ðú‚¢ˆ¹9ˆh€1ãn–´SmJ¡K*W’Üæ±ßÜ«iº·ïõ»{j*ì!Q$ݍm¸[›)2W…!Á)¤†6*-ʾMͬT•%´$™¤RQ¬ŠBÆØ©8ߺÖsWùBXKMÁî\¤å2_`ékeJ^O]á[‰a„ˆŒ*°?`VW Ó1æÒ©E£"˜ûðú…G{.ÆcEÁ88¦ý¨ŠezWÁ¿'³äÓÕûÃn€3V­öÍX‰I¹H$¥Ž¥ÐŒu¡¶(0ÕHZ§®hP[¥×<Ò¥º“GD¾Å[QXÈPd2ïŠñ„0=¤,*e‹2U-•&Å>­¥Ü€8"A<„™ƒ:‘swlÙÞ2ͤ¡BʄÝ/º¡EV¢ ¡?¶ï¦”øºí½IOLß7Xçb-i!âuµ1¤lÿ–NïÒÍs¨Bï-Ç{Ê2‘P`g»M¶%çôŠq)H–(à܁0·g~±nÏï”-Ôە#lµ¹J*ÇJàºoÊ6-WLN¬9Üj]µ@àä ­?p;Vùiy$,L|–¸bø„ðô‚ШJÇ2,ŒA”xåê®g»GIª1Jïh±®ÊñÝAŒ3yT‹~Z©ò÷¶™~z‹ñüËÓ%0öÚÛò´Ô*çò»Mi²?š´'ÒaŽ½§ÂöˆûI{™ˆÕ&utã x²-‡Â`U³ÿªÌ[#ãJ§åÎwÆ “P}–É; Ô¹”yßñt y¤¾0Kaíèx‡Õµp{´ñ†7Öµnï;ý 'ⷢ̿mÌ~X\ nîâDñ(«²5ίDq'“€nÈIk&—µh¡-,´Ð*a^Ö5ûÛÑ`4Æu šÇJÃ7#-ï+07©¯I¥Ø:qBÅk°®– Kב{`ïÜOq¬*ÈÝ÷;ÝÓ»}j2‚‡s 6€#7Lžtéé'²Ìªµäƒ…«Z{.]‘õAöHbrJç"«Kó)ÈA“y´Ö(ÿ¶-Í­"c Ü·gà«Ì +Yb`gúö¸X–›D°üîtm‡ÄʲV¹ê=¦ßɁo ¹Øað4ÓZÜl^8:t +² Óºï²üwŠ”’o•ÙÖѱ°Ôtûùhqo¹»=C~B§AÄH›N¶J¹¥:(™RW1®K²ßœ;±@‡¸,[ #Ѫ&CôÇj±™Õ^C‡s'=†û°ž–êÚo«úÒµ·JZ{èΎïÖ%˜rh×æjéß5?LšÑkÌw³ðzæœh2–“Q0áýrõþõ}Òê+_»Þ¨¸ÊÑa+«wMúÁt„:IÏ߀hŽ;%_Eæ+< }¬ì!{_PøÁƧc¶Æ]뗓mqü¶endstream +endobj +863 0 obj +1385 +endobj +864 0 obj<>>>>>endobj +865 0 obj<>stream +x­X]oÛ6}ϯ¸ÈIlg@Òv¬E·xØ´DIl$R%©¸ú÷;—”l×q´‹±)òÞ{Îý8̗“)Mð3¥ÅŒÎç”Ö'oV'¿­N&ÉrI»7[àÄΗü~±\à}:¹Jfd%åxxB—³e² K紘ãÏ°‚ð Û7œ4¾½ é”V9 ϗ Zea}B«ttk,å¾!'í£J¥#ohcì5Ö4ÒVÝ)u¦¥ª*•3¤¥Ìø!©|)-Q)%)©G•µ¢¢LY™zcÎÊq8ž¢ÌÔBijaÄý²ú|2¡³é9‚Ye#QY)²椓ړѶ°?ҞNHK¡ ¾-MÓz yY7•ðX3$¨ZÚ=º`_ÀñhÿÀrð&!Z•°L©Ð´–$…SU4<¼UºˆÎðÎñ-( Ž\½NR£óøõ€íˆŠÊ¬aa؎ââå°gç+ǀ6'ü¸ÌæÉã¯ú#¶fÇÒ§ãFÔI6cû)WÕ6ŠˆXçKU™ øÓk¨)xvà ˜ÕB4rªV•Y&‚/êµèˆâóÖû!²qk#õ4†Ü©Œy J=0©ÊýC™Ð§è\F DëKŠ/+¿´ !á5®ÔzìdÚZå;FäS¥œ"A²âšÉ‹ÚÉëLjd¼¿ºÀ<2MZ{íZ !³!XT`Èʝe×æ¹Jçæ1Ë=°‰3Ïñ‚ó΋ô 5xí:‡Î8üŸ?´”U厸•¦¦ ±ÐOG¶;âõ"sHIÅÅOhdßåú%¸vÝîŒsiûÌ÷ë©2…Ò1 wå|¬¢´艡HÈ 4£èPwž4ªŒóÚ½jb‡,—ÞwG˜|Õ}!Z­¾rŠ¢t>åÊ:ÿ©nÛ˟VÍÿäÄªM ñR»„}!Ìç«ywÄë…ÆbÖrS{½C_¯öHØ;Ô4uŠ1ǯ§sÑLŠØ×â}3×ÉSº#‘e¬)¶o;4Ãأ쩹o ۙ¡ +5ÏZB†ÀκõQÁlÍł¬í‰’-<[Kp߈XV?þ”'g¦\¶Ö^€–âëQiéYWq³ØwC< +»x‡æßK¥§Ñ?_•ûN2$rß;òmÔ£ï#ÈqCVedr‚Z0]E™iו<ðš±n|Ô}Cr» l‚Â…žðhzv;hÖñíM¡{X¡ÎÓdþFâ‹„~‡Fñ‚“/ô]„¬šXԎþîEN Öé¶^#dx]ív²êQðÚÁ†‘ne͇ôOaùRxÚH*!9z&0eىyë[{tB”1ô[ 7¸£¶æ09ŒÆ›x[À/(Ԑù¿+Ý~%–ܺ3j€S¤Š/M[”Ô ¿Ù! +ž<  îCü€6•ÖCwÃ`c0]a/!ÖûÐ<{çAõæ,{±|JyŸýÁ­·omô,pä +õÂ"ŒnéÝf7a¥aŸÃ®<*ïãƒî7ÊÃ9ú±j‹"qƒiBT†Î4Y[Éí„éK .hªø]KpÃxÕ¨qÂß54èÿp ÐǛ÷TðåcpGà‰‚þúp÷(י±.éK0íµúÙ"ðü*$áèßÙ|ѯʀ—Ï.gQ)®€I-š> Øsé™ÙÀýy÷.l© k´†Zd(ȪÀ%ɗ5B®8'G&¸„s¸AæxG$›R>j5ÛEæörÖRaMÛDꝔ¸ÏtƒîOX¡Ô¢ã+N¦Xжô,hÂemhQ¤îGÅ叇ûH†€IŜB àkÎ6&ƒU=$7ToU:ß Ñ'zH׌6ßù»—™£!·ªmˆ}ƒ\.‘vÇúã²OÎé|‘ð?pyß»Åßß¼sC­ùŒ»7½3i[£˜BLÌêYÜu·ŽöӋÅ2š-æ¼ ýqòøL?endstream +endobj +866 0 obj +1577 +endobj +867 0 obj<>>>>>endobj +868 0 obj<>stream +xmRËnÛ0¼ë+昶*9‚䝤z°áÔ*Ú+C®%¦éòa¥Ÿ¥e E‚âÎÎÌÿd% +~J4+ÜՐcvßfŸ¾~FY¡=òI½æB¡È‹¢@+oÊ2orи@蝍]Ï_Bô{¼”;1äÎZp˜týû!vx›È´ù°µ*äF%òËò._%Rq:9{rZ´ÕÒYoß÷b>>>/Annots 313 0 R>>endobj +871 0 obj<>stream +x¥W]oâF}ϯ¸â%‰6ÈJ«*‰’.ÚÍÇ.´ÛJ¼Œí¼±g¼3ã°¼ô·÷ܱ jSµM${¾îœ{î9—ïGêãw@㈆ç”GWó£›ùQ?˜LhÿaVxÀ´hD4šŒñÿhŒÈHZò + b›Ý¦‡·õi¾Äîçã ÍS?Ž7ÉÉõZ”NlÐÃ,¢ë<“Êч‡¯ó‡Óù·#^;Õk{C>ržž`ò  ÛËϖ§ô©7Ä^Ík |ÐJ„¢)%Z-³U…ÐfaD_…)éZ+%GÚЋ·#–D³Ýà<à(O’:˜%¦ÎD‹ŸxÜ#Ò^qÀ÷üòóQtv èl‚Fã þÖO9Í•ðvDƒA}³ñð—Th„˜è¢Ì¥“$”ݧɭ3Kß+i]¦•¿S,‰–ºR)á…w‡´pŸÐÚ¹ò]&Âè<ØdÊÕ³Tþ‘KYmB˗ 7@#X»"½Oo4hDçÈ.и6KDžo»´Õ))Shd¹Vț}Çk@ž^»h¾–t›å|©”M†Ü6)^œO¯îèQJs¼8õw o“¤ÞðI]Dçãf°EÇzƒaͅùõc8}$ÞMHJ:²UYjãþ×®»s/ÝÕôaFúÙ¨ÏéPj2~ÄyxsuóËô_Ӌ&|‡ÏTYL3µ–¨ ÌXGnƒÔë•ÄC›Ì­ýX,¬$]J#O'»µNÌAq.ÔSûœ‘?Ê\d +ʔ_ÌÔoòÙ"WU‰< é². Zs äFŠtK±” +k}p2íR\¹:먭@ÁÎfØï: jóđ5øw©BÀ¸ÃÁ¹™ÌQ€€‘šÛƒÑ†€v³A‡HÇ߸F›à;³úª3骲ƒÙy*Í!=/Ó´EñÍÌ¥¥Ò&&‹P{J‡'ê· +Yˆ…‘ù¶Õ +I:¼Jª“ªï‘­š9aÑÝã|ÜüvÓ%HòÄzøøâ¡ jdéÓåã¬ã¬§òÜ—ëÕn÷7sOLJ_o¾ìè„èøÑh§Ûã€hΚÁ±âb–áW—g®UMÇו1¬¯m>p¬ªS‚ÙÂùµÝƒ³wé@°ÕJ’ªŠXš:ôL% r9Z] pq„x&c¯a;%®‘jvoE dò{%+ +lqb! +M® +ÇP®¡? W ²Õ"ä5Q— ?+‰4%¨…—!9xa¤µxÒþ{˜Âú8K2ѹ÷k?eÖuºl¶”I¶ÄÖD_§÷³&>€VÈ/ña3]8|ö—Ûë!PE¦t®WÛÅ) Û¿ò$ÖU*ĶWM©Þ¨\ ÜCQU¦îÀµ²WN;†¬®|àäï}?¼f.ŸeÎçÏqÆ}mÒFÆ¥@B™Æ@<1èâ««¶:Š.X²j«gƒkþ¥7GçܼtvoÒpõ·Ýx ¹W^œvW†ÕwÁ¡!RЂظrüð ì-ù¥¹ö¢1›Õï@’{€F‚ÀKÜ÷.KŒ¶zéèÓå=Ý …‹Š‚(iMÉoì{&2ÜbÐg,(EäŸkß÷:­÷1a|ÇÒ[2>ƒ¢"€ã‡W•…º…µ)ځÝ]Þh…Âæôh¹1fR ±Î|cÕ…gå¬Û˜ð¶Oܱ `×guD?Qÿ½eS +ä]Å¡UfÌDÎÞ³G>ÁRXw蛳ŸÓ´»çxñ =Éc D¥÷åF§Eï2·º QÇnWÀ*É«e~õѼ6ýL,Áð_àW«Õ6 9pã ë©1ªaÐ4‰pK”ÃÅtôm5ÐdèØ÷øl‡y“ðü ÷…’¤¨A_$e‡ÚF!ˆ&#Tif}}ìk¯åþ‰gz˜Àó¼)ßñ¿¦ø/+¯l²ëʹÛÜÇüOßKF¨Ê¦COd>ý è$Ñûendstream +endobj +872 0 obj +1597 +endobj +873 0 obj<>>>/Annots 316 0 R>>endobj +874 0 obj<>stream +x­VaoÛ6ýî_qÈ'phKqì$H3$­³¦ÈÒ, ë0Ðm³£DU¤âùK{ßQrb;ë·!ˆ![äÝ»wïù­Ñc:Qšw®’Nÿú”¢!%s¼à!£ ”¤Ý(‘8tY)òK…OY¬Éò#içjåhµT}šöcúÒå—OªrÚ_ÞVPíTFґ|“|í è0‰dè¦F«Âÿ¿ö¯‡EMþÃxÌo9æÚ֔Y’t7IèóÍä‘lÅñ\kÃ`2º¯tá‰Þ…€ô œ­«TÑUeWNU=*,Me>“„¯ ŽÜÒ®¨.'Ÿ$.6TL?=üډŽÄ˜FñH (Q107ß M™2€¾•,Ql* ¢™¢¹þUÏÖÀ^JŸ.i^ٜ»¹ªuié}yÖ鱗²F¬táDý$EaúߍRõªï|1ÅÒçf7JÀÎQQZšt+m ãÐEjêLea¸?1³« 3Ò£‡m³ÈÎŽÝx’ÆY +E o”ÚºÕXÑ´½¬į̀ÜõÈÕ( ½-+ÅÔêbAÆâ[*dފc/»}U©Gdˆ)«äbª?ÜÖG[ýS‰þM— +E·¡ÝÛ É¦qt|rŠæ OÆhUŒï‹úøxôZÔCA ì†Ê£ÈŒd•)ø}U+3ZWFs¨/ȼ‘®û™v¯uå|ÒJaðç–\i*A¡Þ?ÜÜ%ï>ÿ…²¤g‡p“by&A,ùΖkV›¯EĤºÆ„Xsg<ÄØ£—Y“Ë¿Cåµóä|+§JYzgƒ¿‚R +dÌôÆ\¶Ò ]H9àM¬^°[a=$€Ðzûú•À6ˆYõXXskçU<‡1kñ éÞ´ õ]²!ÎÂImk‰="™e 7Päò™Hm1^« :4±GÖśh¹,é-³Ô¿Ž_ÍÆ ­6 6“¨{ðœ nat¼ŽÈ•*Õsݸ{7f÷'‘zÄ8±'ØH»Õ†_[3U{ mÉ «`6Ðb FÛY»lÃä9†àÖÒ zKç[$„ÜâÜÓ­„…?ÂÇ·Øy{9<|œ$b÷Í^Ê?0 yä-哂Ќ×<(Pž,KðèƒÌ™WݟÚ¬[fׁ› ˜­b^”hܪ¡×ö†õ"=VzVƳ{y}hÕ |’©¯¡ïõñ6« û·LOa›“‰§—ðìd¶†|’Ú´>þÔ(Ç)ès·`{¤qv…¨>>>/Annots 323 0 R>>endobj +877 0 obj<>stream +xWQoÛ6~÷¯8ä¥)P˖íÄNž¶uK[ h·Æm0 /4EÙ¬%R#)kþ÷ûŽ’ÅéТhmYGÞÝwßwwýg”ÒRZÎh~M²ý¶Mînh6¥uŽ7×Ë­3š&Ó)~‘—¯w¢ +ÊQ:OèíLJõGúUJå=݋r#ÈÛÚIEÒfêåúÛhJãÙç/ZÐë/÷üߞâG¾}م²x–BLñIWóª³X-ñSqŠòž¹=·7«„¹÷È].i Ñq6X:¹g“»g|[óRȝ6êі\m‡ªÞZÇ®zS´,C<•õ:Xw¤Üºî5¸Qh„ó`©1_¢§]%ä^l•E(¹,êŒ ƒ}E΍ç3ú¦ĸ©· !P  ð74!C8zöЇ×Qˆuà•ƒW²i+ôè{g}PˆóŏўN¿‡6DÝaÝu€Fmþé¿muъâR|þˆîB”‹>uPôðð@gdÃ07‹lÈh®’Öð—ñ8ËV›LtV‹‚rˆÉs?a¥ jÈPGíãÎÂÚ=³º59hî Dð«Í–mW€á6¢~DvPéSÞÜ\„ß·Œ!( •+p/W~£B£Ðà„9Æúvƒƒó`ûÂ]_'×4OoðoI³”ûlûtú|6ÅË¡@>£Kr^Ÿ?½§ÛŸÖ­ÜêñFVnWÝ'­g¨Ûùô&Yý@·³åÓ ¢j¡ÛàéG$Š`¶“‰3jŽ™$ˆŒu%jŽ»Hº‘C[} ˜Be-whvÐÓÇق,«†_¡ƒŸñ(³Ôè°û>w†¬ŒÅցšEÃèB NÁkTõ^©Š¯)©Æ§¥L€ëuò™ß˜¨ç;@œ4UNå +³.£R…Í¸tšÐyLƒû…8ÍRt*ð×Ø@ßjðB +Ϻè5ƞQÛùl–Ì)½¹§xˆ\ã³}:q+½á‡ÜZ# Ί,W )øàèÅyE•Õ3€Øõn{µý +›¦Iäõ” d8‰PFOÏÄË$æÉVû30;9½xkF~«b„/ C³oG°ÍQ*‡†áÔ'bNo>|¦7¾çMm¤Û‰¾¾Ä6ðÁ¢„a×ö ÆÜõûQßð»1@['ª–@ûtËLªhP±rŠ+öh´”Ë–.ÄÛRÅÖ%ÈT"4¹…‹ÎÒäÕòå=[âQ3½ÃHŒ(¢V Á“-w¶¤nj?Źoi`BÜöPë- ŽkQp§}†+Îëǚ[î×q´U¾t‡qÉ#‰Ô¿¢¬àU·;‡÷Ø?˜9€õ×°ä|i’¶:2Ç#ùã°r+é.Wdaà†¯›½fvc‘|Ü +[1øzƒVêXÇóâI •É@ÝÔ&#Êh‚•z܃ò›ÆŠS^¥úhºÞp^NÁæˆ}’·:Þ1NfœTÔzlV„Ž+Ü1‰]zŒ%Û9Öèö§EâSÝNˆ®äOíÑV™“»«nÏæ“}ÀìlœÑmÕ. ·xþå´.Ýr»w­sNÇ^8¹[u·Œ9ïù­1ýüÿbëȺX.p<&µšrŒè;þ3ìendstream +endobj +878 0 obj +1481 +endobj +879 0 obj<>>>/Annots 326 0 R>>endobj +880 0 obj<>stream +xTMo›@½ûW<åD¤‚›øTç«í¡’›Xí%R´†“ëì.qýï;»‹?ÛCea;¼™÷æͼ"„ô‹0‰1#k7‹Áð!AaQ˜Wãt‚EŽ0ËÌûµâ-* ¦Þ¶¢C!$ÖL©9ôvÍq¹x%”¨Gñ²åÞìp½À†„ðãq¾÷صÐ+ŽL4 ks{ìS”3÷F.|øpÕ#ÒÁþK‡ŸcºV\~p9¥çϊ5KYN‡ô(…Ð ûö´ÿ¨„ŪRØTuLr¦9±Ê+É3-ä«kž;Âj5«Úª-mͨ)ZéþP‰Nf†HÎñìUlÐ×ûٝÉM £QZš•%aKÉÚlõ|ÀV¬“’·º¦Ä‚îÔZ´¹‚j„Èù¯Åº¡ hÉ)‰?¦sûó©‡å +‚´•05“K±4(ýr‹Ní¨8uâ]ã|y*—ӛœŽ<Q@ËJêŠDÅKGm©v¢#,áڎ‹»¡ rSI–­í6| Ui—ȘD´gy$ïL¨‰¤“£wҞ˜T—¼æL¹îPÍVìLt5ÉÀ‘‹–ŸÊQˆº#NïËs# þÿFô%žfßof/ñKü/W™ÒŒ)#í¨m˜é¶@Ã%éS9ézóY¿e+֖ÔîŽ(Zî@!EC.×+÷ù™ˆNì½í§û9Üy69WÀŒâè:Cºunf‡&ҟðûŀv’QJ1I:¡û˜.ÉQ¸]sˆ6LA“ž„QÎaÙ|ksþû€B«ŠÖ"ó÷øeÅ&ïhbÆ©A”Žƒ¨ªñäÀǽ“C:HìÔÀç²jöhhpKC-©ß\~rËÉd9ä“%<ܰ쭔ƸV·}„ £ˆáCºÛP㉩&¹²Œ<ÛnÌ¥x¥}B³ÎL.ӕ³±ÙpÛ}·§PѩہiÔëðcðs¶©Ëendstream +endobj +881 0 obj +734 +endobj +882 0 obj<>>>/Annots 372 0 R>>endobj +883 0 obj<>stream +x͜[s¹…ßý+æ-›ª„æp8¼ä%åK6ë*_6+m9¯45²󢐔7ûïsh§rʛØr²U±Fƒó 4  gþù¨mÆø¯m擦›5ëÝ£§—¿l&ãæòºiûå¨mfóisyՌGã1~»þîrõn;4‡ëæÙaöçÓï/ÿñè/—¤@(Õ´òÓO•ß4³éÿ¿k¦íh©ÛæBþŽ+|ß<þ¾oÚVþ2t=þýÕg7«Ûóplôn×ôώ·¢%5 vÍ|>šÙšÅÛNýÃá—$'Å®Y,G½•ÇÛN~>$5 vM;™Œ&Vï;ù‹ýé¼Únƒe€L'£¹…hGYí¯24 Ìzß +u„ËátÎí`2ý¨s•ˆââÉ«§O¤»¬Kzù»Ñü¯UËéfb•]?ZÀ*û^Z?\¨U>þ~ª6ˆ1Cá…1ÃvDVTÄɊ˜¤lO¸8·©£¥h] ±b&èmOÿ)éI‚>l§þaô¾ü4¬Š +Œn<šÚJ$¬‡œo†T Vá¯Á’ +xÆnµÏ RGw“°žq»z?4™>¤9‹µ†…ñ<ˆ.԰Ĝ&n²WkG“│9©>v=ë£9U„Úœ”ûž ʬêàÌIõÒgèF(ÒžÞm¶W›ýûܕ¤DWNg☓ÐÄ&E*0 ZÃОñt³_7Ñ"`‚Ó‡s0É"¬=Œ—¨Cr4á‚ì¡•Ñfí¡sö úØw¬öPj{PBì<&DfE˜8{P};^È$Àˆ¬—äH„nDb®d„R+†›ë’ +ŒÙBLÁ0"¶blv·‡ãyµ§ «hŨzÿ@€7³Šs‚Ç–É£¡ö6_©9kê—3¸Eµ¦xQ¬©_ŠÏ´Ö4µÖ”ô¡ç>XSM¨¬)Bׂ2}:kMIßNÆð + HxvVç2Ր]ˆù¹·”öö-¤£—øÏÔ$a=ã´{—}©û´ËŠ¡´ŒX bÀ–uÉĂçXüXH,PAx K*q² `±@ÅØ£"b~¸d°–ØÏÐî;,’Ä„ ²Ä0sØy|FËNa÷AÖ±† ·eRcÛ"‰Ðô㉌|®„Þ÷ˆ~•­‘E@taúc +€é •5’P,©b0ZÀƒ®‡]òB,G&1ž…(×C6ûá|5Ç*¶›]|MW”–áßÎL¦Ó.¬bυ ²xUë@Û‚Àì™H”¬ zÛ3jkÐ:HÇb>bD´†ªý»\¡cäÈTÀWãÉ[z{„B‡bZ$l)mcê“ø† 2ëêH*v!m¤L³²3ôuV.֒±ò/ë“pA–Üa·Ãø$D-نâªú8²^o{Û1‰0d3­g‚Þö„Y6<’ÀîÆsqÍ Ðûpyü5õ‹€@¾fD*àÛÍÉLÒ¤”ñB3ÃўÓ4©ÀXˆغôWU—œnVÇ!/ËÄxgâŸME”ë+²ú¸ÚlÃ9::ւ4•CJ<‰I$ž ŽŠ+“¨ÁÑ7ËY†Á@”ë!Íi8~Žò8“*ÿÅFÓÔL­,ýÒº*\Ðjý^ô UGSgu>N_ÕGKg½íߟ»¡£j5r–+ÐÊ끓ýBÆÓ0u9$«—˜Þ‚´€ñ¢†E@`Sᄩ‹R-‚‡i`cØ€¡ÂÃÈuÆÝ~ó¯äGX"ƒ¥óO‘ +Ø*¬·Ç ³þbj"—pamv,õK6.Èf±®´µÄ9 ³ZÕGc}´ÚŠPÛ­¢™1A™¾ g¹ªW+c€"= ¶Ý„ˆöňDõŒOZoB-äT¯7(¥{” ‡I&ööÙ D xÈ*™kÄ~Ã4f +õ„ço.þ ,¤ïdþaH*à!o¯ß¾/ҁ‚Þp-’Àe³_þ«`H¸kºIõD‰|æõeÆ°˜™œ$šgJ<¦y»ÙO>)ÁY†°’Ûh€=åÍÅãIaJN×ÃúÙ0´€§ ç5Æpê&ƒE|cR1ÎæÞéÐ8‰)L&¬xÅ#Njâ$¦K¬i\dˆ¶TÇYÑ °›£† ·=âíÍ*Çñ$Ú5ðÎSKÐ۞ðâ:Հ$Ræ ÷=àò;/%˜"(Xæ¸j$°Ç’ Aql†¾ 5ÓÊè}_‹Hú~ę %ü‘(쏦‡TT¢{Ö«‹äÈYÄ\–›¦6(€_xÖÕW‡_Ê‹t2Œ1µYŠðœþ‚õQ± pøe@©€ñN"˙‡ÑÃ-œ +xÈÅj÷n¼µ¬|¿°Yç€ ¥œ®Ú…‹lŠ”ÝáE;-!Å7¯ÈÂ6]c}.éð†¤·=áÉûaŸòºÊ{§¤ðKÛNSI%Õ=Î.\h;!­·C*ª—pÔèZGõ8.éP^`i”I(]^c&IcƒDdÙ„Þ÷•øi8¶wœfÆZPmŒS®L*àQ›}ª ‹€Àöœ^œ›'£‘¬džBÎã²¼ïBô3Îa·\½ïkñz8?}ñ†CE 2¾`£Œ¿¨(3²üݙC(ÕCž­Ö7ƒøì"=¸CjÍÛ.r¶›gôxA]‰ô%;£Ãû:ǬúØèáBõ±#¡êF•K õJ´5xùê‡7—¥I&(/EHâZŠ¤èKó‡\ÃoL´&_y‚4ÜCÄ ê äeٍ +Te6ˆ­„vŒã<„ìÂ3QAlc’  Ï/ÌåVjηf +9̏­É™”Ä·€„ j[¸€À-9;W’º¤ç⏊ñüu¶Rh³( yÆ+­ƒÞ÷µxy8|¸ /Åuÿ'‹wר88 GÌ¿NÂ5j8qô΃ö؋Ùr:iў+ÆÛ¥UIkÅ~œ/WBïû„]jUÙ]þv£?›kk’8&cJïÔª¢~ Z 5Æ|ª‘œÑëmOào.Hô—*W"† LOxwÄö oU†5Læ`R…# ÕÒ'Ihº¾Û#Óð°Ï[„-ie† Á˜!iO2/°¢1Â7†b=ã¦|Œ‚UJ¾‚a¤žQŽóX©]5R¸n·‡œþÌB`Ð#{ü4©€Ç s_>)¢«ƒã_%{ 5,«žbîFÀdª¢XÏhðH²/Iõaµdk…h€Y©€gyÛc)vÿql‡èЀ”íAwlÁ¬%¤y + +ëyO³ÛƱƒ\RŠr +r¼(ƒ¼]ø™¾¸Í0†“z.éF­·­¾,LH ¼œF¹Þ·r·(a ˆp±‡' nåZÊiXß7çlÇ,Éiø,Á(Ùb·Ö?NÆ¥¸NKÑ–ÂFL° +vMš –À¾4 „ +S‡µò $Ñ@k"1- ¾¬J;¶¬Ä‚vMš +XN¬69–‚ðÏU&°ëC>Œd XœºM,á4 »ípÊ®Ÿ…2e~7͚ +X BâÉY|)»ÞŸÚ.lMöJ ÛÏÑw¼ N´l0ƒý]!&BX·Bfâq3p˜Z4 áeACÐû>?´Œlր€S4zx¤4*ñ®`]?¶I +ÒË:GѾ"¯/ӓ°œÇÉߕ¶MQªGÐn‰€Àa<ŒAh +±Ïµ †ü·Gh +q‡suä­í§ #TòŠLÒ_ð8zŸE>ÐòƒÍÖ¤tH +E^ßÄ ²ÞjĖ‡¬L¿ŽOøK<[À)!ZoÅxµúÍ—Dè°0ç„Þ÷Ù²Æñ° p@` (€ŠyF9ô"…žl–Y½ð„Ý°{WR)X(Æ'¹Ú£dÁ·Ú4¶bÈãƒæM<‚>ÔD"\ا°-à¯ò¢“E2äàÆ Rp>•à`è¹vE€=¥x–`>À³øŠ(Ó#|ÈÀR€¦B™'B{jruØ­6ñ My×㿃n¬áçeo.h¬!)Éî5ÉXsû4QÓ@쁶cDlä™~Ð$8–„6Æ TÀWǎ9ҁ‚èÑS´€§³&øp¦iS-P!Š³&, Ǭs‡Ðâ~gMà0ðÜC¥¿àqä¬åðö¿0”¼¤ÿÄmÊP +ßǓDÙEA{¸ CB¡_é—$<’ Ññ&4:ô¾GÀŒÖ[,t°Â_…íR·JùD½æ×m:j–TÉÔÍù[ñB‡ó·bÎOm÷åo%VH¶2¬¿UCÊx% ÛKˆ†CÍ´2zßg¾¦ñʛ"$ +›¨úŒJtÏúñÉ«<³ + œ÷b¤†ð +ÏY…áR5-C±žq…÷§›wwçräÆj¹r hX©€g’ž‰U` ©.? +àž°F”vÄÌò‚’•˜B–²å(ړ| Ÿ7Ìçˆ,± f®P*àA+ãŽd€…Ó£Ïð#­9-ÇÆeN ?gÃGE—[‘…ùßîYó[þŠÁšz)¬y¿:Þôr3/xÙ:g@¼ë´¦& ôHþ™½Þöع´^6úª¯Õ~¦/³]‚ˆ?g¦…Ÿ‹£F„h'|>" m­b±¡¾au¼ëõÏëqFR4hHûgŽÞö 'µ=JòÄgØãg¶Ñg›˜¤ÌæyÚ ?—ÆD&´ôøŒ+4—ŠñøøŠ %IǛ^N¾³(ЄXÆâs™$w½<¹q³$1Hp–øæ(‘ô¶GQ‚A‘@-R[%z=>딓Xàä?µ©ñÙ]òù'é¼X¦eL˜yV?g߄ K¿*\ »'sߜ¬ 02?ËÛŽ@gáMšX dÉ{(«µˆ4/þÉu4š;ÃòþBAÄ»QV™E f$»c¬Vž—¿Ú¬‡Óá:Oz¤Äœ‡d/¼bD•ÐÛsg -@8b´õÑÛô=}¢ŽD ÌĉpUô¶'\üz:ùëP$›U¶Mõ¶gœC^ϐlÑË[$¥Wô¶'ÐwKŠs6¦kJôú0éɤƒTÏÿá(pbÏñ)Û;ìZæ!BÓ÷Ägjãõô¼|YŠ…ÊQsâ]¯—o—ïâé™<Lóá¿£úœJl#¸ý|}ø)|ŽgÁqÀôà ñ +»L§ß]È̼"ù||¤y~XßíñG: ošôÍç!_ô»ü +_ÇÿÛ£Ç)endstream +endobj +884 0 obj +5352 +endobj +885 0 obj<>>>/Annots 417 0 R>>endobj +886 0 obj<>stream +x͜oo[DZÆßûSE‘¾Ãsÿ¸(;¾u;n¬Þ\à¢(h‰–ØŠ¤JR±óíûÌììî3s”4v,å&@¢£Ýç§åîììììþëQیñoÛÌ»¦Ÿ5çÛG_ž=úâÙ²éÆÍÙÛ¦.Gm3›Oš³‹f<ñÛóÏÎVo®×Íþmód¿;­w§ãïÏþñ諳GRAk5­üôí?êg£q3›,ñßm3ëGS{¸n^Ë +‚ÃeóųIÓ¶ò§ÑšÙŽþîdÔâßÆþá¶Íb9ê<;ÂËýi­­í&£>÷ÙÅg£ÿGÿt}íÉfÖu£ºmҎ–ö`Ýöų©u:·ëQ‹{éÉÕêæ´>än"ù¶™v‘eÅ2-ÝLts?šû¶XqÔÿõåóÿÍ- ѶiûÅhâV¯Ö‡íæxÜìwÄZ`›°'í%ë˜\!¢¾ÜœŽB2@°Á± +²Ú]©¶M×Íb¯ h$|·Ù]ìߕ–°”‰˜¤û8¹Bä¼<Ë aóElH®ÏÏ×ÇÚn›¾]ȤçŽÍäˆpØ_çæ°œÉ86'Wˆœ¯7ÇäEº1¬ããæe7±É“œÎx ,~*ŽAÊìaÓÊäé3%Câm³œÊÜaR*þg³~·Ù]æN!쭝ˆÑ2%•(ln$»ŸcÆ;„QŒó«ÕÂR±ý¹X·Å* @<Y&fۋ±8Hâ 7eBWÃ#5X³¥ ³ ?`Ýéc±”Å` ¬Â€rºZçQbLw܏úВ„0êdd‘X¿úJþ0Va€hŽëóÛÃæôCn kAšOÅe:R‚H›ÕõþRW¸~ +ùÙ3ÉOžér†Yc“'=ØäÁª<]ÎQè§LW— ™oY?—9èô:e†„?íßåÏNÌ9ñ `ű §}֓$M·…Xy|I›2² +Œ¾+)¯3V!BÞn™b 0íŒÌãFH4–ʤßéº$Wˆ Z8IIJ| ««òiHƒ)†¥ma"áõjû¦PX'®c×á>J®)Ç«Õa-Û!üùVý¡]˜è [“ÉêM‚E\5ú0L­Þ}Êjãyý]kFRa¼ZqFŽaTÏpÖG4Œw„ õˆý»Ýúp¼ÚÜH_«ùÙäûú?Uc¡Ó'…>ÐXÌǘ[Þ!MÂh˜>õëÓh wŽ‡A¬ë˜’¸Ê#’úIfvٗP¾%u6çè©Âq±9¬ÏOûCY`X+Óy,Á‘|@¢5\MD¼Úý›H75§ª¡Ýt:ƒ ´ýdz cÐè(CØ5f¦%Ö'ÅAwÓã9vaТ©GX¹i܌ºÑåyÚ~ÈòüŸfËG–‡~ń—9õ>P¿b{â}‚’Q]÷I„^Ë&oÊ+§Ë$©Ø¸t“ev$ û·˼³ãC·"«Á”>P·ö²³LG´÷V'aúvŒ­I3e@r^ċýÅæí ³Šl–A¹BlŒs`$×ð«!äÀHÄ|&1‘k‡Uˆˆ¡#­80 4É*DRp`˜†ó{6“næœW;§¨BÈÚ¸ŽÍÂ:fj/ø~–'[€çÈÏVç'N¢Tlaæ8Pfû¦¼Ûœ®J0H" à°zp[@Å/<€öZ¬€~1ÔÒŽ'ì‰WÊÂT!l ILêšadñ)©$"•­£cd¬gœÖ«S õYȼ³æ†ä +²]ÿ™»”EØña&E„Q=¢¹YVÛ59-*âi~Érl»àE‰€õlu,›$ï¹æÁZMoŀd­ďÛkF%ÓcT¦ÇæÜa±’ÌËAÄbÍÚl&$ËrƒÆfüˆÕÈÌˁŒAwÙm¦Àmb‡À” ŽöèÉÄn%aá!V!BV§Óaóæ–fia¾Øc¹æX…Hj¶«›¬TLŽùÞ®[˜³•´îd>׀FsÜéÁì—3è$?}dsW=³4ßíXFòܒtÏúåìôFŒúW‡ÍîDk8 á35v+˜×·77ûÃ)ûŠëž—¦YÏ š)›]D|·dÿ\;23"œù²–§‘§8RŠ½—!Ɩå¾îÛuK^Á'3Yvl/šŠUQfy2“àýã,f–3©Ej½®\C©"àû‹[]Ð¥M°_æðËgü$?„ŽBpU(}°O'66S÷éۺՅÔÉ­Üpñvsy{XI°#}3#Êý%‹á'é’ ÓKâÝ6Z} ŽÁ™_W‘‹%ËэTaþaÉÂüc„•GȉXȝ°Rü‰ä'Wˆ ÿ»ÇôÛ¿I#à^þê]܏ÝìÄÉnILôúù¿+—¾­†—úÎHsOG°âÈx½>qϒN:¶Ç u+”§‡Í÷㊟%!09Ùs˜LŽœ·´Ý"‹ElJÆFÆWïqÇÆBR¸kD§¡g2;‚t³àéîûKݖ¹Ú·ÎÚV#€4rú@ÖÐÊçðºÕ<.‰Ð{cÉe¸lÇ×åV¯d»‹áªX³É4M¯'ÃNoŞà¢}Ò`˜õìÔ¬ÜÂý‡E“$`2µ'û™é f²ÅbI'+»M׌ ìž4¹‚ǯOö½sBš²íG¯4sIy'T4›“dÛ`jáó³ÞŠ#á¬^’  ä€`å‘ð|«ž»Æ6¤”ñ”ëF®%Agûýõq}’îøÕCÏ0*ÓE ;{} Q+ôF5C˜Τ’H¯< 7˜&؀ñÝÕªlëq©!‹Ð¡cI:„•ÇflꐐF†q'dhDä±ý£ +.|=Ȳ\¢½áaXÐ-GZ½>аLfƒøÑzÉa¦~7BÚ9„•GÈÝ;­¤D×"s_ÆMÉèŠþ‹”àÌ2DŽc"'í,Š$!Ö)¤`+c"æÕêüŸ«Ët}{ԇÊ;„ÕK39ÓPÝ3EïWý_0#è1mÏ+– 3Èÿ‘#€1¬<ò)C@Jp¦2k'£#è¸>`¨Ñ‚Øõ§Œ†3é'F¥¥Þ½>ШÈUrºÅ-¾/†Å¦OýÇú4&0“·½ì?ÝßOÄ ¾CRþúZ3EeLH+³KŽHÉàõäzƒ ð:"rüôëŒHïn¾öȦ–S›ô@ƒ1÷㇣FŠLߎ;‰¥õÉV/6—ߙ$Egê]$äÈ©—øXbsÌ4nI®oûmÒ*$|bÜqÁ+ë@Ašq½£8RÐ{£÷¥-¤¯+÷+=Å*DJ큃°€È"¢äÌ1M>àJèOÎÿ-ìóU9€éô¶¦½Â̒ø¦ÃmzŸ‡¹ë&³ô¸Ä±ôf¡ÃH9€ÉzlóC¶jýÍ ñ& aÈêL*`þ«˜I@¬ÔZ£¬Æ.öÛÀT!0èŽÜÏ“È !H®kw¡%HÎ;ÔO R‰AK&؍ŠaÍ°ódÀ ˜Í´ww0º]oNÅ,é§Ã8 +à¾j‰Õfâë ®¯ 6•œþ ÞovœÐ©:±)Éì9Šqc;Võ8Ž4 `ŠaàvdhDÔÄ‹Ä ä/0jD<õvIB1*I¼zŒUˆwNO2XR±-V!Bœm²N<¥rº¦ä +‘O)K9lóþý¤·È)Ý5îôÁìGeH¹­VhjLI|PV'# z×W¤ ”›•Ž`徜›!‰XO+&ÌMÈLOÙ7ց‚»[˜<Žb`OÛ÷J"1yóÐ#¬‚G$#Ö65’àéçbdx_Rñ»^îÐZ>'=ÐÐ×ûpmNitM¯K­Ó§âừr ˜4ú +%†NiրT<Ô¬ÞºÌ1Éã8@*NWÁ*0…ĹVayƒS7:– ¡˜¡Ü¾õ˜Ta€9á©bB$—ºa…®-©ÂC–Êâ¨ń{*Ák@ Ogcc„´EÔl .EÞ²Æzˆò%Ւ¢1}°¦ºX.ÝOÀ;c=c¥XYFEuˆ̙÷`¬7bÔóûGU“ç 5LO6o h1è°gXyäë t^W¥0FM­:PfG’sﬓ–•ÍS )r±ÄÜ«Š5óGÊ"cUҋf­Ö+¼ºfä +DnkÐœÏ,üÉ"Y´íª¾ùÀJp°ëŠCGŽvX(ïúÉý;ÿŒ1öÆìuJãàÍøË£õîJ’„ßåJRz(sZì@|@ ]gŽº;#µxµ®]Ÿ •–“âÕa}XÿëvsÜÔ뀬†ÕáàŽ”Y¹BlϷ땜wŠáÁå=Èjœ·ƒÿû.–íL¹Ì”¬_¡áúƒ‹Ð°5÷ݚÕrÓ ß¶ ,îÖø¹ÖËÃþvw!]§õqV2øLŸä¡cp³³Ä/­>PÇÌã…Od­Cט¾EÔ½€Ÿšëš"»JÚG±§—„*WˆÍá“dRëcsß¹ÕÞZãÝ-©ÄÝÊ!°o‡Uˆíðޅ…pRð.mÀ9b‚w‘ùÞR’wïJúKî]©—Hdúgq¯3˜éõM:§7¢¬\LˆÇ,$DÏ#³‡.S¦5ÃÊ#æÅêüj³£U· +Åäz«Ãdräœnå8Žu²bJÒS )øZLúúe,_4ïÁŸ*Wˆ Ú¡± + E<Ø`„B¦‚u  7CÇä +±%)C^#RbáÄî1tMFGN°X”Þ•ö‹ùe‹3êQO²å ‹¬Ç­¡cs…ÈHÕ¨öÊw;MÆr:™ò'@Ûp,î#e™3u¹Ö“‘LÀ½8ÅÁŠ#ãÅjw»*ß×A2;öø^†Xy„¤©G¯—“,WSædtѝ0±”—Ü=Â*DDœ¿¤„™jÆÛs¬Bä¸ù˺2eøå +‘’ç¯Ú‡$ÒîÁûÂ+åNš¼”W2— ˆŠjϛŒÄ-ö‹ð Œ°òùÍ7»Ï±p~þìú‡ßäøœÕâ8%©áX¹B„ Œ‰¤éU@² +DÆD" N[1¹ùsejDcb%8˜˜dÌAü"R¼)‘ + $t1ÇÃ*D +›æק3¥‰»ÓØâʽ°ô@>¨ZO ߒu˜ ìMœ +„°ª +c­7ÃÃÊ}+8f# ”л܈Ìô„´&Ó% ˆ7`ºb<¤.H,w°`o`̨Ëk`%)`p|?®fºˆ–"ùÜ÷àjîØ.LÜe´-­Á¿>õ !÷EõVa +ëL…]Æz+Ž„'ûí¶.<$“Ñ—¯Ép%æë ¯{|}ݶD$¬¨äsÙGÉb[(ÆbÈñ`t ÃFÆW‡Ã>½»‰Wî1X¿c$G~(‘¯(ñ»þ\!›½1×Ë¢eb=®bq*Œò×?OërL_Eè9݃1!•F«ýõæ|³®cXubrŠÁÙ¹ >_UÈèIÎÝÉSñ ‡½¼M™Î$æy˜X‡r’ÏÚõ AOÆl¦?×\ěôx Á ‰ñ¿EÃbÀœ¯V º&ß9}*~^¿Õ¤Š’,Á˜qµ¾¾)£o¢4úŠ#áœÿà +À¹SŠ#àyùûU¿+µ3/OÅQ~¹>išï·=¼éÀˆ&î—þJQ®ÖƒxË/×QE2ú62!•ÆXš£ô•Éø‹#e†Q#Ľ(U4Àåà»ßèc2âfÕIÐ)'ñ’Š#dùþ‹_évA¾‡õž¿t’ߎV‡Ñ)‘Ÿþ\‡|ý='Š5î3qrجN¥^Ÿ3vþ’˜úìÌÁëxù\Zd­Ÿš!÷öéå×ãÊàW¥t»di&ûö¼\ŸÞíõ˪ +d<Ðؒ¯÷—û]rüâ1ïaà&.Ác/ ³´oõç:T¸ªƒ,N?W‰L/Is°>•FÂO —5¤Õ^e’ × )?1`JiJèئð’%é0d¸÷‹¥¬_¬8Bn˒Aèq3@^©#}"Fý·ûՖ²Î¤“T–~åC6BþŠ#Úl¼$A·…Ü ;ñk ;>þºýÔ¥oa%úӟ«Á¹úكÅÖ»ËY#î\ÉԘˆ8ø‰ú§ß¼xüüåߟ|óòìÛo¾Þ×¼i%ÀZ5cþÀFŽ@â6kK‡pzîÚb¸Ø˜àÄI»ÀŽí§dÅR/S‘zD?8d}"F½_I£@xà?ˆGFXIÆÀŒGÈïŠaV丹äNµ£XOBd)Ã'þàïf˜êfL!ûqýI¿›qýBðÏeaÆ×Ã⿒ýìõã_>n0þï¶kžîÏo·¸Š­KŒ®§í´ù|®×µ?Ûlä7¸qó—Gÿȱendstream +endobj +887 0 obj +5223 +endobj +888 0 obj<>>>/Annots 463 0 R>>endobj +889 0 obj<>stream +x͜_s[·Åßý)øVg¦•yyy/ɧŽ"Ç­g’ص”qòBS×[þQHªN¿}Ï àìBnãid»™éè8?‚‹ÅXàò—'ÍhŒÿšÑl2jûÑjûäÛ«'Ï^,F“ñèêý¨égͨŸMGW×£ñÙxŒ]=½Z¾Û £ýûÑÅ~wv§ã7WÿxòÝÕ©jùëÍ_ä_Fýtÿߎ¦ÍÙB6£KùWÿp3zö¢5|2t>Œ>õâvyw#ý0ÂmGÝijc±C,šÛÑlvÖۖÅb§þëþC’“b;š/Î:+ÅN~Ú'5 ¶£fp¥px}Ã/÷ëãú4¤/Íj°¦3߬TÁÃÞ Ëëõî&|ï ¨¾7™à±ÿt&žL0ª’‰ÃƒÚE ;iQÈqzq6q†U}3–‰ g@4l…@qsØßï®ÅƓ/jkng|©i6Nx ãÀ•ìÔ¹8kqT?o$^°>Ú¦"¼½]所DÆCÌbD,¯¿Ü/7ë÷ëæƒ"¨Ë¤Ï eW¤4X"7¦$CˆÐŠ`Ã9 D›¾ÂDr…ÉÑ'¯X >¾Ç-Ò +j_&1íe,D f8ÝæhÀ™fÞ°Z¡bì†Ó‡ýáŸÿGà”Uš ƒÖ)û“ußn!_j‹p‡Šûv ‰^vl·6I„U,¢ A‹=ƒ–Q¤ÓÀ® Zî ×{r]R cŽ›V$¬‡×% ³>çê oÑAÇÓò´.Ãj°27Y–â=ëýz—çM–Ái°0Z8ˆr=d}Ê#šU⺲š0 I<ãÚ.¯HÌbâm“È³Ê ¬èÂâø¿“ wsžÿ»yvÑÙÂ9𼎾er"Év„¯çc½[ÂÛÛ!‡’ ¯Ç2I€–[À:w+¢çÂW¸©‚PtoO¦² ²­` ¯Ÿ_äÕ +i@˜Ém ZÁvÃp=\‡žmeyø;õì'1ëývÐJÈf²·Aljçà(Á>°“QÂú0wáb™€4ⲉ1„X^̊›e€`sWäfh…Šò.O4,a©¢„AҀÐËÔ6"V¨~WW„¼ZoR%W»`!0]+ŽÎ&Ñ +¦,bà‘ê£¸§ C]_ÖÈ]x ìdn´.Ø9T=F ˆõÑ+Í¢¤AÃmZì›pÓ$^ f Å^ÿ2ÅRÀo°oõúHôú㐗±,ç•Å£iBªà”L ؼ!²Õ#Šÿ“Fü.áÜ´‚'Ø¡L:P°ºr½‘Àžòíó‹à°“÷¼¿=2~bMçÅÓ6lfâÔȋ±°Ó:¶Z *!®Ü˜ LÏ ?& L7nd$0AË=¡82k„0“ Á„TÁ#²/³„iç–¡žpî6ëՒò¤©ŸŠ;’Vð$žßI… ˆÉÎdZÁ3ŽÛwwËãñC^R²¤V¼ÏROz¿Þ Á/ñá³Ç ¤Ñc»…®êdŸÖ5³°¨ IÜø ~È â®±óúC âDêBO¬’”mØL¤°F +DÅOX®ÅV~yڐÃIRÁÚª Zî’‹ûCY%’LæSYh‹$®¥ütÏ~X®n×»¼F`1P!-oP©‚E¯VÈÄä`Í:¤±âIý¥†E´Ð2Ö»÷ûÃÖl•X)ùNIUšÖ Âœd[@ÞNeÎàJlCʍ%ôâq L øþùùëÜÉù†ä©,¢Çzҙâùú0¬à'ÿ[ûÿ¾vîÇf«ƒÅ”,s‘ä†eÂC”êìÆS”ój^]r¤†_Ëîß ´Ø#f¾ÛiNûßÛü‰ÐïQݚiºD³š)>¨™®œ.:ãЖPL›MƒéMŸ”¬S3^ÊiÂõýJRb¢¯*c鬃³)ÉWÆoÈ:3‰QÎ:%aI™^eF˜2AË=ãòþîn8 y6b©Ì²c8¡¥ +žÄƒe€ÌÚ +¢\¹ÿáÌù½þ1'µ9wßð¸žb9¸à|ၺ1›ƒÃh.û×hr,dáiÆ_+ÄåêvØæ•/É`ÈC DË};–”±"‘ô…¤Ð Tüƒ'¼6aJ8ޮ˩ ‰šË¶Ê¢´‚‡•ãUɔ9‘1ÍfM*%nIVåSËHXÏxó"'WXF×H4áv¤ +ždõ,Í1,“iRæ Q®‡ \¯Õ¹;Ä$™`ÿߝ°s\|´œìG' ä¸]å¶eÏKŠèrðÖk¹%`kÿ~}sÏ+,ñÖ$¨“Å£¥ +–d·l¤ç•§eà€rê¾Í‡õé6uKÄßÄ( LÛ fÒ1ع>êÊÚ¡~b"6aE!y¿ix ÄʳZG˜ _QÁnYF¿À³g¼ºv&Œ“ä?1Þ¹% ìAÈ0o$8øì±R=ƂæÁ™ß%¬<‚a™sÒ¡ÐÍ­´yÁì:A jwú”b9ÌY1$•1QÛ·'ŒŠÏî‘ÆžòзÆEɤȦ‡Õz¥/ ªšq'öeBŒ2Cƒfق‘R]Rš†tXýÛ¦ðüHéñeKÐ +þëü‡àw¥!$D ÁòÔ}¡Dö˜ír·¼¶¸ªŠlfÿߙ ê¶úlG¶XFäUN|(Ù"‰h£#V93ۑ Ќe½h¡#kÆå°ÂlqÊ·cX‰n‡#†“*øÆpW’ +Œ¹,Ý,C+xÆQöõ4÷Ÿ}ÕOy`µsqXñúc^…ª¹ë •ã )Nɨk€C>Id8Éٍh¹mÁñnX­—›2H +–ÿ¥$°Å,O§ÃúÝý‰I**MsۂÏÈó?id'ó¹%hK`‡»‘þ±R¿®ãgrÕ$u|x ŽÇR¥šô˵É8ÐÏ'[&h¹g|÷ër{‡+£ê,ÌÀ˜TÁs¾þòE†DHmAzV7­à!ßa³Îw_H)Ž„:Ž£<‡=€TâCґ¶-ZÁ3òŒ5âC²µ…z{‘˜}¬-mߙø?‹I!µáÜ÷†­·Kª$WáêI{5­Ø‹Zî!û­Lba´à6ÎüsÌbõ¼öÀ¿ô½šF6 m+1Q/<ǵ g¯[œœÛ)ï¡üubÁ8S++ä¯kÖ7i„F3ئ1Zì[ñÓN®†å\MÈQ§V4øfè©ðý´Zî)ßïoö»¬I'c,LšLI`y‡kPC¹qÁJŒ’ÉØ·&U𜷸^³ÿÛÃJpZYy›o•*xΏWɸ,’+ç¶ъ¥<€V¬YK y6Jªà?ýøòï¹$“ô€YˆVðû#T°|ÄRnJªà)°ë;˜VœFüäÀӛ«¼’±/+’ðÇ å·[y5Þ €ÇŸ‚°âD¿2(;Àù»ãé°\…µq¸õûÖÆЏý“36#eöj$d·Û±¿U ãÐ3¬Ì³Û-¢u*ÆםÝ6.$7Ôrî?>ëLp“ÁMJxs"‡ËðígÍm¸ï֏ Åa®ã¢ò:½E(´BÄA”†4 ÁSc1©‚ç¼>ìÿµ¾bf»Çþ"~lÝunŸ`±)C;>P‡à•»g†»š ¦EK`ß×Y2LòV„e\-7t·„TÒ)²ö5íPl…Á j°$&™¯dÑ›Ko“°FÒe|| ËÂkìâ–u§ €-,ÌhÆÕ+_Õ(1ªÜr1eúFètQ<½ ™*ƒIäŠ#7oeÒÁûÝî•~,þ~üß]‡à’Z˜¾‚Ó†êÎ:i蚶Š†çŽrçmœƒzÈ~X¯ûãþ}>˜g™Xs"ÂTÁ¶äÍ°ÝÓµ’‚´ÌÔA´‚… ô¬†k¼Š”»–”²R«£,çb¹Ù|ÆQç:K˜œ —õÝ<™S막nc,#Š&×ЅŠ+ƒPU!~\n³ÅHÃcáˆ8ÅmXà¹ÈYæz•,gM˜Ä¢jÎ3V·:¢¾ÐÄqÖ§+@áÅ.9ËÉôø@ÃiâïυE“yè EˆãÃzá)…8tGÅx½¹¿¹ ï¶ênŽ…°''D&íRLªà[s~k\»“Üã·—Áiû— 6ybŸ>þÄîºôƒF Ô¸ñiqè +šlŠ +ÛP¹f?a„ Œ +!חR(! úð‰h¹oí´X®´c-ÂmH<#¤ßS;X +®†¢÷ e*-óŒ—Ï3€$èþpÂlZÁ#Î7›}ô$ñK\ÃüäÖÇç°ÿQ237&!õžVsၟ¬9èÐ78‚"þÑñŒG¨o†ãý&Oq$B LÀ—¡å¾á\zµò .ÔØÖ¨ ¶yÛŠQ›y5éAeJJrÉ¢áEþS}زxÂËÞYÚċÙ3I+†•;R†8þÁ6…) Ç> ûunIBZB:¼ÌG¸½\‘øŒ»×8 Èó¿dýyþ—Ì’m="QuU0Îó`fÀ½kÆ×»µv¦+åɸ ä£è¶j_]lG•x—¼ÎhbšŠñFÞ¬>„CË°"ć>қÿ#Ú♹º%ïwç™1>] o—ªÂÕ¨’q€˜M¸¶ib—Šq5O”ºc™W6D’*økpW¸|“3¢,¦“9Æb”ì1¯îCÞ oê~Áw´]§àân>inÂu +2|Õ,å® D Ì C6œ ©ãûõv}ŠwÙÂýhoYgümO³t8ÖՒ)ÓMx ëL*Û¸Sø$—×jឬÓ# Ư6H6Nj±¸sþ5 bµÛ,ååÔfïî„c•ð·Z…ÏlpØaÝCG6 + +Ç+ ŠdOÀí“4 Þ¦–ßtau,ôêW—“¤. +q\9&dy,õò‹Í»”D •„I%3B‹=㯯Þ^½ +N/ƒå3NÞÖùg&9†¯›/ …¿sgÒAÂÜ_“Õ(%#‹+儥 s‚«Wúç‹É Y*|1KX»Ð“5^T ARæ ðw‰HÖº0 †!Ód 6tò¾!ë1iUzÊ–ú1¾â¤!úá±Ôüª¼µwjÚv¹Ü‰_ !½{@y¿«(ðñ}øÕ #@/OW Kž¥(wà§;‹=æÕå³Þ¨2F–F–ýè*ÚdµV+ÏÊ]¬Iâ¬8à¬ø#‘&ABT0ˆµ_1Ψ>† £D«çÑE qìjåÍlt¢vœDgû6¹6Ն¯­â]8–F˜ý蟟îö%< ¸Cg­¯H Ð÷ó7ÌÍ(BŒÄ׌Xl)&D‘¬¡åÍòb-¶d rH=däÒG¢×g3’r¼Cc{@‹­¼„h@% Þä<«žœýšŒG +Èñs@®íhå&°dK¸Pb>=­Ü„•‡6¨„˜­9Éðw *Èôºœ,dÜ\õs™4X°RéÏË W©/ ɽ±8–úÇ¡@„Ac‚¤ÜªÏ_îÊe梀¿a @߂½4!õ.©d#?§gZÐុ¬Ç{º<[D¢ÚxyC|L»Ìšð~B‡$Ðãµ؜ôZìÛÀŽD `]n;Q‹=áç§dIR²5ƒ{„¼Cˆ]íÏß$k’c©÷]øÓ¨ü) GÎA^(¦Ôbߊûc¹ªG"p?R^S Bdz/e²z,þà€¬ÄJŸ¾?) ÇI–ûøôò¸”‰?}!#ðáeíbŸ3{T¨7Q¥ç­›°´á%,,üáTԇÅë*½_Z„ú=¸5…Úҏ4ÿñücY9ŽjI®@¯§ÕEV@Žfâ(„åèå|1¦héWˆÅp‡·ïèGxIHxñÚ@"ÖC®kŒžä7$“ >h‘Z1öv›ý2ßS%!(XHãòÙC‹=E~c’©¤“H ‰XьG" \=Ĺ37#2=‰dÊr Zì qãr\ò¿mѸŠC +™0ý çðWøIfœ1…ŸdþSƒ×<°·@‡ÈïÓËó¾=áêÇ?dOù|¿º—ËÙù0GÞUíGš…Û–O×뵪ÿíÉ2R +endstream +endobj +890 0 obj +5146 +endobj +891 0 obj<>>>/Annots 470 0 R>>endobj +892 0 obj<>stream +xŖMsÓ0†ïþ{,}Xþ8¦@LxÊ9±Ý’Nƒã~>»¶ì¬e†Ói“™Ä²´¤}wWú(øUk0äUp‹u +ZBvʦBA‡ …”ø6¿Ê¶»§ê{XՇ¶<´Ç7Ùcð> h@7 +=}ý@o +Sü­ T"u'ØÐ<Þøæk JÑÌhgq26ëêûöG[6à&c¸ +l"Â)»ïöʈÁœYT ¤¥mv ukëû=û·ß²ÛÀah—„à1–y^#„™!$…ö æ!6Ûj· ̦BÙba=B?ÀcëS“—„›!Ä(M!n€Éëâ‚`FˆgŠ8ª‡8ïǝp$ÄÒ×Ô ð«» …„VÂ`Ôdŕx¶O"]°™ˆÄ5V$ȑĿ¾á‚e±]ØbE88™D.†Y£àª ¼ìX®ßgÜÚ¦.Ny»¯´(«1Ržy»ÿí7ÏOZcø ~ênoäm°“ç5zG{Þq€$¤ŠÁ½sf !’™ ¹7!©8Áõû‹ð²’ÙQjKªœ2€}L[ëàF”Ø–2j‚pTq¤äuó@*‡sàåUöô”)®õì*\×`z*Jәž,Þ/Vè©IRΈ°=cxr0+µ;“8ÃagV\¸2°¼c`L=vÆÀØúUîH ãÚ_^Œ>+§’Ø4Âôw’ô‹$6±s& K2’d@ô¾›0P’9ão’ŒŒÎwƀõ—2“ddƒ’Lë3òswã ÂñjzŒµr†î:61ø‹‡—Nê›æÉÍ¡(S\iûú»·óï‡Dт/÷¶î©»·%îT¡Æb©°ÒãI¼Y~º^Âç¦~,óÞÕù©Âëâv8ÌÒð6¦›fqµ?/‘_‚? [4Rendstream +endobj +893 0 obj +699 +endobj +894 0 obj<>endobj +895 0 obj<>endobj +896 0 obj<>endobj +897 0 obj<>endobj +898 0 obj<>endobj +899 0 obj<>endobj +900 0 obj<>endobj +901 0 obj<>endobj +902 0 obj<>endobj +903 0 obj<>endobj +904 0 obj<>endobj +905 0 obj<>endobj +906 0 obj<>endobj +907 0 obj<>endobj +908 0 obj<>endobj +909 0 obj<>endobj +910 0 obj<>endobj +911 0 obj<>endobj +912 0 obj<>endobj +913 0 obj<>endobj +914 0 obj<>endobj +915 0 obj<>endobj +916 0 obj<>endobj +917 0 obj<>endobj +918 0 obj<>endobj +919 0 obj<>endobj +920 0 obj<>endobj +921 0 obj<>endobj +922 0 obj<>endobj +923 0 obj<>endobj +924 0 obj<>endobj +925 0 obj<>endobj +926 0 obj<>endobj +927 0 obj<>endobj +928 0 obj<>endobj +929 0 obj<>endobj +930 0 obj<>endobj +931 0 obj<>endobj +932 0 obj<>endobj +933 0 obj<>endobj +934 0 obj<>endobj +935 0 obj<>endobj +936 0 obj<>endobj +937 0 obj<>endobj +938 0 obj<>endobj +939 0 obj<>endobj +940 0 obj<>endobj +941 0 obj<>endobj +942 0 obj<>endobj +943 0 obj<>endobj +944 0 obj<>endobj +945 0 obj<>endobj +946 0 obj<>endobj +947 0 obj<>endobj +948 0 obj<>endobj +949 0 obj<>endobj +950 0 obj<>endobj +951 0 obj<>endobj +952 0 obj<>endobj +953 0 obj<>endobj +954 0 obj<>endobj +955 0 obj<>endobj +956 0 obj<>endobj +957 0 obj<>endobj +958 0 obj<>endobj +959 0 obj<>endobj +960 0 obj<>endobj +961 0 obj<>endobj +962 0 obj<>endobj +963 0 obj<>endobj +964 0 obj<>endobj +965 0 obj<>endobj +966 0 obj<>endobj +967 0 obj<>endobj +968 0 obj<>endobj +969 0 obj<>endobj +970 0 obj<>endobj +971 0 obj<>endobj +972 0 obj<>endobj +973 0 obj<>endobj +974 0 obj<>endobj +975 0 obj<>endobj +976 0 obj<>endobj +977 0 obj<>endobj +978 0 obj<>endobj +979 0 obj<>endobj +980 0 obj<>endobj +981 0 obj<>endobj +982 0 obj<>endobj +983 0 obj<>endobj +984 0 obj<>endobj +985 0 obj<>endobj +986 0 obj<>endobj +987 0 obj<>endobj +988 0 obj<>endobj +989 0 obj<>endobj +990 0 obj<>endobj +991 0 obj<>endobj +992 0 obj<>endobj +993 0 obj<>endobj +994 0 obj<>endobj +995 0 obj<>endobj +996 0 obj<>endobj +997 0 obj<>endobj +998 0 obj<>endobj +999 0 obj<>endobj +1000 0 obj<>endobj +1001 0 obj<>endobj +1002 0 obj<>endobj +1003 0 obj<>endobj +1004 0 obj<>endobj +1005 0 obj<>endobj +1006 0 obj<>endobj +1007 0 obj<>endobj +1008 0 obj<>endobj +1009 0 obj<>endobj +1010 0 obj<>endobj +1011 0 obj<>endobj +1012 0 obj<>endobj +1013 0 obj<>endobj +1014 0 obj<>endobj +1015 0 obj<>endobj +1016 0 obj<>endobj +1017 0 obj<>endobj +1018 0 obj<>endobj +1019 0 obj<>endobj +1020 0 obj<>endobj +1021 0 obj<>endobj +1022 0 obj<>endobj +1023 0 obj<>endobj +1024 0 obj<>endobj +1025 0 obj<>endobj +1026 0 obj<>endobj +1027 0 obj<>endobj +1028 0 obj<>endobj +1029 0 obj<>endobj +1030 0 obj<>endobj +1031 0 obj<>endobj +1032 0 obj<>endobj +1033 0 obj<>endobj +1034 0 obj<>endobj +1035 0 obj<>endobj +1036 0 obj<>1<>5<>]>>>>endobj +xref +0 1037 +0000000000 65535 f +0000000015 00000 n +0000000244 00000 n +0000001810 00000 n +0000001884 00000 n +0000001963 00000 n +0000002045 00000 n +0000002131 00000 n +0000002209 00000 n +0000002286 00000 n +0000002365 00000 n +0000002442 00000 n +0000002524 00000 n +0000002583 00000 n +0000002635 00000 n +0000002720 00000 n +0000002773 00000 n +0000002857 00000 n +0000002923 00000 n +0000003007 00000 n +0000003045 00000 n +0000003097 00000 n +0000003182 00000 n +0000003206 00000 n +0000003252 00000 n +0000003337 00000 n +0000003382 00000 n +0000003466 00000 n +0000003511 00000 n +0000003595 00000 n +0000003633 00000 n +0000003676 00000 n +0000003761 00000 n +0000003804 00000 n +0000003888 00000 n +0000003919 00000 n +0000003973 00000 n +0000004057 00000 n +0000004081 00000 n +0000004132 00000 n +0000004217 00000 n +0000004265 00000 n +0000004350 00000 n +0000004381 00000 n +0000004499 00000 n +0000004583 00000 n +0000004624 00000 n +0000004709 00000 n +0000004750 00000 n +0000004835 00000 n +0000004873 00000 n +0000004917 00000 n +0000005002 00000 n +0000005026 00000 n +0000005070 00000 n +0000005154 00000 n +0000005196 00000 n +0000005281 00000 n +0000005330 00000 n +0000005415 00000 n +0000005464 00000 n +0000005547 00000 n +0000005594 00000 n +0000005679 00000 n +0000005725 00000 n +0000005809 00000 n +0000005868 00000 n +0000005930 00000 n +0000006015 00000 n +0000006072 00000 n +0000006157 00000 n +0000006250 00000 n +0000006334 00000 n +0000006372 00000 n +0000006477 00000 n +0000006518 00000 n +0000006602 00000 n +0000006648 00000 n +0000006733 00000 n +0000006772 00000 n +0000006857 00000 n +0000006899 00000 n +0000006984 00000 n +0000007026 00000 n +0000007111 00000 n +0000007170 00000 n +0000007214 00000 n +0000007299 00000 n +0000007323 00000 n +0000007370 00000 n +0000007455 00000 n +0000007507 00000 n +0000007592 00000 n +0000007641 00000 n +0000007726 00000 n +0000007775 00000 n +0000007859 00000 n +0000007904 00000 n +0000007956 00000 n +0000008041 00000 n +0000008089 00000 n +0000008175 00000 n +0000008224 00000 n +0000008310 00000 n +0000008374 00000 n +0000008461 00000 n +0000008510 00000 n +0000008574 00000 n +0000008661 00000 n +0000008687 00000 n +0000008735 00000 n +0000008822 00000 n +0000008869 00000 n +0000008956 00000 n +0000008997 00000 n +0000009083 00000 n +0000009125 00000 n +0000009167 00000 n +0000009254 00000 n +0000009303 00000 n +0000009390 00000 n +0000009437 00000 n +0000009524 00000 n +0000009566 00000 n +0000009619 00000 n +0000009706 00000 n +0000009750 00000 n +0000009837 00000 n +0000009894 00000 n +0000009981 00000 n +0000010077 00000 n +0000010163 00000 n +0000010213 00000 n +0000010260 00000 n +0000010347 00000 n +0000010394 00000 n +0000010481 00000 n +0000010530 00000 n +0000010617 00000 n +0000010664 00000 n +0000010751 00000 n +0000010801 00000 n +0000010848 00000 n +0000010935 00000 n +0000010982 00000 n +0000011067 00000 n +0000011111 00000 n +0000011197 00000 n +0000011239 00000 n +0000011325 00000 n +0000011365 00000 n +0000011451 00000 n +0000011499 00000 n +0000011585 00000 n +0000011630 00000 n +0000011716 00000 n +0000011760 00000 n +0000011846 00000 n +0000011897 00000 n +0000011983 00000 n +0000012032 00000 n +0000012118 00000 n +0000012163 00000 n +0000012249 00000 n +0000012291 00000 n +0000012377 00000 n +0000012420 00000 n +0000012506 00000 n +0000012548 00000 n +0000012634 00000 n +0000012678 00000 n +0000012764 00000 n +0000012801 00000 n +0000012887 00000 n +0000012928 00000 n +0000013014 00000 n +0000013056 00000 n +0000013142 00000 n +0000013179 00000 n +0000013265 00000 n +0000013306 00000 n +0000013392 00000 n +0000013435 00000 n +0000013521 00000 n +0000013567 00000 n +0000013653 00000 n +0000013847 00000 n +0000013894 00000 n +0000013981 00000 n +0000014030 00000 n +0000014117 00000 n +0000014166 00000 n +0000014252 00000 n +0000014294 00000 n +0000014342 00000 n +0000014428 00000 n +0000014474 00000 n +0000014561 00000 n +0000014595 00000 n +0000014710 00000 n +0000014797 00000 n +0000014823 00000 n +0000014905 00000 n +0000014992 00000 n +0000015077 00000 n +0000015164 00000 n +0000015219 00000 n +0000015306 00000 n +0000015362 00000 n +0000015449 00000 n +0000015499 00000 n +0000015547 00000 n +0000015634 00000 n +0000015708 00000 n +0000015795 00000 n +0000015863 00000 n +0000015950 00000 n +0000016004 00000 n +0000016091 00000 n +0000016159 00000 n +0000016246 00000 n +0000016320 00000 n +0000016407 00000 n +0000016455 00000 n +0000016542 00000 n +0000016599 00000 n +0000016686 00000 n +0000016768 00000 n +0000016823 00000 n +0000016910 00000 n +0000016991 00000 n +0000017078 00000 n +0000017112 00000 n +0000017164 00000 n +0000017251 00000 n +0000017277 00000 n +0000017333 00000 n +0000017420 00000 n +0000017489 00000 n +0000017576 00000 n +0000017627 00000 n +0000017714 00000 n +0000017801 00000 n +0000017888 00000 n +0000017944 00000 n +0000018031 00000 n +0000018080 00000 n +0000018167 00000 n +0000018233 00000 n +0000018285 00000 n +0000018372 00000 n +0000018427 00000 n +0000018514 00000 n +0000018561 00000 n +0000018648 00000 n +0000018695 00000 n +0000018782 00000 n +0000018832 00000 n +0000018872 00000 n +0000018959 00000 n +0000019002 00000 n +0000019089 00000 n +0000019133 00000 n +0000019220 00000 n +0000019263 00000 n +0000019350 00000 n +0000019393 00000 n +0000019480 00000 n +0000019521 00000 n +0000019608 00000 n +0000019655 00000 n +0000019742 00000 n +0000019816 00000 n +0000019863 00000 n +0000019949 00000 n +0000019975 00000 n +0000020027 00000 n +0000020113 00000 n +0000020139 00000 n +0000020193 00000 n +0000020280 00000 n +0000020306 00000 n +0000020368 00000 n +0000020455 00000 n +0000020481 00000 n +0000020530 00000 n +0000020617 00000 n +0000020643 00000 n +0000020690 00000 n +0000020777 00000 n +0000020826 00000 n +0000020913 00000 n +0000020956 00000 n +0000021043 00000 n +0000021086 00000 n +0000021172 00000 n +0000021221 00000 n +0000021306 00000 n +0000021355 00000 n +0000021440 00000 n +0000021506 00000 n +0000021554 00000 n +0000021641 00000 n +0000021687 00000 n +0000021774 00000 n +0000021808 00000 n +0000021887 00000 n +0000021974 00000 n +0000022056 00000 n +0000022142 00000 n +0000022217 00000 n +0000022304 00000 n +0000022377 00000 n +0000022464 00000 n +0000022514 00000 n +0000022592 00000 n +0000022679 00000 n +0000022705 00000 n +0000022768 00000 n +0000022855 00000 n +0000022918 00000 n +0000023005 00000 n +0000023059 00000 n +0000023146 00000 n +0000023188 00000 n +0000023229 00000 n +0000023316 00000 n +0000023342 00000 n +0000023447 00000 n +0000023553 00000 n +0000023659 00000 n +0000023765 00000 n +0000023871 00000 n +0000023977 00000 n +0000024083 00000 n +0000024189 00000 n +0000024295 00000 n +0000024401 00000 n +0000024507 00000 n +0000024613 00000 n +0000024719 00000 n +0000024825 00000 n +0000024931 00000 n +0000025037 00000 n +0000025143 00000 n +0000025249 00000 n +0000025355 00000 n +0000025461 00000 n +0000025566 00000 n +0000025672 00000 n +0000025778 00000 n +0000025884 00000 n +0000025990 00000 n +0000026096 00000 n +0000026202 00000 n +0000026308 00000 n +0000026414 00000 n +0000026520 00000 n +0000026626 00000 n +0000026732 00000 n +0000026838 00000 n +0000026944 00000 n +0000027050 00000 n +0000027156 00000 n +0000027262 00000 n +0000027368 00000 n +0000027474 00000 n +0000027579 00000 n +0000027685 00000 n +0000027791 00000 n +0000027897 00000 n +0000028000 00000 n +0000028104 00000 n +0000028482 00000 n +0000028588 00000 n +0000028693 00000 n +0000028799 00000 n +0000028905 00000 n +0000029011 00000 n +0000029117 00000 n +0000029223 00000 n +0000029329 00000 n +0000029435 00000 n +0000029541 00000 n +0000029647 00000 n +0000029752 00000 n +0000029858 00000 n +0000029964 00000 n +0000030070 00000 n +0000030176 00000 n +0000030282 00000 n +0000030388 00000 n +0000030494 00000 n +0000030600 00000 n +0000030706 00000 n +0000030812 00000 n +0000030918 00000 n +0000031024 00000 n +0000031130 00000 n +0000031235 00000 n +0000031341 00000 n +0000031447 00000 n +0000031553 00000 n +0000031658 00000 n +0000031764 00000 n +0000031870 00000 n +0000031976 00000 n +0000032082 00000 n +0000032188 00000 n +0000032294 00000 n +0000032400 00000 n +0000032506 00000 n +0000032612 00000 n +0000032718 00000 n +0000032824 00000 n +0000032929 00000 n +0000033033 00000 n +0000033137 00000 n +0000033507 00000 n +0000033612 00000 n +0000033718 00000 n +0000033824 00000 n +0000033930 00000 n +0000034036 00000 n +0000034142 00000 n +0000034248 00000 n +0000034354 00000 n +0000034460 00000 n +0000034565 00000 n +0000034671 00000 n +0000034777 00000 n +0000034883 00000 n +0000034989 00000 n +0000035095 00000 n +0000035201 00000 n +0000035307 00000 n +0000035413 00000 n +0000035519 00000 n +0000035625 00000 n +0000035731 00000 n +0000035837 00000 n +0000035942 00000 n +0000036048 00000 n +0000036154 00000 n +0000036260 00000 n +0000036366 00000 n +0000036472 00000 n +0000036578 00000 n +0000036684 00000 n +0000036790 00000 n +0000036896 00000 n +0000037002 00000 n +0000037108 00000 n +0000037214 00000 n +0000037320 00000 n +0000037426 00000 n +0000037532 00000 n +0000037638 00000 n +0000037743 00000 n +0000037849 00000 n +0000037955 00000 n +0000038060 00000 n +0000038164 00000 n +0000038268 00000 n +0000038646 00000 n +0000038751 00000 n +0000038857 00000 n +0000038963 00000 n +0000039069 00000 n +0000039175 00000 n +0000039279 00000 n +0000039345 00000 n +0000039379 00000 n +0000039413 00000 n +0000042026 00000 n +0000042075 00000 n +0000042124 00000 n +0000042173 00000 n +0000042222 00000 n +0000042271 00000 n +0000042320 00000 n +0000042369 00000 n +0000042418 00000 n +0000042467 00000 n +0000042516 00000 n +0000042565 00000 n +0000042614 00000 n +0000042663 00000 n +0000042712 00000 n +0000042761 00000 n +0000042810 00000 n +0000042859 00000 n +0000042908 00000 n +0000042957 00000 n +0000043006 00000 n +0000043055 00000 n +0000043104 00000 n +0000043153 00000 n +0000043202 00000 n +0000043251 00000 n +0000043300 00000 n +0000043349 00000 n +0000043398 00000 n +0000043447 00000 n +0000043496 00000 n +0000043545 00000 n +0000043594 00000 n +0000043643 00000 n +0000043692 00000 n +0000043741 00000 n +0000043790 00000 n +0000043839 00000 n +0000043888 00000 n +0000043937 00000 n +0000043986 00000 n +0000044035 00000 n +0000044084 00000 n +0000044133 00000 n +0000044182 00000 n +0000044231 00000 n +0000044280 00000 n +0000044329 00000 n +0000044378 00000 n +0000044427 00000 n +0000044476 00000 n +0000044525 00000 n +0000044574 00000 n +0000044623 00000 n +0000044672 00000 n +0000044721 00000 n +0000044770 00000 n +0000044819 00000 n +0000044868 00000 n +0000044917 00000 n +0000044966 00000 n +0000045015 00000 n +0000045064 00000 n +0000045113 00000 n +0000045162 00000 n +0000045211 00000 n +0000045260 00000 n +0000045309 00000 n +0000045358 00000 n +0000045407 00000 n +0000045456 00000 n +0000045505 00000 n +0000045554 00000 n +0000045603 00000 n +0000045652 00000 n +0000045701 00000 n +0000045750 00000 n +0000045799 00000 n +0000045848 00000 n +0000045897 00000 n +0000045946 00000 n +0000045995 00000 n +0000046044 00000 n +0000046093 00000 n +0000046142 00000 n +0000046191 00000 n +0000046240 00000 n +0000046289 00000 n +0000046338 00000 n +0000046387 00000 n +0000046436 00000 n +0000046485 00000 n +0000046534 00000 n +0000046583 00000 n +0000046632 00000 n +0000046681 00000 n +0000046730 00000 n +0000046779 00000 n +0000046828 00000 n +0000046877 00000 n +0000046926 00000 n +0000046975 00000 n +0000047024 00000 n +0000047073 00000 n +0000047122 00000 n +0000047171 00000 n +0000047220 00000 n +0000047269 00000 n +0000047318 00000 n +0000047367 00000 n +0000047416 00000 n +0000047465 00000 n +0000047514 00000 n +0000047563 00000 n +0000047612 00000 n +0000047661 00000 n +0000047710 00000 n +0000047759 00000 n +0000047808 00000 n +0000047857 00000 n +0000047906 00000 n +0000047955 00000 n +0000048004 00000 n +0000048053 00000 n +0000048102 00000 n +0000048151 00000 n +0000048200 00000 n +0000048249 00000 n +0000048298 00000 n +0000048347 00000 n +0000048396 00000 n +0000048445 00000 n +0000048494 00000 n +0000048543 00000 n +0000048592 00000 n +0000048641 00000 n +0000048690 00000 n +0000048739 00000 n +0000048788 00000 n +0000048837 00000 n +0000048886 00000 n +0000048935 00000 n +0000048984 00000 n +0000049033 00000 n +0000049082 00000 n +0000049131 00000 n +0000049180 00000 n +0000049229 00000 n +0000049278 00000 n +0000049327 00000 n +0000049376 00000 n +0000049425 00000 n +0000049474 00000 n +0000049523 00000 n +0000049572 00000 n +0000049621 00000 n +0000049670 00000 n +0000049719 00000 n +0000049768 00000 n +0000049817 00000 n +0000049866 00000 n +0000049915 00000 n +0000050672 00000 n +0000050828 00000 n +0000051551 00000 n +0000051572 00000 n +0000051746 00000 n +0000052908 00000 n +0000052930 00000 n +0000053081 00000 n +0000054587 00000 n +0000054609 00000 n +0000054769 00000 n +0000056205 00000 n +0000056227 00000 n +0000056405 00000 n +0000057665 00000 n +0000057687 00000 n +0000057829 00000 n +0000059413 00000 n +0000059435 00000 n +0000059568 00000 n +0000061403 00000 n +0000061425 00000 n +0000061558 00000 n +0000062081 00000 n +0000062102 00000 n +0000062263 00000 n +0000063547 00000 n +0000063569 00000 n +0000063730 00000 n +0000065485 00000 n +0000065507 00000 n +0000065667 00000 n +0000067312 00000 n +0000067334 00000 n +0000067476 00000 n +0000069546 00000 n +0000069568 00000 n +0000069710 00000 n +0000071522 00000 n +0000071544 00000 n +0000071686 00000 n +0000073411 00000 n +0000073433 00000 n +0000073584 00000 n +0000075348 00000 n +0000075370 00000 n +0000075545 00000 n +0000077652 00000 n +0000077674 00000 n +0000077834 00000 n +0000079430 00000 n +0000079452 00000 n +0000079627 00000 n +0000081122 00000 n +0000081144 00000 n +0000081296 00000 n +0000082103 00000 n +0000082124 00000 n +0000082275 00000 n +0000083913 00000 n +0000083935 00000 n +0000084100 00000 n +0000085872 00000 n +0000085894 00000 n +0000086059 00000 n +0000086952 00000 n +0000086973 00000 n +0000087147 00000 n +0000088752 00000 n +0000088774 00000 n +0000088917 00000 n +0000089675 00000 n +0000089696 00000 n +0000089879 00000 n +0000091747 00000 n +0000091769 00000 n +0000091938 00000 n +0000093792 00000 n +0000093814 00000 n +0000093974 00000 n +0000095658 00000 n +0000095680 00000 n +0000095853 00000 n +0000097582 00000 n +0000097604 00000 n +0000097755 00000 n +0000098679 00000 n +0000098700 00000 n +0000098884 00000 n +0000100709 00000 n +0000100731 00000 n +0000100905 00000 n +0000103078 00000 n +0000103100 00000 n +0000103293 00000 n +0000105220 00000 n +0000105242 00000 n +0000105426 00000 n +0000107336 00000 n +0000107358 00000 n +0000107534 00000 n +0000109335 00000 n +0000109357 00000 n +0000109527 00000 n +0000111125 00000 n +0000111147 00000 n +0000111332 00000 n +0000112808 00000 n +0000112830 00000 n +0000113023 00000 n +0000114594 00000 n +0000114616 00000 n +0000114791 00000 n +0000116571 00000 n +0000116593 00000 n +0000116749 00000 n +0000118310 00000 n +0000118332 00000 n +0000118517 00000 n +0000120369 00000 n +0000120391 00000 n +0000120557 00000 n +0000122204 00000 n +0000122226 00000 n +0000122411 00000 n +0000124360 00000 n +0000124382 00000 n +0000124566 00000 n +0000126293 00000 n +0000126315 00000 n +0000126485 00000 n +0000128090 00000 n +0000128112 00000 n +0000128281 00000 n +0000130154 00000 n +0000130176 00000 n +0000130361 00000 n +0000132225 00000 n +0000132247 00000 n +0000132423 00000 n +0000134513 00000 n +0000134535 00000 n +0000134710 00000 n +0000136650 00000 n +0000136672 00000 n +0000136848 00000 n +0000139164 00000 n +0000139186 00000 n +0000139338 00000 n +0000141318 00000 n +0000141340 00000 n +0000141500 00000 n +0000143367 00000 n +0000143389 00000 n +0000143540 00000 n +0000145292 00000 n +0000145314 00000 n +0000145446 00000 n +0000147320 00000 n +0000147342 00000 n +0000147484 00000 n +0000149555 00000 n +0000149577 00000 n +0000149728 00000 n +0000151522 00000 n +0000151544 00000 n +0000151676 00000 n +0000153469 00000 n +0000153491 00000 n +0000153614 00000 n +0000154068 00000 n +0000154089 00000 n +0000154246 00000 n +0000155880 00000 n +0000155902 00000 n +0000156054 00000 n +0000157714 00000 n +0000157736 00000 n +0000157878 00000 n +0000158761 00000 n +0000158782 00000 n +0000158967 00000 n +0000161124 00000 n +0000161146 00000 n +0000161322 00000 n +0000163507 00000 n +0000163529 00000 n +0000163680 00000 n +0000164781 00000 n +0000164803 00000 n +0000164979 00000 n +0000166479 00000 n +0000166501 00000 n +0000166686 00000 n +0000168538 00000 n +0000168560 00000 n +0000168745 00000 n +0000170652 00000 n +0000170674 00000 n +0000170831 00000 n +0000171762 00000 n +0000171783 00000 n +0000171935 00000 n +0000173676 00000 n +0000173698 00000 n +0000173840 00000 n +0000175602 00000 n +0000175624 00000 n +0000175775 00000 n +0000177666 00000 n +0000177688 00000 n +0000177845 00000 n +0000179698 00000 n +0000179720 00000 n +0000179914 00000 n +0000181974 00000 n +0000181996 00000 n +0000182171 00000 n +0000183763 00000 n +0000183785 00000 n +0000183969 00000 n +0000185308 00000 n +0000185330 00000 n +0000185490 00000 n +0000186733 00000 n +0000186755 00000 n +0000186906 00000 n +0000188362 00000 n +0000188384 00000 n +0000188545 00000 n +0000190193 00000 n +0000190215 00000 n +0000190348 00000 n +0000190818 00000 n +0000190839 00000 n +0000191006 00000 n +0000192674 00000 n +0000192696 00000 n +0000192853 00000 n +0000194041 00000 n +0000194063 00000 n +0000194220 00000 n +0000195772 00000 n +0000195794 00000 n +0000195978 00000 n +0000196783 00000 n +0000196804 00000 n +0000196961 00000 n +0000202384 00000 n +0000202406 00000 n +0000202563 00000 n +0000207857 00000 n +0000207879 00000 n +0000208036 00000 n +0000213253 00000 n +0000213275 00000 n +0000213432 00000 n +0000214202 00000 n +0000214223 00000 n +0000214280 00000 n +0000214385 00000 n +0000214563 00000 n +0000214682 00000 n +0000214817 00000 n +0000214953 00000 n +0000215101 00000 n +0000215251 00000 n +0000215391 00000 n +0000215532 00000 n +0000215685 00000 n +0000215847 00000 n +0000215996 00000 n +0000216184 00000 n +0000216317 00000 n +0000216445 00000 n +0000216563 00000 n +0000216699 00000 n +0000216841 00000 n +0000216957 00000 n +0000217083 00000 n +0000217199 00000 n +0000217390 00000 n +0000217489 00000 n +0000217637 00000 n +0000217755 00000 n +0000217879 00000 n +0000218001 00000 n +0000218127 00000 n +0000218285 00000 n +0000218415 00000 n +0000218539 00000 n +0000218657 00000 n +0000218775 00000 n +0000218894 00000 n +0000219084 00000 n +0000219270 00000 n +0000219423 00000 n +0000219586 00000 n +0000219737 00000 n +0000219841 00000 n +0000220058 00000 n +0000220164 00000 n +0000220296 00000 n +0000220418 00000 n +0000220623 00000 n +0000220728 00000 n +0000220828 00000 n +0000221032 00000 n +0000221193 00000 n +0000221341 00000 n +0000221469 00000 n +0000221612 00000 n +0000221736 00000 n +0000221865 00000 n +0000222010 00000 n +0000222175 00000 n +0000222327 00000 n +0000222507 00000 n +0000222612 00000 n +0000222731 00000 n +0000222856 00000 n +0000223001 00000 n +0000223143 00000 n +0000223293 00000 n +0000223424 00000 n +0000223550 00000 n +0000223675 00000 n +0000223815 00000 n +0000223942 00000 n +0000224073 00000 n +0000224204 00000 n +0000224382 00000 n +0000224510 00000 n +0000224646 00000 n +0000224781 00000 n +0000224987 00000 n +0000225100 00000 n +0000225216 00000 n +0000225361 00000 n +0000225532 00000 n +0000225681 00000 n +0000225836 00000 n +0000225976 00000 n +0000226108 00000 n +0000226242 00000 n +0000226374 00000 n +0000226512 00000 n +0000226662 00000 n +0000226830 00000 n +0000226977 00000 n +0000227201 00000 n +0000227314 00000 n +0000227430 00000 n +0000227586 00000 n +0000227744 00000 n +0000227875 00000 n +0000228021 00000 n +0000228155 00000 n +0000228288 00000 n +0000228509 00000 n +0000228610 00000 n +0000228729 00000 n +0000228858 00000 n +0000229017 00000 n +0000229152 00000 n +0000229285 00000 n +0000229414 00000 n +0000229554 00000 n +0000229689 00000 n +0000229841 00000 n +0000229990 00000 n +0000230095 00000 n +0000230305 00000 n +0000230410 00000 n +0000230533 00000 n +0000230665 00000 n +0000230789 00000 n +0000230917 00000 n +0000231062 00000 n +0000231194 00000 n +0000231339 00000 n +0000231480 00000 n +0000231607 00000 n +0000231748 00000 n +0000231873 00000 n +0000231998 00000 n +0000232129 00000 n +0000232251 00000 n +0000232358 00000 n +0000232528 00000 n +0000232629 00000 n +0000232818 00000 n +0000233012 00000 n +0000233199 00000 n +0000233361 00000 n +0000233553 00000 n +0000233662 00000 n +0000233796 00000 n +0000233926 00000 n +0000234039 00000 n +0000234134 00000 n +trailer +<<59d643d3d56fb4ff0981d084417582f1>]>> +startxref +234349 +%%EOF diff --git a/docs/THANKS b/docs/THANKS index 6405da3f9f4..789042f78e1 100644 --- a/docs/THANKS +++ b/docs/THANKS @@ -20,9 +20,11 @@ please contact Andrew.Tridgell@anu.edu.au, or via normal mail at Lee Fisher (leefi@microsoft.com) Charles Fox (cfox@microsoft.com) Dan Perry (danp@exchnge.microsoft.com) +Paul Leach (paulle@microsoft.com) +Isaac Heizer (isaache@microsoft.com) These Microsoft people have been very helpful and supportive of - the development of Samba. + the development of Samba over some years. Lee very kindly supplied me with a copy of the X/Open SMB specs. These have been invaluable in getting the details of the @@ -43,6 +45,11 @@ Dan Perry (danp@exchnge.microsoft.com) NT browsing spec, which will help a lot in the development of the Samba browser code. + Paul was responsible for Microsoft paying my flight to Seattle for the + first CIFS conference (see http://samba.org/cifs) and has been + generally helpful and cooperative as the SMB community moves towards + an Internet-ready specification. Isaac has regularly provided help on + the behaviour of NT networks. Bruce Perens (bruce@pixar.com) @@ -93,7 +100,7 @@ Steve Kennedy (steve@gbnet.net) John Terpstra (jht@aquasoft.com.au) - Aquasoft are a speciaist consulting company whose Samba using + Aquasoft are a specialist consulting company whose Samba-using customers span the world. Aquasoft have been avid supporters of the Samba project. As a @@ -117,3 +124,14 @@ Steve Withers (swithers@vnet.IBM.COM) OS/2 Warp installed. I hope this will allow me to finally fix up those annoying OS/2 related Samba bugs that I have been receiving reports of. + +Keith Wilkins (wilki1k@nectech.co.uk) + + Keith from NEC in England very generously supplied a PC to + Luke Leighton to help with his nmbd development work. At the + same time Keith offered to help me with some new hardware, and + he sent me a pentium motherboard with 32MB of ram + onboard. This was very helpful as it allowed me to upgrade + my aging server to be a very powerful system. Thanks! + + diff --git a/docs/announce b/docs/announce index f761320f43e..f5716556ba0 100644 --- a/docs/announce +++ b/docs/announce @@ -1,24 +1,35 @@ - Announcing Samba version 1.9 + Announcing Samba version 2.2 ============================ What is Samba? -------------- -Samba is a Unix based SMB file server. This allows a Unix host to -act as a file and print server for SMB clients. This includes -Lan-Manager compatible clients such as LanManager for DOS, Windows for -Workgroups, Windows NT, Windows 95, OS/2, Pathworks and many more. +Samba is a SMB file server that runs on Unix and other operating +systems. It allows these operating systems (currently Unix, Netware, +OS/2 and AmigaDOS) to act as a file and print server for SMB and CIFS +clients. There are many Lan-Manager compatible clients such as +LanManager for DOS, Windows for Workgroups, Windows NT, Windows 95, +Linux smbfs, OS/2, Pathworks and more. + +The package also includes a SMB client for accessing other SMB servers, +and an advanced netbios/WINS nameserver for browsing support. -The package also includes a Unix SMB client and a netbios nameserver. What can it do for me? ---------------------- If you have any PCs running SMB clients, such as a PC running Windows -for Workgroups, then you can mount file space or printers from a unix -host, so that directories, files and printers on the unix host are +for Workgroups, then you can mount file space or printers on a Samba +host, so that directories, files and printers on the host are available on the PC. +If you have any SMB servers such as Windows NT Server, Warp Server or +Pathworks you may be able to replace them by or supplement them with +Samba. One of Samba's big strengths is integration, so you can use it +to tie together your Unix (or VMS etc) hosts and PC clients. If you +are tired of the insecurity, expense and instability of PCNFS then Samba +may be for you. + The client part of the package will also allow you to attach to other SMB-based servers (such as windows NT and windows for workgroups) so that you can copy files to and from your unix host. The client also @@ -26,29 +37,36 @@ allows you to access a SMB printer (such as one attached to an OS/2 or WfWg server) from Unix, using an entry in /etc/printcap, or by explicitly specifying the command used to print files. -What are it's features? + +What are its features? ------------------------ Samba supports many features that are not supported in other SMB -implementations (all of which are commercial). Some of it's features -include host as well as username/password security, a unix client, -automatic home directory exporting, automatic printer exporting, dead -connection timeouts, umask support, guest connections, name mangling -and hidden and system attribute mapping. Look at the man pages -included with the package for a full list of features. - -What's new since 1.8? +implementations (all of which are commercial). These include host as +well as username/password security, a client, automatic home directory +exporting, automatic printer exporting, dead connection timeouts, +umask support, guest connections, name mangling and hidden and system +attribute mapping. Look at the FAQs included with the package for +a full list of features. + + +What's new since 2.0? --------------------- Lots of stuff. See the change log and man pages for details. +In particular, please check the WHATSNEW.txt file in the root directory +of each release. This file has current change/update information. + Where can I get a client for my PC? ----------------------------------- There is a free client for MS-DOS based PCs available from ftp.microsoft.com in the directory bussys/Clients/MSCLIENT/. Please -read the licencing information before downloading. The built in -Windows for Workgroups client is also very good. +read the licencing information before downloading. The add-on 32-bit +TCP/IP Windows for Workgroups client is also very good. Windows 95/98/ME, +Windows NT/2000 and OS/2 come with suitable clients by default. + What network protocols are supported? ------------------------------------- @@ -59,6 +77,7 @@ about ports to other protocols but nothing is yet available. There is a free TCP/IP implementation for Windows for Workgroups available from ftp.microsoft.com (it's small, fast and quite reliable). + How much does it cost? ---------------------- @@ -66,7 +85,8 @@ Samba software is free software. It is available under the GNU Public licence in source code form at no cost. Please read the file COPYING that comes with the package for more information. -What flavours of unix does it support? + +What operating systems does it support? --------------------------------------- The code has been written to be as portable as possible. It has been @@ -76,10 +96,13 @@ unixes: Linux, SunOS, Solaris, SVR4, Ultrix, OSF1, AIX, BSDI, NetBSD, Sequent, HP-UX, SGI, FreeBSD, NeXT, ISC, A/UX, SCO, Intergraph, -Domain/OS and DGUX. +Silicon Graphics Inc., Domain/OS and DGUX. Some of these have received more testing than others. If it doesn't -work with your unix then it should be easy to fix. +work with your unix then it should be easy to fix. It has also been ported +to Netware, OS/2 and the Amiga. A VMS port is available too. See the web site +for more details. + Who wrote it? ------------- @@ -90,11 +113,13 @@ large parts of the package were contributed by several people from all over the world. Please look at the file `change-log' for information on who did what bits. + Where can I get it? ------------------- -The package is available via anonymous ftp from nimbus.anu.edu.au in -the directory pub/tridge/samba/. +The package is available via anonymous ftp from samba.org in +the directory pub/samba/. + What about SMBServer? --------------------- @@ -107,23 +132,19 @@ early incarnation of Samba was distributed as nbserver. If you see any copies of nbserver or smbserver on ftp sites please let me or the ftp archive maintainer know, as I want to get them deleted. + Where can I get more info? --------------------------- Please join the mailing list if you want to discuss the development or -use of Samba. To join the mailing list send mail to -listproc@listproc.anu.edu.au with a body of "subscribe samba Your -Name". - -There is also an announcement mailing list for new version -announcements. Subscribe as above but with "subscribe samba-announce -Your Name". +use of Samba. To join the mailing list, please read the instructions +at http://lists.samba.org/ There is also often quite a bit of discussion about Samba on the newsgroup comp.protocols.smb. A WWW site with lots of Samba info can be found at -http://lake.canberra.edu.au/pub/samba/ +http://samba.org/samba/ -Andrew Tridgell (Contact: samba-bugs@anu.edu.au) -January 1995 +The Samba Team (Contact: samba@samba.org) +March 2001 diff --git a/docs/docbook/.cvsignore b/docs/docbook/.cvsignore new file mode 100644 index 00000000000..04290fcd2eb --- /dev/null +++ b/docs/docbook/.cvsignore @@ -0,0 +1,4 @@ +Makefile +config.cache +config.log +config.status diff --git a/docs/docbook/Makefile.in b/docs/docbook/Makefile.in new file mode 100644 index 00000000000..0a21b73f6f6 --- /dev/null +++ b/docs/docbook/Makefile.in @@ -0,0 +1,397 @@ +################################################################# +# Makefile.in for Samba Documentation +# Authors: James Moore +# Gerald Carter +# +# Please see http://www.samba.org/samba/cvs.html +# for information on getting the latest +# source and documentation source files. +# + +# Autoconf Variables +SRCDIR = @srcdir@ +JADE = @JADE@ +NSGMLS = @NSGMLS@ +SGMLSPL=@SGMLSPL@ +HTMLDOC=@HTMLDOC@ +PERL=@PERL@ +#CATALOG = @CATALOG@ +MANDIR=../manpages +HTMLDIR=../htmldocs + +#Stylesheets and Dependicies +SGML_SHARE=@SGML_SHARE@ +#SGML_CATALOG_FILES=$(SGML_CATALOG_FILES):./dbsgml/catalog +HTML_STYLESHEET = $(srcdir)/stylesheets/html.dsl +HTML_DEPS = $(srcdir)/stylesheets/html-common.dsl $(srcdir)/stylesheets/common.dsl + +MANPAGES=$(MANDIR)/findsmb.1 $(MANDIR)/smbclient.1 \ + $(MANDIR)/smbspool.8 $(MANDIR)/lmhosts.5 \ + $(MANDIR)/smbcontrol.1 $(MANDIR)/smbstatus.1 \ + $(MANDIR)/make_smbcodepage.1 $(MANDIR)/smbd.8 \ + $(MANDIR)/smbtar.1 $(MANDIR)/nmbd.8 $(MANDIR)/smbmnt.8 \ + $(MANDIR)/smbumount.8 $(MANDIR)/nmblookup.1 \ + $(MANDIR)/smbmount.8 $(MANDIR)/swat.8 $(MANDIR)/rpcclient.1 \ + $(MANDIR)/smbpasswd.5 $(MANDIR)/testparm.1 $(MANDIR)/samba.7 \ + $(MANDIR)/smbpasswd.8 $(MANDIR)/testprns.1 \ + $(MANDIR)/smb.conf.5 $(MANDIR)/wbinfo.1 $(MANDIR)/pdbedit.8 \ + $(MANDIR)/smbcacls.1 $(MANDIR)/smbsh.1 $(MANDIR)/winbindd.8 \ + $(MANDIR)/make_unicodemap.1 $(MANDIR)/net.8 \ + $(MANDIR)/smbgroupedit.8 + +SGMLMANSRC=manpages/findsmb.1.sgml manpages/smbclient.1.sgml \ + manpages/smbspool.8.sgml manpages/lmhosts.5.sgml \ + manpages/smbcontrol.1.sgml manpages/smbstatus.1.sgml \ + manpages/make_smbcodepage.1.sgml manpages/smbd.8.sgml \ + manpages/smbtar.1.sgml manpages/nmbd.8.sgml manpages/smbmnt.8.sgml \ + manpages/smbumount.8.sgml manpages/nmblookup.1.sgml \ + manpages/smbmount.8.sgml manpages/swat.8.sgml \ + manpages/rpcclient.1.sgml manpages/smbpasswd.5.sgml \ + manpages/testparm.1.sgml manpages/samba.7.sgml \ + manpages/smbpasswd.8.sgml manpages/testprns.1.sgml \ + manpages/smb.conf.5.sgml manpages/pdbedit.8.sgml \ + manpages/wbinfo.1.sgml manpages/smbcacls.1.sgml \ + manpages/smbsh.1.sgml manpages/winbindd.8.sgml \ + manpages/make_unicodemap.1.sgml manpages/smbgroupedit.8.sgml \ + manpages/net.8.sgml + +HOWTOSRC=projdoc/DOMAIN_MEMBER.sgml projdoc/NT_Security.sgml \ + projdoc/msdfs_setup.sgml projdoc/printer_driver2.sgml \ + projdoc/UNIX_INSTALL.sgml projdoc/winbind.sgml projdoc/OS2-Client-HOWTO.sgml \ + projdoc/Samba-PDC-HOWTO.sgml projdoc/ENCRYPTION.sgml \ + projdoc/CVS-Access.sgml projdoc/Integrating-with-Windows.sgml \ + projdoc/PAM-Authentication-And-Samba.sgml projdoc/Samba-LDAP-HOWTO.sgml \ + projdoc/Samba-BDC-HOWTO.sgml + + + +###################################################################### +# Make instructions +###################################################################### +all: + @echo "Possible options to the Makefile include:" + @echo " all-docs - Force a rebuild of all documentation" + @echo " HOWTO - Build all individual HOWTOs in html format" + @echo " proj-doc - Build the Samba-HOWTO-Collection.[pdf|html] file" + @echo " man - Rebuild html and nroff versions of man pages as necessary" + @echo " syntax - Check the SGML/DocBook syntax of all source files" + +all-docs: HOWTO proj-doc man-all man-html-all + +syntax: $(SGMLMANSRC) projdoc/samba-doc.sgml + @echo Checking syntax of all SGML/DocBook source files... + @(for i in $?; do \ + echo "$$i..."; \ + $(NSGMLS) -sv $$i 2>&1 | grep -v "DTDDECL catalog entries are not supported" ; \ + done) + + + +man: $(MANPAGES) + +HOWTO: $(HOWTOSRC) + @echo Building HOWTO pages... + @(for i in $?; do \ + htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \ + echo "Making $$htmlfile"; \ + cat $$i | $(PERL) scripts/make-article.pl > /tmp/`echo $$i | sed 's,.*/,,'`; \ + $(JADE) -t sgml -V nochunks -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl \ + -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'` > ../htmldocs/$$htmlfile; \ + cat /tmp/jade.log | grep -v DTDDECL; \ + /bin/rm -f /tmp/jade.log /tmp/`echo $$i | sed 's,.*/,,'`; \ + done) + + +## I'm using htmldoc here to produc the PDF output. If you want +## Postscript output, you can run +## +## sgmltools -b ps projdoc/samba-doc.sgml +## +proj-doc: + echo Building Samba-HOWTO-Collections... + @$(PERL) scripts/collateindex.pl -N -o projdoc/index.sgml + @$(JADE) -t sgml -V html-index -d $(SGML_SHARE)/dsssl/docbook/html/docbook.dsl projdoc/samba-doc.sgml + @$(PERL) scripts/collateindex.pl -o projdoc/index.sgml HTML.index + @/bin/rm HTML.index *.htm + @$(JADE) -t sgml -i html -V nochunks -d stylesheets/ldp.dsl\#html projdoc/samba-doc.sgml > samba-doc.html + @(cd scripts; ./ldp_print ../samba-doc.html) + @mv -f samba-doc.pdf ../Samba-HOWTO-Collection.pdf + @/bin/mv -f samba-doc.html ../htmldocs/Samba-HOWTO-Collection.html + + +## generate all HTML man pages +man-html-all: $(SGMLMANSRC) + @echo Building HTML formatted man pages... + @(for i in $?; do \ + htmlfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml/\.html/g"`; \ + echo "Making $$htmlfile"; \ + $(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html -f /tmp/jade.log $$i > ../htmldocs/$$htmlfile; \ + cat /tmp/jade.log | grep -v DTDDECL; \ + /bin/rm -f /tmp/jade.log; \ + done) + +## generate all man pages +man-all: $(SGMLMANSRC) + @echo Building man pages... + @(for i in $?; do \ + manfile=`echo $$i | sed 's,.*/,,' | sed "s/\.sgml//g"`; \ + echo "Making $$manfile"; \ + $(NSGMLS) -f /tmp/docbook2x.log $$i | $(SGMLSPL) \ + $(SGML_SHARE)/docbook2X/docbook2man-spec.pl; \ + cat /tmp/docbook2x.log | grep -v DTDDECL; \ + /bin/rm -f /tmp/docbook2x.log; \ + cat $$manfile | $(PERL) scripts/strip-links.pl > $(MANDIR)/$$manfile; \ + /bin/rm -f $$manfile; \ + done) + + + + +## +## these rules are for building individual files +## +$(MANDIR)/findsmb.1: manpages/findsmb.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbclient.1: manpages/smbclient.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbspool.8: manpages/smbspool.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/lmhosts.5: manpages/lmhosts.5.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbcontrol.1: manpages/smbcontrol.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbstatus.1: manpages/smbstatus.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/make_smbcodepage.1: manpages/make_smbcodepage.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/make_unicodemap.1: manpages/make_unicodemap.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbd.8: manpages/smbd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbtar.1: manpages/smbtar.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/nmbd.8: manpages/nmbd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbmnt.8: manpages/smbmnt.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbumount.8: manpages/smbumount.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/nmblookup.1: manpages/nmblookup.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbmount.8: manpages/smbmount.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/swat.8: manpages/swat.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/rpcclient.1: manpages/rpcclient.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbpasswd.5: manpages/smbpasswd.5.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/testparm.1: manpages/testparm.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/samba.7: manpages/samba.7.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbpasswd.8: manpages/smbpasswd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/testprns.1: manpages/testprns.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smb.conf.5: manpages/smb.conf.5.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/wbinfo.1: manpages/wbinfo.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbcacls.1: manpages/smbcacls.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbsh.1 : manpages/smbsh.1.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/winbindd.8: manpages/winbindd.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + + +$(MANDIR)/pdbedit.8: manpages/pdbedit.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/net.8: manpages/net.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + +$(MANDIR)/smbgroupedit.8: manpages/smbgroupedit.8.sgml + @echo "Making $@" + @$(NSGMLS) $< | $(SGMLSPL) $(SGML_SHARE)/docbook2X/docbook2man-spec.pl + @cat `echo $@ | sed 's,.*/,,'` | $(PERL) scripts/strip-links.pl > $@ + @/bin/rm -f `echo $@ | sed 's,.*/,,'` + @echo "Making HTML version of $@" + @$(JADE) -t sgml -i html -V nochunks -d ./stylesheets/ldp.dsl\#html $< > $(HTMLDIR)/`echo $< | sed 's,.*/,,'| sed "s/\.sgml/\.html/g"` + + +## Clean Rule +clean: + /bin/rm -f manpage.* diff --git a/docs/docbook/configure b/docs/docbook/configure new file mode 100755 index 00000000000..26ea4674823 --- /dev/null +++ b/docs/docbook/configure @@ -0,0 +1,1067 @@ +#! /bin/sh + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.13 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_help="$ac_help + --with-sgml-share=DIR change the default location of SGML stylesheets" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=global.ent + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +ac_exeext= +ac_objext=o +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + + +## check for the necesary install tools +## Openjade includes 'onsgmls' while +## the older jade package includes 'nsgmls' +# Extract the first word of "openjade", so it can be a program name with args. +set dummy openjade; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:534: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$JADE" in + /*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_JADE="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +JADE="$ac_cv_path_JADE" +if test -n "$JADE"; then + echo "$ac_t""$JADE" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + +if test -z "$JADE"; then + # Extract the first word of "jade", so it can be a program name with args. +set dummy jade; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:571: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_JADE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$JADE" in + /*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_JADE="$JADE" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_JADE="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +JADE="$ac_cv_path_JADE" +if test -n "$JADE"; then + echo "$ac_t""$JADE" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + # Extract the first word of "nsgmls", so it can be a program name with args. +set dummy nsgmls; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:606: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$NSGMLS" in + /*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_NSGMLS="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +NSGMLS="$ac_cv_path_NSGMLS" +if test -n "$NSGMLS"; then + echo "$ac_t""$NSGMLS" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +else + # Extract the first word of "onsgmls", so it can be a program name with args. +set dummy onsgmls; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:642: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_NSGMLS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$NSGMLS" in + /*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_NSGMLS="$NSGMLS" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_NSGMLS="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +NSGMLS="$ac_cv_path_NSGMLS" +if test -n "$NSGMLS"; then + echo "$ac_t""$NSGMLS" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +fi + +# Extract the first word of "htmldoc", so it can be a program name with args. +set dummy htmldoc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:679: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_HTMLDOC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$HTMLDOC" in + /*) + ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_HTMLDOC="$HTMLDOC" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_HTMLDOC="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +HTMLDOC="$ac_cv_path_HTMLDOC" +if test -n "$HTMLDOC"; then + echo "$ac_t""$HTMLDOC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Extract the first word of "sgmlspl", so it can be a program name with args. +set dummy sgmlspl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:714: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_SGMLSPL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$SGMLSPL" in + /*) + ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_SGMLSPL="$SGMLSPL" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_SGMLSPL="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +SGMLSPL="$ac_cv_path_SGMLSPL" +if test -n "$SGMLSPL"; then + echo "$ac_t""$SGMLSPL" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +# Extract the first word of "perl", so it can be a program name with args. +set dummy perl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:749: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_path_PERL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + case "$PERL" in + /*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a path. + ;; + ?:/*) + ac_cv_path_PERL="$PERL" # Let the user override the test with a dos path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_path_PERL="$ac_dir/$ac_word" + break + fi + done + IFS="$ac_save_ifs" + ;; +esac +fi +PERL="$ac_cv_path_PERL" +if test -n "$PERL"; then + echo "$ac_t""$PERL" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + +SGML_SHARE="/usr/local/share/sgml" + +# Check whether --with-sgml-share or --without-sgml-share was given. +if test "${with_sgml_share+set}" = set; then + withval="$with_sgml_share" + case "$withval" in + no) SGML_SHARE="" + ;; + yes) + ;; + /*|\\*) + SGML_SHARE="$withval" + ;; + *) + SGML_SHARE="/$withval" + ;; +esac + +fi + +# The Makefile requires docbook2X in the share/sgml directory +if ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ; then + { echo "configure: error: "Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct."" 1>&2; exit 1; } +fi + + +DOC_BUILD_DATE=`date '+%d-%m-%Y'` + + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +# Transform confdefs.h into DEFS. +# Protect against shell expansion while executing Makefile rules. +# Protect against Makefile macro expansion. +cat > conftest.defs <<\EOF +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%-D\1=\2%g +s%[ `~#$^&*(){}\\|;'"<>?]%\\&%g +s%\[%\\&%g +s%\]%\\&%g +s%\$%$$%g +EOF +DEFS=`sed -f conftest.defs confdefs.h | tr '\012' ' '` +rm -f conftest.defs + + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS </dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir + +trap 'rm -fr `echo "Makefile stylesheets/ldp.dsl " | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@SHELL@%$SHELL%g +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@JADE@%$JADE%g +s%@NSGMLS@%$NSGMLS%g +s%@HTMLDOC@%$HTMLDOC%g +s%@SGMLSPL@%$SGMLSPL%g +s%@PERL@%$PERL%g +s%@SGML_SHARE@%$SGML_SHARE%g +s%@DOC_BUILD_DATE@%$DOC_BUILD_DATE%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + diff --git a/docs/docbook/configure.in b/docs/docbook/configure.in new file mode 100644 index 00000000000..ad0613f2be8 --- /dev/null +++ b/docs/docbook/configure.in @@ -0,0 +1,49 @@ +AC_INIT(global.ent) + +## check for the necesary install tools +## Openjade includes 'onsgmls' while +## the older jade package includes 'nsgmls' +AC_PATH_PROG(JADE,openjade) + +if test -z "$JADE"; then + AC_PATH_PROG(JADE,jade) + AC_PATH_PROG(NSGMLS, nsgmls) +else + AC_PATH_PROG(NSGMLS, onsgmls) +fi + +AC_PATH_PROG(HTMLDOC, htmldoc) +AC_PATH_PROG(SGMLSPL, sgmlspl) +AC_PATH_PROG(PERL, perl) + +dnl ---------------------------------------------------------------- +dnl --with-sgml-share +SGML_SHARE="/usr/local/share/sgml" + +AC_ARG_WITH(sgml-share, +[ --with-sgml-share=DIR change the default location of SGML stylesheets], +[case "$withval" in + no) SGML_SHARE="" + ;; + yes) + ;; + /*|\\*) + SGML_SHARE="$withval" + ;; + *) + SGML_SHARE="/$withval" + ;; +esac +])dnl + +# The Makefile requires docbook2X in the share/sgml directory +if [ ! test -f $SGML_SHARE/docbook2X/docbook2man-spec.pl ]; then + AC_MSG_ERROR("Unable to find dockbook2X. Make sure it is installed and that the sgml-share path is correct.") +fi + +AC_SUBST(SGML_SHARE)dnl + +DOC_BUILD_DATE=`date '+%d-%m-%Y'` +AC_SUBST(DOC_BUILD_DATE) + +AC_OUTPUT( Makefile stylesheets/ldp.dsl ) diff --git a/docs/docbook/dbsgml/40chg.txt b/docs/docbook/dbsgml/40chg.txt new file mode 100644 index 00000000000..2d2467d9ebc --- /dev/null +++ b/docs/docbook/dbsgml/40chg.txt @@ -0,0 +1,45 @@ +19 June 2000 + +Changes from DocBook V3.1 to DocBook V4.1: + +Markup: + +- RFE 17: Added a common attribute 'Condition' for generic effectivity +- RFE 38: The nav.class elements (ToC|LoT|Index|Glossary|Bibliography) are + now allowed at the beginning and end of components and sections +- RFE 58: The 'optmult' and 'reqmult' attribute values have been + removed from Group +- RFE 65: Added several class attribute values to Filename and SystemItem + at the request of the Linux community +- RFE 73: Removed BookBiblio and SeriesInfo +- RFE 81: Added SidebarInfo to Sidebar +- RFE 87: Added 'xmlpi' and 'emptytag' as class values of SGMLTag +- RFE 92: Added 'CO' to Synopsis and LiteralLayout +- RFE 99: Added SimpleMsgEntry as an alternative to MsgEntry in order + to provide a simpler MsgSet construct +- RFE 103: Added RevDescription as an alternative to RevRemark in + RevHistory; this allows longer descriptive text in a revision +- RFE 104: Added 'Specification' to the list of document classes on Article +- RFE 108: Allow admonitions in Answers +- RFE 110: Allow a RevHistory on QandAEntry +- RFE 115: Allow optional Title on OrderedList and ItemizedList +- RFE 116: Added LineNumbering attribute to linespecific environments for + presentation of line numbers +- Added a common attribute 'Security' for effectivity +- Added synopsis markup for modern programming languages (e.g, object + oriented languages like Java, C++, and IDL) +- Renamed DocInfo to PrefaceInfo, ChapterInfo, AppendixInfo, etc. +- Comment was renamed Remark +- InterfaceDefinition was removed + +Other: + +- RFE 88: Added PEs to include/ignore dbnotn.mod and dbcent.mod +- RFE 102: Fixed some outstanding namecase problems +- RFE 105: Added PNG notation +- RFE 106: Removed some odd *.content PEs that interfered with + customization layers +- RFE 109: Added FPI to content of dbgenent.mod (for consistency) +- RFE 111: Added the Euro symbol +- Fixed bug in cals-tbl.dtd; a model group was used for the element + declaration, but the attlist declaration used "Table" literally. diff --git a/docs/docbook/dbsgml/41chg.txt b/docs/docbook/dbsgml/41chg.txt new file mode 100644 index 00000000000..d2a91478878 --- /dev/null +++ b/docs/docbook/dbsgml/41chg.txt @@ -0,0 +1,7 @@ +19 June 2000 + +Changes from DocBook V4.0 to DocBook V4.1: + +No user-visible changes; removed some 4.0 future use comments that had +accidentally been left in the DTD and fixed a couple of incorrect FPIs. +See 40chg.txt for a list of the significant changes. diff --git a/docs/docbook/dbsgml/50issues.txt b/docs/docbook/dbsgml/50issues.txt new file mode 100644 index 00000000000..31497420f0d --- /dev/null +++ b/docs/docbook/dbsgml/50issues.txt @@ -0,0 +1,39 @@ +19 June 2000 + +Backwards-incompatible changes to DocBook that are planned for V5.0: + +- DocBook V5.0 will be an XML DTD. This will require a wide range of + changes. As a result, DocBook V5.0 will more closely resemble + The XML version of DocBook V4.1 than the SGML version. + +- Parameter entity reorganization may greatly reduce many + content models. The goal of this effort is to remove a large + number of spurious elements that snuck into content models + during the first PE reorg, in practice these changes should have + very little "real world" impact. + +- The Coords attribute will be removed from AreaSet. + +- ArtHeader will be dropped from BiblioEntry + +- Contents attribute will be removed from BookInfo and SetInfo + +- The %indexdivcomponent.mix; will be restricted. Numbered figures + and other elements inappropriate for an Index or SetIndex will be + removed. + +- RevHistory will be removed from GlossTerm + +- Constant Class will be removed from SystemItem + +- Graphic and InlineGraphic will be removed + +- Tables will be restricted from full CALS to the OASIS Exchange model + +- An experimental XML Schema version of DocBook 5.0 will be + produced in parallel with the DTD version. It will be + backwards-incompatible in an unspecified number of ways. The + goal of the effort will be that most DocBook documents that + validate under the DTD will also validate under the Schema, + but the committee does not feel bound to guarantee this + condition. diff --git a/docs/docbook/dbsgml/ChangeLog b/docs/docbook/dbsgml/ChangeLog new file mode 100644 index 00000000000..c4673db15a9 --- /dev/null +++ b/docs/docbook/dbsgml/ChangeLog @@ -0,0 +1,85 @@ +2000-06-19 Norman Walsh + + * 40chg.txt: Added notes about comment and interfacedefinition + + * 41chg.txt: New file. + + * 50issues.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, readme.txt: + Updated version numbers to 4.1 + + * dbhier.mod, dbpool.mod: Removed 4.0 future use comments + + * docbook.cat: Fixed version number in comment + + * docbook.dtd: DocBook V4.1 released. + +2000-05-18 Norman Walsh + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Removed references to beta6 + + * docbook.dtd: DocBook V4.0 released. + +2000-04-10 Norman Walsh + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated release date and version to 4.0beta6 + + * dbpool.mod: Added support for EBNF hook; fixed equation content bug + +2000-04-03 Norman Walsh + + * 40chg.txt: Added note about renaming DocInfo to *Info. + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated version numbers + +2000-03-24 Norman Walsh + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated version numbers + + * 50issues.txt: Added note about PE reorg + + * dbefsyn.mod: Removed + + * dbpool.mod: Removed ELEMENT from comments to ease text searching of the DTD. + Merged dbefsyn.mod into dbpool.mod + Added Modifier as an optional element at the end of MethodSynopsis + and MethodParam. + +2000-03-07 Norman Walsh + + * 40chg.txt, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Updated internal versions to beta3 + +2000-03-03 Norman Walsh + + * dbpool.mod: Removed erroneous comment about inline synopses + +2000-03-02 Norman Walsh + + * 30chg.txt, 31chg.txt, 40issues.txt, 50issues.txt, announce.txt, cals-tbl.dtd, dbcent.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Version 3.1 + + * 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: + branches: 1.1.1; + Initial revision + + * 30chg.txt, 40issues.txt, announce.txt, cals-tbl.dtd, dbgenent.mod, dbhier.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd: + New file. + + * 31chg.txt, 40chg.txt, 40issues.txt, 50issues.txt, cals-tbl.dtd, dbcent.mod, dbefsyn.mod, dbgenent.mod, dbhier.mod, dbnotn.mod, dbpool.mod, docbook.cat, docbook.dcl, docbook.dtd, readme.txt: + Version 4.0beta2 + + * 50issues.txt: Added warning about exchange table model + + * dbefsyn.mod, dbpool.mod: Added ooclass, oointerface, and ooexception as wrappers for modifiers + and names in classsynopsis. Also allow them inline. + + Fixed SGML PE parsing problem with hook PEs. + + * dbhier.mod, dbpool.mod: Added hook PEs for future module extension + + * dbpool.mod, docbook.dtd: Removed reference to sgml-features PE + diff --git a/docs/docbook/dbsgml/cals-tbl.dtd b/docs/docbook/dbsgml/cals-tbl.dtd new file mode 100644 index 00000000000..78c7d5a3ae1 --- /dev/null +++ b/docs/docbook/dbsgml/cals-tbl.dtd @@ -0,0 +1,330 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/catalog b/docs/docbook/dbsgml/catalog new file mode 100644 index 00000000000..521e8201c8c --- /dev/null +++ b/docs/docbook/dbsgml/catalog @@ -0,0 +1,63 @@ + -- ...................................................................... -- + -- Catalog data for DocBook V4.1 ........................................ -- + -- File docbook.cat ..................................................... -- + + -- Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/. + -- + + -- This is the catalog data file for DocBook V4.1. It is provided as + a convenience in building your own catalog files. You need not use + the filenames listed here, and need not use the filename method of + identifying storage objects at all. See the documentation for + detailed information on the files associated with the DocBook DTD. + See SGML Open Technical Resolution 9401 for detailed information + on supplying and using catalog data. + -- + + -- ...................................................................... -- + -- SGML declaration associated with DocBook ............................. -- + +DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl" + + -- ...................................................................... -- + -- DocBook driver file .................................................. -- + +PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd" + + -- ...................................................................... -- + -- DocBook modules ...................................................... -- + +PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd" +PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod" +PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod" + + -- ...................................................................... -- + -- ISO entity sets ...................................................... -- + +PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ent/ISOdia" +PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ent/ISOnum" +PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ent/ISOpub" +PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ent/ISOtech" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ent/ISOlat1" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ent/ISOlat2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ent/ISOgrk1" +PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ent/ISOgrk2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ent/ISOgrk3" +PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ent/ISOgrk4" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ent/ISOamsa" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ent/ISOamsb" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ent/ISOamsc" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ent/ISOamsn" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ent/ISOamso" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ent/ISOamsr" +PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ent/ISObox" +PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ent/ISOcyr1" +PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ent/ISOcyr2" + + -- End of catalog data for DocBook V4.1 ................................. -- + -- ...................................................................... -- diff --git a/docs/docbook/dbsgml/dbcent.mod b/docs/docbook/dbsgml/dbcent.mod new file mode 100755 index 00000000000..7f052110197 --- /dev/null +++ b/docs/docbook/dbsgml/dbcent.mod @@ -0,0 +1,181 @@ + + + + + + + + + + + + + + +%ISOamsa; +]]> + + + +%ISOamsb; +]]> + + + +%ISOamsc; +]]> + + + +%ISOamsn; +]]> + + + +%ISOamso; +]]> + + + +%ISOamsr; +]]> + + + +%ISObox; +]]> + + + +%ISOcyr1; +]]> + + + +%ISOcyr2; +]]> + + + +%ISOdia; +]]> + + + +%ISOgrk1; +]]> + + + +%ISOgrk2; +]]> + + + +%ISOgrk3; +]]> + + + +%ISOgrk4; +]]> + + + +%ISOlat1; +]]> + + + +%ISOlat2; +]]> + + + +%ISOnum; +]]> + + + +%ISOpub; +]]> + + + +%ISOtech; +]]> diff --git a/docs/docbook/dbsgml/dbgenent.mod b/docs/docbook/dbsgml/dbgenent.mod new file mode 100644 index 00000000000..b60c5b27140 --- /dev/null +++ b/docs/docbook/dbsgml/dbgenent.mod @@ -0,0 +1,39 @@ + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/dbhier.mod b/docs/docbook/dbsgml/dbhier.mod new file mode 100755 index 00000000000..10e1f3f33f7 --- /dev/null +++ b/docs/docbook/dbsgml/dbhier.mod @@ -0,0 +1,2100 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +]]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +]]> + + + + + + + + + + + + + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + + +]]> +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + diff --git a/docs/docbook/dbsgml/dbnotn.mod b/docs/docbook/dbsgml/dbnotn.mod new file mode 100755 index 00000000000..b980630bbaf --- /dev/null +++ b/docs/docbook/dbsgml/dbnotn.mod @@ -0,0 +1,97 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/dbpool.mod b/docs/docbook/dbsgml/dbpool.mod new file mode 100755 index 00000000000..3867d070e80 --- /dev/null +++ b/docs/docbook/dbsgml/dbpool.mod @@ -0,0 +1,7396 @@ + + + + + + + + + + + + + + + + +]]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +]]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +]]> + + + + + + + + + + + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + + +]]> +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + +]]> + + + +]]> + + +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + + +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +%calstbls; +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + + +]]> + + + +]]> + + +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + + + +]]> + + + +]]> + ]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + + + +]]> + + + +]]> + ]]> + + +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + ]]> + + + + +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + + + +]]> + + + +]]> + ]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> + +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> + ]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + ]]> + + +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> + ]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + +]]> + + + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> + + + + + + + + + + +]]> + + + +]]> +]]> + + + + + + + +]]> + + + + +]]> +]]> +]]> + + + + + + + +]]> + + + +]]> +]]> +]]> + + + diff --git a/docs/docbook/dbsgml/docbook.cat b/docs/docbook/dbsgml/docbook.cat new file mode 100644 index 00000000000..0f285d0d751 --- /dev/null +++ b/docs/docbook/dbsgml/docbook.cat @@ -0,0 +1,63 @@ + -- ...................................................................... -- + -- Catalog data for DocBook V4.1 ........................................ -- + -- File docbook.cat ..................................................... -- + + -- Please direct all questions, bug reports, or suggestions for + changes to the docbook@lists.oasis-open.org mailing list. For more + information, see http://www.oasis-open.org/. + -- + + -- This is the catalog data file for DocBook V4.1. It is provided as + a convenience in building your own catalog files. You need not use + the filenames listed here, and need not use the filename method of + identifying storage objects at all. See the documentation for + detailed information on the files associated with the DocBook DTD. + See SGML Open Technical Resolution 9401 for detailed information + on supplying and using catalog data. + -- + + -- ...................................................................... -- + -- SGML declaration associated with DocBook ............................. -- + +DTDDECL "-//OASIS//DTD DocBook V4.1//EN" "docbook.dcl" + + -- ...................................................................... -- + -- DocBook driver file .................................................. -- + +PUBLIC "-//OASIS//DTD DocBook V4.1//EN" "docbook.dtd" + + -- ...................................................................... -- + -- DocBook modules ...................................................... -- + +PUBLIC "-//USA-DOD//DTD Table Model 951010//EN" "cals-tbl.dtd" +PUBLIC "-//OASIS//ELEMENTS DocBook Information Pool V4.1//EN" "dbpool.mod" +PUBLIC "-//OASIS//ELEMENTS DocBook Document Hierarchy V4.1//EN" "dbhier.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Additional General Entities V4.1//EN" "dbgenent.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Notations V4.1//EN" "dbnotn.mod" +PUBLIC "-//OASIS//ENTITIES DocBook Character Entities V4.1//EN" "dbcent.mod" + + -- ...................................................................... -- + -- ISO entity sets ...................................................... -- + +PUBLIC "ISO 8879:1986//ENTITIES Diacritical Marks//EN" "ISOdia" +PUBLIC "ISO 8879:1986//ENTITIES Numeric and Special Graphic//EN" "ISOnum" +PUBLIC "ISO 8879:1986//ENTITIES Publishing//EN" "ISOpub" +PUBLIC "ISO 8879:1986//ENTITIES General Technical//EN" "ISOtech" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 1//EN" "ISOlat1" +PUBLIC "ISO 8879:1986//ENTITIES Added Latin 2//EN" "ISOlat2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Letters//EN" "ISOgrk1" +PUBLIC "ISO 8879:1986//ENTITIES Monotoniko Greek//EN" "ISOgrk2" +PUBLIC "ISO 8879:1986//ENTITIES Greek Symbols//EN" "ISOgrk3" +PUBLIC "ISO 8879:1986//ENTITIES Alternative Greek Symbols//EN" "ISOgrk4" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Arrow Relations//EN" "ISOamsa" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Binary Operators//EN" "ISOamsb" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Delimiters//EN" "ISOamsc" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Negated Relations//EN" "ISOamsn" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Ordinary//EN" "ISOamso" +PUBLIC "ISO 8879:1986//ENTITIES Added Math Symbols: Relations//EN" "ISOamsr" +PUBLIC "ISO 8879:1986//ENTITIES Box and Line Drawing//EN" "ISObox" +PUBLIC "ISO 8879:1986//ENTITIES Russian Cyrillic//EN" "ISOcyr1" +PUBLIC "ISO 8879:1986//ENTITIES Non-Russian Cyrillic//EN" "ISOcyr2" + + -- End of catalog data for DocBook V4.1 ................................. -- + -- ...................................................................... -- diff --git a/docs/docbook/dbsgml/docbook.dcl b/docs/docbook/dbsgml/docbook.dcl new file mode 100644 index 00000000000..c76de206cf4 --- /dev/null +++ b/docs/docbook/dbsgml/docbook.dcl @@ -0,0 +1,106 @@ + diff --git a/docs/docbook/dbsgml/docbook.dtd b/docs/docbook/dbsgml/docbook.dtd new file mode 100755 index 00000000000..4d784cc43fd --- /dev/null +++ b/docs/docbook/dbsgml/docbook.dtd @@ -0,0 +1,117 @@ + + + + + + + + + + + + + + + +%dbnotn; +]]> + + + + + + + +%dbcent; +]]> + + + + + + + + +%dbpool; +]]> + + + + +]]> + + + + + +%dbhier; +]]> + + + + + + +%dbgenent; +]]> + + + diff --git a/docs/docbook/dbsgml/ent/ISOamsa b/docs/docbook/dbsgml/ent/ISOamsa new file mode 100644 index 00000000000..b77154cb024 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsa @@ -0,0 +1,66 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOamsb b/docs/docbook/dbsgml/ent/ISOamsb new file mode 100644 index 00000000000..43944a732fb --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsb @@ -0,0 +1,52 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOamsc b/docs/docbook/dbsgml/ent/ISOamsc new file mode 100644 index 00000000000..06222d58cf4 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsc @@ -0,0 +1,20 @@ + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOamsn b/docs/docbook/dbsgml/ent/ISOamsn new file mode 100644 index 00000000000..0c8327a3267 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsn @@ -0,0 +1,70 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOamso b/docs/docbook/dbsgml/ent/ISOamso new file mode 100644 index 00000000000..ad9b329e54d --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamso @@ -0,0 +1,29 @@ + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOamsr b/docs/docbook/dbsgml/ent/ISOamsr new file mode 100644 index 00000000000..3f26c345c04 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOamsr @@ -0,0 +1,94 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISObox b/docs/docbook/dbsgml/ent/ISObox new file mode 100644 index 00000000000..643e926edaa --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISObox @@ -0,0 +1,62 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOcyr1 b/docs/docbook/dbsgml/ent/ISOcyr1 new file mode 100644 index 00000000000..97b961b1f0b --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOcyr1 @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOcyr2 b/docs/docbook/dbsgml/ent/ISOcyr2 new file mode 100644 index 00000000000..480b01c1df4 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOcyr2 @@ -0,0 +1,36 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOdia b/docs/docbook/dbsgml/ent/ISOdia new file mode 100644 index 00000000000..3b6f98d6baa --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOdia @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOgrk1 b/docs/docbook/dbsgml/ent/ISOgrk1 new file mode 100644 index 00000000000..dea16bf8ef9 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk1 @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOgrk2 b/docs/docbook/dbsgml/ent/ISOgrk2 new file mode 100644 index 00000000000..657bb99935e --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk2 @@ -0,0 +1,30 @@ + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOgrk3 b/docs/docbook/dbsgml/ent/ISOgrk3 new file mode 100644 index 00000000000..f76c3a084f3 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk3 @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOgrk4 b/docs/docbook/dbsgml/ent/ISOgrk4 new file mode 100644 index 00000000000..e4427a0cb54 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOgrk4 @@ -0,0 +1,53 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOlat1 b/docs/docbook/dbsgml/ent/ISOlat1 new file mode 100644 index 00000000000..0d7d0a7d937 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOlat1 @@ -0,0 +1,72 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOlat2 b/docs/docbook/dbsgml/ent/ISOlat2 new file mode 100644 index 00000000000..4bcb3378328 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOlat2 @@ -0,0 +1,131 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOnum b/docs/docbook/dbsgml/ent/ISOnum new file mode 100644 index 00000000000..d7b41c33ae3 --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOnum @@ -0,0 +1,91 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOpub b/docs/docbook/dbsgml/ent/ISOpub new file mode 100644 index 00000000000..c184973cfdf --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOpub @@ -0,0 +1,100 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/ent/ISOtech b/docs/docbook/dbsgml/ent/ISOtech new file mode 100644 index 00000000000..cbda344869a --- /dev/null +++ b/docs/docbook/dbsgml/ent/ISOtech @@ -0,0 +1,73 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/dbsgml/readme.txt b/docs/docbook/dbsgml/readme.txt new file mode 100644 index 00000000000..52d3f9f4aaf --- /dev/null +++ b/docs/docbook/dbsgml/readme.txt @@ -0,0 +1,12 @@ +README for DocBook V4.1 + +This is DocBook V4.1, released 19 June 2000. + +See 40chg.txt for information about what has changed since DocBook 3.1. + +For more information about DocBook, please see + + http://www.oasis-open.org/docbook/ + +Please send all questions, comments, concerns, and bug reports to the +DocBook mailing list: docbook@lists.oasis-open.org diff --git a/docs/docbook/docbook.txt b/docs/docbook/docbook.txt new file mode 100644 index 00000000000..388cd5cf9b7 --- /dev/null +++ b/docs/docbook/docbook.txt @@ -0,0 +1,136 @@ +!== +!== docbook.txt for Samba 2.2.0 release +!== +!== Author: David Bannon, D.Bannon@latrobe.edu.au November, 2000 +!== Updates: Gerald (Jerry) Carter, jerry@samba.org, Feb. 2001 + +What are DocBook documents doing in the Samba Distribution ? +----------------------------------------------------------- + +We are planning to convert all of the samba docs to SGML/DocBook V4.1 +in order to make them easier to maintain and produce a nicer looking +product. + +This short note (strange isn't it how it always starts out as a short note +and becomes a long one ?) will explain very briefly how and why we are +doing this. + + +The format +---------- + +If you are new to sgml, regard an sgml file as 'source code'. You don't +read it directly, use it to create other formats (like the txt and html +included in ../txt and ../html). + +Docbook is a particular SGML style, particularly suited to producing +technical manuals. In the two documents I have produced so far I have used +DocBook 4.1, it seems that products like RedHat Linux is still include only +version 3.1, the differences are minor. The Linux Documentation Project is +using a modified version of 3.1 but are really geared up to make multi +paged documents, something we want to avoid for logistic reasons. + +For more information on DocBook tags and format, see "DocBook: The +Definitive Guide" by Walsh and Muellner, (c) O'Reilly Publishing. +This book covers DocBook V3.1 and is available on-line +at http://www.docbook.org/ + +The Output +---------- + +The current Samba CVS tree contains the SGML/DocBook source files as well +as the following autogenerated formats + + * man pages + * HTML + * ASCII text (where appropriate) + + +The Tools +--------- + +[ + addendum: For a good general overview of installing the tools + needed for generating files from SGML/DocBook source, refer + to the DocBook-Install mini HOWTO at + http://www.ibiblio.org/pub/Linux/docs/HOWTO/mini/DocBook-Install + + While the above link is to a Linux HOWTO, the tools can be installed + on almost any UNIX platform. + + David's original notes follow below: +] + +Any sgml document needs to be referred to a suitable style sheet +(describing syntax) and other sheets that tell the translating programmes +how to do the translations. The list of necessary 'included files is a +bit messy but once installed is pretty easy. + +On one of my RedHat 6.2 systems I installed the following: +* sgml-common (as an rpm) +* docbook (as an rpm) +* stylesheets (as an rpm) +* jade (as an rpm) +* Docbook 4.1 from http://docbook.org +* DSSSL 157 from http://nwalsh.com/docbook/dsssl/ + +There are several downloadable descriptions of the DocBook syntax at the +web sites mentioned above. Note that a lot of the docs only talk about +version 3.1 with 4.1 as an add-on. + +In either case you will need to include in the html/docbook.dsl and most +likely a couple of defines to achieve a suitable output. I made a +local dsl file that I called html.dsl that looks like this : + + +]> + + + + + +(define nochunks #t) ;; Dont make multiple pages +(define rootchunk #t) ;; Do make a 'root' page +(define %use-id-as-filename% #t) ;; Use book id as filename +(define %html-ext% ".html") ;; give it a proper html extension + + + + + + +Note the top block that refers to where the dsssl-157 style sheets are +installed, if you don’t put them there make sure you edit the file. + +To use this stylesheet, have it in your working directory along with your +sgml files. Jade does the actual conversion to html, call it like this : + +jade -t sgml -d html.dsl stuff.sgml + +To create the text version run the html through lynx : + +Lynx -dump -nolist stuff.html > stuff.txt + +These instructions are crude by might help someone get going. Please feel +free to contact me if you have any questions or if you can correct any one +of the many mistakes I must have made above. + +David + +========================================================================== + +This directory now contains a ./configure script and Makefile to +support the automated building of man pages (including HTML versions). +The DocBook V4.1 DTD and ISO entity files have also been included in CVS +to make sure we are all working from the same plate. + +The SGML_CATALOG_FILES environment variable should be set as follows +(this assumes you have a working local installation of jade and +Norman's Walsh's DSSSL stylesheets): + + export SGML_CATALOG_FILES=$SGML_CATALOG_FILES:./dbsgml/catalog + + +--jerry diff --git a/docs/docbook/faq/README.NOW b/docs/docbook/faq/README.NOW new file mode 100644 index 00000000000..77f1659a89c --- /dev/null +++ b/docs/docbook/faq/README.NOW @@ -0,0 +1,2 @@ +The files previously in this directory have been incorporated +into the Samba-HOWTO-Collection diff --git a/docs/docbook/global.ent b/docs/docbook/global.ent new file mode 100644 index 00000000000..91286de98be --- /dev/null +++ b/docs/docbook/global.ent @@ -0,0 +1,33 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/docbook/howto/README.NOW b/docs/docbook/howto/README.NOW new file mode 100644 index 00000000000..77f1659a89c --- /dev/null +++ b/docs/docbook/howto/README.NOW @@ -0,0 +1,2 @@ +The files previously in this directory have been incorporated +into the Samba-HOWTO-Collection diff --git a/docs/docbook/manpages/findsmb.1.sgml b/docs/docbook/manpages/findsmb.1.sgml new file mode 100644 index 00000000000..d8f436c4a12 --- /dev/null +++ b/docs/docbook/manpages/findsmb.1.sgml @@ -0,0 +1,131 @@ + + + + + findsmb + 1 + + + + + findsmb + list info about machines that respond to SMB + name queries on a subnet + + + + + findsmb + subnet broadcast address + + + + + DESCRIPTION + + This perl script is part of the + Samba suite. + + findsmb is a perl script that + prints out several pieces of information about machines + on a subnet that respond to SMB name query requests. + It uses + nmblookup(1) and + smbclient(1) to obtain this information. + + + + + OPTIONS + + + + subnet broadcast address + Without this option, findsmb + will probe the subnet of the machine where + findsmb is run. This value is passed + to nmblookup as part of the + -B option + + + + + + EXAMPLES + + The output of findsmb lists the following + information for all machines that respond to the initial + nmblookup for any name: IP address, NetBIOS name, + Workgroup name, operating system, and SMB server version. + + There will be a '+' in front of the workgroup name for + machines that are local master browsers for that workgroup. There + will be an '*' in front of the workgroup name for + machines that are the domain master browser for that workgroup. + Machines that are running Windows, Windows 95 or Windows 98 will + not show any information about the operating system or server + version. + + The command must be run on a system without nmbd running. + If nmbd is running on the system, you will + only get the IP address and the DNS name of the machine. To + get proper responses from Windows 95 and Windows 98 machines, + the command must be run as root. + + For example running findsmb on a machine + without nmbd running would yield output similar + to the following + + +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +192.168.35.10 MINESET-TEST1 [DMVENGR] +192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6] +192.168.35.56 HERBNT2 [HERB-NT] +192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX] +192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10] +192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX] +192.168.35.78 HERBDHCP1 +[HERB] +192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] +192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] +192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] + + + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + nmbd(8), + smbclient(1) + , and + nmblookup(1) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/lmhosts.5.sgml b/docs/docbook/manpages/lmhosts.5.sgml new file mode 100644 index 00000000000..7934c18e8ec --- /dev/null +++ b/docs/docbook/manpages/lmhosts.5.sgml @@ -0,0 +1,114 @@ + + + + + lmhosts + 5 + + + + + lmhosts + The Samba NetBIOS hosts file + + + + lmhosts is the + Samba NetBIOS name to IP address mapping file. + + + + DESCRIPTION + + This file is part of the + Samba suite. + + lmhosts is the Samba + NetBIOS name to IP address mapping file. It + is very similar to the /etc/hosts file + format, except that the hostname component must correspond + to the NetBIOS naming format. + + + + FILE FORMAT + It is an ASCII file containing one line for NetBIOS name. + The two fields on each line are separated from each other by + white space. Any entry beginning with '#' is ignored. Each line + in the lmhosts file contains the following information : + + + IP Address - in dotted decimal format. + + + NetBIOS Name - This name format is a + maximum fifteen character host name, with an optional + trailing '#' character followed by the NetBIOS name type + as two hexadecimal digits. + + If the trailing '#' is omitted then the given IP + address will be returned for all names that match the given + name, whatever the NetBIOS name type in the lookup. + + + + An example follows : + + +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + + + Contains three IP to NetBIOS name mappings. The first + and third will be returned for any queries for the names "TESTPC" + and "SAMBASERVER" respectively, whatever the type component of + the NetBIOS name requested. + + The second mapping will be returned only when the "0x20" name + type for a name "NTSERVER" is queried. Any other name type will not + be resolved. + + The default location of the lmhosts file + is in the same directory as the + smb.conf(5)> file. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbclient(1) + , + smb.conf(5), and + smbpasswd(8) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/make_smbcodepage.1.sgml b/docs/docbook/manpages/make_smbcodepage.1.sgml new file mode 100644 index 00000000000..a36f9b968c1 --- /dev/null +++ b/docs/docbook/manpages/make_smbcodepage.1.sgml @@ -0,0 +1,197 @@ + + + + + make_smbcodepage + 1 + + + + + make_smbcodepage + construct a codepage file for Samba + + + + + make_smbcodepage + c|d + codepage + inputfile + outputfile + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + make_smbcodepage compiles or de-compiles + codepage files for use with the internationalization features + of Samba 2.2 + + + + + + OPTIONS + + + + c|d + This tells make_smbcodepage + if it is compiling (c) a text format code + page file to binary, or (d) de-compiling + a binary codepage file to text. + + + + codepage + This is the codepage we are processing (a + number, e.g. 850). + + + + + inputfile + This is the input file to process. In + the c case this will be a text + codepage definition file such as the ones found in the Samba + source/codepages directory. In + the d case this will be the + binary format codepage definition file normally found in + the lib/codepages directory in the + Samba install directory path. + + + + + outputfile + This is the output file to produce. + + + + + + Samba Codepage Files + + A text Samba codepage definition file is a description + that tells Samba how to map from upper to lower case for + characters greater than ascii 127 in the specified DOS code page. + Note that for certain DOS codepages (437 for example) mapping + from lower to upper case may be non-symmetrical. For example, in + code page 437 lower case a acute maps to a plain upper case A + when going from lower to upper case, but plain upper case A maps + to plain lower case a when lower casing a character. + + A binary Samba codepage definition file is a binary + representation of the same information, including a value that + specifies what codepage this file is describing. + + As Samba does not yet use UNICODE (current for Samba version 2.2) + you must specify the client code page that your DOS and Windows + clients are using if you wish to have case insensitivity done + correctly for your particular language. The default codepage Samba + uses is 850 (Western European). Text codepage definition sample files + are provided in the Samba distribution for codepages 437 (USA), 737 (Greek), + 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic), + 932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional + Chinese). Users are encouraged to write text codepage definition files for + their own code pages and donate them to samba@samba.org. All codepage files + in the Samba source/codepages directory are + compiled and installed when a 'make install' + command is issued there. + + The client codepage used by the smbd server + is configured using the client code page parameter + in the smb.conf file. + + + + + Files + + codepage_def.<codepage> + + These are the input (text) codepage files provided in the + Samba source/codepages directory. + + A text codepage definition file consists of multiple lines + containing four fields. These fields are: + + + lower: which is the + (hex) lower case character mapped on this line. + + + upper: which is the (hex) + upper case character that the lower case character will map to. + + + map upper to lower which + is a boolean value (put either True or False here) which tells + Samba if it is to map the given upper case character to the + given lower case character when lower casing a filename. + + + map lower to upper which + is a boolean value (put either True or False here) which tells + Samba if it is to map the given lower case character to the + given upper case character when upper casing a filename. + + + + + codepage.<codepage> - These are the + output (binary) codepage files produced and placed in the Samba + destination lib/codepage directory. + + + + Installation + + The location of the server and its support files is a + matter for individual system administrators. The following are + thus suggestions only. + + It is recommended that the make_smbcodepage + program be installed under the /usr/local/samba + hierarchy, in a directory readable by all, writeable + only by root. The program itself should be executable by all. The + program should NOT be setuid or setgid! + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbd(8), + smb.conf(5) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/make_unicodemap.1.sgml b/docs/docbook/manpages/make_unicodemap.1.sgml new file mode 100644 index 00000000000..5e7292341b0 --- /dev/null +++ b/docs/docbook/manpages/make_unicodemap.1.sgml @@ -0,0 +1,172 @@ + + + + + make_unicodemap + 1 + + + + + make_unicodemap + construct a unicode map file for Samba + + + + + make_unicodemap + codepage + inputfile + outputfile + + + + + + + DESCRIPTION + + + This tool is part of the Samba + suite. + + + + make_unicodemap compiles text unicode map + files into binary unicode map files for use with the + internationalization features of Samba 2.2. + + + + + + + OPTIONS + + + + codepage + This is the codepage or UNIX character + set we are processing (a number, e.g. 850). + + + + + inputfile + This is the input file to process. This is a + text unicode map file such as the ones found in the Samba + source/codepages directory. + + + + + outputfile + This is the binary output file to produce. + + + + + + + + Samba Unicode Map Files + + + A text Samba unicode map file is a description that tells Samba + how to map characters from a specified DOS code page or UNIX character + set to 16 bit unicode. + + + A binary Samba unicode map file is a binary representation + of the same information, including a value that specifies what + codepage or UNIX character set this file is describing. + + + + + Files + + CP<codepage>.TXT + + + These are the input (text) unicode map files provided + in the Samba source/codepages + directory. + + + + A text unicode map file consists of multiple lines + containing two fields. These fields are : + + + + character - which is + the (hex) character mapped on this line. + + + unicode - which + is the (hex) 16 bit unicode character that the character + will map to. + + + + + unicode_map.<codepage> - These are + the output (binary) unicode map files produced and placed in + the Samba destination lib/codepage + directory. + + + + + + Installation + + + The location of the server and its support files is a matter + for individual system administrators. The following are thus + suggestions only. + + + + It is recommended that the make_unicodemap + program be installed under the + $prefix/samba hierarchy, + in a directory readable by all, writeable only by root. The + program itself should be executable by all. The program + should NOT be setuid or setgid! + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbd(8), + smb.conf(5) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/net.8.sgml b/docs/docbook/manpages/net.8.sgml new file mode 100644 index 00000000000..5b822ccfe67 --- /dev/null +++ b/docs/docbook/manpages/net.8.sgml @@ -0,0 +1,69 @@ + + + + + net + 8 + + + + + net + Tool for administration of Samba and remote + CIFS servers. + + + + + net + <ads|rap|rpc> + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + + + + + OPTIONS + + + + + + + + COMMANDS + + + + + + + + VERSION + + This man page is incomplete for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The current set of manpages and documentation is maintained + by the Samba Team in the same fashion as the Samba source code. + + + + diff --git a/docs/docbook/manpages/nmbd.8.sgml b/docs/docbook/manpages/nmbd.8.sgml new file mode 100644 index 00000000000..46f36834df4 --- /dev/null +++ b/docs/docbook/manpages/nmbd.8.sgml @@ -0,0 +1,356 @@ + + + + + nmbd + 8 + + + + + nmbd + NetBIOS name server to provide NetBIOS + over IP naming services to clients + + + + + nmbd + -D + -a + -i + -o + -P + -h + -V + -d <debug level> + -H <lmhosts file> + -l <log directory> + -n <primary netbios name> + -p <port number> + -s <configuration file> + + + + + DESCRIPTION + This program is part of the Samba suite. + + nmbd is a server that understands + and can reply to NetBIOS over IP name service requests, like + those produced by SMB/CIFS clients such as Windows 95/98/ME, + Windows NT, Windows 2000, and LanManager clients. It also + participates in the browsing protocols which make up the + Windows "Network Neighborhood" view. + + SMB/CIFS clients, when they start up, may wish to + locate an SMB/CIFS server. That is, they wish to know what + IP number a specified host is using. + + Amongst other services, nmbd will + listen for such requests, and if its own NetBIOS name is + specified it will respond with the IP number of the host it + is running on. Its "own NetBIOS name" is by + default the primary DNS name of the host it is running on, + but this can be overridden with the -n + option (see OPTIONS below). Thus nmbd will + reply to broadcast queries for its own name(s). Additional + names for nmbd to respond on can be set + via parameters in the + smb.conf(5) configuration file. + + nmbd can also be used as a WINS + (Windows Internet Name Server) server. What this basically means + is that it will act as a WINS database server, creating a + database from name registration requests that it receives and + replying to queries from clients for these names. + + In addition, nmbd can act as a WINS + proxy, relaying broadcast queries from clients that do + not understand how to talk the WINS protocol to a WIN + server. + + + + OPTIONS + + + + -D + If specified, this parameter causes + nmbd to operate as a daemon. That is, + it detaches itself and runs in the background, fielding + requests on the appropriate port. By default, nmbd + will operate as a daemon if launched from a command shell. + nmbd can also be operated from the inetd + meta-daemon, although this is not recommended. + + + + + -a + If this parameter is specified, each new + connection will append log messages to the log file. + This is the default. + + + + -i + If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. + + + + + -o + If this parameter is specified, the + log files will be overwritten when opened. By default, + smbd will append entries to the log + files. + + + + -h + Prints the help information (usage) + for nmbd. + + + + -H <filename> + NetBIOS lmhosts file. The lmhosts + file is a list of NetBIOS names to IP addresses that + is loaded by the nmbd server and used via the name + resolution mechanism + name resolve order described in smb.conf(5) + to resolve any NetBIOS name queries needed by the server. Note + that the contents of this file are NOT + used by nmbd to answer any name queries. + Adding a line to this file affects name NetBIOS resolution + from this host ONLY. + + The default path to this file is compiled into + Samba as part of the build process. Common defaults + are /usr/local/samba/lib/lmhosts, + /usr/samba/lib/lmhosts or + /etc/lmhosts. See the + lmhosts(5) man page for details on the + contents of this file. + + + + -V + Prints the version number for + nmbd. + + + + -d <debug level> + debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero. + + The higher this value, the more detail will + be logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out. + + Levels above 1 will generate considerable amounts + of log data, and should only be used when investigating + a problem. Levels above 3 are designed for use only by developers + and generate HUGE amounts of log data, most of which is extremely + cryptic. + + Note that specifying this parameter here will override + the log level + parameter in the + smb.conf file. + + + + -l <log directory> + The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running + nmbd server. + + The default log directory is compiled into Samba + as part of the build process. Common defaults are + /usr/local/samba/var/log.nmb, + /usr/samba/var/log.nmb or + /var/log/log.nmb. + + + + + -n <primary NetBIOS name> + This option allows you to override + the NetBIOS name that Samba uses for itself. This is identical + to setting the + NetBIOS name parameter in the + smb.conf file. However, a command + line setting will take precedence over settings in + smb.conf. + + + + + -p <UDP port number> + UDP port number is a positive integer value. + This option changes the default UDP port number (normally 137) + that nmbd responds to name queries on. Don't + use this option unless you are an expert, in which case you + won't need help! + + + + -s <configuration file> + The default configuration file name + is set at build time, typically as + /usr/local/samba/lib/smb.conf, but + this may be changed when Samba is autoconfigured. + + The file specified contains the configuration details + required by the server. See + smb.conf(5) for more information. + + + + + + + FILES + + + + /etc/inetd.conf + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. See the UNIX_INSTALL.html document + for details. + + + + + /etc/rc + or whatever initialization script your + system uses). + + If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. See the UNIX_INSTALL.html document + for details. + + + + /etc/services + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + See the UNIX_INSTALL.html + document for details. + + + + /usr/local/samba/lib/smb.conf + This is the default location of the + smb.conf + server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/smb.conf. + + When run as a WINS server (see the + wins support + parameter in the smb.conf(5) man page), + nmbd + will store the WINS database in the file wins.dat + in the var/locks directory configured under + wherever Samba was configured to install itself. + + If nmbd is acting as a + browse master (see the local master + parameter in the smb.conf(5) man page, + nmbd + will store the browsing database in the file browse.dat + in the var/locks directory + configured under wherever Samba was configured to install itself. + + + + + + + SIGNALS + + To shut down an nmbd process it is recommended + that SIGKILL (-9) NOT be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate nmbd is to send it + a SIGTERM (-15) signal and wait for it to die on its own. + + nmbd will accept SIGHUP, which will cause + it to dump out its namelists into the file namelist.debug + in the /usr/local/samba/var/locks + directory (or the var/locks directory configured + under wherever Samba was configured to install itself). This will also + cause nmbd to dump out its server database in + the log.nmb file. + + The debug log level of nmbd may be raised or lowered using + smbcontrol(1) + (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + to allow transient problems to be diagnosed, whilst still running + at a normally low log level. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + inetd(8), smbd(8), + smb.conf(5) + , smbclient(1) + , + testparm(1), + testprns(1), and the Internet RFC's + rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/nmblookup.1.sgml b/docs/docbook/manpages/nmblookup.1.sgml new file mode 100644 index 00000000000..67efac56343 --- /dev/null +++ b/docs/docbook/manpages/nmblookup.1.sgml @@ -0,0 +1,249 @@ + + + + + nmblookup + 1 + + + + + nmblookup + NetBIOS over TCP/IP client used to lookup NetBIOS + names + + + + + nmblookup + -M + -R + -S + -r + -A + -h + -B <broadcast address> + -U <unicast address> + -d <debug level> + -s <smb config file> + -i <NetBIOS scope> + -T + name + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + nmblookup is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP. + + + + OPTIONS + + + + -M + Searches for a master browser by looking + up the NetBIOS name name with a + type of 0x1d. If + name is "-" then it does a lookup on the special name + __MSBROWSE__. + + + + -R + Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See rfc1001, rfc1002 for details. + + + + + -S + Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. + + + + + + -r + Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the nmbd(8) + daemon is running on this machine it also binds to this port. + + + + + + -A + Interpret name as + an IP Address and do a node status query on this address. + + + + + + + -h + Print a help (usage) message. + + + + + + -B <broadcast address> + Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the interfaces + parameter of the smb.conf (5) file. + + + + + + + -U <unicast address> + Do a unicast query to the specified address or + host unicast address. This option + (along with the -R option) is needed to + query a WINS server. + + + + + -d <debuglevel> + debuglevel is an integer from 0 to 10. + + The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged. + + Levels above 1 will generate considerable amounts of + log data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of data, most of which is extremely cryptic. + + Note that specifying this parameter here will override + the + log level parameter in the + smb.conf(5) file. + + + + -s <smb.conf> + This parameter specifies the pathname to + the Samba configuration file, + smb.conf(5). This file controls all aspects of + the Samba setup on the machine. + + + + -i <scope> + This specifies a NetBIOS scope that + nmblookup will use to communicate with when + generating NetBIOS names. For details on the use of NetBIOS + scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are + very rarely used, only set this parameter + if you are the system administrator in charge of all the + NetBIOS systems you communicate with. + + + + + -T + This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each + + IP address .... NetBIOS name + + pair that is the normal output. + + + + + name + This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area. + + + + + + + EXAMPLES + + nmblookup can be used to query + a WINS server (in the same way nslookup is + used to query DNS servers). To query a WINS server, + nmblookup must be called like this: + + nmblookup -U server -R 'name' + + For example, running : + + nmblookup -U samba.org -R 'IRIX#1B' + + would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup. + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + nmbd(8), + samba(7), and smb.conf(5) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/pdbedit.8.sgml b/docs/docbook/manpages/pdbedit.8.sgml new file mode 100644 index 00000000000..eeb1fb0d2c6 --- /dev/null +++ b/docs/docbook/manpages/pdbedit.8.sgml @@ -0,0 +1,290 @@ + + + + + pdbedit + 8 + + + + + pdbedit + manage the SAM database + + + + + pdbedit + -l + -v + -w + -u username + -f fullname + -h homedir + -d drive + -s script + -p profile + -a + -m + -x + -i file + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + The pdbedit program is used to manage the users accounts + stored in the sam database and can be run only by root. + + The pdbedit tool use the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be addedd + without changing the tool). + + There are five main ways to use pdbedit: adding a user account, + removing a user account, modifing a user account, listing user + accounts, importing users accounts. + + + + OPTIONS + + + -l + This option list all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character. + + Example: pdbedit -l + + sorce:500:Simo Sorce + samba:45:Test User + + + + + + + + -v + This option sets the verbose listing format. + It will make pdbedit list the users in the database printing + out the account fields in a descriptive format. + + Example: pdbedit -l -v + + --------------- + username: sorce + user ID/Group: 500/500 + user RID/GRID: 2000/2001 + Full Name: Simo Sorce + Home Directory: \\BERSERKER\sorce + HomeDir Drive: H: + Logon Script: \\BERSERKER\netlogon\sorce.bat + Profile Path: \\BERSERKER\profile + --------------- + username: samba + user ID/Group: 45/45 + user RID/GRID: 1090/1091 + Full Name: Test User + Home Directory: \\BERSERKER\samba + HomeDir Drive: + Logon Script: + Profile Path: \\BERSERKER\profile + + + + + + + + -w + This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database printing + out the account fields in a format compatible with the + smbpasswd file format. (see the smbpasswd(5) for details) + + Example: pdbedit -l -w + + sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: + samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: + + + + + + + -u username + This option specifies that the username to be + used for the operation requested (listing, adding, removing) + It is required in add, remove and modify + operations and optional in list + operations. + + + + + + + -f fullname + This option can be used while adding or + modifing a user account. It will specify the user's full + name. + + Example: -f "Simo Sorce" + + + + + + + -h homedir + This option can be used while adding or + modifing a user account. It will specify the user's home + directory network path. + + Example: -h "\\\\BERSERKER\\sorce" + + + + + + + + -d drive + This option can be used while adding or + modifing a user account. It will specify the windows drive + letter to be used to map the home directory. + + Example: -d "H:" + + + + + + + -s script + This option can be used while adding or + modifing a user account. It will specify the user's logon + script path. + + Example: -s "\\\\BERSERKER\\netlogon\\sorce.bat" + + + + + + + -p profile + This option can be used while adding or + modifing a user account. It will specify the user's profile + directory. + + Example: -p "\\\\BERSERKER\\netlogon" + + + + + + + -a + This option is used to add a user into the + database. This command need the user name be specified with + the -u switch. When adding a new user pdbedit will also + ask for the password to be used + + Example: pdbedit -a -u sorce + new password: + retype new password + + + + + + + + -m + This option may only be used in conjunction + with the -a option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name). + + Example: pdbedit -a -m -u w2k-wks + + + + + + + -x + This option causes pdbedit to delete an account + from the database. It need the username be specified with the + -u switch. + + Example: pdbedit -x -u bob + + + + + + -i file + This command is used to import a smbpasswd + file into the database. + + This option will ease migration from the plain smbpasswd + file database to more powerful backend databases like tdb and + ldap. + + Example: pdbedit -i /etc/smbpasswd.old + + + + + + + + + NOTES + + This command may be used only by root. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbpasswd(8), + samba(7) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/rpcclient.1.sgml b/docs/docbook/manpages/rpcclient.1.sgml new file mode 100644 index 00000000000..f2a44d69d90 --- /dev/null +++ b/docs/docbook/manpages/rpcclient.1.sgml @@ -0,0 +1,421 @@ + + + + + rpcclient + 1 + + + + + rpcclient + tool for executing client side + MS-RPC functions + + + + + rpcclient + server + -A authfile + -c <command string> + -d debuglevel + -h + -l logfile + -N + -s <smb config file> + -U username[%password] + -W workgroup + -N + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + rpcclient is a utility initially developed + to test MS-RPC functionality in Samba itself. It has undergone + several stages of development and stability. Many system administrators + have now written scripts around it to manage Windows NT clients from + their UNIX workstation. + + + + + OPTIONS + + + + server + NetBIOS name of Server to which to connect. + The server can be any SMB/CIFS server. The name is + resolved using the + name resolve order line from + smb.conf(5). + + + + + -A|--authfile=filename + This option allows + you to specify a file from which to read the username and + password used in the connection. The format of the file is + + + + username = <value> + password = <value> + domain = <value> + + + Make certain that the permissions on the file restrict + access from unwanted users. + + + + + + -c|--command='command string' + execute semicolon separated commands (listed + below)) + + + + + + + -d|--debug=debuglevel + set the debuglevel. Debug level 0 is the lowest + and 100 being the highest. This should be set to 100 if you are + planning on submitting a bug report to the Samba team (see BUGS.txt). + + + + + + + + -h|--help + Print a summary of command line options. + + + + + + + + -l|--logfile=logbasename + File name for log/debug files. The extension + '.client' will be appended. The log file is never removed + by the client. + + + + + + + -N|--nopass + instruct rpcclient not to ask + for a password. By default, rpcclient will prompt + for a password. See also the -U option. + + + + + -s|--conf=smb.conf + Specifies the location of the all important + smb.conf file. + + + + + + -U|--user=username[%password] + Sets the SMB username or username and password. + + If %password is not specified, the user will be prompted. The + client will first check the USER environment variable, then the + LOGNAME variable and if either exists, the + string is uppercased. If these environmental variables are not + found, the username GUEST is used. + + A third option is to use a credentials file which + contains the plaintext of the username and password. This + option is mainly provided for scripts where the admin doesn't + desire to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + -A for more details. + + Be cautious about including passwords in scripts. Also, on + many systems the command line of a running process may be seen + via the ps command. To be safe always allow + rpcclient to prompt for a password and type + it in directly. + + + + + + + -W|--workgroup=domain + Set the SMB domain of the username. This + overrides the default domain which is the domain defined in + smb.conf. If the domain specified is the same as the server's NetBIOS name, + it causes the client to log on using the server's local SAM (as + opposed to the Domain SAM). + + + + + + + + + COMMANDS + + LSARPC + + lsaquery + + lookupsids - Resolve a list + of SIDs to usernames. + + + lookupnames - Resolve s list + of usernames to SIDs. + + + enumtrusts + + + + + + SAMR + + queryuser + querygroup + queryusergroups + querygroupmem + queryaliasmem + querydispinfo + querydominfo + enumdomgroups + + + + + + SPOOLSS + + + adddriver <arch> <config> + - Execute an AddPrinterDriver() RPC to install the printer driver + information on the server. Note that the driver files should + already exist in the directory returned by + getdriverdir. Possible values for + arch are the same as those for + the getdriverdir command. + The config parameter is defined as + follows: + + + Long Printer Name:\ + Driver File Name:\ + Data File Name:\ + Config File Name:\ + Help File Name:\ + Language Monitor Name:\ + Default Data Type:\ + Comma Separated list of Files + + + Any empty fields should be enter as the string "NULL". + + Samba does not need to support the concept of Print Monitors + since these only apply to local printers whose driver can make + use of a bi-directional link for communication. This field should + be "NULL". On a remote NT print server, the Print Monitor for a + driver must already be installed prior to adding the driver or + else the RPC will fail. + + + + + addprinter <printername> + <sharename> <drivername> <port> + - Add a printer on the remote server. This printer + will be automatically shared. Be aware that the printer driver + must already be installed on the server (see adddriver) + and the portmust be a valid port name (see + enumports. + + + + deldriver - Delete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. + + + enumdata - Enumerate all + printer setting data stored on the server. On Windows NT clients, + these values are stored in the registry, while Samba servers + store them in the printers TDB. This command corresponds + to the MS Platform SDK GetPrinterData() function (* This + command is currently unimplemented). + + + + enumjobs <printer> + - List the jobs and status of a given printer. + This command corresponds to the MS Platform SDK EnumJobs() + function (* This command is currently unimplemented). + + + + + enumports [level] + - Executes an EnumPorts() call using the specified + info level. Currently only info levels 1 and 2 are supported. + + + + + enumdrivers [level] + - Execute an EnumPrinterDrivers() call. This lists the various installed + printer drivers for all architectures. Refer to the MS Platform SDK + documentation for more details of the various flags and calling + options. Currently supported info levels are 1, 2, and 3. + + + + enumprinters [level] + - Execute an EnumPrinters() call. This lists the various installed + and share printers. Refer to the MS Platform SDK documentation for + more details of the various flags and calling options. Currently + supported info levels are 0, 1, and 2. + + + + + getdata <printername> + - Retrieve the data for a given printer setting. See + the enumdata command for more information. + This command corresponds to the GetPrinterData() MS Platform + SDK function (* This command is currently unimplemented). + + + + getdriver <printername> + - Retrieve the printer driver information (such as driver file, + config file, dependent files, etc...) for + the given printer. This command corresponds to the GetPrinterDriver() + MS Platform SDK function. Currently info level 1, 2, and 3 are supported. + + + + getdriverdir <arch> + - Execute a GetPrinterDriverDirectory() + RPC to retreive the SMB share name and subdirectory for + storing printer driver files for a given architecture. Possible + values for arch are "Windows 4.0" + (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows + Alpha_AXP", and "Windows NT R4000". + + + + getprinter <printername> + - Retrieve the current printer information. This command + corresponds to the GetPrinter() MS Platform SDK function. + + + + + openprinter <printername> + - Execute an OpenPrinterEx() and ClosePrinter() RPC + against a given printer. + + + setdriver <printername> <drivername> + - Execute a SetPrinter() command to update the printer driver associated + with an installed printer. The printer driver must already be correctly + installed on the print server. + + See also the enumprinters and + enumdrivers commands for obtaining a list of + of installed printers and drivers. + + + + + GENERAL OPTIONS + + + debuglevel - Set the current debug level + used to log information. + + help (?) - Print a listing of all + known commands or extended help on a particular command. + + + quit (exit) - Exit rpcclient + . + + + + + + + BUGS + + rpcclient is designed as a developer testing tool + and may not be robust in certain areas (such as command line parsing). + It has been known to generate a core dump upon failures when invalid + parameters where passed to the interpreter. + + From Luke Leighton's original rpcclient man page: + + "WARNING! The MSRPC over SMB code has + been developed from examining Network traces. No documentation is + available from the original creators (Microsoft) on how MSRPC over + SMB works, or how the individual MSRPC services work. Microsoft's + implementation of these services has been demonstrated (and reported) + to be... a bit flaky in places. + + The development of Samba's implementation is also a bit rough, + and as more of the services are understood, it can even result in + versions of smbd(8) and rpcclient(1) + that are incompatible for some commands or services. Additionally, + the developers are sending reports to Microsoft, and problems found + or reported to Microsoft are fixed in Service Packs, which may + result in incompatibilities." + + + + + VERSION + + This man page is correct for version 3.0 of the Samba + suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original rpcclient man page was written by Matthew + Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. + The conversion to DocBook for Samba 2.2 was done by Gerald + Carter. + + + diff --git a/docs/docbook/manpages/samba.7.sgml b/docs/docbook/manpages/samba.7.sgml new file mode 100644 index 00000000000..5d81d9d4468 --- /dev/null +++ b/docs/docbook/manpages/samba.7.sgml @@ -0,0 +1,213 @@ + + + + + samba + 7 + + + + + SAMBA + A Windows SMB/CIFS fileserver for UNIX + + + + Samba + + + + DESCRIPTION + + The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems. This protocol is sometimes + also referred to as the Common Internet File System (CIFS), + LanManager or NetBIOS protocol. + + + + smbd + The smbd + daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file + for this daemon is described in smb.conf + + + + + nmbd + The nmbd + daemon provides NetBIOS nameserving and browsing + support. The configuration file for this daemon + is described in smb.conf + + + + + smbclient + The smbclient + program implements a simple ftp-like client. This + is useful for accessing SMB shares on other compatible + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to + any SMB server (such as a PC running Windows NT). + + + + + testparm + The testparm + utility is a simple syntax checker for Samba's + smb.confconfiguration file. + + + + + testprns + The testprns + utility supports testing printer names defined + in your printcap> file used + by Samba. + + + + + smbstatus + The smbstatus + tool provides access to information about the + current connections to smbd. + + + + + nmblookup + The nmblookup + tools allows NetBIOS name queries to be made + from a UNIX host. + + + + + make_smbcodepage + The make_smbcodepage + utility provides a means of creating SMB code page + definition files for your smbd server. + + + + + smbpasswd + The smbpasswd + command is a tool for changing LanMan and Windows NT + password hashes on Samba and Windows NT servers. + + + + + + + + COMPONENTS + + The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the + manual pages aren't clear enough then please send a patch or + bug report to + samba@samba.org + + + + + + + AVAILABILITY + + The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but + please obey the terms of this license. + + The latest version of the Samba suite can be + obtained via anonymous ftp from samba.org in the + directory pub/samba/. It is also available on several + mirror sites worldwide. + + You may also find useful information about Samba + on the newsgroup + comp.protocol.smb and the Samba mailing + list. Details on how to join the mailing list are given in + the README file that comes with Samba. + + If you have access to a WWW viewer (such as Netscape + or Mosaic) then you will also find lots of useful information, + including back issues of the Samba mailing list, at + http://lists.samba.org. + + + + VERSION + + This man page is correct for version 2.2 of the + Samba suite. + + + + CONTRIBUTIONS + + If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at + http://lists.samba.org. + + + If you have patches to submit or bugs to report + then you may mail them directly to samba-patches@samba.org. + Note, however, that due to the enormous popularity of this + package the Samba Team may take some time to respond to mail. We + prefer patches in diff -u format. + + + + CONTRIBUTORS + + Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba + users. To see a full list, look at + ftp://samba.org/pub/samba/alpha/change-log + for the pre-CVS changes and at + ftp://samba.org/pub/samba/alpha/cvs.log + for the contributors to Samba post-CVS. CVS is the Open Source + source code control system used by the Samba Team to develop + Samba. The project would have been unmanageable without it. + + In addition, several commercial organizations now help + fund the Samba Team with money and equipment. For details see + the Samba Web pages at + http://samba.org/samba/samba-thanks.html. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smb.conf.5.sgml b/docs/docbook/manpages/smb.conf.5.sgml new file mode 100644 index 00000000000..1567087d9e1 --- /dev/null +++ b/docs/docbook/manpages/smb.conf.5.sgml @@ -0,0 +1,8411 @@ + + + + + smb.conf + 5 + + + + + smb.conf + The configuration file for the Samba suite + + + + SYNOPSIS + + The smb.conf file is a configuration + file for the Samba suite. smb.conf contains + runtime configuration information for the Samba programs. The + smb.conf file is designed to be configured and + administered by the swat(8) + program. The complete description of the file format and + possible parameters held within are here for reference purposes. + + + + FILE FORMAT + + The file consists of sections and parameters. A section + begins with the name of the section in square brackets and continues + until the next section begins. Sections contain parameters of the + form + + name = value + + + The file is line-based - that is, each newline-terminated + line represents either a comment, a section name or a parameter. + + Section and parameter names are not case sensitive. + + Only the first equals sign in a parameter is significant. + Whitespace before or after the first equals sign is discarded. + Leading, trailing and internal whitespace in section and parameter + names is irrelevant. Leading and trailing whitespace in a parameter + value is discarded. Internal whitespace within a parameter value + is retained verbatim. + + Any line beginning with a semicolon (';') or a hash ('#') + character is ignored, as are lines containing only whitespace. + + Any line ending in a '\' is continued + on the next line in the customary UNIX fashion. + + The values following the equals sign in parameters are all + either a string (no quotes needed) or a boolean, which may be given + as yes/no, 0/1 or true/false. Case is not significant in boolean + values, but is preserved in string values. Some items such as + create modes are numeric. + + + + SECTION DESCRIPTIONS + + Each section in the configuration file (except for the + [global] section) describes a shared resource (known + as a "share"). The section name is the name of the + shared resource and the parameters within the section define + the shares attributes. + + There are three special sections, [global], + [homes] and [printers], which are + described under special sections. The + following notes apply to ordinary section descriptions. + + A share consists of a directory to which access is being + given plus a description of the access rights which are granted + to the user of the service. Some housekeeping options are + also specifiable. + + Sections are either file share services (used by the + client as an extension of their native file systems) or + printable services (used by the client to access print services + on the host running the server). + + Sections may be designated guest services, + in which case no password is required to access them. A specified + UNIX guest account is used to define access + privileges in this case. + + Sections other than guest services will require a password + to access them. The client provides the username. As older clients + only provide passwords and not usernames, you may specify a list + of usernames to check against the password using the "user =" + option in the share definition. For modern clients such as + Windows 95/98/ME/NT/2000, this should not be necessary. + + Note that the access rights granted by the server are + masked by the access rights granted to the specified or guest + UNIX user by the host system. The server does not grant more + access than the host system grants. + + The following sample section defines a file space share. + The user has write access to the path /home/bar. + The share is accessed via the share name "foo": + + + + [foo] + path = /home/bar + writeable = true + + + + The following sample section defines a printable share. + The share is readonly, but printable. That is, the only write + access permitted is via calls to open, write to and close a + spool file. The guest ok parameter means + access will be permitted as the default guest user (specified + elsewhere): + + + + [aprinter] + path = /usr/spool/public + writeable = false + printable = true + guest ok = true + + + + + + SPECIAL SECTIONS + + + The [global] section + + parameters in this section apply to the server + as a whole, or are defaults for sections which do not + specifically define certain items. See the notes + under PARAMETERS for more information. + + + + The [homes] section + + If a section called homes is included in the + configuration file, services connecting clients to their + home directories can be created on the fly by the server. + + When the connection request is made, the existing + sections are scanned. If a match is found, it is used. If no + match is found, the requested section name is treated as a + user name and looked up in the local password file. If the + name exists and the correct password has been given, a share is + created by cloning the [homes] section. + + Some modifications are then made to the newly + created share: + + + The share name is changed from homes to + the located username. + + If no path was given, the path is set to + the user's home directory. + + + If you decide to use a path = line + in your [homes] section then you may find it useful + to use the %S macro. For example : + + path = /data/pchome/%S + + would be useful if you have different home directories + for your PCs than for UNIX access. + + This is a fast and simple way to give a large number + of clients access to their home directories with a minimum + of fuss. + + A similar process occurs if the requested section + name is "homes", except that the share name is not + changed to that of the requesting user. This method of using + the [homes] section works well if different users share + a client PC. + + The [homes] section can specify all the parameters + a normal service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] + section: + + + + [homes] + writeable = yes + + + + An important point is that if guest access is specified + in the [homes] section, all home directories will be + visible to all clients without a password. + In the very unlikely event that this is actually desirable, it + would be wise to also specify read only + access. + + Note that the browseable flag for + auto home directories will be inherited from the global browseable + flag, not the [homes] browseable flag. This is useful as + it means setting browseable = no in + the [homes] section will hide the [homes] share but make + any auto home directories visible. + + + + The [printers] section + + This section works like [homes], + but for printers. + + If a [printers] section occurs in the + configuration file, users are able to connect to any printer + specified in the local host's printcap file. + + When a connection request is made, the existing sections + are scanned. If a match is found, it is used. If no match is found, + but a [homes] section exists, it is used as described + above. Otherwise, the requested section name is treated as a + printer name and the appropriate printcap file is scanned to see + if the requested section name is a valid printer share name. If + a match is found, a new printer share is created by cloning + the [printers] section. + + A few modifications are then made to the newly created + share: + + + The share name is set to the located printer + name + + If no printer name was given, the printer name + is set to the located printer name + + If the share does not permit guest access and + no username was given, the username is set to the located + printer name. + + + Note that the [printers] service MUST be + printable - if you specify otherwise, the server will refuse + to load the configuration file. + + Typically the path specified would be that of a + world-writeable spool directory with the sticky bit set on + it. A typical [printers] entry would look like + this: + + + [printers] + path = /usr/spool/public + guest ok = yes + printable = yes + + + All aliases given for a printer in the printcap file + are legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will have + to set up a pseudo-printcap. This is a file consisting of one or + more lines like this: + + + + alias|alias|alias|alias... + + + + Each alias should be an acceptable printer name for + your printing subsystem. In the [global] section, specify + the new file as your printcap. The server will then only recognize + names found in your pseudo-printcap, which of course can contain + whatever aliases you like. The same technique could be used + simply to limit access to a subset of your local printers. + + An alias, by the way, is defined as any component of the + first entry of a printcap record. Records are separated by newlines, + components (if there are more than one) are separated by vertical + bar symbols ('|'). + + NOTE: On SYSV systems which use lpstat to determine what + printers are defined on the system you may be able to use + "printcap name = lpstat" to automatically obtain a list + of printers. See the "printcap name" option + for more details. + + + + + PARAMETERS + + parameters define the specific attributes of sections. + + Some parameters are specific to the [global] section + (e.g., security). Some parameters are usable + in all sections (e.g., create mode). All others + are permissible only in normal sections. For the purposes of the + following descriptions the [homes] and [printers] + sections will be considered normal. The letter G + in parentheses indicates that a parameter is specific to the + [global] section. The letter S + indicates that a parameter can be specified in a service specific + section. Note that all S parameters can also be specified in + the [global] section - in which case they will define + the default behavior for all services. + + parameters are arranged here in alphabetical order - this may + not create best bedfellows, but at least you can find them! Where + there are synonyms, the preferred synonym is described, others refer + to the preferred synonym. + + + + VARIABLE SUBSTITUTIONS + + Many of the strings that are settable in the config file + can take substitutions. For example the option "path = + /tmp/%u" would be interpreted as "path = + /tmp/john" if the user connected with the username john. + + These substitutions are mostly noted in the descriptions below, + but there are some general substitutions which apply whenever they + might be relevant. These are: + + + + %S + the name of the current service, if any. + + + + + %P + the root directory of the current service, + if any. + + + + %u + user name of the current service, if any. + + + + + %g + primary group name of %u. + + + + %U + session user name (the user name that the client + wanted, not necessarily the same as the one they got). + + + + %G + primary group name of %U. + + + + %H + the home directory of the user given + by %u. + + + + %v + the Samba version. + + + + %h + the Internet hostname that Samba is running + on. + + + + %m + the NetBIOS name of the client machine + (very useful). + + + + %L + the NetBIOS name of the server. This allows you + to change your config based on what the client calls you. Your + server can have a "dual personality". + + Note that this paramater is not available when Samba listens + on port 445, as clients no longer send this information + + + + + + %M + the Internet name of the client machine. + + + + + %N + the name of your NIS home directory server. + This is obtained from your NIS auto.map entry. If you have + not compiled Samba with the --with-automount + option then this value will be the same as %L. + + + + + %p + the path of the service's home directory, + obtained from your NIS auto.map entry. The NIS auto.map entry + is split up as "%N:%p". + + + + %R + the selected protocol level after + protocol negotiation. It can be one of CORE, COREPLUS, + LANMAN1, LANMAN2 or NT1. + + + + %d + The process id of the current server + process. + + + + %a + the architecture of the remote + machine. Only some are recognized, and those may not be + 100% reliable. It currently recognizes Samba, WfWg, Win95, + WinNT and Win2k. Anything else will be known as + "UNKNOWN". If it gets it wrong then sending a level + 3 log to samba@samba.org + should allow it to be fixed. + + + + %I + The IP address of the client machine. + + + + + %T + the current date and time. + + + + %$(envvar) + The value of the environment variable + envar. + + + + There are some quite creative things that can be done + with these substitutions and other smb.conf options. + + + NAME MANGLING + + Samba supports "name mangling" so that DOS and + Windows clients can use files that don't conform to the 8.3 format. + It can also be set to adjust the case of 8.3 format filenames. + + There are several options that control the way mangling is + performed, and they are grouped here rather than listed separately. + For the defaults look at the output of the testparm program. + + All of these options can be set separately for each service + (or globally, of course). + + The options are: + + + + + mangle case = yes/no + controls if names that have characters that + aren't of the "default" case are mangled. For example, + if this is yes then a name like "Mail" would be mangled. + Default no. + + + + case sensitive = yes/no + controls whether filenames are case sensitive. If + they aren't then Samba must do a filename search and match on passed + names. Default no. + + + + default case = upper/lower + controls what the default case is for new + filenames. Default lower. + + + + preserve case = yes/no + controls if new files are created with the + case that the client passes, or if they are forced to be the + "default" case. Default yes. + + + + + short preserve case = yes/no + controls if new files which conform to 8.3 syntax, + that is all in upper case and of suitable length, are created + upper case, or if they are forced to be the "default" + case. This option can be use with "preserve case = yes" + to permit long filenames to retain their case, while short names + are lowercased. Default yes. + + + + By default, Samba 2.2 has the same semantics as a Windows + NT server, in that it is case insensitive but case preserving. + + + + + NOTE ABOUT USERNAME/PASSWORD VALIDATION + + There are a number of ways in which a user can connect + to a service. The server uses the following steps in determining + if it will allow a connection to a specified service. If all the + steps fail, then the connection request is rejected. However, if one of the + steps succeeds, then the following steps are not checked. + + If the service is marked "guest only = yes" then + steps 1 to 5 are skipped. + + + If the client has passed a username/password + pair and that username/password pair is validated by the UNIX + system's password programs then the connection is made as that + username. Note that this includes the + \\server\service%username method of passing + a username. + + If the client has previously registered a username + with the system and now supplies a correct password for that + username then the connection is allowed. + + The client's NetBIOS name and any previously + used user names are checked against the supplied password, if + they match then the connection is allowed as the corresponding + user. + + If the client has previously validated a + username/password pair with the server and the client has passed + the validation token then that username is used. + + If a "user = " field is given in the + smb.conf file for the service and the client + has supplied a password, and that password matches (according to + the UNIX system's password checking) with one of the usernames + from the "user =" field then the connection is made as + the username in the "user =" line. If one + of the username in the "user =" list begins with a + '@' then that name expands to a list of names in + the group of the same name. + + If the service is a guest service then a + connection is made as the username given in the "guest + account =" for the service, irrespective of the + supplied password. + + + + + + COMPLETE LIST OF GLOBAL PARAMETERS + + Here is a list of all global parameters. See the section of + each parameter for details. Note that some are synonyms. + + + abort shutdown script + add printer command + add share command + add user script + add machine script + allow trusted domains + announce as + announce version + auth methods + auto services + bind interfaces only + browse list + change notify timeout + change share command + config file + deadtime + debug hires timestamp + debug pid + debug timestamp + debug uid + debuglevel + default + default service + delete printer command + delete share command + delete user script + dfree command + disable spoolss + dns proxy + domain admin group + domain guest group + domain logons + domain master + encrypt passwords + enhanced browsing + enumports command + getwd cache + hide local users + hide unreadable + homedir map + host msdfs + hosts equiv + interfaces + keepalive + kernel oplocks + lanman auth + large readwrite + + ldap admin dn + ldap filter + ldap port + ldap server + ldap ssl + ldap suffix + + lm announce + lm interval + load printers + local master + lock dir + lock directory + log file + log level + logon drive + logon home + logon path + logon script + lpq cache time + machine password timeout + mangled stack + map to guest + max disk size + max log size + max mux + max open files + max protocol + max smbd processes + max ttl + max wins ttl + max xmit + message command + min passwd length + min password length + min protocol + min wins ttl + name resolve order + netbios aliases + netbios name + netbios scope + nis homedir + non unix account range + nt pipe support + null passwords + obey pam restrictions + oplock break wait time + os level + os2 driver map + pam password change + panic action + passdb backend + passwd chat + passwd chat debug + passwd program + password level + password server + prefered master + preferred master + preload + printcap + printcap name + printer driver file + private dir + protocol + read bmpx + read raw + read size + remote announce + remote browse sync + restrict anonymous + root + root dir + root directory + security + server string + show add printer wizard + shutdown script + smb passwd file + socket address + socket options + source environment + + ssl + ssl CA certDir + ssl CA certFile + ssl ciphers + ssl client cert + ssl client key + ssl compatibility + ssl egd socket + ssl entropy bytes + ssl entropy file + ssl hosts + ssl hosts resign + ssl require clientcert + ssl require servercert + ssl server cert + ssl server key + ssl version + + stat cache + stat cache size + strip dot + syslog + syslog only + template homedir + template shell + time offset + time server + timestamp logs + total print jobs + unix extensions + unix password sync + update encrypted + use mmap + use rhosts + username level + username map + utmp + utmp directory + winbind cache time + winbind enum users + winbind enum groups + winbind gid + winbind separator + winbind uid + winbind use default domain + wins hook + wins proxy + wins server + wins support + workgroup + write raw + + + + + + COMPLETE LIST OF SERVICE PARAMETERS + + Here is a list of all service parameters. See the section on + each parameter for details. Note that some are synonyms. + + + admin users + allow hosts + available + blocking locks + browsable + browseable + case sensitive + casesignames + comment + copy + create mask + create mode + default case + default devmode + delete readonly + delete veto files + deny hosts + directory + directory mask + directory mode + directory security mask + dont descend + dos filemode + dos filetime resolution + dos filetimes + exec + fake directory create times + fake oplocks + follow symlinks + force create mode + force directory mode + force directory security mode + force group + force security mode + force user + fstype + group + guest account + guest ok + guest only + hide dot files + hide files + hosts allow + hosts deny + include + inherit permissions + invalid users + level2 oplocks + locking + lppause command + lpq command + lpresume command + lprm command + magic output + magic script + mangle case + mangled map + mangled names + mangling char + map archive + map hidden + map system + max connections + max print jobs + min print space + msdfs root + nt acl support + only guest + only user + oplock contention limit + oplocks + path + posix locking + postexec + postscript + preexec + preexec close + preserve case + print command + print ok + printable + printer + printer admin + printer driver + printer driver location + printer name + printing + public + queuepause command + queueresume command + read list + read only + root postexec + root preexec + root preexec close + security mask + set directory + short preserve case + status + strict allocate + strict locking + strict sync + sync always + use client driver + user + username + users + valid users + veto files + veto oplock files + vfs object + vfs options + volume + wide links + writable + write cache size + write list + write ok + writeable + + + + + + EXPLANATION OF EACH PARAMETER + + + + + abort shutdown script (G) + This parameter only exists in the HEAD cvs branch + This a full path name to a script called by + smbd(8) that + should stop a shutdown procedure issued by the shutdown script. + + This command will be run as user. + + Default: None. + Example: abort shutdown script = /sbin/shutdown -c + + + + + + add printer command (G) + With the introduction of MS-RPC based printing + support for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or Windows + NT/2000 print server. + + For a Samba host this means that the printer must be + physically added to the underlying printing system. The add + printer command defines a script to be run which + will perform the necessary operations for adding the printer + to the print system and to add the appropriate service definition + to the smb.conf file in order that it can be + shared by smbd(8) + . + + The add printer command is + automatically invoked with the following parameter (in + order: + + + printer name + share name + port name + driver name + location + Windows 9x driver location + + + + All parameters are filled in from the PRINTER_INFO_2 structure sent + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility + only. The remaining fields in the structure are generated from answers + to the APW questions. + + Once the add printer command has + been executed, smbd will reparse the + smb.conf to determine if the share defined by the APW + exists. If the sharename is still invalid, then smbd + will return an ACCESS_DENIED error to the client. + + See also + delete printer command, printing, + show add + printer wizard + + Default: none + Example: addprinter command = /usr/bin/addprinter + + + + + + + + add share command (G) + Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + add share command is used to define an + external program or script which will add a new service definition + to smb.conf. In order to successfully + execute the add share command, smbd + requires that the administrator be connected using a root account (i.e. + uid == 0). + + + + When executed, smbd will automatically invoke the + add share command with four parameters. + + + + configFile - the location + of the global smb.conf file. + + + shareName - the name of the new + share. + + + pathName - path to an **existing** + directory on disk. + + + comment - comment string to associate + with the new share. + + + + + This parameter is only used for add file shares. To add printer shares, + see the add printer + command. + + + + See also change share + command, delete share + command. + + + Default: none + Example: add share command = /usr/local/bin/addshare + + + + + + + add machine script (G) + This is the full pathname to a script that will + be run by smbd(8) when a machine is added + to it's domain using the administrator username and password method. + + This option is only required when using sam back-ends tied to the + Unix uid method of RID calculation such as smbpasswd. This option is only + available in Samba 3.0. + + Default: add machine script = <empty string> + + + Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u + + + + + + + add user script (G) + This is the full pathname to a script that will + be run AS ROOT by smbd(8) + under special circumstances described below. + + Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users + ON DEMAND when a user accesses the Samba server. + + In order to use this option, smbd + must NOT be set to security = share + and add user script + must be set to a full pathname for a script that will create a UNIX + user given one argument of %u, which expands into + the UNIX user name to create. + + When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, + smbd contacts the password server and + attempts to authenticate the given user with the given password. If the + authentication succeeds then smbd + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and add user script + is set then smbd will + call the specified script AS ROOT, expanding + any %u argument to be the user name to create. + + If this script successfully creates the user then smbd + will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts. + + See also + security, + password server, + delete user + script. + + Default: add user script = <empty string> + + + Example: add user script = /usr/local/samba/bin/add_user + %u + + + + + + + admin users (S) + This is a list of users who will be granted + administrative privileges on the share. This means that they + will do all file operations as the super-user (root). + + You should use this option very carefully, as any user in + this list will be able to do anything they like on the share, + irrespective of file permissions. + + Default: no admin users + + Example: admin users = jason + + + + + + + allow hosts (S) + Synonym for + hosts allow. + + + + + + allow trusted domains (G) + This option only takes effect when the security option is set to + server or domain. + If it is set to no, then attempts to connect to a resource from + a domain or workgroup other than the one which smbd is running + in will fail, even if that domain is trusted by the remote server + doing the authentication. + + This is useful if you only want your Samba server to + serve resources to users in the domain it is a member of. As + an example, suppose that there are two domains DOMA and DOMB. DOMB + is trusted by DOMA, which contains the Samba server. Under normal + circumstances, a user with an account in DOMB can then access the + resources of a UNIX account with the same account name on the + Samba server even if they do not have an account in DOMA. This + can make implementing a security boundary difficult. + + Default: allow trusted domains = yes + + + + + + + + announce as (G) + This specifies what type of server + nmbd + will announce itself as, to a network neighborhood browse + list. By default this is set to Windows NT. The valid options + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, + Windows NT Workstation, Windows 95 and Windows for Workgroups + respectively. Do not change this parameter unless you have a + specific need to stop Samba appearing as an NT server as this + may prevent Samba servers from participating as browser servers + correctly. + + Default: announce as = NT Server + + Example: announce as = Win95 + + + + + + + announce version (G) + This specifies the major and minor version numbers + that nmbd will use when announcing itself as a server. The default + is 4.2. Do not change this parameter unless you have a specific + need to set a Samba server to be a downlevel server. + + Default: announce version = 4.5 + + Example: announce version = 2.0 + + + + + + + auto services (G) + This is a synonym for the + preload. + + + + + + + auth methods (G) + This option allows the administrator to chose what + authentication methods smbd will use when authenticating + a user. This option defaults to sensible values based on + security. + + Each entry in the list attempts to authenticate the user in turn, until + the user authenticates. In practice only one method will ever actually + be able to complete the authentication. + + + Default: auth methods = <empty string> + Example: auth methods = guest sam ntdomain + + + + + + available (S) + This parameter lets you "turn off" a service. If + available = no, then ALL + attempts to connect to the service will fail. Such failures are + logged. + + Default: available = yes + + + + + + + + bind interfaces only (G) + This global parameter allows the Samba admin + to limit what interfaces on a machine will serve SMB requests. If + affects file service smbd(8) and + name service nmbd(8) in slightly + different ways. + + For name service it causes nmbd to bind + to ports 137 and 138 on the interfaces listed in the interfaces parameter. nmbd + also binds to the "all addresses" interface (0.0.0.0) + on ports 137 and 138 for the purposes of reading broadcast messages. + If this option is not set then nmbd will service + name requests on all of these sockets. If bind interfaces + only is set then nmbd will check the + source address of any packets coming in on the broadcast sockets + and discard any that don't match the broadcast addresses of the + interfaces in the interfaces parameter list. + As unicast packets are received on the other sockets it allows + nmbd to refuse to serve names to machines that + send packets that arrive through any interfaces not listed in the + interfaces list. IP Source address spoofing + does defeat this simple check, however so it must not be used + seriously as a security feature for nmbd. + + For file service it causes smbd(8) + to bind only to the interface list given in the + interfaces parameter. This restricts the networks that + smbd will serve to packets coming in those + interfaces. Note that you should not use this parameter for machines + that are serving PPP or other intermittent or non-broadcast network + interfaces as it will not cope with non-permanent interfaces. + + If bind interfaces only is set then + unless the network address 127.0.0.1 is added + to the interfaces parameter list smbpasswd(8) + and swat(8) may + not work as expected due to the reasons covered below. + + To change a users SMB password, the smbpasswd + by default connects to the localhost - 127.0.0.1 + address as an SMB client to issue the password change request. If + bind interfaces only is set then unless the + network address 127.0.0.1 is added to the + interfaces parameter list then + smbpasswd will fail to connect in it's default mode. + smbpasswd can be forced to use the primary IP interface + of the local host by using its + -r remote machine + parameter, with remote machine set + to the IP name of the primary interface of the local host. + + The swat status page tries to connect with + smbd and nmbd at the address + 127.0.0.1 to determine if they are running. + Not adding 127.0.0.1 will cause + smbd and nmbd to always show + "not running" even if they really are. This can prevent + swat from starting/stopping/restarting smbd + and nmbd. + + Default: bind interfaces only = no + + + + + + + + blocking locks (S) + This parameter controls the behavior of smbd(8) when given a request by a client + to obtain a byte range lock on a region of an open file, and the + request has a time limit associated with it. + + If this parameter is set and the lock range requested + cannot be immediately satisfied, Samba 2.2 will internally + queue the lock request, and periodically attempt to obtain + the lock until the timeout period expires. + + If this parameter is set to false, then + Samba 2.2 will behave as previous versions of Samba would and + will fail the lock request immediately if the lock range + cannot be obtained. + + Default: blocking locks = yes + + + + + + + + browsable (S) + See the + browseable. + + + + + + browse list (G) + This controls whether + smbd(8) will serve a browse list to + a client doing a NetServerEnum call. Normally + set to true. You should never need to change + this. + + Default: browse list = yes + + + + + + browseable (S) + This controls whether this share is seen in + the list of available shares in a net view and in the browse list. + + Default: browseable = yes + + + + + + + case sensitive (S) + See the discussion in the section NAME MANGLING. + + Default: case sensitive = no + + + + + + + casesignames (S) + Synonym for case + sensitive. + + + + + + change notify timeout (G) + This SMB allows a client to tell a server to + "watch" a particular directory for any changes and only reply to + the SMB request when a change has occurred. Such constant scanning of + a directory is expensive under UNIX, hence an + smbd(8) daemon only performs such a scan + on each requested directory once every change notify + timeout seconds. + + Default: change notify timeout = 60 + Example: change notify timeout = 300 + + Would change the scan time to every 5 minutes. + + + + + + change share command (G) + Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + change share command is used to define an + external program or script which will modify an existing service definition + in smb.conf. In order to successfully + execute the change share command, smbd + requires that the administrator be connected using a root account (i.e. + uid == 0). + + + + When executed, smbd will automatically invoke the + change share command with four parameters. + + + + configFile - the location + of the global smb.conf file. + + + shareName - the name of the new + share. + + + pathName - path to an **existing** + directory on disk. + + + comment - comment string to associate + with the new share. + + + + + This parameter is only used modify existing file shares definitions. To modify + printer shares, use the "Printers..." folder as seen when browsing the Samba host. + + + + See also add share + command, delete + share command. + + + Default: none + Example: change share command = /usr/local/bin/addshare + + + + + + + + + comment (S) + This is a text field that is seen next to a share + when a client does a queries the server, either via the network + neighborhood or via net view to list what shares + are available. + + If you want to set the string that is displayed next to the + machine name then see the + server string parameter. + + Default: No comment string + Example: comment = Fred's Files + + + + + + config file (G) + This allows you to override the config file + to use, instead of the default (usually smb.conf). + There is a chicken and egg problem here as this option is set + in the config file! + + For this reason, if the name of the config file has changed + when the parameters are loaded then it will reload them from + the new config file. + + This option takes the usual substitutions, which can + be very useful. + + If the config file doesn't exist then it won't be loaded + (allowing you to special case the config files of just a few + clients). + + Example: config file = /usr/local/samba/lib/smb.conf.%m + + + + + + + copy (S) + This parameter allows you to "clone" service + entries. The specified service is simply duplicated under the + current service's name. Any parameters specified in the current + section will override those in the section being copied. + + This feature lets you set up a 'template' service and + create similar services easily. Note that the service being + copied must occur earlier in the configuration file than the + service doing the copying. + + Default: no value + Example: copy = otherservice + + + + + + create mask (S) + A synonym for this parameter is + create mode + . + + When a file is created, the necessary permissions are + calculated according to the mapping from DOS modes to UNIX + permissions, and the resulting UNIX mode is then bit-wise 'AND'ed + with this parameter. This parameter may be thought of as a bit-wise + MASK for the UNIX modes of a file. Any bit not + set here will be removed from the modes set on a file when it is + created. + + The default value of this parameter removes the + 'group' and 'other' write and execute bits from the UNIX modes. + + Following this Samba will bit-wise 'OR' the UNIX mode created + from this parameter with the value of the force create mode + parameter which is set to 000 by default. + + This parameter does not affect directory modes. See the + parameter directory mode + for details. + + See also the force + create mode parameter for forcing particular mode + bits to be set on created files. See also the + directory mode parameter for masking + mode bits on created directories. See also the + inherit permissions parameter. + + Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the security mask. + + Default: create mask = 0744 + Example: create mask = 0775 + + + + + + create mode (S) + This is a synonym for + create mask. + + + + + + deadtime (G) + The value of the parameter (a decimal integer) + represents the number of minutes of inactivity before a connection + is considered dead, and it is disconnected. The deadtime only takes + effect if the number of open files is zero. + + This is useful to stop a server's resources being + exhausted by a large number of inactive connections. + + Most clients have an auto-reconnect feature when a + connection is broken so in most cases this parameter should be + transparent to users. + + Using this parameter with a timeout of a few minutes + is recommended for most systems. + + A deadtime of zero indicates that no auto-disconnection + should be performed. + + Default: deadtime = 0 + Example: deadtime = 15 + + + + + + debug hires timestamp (G) + Sometimes the timestamps in the log messages + are needed with a resolution of higher that seconds, this + boolean parameter adds microsecond resolution to the timestamp + message header when turned on. + + Note that the parameter + debug timestamp must be on for this to have an + effect. + + Default: debug hires timestamp = no + + + + + + + debug pid (G) + When using only one log file for more then one + forked smbd-process there may be hard to follow which process + outputs which message. This boolean parameter is adds the process-id + to the timestamp message headers in the logfile when turned on. + + Note that the parameter + debug timestamp must be on for this to have an + effect. + + Default: debug pid = no + + + + + debug timestamp (G) + Samba 2.2 debug log messages are timestamped + by default. If you are running at a high + debug level these timestamps + can be distracting. This boolean parameter allows timestamping + to be turned off. + + Default: debug timestamp = yes + + + + + + debug uid (G) + Samba is sometimes run as root and sometime + run as the connected user, this boolean parameter inserts the + current euid, egid, uid and gid to the timestamp message headers + in the log file if turned on. + + Note that the parameter + debug timestamp must be on for this to have an + effect. + + Default: debug uid = no + + + + + + debuglevel (G) + Synonym for + log level. + + + + + + + default (G) + A synonym for + default service. + + + + + + default case (S) + See the section on + NAME MANGLING. Also note the + short preserve case parameter. + + Default: default case = lower + + + + + + + default devmode (S) + This parameter is only applicable to printable services. When smbd is serving + Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as paper size and + orientation and duplex settings. The device mode can only correctly be + generated by the printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the driver code + to generate the device mode, the default behavior is to set this field + to NULL. + + + Most problems with serving printer drivers to Windows NT/2k/XP clients + can be traced to a problem with the generated device mode. Certain drivers + will do things such as crashing the client's Explorer.exe with a NULL devmode. + However, other printer drivers can cause the client's spooler service + (spoolsv.exe) to die if the devmode was not created by the driver itself + (i.e. smbd generates a default devmode). + + + This parameter should be used with care and tested with the printer + driver in question. It is better to leave the device mode to NULL + and let the Windows client set the correct values. Because drivers do not + do this all the time, setting default devmode = yes + will instruct smbd to generate a default one. + + + For more information on Windows NT/2k printing and Device Modes, + see the MSDN documentation. + + + Default: default devmode = no + + + + + + + default service (G) + This parameter specifies the name of a service + which will be connected to if the service actually requested cannot + be found. Note that the square brackets are NOT + given in the parameter value (see example below). + + There is no default value for this parameter. If this + parameter is not given, attempting to connect to a nonexistent + service results in an error. + + Typically the default service would be a + guest ok, + read-only service. + + Also note that the apparent service name will be changed + to equal that of the requested service, this is very useful as it + allows you to use macros like %S to make + a wildcard service. + + Note also that any "_" characters in the name of the service + used in the default service will get mapped to a "/". This allows for + interesting things. + + + Example: + + +[global] + default service = pub + +[pub] + path = /%S + + + + + + + + delete printer command (G) + With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call. + + For a Samba host this means that the printer must be + physically deleted from underlying printing system. The + deleteprinter command defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from smb.conf. + + + The delete printer command is + automatically called with only one parameter: + "printer name". + + + Once the delete printer command has + been executed, smbd will reparse the + smb.conf to associated printer no longer exists. + If the sharename is still valid, then smbd + will return an ACCESS_DENIED error to the client. + + See also + add printer command, printing, + show add + printer wizard + + Default: none + Example: deleteprinter command = /usr/bin/removeprinter + + + + + + + + + + + delete readonly (S) + This parameter allows readonly files to be deleted. + This is not normal DOS semantics, but is allowed by UNIX. + + This option may be useful for running applications such + as rcs, where UNIX file ownership prevents changing file + permissions, and DOS semantics prevent deletion of a read only file. + + Default: delete readonly = no + + + + + + delete share command (G) + Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + delete share command is used to define an + external program or script which will remove an existing service + definition from smb.conf. In order to successfully + execute the delete share command, smbd + requires that the administrator be connected using a root account (i.e. + uid == 0). + + + + When executed, smbd will automatically invoke the + delete share command with two parameters. + + + + configFile - the location + of the global smb.conf file. + + + shareName - the name of + the existing service. + + + + + This parameter is only used to remove file shares. To delete printer shares, + see the delete printer + command. + + + + See also add share + command, change + share command. + + + Default: none + Example: delete share command = /usr/local/bin/delshare + + + + + + + + + delete user script (G) + This is the full pathname to a script that will + be run AS ROOT by + smbd(8) under special circumstances + described below. + + Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows + smbd to delete the required UNIX users ON + DEMAND when a user accesses the Samba server and the + Windows NT user no longer exists. + + In order to use this option, smbd must be + set to security = domain or security = + user and delete user script + must be set to a full pathname for a script + that will delete a UNIX user given one argument of %u, + which expands into the UNIX user name to delete. + + When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) + time, smbd contacts the + password server and attempts to authenticate + the given user with the given password. If the authentication fails + with the specific Domain error code meaning that the user no longer + exists then smbd attempts to find a UNIX user in + the UNIX password database that matches the Windows user account. If + this lookup succeeds, and delete user script is + set then smbd will all the specified script + AS ROOT, expanding any %u + argument to be the user name to delete. + + This script should delete the given UNIX username. In this way, + UNIX users are dynamically deleted to match existing Windows NT + accounts. + + See also security = domain, + password server + , add user script + . + + Default: delete user script = <empty string> + + Example: delete user script = /usr/local/samba/bin/del_user + %u + + + + + + + + delete veto files (S) + This option is used when Samba is attempting to + delete a directory that contains one or more vetoed directories + (see the veto files + option). If this option is set to false (the default) then if a vetoed + directory contains any non-vetoed files or directories then the + directory delete will fail. This is usually what you want. + + If this option is set to true, then Samba + will attempt to recursively delete any files and directories within + the vetoed directory. This can be useful for integration with file + serving systems such as NetAtalk which create meta-files within + directories you might normally veto DOS/Windows users from seeing + (e.g. .AppleDouble) + + Setting delete veto files = yes allows these + directories to be transparently deleted when the parent directory + is deleted (so long as the user has permissions to do so). + + See also the veto + files parameter. + + Default: delete veto files = no + + + + + + + deny hosts (S) + Synonym for hosts + deny. + + + + + + + dfree command (G) + The dfree command setting should + only be used on systems where a problem occurs with the internal + disk space calculations. This has been known to happen with Ultrix, + but may occur with other operating systems. The symptom that was + seen was an error of "Abort Retry Ignore" at the end of each + directory listing. + + This setting allows the replacement of the internal routines to + calculate the total disk space and amount available with an external + routine. The example below gives a possible script that might fulfill + this function. + + The external program will be passed a single parameter indicating + a directory in the filesystem being queried. This will typically consist + of the string ./. The script should return two + integers in ASCII. The first should be the total disk space in blocks, + and the second should be the number of available blocks. An optional + third return value can give the block size in bytes. The default + blocksize is 1024 bytes. + + Note: Your script should NOT be setuid or + setgid and should be owned by (and writeable only by) root! + + Default: By default internal routines for + determining the disk capacity and remaining space will be used. + + + Example: dfree command = /usr/local/samba/bin/dfree + + + Where the script dfree (which must be made executable) could be: + + + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' + + + or perhaps (on Sys V based systems): + + + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + + + Note that you may have to replace the command names + with full path names on some systems. + + + + + + + + directory (S) + Synonym for path + . + + + + + + directory mask (S) + This parameter is the octal modes which are + used when converting DOS modes to UNIX modes when creating UNIX + directories. + + When a directory is created, the necessary permissions are + calculated according to the mapping from DOS modes to UNIX permissions, + and the resulting UNIX mode is then bit-wise 'AND'ed with this + parameter. This parameter may be thought of as a bit-wise MASK for + the UNIX modes of a directory. Any bit not set + here will be removed from the modes set on a directory when it is + created. + + The default value of this parameter removes the 'group' + and 'other' write bits from the UNIX mode, allowing only the + user who owns the directory to modify it. + + Following this Samba will bit-wise 'OR' the UNIX mode + created from this parameter with the value of the force directory mode + parameter. This parameter is set to 000 by + default (i.e. no extra mode bits are added). + + Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the directory security mask. + + See the force + directory mode parameter to cause particular mode + bits to always be set on created directories. + + See also the create mode + parameter for masking mode bits on created files, + and the directory + security mask parameter. + + Also refer to the + inherit permissions parameter. + + Default: directory mask = 0755 + Example: directory mask = 0775 + + + + + + + directory mode (S) + Synonym for + directory mask + + + + + + directory security mask (S) + This parameter controls what UNIX permission bits + can be modified when a Windows NT client is manipulating the UNIX + permission on a directory using the native NT security dialog + box. + + This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change. + + If not set explicitly this parameter is set to 0777 + meaning a user is allowed to modify all the user/group/world + permissions on a directory. + + Note that users who can access the + Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + it as the default of 0777. + + See also the + force directory security mode, security mask, + force security mode + parameters. + + Default: directory security mask = 0777 + Example: directory security mask = 0700 + + + + + + + disable spoolss (G) + Enabling this parameter will disables Samba's support + for the SPOOLSS set of MS-RPC's and will yield identical behavior + as Samba 2.0.x. Windows NT/2000 clients will downgrade to using + Lanman style printing commands. Windows 9x/ME will be uneffected by + the parameter. However, this will also disable the ability to upload + printer drivers to a Samba server via the Windows NT Add Printer + Wizard or by using the NT printer properties dialog window. It will + also disable the capability of Windows NT/2000 clients to download + print drivers from the Samba host upon demand. + Be very careful about enabling this parameter. + + + See also use client driver + + + Default : disable spoolss = no + + + + + + + dns proxy (G) + Specifies that nmbd(8) + when acting as a WINS server and finding that a NetBIOS name has not + been registered, should treat the NetBIOS name word-for-word as a DNS + name and do a lookup with the DNS server for that name on behalf of + the name-querying client. + + Note that the maximum length for a NetBIOS name is 15 + characters, so the DNS name (or DNS alias) can likewise only be + 15 characters, maximum. + + nmbd spawns a second copy of itself to do the + DNS name lookup requests, as doing a name lookup is a blocking + action. + + See also the parameter + wins support. + + Default: dns proxy = yes + + + + + + domain admin group (G) + This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Admins" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + smb.conf notation. + + + See also domain + guest group, domain + logons + + + Default: no domain administrators + Example: domain admin group = root @wheel + + + + + + + + domain guest group (G) + This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Guests" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + smb.conf notation. + + + See also domain + admin group, domain + logons + + + Default: no domain guests + Example: domain guest group = nobody @guest + + + + + + domain logons (G) + If set to true, the Samba server will serve + Windows 95/98 Domain logons for the + workgroup it is in. Samba 2.2 also + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the Samba-PDC-HOWTO included in the htmldocs/ + directory shipped with the source code. + + Default: domain logons = no + + + + + + domain master (G) + Tell + nmbd(8) to enable WAN-wide browse list + collation. Setting this option causes nmbd to + claim a special domain specific NetBIOS name that identifies + it as a domain master browser for its given + workgroup. Local master browsers + in the same workgroup on broadcast-isolated + subnets will give this nmbd their local browse lists, + and then ask smbd(8) + for a complete copy of the browse list for the whole wide area + network. Browser clients will then contact their local master browser, + and will receive the domain-wide browse list, instead of just the list + for their broadcast-isolated subnet. + + Note that Windows NT Primary Domain Controllers expect to be + able to claim this workgroup specific special + NetBIOS name that identifies them as domain master browsers for + that workgroup by default (i.e. there is no + way to prevent a Windows NT PDC from attempting to do this). This + means that if this parameter is set and nmbd claims + the special name for a workgroup before a Windows + NT PDC is able to do so then cross subnet browsing will behave + strangely and may fail. + + If domain logons = yes + , then the default behavior is to enable the domain + master parameter. If domain logons is + not enabled (the default setting), then neither will domain + master be enabled by default. + + Default: domain master = auto + + + + + + + dont descend (S) + There are certain directories on some systems + (e.g., the /proc tree under Linux) that are either not + of interest to clients or are infinitely deep (recursive). This + parameter allows you to specify a comma-delimited list of directories + that the server should always show as empty. + + Note that Samba can be very fussy about the exact format + of the "dont descend" entries. For example you may need + ./proc instead of just /proc. + Experimentation is the best policy :-) + + Default: none (i.e., all directories are OK + to descend) + Example: dont descend = /proc,/dev + + + + + + + dos filemode (S) + The default behavior in Samba is to provide + UNIX-like behavior where only the owner of a file/directory is + able to change the permissions on it. However, this behavior + is often confusing to DOS/Windows users. Enabling this parameter + allows a user who has write access to the file (by whatever + means) to modify the permissions on it. Note that a user + belonging to the group owning the file will not be allowed to + change permissions if the group is only granted read access. + Ownership of the file/directory is not changed, only the permissions + are modified. + + Default: dos filemode = no + + + + + + + dos filetime resolution (S) + Under the DOS and Windows FAT filesystem, the finest + granularity on time resolution is two seconds. Setting this parameter + for a share causes Samba to round the reported time down to the + nearest two second boundary when a query call that requires one second + resolution is made to smbd(8) + . + + This option is mainly used as a compatibility option for Visual + C++ when used against Samba shares. If oplocks are enabled on a + share, Visual C++ uses two different time reading calls to check if a + file has changed since it was last read. One of these calls uses a + one-second granularity, the other uses a two second granularity. As + the two second call rounds any odd second down, then if the file has a + timestamp of an odd number of seconds then the two timestamps will not + match and Visual C++ will keep reporting the file has changed. Setting + this option causes the two timestamps to match, and Visual C++ is + happy. + + Default: dos filetime resolution = no + + + + + + + dos filetimes (S) + Under DOS and Windows, if a user can write to a + file they can change the timestamp on it. Under POSIX semantics, + only the owner of the file or root may change the timestamp. By + default, Samba runs with POSIX semantics and refuses to change the + timestamp on a file if the user smbd is acting + on behalf of is not the file owner. Setting this option to + true allows DOS semantics and smbd will change the file + timestamp as DOS requires. + + Default: dos filetimes = no + + + + + + encrypt passwords (G) + This boolean controls whether encrypted passwords + will be negotiated with the client. Note that Windows NT 4.0 SP3 and + above and also Windows 98 will by default expect encrypted passwords + unless a registry entry is changed. To use encrypted passwords in + Samba see the file ENCRYPTION.txt in the Samba documentation + directory docs/ shipped with the source code. + + In order for encrypted passwords to work correctly + smbd(8) must either + have access to a local smbpasswd(5) + file (see the + smbpasswd(8) program for information on how to set up + and maintain this file), or set the security = [server|domain|ads] parameter which + causes smbd to authenticate against another + server. + + Default: encrypt passwords = yes + + + + + enhanced browsing (G) + This option enables a couple of enhancements to + cross-subnet browse propagation that have been added in Samba + but which are not standard in Microsoft implementations. + + + The first enhancement to browse propagation consists of a regular + wildcard query to a Samba WINS server for all Domain Master Browsers, + followed by a browse synchronization with each of the returned + DMBs. The second enhancement consists of a regular randomised browse + synchronization with all currently known DMBs. + + You may wish to disable this option if you have a problem with empty + workgroups not disappearing from browse lists. Due to the restrictions + of the browse protocols these enhancements can cause a empty workgroup + to stay around forever which can be annoying. + + In general you should leave this option enabled as it makes + cross-subnet browse propagation much more reliable. + + Default: enhanced browsing = yes + + + + + + enumports command (G) + The concept of a "port" is fairly foreign + to UNIX hosts. Under Windows NT/2000 print servers, a port + is associated with a port monitor and generally takes the form of + a local port (i.e. LPT1:, COM1:, FILE:) or a remote port + (i.e. LPD Port Monitor, etc...). By default, Samba has only one + port defined--"Samba Printer Port". Under + Windows NT/2000, all printers must have a valid port name. + If you wish to have a list of ports displayed (smbd + does not use a port name for anything) other than + the default "Samba Printer Port", you + can define enumports command to point to + a program which should generate a list of ports, one per line, + to standard output. This listing will then be used in response + to the level 1 and 2 EnumPorts() RPC. + + Default: no enumports command + Example: enumports command = /usr/bin/listports + + + + + + exec (S) + This is a synonym for + preexec. + + + + + + fake directory create times (S) + NTFS and Windows VFAT file systems keep a create + time for all files and directories. This is not the same as the + ctime - status change time - that Unix keeps, so Samba by default + reports the earliest of the various times Unix does keep. Setting + this parameter for a share causes Samba to always report midnight + 1-1-1980 as the create time for directories. + + This option is mainly used as a compatibility option for + Visual C++ when used against Samba shares. Visual C++ generated + makefiles have the object directory as a dependency for each object + file, and a make rule to create the directory. Also, when NMAKE + compares timestamps it uses the creation time when examining a + directory. Thus the object directory will be created if it does not + exist, but once it does exist it will always have an earlier + timestamp than the object files it contains. + + However, Unix time semantics mean that the create time + reported by Samba will be updated whenever a file is created or + or deleted in the directory. NMAKE finds all object files in + the object directory. The timestamp of the last one built is then + compared to the timestamp of the object directory. If the + directory's timestamp if newer, then all object files + will be rebuilt. Enabling this option + ensures directories always predate their contents and an NMAKE build + will proceed as expected. + + Default: fake directory create times = no + + + + + + + fake oplocks (S) + Oplocks are the way that SMB clients get permission + from a server to locally cache file operations. If a server grants + an oplock (opportunistic lock) then the client is free to assume + that it is the only one accessing the file and it will aggressively + cache file data. With some oplock types the client may even cache + file open/close operations. This can give enormous performance benefits. + + + When you set fake oplocks = yes, smbd(8) will + always grant oplock requests no matter how many clients are using + the file. + + It is generally much better to use the real oplocks support rather + than this parameter. + + If you enable this option on all read-only shares or + shares that you know will only be accessed from one client at a + time such as physically read-only media like CDROMs, you will see + a big performance improvement on many operations. If you enable + this option on shares where multiple clients may be accessing the + files read-write at the same time you can get data corruption. Use + this option carefully! + + Default: fake oplocks = no + + + + + + follow symlinks (S) + This parameter allows the Samba administrator + to stop smbd(8) + from following symbolic links in a particular share. Setting this + parameter to no prevents any file or directory + that is a symbolic link from being followed (the user will get an + error). This option is very useful to stop users from adding a + symbolic link to /etc/passwd in their home + directory for instance. However it will slow filename lookups + down slightly. + + This option is enabled (i.e. smbd will + follow symbolic links) by default. + + Default: follow symlinks = yes + + + + + + force create mode (S) + This parameter specifies a set of UNIX mode bit + permissions that will always be set on a + file created by Samba. This is done by bitwise 'OR'ing these bits onto + the mode bits of a file that is being created or having its + permissions changed. The default for this parameter is (in octal) + 000. The modes in this parameter are bitwise 'OR'ed onto the file + mode after the mask set in the create mask + parameter is applied. + + See also the parameter create + mask for details on masking mode bits on files. + + See also the inherit + permissions parameter. + + Default: force create mode = 000 + Example: force create mode = 0755 + + would force all created files to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'. + + + + + + + force directory mode (S) + This parameter specifies a set of UNIX mode bit + permissions that will always be set on a directory + created by Samba. This is done by bitwise 'OR'ing these bits onto the + mode bits of a directory that is being created. The default for this + parameter is (in octal) 0000 which will not add any extra permission + bits to a created directory. This operation is done after the mode + mask in the parameter directory mask is + applied. + + See also the parameter + directory mask for details on masking mode bits + on created directories. + + See also the + inherit permissions parameter. + + Default: force directory mode = 000 + Example: force directory mode = 0755 + + would force all created directories to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'. + + + + + + + force directory + security mode (S) + This parameter controls what UNIX permission bits + can be modified when a Windows NT client is manipulating the UNIX + permission on a directory using the native NT security dialog box. + + This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a directory, the user has always set to be 'on'. + + If not set explicitly this parameter is 000, which + allows a user to modify all the user/group/world permissions on a + directory without restrictions. + + Note that users who can access the + Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + it set as 0000. + + See also the + directory security mask, + security mask, + force security mode + parameters. + + Default: force directory security mode = 0 + Example: force directory security mode = 700 + + + + + + + + force group (S) + This specifies a UNIX group name that will be + assigned as the default primary group for all users connecting + to this service. This is useful for sharing files by ensuring + that all access to files on service will use the named group for + their permissions checking. Thus, by assigning permissions for this + group to the files and directories within this service the Samba + administrator can restrict or allow sharing of these files. + + In Samba 2.0.5 and above this parameter has extended + functionality in the following way. If the group name listed here + has a '+' character prepended to it then the current user accessing + the share only has the primary group default assigned to this group + if they are already assigned as a member of that group. This allows + an administrator to decide that only users who are already in a + particular group will create files with group ownership set to that + group. This gives a finer granularity of ownership assignment. For + example, the setting force group = +sys means + that only users who are already in group sys will have their default + primary group assigned to sys when accessing this Samba share. All + other users will retain their ordinary primary group. + + If the force user + parameter is also set the group specified in + force group will override the primary group + set in force user. + + See also force + user. + + Default: no forced group + Example: force group = agroup + + + + + + + force security mode (S) + This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security dialog + box. + + This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a file, the user has always set to be 'on'. + + If not set explicitly this parameter is set to 0, + and allows a user to modify all the user/group/world permissions on a file, + with no restrictions. + + Note that users who can access + the Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + this set to 0000. + + See also the + force directory security mode, + directory security + mask, + security mask parameters. + + Default: force security mode = 0 + Example: force security mode = 700 + + + + + + + force user (S) + This specifies a UNIX user name that will be + assigned as the default user for all users connecting to this service. + This is useful for sharing files. You should also use it carefully + as using it incorrectly can cause security problems. + + This user name only gets used once a connection is established. + Thus clients still need to connect as a valid user and supply a + valid password. Once connected, all file operations will be performed + as the "forced user", no matter what username the client connected + as. This can be very useful. + + In Samba 2.0.5 and above this parameter also causes the + primary group of the forced user to be used as the primary group + for all file activity. Prior to 2.0.5 the primary group was left + as the primary group of the connecting user (this was a bug). + + See also force group + + + Default: no forced user + Example: force user = auser + + + + + + + fstype (S) + This parameter allows the administrator to + configure the string that specifies the type of filesystem a share + is using that is reported by smbd(8) + when a client queries the filesystem type + for a share. The default type is NTFS for + compatibility with Windows NT but this can be changed to other + strings such as Samba or FAT + if required. + + Default: fstype = NTFS + Example: fstype = Samba + + + + + + getwd cache (G) + This is a tuning option. When this is enabled a + caching algorithm will be used to reduce the time taken for getwd() + calls. This can have a significant impact on performance, especially + when the wide links + parameter is set to false. + + Default: getwd cache = yes + + + + + + + group (S) + Synonym for force + group. + + + + + + guest account (S) + This is a username which will be used for access + to services which are specified as + guest ok (see below). Whatever privileges this + user has will be available to any client connecting to the guest service. + Typically this user will exist in the password file, but will not + have a valid login. The user account "ftp" is often a good choice + for this parameter. If a username is specified in a given service, + the specified username overrides this one. + + One some systems the default guest account "nobody" may not + be able to print. Use another account in this case. You should test + this by trying to log in as your guest user (perhaps by using the + su - command) and trying to print using the + system print command such as lpr(1) or + lp(1). + + Default: specified at compile time, usually + "nobody" + + Example: guest account = ftp + + + + + + guest ok (S) + If this parameter is yes for + a service, then no password is required to connect to the service. + Privileges will be those of the + guest account. + + See the section below on + security for more information about this option. + + + Default: guest ok = no + + + + + + guest only (S) + If this parameter is yes for + a service, then only guest connections to the service are permitted. + This parameter will have no effect if + guest ok is not set for the service. + + See the section below on + security for more information about this option. + + + Default: guest only = no + + + + + + hide dot files (S) + This is a boolean parameter that controls whether + files starting with a dot appear as hidden files. + + Default: hide dot files = yes + + + + + + hide files(S) + This is a list of files or directories that are not + visible but are accessible. The DOS 'hidden' attribute is applied + to any files or directories that match. + + Each entry in the list must be separated by a '/', + which allows spaces to be included in the entry. '*' + and '?' can be used to specify multiple files or directories + as in DOS wildcards. + + Each entry must be a Unix path, not a DOS path and must + not include the Unix directory separator '/'. + + Note that the case sensitivity option is applicable + in hiding files. + + Setting this parameter will affect the performance of Samba, + as it will be forced to check all files and directories for a match + as they are scanned. + + See also hide + dot files, + veto files and + case sensitive. + + Default: no file are hidden + Example: hide files = + /.*/DesktopFolderDB/TrashFor%m/resource.frk/ + + The above example is based on files that the Macintosh + SMB client (DAVE) available from + Thursby creates for internal use, and also still hides + all files beginning with a dot. + + + + + + hide local users(G) + This parameter toggles the hiding of local UNIX + users (root, wheel, floppy, etc) from remote clients. + + Default: hide local users = no + + + + + + hide unreadable (S) + This parameter prevents clients from seeing the + existance of files that cannot be read. Defaults to off. + + Default: hide unreadable = no + + + + + + homedir map (G) + Ifnis homedir + is true, and smbd(8) is also acting + as a Win95/98 logon server then this parameter + specifies the NIS (or YP) map from which the server for the user's + home directory should be extracted. At present, only the Sun + auto.home map format is understood. The form of the map is: + + username server:/some/file/system + + and the program will extract the servername from before + the first ':'. There should probably be a better parsing system + that copes with different map formats and also Amd (another + automounter) maps. + + NOTE :A working NIS client is required on + the system for this option to work. + + See also nis homedir + , domain logons + . + + Default: homedir map = <empty string> + Example: homedir map = amd.homedir + + + + + + + + + host msdfs (G) + This boolean parameter is only available + if Samba has been configured and compiled with the + --with-msdfs option. If set to yes, + Samba will act as a Dfs server, and allow Dfs-aware clients + to browse Dfs trees hosted on the server. + + See also the + msdfs root share level parameter. For + more information on setting up a Dfs tree on Samba, + refer to msdfs_setup.html. + + + Default: host msdfs = no + + + + + + hosts allow (S) + A synonym for this parameter is allow + hosts. + + This parameter is a comma, space, or tab delimited + set of hosts which are permitted to access a service. + + If specified in the [global] section then it will + apply to all services, regardless of whether the individual + service has a different setting. + + You can specify the hosts by name or IP number. For + example, you could restrict access to only the hosts on a + Class C subnet with something like allow hosts = 150.203.5. + . The full syntax of the list is described in the man + page hosts_access(5). Note that this man + page may not be present on your system, so a brief description will + be given here also. + + Note that the localhost address 127.0.0.1 will always + be allowed access unless specifically denied by a hosts deny option. + + You can also specify hosts by network/netmask pairs and + by netgroup names if your system supports netgroups. The + EXCEPT keyword can also be used to limit a + wildcard list. The following examples may provide some help: + + Example 1: allow all IPs in 150.203.*.*; except one + + hosts allow = 150.203. EXCEPT 150.203.6.66 + + Example 2: allow hosts that match the given network/netmask + + hosts allow = 150.203.15.0/255.255.255.0 + + Example 3: allow a couple of hosts + + hosts allow = lapland, arvidsjaur + + Example 4: allow only hosts in NIS netgroup "foonet", but + deny access from one particular host + + hosts allow = @foonet + + hosts deny = pirate + + Note that access still requires suitable user-level passwords. + + See testparm(1) + for a way of testing your host access to see if it does + what you expect. + + Default: none (i.e., all hosts permitted access) + + + Example: allow hosts = 150.203.5. myhost.mynet.edu.au + + + + + + + + hosts deny (S) + The opposite of hosts allow + - hosts listed here are NOT permitted access to + services unless the specific services have their own lists to override + this one. Where the lists conflict, the allow + list takes precedence. + + Default: none (i.e., no hosts specifically excluded) + + + Example: hosts deny = 150.203.4. badhost.mynet.edu.au + + + + + + + hosts equiv (G) + If this global parameter is a non-null string, + it specifies the name of a file to read for the names of hosts + and users who will be allowed access without specifying a password. + + + This is not be confused with + hosts allow which is about hosts + access to services and is more useful for guest services. + hosts equiv may be useful for NT clients which will + not supply passwords to Samba. + + NOTE : The use of hosts equiv + can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the + hosts equiv option be only used if you really + know what you are doing, or perhaps on a home network where you trust + your spouse and kids. And only if you really trust + them :-). + + Default: no host equivalences + Example: hosts equiv = /etc/hosts.equiv + + + + + + + include (G) + This allows you to include one config file + inside another. The file is included literally, as though typed + in place. + + It takes the standard substitutions, except %u + , %P and %S. + + + Default: no file included + Example: include = /usr/local/samba/lib/admin_smb.conf + + + + + + + inherit permissions (S) + The permissions on new files and directories + are normally governed by + create mask, + directory mask, force create mode + and force + directory mode but the boolean inherit + permissions parameter overrides this. + + New directories inherit the mode of the parent directory, + including bits such as setgid. + + New files inherit their read/write bits from the parent + directory. Their execute bits continue to be determined by + map archive + , map hidden + and map system + as usual. + + Note that the setuid bit is never set via + inheritance (the code explicitly prohibits this). + + This can be particularly useful on large systems with + many users, perhaps several thousand, to allow a single [homes] + share to be used flexibly by each user. + + See also create mask + , + directory mask, + force create mode and force directory mode + . + + Default: inherit permissions = no + + + + + + + interfaces (G) + This option allows you to override the default + network interfaces list that Samba will use for browsing, name + registration and other NBT traffic. By default Samba will query + the kernel for the list of all active interfaces and use any + interfaces except 127.0.0.1 that are broadcast capable. + + The option takes a list of interface strings. Each string + can be in any of the following forms: + + + a network interface name (such as eth0). + This may include shell-like wildcards so eth* will match + any interface starting with the substring "eth" + + an IP address. In this case the netmask is + determined from the list of interfaces obtained from the + kernel + + an IP/mask pair. + + a broadcast/mask pair. + + + The "mask" parameters can either be a bit length (such + as 24 for a C class network) or a full netmask in dotted + decimal form. + + The "IP" parameters above can either be a full dotted + decimal IP address or a hostname which will be looked up via + the OS's normal hostname resolution mechanisms. + + For example, the following line: + + interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 + + + would configure three network interfaces corresponding + to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. + The netmasks of the latter two interfaces would be set to 255.255.255.0. + + See also bind + interfaces only. + + Default: all active interfaces except 127.0.0.1 + that are broadcast capable + + + + + + + invalid users (S) + This is a list of users that should not be allowed + to login to this service. This is really a paranoid + check to absolutely ensure an improper setting does not breach + your security. + + A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then as a UNIX + group if the name was not found in the NIS netgroup database. + + A name starting with '+' is interpreted only + by looking in the UNIX group database. A name starting with + '&' is interpreted only by looking in the NIS netgroup database + (this requires NIS to be working on your system). The characters + '+' and '&' may be used at the start of the name in either order + so the value +&group means check the + UNIX group database, followed by the NIS netgroup database, and + the value &+group means check the NIS + netgroup database, followed by the UNIX group database (the + same as the '@' prefix). + + The current servicename is substituted for %S. + This is useful in the [homes] section. + + See also valid users + . + + Default: no invalid users + Example: invalid users = root fred admin @wheel + + + + + + + + keepalive (G) + The value of the parameter (an integer) represents + the number of seconds between keepalive + packets. If this parameter is zero, no keepalive packets will be + sent. Keepalive packets, if sent, allow the server to tell whether + a client is still present and responding. + + Keepalives should, in general, not be needed if the socket + being used has the SO_KEEPALIVE attribute set on it (see socket options). + Basically you should only use this option if you strike difficulties. + + Default: keepalive = 300 + Example: keepalive = 600 + + + + + + + kernel oplocks (G) + For UNIXes that support kernel based oplocks + (currently only IRIX and the Linux 2.4 kernel), this parameter + allows the use of them to be turned on or off. + + Kernel oplocks support allows Samba oplocks + to be broken whenever a local UNIX process or NFS operation + accesses a file that smbd(8) + has oplocked. This allows complete data consistency between + SMB/CIFS, NFS and local file access (and is a very + cool feature :-). + + This parameter defaults to on, but is translated + to a no-op on systems that no not have the necessary kernel support. + You should never need to touch this parameter. + + See also the oplocks + and level2 oplocks + parameters. + + Default: kernel oplocks = yes + + + + + + + + lanman auth (G) + This parameter determines whether or not smbd will + attempt to authenticate users using the LANMAN password hash. + If disabled, only clients which support NT password hashes (e.g. Windows + NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS + network client) will be able to connect to the Samba host. + + Default : lanman auth = yes + + + + + + + + + large readwrite (G) + This parameter determines whether or not smbd + supports the new 64k streaming read and write varient SMB requests introduced + with Windows 2000. Note that due to Windows 2000 client redirector bugs + this requires Samba to be running on a 64-bit capable operating system such + as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with + Windows 2000 clients. Defaults to on. Not as tested as some other Samba + code paths. + + + Default : large readwrite = yes + + + + + + + ldap admin dn (G) + This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. + + + + The ldap admin dn defines the Distinguished + Name (DN) name used by Samba to contact the ldap + server when retreiving user account information. The ldap + admin dn is used in conjunction with the admin dn password + stored in the private/secrets.tdb file. See the + smbpasswd(8) man + page for more information on how to accmplish this. + + + + Default : none + + + + + + + + ldap filter (G) + This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. + + + + This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the uid + attribute for all entries matching the sambaAccount + objectclass. Note that this filter should only return one entry. + + + + Default : ldap filter = (&(uid=%u)(objectclass=sambaAccount)) + + + + + + + + ldap port (G) + This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. + + + + This option is used to control the tcp port number used to contact + the ldap server. + The default is to use the stand LDAPS port 636. + + + See Also: ldap ssl + + + Default : ldap port = 636 + + + + + + + + ldap server (G) + This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. + + + + This parameter should contains the FQDN of the ldap directory + server which should be queried to locate user account information. + + + + + Default : ldap server = localhost + + + + + + + + ldap ssl (G) + This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. + + + + This option is used to define whether or not Samba should + use SSL when connecting to the ldap + server. This is NOT related to + Samba SSL support which is enabled by specifying the + --with-ssl option to the configure + script (see ssl). + + + + The ldap ssl can be set to one of three values: + (a) on - Always use SSL when contacting the + ldap server, (b) off - + Never use SSL when querying the directory, or (c) start_tls + - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. + + + + Default : ldap ssl = on + + + + + + + + ldap suffix (G) + This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. + + + + + Default : none + + + + + + + + + + + level2 oplocks (S) + This parameter controls whether Samba supports + level2 (read-only) oplocks on a share. + + Level2, or read-only oplocks allow Windows NT clients + that have an oplock on a file to downgrade from a read-write oplock + to a read-only oplock once a second client opens the file (instead + of releasing all oplocks on a second open, as in traditional, + exclusive oplocks). This allows all openers of the file that + support level2 oplocks to cache the file for read-ahead only (ie. + they may not cache writes or lock requests) and increases performance + for many accesses of files that are not commonly written (such as + application .EXE files). + + Once one of the clients which have a read-only oplock + writes to the file all clients are notified (no reply is needed + or waited for) and told to break their oplocks to "none" and + delete any read-ahead caches. + + It is recommended that this parameter be turned on + to speed access to shared executables. + + For more discussions on level2 oplocks see the CIFS spec. + + Currently, if kernel + oplocks are supported then level2 oplocks are + not granted (even if this parameter is set to yes). + Note also, the oplocks + parameter must be set to true on this share in order for + this parameter to have any effect. + + See also the oplocks + and kernel oplocks + parameters. + + Default: level2 oplocks = yes + + + + + + + + + lm announce (G) + This parameter determines if + nmbd(8) will produce Lanman announce + broadcasts that are needed by OS/2 clients in order for them to see + the Samba server in their browse list. This parameter can have three + values, true, false, or + auto. The default is auto. + If set to false Samba will never produce these + broadcasts. If set to true Samba will produce + Lanman announce broadcasts at a frequency set by the parameter + lm interval. If set to auto + Samba will not send Lanman announce broadcasts by default but will + listen for them. If it hears such a broadcast on the wire it will + then start sending them at a frequency set by the parameter + lm interval. + + See also lm interval + . + + Default: lm announce = auto + Example: lm announce = yes + + + + + + + lm interval (G) + If Samba is set to produce Lanman announce + broadcasts needed by OS/2 clients (see the + lm announce parameter) then this + parameter defines the frequency in seconds with which they will be + made. If this is set to zero then no Lanman announcements will be + made despite the setting of the lm announce + parameter. + + See also lm + announce. + + Default: lm interval = 60 + Example: lm interval = 120 + + + + + + + load printers (G) + A boolean variable that controls whether all + printers in the printcap will be loaded for browsing by default. + See the printers section for + more details. + + Default: load printers = yes + + + + + + + local master (G) + This option allows + nmbd(8) to try and become a local master browser + on a subnet. If set to false then + nmbd will not attempt to become a local master browser + on a subnet and will also lose in all browsing elections. By + default this value is set to true. Setting this value to true doesn't + mean that Samba will become the local master + browser on a subnet, just that nmbd will + participate in elections for local master browser. + + Setting this value to false will cause nmbd + never to become a local master browser. + + Default: local master = yes + + + + + + + lock dir (G) + Synonym for + lock directory. + + + + + + lock directory (G) + This option specifies the directory where lock + files will be placed. The lock files are used to implement the + max connections + option. + + Default: lock directory = ${prefix}/var/locks + Example: lock directory = /var/run/samba/locks + + + + + + + locking (S) + This controls whether or not locking will be + performed by the server in response to lock requests from the + client. + + If locking = no, all lock and unlock + requests will appear to succeed and all lock queries will report + that the file in question is available for locking. + + If locking = yes, real locking will be performed + by the server. + + This option may be useful for read-only + filesystems which may not need locking (such as + CDROM drives), although setting this parameter of no + is not really recommended even in this case. + + Be careful about disabling locking either globally or in a + specific service, as lack of locking may result in data corruption. + You should never need to set this parameter. + + Default: locking = yes + + + + + + + log file (G) + This option allows you to override the name + of the Samba log file (also known as the debug file). + + This option takes the standard substitutions, allowing + you to have separate log files for each user or machine. + + Example: log file = /usr/local/samba/var/log.%m + + + + + + + log level (G) + The value of the parameter (an integer) allows + the debug level (logging level) to be specified in the + smb.conf file. This is to give greater + flexibility in the configuration of the system. + + The default will be the log level specified on + the command line or level zero if none was specified. + + Example: log level = 3 + + + + + + logon drive (G) + This parameter specifies the local path to + which the home directory will be connected (see logon home) + and is only used by NT Workstations. + + Note that this option is only useful if Samba is set up as a + logon server. + + Default: logon drive = z: + Example: logon drive = h: + + + + + + + logon home (G) + This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do + + C:\> NET USE H: /HOME + + + from a command prompt, for example. + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine. + + This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way: + + logon home = \\%N\%U\profile + + This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does net use /home + but use the whole string when dealing with profiles. + + Note that in prior versions of Samba, the + logon path was returned rather than + logon home. This broke net use + /home but allowed profiles outside the home directory. + The current implementation is correct, and can be used for + profiles if you use the above trick. + + This option is only useful if Samba is set up as a logon + server. + + Default: logon home = "\\%N\%U" + Example: logon home = "\\remote_smb_server\%U" + + + + + + logon path (G) + This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the + logon home parameter. + + This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (desktop, start menu, + network neighborhood, programs + and other folders, and their contents, are loaded and displayed on + your Windows NT client. + + The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories. + + Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a MANdatory + profile). + + Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems). + + This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine. + + Note that this option is only useful if Samba is set up + as a logon server. + + Default: logon path = \\%N\%U\profile + Example: logon path = \\PROFILESERVER\PROFILE\%U + + + + + + + logon script (G) + This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended. + + The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a + path of /usr/local/samba/netlogon + , and logon script = STARTUP.BAT, then + the file that will be downloaded is: + + /usr/local/samba/netlogon/STARTUP.BAT + + The contents of the batch file are entirely your choice. A + suggested command would be to add NET TIME \\SERVER /SET + /YES, to force every machine to synchronize clocks with + the same time server. Another use would be to add NET USE + U: \\SERVER\UTILS for commonly used utilities, or + NET USE Q: \\SERVER\ISO9001_QA for example. + + Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached. + + This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. + + This option is only useful if Samba is set up as a logon + server. + + Default: no logon script defined + Example: logon script = scripts\%U.bat + + + + + + + lppause command (S) + This parameter specifies the command to be + executed on the server host in order to stop printing or spooling + a specific print job. + + This command should be a program or script which takes + a printer name and job number to pause the print job. One way + of implementing this is by using job priorities, where jobs + having a too low priority won't be sent to the printer. + + If a %p is given then the printer name + is put in its place. A %j is replaced with + the job number (an integer). On HPUX (see printing=hpux + ), if the -p%p option is added + to the lpq command, the job will show up with the correct status, i.e. + if the job priority is lower than the set fence priority it will + have the PAUSED status, whereas if the priority is equal or higher it + will have the SPOOLED or PRINTING status. + + Note that it is good practice to include the absolute path + in the lppause command as the PATH may not be available to the server. + + See also the printing + parameter. + + Default: Currently no default value is given to + this string, unless the value of the printing + parameter is SYSV, in which case the default is : + + lp -i %p-%j -H hold + + or if the value of the printing parameter + is SOFTQ, then the default is: + + qstat -s -j%j -h + + Example for HPUX: lppause command = /usr/bin/lpalt + %p-%j -p0 + + + + + + + lpq cache time (G) + This controls how long lpq info will be cached + for to prevent the lpq command being called too + often. A separate cache is kept for each variation of the + lpq command used by the system, so if you use different + lpq commands for different users then they won't + share cache information. + + The cache files are stored in /tmp/lpq.xxxx + where xxxx is a hash of the lpq command in use. + + The default is 10 seconds, meaning that the cached results + of a previous identical lpq command will be used + if the cached data is less than 10 seconds old. A large value may + be advisable if your lpq command is very slow. + + A value of 0 will disable caching completely. + + See also the printing + parameter. + + Default: lpq cache time = 10 + Example: lpq cache time = 30 + + + + + + + lpq command (S) + This parameter specifies the command to be + executed on the server host in order to obtain lpq + -style printer status information. + + This command should be a program or script which + takes a printer name as its only parameter and outputs printer + status information. + + Currently eight styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. + This covers most UNIX systems. You control which type is expected + using the printing = option. + + Some clients (notably Windows for Workgroups) may not + correctly send the connection number for the printer they are + requesting status information about. To get around this, the + server reports on the first printer service connected to by the + client. This only happens if the connection number sent is invalid. + + If a %p is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command. + + Note that it is good practice to include the absolute path + in the lpq command as the $PATH + may not be available to the server. + + See also the printing + parameter. + + Default: depends on the setting of + printing + + Example: lpq command = /usr/bin/lpq -P%p + + + + + + + lpresume command (S) + This parameter specifies the command to be + executed on the server host in order to restart or continue + printing or spooling a specific print job. + + This command should be a program or script which takes + a printer name and job number to resume the print job. See + also the lppause command + parameter. + + If a %p is given then the printer name + is put in its place. A %j is replaced with + the job number (an integer). + + Note that it is good practice to include the absolute path + in the lpresume command as the PATH may not + be available to the server. + + See also the printing + parameter. + + Default: Currently no default value is given + to this string, unless the value of the printing + parameter is SYSV, in which case the default is : + + lp -i %p-%j -H resume + + or if the value of the printing parameter + is SOFTQ, then the default is: + + qstat -s -j%j -r + + Example for HPUX: lpresume command = /usr/bin/lpalt + %p-%j -p2 + + + + + + + lprm command (S) + This parameter specifies the command to be + executed on the server host in order to delete a print job. + + This command should be a program or script which takes + a printer name and job number, and deletes the print job. + + If a %p is given then the printer name + is put in its place. A %j is replaced with + the job number (an integer). + + Note that it is good practice to include the absolute + path in the lprm command as the PATH may not be + available to the server. + + See also the printing + parameter. + + Default: depends on the setting of printing + + + Example 1: lprm command = /usr/bin/lprm -P%p %j + + Example 2: lprm command = /usr/bin/cancel %p-%j + + + + + + + machine password timeout (G) + If a Samba server is a member of a Windows + NT Domain (see the security = domain) + parameter) then periodically a running + smbd(8) process will try and change the MACHINE ACCOUNT + PASSWORD stored in the TDB called private/secrets.tdb + . This parameter specifies how often this password + will be changed, in seconds. The default is one week (expressed in + seconds), the same as a Windows NT Domain member server. + + See also smbpasswd(8) + , and the + security = domain) parameter. + + Default: machine password timeout = 604800 + + + + + + magic output (S) + This parameter specifies the name of a file + which will contain output created by a magic script (see the + magic script + parameter below). + + Warning: If two clients use the same magic script + in the same directory the output file content + is undefined. + + Default: magic output = <magic script name>.out + + + Example: magic output = myfile.txt + + + + + + + magic script (S) + This parameter specifies the name of a file which, + if opened, will be executed by the server when the file is closed. + This allows a UNIX script to be sent to the Samba host and + executed on behalf of the connected user. + + Scripts executed in this way will be deleted upon + completion assuming that the user has the appropriate level + of privilege and the file permissions allow the deletion. + + If the script generates output, output will be sent to + the file specified by the + magic output parameter (see above). + + Note that some shells are unable to interpret scripts + containing CR/LF instead of CR as + the end-of-line marker. Magic scripts must be executable + as is on the host, which for some hosts and + some shells will require filtering at the DOS end. + + Magic scripts are EXPERIMENTAL and + should NOT be relied upon. + + Default: None. Magic scripts disabled. + Example: magic script = user.csh + + + + + + + mangle case (S) + See the section on + NAME MANGLING + + Default: mangle case = no + + + + + + mangled map (S) + This is for those who want to directly map UNIX + file names which cannot be represented on Windows/DOS. The mangling + of names is not always what is needed. In particular you may have + documents with file extensions that differ between DOS and UNIX. + For example, under UNIX it is common to use .html + for HTML files, whereas under Windows/DOS .htm + is more commonly used. + + So to map html to htm + you would use: + + mangled map = (*.html *.htm) + + One very useful case is to remove the annoying ;1 + off the ends of filenames on some CDROMs (only visible + under some UNIXes). To do this use a map of (*;1 *;). + + Default: no mangled map + Example: mangled map = (*;1 *;) + + + + + + mangled names (S) + This controls whether non-DOS names under UNIX + should be mapped to DOS-compatible names ("mangled") and made visible, + or whether non-DOS names should simply be ignored. + + See the section on + NAME MANGLING for details on how to control the mangling process. + + If mangling is used then the mangling algorithm is as follows: + + + The first (up to) five alphanumeric characters + before the rightmost dot of the filename are preserved, forced + to upper case, and appear as the first (up to) five characters + of the mangled name. + + A tilde "~" is appended to the first part of the mangled + name, followed by a two-character unique sequence, based on the + original root name (i.e., the original filename minus its final + extension). The final extension is included in the hash calculation + only if it contains any upper case characters or is longer than three + characters. + + Note that the character to use may be specified using + the mangling char + option, if you don't like '~'. + + The first three alphanumeric characters of the final + extension are preserved, forced to upper case and appear as the + extension of the mangled name. The final extension is defined as that + part of the original filename after the rightmost dot. If there are no + dots in the filename, the mangled name will have no extension (except + in the case of "hidden files" - see below). + + Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will be created as + for other filenames, but with the leading dot removed and "___" as + its extension regardless of actual original extension (that's three + underscores). + + + The two-digit hash value consists of upper case + alphanumeric characters. + + This algorithm can cause name collisions only if files + in a directory share the same first five alphanumeric characters. + The probability of such a clash is 1/1300. + + The name mangling (if enabled) allows a file to be + copied between UNIX directories from Windows/DOS while retaining + the long UNIX filename. UNIX files can be renamed to a new extension + from Windows/DOS and will retain the same basename. Mangled names + do not change between sessions. + + Default: mangled names = yes + + + + + + + mangled stack (G) + This parameter controls the number of mangled names + that should be cached in the Samba server + smbd(8). + + This stack is a list of recently mangled base names + (extensions are only maintained if they are longer than 3 characters + or contains upper case characters). + + The larger this value, the more likely it is that mangled + names can be successfully converted to correct long UNIX names. + However, large stack sizes will slow most directory accesses. Smaller + stacks save memory in the server (each stack element costs 256 bytes). + + + It is not possible to absolutely guarantee correct long + filenames, so be prepared for some surprises! + + Default: mangled stack = 50 + Example: mangled stack = 100 + + + + + + + + mangling char (S) + This controls what character is used as + the magic character in name mangling. The default is a '~' + but this may interfere with some software. Use this option to set + it to whatever you prefer. + + Default: mangling char = ~ + Example: mangling char = ^ + + + + + + + + + map archive (S) + This controls whether the DOS archive attribute + should be mapped to the UNIX owner execute bit. The DOS archive bit + is set when a file has been modified since its last backup. One + motivation for this option it to keep Samba/your PC from making + any file it touches from becoming executable under UNIX. This can + be quite annoying for shared source code, documents, etc... + + Note that this requires the create mask + parameter to be set such that owner execute bit is not masked out + (i.e. it must include 100). See the parameter + create mask for details. + + Default: map archive = yes + + + + + + + map hidden (S) + This controls whether DOS style hidden files + should be mapped to the UNIX world execute bit. + + Note that this requires the create mask + to be set such that the world execute bit is not masked out (i.e. + it must include 001). See the parameter + create mask for details. + + Default: map hidden = no + + + + + + map system (S) + This controls whether DOS style system files + should be mapped to the UNIX group execute bit. + + Note that this requires the create mask + to be set such that the group execute bit is not masked out (i.e. + it must include 010). See the parameter + create mask for details. + + Default: map system = no + + + + + + map to guest (G) + This parameter is only useful in + security modes other than security = share + - i.e. user, server, + and domain. + + This parameter can take three different values, which tell + smbd(8) what to do with user + login requests that don't match a valid UNIX user in some way. + + The three settings are : + + + Never - Means user login + requests with an invalid password are rejected. This is the + default. + + Bad User - Means user + logins with an invalid password are rejected, unless the username + does not exist, in which case it is treated as a guest login and + mapped into the + guest account. + + Bad Password - Means user logins + with an invalid password are treated as a guest login and mapped + into the guest account. Note that + this can cause problems as it means that any user incorrectly typing + their password will be silently logged on as "guest" - and + will not know the reason they cannot access files they think + they should - there will have been no message given to them + that they got their password wrong. Helpdesk services will + hate you if you set the map to + guest parameter this way :-). + + + Note that this parameter is needed to set up "Guest" + share services when using security modes other than + share. This is because in these modes the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client so the server + cannot make authentication decisions at the correct time (connection + to the share) for "Guest" shares. + + For people familiar with the older Samba releases, this + parameter maps to the old compile-time setting of the + GUEST_SESSSETUP value in local.h. + + Default: map to guest = Never + Example: map to guest = Bad User + + + + + + + max connections (S) + This option allows the number of simultaneous + connections to a service to be limited. If max connections + is greater than 0 then connections will be refused if + this number of connections to the service are already open. A value + of zero mean an unlimited number of connections may be made. + + Record lock files are used to implement this feature. The + lock files will be stored in the directory specified by the lock directory + option. + + Default: max connections = 0 + Example: max connections = 10 + + + + + + + max disk size (G) + This option allows you to put an upper limit + on the apparent size of disks. If you set this option to 100 + then all shares will appear to be not larger than 100 MB in + size. + + Note that this option does not limit the amount of + data you can put on the disk. In the above case you could still + store much more than 100 MB on the disk, but if a client ever asks + for the amount of free disk space or the total disk size then the + result will be bounded by the amount specified in max + disk size. + + This option is primarily useful to work around bugs + in some pieces of software that can't handle very large disks, + particularly disks over 1GB in size. + + A max disk size of 0 means no limit. + + Default: max disk size = 0 + Example: max disk size = 1000 + + + + + + + max log size (G) + This option (an integer in kilobytes) specifies + the max size the log file should grow to. Samba periodically checks + the size and if it is exceeded it will rename the file, adding + a .old extension. + + A size of 0 means no limit. + + Default: max log size = 5000 + Example: max log size = 1000 + + + + + + + max mux (G) + This option controls the maximum number of + outstanding simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this parameter. + + Default: max mux = 50 + + + + + + + max open files (G) + This parameter limits the maximum number of + open files that one smbd(8) file + serving process may have open for a client at any one time. The + default for this parameter is set very high (10,000) as Samba uses + only one bit per unopened file. + + The limit of the number of open files is usually set + by the UNIX per-process file descriptor limit rather than + this parameter so you should never need to touch this parameter. + + Default: max open files = 10000 + + + + + + + max print jobs (S) + This parameter limits the maximum number of + jobs allowable in a Samba printer queue at any given moment. + If this number is exceeded, + smbd(8) will remote "Out of Space" to the client. + See all total + print jobs. + + + Default: max print jobs = 1000 + Example: max print jobs = 5000 + + + + + + max protocol (G) + The value of the parameter (a string) is the highest + protocol level that will be supported by the server. + + Possible values are : + + CORE: Earliest version. No + concept of user names. + + COREPLUS: Slight improvements on + CORE for efficiency. + + LANMAN1: First + modern version of the protocol. Long filename + support. + + LANMAN2: Updates to Lanman1 protocol. + + + NT1: Current up to date version of + the protocol. Used by Windows NT. Known as CIFS. + + + Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol. + + See also min + protocol + + Default: max protocol = NT1 + Example: max protocol = LANMAN1 + + + + + + + max smbd processes (G) + This parameter limits the maximum number of + smbd(8) + processes concurrently running on a system and is intended + as a stopgap to prevent degrading service to clients in the event + that the server has insufficient resources to handle more than this + number of connections. Remember that under normal operating + conditions, each user will have an smbd associated with him or her + to handle connections to all shares from a given host. + + + Default: max smbd processes = 0 ## no limit + Example: max smbd processes = 1000 + + + + + + + + max ttl (G) + This option tells nmbd(8) + what the default 'time to live' of NetBIOS names should be (in seconds) + when nmbd is requesting a name using either a + broadcast packet or from a WINS server. You should never need to + change this parameter. The default is 3 days. + + Default: max ttl = 259200 + + + + + + + max wins ttl (G) + This option tells nmbd(8) + when acting as a WINS server ( + wins support = yes) what the maximum + 'time to live' of NetBIOS names that nmbd + will grant will be (in seconds). You should never need to change this + parameter. The default is 6 days (518400 seconds). + + See also the min + wins ttl parameter. + + Default: max wins ttl = 518400 + + + + + + + max xmit (G) + This option controls the maximum packet size + that will be negotiated by Samba. The default is 65535, which + is the maximum. In some cases you may find you get better performance + with a smaller value. A value below 2048 is likely to cause problems. + + + Default: max xmit = 65535 + Example: max xmit = 8192 + + + + + + + message command (G) + This specifies what command to run when the + server receives a WinPopup style message. + + This would normally be a command that would + deliver the message somehow. How this is to be done is + up to your imagination. + + An example is: + + message command = csh -c 'xedit %s;rm %s' & + + + This delivers the message using xedit, then + removes it afterwards. NOTE THAT IT IS VERY IMPORTANT + THAT THIS COMMAND RETURN IMMEDIATELY. That's why I + have the '&' on the end. If it doesn't return immediately then + your PCs may freeze when sending messages (they should recover + after 30 seconds, hopefully). + + All messages are delivered as the global guest user. + The command takes the standard substitutions, although + %u won't work (%U may be better + in this case). + + Apart from the standard substitutions, some additional + ones apply. In particular: + + + %s = the filename containing + the message. + + %t = the destination that + the message was sent to (probably the server name). + + %f = who the message + is from. + + + You could make this command send mail, or whatever else + takes your fancy. Please let us know of any really interesting + ideas you have. + + + Here's a way of sending the messages as mail to root: + + message command = /bin/mail -s 'message from %f on + %m' root < %s; rm %s + + If you don't have a message command then the message + won't be delivered and Samba will tell the sender there was + an error. Unfortunately WfWg totally ignores the error code + and carries on regardless, saying that the message was delivered. + + + If you want to silently delete it then try: + + message command = rm %s + + Default: no message command + Example: message command = csh -c 'xedit %s; + rm %s' & + + + + + + + + min passwd length (G) + Synonym for + min password length. + + + + + + + min password length (G) + This option sets the minimum length in characters + of a plaintext password that smbd will accept when performing + UNIX password changing. + + See also unix + password sync, + passwd program and passwd chat debug + . + + Default: min password length = 5 + + + + + + + min print space (S) + This sets the minimum amount of free disk + space that must be available before a user will be able to spool + a print job. It is specified in kilobytes. The default is 0, which + means a user can always spool a print job. + + See also the printing + parameter. + + Default: min print space = 0 + Example: min print space = 2000 + + + + + + + + min protocol (G) + The value of the parameter (a string) is the + lowest SMB protocol dialect than Samba will support. Please refer + to the max protocol + parameter for a list of valid protocol names and a brief description + of each. You may also wish to refer to the C source code in + source/smbd/negprot.c for a listing of known protocol + dialects supported by clients. + + If you are viewing this parameter as a security measure, you should + also refer to the lanman + auth parameter. Otherwise, you should never need + to change this parameter. + + Default : min protocol = CORE + Example : min protocol = NT1 # disable DOS + clients + + + + + + + + min wins ttl (G) + This option tells nmbd(8) + when acting as a WINS server ( + wins support = yes) what the minimum 'time to live' + of NetBIOS names that nmbd will grant will be (in + seconds). You should never need to change this parameter. The default + is 6 hours (21600 seconds). + + Default: min wins ttl = 21600 + + + + + + + + msdfs root (S) + This boolean parameter is only available if + Samba is configured and compiled with the + --with-msdfs option. If set to yes, + Samba treats the share as a Dfs root and allows clients to browse + the distributed file system tree rooted at the share directory. + Dfs links are specified in the share directory by symbolic + links of the form msdfs:serverA\shareA,serverB\shareB + and so on. For more information on setting up a Dfs tree + on Samba, refer to msdfs_setup.html + . + + See also host msdfs + + + Default: msdfs root = no + + + + + + name resolve order (G) + This option is used by the programs in the Samba + suite to determine what naming services to use and in what order + to resolve host names to IP addresses. The option takes a space + separated string of name resolution options. + + The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows : + + + lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup. + + host : Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file. Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + wins : Query a name with + the IP address listed in the + wins server parameter. If no WINS server has + been specified this method will be ignored. + + bcast : Do a broadcast on + each of the known local interfaces listed in the interfaces + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet. + + + Default: name resolve order = lmhosts host wins bcast + + Example: name resolve order = lmhosts bcast host + + + This will cause the local lmhosts file to be examined + first, followed by a broadcast attempt, followed by a normal + system hostname lookup. + + + + + + + + netbios aliases (G) + This is a list of NetBIOS names that nmbd(8) will advertise as additional + names by which the Samba server is known. This allows one machine + to appear in browse lists under multiple names. If a machine is + acting as a browse server or logon server none + of these names will be advertised as either browse server or logon + servers, only the primary name of the machine will be advertised + with these capabilities. + + See also netbios + name. + + Default: empty string (no additional names) + Example: netbios aliases = TEST TEST1 TEST2 + + + + + + + netbios name (G) + This sets the NetBIOS name by which a Samba + server is known. By default it is the same as the first component + of the host's DNS name. If a machine is a browse server or + logon server this name (or the first component + of the hosts DNS name) will be the name that these services are + advertised under. + + See also netbios + aliases. + + Default: machine DNS name + Example: netbios name = MYNAME + + + + + + + netbios scope (G) + This sets the NetBIOS scope that Samba will + operate under. This should not be set unless every machine + on your LAN also sets this value. + + + + + + nis homedir (G) + Get the home share server from a NIS map. For + UNIX systems that use an automounter, the user's home directory + will often be mounted on a workstation on demand from a remote + server. + + When the Samba logon server is not the actual home directory + server, but is mounting the home directories via NFS then two + network hops would be required to access the users home directory + if the logon server told the client to use itself as the SMB server + for home directories (one over SMB and one over NFS). This can + be very slow. + + This option allows Samba to return the home share as + being on a different server to the logon server and as + long as a Samba daemon is running on the home directory server, + it will be mounted on the Samba client directly from the directory + server. When Samba is returning the home share to the client, it + will consult the NIS map specified in + homedir map and return the server + listed there. + + Note that for this option to work there must be a working + NIS system and the Samba server with this option must also + be a logon server. + + Default: nis homedir = no + + + + + + + non unix account range (G) + The non unix account range parameter specifies + the range of 'user ids' that are allocated by the various 'non unix + account' passdb backends. These backends allow + the storage of passwords for users who don't exist in /etc/passwd. + This is most often used for machine account creation. + This range of ids should have no existing local or NIS users within + it as strange conflicts can occur otherwise. + + NOTE: These userids never appear on the system and Samba will never + 'become' these users. They are used only to ensure that the algorithmic + RID mapping does not conflict with normal users. + + + Default: non unix account range = <empty string> + + + Example: non unix account range = 10000-20000 + + + + + + + nt acl support (S) + This boolean parameter controls whether + smbd(8) will attempt to map + UNIX permissions into Windows NT access control lists. + This parameter was formally a global parameter in releases + prior to 2.2.2. + + Default: nt acl support = yes + + + + + + + nt pipe support (G) + This boolean parameter controls whether + smbd(8) will allow Windows NT + clients to connect to the NT SMB specific IPC$ + pipes. This is a developer debugging option and can be left + alone. + + Default: nt pipe support = yes + + + + + + + null passwords (G) + Allow or disallow client access to accounts + that have null passwords. + + See also smbpasswd (5). + + Default: null passwords = no + + + + + + + + obey pam restrictions (G) + When Samba 2.2 is configured to enable PAM support + (i.e. --with-pam), this parameter will control whether or not Samba + should obey PAM's account and session management directives. The + default behavior is to use PAM for clear text authentication only + and to ignore any account or session management. Note that Samba + always ignores PAM for authentication in the case of encrypt passwords = yes + . The reason is that PAM modules cannot support the challenge/response + authentication mechanism needed in the presence of SMB password encryption. + + + Default: obey pam restrictions = no + + + + + + + + + only user (S) + This is a boolean option that controls whether + connections with usernames not in the user + list will be allowed. By default this option is disabled so that a + client can supply a username to be used by the server. Enabling + this parameter will force the server to only user the login + names from the user list and is only really + useful in shave level + security. + + Note that this also means Samba won't try to deduce + usernames from the service name. This can be annoying for + the [homes] section. To get around this you could use user = + %S which means your user list + will be just the service name, which for home directories is the + name of the user. + + See also the user + parameter. + + Default: only user = no + + + + + + + + only guest (S) + A synonym for + guest only. + + + + + + + oplock break wait time (G) + This is a tuning parameter added due to bugs in + both Windows 9x and WinNT. If Samba responds to a client too + quickly when that client issues an SMB that can cause an oplock + break request, then the network client can fail and not respond + to the break request. This tuning parameter (which is set in milliseconds) + is the amount of time Samba will wait before sending an oplock break + request to such (broken) clients. + + DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE. + + Default: oplock break wait time = 0 + + + + + + oplock contention limit (S) + This is a very advanced + smbd(8) tuning option to + improve the efficiency of the granting of oplocks under multiple + client contention for the same file. + + In brief it specifies a number, which causes smbd not to + grant an oplock even when requested if the approximate number of + clients contending for an oplock on the same file goes over this + limit. This causes smbd to behave in a similar + way to Windows NT. + + DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE. + + Default: oplock contention limit = 2 + + + + + + + + + oplocks (S) + This boolean option tells smbd whether to + issue oplocks (opportunistic locks) to file open requests on this + share. The oplock code can dramatically (approx. 30% or more) improve + the speed of access to files on Samba servers. It allows the clients + to aggressively cache files locally and you may want to disable this + option for unreliable network environments (it is turned on by + default in Windows NT Servers). For more information see the file + Speed.txt in the Samba docs/ + directory. + + Oplocks may be selectively turned off on certain files with a + share. See the + veto oplock files parameter. On some systems + oplocks are recognized by the underlying operating system. This + allows data synchronization between all access to oplocked files, + whether it be via Samba or NFS or a local UNIX process. See the + kernel oplocks parameter for details. + + See also the kernel + oplocks and + level2 oplocks parameters. + + Default: oplocks = yes + + + + + + + os level (G) + This integer value controls what level Samba + advertises itself as for browse elections. The value of this + parameter determines whether nmbd(8) + has a chance of becoming a local master browser for the + WORKGROUP in the local broadcast area. + + Note :By default, Samba will win + a local master browsing election over all Microsoft operating + systems except a Windows NT 4.0/2000 Domain Controller. This + means that a misconfigured Samba host can effectively isolate + a subnet for browsing purposes. See BROWSING.txt + in the Samba docs/ directory + for details. + + Default: os level = 20 + Example: os level = 65 + + + + + + + os2 driver map (G) + The parameter is used to define the absolute + path to a file containing a mapping of Windows NT printer driver + names to OS/2 printer driver names. The format is: + + <nt driver name> = <os2 driver + name>.<device name> + + For example, a valid entry using the HP LaserJet 5 + printer driver would appear as HP LaserJet 5L = LASERJET.HP + LaserJet 5L. + + The need for the file is due to the printer driver namespace + problem described in the Samba + Printing HOWTO. For more details on OS/2 clients, please + refer to the OS2-Client-HOWTO + containing in the Samba documentation. + + Default: os2 driver map = <empty string> + + + + + + + pam password change (G) + With the addition of better PAM support in Samba 2.2, + this parameter, it is possible to use PAM's password change control + flag for Samba. If enabled, then PAM will be used for password + changes when requested by an SMB client instead of the program listed in + passwd program. + It should be possible to enable this without changing your + passwd chat + parameter for most setups. + + + Default: pam password change = no + + + + + + + panic action (G) + This is a Samba developer option that allows a + system command to be called when either + smbd(8) or nmbd(8) + crashes. This is usually used to draw attention to the fact that + a problem occurred. + + Default: panic action = <empty string> + Example: panic action = "/bin/sleep 90000" + + + + + + passdb backend (G) + This option allows the administrator to chose what + backend in which to store passwords. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. Only one can + be used at a time however, and experimental backends must still be selected + (eg --with-tdbsam) at configure time. + + + This paramater is in two parts, the backend's name, and a 'location' + string that has meaning only to that particular backed. These are separated + by a : character. + + Available backends can include: + + smbpasswd - The default smbpasswd + backend. Takes a path to the smbpasswd file as an optional argument. + + smbpasswd_nua - The smbpasswd + backend, but with support for 'not unix accounts'. + Takes a path to the smbpasswd file as an optional argument. + See also + non unix account range + + tdbsam - The TDB based password storage + backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb + in the + private dir directory. + + tdbsam_nua - The TDB based password storage + backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb + in the + private dir directory. + See also + non unix account range + + ldapsam - The LDAP based passdb + backend. Takes an LDAP URL as an optional argument (defaults to + ldap://localhost) + + ldapsam_nua - The LDAP based passdb + backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to + ldap://localhost) + See also + non unix account range + + plugin - Allows Samba to load an + arbitary passdb backend from the .so specified as a compulsary argument. + + + Any characters after the (optional) second : are passed to the plugin + for its own processing + + + + + + Default: passdb backend = smbpasswd + Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb + Example: passdb backend = ldapsam_nua:ldaps://ldap.example.com + Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args + + + + + + passwd chat (G) + This string controls the "chat" + conversation that takes places between smbd and the local password changing + program to change the user's password. The string describes a + sequence of response-receive pairs that + smbd(8) uses to determine what to send to the + passwd program + and what to expect back. If the expected output is not + received then the password is not changed. + + This chat sequence is often quite site specific, depending + on what local methods are used for password control (such as NIS + etc). + Note that this parameter only is only used if the unix + password sync parameter is set to yes. This + sequence is then called AS ROOT when the SMB password + in the smbpasswd file is being changed, without access to the old + password cleartext. This means that root must be able to reset the user's password + without knowing the text of the previous password. In the presence of NIS/YP, + this means that the passwd program must be + executed on the NIS master. + + + + The string can contain the macro %n which is substituted + for the new password. The chat sequence can also contain the standard + macros \n, \r, + \t and \s to give line-feed, + carriage-return, tab and space. The chat sequence string can also contain + a '*' which matches any sequence of characters. + Double quotes can be used to collect strings with spaces + in them into a single string. + + If the send string in any part of the chat sequence + is a full stop ".", then no string is sent. Similarly, + if the expect string is a full stop then no string is expected. + + If the pam + password change parameter is set to true, the chat pairs + may be matched in any order, and success is determined by the PAM result, + not any particular output. The \n macro is ignored for PAM conversions. + + + See also unix password + sync, + passwd program , + passwd chat debug and + pam password change. + + Default: passwd chat = *new*password* %n\n + *new*password* %n\n *changed* + Example: passwd chat = "*Enter OLD password*" %o\n + "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password + changed*" + + + + + + + passwd chat debug (G) + This boolean specifies if the passwd chat script + parameter is run in debug mode. In this mode the + strings passed to and received from the passwd chat are printed + in the smbd(8) log with a + debug level + of 100. This is a dangerous option as it will allow plaintext passwords + to be seen in the smbd log. It is available to help + Samba admins debug their passwd chat scripts + when calling the passwd program and should + be turned off after this has been done. This option has no effect if the + pam password change + paramter is set. This parameter is off by default. + + + See also passwd chat + , pam password change + , passwd program + . + + Default: passwd chat debug = no + + + + + + + passwd program (G) + The name of a program that can be used to set + UNIX user passwords. Any occurrences of %u + will be replaced with the user name. The user name is checked for + existence before calling the password changing program. + + Also note that many passwd programs insist in reasonable + passwords, such as a minimum length, or the inclusion + of mixed case chars and digits. This can pose a problem as some clients + (such as Windows for Workgroups) uppercase the password before sending + it. + + Note that if the unix + password sync parameter is set to true + then this program is called AS ROOT + before the SMB password in the smbpasswd(5) + file is changed. If this UNIX password change fails, then + smbd will fail to change the SMB password also + (this is by design). + + If the unix password sync parameter + is set this parameter MUST USE ABSOLUTE PATHS + for ALL programs called, and must be examined + for security implications. Note that by default unix + password sync is set to false. + + See also unix + password sync. + + Default: passwd program = /bin/passwd + Example: passwd program = /sbin/npasswd %u + + + + + + + + password level (G) + Some client/server combinations have difficulty + with mixed-case passwords. One offending client is Windows for + Workgroups, which for some reason forces passwords to upper + case when using the LANMAN1 protocol, but leaves them alone when + using COREPLUS! Another problem child is the Windows 95/98 + family of operating systems. These clients upper case clear + text passwords even when NT LM 0.12 selected by the protocol + negotiation request/response. + + This parameter defines the maximum number of characters + that may be upper case in passwords. + + For example, say the password given was "FRED". If + password level is set to 1, the following combinations + would be tried if "FRED" failed: + + "Fred", "fred", "fRed", "frEd","freD" + + If password level was set to 2, + the following combinations would also be tried: + + "FRed", "FrEd", "FreD", "fREd", "fReD", "frED", .. + + And so on. + + The higher value this parameter is set to the more likely + it is that a mixed case password will be matched against a single + case password. However, you should be aware that use of this + parameter reduces security and increases the time taken to + process a new connection. + + A value of zero will cause only two attempts to be + made - the password as is and the password in all-lower case. + + Default: password level = 0 + Example: password level = 4 + + + + + + + password server (G) + By specifying the name of another SMB server (such + as a WinNT box) with this option, and using security = domain + or security = server you can get Samba + to do all its username/password validation via a remote server. + + This option sets the name of the password server to use. + It must be a NetBIOS name, so if the machine's NetBIOS name is + different from its Internet name then you may have to add its NetBIOS + name to the lmhosts file which is stored in the same directory + as the smb.conf file. + + The name of the password server is looked up using the + parameter name + resolve order and so may resolved + by any method and order described in that parameter. + + The password server much be a machine capable of using + the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in + user level security mode. + + NOTE: Using a password server + means your UNIX box (running Samba) is only as secure as your + password server. DO NOT CHOOSE A PASSWORD SERVER THAT + YOU DON'T COMPLETELY TRUST. + + Never point a Samba server at itself for password + serving. This will cause a loop and could lock up your Samba + server! + + The name of the password server takes the standard + substitutions, but probably the only useful one is %m + , which means the Samba server will use the incoming + client as the password server. If you use this then you better + trust your clients, and you had better restrict them with hosts allow! + + If the security parameter is set to + domain, then the list of machines in this + option must be a list of Primary or Backup Domain controllers for the + Domain or the character '*', as the Samba server is effectively + in that domain, and will use cryptographically authenticated RPC calls + to authenticate the user logging on. The advantage of using + security = domain is that if you list several hosts in the + password server option then smbd + will try each in turn till it finds one that responds. This + is useful in case your primary server goes down. + + If the password server option is set + to the character '*', then Samba will attempt to auto-locate the + Primary or Backup Domain controllers to authenticate against by + doing a query for the name WORKGROUP<1C> + and then contacting each server returned in the list of IP + addresses from the name resolution source. + + If the security parameter is + set to server, then there are different + restrictions that security = domain doesn't + suffer from: + + + You may list several password servers in + the password server parameter, however if an + smbd makes a connection to a password server, + and then the password server fails, no more users will be able + to be authenticated from this smbd. This is a + restriction of the SMB/CIFS protocol when in security = server + mode and cannot be fixed in Samba. + + If you are using a Windows NT server as your + password server then you will have to ensure that your users + are able to login from the Samba server, as when in + security = server mode the network logon will appear to + come from there rather than from the users workstation. + + + See also the security + parameter. + + Default: password server = <empty string> + + Example: password server = NT-PDC, NT-BDC1, NT-BDC2 + + Example: password server = * + + + + + + + path (S) + This parameter specifies a directory to which + the user of the service is to be given access. In the case of + printable services, this is where print data will spool prior to + being submitted to the host for printing. + + For a printable service offering guest access, the service + should be readonly and the path should be world-writeable and + have the sticky bit set. This is not mandatory of course, but + you probably won't get the results you expect if you do + otherwise. + + Any occurrences of %u in the path + will be replaced with the UNIX username that the client is using + on this connection. Any occurrences of %m + will be replaced by the NetBIOS name of the machine they are + connecting from. These replacements are very useful for setting + up pseudo home directories for users. + + Note that this path will be based on + root dir if one was specified. + + Default: none + Example: path = /home/fred + + + + + + + + posix locking (S) + The smbd(8) + daemon maintains an database of file locks obtained by SMB clients. + The default behavior is to map this internal database to POSIX + locks. This means that file locks obtained by SMB clients are + consistent with those seen by POSIX compliant applications accessing + the files via a non-SMB method (e.g. NFS or local file access). + You should never need to disable this parameter. + + Default: posix locking = yes + + + + + + + + postexec (S) + This option specifies a command to be run + whenever the service is disconnected. It takes the usual + substitutions. The command may be run as the root on some + systems. + + An interesting example may be to unmount server + resources: + + postexec = /etc/umount /cdrom + + See also preexec + . + + Default: none (no command executed) + + + Example: postexec = echo \"%u disconnected from %S + from %m (%I)\" >> /tmp/log + + + + + + + postscript (S) + This parameter forces a printer to interpret + the print files as PostScript. This is done by adding a %! + to the start of print output. + + This is most useful when you have lots of PCs that persist + in putting a control-D at the start of print jobs, which then + confuses your printer. + + Default: postscript = no + + + + + + + preexec (S) + This option specifies a command to be run whenever + the service is connected to. It takes the usual substitutions. + + An interesting example is to send the users a welcome + message every time they log in. Maybe a message of the day? Here + is an example: + + preexec = csh -c 'echo \"Welcome to %S!\" | + /usr/local/samba/bin/smbclient -M %m -I %I' & + + Of course, this could get annoying after a while :-) + + See also preexec close + and postexec + . + + Default: none (no command executed) + Example: preexec = echo \"%u connected to %S from %m + (%I)\" >> /tmp/log + + + + + + + preexec close (S) + This boolean option controls whether a non-zero + return code from preexec + should close the service being connected to. + + Default: preexec close = no + + + + + + preferred master (G) + This boolean parameter controls if nmbd(8) is a preferred master browser + for its workgroup. + + If this is set to true, on startup, nmbd + will force an election, and it will have a slight advantage in + winning the election. It is recommended that this parameter is + used in conjunction with + domain master = yes, so that + nmbd can guarantee becoming a domain master. + + Use this option with caution, because if there are several + hosts (whether Samba servers, Windows 95 or NT) that are preferred + master browsers on the same subnet, they will each periodically + and continuously attempt to become the local master browser. + This will result in unnecessary broadcast traffic and reduced browsing + capabilities. + + See also os level + . + + Default: preferred master = auto + + + + + + + prefered master (G) + Synonym for + preferred master for people who cannot spell :-). + + + + + + + preload + This is a list of services that you want to be + automatically added to the browse lists. This is most useful + for homes and printers services that would otherwise not be + visible. + + Note that if you just want all printers in your + printcap file loaded then the + load printers option is easier. + + Default: no preloaded services + + Example: preload = fred lp colorlp + + + + + + preserve case (S) + This controls if new filenames are created + with the case that the client passes, or if they are forced to + be the default case + . + + Default: preserve case = yes + + See the section on NAME + MANGLING for a fuller discussion. + + + + + + + print command (S) + After a print job has finished spooling to + a service, this command will be used via a system() + call to process the spool file. Typically the command specified will + submit the spool file to the host's printing subsystem, but there + is no requirement that this be the case. The server will not remove + the spool file, so whatever command you specify should remove the + spool file when it has been processed, otherwise you will need to + manually remove old spool files. + + The print command is simply a text string. It will be used + verbatim, with two exceptions: All occurrences of %s + and %f will be replaced by the + appropriate spool file name, and all occurrences of %p + will be replaced by the appropriate printer name. The + spool file name is generated automatically by the server. The + %J macro can be used to access the job + name as transmitted by the client. + + The print command MUST contain at least + one occurrence of %s or %f + - the %p is optional. At the time + a job is submitted, if no printer name is supplied the %p + will be silently removed from the printer command. + + If specified in the [global] section, the print command given + will be used for any printable service that does not have its own + print command specified. + + If there is neither a specified print command for a + printable service nor a global print command, spool files will + be created but not processed and (most importantly) not removed. + + Note that printing may fail on some UNIXes from the + nobody account. If this happens then create + an alternative guest account that can print and set the guest account + in the [global] section. + + You can form quite complex print commands by realizing + that they are just passed to a shell. For example the following + will log a print job, print the file, then remove it. Note that + ';' is the usual separator for command in shell scripts. + + print command = echo Printing %s >> + /tmp/print.log; lpr -P %p %s; rm %s + + You may have to vary this command considerably depending + on how you normally print files on your system. The default for + the parameter varies depending on the setting of the + printing parameter. + + Default: For printing = BSD, AIX, QNX, LPRNG + or PLP : + print command = lpr -r -P%p %s + + For printing = SYSV or HPUX : + print command = lp -c -d%p %s; rm %s + + For printing = SOFTQ : + print command = lp -d%p -s %s; rm %s + + Example: print command = /usr/local/samba/bin/myprintscript + %p %s + + + + + + + print ok (S) + Synonym for + printable. + + + + + + + + printable (S) + If this parameter is yes, then + clients may open, write to and submit spool files on the directory + specified for the service. + + Note that a printable service will ALWAYS allow writing + to the service path (user privileges permitting) via the spooling + of print data. The writeable + parameter controls only non-printing access to + the resource. + + Default: printable = no + + + + + + + printcap (G) + Synonym for + printcap name. + + + + + + + + printcap name (G) + This parameter may be used to override the + compiled-in default printcap name used by the server (usually + /etc/printcap). See the discussion of the [printers] section above for reasons + why you might want to do this. + + On System V systems that use lpstat to + list available printers you can use printcap name = lpstat + to automatically obtain lists of available printers. This + is the default for systems that define SYSV at configure time in + Samba (this includes most System V based systems). If + printcap name is set to lpstat on + these systems then Samba will launch lpstat -v and + attempt to parse the output to obtain a printer list. + + A minimal printcap file would look something like this: + + + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + + + where the '|' separates aliases of a printer. The fact + that the second alias has a space in it gives a hint to Samba + that it's a comment. + + NOTE: Under AIX the default printcap + name is /etc/qconfig. Samba will assume the + file is in AIX qconfig format if the string + qconfig appears in the printcap filename. + + Default: printcap name = /etc/printcap + Example: printcap name = /etc/myprintcap + + + + + + + + + printer admin (S) + This is a list of users that can do anything to + printers via the remote administration interfaces offered by MS-RPC + (usually using a NT workstation). Note that the root user always + has admin rights. + + Default: printer admin = <empty string> + + Example: printer admin = admin, @staff + + + + + + + + + printer driver (S) + Note :This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the Samba 2.2. Printing + HOWTO for more information + on the new method of loading printer drivers onto a Samba server. + + + This option allows you to control the string + that clients receive when they ask the server for the printer driver + associated with a printer. If you are using Windows95 or Windows NT + then you can use this to automate the setup of printers on your + system. + + You need to set this parameter to the exact string (case + sensitive) that describes the appropriate printer driver for your + system. If you don't know the exact string to use then you should + first try with no + printer driver option set and the client will + give you a list of printer drivers. The appropriate strings are + shown in a scroll box after you have chosen the printer manufacturer. + + See also printer + driver file. + + Example: printer driver = HP LaserJet 4L + + + + + + + printer driver file (G) + Note :This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the Samba 2.2. Printing + HOWTO for more information + on the new method of loading printer drivers onto a Samba server. + + + This parameter tells Samba where the printer driver + definition file, used when serving drivers to Windows 95 clients, is + to be found. If this is not set, the default is : + + SAMBA_INSTALL_DIRECTORY + /lib/printers.def + + This file is created from Windows 95 msprint.inf + files found on the Windows 95 client system. For more + details on setting up serving of printer drivers to Windows 95 + clients, see the outdated documentation file in the docs/ + directory, PRINTER_DRIVER.txt. + + See also + printer driver location. + + Default: None (set in compile). + + Example: printer driver file = + /usr/local/samba/printers/drivers.def + + + + + + + + printer driver location (S) + Note :This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the Samba 2.2. Printing + HOWTO for more information + on the new method of loading printer drivers onto a Samba server. + + + This parameter tells clients of a particular printer + share where to find the printer driver files for the automatic + installation of drivers for Windows 95 machines. If Samba is set up + to serve printer drivers to Windows 95 machines, this should be set to + + \\MACHINE\PRINTER$ + + Where MACHINE is the NetBIOS name of your Samba server, + and PRINTER$ is a share you set up for serving printer driver + files. For more details on setting this up see the outdated documentation + file in the docs/ directory, + PRINTER_DRIVER.txt. + + See also + printer driver file. + + Default: none + Example: printer driver location = \\MACHINE\PRINTER$ + + + + + + + + printer name (S) + This parameter specifies the name of the printer + to which print jobs spooled through a printable service will be sent. + + If specified in the [global] section, the printer + name given will be used for any printable service that does + not have its own printer name specified. + + Default: none (but may be lp + on many systems) + + Example: printer name = laserwriter + + + + + + printer (S) + Synonym for + printer name. + + + + + + + printing (S) + This parameters controls how printer status + information is interpreted on your system. It also affects the + default values for the print command, + lpq command, lppause command + , lpresume command, and + lprm command if specified in the + [global] section. + + Currently nine printing styles are supported. They are + BSD, AIX, + LPRNG, PLP, + SYSV, HPUX, + QNX, SOFTQ, + and CUPS. + + To see what the defaults are for the other print + commands when using the various options use the testparm(1) program. + + This option can be set on a per printer basis + + See also the discussion in the + [printers] section. + + + + + + + + private dir (G) + This parameters defines the directory + smbd will use for storing such files as smbpasswd + and secrets.tdb. + + + Default :private dir = ${prefix}/private + + + + + + + + protocol (G) + Synonym for + max protocol. + + + + + + + public (S) + Synonym for guest + ok. + + + + + + + queuepause command (S) + This parameter specifies the command to be + executed on the server host in order to pause the printer queue. + + This command should be a program or script which takes + a printer name as its only parameter and stops the printer queue, + such that no longer jobs are submitted to the printer. + + This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT. + + If a %p is given then the printer name + is put in its place. Otherwise it is placed at the end of the command. + + + Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server. + + Default: depends on the setting of printing + + Example: queuepause command = disable %p + + + + + + + queueresume command (S) + This parameter specifies the command to be + executed on the server host in order to resume the printer queue. It + is the command to undo the behavior that is caused by the + previous parameter ( + queuepause command). + + This command should be a program or script which takes + a printer name as its only parameter and resumes the printer queue, + such that queued jobs are resubmitted to the printer. + + This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT. + + If a %p is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command. + + Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server. + + Default: depends on the setting of printing + + + Example: queuepause command = enable %p + + + + + + + + read bmpx (G) + This boolean parameter controls whether smbd(8) will support the "Read + Block Multiplex" SMB. This is now rarely used and defaults to + no. You should never need to set this + parameter. + + Default: read bmpx = no + + + + + + + + read list (S) + This is a list of users that are given read-only + access to a service. If the connecting user is in this list then + they will not be given write access, no matter what the writeable + option is set to. The list can include group names using the + syntax described in the + invalid users parameter. + + See also the + write list parameter and the invalid users + parameter. + + Default: read list = <empty string> + Example: read list = mary, @students + + + + + + + read only (S) + Note that this is an inverted synonym for writeable. + + + + + + + read raw (G) + This parameter controls whether or not the server + will support the raw read SMB requests when transferring data + to clients. + + If enabled, raw reads allow reads of 65535 bytes in + one packet. This typically provides a major performance benefit. + + + However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw reads. + + In general this parameter should be viewed as a system tuning + tool and left severely alone. See also + write raw. + + Default: read raw = yes + + + + + + read size (G) + The option read size + affects the overlap of disk reads/writes with network reads/writes. + If the amount of data being transferred in several of the SMB + commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger + than this value then the server begins writing the data before it + has received the whole packet from the network, or in the case of + SMBreadbraw, it begins writing to the network before all the data + has been read from disk. + + This overlapping works best when the speeds of disk and + network access are similar, having very little effect when the + speed of one is much greater than the other. + + The default value is 16384, but very little experimentation + has been done yet to determine the optimal value, and it is likely + that the best value will vary greatly between systems anyway. + A value over 65536 is pointless and will cause you to allocate + memory unnecessarily. + + Default: read size = 16384 + Example: read size = 8192 + + + + + + + remote announce (G) + This option allows you to setup nmbd(8) to periodically announce itself + to arbitrary IP addresses with an arbitrary workgroup name. + + This is useful if you want your Samba server to appear + in a remote workgroup for which the normal browse propagation + rules don't work. The remote workgroup can be anywhere that you + can send IP packets to. + + For example: + + remote announce = 192.168.2.255/SERVERS + 192.168.4.255/STAFF + + the above line would cause nmbd to announce itself + to the two given IP addresses using the given workgroup names. + If you leave out the workgroup name then the one given in + the workgroup + parameter is used instead. + + The IP addresses you choose would normally be the broadcast + addresses of the remote networks, but can also be the IP addresses + of known browse masters if your network config is that stable. + + See the documentation file BROWSING.txt + in the docs/ directory. + + Default: remote announce = <empty string> + + + + + + + + remote browse sync (G) + This option allows you to setup nmbd(8) to periodically request + synchronization of browse lists with the master browser of a Samba + server that is on a remote segment. This option will allow you to + gain browse lists for multiple workgroups across routed networks. This + is done in a manner that does not work with any non-Samba servers. + + This is useful if you want your Samba server and all local + clients to appear in a remote workgroup for which the normal browse + propagation rules don't work. The remote workgroup can be anywhere + that you can send IP packets to. + + For example: + + remote browse sync = 192.168.2.255 192.168.4.255 + + + the above line would cause nmbd to request + the master browser on the specified subnets or addresses to + synchronize their browse lists with the local server. + + The IP addresses you choose would normally be the broadcast + addresses of the remote networks, but can also be the IP addresses + of known browse masters if your network config is that stable. If + a machine IP address is given Samba makes NO attempt to validate + that the remote machine is available, is listening, nor that it + is in fact the browse master on its segment. + + Default: remote browse sync = <empty string> + + + + + + + + + restrict anonymous (G) + This is a boolean parameter. If it is true, then + anonymous access to the server will be restricted, namely in the + case where the server is expecting the client to send a username, + but it doesn't. Setting it to true will force these anonymous + connections to be denied, and the client will be required to always + supply a username and password when connecting. Use of this parameter + is only recommended for homogeneous NT client environments. + + This parameter makes the use of macro expansions that rely + on the username (%U, %G, etc) consistent. NT 4.0 + likes to use anonymous connections when refreshing the share list, + and this is a way to work around that. + + When restrict anonymous is true, all anonymous connections + are denied no matter what they are for. This can effect the ability + of a machine to access the Samba Primary Domain Controller to revalidate + its machine account after someone else has logged on the client + interactively. The NT client will display a message saying that + the machine's account in the domain doesn't exist or the password is + bad. The best way to deal with this is to reboot NT client machines + between interactive logons, using "Shutdown and Restart", rather + than "Close all programs and logon as a different user". + + Default: restrict anonymous = no + + + + + + + root (G) + Synonym for + root directory". + + + + + + + root dir (G) + Synonym for + root directory". + + + + + + root directory (G) + The server will chroot() (i.e. + Change its root directory) to this directory on startup. This is + not strictly necessary for secure operation. Even without it the + server will deny access to files not in one of the service entries. + It may also check for, and deny access to, soft links to other + parts of the filesystem, or attempts to use ".." in file names + to access other directories (depending on the setting of the wide links + parameter). + + Adding a root directory entry other + than "/" adds an extra level of security, but at a price. It + absolutely ensures that no access is given to files not in the + sub-tree specified in the root directory + option, including some files needed for + complete operation of the server. To maintain full operability + of the server you will need to mirror some system files + into the root directory tree. In particular + you will need to mirror /etc/passwd (or a + subset of it), and any binaries or configuration files needed for + printing (if required). The set of files that must be mirrored is + operating system dependent. + + Default: root directory = / + Example: root directory = /homes/smb + + + + + + + root postexec (S) + This is the same as the postexec + parameter except that the command is run as root. This + is useful for unmounting filesystems + (such as CDROMs) after a connection is closed. + + See also + postexec. + + Default: root postexec = <empty string> + + + + + + root preexec (S) + This is the same as the preexec + parameter except that the command is run as root. This + is useful for mounting filesystems (such as CDROMs) when a + connection is opened. + + See also + preexec and + preexec close. + + Default: root preexec = <empty string> + + + + + + + + root preexec close (S) + This is the same as the preexec close + parameter except that the command is run as root. + + See also + preexec and + preexec close. + + Default: root preexec close = no + + + + + + security (G) + This option affects how clients respond to + Samba and is one of the most important settings in the + smb.conf file. + + The option sets the "security mode bit" in replies to + protocol negotiations with smbd(8) + to turn share level security on or off. Clients decide + based on this bit whether (and how) to transfer user and password + information to the server. + + + The default is security = user, as this is + the most common setting needed when talking to Windows 98 and + Windows NT. + + The alternatives are security = share, + security = server or security = domain + . + + In versions of Samba prior to 2.0.0, the default was + security = share mainly because that was + the only option at one stage. + + There is a bug in WfWg that has relevance to this + setting. When in user or server level security a WfWg client + will totally ignore the password you type in the "connect + drive" dialog box. This makes it very difficult (if not impossible) + to connect to a Samba service as anyone except the user that + you are logged into WfWg as. + + If your PCs use usernames that are the same as their + usernames on the UNIX machine then you will want to use + security = user. If you mostly use usernames + that don't exist on the UNIX box then use security = + share. + + You should also use security = share if you + want to mainly setup shares without a password (guest shares). This + is commonly used for a shared printer server. It is more difficult + to setup guest shares with security = user, see + the map to guest + parameter for details. + + It is possible to use smbd in a + hybrid mode where it is offers both user and share + level security under different + NetBIOS aliases. + + The different settings will now be explained. + + + SECURITY = SHARE + + + When clients connect to a share level security server they + need not log onto the server with a valid username and password before + attempting to connect to a shared resource (although modern clients + such as Windows 95/98 and Windows NT will send a logon request with + a username but no password when talking to a security = share + server). Instead, the clients send authentication information + (passwords) on a per-share basis, at the time they attempt to connect + to that share. + + Note that smbd ALWAYS + uses a valid UNIX user to act on behalf of the client, even in + security = share level security. + + As clients are not required to send a username to the server + in share level security, smbd uses several + techniques to determine the correct UNIX user to use on behalf + of the client. + + A list of possible UNIX usernames to match with the given + client password is constructed using the following methods : + + + If the guest + only parameter is set, then all the other + stages are missed and only the + guest account username is checked. + + + Is a username is sent with the share connection + request, then this username (after mapping - see username map), + is added as a potential username. + + If the client did a previous logon + request (the SessionSetup SMB call) then the + username sent in this SMB will be added as a potential username. + + + The name of the service the client requested is + added as a potential username. + + The NetBIOS name of the client is added to + the list as a potential username. + + Any users on the + user list are added as potential usernames. + + + + If the guest only parameter is + not set, then this list is then tried with the supplied password. + The first user for whom the password matches will be used as the + UNIX user. + + If the guest only parameter is + set, or no username can be determined then if the share is marked + as available to the guest account, then this + guest user will be used, otherwise access is denied. + + Note that it can be very confusing + in share-level security as to which UNIX username will eventually + be used in granting access. + + See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION. + + SECURITY = USER + + + This is the default security setting in Samba 2.2. + With user-level security a client must first "log-on" with a + valid username and password (which can be mapped using the username map + parameter). Encrypted passwords (see the + encrypted passwords parameter) can also + be used in this security mode. Parameters such as + user and + guest only if set are then applied and + may change the UNIX user to use on this connection, but only after + the user has been successfully authenticated. + + Note that the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the guest account. + See the map to guest + parameter for details on doing this. + + See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION. + + SECURITY = SERVER + + + In this mode Samba will try to validate the username/password + by passing it to another SMB server, such as an NT box. If this + fails it will revert to security = user, but note + that if encrypted passwords have been negotiated then Samba cannot + revert back to checking the UNIX password file, it must have a valid + smbpasswd file to check users against. See the + documentation file in the docs/ directory + ENCRYPTION.txt for details on how to set this + up. + + Note that from the client's point of + view security = server is the same as + security = user. It only affects how the server deals + with the authentication, it does not in any way affect what the + client sees. + + Note that the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the guest account. + See the map to guest + parameter for details on doing this. + + See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION. + + See also the password + server parameter and the encrypted passwords + parameter. + + SECURITY = DOMAIN + + + This mode will only work correctly if smbpasswd(8) has been used to add this + machine into a Windows NT Domain. It expects the encrypted passwords + parameter to be set to true. In this + mode Samba will try to validate the username/password by passing + it to a Windows NT Primary or Backup Domain Controller, in exactly + the same way that a Windows NT Server would do. + + Note that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to. + + Note that from the client's point + of view security = domain is the same as security = user + . It only affects how the server deals with the authentication, + it does not in any way affect what the client sees. + + Note that the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the guest account. + See the map to guest + parameter for details on doing this. + + BUG: There is currently a bug in the + implementation of security = domain with respect + to multi-byte character set usernames. The communication with a + Domain Controller must be done in UNICODE and Samba currently + does not widen multi-byte user names to UNICODE correctly, thus + a multi-byte username will not be recognized correctly at the + Domain Controller. This issue will be addressed in a future release. + + See also the section + NOTE ABOUT USERNAME/PASSWORD VALIDATION. + + See also the password + server parameter and the encrypted passwords + parameter. + + Default: security = USER + Example: security = DOMAIN + + + + + + + security mask (S) + This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security + dialog box. + + This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change. + + If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions on a file. + + + Note that users who can access the + Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone + "appliance" systems. Administrators of most normal systems will + probably want to leave it set to 0777. + + See also the + force directory security mode, + directory + security mask, + force security mode parameters. + + Default: security mask = 0777 + Example: security mask = 0770 + + + + + + server string (G) + This controls what string will show up in the + printer comment box in print manager and next to the IPC connection + in net view. It can be any string that you wish + to show to your users. + + It also sets what will appear in browse lists next + to the machine name. + + A %v will be replaced with the Samba + version number. + + A %h will be replaced with the + hostname. + + Default: server string = Samba %v + + Example: server string = University of GNUs Samba + Server + + + + + + + set directory (S) + If set directory = no, then + users of the service may not use the setdir command to change + directory. + + The setdir command is only implemented + in the Digital Pathworks client. See the Pathworks documentation + for details. + + Default: set directory = no + + + + + + + + + short preserve case (S) + This boolean parameter controls if new files + which conform to 8.3 syntax, that is all in upper case and of + suitable length, are created upper case, or if they are forced + to be the default case + . This option can be use with preserve case = yes + to permit long filenames to retain their case, while short + names are lowered. + + See the section on + NAME MANGLING. + + Default: short preserve case = yes + + + + + + + show add printer wizard (G) + With the introduction of MS-RPC based printing support + for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will + appear on Samba hosts in the share listing. Normally this folder will + contain an icon for the MS Add Printer Wizard (APW). However, it is + possible to disable this feature regardless of the level of privilege + of the connected user. + + Under normal circumstances, the Windows NT/2000 client will + open a handle on the printer server with OpenPrinterEx() asking for + Administrator privileges. If the user does not have administrative + access on the print server (i.e is not root or a member of the + printer admin group), the OpenPrinterEx() + call fails and the client makes another open call with a request for + a lower privilege level. This should succeed, however the APW + icon will not be displayed. + + Disabling the show add printer wizard + parameter will always cause the OpenPrinterEx() on the server + to fail. Thus the APW icon will never be displayed. + Note :This does not prevent the same user from having + administrative privilege on an individual printer. + + See also addprinter + command, + deleteprinter command, printer admin + + Default :show add printer wizard = yes + + + + + + + shutdown script (G) + This parameter only exists in the HEAD cvs branch + This a full path name to a script called by + smbd(8) that + should start a shutdown procedure. + + This command will be run as the user connected to the + server. + + %m %t %r %f parameters are expanded + %m will be substituted with the + shutdown message sent to the server. + %t will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure. + %r will be substituted with the + switch -r. It means reboot after shutdown + for NT. + + %f will be substituted with the + switch -f. It means force the shutdown + even if applications do not respond for NT. + + Default: None. + Example: abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f + Shutdown script example: + + #!/bin/bash + + $time=0 + let "time/60" + let "time++" + + /sbin/shutdown $3 $4 +$time $1 & + + Shutdown does not return so we need to launch it in background. + + + See also abort shutdown script. + + + + + + smb passwd file (G) + This option sets the path to the encrypted + smbpasswd file. By default the path to the smbpasswd file + is compiled into Samba. + + Default: smb passwd file = ${prefix}/private/smbpasswd + + + Example: smb passwd file = /etc/samba/smbpasswd + + + + + + + + + socket address (G) + This option allows you to control what + address Samba will listen for connections on. This is used to + support multiple virtual interfaces on the one server, each + with a different configuration. + + By default Samba will accept connections on any + address. + + Example: socket address = 192.168.2.20 + + + + + + + + socket options (G) + This option allows you to set socket options + to be used when talking with the client. + + Socket options are controls on the networking layer + of the operating systems which allow the connection to be + tuned. + + This option will typically be used to tune your Samba + server for optimal performance for your local network. There is + no way that Samba can know what the optimal parameters are for + your net, so you must experiment and choose them yourself. We + strongly suggest you read the appropriate documentation for your + operating system first (perhaps man setsockopt + will help). + + You may find that on some systems Samba will say + "Unknown socket option" when you supply an option. This means you + either incorrectly typed it or you need to add an include file + to includes.h for your OS. If the latter is the case please + send the patch to + samba@samba.org. + + Any of the supported socket options may be combined + in any way you like, as long as your OS allows it. + + This is the list of socket options currently settable + using this option: + + + SO_KEEPALIVE + SO_REUSEADDR + SO_BROADCAST + TCP_NODELAY + IPTOS_LOWDELAY + IPTOS_THROUGHPUT + SO_SNDBUF * + SO_RCVBUF * + SO_SNDLOWAT * + SO_RCVLOWAT * + + + Those marked with a '*' take an integer + argument. The others can optionally take a 1 or 0 argument to enable + or disable the option, by default they will be enabled if you + don't specify 1 or 0. + + To specify an argument use the syntax SOME_OPTION = VALUE + for example SO_SNDBUF = 8192. Note that you must + not have any spaces before or after the = sign. + + If you are on a local network then a sensible option + might be + socket options = IPTOS_LOWDELAY + + If you have a local network then you could try: + socket options = IPTOS_LOWDELAY TCP_NODELAY + + If you are on a wide area network then perhaps try + setting IPTOS_THROUGHPUT. + + Note that several of the options may cause your Samba + server to fail completely. Use these options with caution! + + Default: socket options = TCP_NODELAY + Example: socket options = IPTOS_LOWDELAY + + + + + + + + source environment (G) + This parameter causes Samba to set environment + variables as per the content of the file named. + + If the value of this parameter starts with a "|" character + then Samba will treat that value as a pipe command to open and + will set the environment variables from the output of the pipe. + + The contents of the file or the output of the pipe should + be formatted as the output of the standard Unix env(1) + command. This is of the form : + Example environment entry: + SAMBA_NETBIOS_NAME = myhostname + + Default: No default value + Examples: source environment = |/etc/smb.conf.sh + + + Example: source environment = + /usr/local/smb_env_vars + + + + + + + ssl (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This variable enables or disables the entire SSL mode. If + it is set to no, the SSL-enabled Samba behaves + exactly like the non-SSL Samba. If set to yes, + it depends on the variables + ssl hosts and + ssl hosts resign whether an SSL + connection will be required. + + Default: ssl = no + + + + + + + ssl CA certDir (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This variable defines where to look up the Certification + Authorities. The given directory should contain one file for + each CA that Samba will trust. The file name must be the hash + value over the "Distinguished Name" of the CA. How this directory + is set up is explained later in this document. All files within the + directory that don't fit into this naming scheme are ignored. You + don't need this variable if you don't verify client certificates. + + Default: ssl CA certDir = /usr/local/ssl/certs + + + + + + + + ssl CA certFile (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This variable is a second way to define the trusted CAs. + The certificates of the trusted CAs are collected in one big + file and this variable points to the file. You will probably + only use one of the two ways to define your CAs. The first choice is + preferable if you have many CAs or want to be flexible, the second + is preferable if you only have one CA and want to keep things + simple (you won't need to create the hashed file names). You + don't need this variable if you don't verify client certificates. + + Default: ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem + + + + + + + + ssl ciphers (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This variable defines the ciphers that should be offered + during SSL negotiation. You should not set this variable unless + you know what you are doing. + + + + + + ssl client cert (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + The certificate in this file is used by + smbclient(1) if it exists. It's needed + if the server requires a client certificate. + + Default: ssl client cert = /usr/local/ssl/certs/smbclient.pem + + + + + + + + ssl client key (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This is the private key for + smbclient(1). It's only needed if the + client should have a certificate. + + Default: ssl client key = /usr/local/ssl/private/smbclient.pem + + + + + + + + ssl compatibility (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This variable defines whether OpenSSL should be configured + for bug compatibility with other SSL implementations. This is + probably not desirable because currently no clients with SSL + implementations other than OpenSSL exist. + + Default: ssl compatibility = no + + + + + + ssl egd socket (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + + This option is used to define the location of the communiation socket of + an EGD or PRNGD daemon, from which entropy can be retrieved. This option + can be used instead of or together with the ssl entropy file + directive. 255 bytes of entropy will be retrieved from the daemon. + + + Default: none + + + + + + ssl entropy bytes (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + + This parameter is used to define the number of bytes which should + be read from the ssl entropy + file If a -1 is specified, the entire file will + be read. + + + Default: ssl entropy bytes = 255 + + + + + + + ssl entropy file (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + + This parameter is used to specify a file from which processes will + read "random bytes" on startup. In order to seed the internal pseudo + random number generator, entropy must be provided. On system with a + /dev/urandom device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. + + + Default: none + + + + + + + ssl hosts (G) + See + ssl hosts resign. + + + + + + ssl hosts resign (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + These two variables define whether Samba will go + into SSL mode or not. If none of them is defined, Samba will + allow only SSL connections. If the + ssl hosts variable lists + hosts (by IP-address, IP-address range, net group or name), + only these hosts will be forced into SSL mode. If the + ssl hosts resign variable lists hosts, only these + hosts will NOT be forced into SSL mode. The syntax for these two + variables is the same as for the + hosts allow and + hosts deny pair of variables, only + that the subject of the decision is different: It's not the access + right but whether SSL is used or not. + + The example below requires SSL connections from all hosts + outside the local net (which is 192.168.*.*). + + Default: ssl hosts = <empty string> + ssl hosts resign = <empty string> + + Example: ssl hosts resign = 192.168. + + + + + + + ssl require clientcert (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + If this variable is set to yes, the + server will not tolerate connections from clients that don't + have a valid certificate. The directory/file given in ssl CA certDir + and ssl CA certFile + will be used to look up the CAs that issued + the client's certificate. If the certificate can't be verified + positively, the connection will be terminated. If this variable + is set to no, clients don't need certificates. + Contrary to web applications you really should + require client certificates. In the web environment the client's + data is sensitive (credit card numbers) and the server must prove + to be trustworthy. In a file server environment the server's data + will be sensitive and the clients must prove to be trustworthy. + + Default: ssl require clientcert = no + + + + + + + ssl require servercert (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + If this variable is set to yes, the + smbclient(1) + will request a certificate from the server. Same as + ssl require + clientcert for the server. + + Default: ssl require servercert = no + + + + + + ssl server cert (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This is the file containing the server's certificate. + The server must have a certificate. The + file may also contain the server's private key. See later for + how certificates and private keys are created. + + Default: ssl server cert = <empty string> + + + + + + + ssl server key (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This file contains the private key of the server. If + this variable is not defined, the key is looked up in the + certificate file (it may be appended to the certificate). + The server must have a private key + and the certificate must + match this private key. + + Default: ssl server key = <empty string> + + + + + + + ssl version (G) + This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time. + + This enumeration variable defines the versions of the + SSL protocol that will be used. ssl2or3 allows + dynamic negotiation of SSL v2 or v3, ssl2 results + in SSL v2, ssl3 results in SSL v3 and + tls1 results in TLS v1. TLS (Transport Layer + Security) is the new standard for SSL. + + Default: ssl version = "ssl2or3" + + + + + + + stat cache (G) + This parameter determines if smbd(8) will use a cache in order to + speed up case insensitive name mappings. You should never need + to change this parameter. + + Default: stat cache = yes + + + + + stat cache size (G) + This parameter determines the number of + entries in the stat cache. You should + never need to change this parameter. + + Default: stat cache size = 50 + + + + + + + status (G) + This enables or disables logging of connections + to a status file that smbstatus(1) + can read. + + With this disabled smbstatus won't be able + to tell you what connections are active. You should never need to + change this parameter. + + Default: status = yes + + + + + + + strict allocate (S) + This is a boolean that controls the handling of + disk space allocation in the server. When this is set to yes + the server will change from UNIX behaviour of not committing real + disk storage blocks when a file is extended to the Windows behaviour + of actually forcing the disk system to allocate real storage blocks + when a file is created or extended to be a given size. In UNIX + terminology this means that Samba will stop creating sparse files. + This can be slow on some systems. + + When strict allocate is no the server does sparse + disk block allocation when a file is extended. + + Setting this to yes can help Samba return + out of quota messages on systems that are restricting the disk quota + of users. + + Default: strict allocate = no + + + + + + + strict locking (S) + This is a boolean that controls the handling of + file locking in the server. When this is set to yes + the server will check every read and write access for file locks, and + deny access if locks exist. This can be slow on some systems. + + When strict locking is no the server does file + lock checks only when the client explicitly asks for them. + + Well-behaved clients always ask for lock checks when it + is important, so in the vast majority of cases strict + locking = no is preferable. + + Default: strict locking = no + + + + + + + strict sync (S) + Many Windows applications (including the Windows + 98 explorer shell) seem to confuse flushing buffer contents to + disk with doing a sync to disk. Under UNIX, a sync call forces + the process to be suspended until the kernel has ensured that + all outstanding data in kernel disk buffers has been safely stored + onto stable storage. This is very slow and should only be done + rarely. Setting this parameter to no (the + default) means that smbd ignores the Windows applications requests for + a sync call. There is only a possibility of losing data if the + operating system itself that Samba is running on crashes, so there is + little danger in this default setting. In addition, this fixes many + performance problems that people have reported with the new Windows98 + explorer shell file copies. + + See also the sync + always> parameter. + + Default: strict sync = no + + + + + + strip dot (G) + This is a boolean that controls whether to + strip trailing dots off UNIX filenames. This helps with some + CDROMs that have filenames ending in a single dot. + + Default: strip dot = no + + + + + + + sync always (S) + This is a boolean parameter that controls + whether writes will always be written to stable storage before + the write call returns. If this is false then the server will be + guided by the client's request in each write call (clients can + set a bit indicating that a particular write should be synchronous). + If this is true then every write will be followed by a fsync() + call to ensure the data is written to disk. Note that + the strict sync parameter must be set to + yes in order for this parameter to have + any affect. + + See also the strict + sync parameter. + + Default: sync always = no + + + + + + + syslog (G) + This parameter maps how Samba debug messages + are logged onto the system syslog logging levels. Samba debug + level zero maps onto syslog LOG_ERR, debug + level one maps onto LOG_WARNING, debug level + two maps onto LOG_NOTICE, debug level three + maps onto LOG_INFO. All higher levels are mapped to + LOG_DEBUG. + + This parameter sets the threshold for sending messages + to syslog. Only messages with debug level less than this value + will be sent to syslog. + + Default: syslog = 1 + + + + + + + syslog only (G) + If this parameter is set then Samba debug + messages are logged into the system syslog only, and not to + the debug log files. + + Default: syslog only = no + + + + + + + template homedir (G) + When filling out the user information for a Windows NT + user, the winbindd(8) daemon + uses this parameter to fill in the home directory for that user. + If the string %D is present it is substituted + with the user's Windows NT domain name. If the string %U + is present it is substituted with the user's Windows + NT user name. + + Default: template homedir = /home/%D/%U + + + + + + + template shell (G) + When filling out the user information for a Windows NT + user, the winbindd(8) daemon + uses this parameter to fill in the login shell for that user. + + Default: template shell = /bin/false + + + + + + + time offset (G) + This parameter is a setting in minutes to add + to the normal GMT to local time conversion. This is useful if + you are serving a lot of PCs that have incorrect daylight + saving time handling. + + Default: time offset = 0 + Example: time offset = 60 + + + + + + + time server (G) + This parameter determines if + nmbd(8) advertises itself as a time server to Windows + clients. + + Default: time server = no + + + + + + timestamp logs (G) + Synonym for + debug timestamp. + + + + + + + + + total print jobs (G) + This parameter accepts an integer value which defines + a limit on the maximum number of print jobs that will be accepted + system wide at any given time. If a print job is submitted + by a client which will exceed this number, then smbd will return an + error indicating that no space is available on the server. The + default value of 0 means that no such limit exists. This parameter + can be used to prevent a server from exceeding its capacity and is + designed as a printing throttle. See also + max print jobs. + + + Default: total print jobs = 0 + Example: total print jobs = 5000 + + + + + + + + unix extensions(G) + This boolean parameter controls whether Samba + implments the CIFS UNIX extensions, as defined by HP. These + extensions enable CIFS to server UNIX clients to UNIX servers + better, and allow such things as symbolic links, hard links etc. + These extensions require a similarly enabled client, and are of + no current use to Windows clients. + + Default: unix extensions = no + + + + + + + + unix password sync (G) + This boolean parameter controls whether Samba + attempts to synchronize the UNIX password with the SMB password + when the encrypted SMB password in the smbpasswd file is changed. + If this is set to true the program specified in the passwd + programparameter is called AS ROOT - + to allow the new UNIX password to be set without access to the + old UNIX password (as the SMB password change code has no + access to the old password cleartext, only the new). + + See also passwd + program, + passwd chat. + + Default: unix password sync = no + + + + + + + update encrypted (G) + This boolean parameter allows a user logging + on with a plaintext password to have their encrypted (hashed) + password in the smbpasswd file to be updated automatically as + they log on. This option allows a site to migrate from plaintext + password authentication (users authenticate with plaintext + password over the wire, and are checked against a UNIX account + database) to encrypted password authentication (the SMB + challenge/response authentication mechanism) without forcing + all users to re-enter their passwords via smbpasswd at the time the + change is made. This is a convenience option to allow the change over + to encrypted passwords to be made over a longer period. Once all users + have encrypted representations of their passwords in the smbpasswd + file this parameter should be set to no. + + In order for this parameter to work correctly the encrypt passwords + parameter must be set to no when + this parameter is set to yes. + + Note that even when this parameter is set a user + authenticating to smbd must still enter a valid + password in order to connect correctly, and to update their hashed + (smbpasswd) passwords. + + Default: update encrypted = no + + + + + + use client driver (S) + This parameter applies only to Windows NT/2000 + clients. It has no affect on Windows 95/98/ME clients. When + serving a printer to Windows NT/2000 clients without first installing + a valid printer driver on the Samba host, the client will be required + to install a local printer driver. From this point on, the client + will treat the print as a local printer and not a network printer + connection. This is much the same behavior that will occur + when disable spoolss = yes. + + The differentiating + factor is that under normal circumstances, the NT/2000 client will + attempt to open the network printer using MS-RPC. The problem is that + because the client considers the printer to be local, it will attempt + to issue the OpenPrinterEx() call requesting access rights associated + with the logged on user. If the user possesses local administator rights + but not root privilegde on the Samba host (often the case), the OpenPrinterEx() + call will fail. The result is that the client will now display an "Access + Denied; Unable to connect" message in the printer queue window (even though + jobs may successfully be printed). + + If this parameter is enabled for a printer, then any attempt + to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped + to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() + call to succeed. This parameter MUST not be able enabled + on a print share which has valid print driver installed on the Samba + server. + + See also disable spoolss + + + Default: use client driver = no + + + + + + + use mmap (G) + This global parameter determines if the tdb internals of Samba can + depend on mmap working correctly on the running system. Samba requires a coherent + mmap/read-write system memory cache. Currently only HPUX does not have such a + coherent cache, and so this parameter is set to false by + default on HPUX. On all other systems this parameter should be left alone. This + parameter is provided to help the Samba developers track down problems with + the tdb internal code. + + + Default: use mmap = yes + + + + + + + + use rhosts (G) + If this global parameter is true, it specifies + that the UNIX user's .rhosts file in their home directory + will be read to find the names of hosts and users who will be allowed + access without specifying a password. + + NOTE: The use of use rhosts + can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the + use rhosts option be only used if you really know what + you are doing. + + Default: use rhosts = no + + + + + + + user (S) + Synonym for + username. + + + + + + + users (S) + Synonym for + username. + + + + + + username (S) + Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be tested against + each username in turn (left to right). + + The username line is needed only when + the PC is unable to supply its own username. This is the case + for the COREPLUS protocol or where your users have different WfWg + usernames to UNIX usernames. In both these cases you may also be + better using the \\server\share%user syntax instead. + + The username line is not a great + solution in many cases as it means Samba will try to validate + the supplied password against each of the usernames in the + username line in turn. This is slow and + a bad idea for lots of users in case of duplicate passwords. + You may get timeouts or security breaches using this parameter + unwisely. + + Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just offers hints + to the Samba server as to what usernames might correspond to the + supplied password. Users can login as whoever they please and + they will be able to do no more damage than if they started a + telnet session. The daemon runs as the user that they log in as, + so they cannot do anything that user cannot do. + + To restrict a service to a particular set of users you + can use the valid users + parameter. + + If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if Samba + is compiled with netgroup support), followed by a lookup in + the UNIX groups database and will expand to a list of all users + in the group of that name. + + If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and will + expand to a list of all users in the group of that name. + + If any of the usernames begin with a '&'then the name + will be looked up only in the NIS netgroups database (if Samba + is compiled with netgroup support) and will expand to a list + of all users in the netgroup group of that name. + + Note that searching though a groups database can take + quite some time, and some clients may time out during the + search. + + See the section NOTE ABOUT + USERNAME/PASSWORD VALIDATION for more information on how + this parameter determines access to the services. + + Default: The guest account if a guest service, + else <empty string>. + + Examples:username = fred, mary, jack, jane, + @users, @pcgroup + + + + + + + username level (G) + This option helps Samba to try and 'guess' at + the real UNIX username, as many DOS clients send an all-uppercase + username. By default Samba tries all lowercase, followed by the + username with the first letter capitalized, and fails if the + username is not found on the UNIX machine. + + If this parameter is set to non-zero the behavior changes. + This parameter is a number that specifies the number of uppercase + combinations to try while trying to determine the UNIX user name. The + higher the number the more combinations will be tried, but the slower + the discovery of usernames will be. Use this parameter when you have + strange usernames on your UNIX machine, such as AstrangeUser + . + + Default: username level = 0 + Example: username level = 5 + + + + + + + username map (G) + This option allows you to specify a file containing + a mapping of usernames from the clients to the server. This can be + used for several purposes. The most common is to map usernames + that users use on DOS or Windows machines to those that the UNIX + box uses. The other is to map multiple users to a single username + so that they can more easily share files. + + The map file is parsed line by line. Each line should + contain a single UNIX username on the left then a '=' followed + by a list of usernames on the right. The list of usernames on the + right may contain names of the form @group in which case they + will match any UNIX username in that group. The special client + name '*' is a wildcard and matches any name. Each line of the + map file may be up to 1023 characters long. + + The file is processed on each line by taking the + supplied username and comparing it with each username on the right + hand side of the '=' signs. If the supplied name matches any of + the names on the right hand side then it is replaced with the name + on the left. Processing then continues with the next line. + + If any line begins with a '#' or a ';' then it is + ignored + + If any line begins with an '!' then the processing + will stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being processed. + Using '!' is most useful when you have a wildcard mapping line + later in the file. + + For example to map from the name admin + or administrator to the UNIX name + root you would use: + + root = admin administrator + + Or to map anyone in the UNIX group system + to the UNIX name sys you would use: + + sys = @system + + You can have as many mappings as you like in a username + map file. + + + If your system supports the NIS NETGROUP option then + the netgroup database is checked before the /etc/group + database for matching groups. + + You can map Windows usernames that have spaces in them + by using double quotes around the name. For example: + + tridge = "Andrew Tridgell" + + would map the windows username "Andrew Tridgell" to the + unix username "tridge". + + The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use of the + '!' to tell Samba to stop processing if it gets a match on + that line. + + + !sys = mary fred + guest = * + + + Note that the remapping is applied to all occurrences + of usernames. Thus if you connect to \\server\fred and + fred is remapped to mary then you + will actually be connecting to \\server\mary and will need to + supply a password suitable for mary not + fred. The only exception to this is the + username passed to the + password server (if you have one). The password + server will receive whatever username the client supplies without + modification. + + Also note that no reverse mapping is done. The main effect + this has is with printing. Users who have been mapped may have + trouble deleting print jobs as PrintManager under WfWg will think + they don't own the print job. + + Default: no username map + Example: username map = /usr/local/samba/lib/users.map + + + + + + + + utmp (G) + This boolean parameter is only available if + Samba has been configured and compiled with the option + --with-utmp. If set to true then Samba will attempt + to add utmp or utmpx records (depending on the UNIX system) whenever a + connection is made to a Samba server. Sites may use this to record the + user connecting to a Samba share. + + See also the + utmp directory parameter. + + Default: utmp = no + + + + + + + utmp directory(G) + This parameter is only available if Samba has + been configured and compiled with the option + --with-utmp. It specifies a directory pathname that is + used to store the utmp or utmpx files (depending on the UNIX system) that + record user connections to a Samba server. See also the + utmp parameter. By default this is + not set, meaning the system will use whatever utmp file the + native system is set to use (usually + /var/run/utmp on Linux). + + Default: no utmp directory + + + + + + + + + valid users (S) + This is a list of users that should be allowed + to login to this service. Names starting with '@', '+' and '&' + are interpreted using the same rules as described in the + invalid users parameter. + + If this is empty (the default) then any user can login. + If a username is in both this list and the invalid + users list then access is denied for that user. + + The current servicename is substituted for %S + . This is useful in the [homes] section. + + See also invalid users + + + Default: No valid users list (anyone can login) + + + Example: valid users = greg, @pcusers + + + + + + + + veto files(S) + This is a list of files and directories that + are neither visible nor accessible. Each entry in the list must + be separated by a '/', which allows spaces to be included + in the entry. '*' and '?' can be used to specify multiple files + or directories as in DOS wildcards. + + Each entry must be a unix path, not a DOS path and + must not include the unix directory + separator '/'. + + Note that the case sensitive option + is applicable in vetoing files. + + One feature of the veto files parameter that it + is important to be aware of is Samba's behaviour when + trying to delete a directory. If a directory that is + to be deleted contains nothing but veto files this + deletion will fail unless you also set + the delete veto files parameter to + yes. + + Setting this parameter will affect the performance + of Samba, as it will be forced to check all files and directories + for a match as they are scanned. + + See also hide files + and + case sensitive. + + Default: No files or directories are vetoed. + + +Examples: +; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ + +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ + + + + + + + veto oplock files (S) + This parameter is only valid when the oplocks + parameter is turned on for a share. It allows the Samba administrator + to selectively turn off the granting of oplocks on selected files that + match a wildcarded list, similar to the wildcarded list used in the + veto files + parameter. + + Default: No files are vetoed for oplock + grants + + You might want to do this on files that you know will + be heavily contended for by clients. A good example of this + is in the NetBench SMB benchmark program, which causes heavy + client contention for files ending in .SEM. + To cause Samba not to grant oplocks on these files you would use + the line (either in the [global] section or in the section for + the particular NetBench share : + + Example: veto oplock files = /*.SEM/ + + + + + + + + vfs object (S) + This parameter specifies a shared object file that + is used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with a VFS object. The Samba VFS layer is new to Samba 2.2 and + must be enabled at compile time with --with-vfs. + + Default : no value + + + + + + + + vfs options (S) + This parameter allows parameters to be passed + to the vfs layer at initialization time. The Samba VFS layer + is new to Samba 2.2 and must be enabled at compile time + with --with-vfs. See also + vfs object. + + Default : no value + + + + + + + volume (S) + This allows you to override the volume label + returned for a share. Useful for CDROMs with installation programs + that insist on a particular volume label. + + Default: the name of the share + + + + + + + wide links (S) + This parameter controls whether or not links + in the UNIX file system may be followed by the server. Links + that point to areas within the directory tree exported by the + server are always allowed; this parameter controls access only + to areas that are outside the directory tree being exported. + + Note that setting this parameter can have a negative + effect on your server performance due to the extra system calls + that Samba has to do in order to perform the link checks. + + Default: wide links = yes + + + + + + + + winbind cache time + This parameter specifies the number of seconds the + winbindd(8) daemon will cache + user and group information before querying a Windows NT server + again. + + Default: winbind cache type = 15 + + + + + + winbind enum + users On large installations using + winbindd(8) it may be + necessary to suppress the enumeration of users through the + setpwent(), + getpwent() and + endpwent() group of system calls. If + the winbind enum users parameter is + false, calls to the getpwent system call + will not return any data. + + Warning: Turning off user + enumeration may cause some programs to behave oddly. For + example, the finger program relies on having access to the + full user list when searching for matching + usernames. + + Default: winbind enum users = yes + + + + + winbind enum + groups On large installations using + winbindd(8) it may be + necessary to suppress the enumeration of groups through the + setgrent(), + getgrent() and + endgrent() group of system calls. If + the winbind enum groups parameter is + false, calls to the getgrent() system + call will not return any data. + + Warning: Turning off group + enumeration may cause some programs to behave oddly. + + + Default: winbind enum groups = yes + + + + + + winbind gid + The winbind gid parameter specifies the range of group + ids that are allocated by the + winbindd(8) daemon. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can + occur otherwise. + + Default: winbind gid = <empty string> + + + Example: winbind gid = 10000-20000 + + + + + + winbind separator + This parameter allows an admin to define the character + used when listing a username of the form of DOMAIN + \user. This parameter + is only applicable when using the pam_winbind.so + and nss_winbind.so modules for UNIX services. + + + Example: winbind separator = \ + Example: winbind separator = + + + + + + + + + winbind uid + The winbind gid parameter specifies the range of group + ids that are allocated by the + winbindd(8) daemon. This range of ids should have no + existing local or NIS users within it as strange conflicts can + occur otherwise. + + Default: winbind uid = <empty string> + + + Example: winbind uid = 10000-20000 + + + + + + winbind use default domain + + winbind use default domain + This parameter specifies whether the + winbindd(8) + daemon should operate on users without domain component in their username. + Users without a domain component are treated as is part of the winbindd server's + own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail + function in a way much closer to the way they would in a native unix system. + + Default: winbind use default domain = <falseg> + + Example: winbind use default domain = true + + + + + + wins hook (G) + When Samba is running as a WINS server this + allows you to call an external program for all changes to the + WINS database. The primary use for this option is to allow the + dynamic update of external name resolution databases such as + dynamic DNS. + + The wins hook parameter specifies the name of a script + or executable that will be called as follows: + + wins_hook operation name nametype ttl IP_list + + + + The first argument is the operation and is one + of "add", "delete", or "refresh". In most cases the operation can + be ignored as the rest of the parameters provide sufficient + information. Note that "refresh" may sometimes be called when the + name has not previously been added, in that case it should be treated + as an add. + + The second argument is the NetBIOS name. If the + name is not a legal name then the wins hook is not called. + Legal names contain only letters, digits, hyphens, underscores + and periods. + + The third argument is the NetBIOS name + type as a 2 digit hexadecimal number. + + The fourth argument is the TTL (time to live) + for the name in seconds. + + The fifth and subsequent arguments are the IP + addresses currently registered for that name. If this list is + empty then the name should be deleted. + + + An example script that calls the BIND dynamic DNS update + program nsupdate is provided in the examples + directory of the Samba source code. + + + + + + + + + wins proxy (G) + This is a boolean that controls if nmbd(8) will respond to broadcast name + queries on behalf of other hosts. You may need to set this + to yes for some older clients. + + Default: wins proxy = no + + + + + + + + wins server (G) + This specifies the IP address (or DNS name: IP + address for preference) of the WINS server that + nmbd(8) should register with. If you have a WINS server on + your network then you should set this to the WINS server's IP. + + You should point this at your WINS server if you have a + multi-subnetted network. + + NOTE. You need to set up Samba to point + to a WINS server if you have multiple subnets and wish cross-subnet + browsing to work correctly. + + See the documentation file BROWSING.txt + in the docs/ directory of your Samba source distribution. + + Default: not enabled + Example: wins server = 192.9.200.1 + + + + + + + wins support (G) + This boolean controls if the + nmbd(8) process in Samba will act as a WINS server. You should + not set this to true unless you have a multi-subnetted network and + you wish a particular nmbd to be your WINS server. + Note that you should NEVER set this to true + on more than one machine in your network. + + Default: wins support = no + + + + + + + workgroup (G) + This controls what workgroup your server will + appear to be in when queried by clients. Note that this parameter + also controls the Domain name used with the security = domain + setting. + + Default: set at compile time to WORKGROUP + Example: workgroup = MYGROUP + + + + + + + + writable (S) + Synonym for + writeable for people who can't spell :-). + + + + + + + write cache size (S) + If this integer parameter is set to non-zero value, + Samba will create an in-memory cache for each oplocked file + (it does not do this for + non-oplocked files). All writes that the client does not request + to be flushed directly to disk will be stored in this cache if possible. + The cache is flushed onto disk when a write comes in whose offset + would not fit into the cache or when the file is closed by the client. + Reads for the file are also served from this cache if the data is stored + within it. + + This cache allows Samba to batch client writes into a more + efficient write size for RAID disks (i.e. writes may be tuned to + be the RAID stripe size) and can improve performance on systems + where the disk subsystem is a bottleneck but there is free + memory for userspace programs. + + The integer parameter specifies the size of this cache + (per oplocked file) in bytes. + + Default: write cache size = 0 + Example: write cache size = 262144 + + for a 256k cache size per file. + + + + + + + + + write list (S) + This is a list of users that are given read-write + access to a service. If the connecting user is in this list then + they will be given write access, no matter what the writeable + option is set to. The list can include group names using the + @group syntax. + + Note that if a user is in both the read list and the + write list then they will be given write access. + + See also the read list + option. + + Default: write list = <empty string> + + + Example: write list = admin, root, @staff + + + + + + + + + + write ok (S) + Synonym for + writeable. + + + + + + + write raw (G) + This parameter controls whether or not the server + will support raw write SMB's when transferring data from clients. + You should never need to change this parameter. + + Default: write raw = yes + + + + + + + writeable (S) + An inverted synonym is + read only. + + If this parameter is no, then users + of a service may not create or modify files in the service's + directory. + + Note that a printable service (printable = yes) + will ALWAYS allow writing to the directory + (user privileges permitting), but only via spooling operations. + + Default: writeable = no + + + + + + + + + + WARNINGS + + Although the configuration file permits service names + to contain spaces, your client software may not. Spaces will + be ignored in comparisons anyway, so it shouldn't be a + problem - but be aware of the possibility. + + On a similar note, many clients - especially DOS clients - + limit service names to eight characters. smbd(8) + has no such limitation, but attempts to connect from such + clients will fail if they truncate the service names. For this reason + you should probably keep your service names down to eight characters + in length. + + Use of the [homes] and [printers] special sections make life + for an administrator easy, but the various combinations of default + attributes can be tricky. Take extreme care when designing these + sections. In particular, ensure that the permissions on spool + directories are correct. + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + samba(7), + smbpasswd(8), + swat(8), + smbd(8), + nmbd(8), + smbclient(1), + nmblookup(1), + testparm(1), + testprns(1) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbcacls.1.sgml b/docs/docbook/manpages/smbcacls.1.sgml new file mode 100644 index 00000000000..69aa9674928 --- /dev/null +++ b/docs/docbook/manpages/smbcacls.1.sgml @@ -0,0 +1,255 @@ + + + + + smbcacls + 1 + + + + + smbcacls + Set or get ACLs on an NT file or directory names + + + + + smbcacls + //server/share + filename + -U username + -A acls + -M acls + -D acls + -S acls + -C name + -G name + -n + -h + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + The smbcacls program manipulates NT Access Control Lists + (ACLs) on SMB file shares. + + + + + OPTIONS + + The following options are available to the smbcacls program. + The format of ACLs is described in the section ACL FORMAT + + + + + -A acls + Add the ACLs specified to the ACL list. Existing + access control entries are unchanged. + + + + + + -M acls + Modify the mask value (permissions) for the ACLs + specified on the command line. An error will be printed for each + ACL specified that was not already present in the ACL list + + + + + + + -D acls + Delete any ACLs specified on the command line. + An error will be printed for each ACL specified that was not + already present in the ACL list. + + + + + + -S acls + This command sets the ACLs on the file with + only the ones specified on the command line. All other ACLs are + erased. Note that the ACL specified must contain at least a revision, + type, owner and group for the call to succeed. + + + + + + -U username + Specifies a username used to connect to the + specified service. The username may be of the form "username" in + which case the user is prompted to enter in a password and the + workgroup specified in the smb.conf file is + used, or "username%password" or "DOMAIN\username%password" and the + password and workgroup names are used as provided. + + + + + + -C name + The owner of a file or directory can be changed + to the name given using the -C option. + The name can be a sid in the form S-1-x-y-z or a name resolved + against the server specified in the first argument. + + This command is a shortcut for -M OWNER:name. + + + + + + + -G name + The group owner of a file or directory can + be changed to the name given using the -G + option. The name can be a sid in the form S-1-x-y-z or a name + resolved against the server specified n the first argument. + + + This command is a shortcut for -M GROUP:name. + + + + + + -n + This option displays all ACL information in numeric + format. The default is to convert SIDs to names and ACE types + and masks to a readable string format. + + + + + + -h + Print usage information on the smbcacls + program. + + + + + + + ACL FORMAT + + The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: + + +REVISION:<revision number> +OWNER:<sid or name> +GROUP:<sid or name> +ACL:<sid or name>:<type>/<flags>/<mask> + + + + The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour. + + The owner and group specify the owner and group sids for the + object. If a SID in the format CWS-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides. + + ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID. + + The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are: + + + #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 + #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 + #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 + + #define SEC_ACE_FLAG_INHERIT_ONLY 0x8 + + + + At present flags can only be specified as decimal or + hexadecimal values. + + The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name. + + + R - Allow read access + W - Allow write access + X - Execute permission on the object + D - Delete the object + P - Change permissions + O - Take ownership + + + + The following combined permissions can be specified: + + + + READ - Equivalent to 'RX' + permissions + CHANGE - Equivalent to 'RXWD' permissions + + FULL - Equivalent to 'RWXDPO' + permissions + + + + + EXIT STATUS + + The smbcacls program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values. + + If the operation succeeded, smbcacls returns and exit + status of 0. If smbcacls couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned. + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + smbcacls was written by Andrew Tridgell + and Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbclient.1.sgml b/docs/docbook/manpages/smbclient.1.sgml new file mode 100644 index 00000000000..4f36de15767 --- /dev/null +++ b/docs/docbook/manpages/smbclient.1.sgml @@ -0,0 +1,1025 @@ + + + + + smbclient + 1 + + + + + smbclient + ftp-like client to access SMB/CIFS resources + on servers + + + + + smbclient + servicename + password + -b <buffer size> + -d debuglevel + -D Directory + -U username + -W workgroup + -M <netbios name> + -m maxprotocol + -A authfile + -N + -l logfile + -L <netbios name> + -I destinationIP + -E <terminal code> + -c <command string> + -i scope + -O <socket options> + -p port + -R <name resolve order> + -s <smb config file> + -T<c|x>IXFqgbNan + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbclient is a client that can + 'talk' to an SMB/CIFS server. It offers an interface + similar to that of the ftp program (see ftp(1)). + Operations include things like getting files from the server + to the local machine, putting files from the local machine to + the server, retrieving directory information from the server + and so on. + + + + + OPTIONS + + + + servicename + servicename is the name of the service + you want to use on the server. A service name takes the form + //server/service where server + is the NetBIOS name of the SMB/CIFS server + offering the desired service and service + is the name of the service offered. Thus to connect to + the service "printer" on the SMB/CIFS server "smbserver", + you would use the servicename //smbserver/printer + + + Note that the server name required is NOT necessarily + the IP (DNS) host name of the server ! The name required is + a NetBIOS server name, which may or may not be the + same as the IP hostname of the machine running the server. + + + The server name is looked up according to either + the -R parameter to smbclient or + using the name resolve order parameter in the smb.conf file, + allowing an administrator to change the order and methods + by which server names are looked up. + + + + password + The password required to access the specified + service on the specified server. If this parameter is + supplied, the -N option (suppress + password prompt) is assumed. + + There is no default password. If no password is supplied + on the command line (either by using this parameter or adding + a password to the -U option (see + below)) and the -N option is not + specified, the client will prompt for a password, even if + the desired service does not require one. (If no password is + required, simply press ENTER to provide a null password.) + + + Note: Some servers (including OS/2 and Windows for + Workgroups) insist on an uppercase password. Lowercase + or mixed case passwords may be rejected by these servers. + + + Be cautious about including passwords in scripts. + + + + + -s smb.conf + Specifies the location of the all important + smb.conf file. + + + + -O socket options + TCP socket options to set on the client + socket. See the socket options parameter in the + smb.conf (5) manpage for the list of valid + options. + + + + + -R <name resolve order> + This option is used by the programs in the Samba + suite to determine what naming services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options. + + The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows : + + + lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup. + + host : Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + wins : Query a name with + the IP address listed in the wins server + parameter. If no WINS server has + been specified this method will be ignored. + + bcast : Do a broadcast on + each of the known local interfaces listed in the + interfaces + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet. + + + If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used. + + The default order is lmhosts, host, wins, bcast and without + this parameter or any entry in the name resolve order + parameter of the smb.conf file the name resolution + methods will be attempted in this order. + + + + + -M NetBIOS name + This options allows you to send messages, using + the "WinPopup" protocol, to another computer. Once a connection is + established you then type your message, pressing ^D (control-D) to + end. + + If the receiving computer is running WinPopup the user will + receive the message and probably a beep. If they are not running + WinPopup the message will be lost, and no error message will + occur. + + The message is also automatically truncated if the message + is over 1600 bytes, as this is the limit of the protocol. + + + One useful trick is to cat the message through + smbclient. For example: + cat mymessage.txt | smbclient -M FRED will + send the message in the file mymessage.txt + to the machine FRED. + + You may also find the -U and + -I options useful, as they allow you to + control the FROM and TO parts of the message. + + See the message command parameter in the + smb.conf(5) for a description of how to handle incoming + WinPopup messages in Samba. + + Note: Copy WinPopup into the startup group + on your WfWg PCs if you want them to always be able to receive + messages. + + + + -i scope + This specifies a NetBIOS scope that smbclient will + use to communicate with when generating NetBIOS names. For details + on the use of NetBIOS scopes, see rfc1001.txt + and rfc1002.txt. + NetBIOS scopes are very rarely used, only set + this parameter if you are the system administrator in charge of all + the NetBIOS systems you communicate with. + + + + + -N + If specified, this parameter suppresses the normal + password prompt from the client to the user. This is useful when + accessing a service that does not require a password. + + Unless a password is specified on the command line or + this parameter is specified, the client will request a + password. + + + + + + -n NetBIOS name + By default, the client will use the local + machine's hostname (in uppercase) as its NetBIOS name. This parameter + allows you to override the host name and use whatever NetBIOS + name you wish. + + + + + -d debuglevel + debuglevel is an integer from 0 to 10, or + the letter 'A'. + + The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged to + the log files about the activities of the + client. At level 0, only critical errors and serious warnings will + be logged. Level 1 is a reasonable level for day to day running - + it generates a small amount of information about operations + carried out. + + Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of log data, most of which is extremely + cryptic. If debuglevel is set to the letter 'A', then all + debug messages will be printed. This setting + is for developers only (and people who really want + to know how the code works internally). + + Note that specifying this parameter here will override + the log level parameter in the smb.conf (5) + file. + + + + + -p port + This number is the TCP port number that will be used + when making connections to the server. The standard (well-known) + TCP port number for an SMB/CIFS server is 139, which is the + default. + + + + + -l logfilename + If specified, logfilename specifies a base filename + into which operational data from the running client will be + logged. + + The default base name is specified at compile time. + + The base name is used to generate actual log file names. + For example, if the name specified was "log", the debug file + would be log.client. + + The log file generated is never removed by the client. + + + + + + + -h + Print the usage message for the client. + + + + + + -I IP-address + IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation. + + Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored. + + There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above. + + + + + + -E + This parameter causes the client to write messages + to the standard error stream (stderr) rather than to the standard + output stream. + + By default, the client writes messages to standard output + - typically the user's tty. + + + + + -U username[%pass] + Sets the SMB username or username and password. + If %pass is not specified, The user will be prompted. The client + will first check the USER environment variable, then the + LOGNAME variable and if either exists, the + string is uppercased. Anything in these variables following a '%' + sign will be treated as the password. If these environment + variables are not found, the username GUEST + is used. + + If the password is not included in these environment + variables (using the %pass syntax), smbclient will look for + a PASSWD environment variable from which + to read the password. + + A third option is to use a credentials file which + contains the plaintext of the domain name, username and password. This + option is mainly provided for scripts where the admin doesn't + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + -A for more details. + + Be cautious about including passwords in scripts or in + the PASSWD environment variable. Also, on + many systems the command line of a running process may be seen + via the ps command to be safe always allow + smbclient to prompt for a password and type + it in directly. + + + + + -A filenameThis option allows + you to specify a file from which to read the username, domain name, and + password used in the connection. The format of the file is + + + +username = <value> +password = <value> +domain = <value> + + + + If the domain parameter is missing the current workgroup name + is used instead. Make certain that the permissions on the file restrict + access from unwanted users. + + + + + + -L + This option allows you to look at what services + are available on a server. You use it as smbclient -L + host and a list should appear. The -I + option may be useful if your NetBIOS names don't + match your TCP/IP DNS host names or if you are trying to reach a + host on another network. + + + + + -t terminal code + This option tells smbclient how to interpret + filenames coming from the remote server. Usually Asian language + multibyte UNIX implementations use different character sets than + SMB/CIFS servers (EUC instead of + SJIS for example). Setting this parameter will let + smbclient convert between the UNIX filenames and + the SMB filenames correctly. This option has not been seriously tested + and may have some problems. + + The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, + CWjunet, CWhex, CWcap. This is not a complete list, check the Samba + source code for the complete list. + + + + + -b buffersize + This option changes the transmit/send buffer + size when getting or putting a file from/to the server. The default + is 65520 bytes. Setting this value smaller (to 1200 bytes) has been + observed to speed up file transfers to and from a Win9x server. + + + + + + + -W WORKGROUP + Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this connection. This may be needed to connect to some + servers. + + + + + -T tar options + smbclient may be used to create tar(1) + compatible backups of all the files on an SMB/CIFS + share. The secondary tar flags that can be given to this option + are : + + + c - Create a tar file on UNIX. + Must be followed by the name of a tar file, tape device + or "-" for standard output. If using standard output you must + turn the log level to its lowest value -d0 to avoid corrupting + your tar file. This flag is mutually exclusive with the + x flag. + + x - Extract (restore) a local + tar file back to a share. Unless the -D option is given, the tar + files will be restored from the top level of the share. Must be + followed by the name of the tar file, device or "-" for standard + input. Mutually exclusive with the c flag. + Restored files have their creation times (mtime) set to the + date saved in the tar file. Directories currently do not get + their creation dates restored properly. + + I - Include files and directories. + Is the default behavior when filenames are specified above. Causes + tar files to be included in an extract or create (and therefore + everything else to be excluded). See example below. Filename globbing + works in one of two ways. See r below. + + X - Exclude files and directories. + Causes tar files to be excluded from an extract or create. See + example below. Filename globbing works in one of two ways now. + See r below. + + b - Blocksize. Must be followed + by a valid (greater than zero) blocksize. Causes tar file to be + written out in blocksize*TBLOCK (usually 512 byte) blocks. + + + g - Incremental. Only back up + files that have the archive bit set. Useful only with the + c flag. + + q - Quiet. Keeps tar from printing + diagnostics as it works. This is the same as tarmode quiet. + + + r - Regular expression include + or exclude. Uses regular expression matching for + excluding or excluding files if compiled with HAVE_REGEX_H. + However this mode can be very slow. If not compiled with + HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. + + + N - Newer than. Must be followed + by the name of a file whose date is compared against files found + on the share during a create. Only files newer than the file + specified are backed up to the tar file. Useful only with the + c flag. + + a - Set archive bit. Causes the + archive bit to be reset when a file is backed up. Useful with the + g and c flags. + + + + Tar Long File Names + + smbclient's tar option now supports long + file names both on backup and restore. However, the full path + name of the file must be less than 1024 bytes. Also, when + a tar archive is created, smbclient's tar option places all + files in the archive with relative names, not absolute names. + + + Tar Filenames + + All file names can be given as DOS path names (with '\' + as the component separator) or as UNIX path names (with '/' as + the component separator). + + Examples + + Restore from tar file backup.tar into myshare on mypc + (no password on share). + + smbclient //mypc/yshare "" -N -Tx backup.tar + + + Restore everything except users/docs + + + smbclient //mypc/myshare "" -N -TXx backup.tar + users/docs + + Create a tar file of the files beneath + users/docs. + + smbclient //mypc/myshare "" -N -Tc + backup.tar users/docs + + Create the same tar file as above, but now use + a DOS path name. + + smbclient //mypc/myshare "" -N -tc backup.tar + users\edocs + + Create a tar file of all the files and directories in + the share. + + smbclient //mypc/myshare "" -N -Tc backup.tar * + + + + + + + -D initial directory + Change to initial directory before starting. Probably + only of any use with the tar -T option. + + + + + + -c command string + command string is a semicolon-separated list of + commands to be executed instead of prompting from stdin. + -N is implied by -c. + + This is particularly useful in scripts and for printing stdin + to the server, e.g. -c 'print -'. + + + + + + + OPERATIONS + + Once the client is running, the user is presented with + a prompt : + + smb:\> + + The backslash ("\") indicates the current working directory + on the server, and will change if the current working directory + is changed. + + The prompt indicates that the client is ready and waiting to + carry out a user command. Each command is a single word, optionally + followed by parameters specific to that command. Command and parameters + are space-delimited unless these notes specifically + state otherwise. All commands are case-insensitive. Parameters to + commands may or may not be case sensitive, depending on the command. + + + You can specify file names which have spaces in them by quoting + the name with double quotes, for example "a long file name". + + Parameters shown in square brackets (e.g., "[parameter]") are + optional. If not given, the command will use suitable defaults. Parameters + shown in angle brackets (e.g., "<parameter>") are required. + + + + Note that all commands operating on the server are actually + performed by issuing a request to the server. Thus the behavior may + vary from server to server, depending on how the server was implemented. + + + The commands available are given here in alphabetical order. + + + + ? [command] + If command is specified, the ? command will display + a brief informative message about the specified command. If no + command is specified, a list of available commands will + be displayed. + + + + + ! [shell command] + If shell command is specified, the ! + command will execute a shell locally and run the specified shell + command. If no command is specified, a local shell will be run. + + + + + + + cd [directory name] + If "directory name" is specified, the current + working directory on the server will be changed to the directory + specified. This operation will fail if for any reason the specified + directory is inaccessible. + + If no directory name is specified, the current working + directory on the server will be reported. + + + + + del <mask> + The client will request that the server attempt + to delete all files matching mask from the current working + directory on the server. + + + + + dir <mask> + A list of the files matching mask in the current + working directory on the server will be retrieved from the server + and displayed. + + + + + exit + Terminate the connection with the server and exit + from the program. + + + + + get <remote file name> [local file name] + Copy the file called remote file name from + the server to the machine running the client. If specified, name + the local copy local file name. Note that all transfers in + smbclient are binary. See also the + lowercase command. + + + + + + help [command] + See the ? command above. + + + + + lcd [directory name] + If directory name is specified, the current + working directory on the local machine will be changed to + the directory specified. This operation will fail if for any + reason the specified directory is inaccessible. + + If no directory name is specified, the name of the + current working directory on the local machine will be reported. + + + + + + lowercase + Toggle lowercasing of filenames for the get and + mget commands. + + When lowercasing is toggled ON, local filenames are converted + to lowercase when using the get and mget commands. This is + often useful when copying (say) MSDOS files from a server, because + lowercase filenames are the norm on UNIX systems. + + + + + + ls <mask> + See the dir command above. + + + + + mask <mask> + This command allows the user to set up a mask + which will be used during recursive operation of the mget and + mput commands. + + The masks specified to the mget and mput commands act as + filters for directories rather than files when recursion is + toggled ON. + + The mask specified with the mask command is necessary + to filter files within those directories. For example, if the + mask specified in an mget command is "source*" and the mask + specified with the mask command is "*.c" and recursion is + toggled ON, the mget command will retrieve all files matching + "*.c" in all directories below and including all directories + matching "source*" in the current working directory. + + Note that the value for mask defaults to blank (equivalent + to "*") and remains so until the mask command is used to change it. + It retains the most recently specified value indefinitely. To + avoid unexpected results it would be wise to change the value of + mask back to "*" after using the mget or mput commands. + + + + + md <directory name> + See the mkdir command. + + + + + mget <mask> + Copy all files matching mask from the server to + the machine running the client. + + Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and + mask commands for more information. Note that all transfers in + smbclient are binary. See also the lowercase command. + + + + + mkdir <directory name> + Create a new directory on the server (user access + privileges permitting) with the specified name. + + + + + mput <mask> + Copy all files matching mask in the current working + directory on the local machine to the current working directory on + the server. + + Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and mask + commands for more information. Note that all transfers in smbclient + are binary. + + + + + print <file name> + Print the specified file from the local machine + through a printable service on the server. + + See also the printmode command. + + + + + + printmode <graphics or text> + Set the print mode to suit either binary data + (such as graphical information) or text. Subsequent print + commands will use the currently set print mode. + + + + + prompt + Toggle prompting for filenames during operation + of the mget and mput commands. + + When toggled ON, the user will be prompted to confirm + the transfer of each file during these commands. When toggled + OFF, all specified files will be transferred without prompting. + + + + + + put <local file name> [remote file name] + Copy the file called local file name from the + machine running the client to the server. If specified, + name the remote copy remote file name. Note that all transfers + in smbclient are binary. See also the lowercase command. + + + + + + + queue + Displays the print queue, showing the job id, + name, size and current status. + + + + + quit + See the exit command. + + + + + rd <directory name> + See the rmdir command. + + + + + recurse + Toggle directory recursion for the commands mget + and mput. + + When toggled ON, these commands will process all directories + in the source directory (i.e., the directory they are copying + from ) and will recurse into any that match the mask specified + to the command. Only files that match the mask specified using + the mask command will be retrieved. See also the mask command. + + + When recursion is toggled OFF, only files from the current + working directory on the source machine that match the mask specified + to the mget or mput commands will be copied, and any mask specified + using the mask command will be ignored. + + + + + + rm <mask> + Remove all files matching mask from the current + working directory on the server. + + + + + rmdir <directory name> + Remove the specified directory (user access + privileges permitting) from the server. + + + + + tar <c|x>[IXbgNa] + Performs a tar operation - see the -T + command line option above. Behavior may be affected + by the tarmode command (see below). Using g (incremental) and N + (newer) will affect tarmode settings. Note that using the "-" option + with tar x may not work - use the command line option instead. + + + + + + blocksize <blocksize> + Blocksize. Must be followed by a valid (greater + than zero) blocksize. Causes tar file to be written out in + blocksize*TBLOCK (usually 512 byte) blocks. + + + + + tarmode <full|inc|reset|noreset> + Changes tar's behavior with regard to archive + bits. In full mode, tar will back up everything regardless of the + archive bit setting (this is the default mode). In incremental mode, + tar will only back up files with the archive bit set. In reset mode, + tar will reset the archive bit on all files it backs up (implies + read/write share). + + + + + setmode <filename> <perm=[+|\-]rsha> + A version of the DOS attrib command to set + file permissions. For example: + + setmode myfile +r + + would make myfile read only. + + + + + + + NOTES + + Some servers are fussy about the case of supplied usernames, + passwords, share names (AKA service names) and machine names. + If you fail to connect try giving all parameters in uppercase. + + + It is often necessary to use the -n option when connecting + to some types of servers. For example OS/2 LanManager insists + on a valid NetBIOS name being used, so you need to supply a valid + name that would be known to the server. + + smbclient supports long file names where the server + supports the LANMAN2 protocol or above. + + + + ENVIRONMENT VARIABLES + + The variable USER may contain the + username of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. + + + The variable PASSWD may contain + the password of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords. + + The variable LIBSMB_PROG may contain + the path, executed with system(), which the client should connect + to instead of connecting to a server. This functionality is primarily + intended as a development aid, and works best when using a LMHOSTS + file + + + + + INSTALLATION + + The location of the client program is a matter for + individual system administrators. The following are thus + suggestions only. + + It is recommended that the smbclient software be installed + in the /usr/local/samba/bin/ or + /usr/samba/bin/ directory, this directory readable + by all, writeable only by root. The client program itself should + be executable by all. The client should NOT be + setuid or setgid! + + The client log files should be put in a directory readable + and writeable only by the user. + + To test the client, you will need to know the name of a + running SMB/CIFS server. It is possible to run smbd(8) + as an ordinary user - running that server as a daemon + on a user-accessible port (typically any port number over 1024) + would provide a suitable test server. + + + + + DIAGNOSTICS + + Most diagnostics issued by the client are logged in a + specified log file. The log file name is specified at compile time, + but may be overridden on the command line. + + The number and nature of diagnostics available depends + on the debug level used by the client. If you have problems, + set the debug level to 3 and peruse the log files. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbcontrol.1.sgml b/docs/docbook/manpages/smbcontrol.1.sgml new file mode 100644 index 00000000000..05e05f4a6ab --- /dev/null +++ b/docs/docbook/manpages/smbcontrol.1.sgml @@ -0,0 +1,174 @@ + + + + + smbcontrol + 1 + + + + + smbcontrol + send messages to smbd or nmbd processes + + + + + smbcontrol + -i + + + + smbcontrol + destination + message-type + parameter + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbcontrol is a very small program, which + sends messages to an smbd(8) or + an nmbd(8) daemon running on the + system. + + + + + OPTIONS + + + + -i + Run interactively. Individual commands + of the form destination message-type parameters can be entered + on STDIN. An empty command line or a "q" will quit the + program. + + + + destination + One of nmbd + smbd or a process ID. + + The smbd destination causes the + message to "broadcast" to all smbd daemons. + + The nmbd destination causes the + message to be sent to the nmbd daemon specified in the + nmbd.pid file. + + If a single process ID is given, the message is sent + to only that process. + + + + + message-type + One of: close-share, + debug, + force-election, ping + , profile, + debuglevel, profilelevel, + or printer-notify. + + The close-share message-type sends a + message to smbd which will then close the client connections to + the named share. Note that this doesn't affect client connections + to any other shares. This message-type takes an argument of the + share name for which client connections will be close, or the + "*" character which will close all currently open shares. + This message can only be sent to smbd. + + The debug message-type allows + the debug level to be set to the value specified by the + parameter. This can be sent to any of the destinations. + + The force-election message-type can only be + sent to the nmbd destination. This message + causes the nmbd daemon to force a new browse + master election. + + The ping message-type sends the + number of "ping" messages specified by the parameter and waits + for the same number of reply "pong" messages. This can be sent to + any of the destinations. + + The profile message-type sends a + message to an smbd to change the profile settings based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any of the destinations. + + The debuglevel message-type sends + a "request debug level" message. The current debug level setting + is returned by a "debuglevel" message. This can be + sent to any of the destinations. + + The profilelevel message-type sends + a "request profile level" message. The current profile level + setting is returned by a "profilelevel" message. This can be sent + to any of the destinations. + + The printer-notify message-type sends a + message to smbd which in turn sends a printer notify message to + any Windows NT clients connected to a printer. This message-type + takes an argument of the printer name to send notify messages to. + This message can only be sent to smbd. + + The close-share message-type sends a + message to smbd which forces smbd to close the share that was + specified as an argument. This may be useful if you made changes + to the access controls on the share. + + + + + + parameters + any parameters required for the message-type + + + + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + nmbd(8), + and smbd(8). + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbd.8.sgml b/docs/docbook/manpages/smbd.8.sgml new file mode 100644 index 00000000000..824ae20241c --- /dev/null +++ b/docs/docbook/manpages/smbd.8.sgml @@ -0,0 +1,424 @@ + + + + + smbd + 8 + + + + + smbd + server to provide SMB/CIFS services to clients + + + + + smbd + -D + -a + -i + -o + -P + -h + -V + -b + -d <debug level> + -l <log directory> + -p <port number> + -O <socket option> + -s <configuration file> + + + + + DESCRIPTION + This program is part of the Samba suite. + + smbd is the server daemon that + provides filesharing and printing services to Windows clients. + The server provides filespace and printer services to + clients using the SMB (or CIFS) protocol. This is compatible + with the LanManager protocol, and can service LanManager + clients. These include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, + OS/2, DAVE for Macintosh, and smbfs for Linux. + + An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see smb.conf(5) + . This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server. + + Please note that there are significant security + implications to running this server, and the smb.conf(5) + manpage should be regarded as mandatory reading before + proceeding with installation. + + A session is created whenever a client requests one. + Each client gets a copy of the server for each session. This + copy then services all connections made by the client during + that session. When all connections from its client are closed, + the copy of the server for that client terminates. + + The configuration file, and any files that it includes, + are automatically reloaded every minute, if they change. You + can force a reload by sending a SIGHUP to the server. Reloading + the configuration file will not affect connections to any service + that is already established. Either the user will have to + disconnect from the service, or smbd killed and restarted. + + + + OPTIONS + + + + -D + If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate port. Operating the server as a + daemon is the recommended way of running smbd for + servers that provide more than casual use file and + print services. This switch is assumed if smbd + is executed on the command line of a shell. + + + + + -a + If this parameter is specified, each new + connection will append log messages to the log file. + This is the default. + + + + -i + If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. + + + + + -o + If this parameter is specified, the + log files will be overwritten when opened. By default, + smbd will append entries to the log + files. + + + + -P + Passive option. Causes smbd not to + send any network traffic out. Used for debugging by + the developers only. + + + + -h + Prints the help information (usage) + for smbd. + + + + -v + Prints the version number for + smbd. + + + + -b + Prints information about how + Samba was built. + + + + -d <debug level> + debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero. + + The higher this value, the more detail will be + logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out. + + Levels above 1 will generate considerable + amounts of log data, and should only be used when + investigating a problem. Levels above 3 are designed for + use only by developers and generate HUGE amounts of log + data, most of which is extremely cryptic. + + Note that specifying this parameter here will + override the log + level parameter in the + smb.conf(5) file. + + + + + -l <log directory> + If specified, + log directory + specifies a log directory into which the "log.smbd" log + file will be created for informational and debug + messages from the running server. The log + file generated is never removed by the server although + its size may be controlled by the max log size + option in the + smb.conf(5) file. + + + The default log directory is specified at + compile time. + + + + -O <socket options> + See the socket options + parameter in the smb.conf(5) + file for details. + + + + -p <port number> + port number is a positive integer + value. The default value if this parameter is not + specified is 139. + + This number is the port number that will be + used when making connections to the server from client + software. The standard (well-known) port number for the + SMB over TCP is 139, hence the default. If you wish to + run the server as an ordinary user rather than + as root, most systems will require you to use a port + number greater than 1024 - ask your system administrator + for help if you are in this situation. + + In order for the server to be useful by most + clients, should you configure it on a port other + than 139, you will require port redirection services + on port 139, details of which are outlined in rfc1002.txt + section 4.3.5. + + This parameter is not normally specified except + in the above situation. + + + + -s <configuration file> + The file specified contains the + configuration details required by the server. The + information in this file includes server-specific + information such as what printcap file to use, as well + as descriptions of all the services that the server is + to provide. See + smb.conf(5) for more information. + The default configuration file name is determined at + compile time. + + + + + + FILES + + + + /etc/inetd.conf + If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. See the UNIX_INSTALL.html + document for details. + + + + + /etc/rc + or whatever initialization script your + system uses). + + If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. See the UNIX_INSTALL.html + document for details. + + + + /etc/services + If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + See the UNIX_INSTALL.html + document for details. + + + + /usr/local/samba/lib/smb.conf + This is the default location of the + smb.conf + server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/smb.conf. + + This file describes all the services the server + is to make available to clients. See + smb.conf(5) for more information. + + + + + + + LIMITATIONS + On some systems smbd cannot change uid back + to root after a setuid() call. Such systems are called + trapdoor uid systems. If you have such a system, + you will be unable to connect from a client (such as a PC) as + two different users at once. Attempts to connect the + second user will result in access denied or + similar. + + + + ENVIRONMENT VARIABLES + + + + PRINTER + If no printer name is specified to + printable services, most systems will use the value of + this variable (or lp if this variable is + not defined) as the name of the printer to use. This + is not specific to the server, however. + + + + + + + PAM INTERACTION + Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the + obey pam restricions + smb.conf paramater. When this is set, the following restrictions apply: + + + + Account Validation: All acccesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. + + + Session Management: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. + + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + DIAGNOSTICS + + Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line. + + The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files. + + Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing. + + + + SIGNALS + + Sending the smbd a SIGHUP will cause it to + reload its smb.conf configuration + file within a short period of time. + + To shut down a user's smbd process it is recommended + that SIGKILL (-9) NOT + be used, except as a last resort, as this may leave the shared + memory area in an inconsistent state. The safe way to terminate + an smbd is to send it a SIGTERM (-15) signal and wait for + it to die on its own. + + The debug log level of smbd may be raised + or lowered using smbcontrol(1) + program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, + whilst still running at a normally low log level. + + Note that as the signal handlers send a debug write, + they are not re-entrant in smbd. This you should wait until + smbd is in a state of waiting for an incoming SMB before + issuing them. It is possible to make the signal handlers safe + by un-blocking the signals before the select call and re-blocking + them after, however this would affect performance. + + + + SEE ALSO + hosts_access(5), inetd(8), + nmbd(8), + smb.conf(5) + , smbclient(1) + , + testparm(1), + testprns(1), and the Internet RFC's + rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/. + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbgroupedit.8.sgml b/docs/docbook/manpages/smbgroupedit.8.sgml new file mode 100644 index 00000000000..b9607312ffe --- /dev/null +++ b/docs/docbook/manpages/smbgroupedit.8.sgml @@ -0,0 +1,267 @@ + + + + + smbgroupedit + 8 + + + + + + smbgroupedit + Query/set/change UNIX - Windows NT group mapping + + + + + smbroupedit + -v [l|s] + -a UNIX-groupname [-d NT-groupname|-p prividge| + + + + + + + + +DESCRIPTION + + +This program is part of the Samba +suite. + + + +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc. + + + + + + OPTIONS + + + + -v[l|s] + This option will list all groups available + in the Windows NT domain in which samba is operating. + + + + + -l + give a long listing, of the format: + + +"NT Group Name" + SID : + Unix group : + Group type : + Comment : + Privilege : + + +For examples, + +Users + SID : S-1-5-32-545 + Unix group: -1 + Group type: Local group + Comment : + Privilege : No privilege + + + + + + + -s + display a short listing of the format: + + +NTGroupName(SID) -> UnixGroupName + + +For example, + + +Users (S-1-5-32-545) -> -1 + + + + + + + + + + + + + + + + +FILES + + + + + + + + + + +EXIT STATUS + + +smbgroupedit returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure. + + + + + + + + + + +EXAMPLES + + + +To make a subset of your samba PDC users members of +the 'Domain Admins' Global group: + + + + + create a unix group (usually in + /etc/group), let's call it domadm. + + + add to this group the users that you want to be + domain administrators. For example if you want joe, john and mary, + your entry in /etc/group will look like: + + + domadm:x:502:joe,john,mary + + + map this domadm group to the 'domain admins' group: + + + Get the SID for the Windows NT "Domain Admins" + group: + + +root# smbgroupedit -vs | grep "Domain Admins" +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 + + + + map the unix domadm group to the Windows NT + "Domain Admins" group, by running the command: + + + +root# smbgroupedit \ +-c S-1-5-21-1108995562-3116817432-1375597819-512 \ +-u domadm + + + + warning: don't copy and paste this sample, the + Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. + + + + + + + +To verify that you mapping has taken effect: + + + +root# smbgroupedit -vs|grep "Domain Admins" +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm + + + +To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group: + + + +root# smbgroupedit -a unixgroup -td + + + + + + + + + + + + +VERSION + + +This man page is correct for the 3.0alpha releases of +the Samba suite. + + + + + + +SEE ALSO + + +smb.conf(5) + + + + + + + + +AUTHOR + + +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. + + + +smbgroupedit was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code. + + + diff --git a/docs/docbook/manpages/smbmnt.8.sgml b/docs/docbook/manpages/smbmnt.8.sgml new file mode 100644 index 00000000000..55b66d5d25b --- /dev/null +++ b/docs/docbook/manpages/smbmnt.8.sgml @@ -0,0 +1,113 @@ + + + + + smbmnt + 8 + + + + + smbmnt + helper utility for mounting SMB filesystems + + + + + smbmnt + mount-point + -s <share> + -r + -u <uid> + -g <gid> + -f <mask> + -d <mask> + -o <options> + + + + + DESCRIPTION + + smbmnt is a helper application used + by the smbmount program to do the actual mounting of SMB shares. + smbmnt can be installed setuid root if you want + normal users to be able to mount their SMB shares. + + A setuid smbmnt will only allow mounts on directories owned + by the user, and that the user has write permission on. + + The smbmnt program is normally invoked + by smbmount(8) + . It should not be invoked directly by users. + + smbmount searches the normal PATH for smbmnt. You must ensure + that the smbmnt version in your path matches the smbmount used. + + + + + OPTIONS + + + + -r + mount the filesystem read-only + + + + + -u uid + specify the uid that the files will + be owned by + + + + -g gid + specify the gid that the files will be + owned by + + + + -f mask + specify the octal file mask applied + + + + + -d mask + specify the octal directory mask + applied + + + + -o options + + list of options that are passed as-is to smbfs, if this + command is run on a 2.4 or higher Linux kernel. + + + + + + + + + AUTHOR + + Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others. + + The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. + + + The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbmount.8.sgml b/docs/docbook/manpages/smbmount.8.sgml new file mode 100644 index 00000000000..b4a77e51c9f --- /dev/null +++ b/docs/docbook/manpages/smbmount.8.sgml @@ -0,0 +1,327 @@ + + + + + smbmount + 8 + + + + + smbmount + mount an smbfs filesystem + + + + + smbumount + service + mount-point + -o options + + + + + DESCRIPTION + + smbmount mounts a Linux SMB filesystem. It + is usually invoked as mount.smbfs by + the mount(8) command when using the + "-t smbfs" option. This command only works in Linux, and the kernel must + support the smbfs filesystem. + + Options to smbmount are specified as a comma-separated + list of key=value pairs. It is possible to send options other + than those listed here, assuming that smbfs supports them. If + you get mount failures, check your kernel log for errors on + unknown options. + + smbmount is a daemon. After mounting it keeps running until + the mounted smbfs is umounted. It will log things that happen + when in daemon mode using the "machine name" smbmount, so + typically this output will end up in log.smbmount. The + smbmount process may also be called mount.smbfs. + + NOTE: smbmount + calls smbmnt(8) to do the actual mount. You + must make sure that smbmnt is in the path so + that it can be found. + + + + + OPTIONS + + + + username=<arg> + specifies the username to connect as. If + this is not given, then the environment variable + USER is used. This option can also take the + form "user%password" or "user/workgroup" or + "user/workgroup%password" to allow the password and workgroup + to be specified as part of the username. + + + + password=<arg> + specifies the SMB password. If this + option is not given then the environment variable + PASSWD is used. If it can find + no password smbmount will prompt + for a passeword, unless the guest option is + given. + + + Note that password which contain the arguement delimiter + character (i.e. a comma ',') will failed to be parsed correctly + on the command line. However, the same password defined + in the PASSWD environment variable or a credentials file (see + below) will be read correctly. + + + + + + credentials=<filename> + specifies a file that contains a username + and/or password. The format of the file is: + + + + username = <value> + password = <value> + + + + This is preferred over having passwords in plaintext in a + shared file, such as /etc/fstab. Be sure to protect any + credentials file properly. + + + + + netbiosname=<arg> + sets the source NetBIOS name. It defaults + to the local hostname. + + + + uid=<arg> + sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. + + + + + + gid=<arg> + sets the gid that will own all files on + the mounted filesystem. + It may be specified as either a groupname or a numeric + gid. + + + + + port=<arg> + sets the remote SMB port number. The default + is 139. + + + + + fmask=<arg> + sets the file mask. This determines the + permissions that remote files have in the local filesystem. + The default is based on the current umask. + + + + + dmask=<arg> + sets the directory mask. This determines the + permissions that remote directories have in the local filesystem. + The default is based on the current umask. + + + + + debug=<arg> + sets the debug level. This is useful for + tracking down SMB connection problems. A suggested value to + start with is 4. If set too high there will be a lot of + output, possibly hiding the useful output. + + + + + ip=<arg> + sets the destination host or IP address. + + + + + + + workgroup=<arg> + sets the workgroup on the destination + + + + + + sockopt=<arg> + sets the TCP socket options. See the smb.conf + socket options option. + + + + + + scope=<arg> + sets the NetBIOS scope + + + + guest + don't prompt for a password + + + + + ro + mount read-only + + + + rwmount read-write + + + + iocharset=<arg> + + sets the charset used by the Linux side for codepage + to charset translations (NLS). Argument should be the + name of a charset, like iso8859-1. (Note: only kernel + 2.4.0 or later) + + + + + codepage=<arg> + + sets the codepage the server uses. See the iocharset + option. Example value cp850. (Note: only kernel 2.4.0 + or later) + + + + + ttl=<arg> + + how long a directory listing is cached in milliseconds + (also affects visibility of file size and date + changes). A higher value means that changes on the + server take longer to be noticed but it can give + better performance on large directories, especially + over long distances. Default is 1000ms but something + like 10000ms (10 seconds) is probably more reasonable + in many cases. + (Note: only kernel 2.4.2 or later) + + + + + + + + + + ENVIRONMENT VARIABLES + + The variable USER may contain the username of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. The variable can be used to set both username and + password by using the format username%password. + + The variable PASSWD may contain the password of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. + + The variable PASSWD_FILE may contain the pathname + of a file to read the password from. A single line of input is + read and used as the password. + + + + + BUGS + + Passwords and other options containing , can not be handled. + For passwords an alternative way of passing them is in a credentials + file or in the PASSWD environment. + + The credentials file does not handle usernames or passwords with + leading space. + + One smbfs bug is important enough to mention here, even if it + is a bit misplaced: + + + + Mounts sometimes stop working. This is usually + caused by smbmount terminating. Since smbfs needs smbmount to + reconnect when the server disconnects, the mount will eventually go + dead. An umount/mount normally fixes this. At least 2 ways to + trigger this bug are known. + + + + Note that the typical response to a bug report is suggestion + to try the latest version first. So please try doing that first, + and always include which versions you use of relevant software + when reporting bugs (minimum: samba, kernel, distribution) + + + + + + SEE ALSO + + Documentation/filesystems/smbfs.txt in the linux kernel + source tree may contain additional options and information. + + FreeBSD also has a smbfs, but it is not related to smbmount + + For Solaris, HP-UX and others you may want to look at + smbsh(1) or at other + solutions, such as sharity or perhaps replacing the SMB server with + a NFS server. + + + + + + AUTHOR + + Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others. + + The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. + + + The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbpasswd.5.sgml b/docs/docbook/manpages/smbpasswd.5.sgml new file mode 100644 index 00000000000..be751078192 --- /dev/null +++ b/docs/docbook/manpages/smbpasswd.5.sgml @@ -0,0 +1,204 @@ + + + + + smbpasswd + 5 + + + + + smbpasswd + The Samba encrypted password file + + + + smbpasswd + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbpasswd is the Samba encrypted password file. It contains + the username, Unix user id and the SMB hashed passwords of the + user, as well as account flag information and the time the + password was last changed. This file format has been evolving with + Samba and has had several different formats in the past. + + + + FILE FORMAT + + The format of the smbpasswd file used by Samba 2.2 + is very similar to the familiar Unix passwd(5) + file. It is an ASCII file containing one line for each user. Each field + ithin each line is separated from the next by a colon. Any entry + beginning with '#' is ignored. The smbpasswd file contains the + following information for each user: + + + + name + This is the user name. It must be a name that + already exists in the standard UNIX passwd file. + + + + + uid + This is the UNIX uid. It must match the uid + field for the same user entry in the standard UNIX passwd file. + If this does not match then Samba will refuse to recognize + this smbpasswd file entry as being valid for a user. + + + + + + Lanman Password Hash + This is the LANMAN hash of the user's password, + encoded as 32 hex digits. The LANMAN hash is created by DES + encrypting a well known string with the user's password as the + DES key. This is the same password used by Windows 95/98 machines. + Note that this password hash is regarded as weak as it is + vulnerable to dictionary attacks and if two users choose the + same password this entry will be identical (i.e. the password + is not "salted" as the UNIX password is). If the user has a + null password this field will contain the characters "NO PASSWORD" + as the start of the hex string. If the hex string is equal to + 32 'X' characters then the user's account is marked as + disabled and the user will not be able to + log onto the Samba server. + + WARNING !! Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. + + + + + NT Password Hash + This is the Windows NT hash of the user's + password, encoded as 32 hex digits. The Windows NT hash is + created by taking the user's password as represented in + 16-bit, little-endian UNICODE and then applying the MD4 + (internet rfc1321) hashing algorithm to it. + + This password hash is considered more secure than + the LANMAN Password Hash as it preserves the case of the + password and uses a much higher quality hashing algorithm. + However, it is still the case that if two users choose the same + password this entry will be identical (i.e. the password is + not "salted" as the UNIX password is). + + WARNING !!. Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access. + + + + + Account Flags + This section contains flags that describe + the attributes of the users account. In the Samba 2.2 release + this field is bracketed by '[' and ']' characters and is always + 13 characters in length (including the '[' and ']' characters). + The contents of this field may be any of the characters. + + + + U - This means + this is a "User" account, i.e. an ordinary user. Only User + and Workstation Trust accounts are currently supported + in the smbpasswd file. + + N - This means the + account has no password (the passwords in the fields LANMAN + Password Hash and NT Password Hash are ignored). Note that this + will only allow users to log on with no password if the + null passwords parameter is set in the smb.conf(5) + config file. + + D - This means the account + is disabled and no SMB/CIFS logins will be allowed for + this user. + + W - This means this account + is a "Workstation Trust" account. This kind of account is used + in the Samba PDC code stream to allow Windows NT Workstations + and Servers to join a Domain hosted by a Samba PDC. + + + + Other flags may be added as the code is extended in future. + The rest of this field space is filled in with spaces. + + + + + + Last Change Time + This field consists of the time the account was + last modified. It consists of the characters 'LCT-' (standing for + "Last Change Time") followed by a numeric encoding of the UNIX time + in seconds since the epoch (1970) that the last change was made. + + + + + All other colon separated fields are ignored at this time. + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbpasswd(8), + samba(7), and + the Internet RFC1321 for details on the MD4 algorithm. + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbpasswd.8.sgml b/docs/docbook/manpages/smbpasswd.8.sgml new file mode 100644 index 00000000000..3c7a6a5150a --- /dev/null +++ b/docs/docbook/manpages/smbpasswd.8.sgml @@ -0,0 +1,389 @@ + + + + + smbpasswd + 8 + + + + + smbpasswd + change a user's SMB password + + + + + smbpasswd + -a + -x + -d + -e + -D debuglevel + -n + -r <remote machine> + -R <name resolve order> + -m + -j DOMAIN + -U username[%password] + -h + -s + -w pass + username + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + The smbpasswd program has several different + functions, depending on whether it is run by the root + user or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords. + + By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the passwd(1) program works. + smbpasswd differs from how the passwd program works + however in that it is not setuid root but works in + a client-server mode and communicates with a locally running + smbd(8). As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the smbpasswd(5) file. + + When run by an ordinary user with no options. smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password. + + smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (-r) and -U options below. + + When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, + smbpasswd accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running. + + + + OPTIONS + + + -a + This option specifies that the username + following should be added to the local smbpasswd file, with the + new password typed (type <Enter> for the old password). This + option is ignored if the username following already exists in + the smbpasswd file and it is treated like a regular change + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + /etc/passwd), else the request to add the + user will fail. + + This option is only available when running smbpasswd + as root. + + + + + + -x + This option specifies that the username + following should be deleted from the local smbpasswd file. + + + This option is only available when running smbpasswd as + root. + + + + + + -d + This option specifies that the username following + should be disabled in the local smbpasswd + file. This is done by writing a 'D' flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail. + + If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See smbpasswd(5) + for details on the 'old' and new password file formats. + + + This option is only available when running smbpasswd as + root. + + + + + -e + This option specifies that the username following + should be enabled in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again. + + If the smbpasswd file is in the 'old' format, then + smbpasswd will FAIL to enable the account. + See smbpasswd (5) for + details on the 'old' and new password file formats. + + This option is only available when running smbpasswd as root. + + + + + + + -D debuglevel + debuglevel is an integer + from 0 to 10. The default value if this parameter is not specified + is zero. + + The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged. + + Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. + + + + + + + -n + This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file. + + Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the smb.conf file : + + null passwords = yes + + This option is only available when running smbpasswd as + root. + + + + + + -r remote machine name + This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The remote + machine name is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the -R + name resolve order parameter for details on changing + this resolving mechanism. + + The username whose password is changed is that of the + current UNIX logged on user. See the -U username + parameter for details on changing the password for a different + username. + + Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change). + + Note that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target. + + + + + + -R name resolve order + This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to. + + The options are :"lmhosts", "host", "wins" and "bcast". They cause + names to be resolved as follows : + + lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup. + + host : Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored. + + wins : Query a name with + the IP address listed in the wins server + parameter. If no WINS server has been specified this method + will be ignored. + + bcast : Do a broadcast on + each of the known local interfaces listed in the + interfaces parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet. + + + The default order is lmhosts, host, wins, bcast + and without this parameter or any entry in the + smb.conf file the name resolution methods will + be attempted in this order. + + + + + -m + This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller. + + This option is only available when running smbpasswd as root. + + + + + + -U username + This option may only be used in conjunction + with the -r option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords. + + + + + -h + This option prints the help string for + smbpasswd, selecting the correct one for running as root + or as an ordinary user. + + + + + + -s + This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from /dev/tty + (like the passwd(1) program does). This option + is to aid people writing scripts to drive smbpasswd + + + + + + -w password + This parameter is only available is Samba + has been configured to use the experiemental + --with-ldapsam option. The -w + switch is used to specify the password to be used with the + ldap admin + dn. Note that the password is stored in + the private/secrets.tdb and is keyed off + of the admin's DN. This means that if the value of ldap + admin dn ever changes, the password will beed to be + manually updated as well. + + + + + + + username + This specifies the username for all of the + root only options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. + + + + + + + + NOTES + + Since smbpasswd works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the + smbd running on the local machine by specifying a + allow hosts or deny hosts + entry in the smb.conf file and neglecting to + allow "localhost" access to the smbd. + + In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. See the file + ENCRYPTION.txt in the docs directory for details + on how to do this. + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbpasswd(5), + samba(7) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + + + + + diff --git a/docs/docbook/manpages/smbsh.1.sgml b/docs/docbook/manpages/smbsh.1.sgml new file mode 100644 index 00000000000..46adac6b79d --- /dev/null +++ b/docs/docbook/manpages/smbsh.1.sgml @@ -0,0 +1,105 @@ + + + + + smbsh + 1 + + + + + smbsh + Allows access to Windows NT filesystem + using UNIX commands + + + + + smbsh + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbsh allows you to access an NT filesystem + using UNIX commands such as ls, + egrep, and rcp. You must use a + shell that is dynamically linked in order for smbsh + to work correctly. + + To use the smbsh command, execute + smbsh from the prompt and enter the username and password + that authenticates you to the machine running the Windows NT + operating system. + + + system% smbsh + Username: user + Password: XXXXXXX + + + + Any dynamically linked command you execute from + this shell will access the /smb directory + using the smb protocol. For example, the command ls /smb + will show a list of workgroups. The command + ls /smb/MYGROUP will show all the machines in + the workgroup MYGROUP. The command + ls /smb/MYGROUP/<machine-name> will show the share + names for that machine. You could then, for example, use the + cd command to change directories, vi to + edit files, and rcp to copy files. + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + BUGS + + smbsh works by intercepting the standard + libc calls with the dynamically loaded versions in + smbwrapper.o. Not all calls have been "wrapped", so + some programs may not function correctly under smbsh + . + + Programs which are not dynamically linked cannot make + use of smbsh's functionality. Most versions + of UNIX have a file command that will + describe how a program was linked. + + + + + SEE ALSO + smbd(8), + smb.conf(5) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbspool.8.sgml b/docs/docbook/manpages/smbspool.8.sgml new file mode 100644 index 00000000000..d5c9c0a1148 --- /dev/null +++ b/docs/docbook/manpages/smbspool.8.sgml @@ -0,0 +1,131 @@ + + + + + smbspool + 8 + + + + + smbspool + send print file to an SMB printer + + + + + smbspool + job + user + title + copies + options + filename + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbspool is a very small print spooling program that + sends a print file to an SMB printer. The command-line arguments + are position-dependent for compatibility with the Common UNIX + Printing System, but you can use smbspool with any printing system + or from a program or script. + + DEVICE URI + + smbspool specifies the destination using a Uniform Resource + Identifier ("URI") with a method of "smb". This string can take + a number of forms: + + + smb://server/printer + smb://workgroup/server/printer + smb://username:password@server/printer + + smb://username:password@workgroup/server/printer + + + + smbspool tries to get the URI from argv[0]. If argv[0] + contains the name of the program then it looks in the + DEVICE_URI environment variable. + + Programs using the exec(2) functions can + pass the URI in argv[0], while shell scripts must set the + DEVICE_URI environment variable prior to + running smbspool. + + + + OPTIONS + + + The job argument (argv[1]) contains the + job ID number and is presently not used by smbspool. + + + The user argument (argv[2]) contains the + print user's name and is presently not used by smbspool. + + + The title argument (argv[3]) contains the + job title string and is passed as the remote file name + when sending the print job. + + The copies argument (argv[4]) contains + the number of copies to be printed of the named file. If + no filename is provided than this argument is not used by + smbspool. + + The options argument (argv[5]) contains + the print options in a single string and is presently + not used by smbspool. + + The filename argument (argv[6]) contains the + name of the file to print. If this argument is not specified + then the print file is read from the standard input. + + + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbd(8), + and samba(7). + + + + + AUTHOR + + smbspool was written by Michael Sweet + at Easy Software Products. + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbstatus.1.sgml b/docs/docbook/manpages/smbstatus.1.sgml new file mode 100644 index 00000000000..99963a4bec6 --- /dev/null +++ b/docs/docbook/manpages/smbstatus.1.sgml @@ -0,0 +1,152 @@ + + + + + smbstatus + 1 + + + + + smbstatus + report on current Samba connections + + + + + smbstatus + -P + -b + -d <debug level> + -v + -L + -B + -p + -S + -s <configuration file> + -u <username> + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbstatus is a very simple program to + list the current Samba connections. + + + + OPTIONS + + + + -P|--profile + If samba has been compiled with the + profiling option, print only the contents of the profiling + shared memory area. + + + + -b|--brief + gives brief output. + + + + + -d|--debug=<debuglevel> + sets debugging to specified level + + + + + + -v|--verbose + gives verbose output. + + + + + -L|--locks + causes smbstatus to only list locks. + + + + + + -B|--byterange + causes smbstatus to include byte range locks. + + + + + + -p|--processes + print a list of + smbd(8) processes and exit. + Useful for scripting. + + + + + -S|--shares + causes smbstatus to only list shares. + + + + + + + -s|--conf=<configuration file> + The default configuration file name is + determined at compile time. The file specified contains the + configuration details required by the server. See smb.conf(5) + for more information. + + + + + + -u|--user=<username> + selects information relevant to + username only. + + + + + + + + VERSION + + This man page is correct for version 3.0 of + the Samba suite. + + + + SEE ALSO + smbd(8) and + smb.conf(5). + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/smbtar.1.sgml b/docs/docbook/manpages/smbtar.1.sgml new file mode 100644 index 00000000000..4e2ee5fff0a --- /dev/null +++ b/docs/docbook/manpages/smbtar.1.sgml @@ -0,0 +1,226 @@ + + + + + smbtar + 1 + + + + + smbtar + shell script for backing up SMB/CIFS shares + directly to UNIX tape drives + + + + + smbtar + -s server + -p password + -x services + -X + -d directory + -u user + -t tape + -t tape + -b blocksize + -N filename + -i + -r + -l loglevel + -v + filenames + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + smbtar is a very small shell script on top + of smbclient(1) + which dumps SMB shares directly to tape. + + + + OPTIONS + + + + -s server + The SMB/CIFS server that the share resides + upon. + + + + + -x service + The share name on the server to connect to. + The default is "backup". + + + + + -X + Exclude mode. Exclude filenames... from tar + create or restore. + + + + + + -d directory + Change to initial directory + before restoring / backing up files. + + + + + + -v + Verbose mode. + + + + + + -p password + The password to use to access a share. + Default: none + + + + + -u user + The user id to connect as. Default: + UNIX login name. + + + + + + -t tape + Tape device. May be regular file or tape + device. Default: $TAPE environmental + variable; if not set, a file called tar.out + . + + + + + -b blocksize + Blocking factor. Defaults to 20. See + tar(1) for a fuller explanation. + + + + + -N filename + Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups. + + + + + -i + Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read. + + + + + -r + Restore. Files are restored to the share + from the tar file. + + + + + + -l log level + Log (debug) level. Corresponds to the + -d flag of smbclient(1) + . + + + + + + + ENVIRONMENT VARIABLES + + The $TAPE variable specifies the + default tape device to write to. May be overridden + with the -t option. + + + + + BUGS + + The smbtar script has different + options from ordinary tar and tar called from smbclient. + + + + + CAVEATS + + Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares, should work on file lists. smbtar works best + with GNU tar and may not work well with other versions. + + + + + DIAGNOSTICS + + See the DIAGNOSTICS section for the + smbclient(1) + command. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smbd(8), + smbclient(1), + smb.conf(5), + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + Ricky Poulten + wrote the tar extension and this man page. The smbtar + script was heavily rewritten and improved by Martin Kraemer. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter. + + + diff --git a/docs/docbook/manpages/smbumount.8.sgml b/docs/docbook/manpages/smbumount.8.sgml new file mode 100644 index 00000000000..d6a1b65b578 --- /dev/null +++ b/docs/docbook/manpages/smbumount.8.sgml @@ -0,0 +1,73 @@ + + + + + smbumount + 8 + + + + + smbumount + smbfs umount for normal users + + + + + smbumount + mount-point + + + + + DESCRIPTION + + With this program, normal users can unmount smb-filesystems, + provided that it is suid root. smbumount has + been written to give normal Linux users more control over their + resources. It is safe to install this program suid root, because only + the user who has mounted a filesystem is allowed to unmount it again. + For root it is not necessary to use smbumount. The normal umount + program works perfectly well, but it would certainly be problematic + to make umount setuid root. + + + + OPTIONS + + + + mount-point + The directory to unmount. + + + + + + + SEE ALSO + + smbmount(8) + + + + + + AUTHOR + + Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others. + + The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. + + + The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter + + + diff --git a/docs/docbook/manpages/swat.8.sgml b/docs/docbook/manpages/swat.8.sgml new file mode 100644 index 00000000000..dc6989d5663 --- /dev/null +++ b/docs/docbook/manpages/swat.8.sgml @@ -0,0 +1,209 @@ + + + + + swat + 8 + + + + + swat + Samba Web Administration Tool + + + + + swat + -s <smb config file> + -a + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + + swat allows a Samba administrator to + configure the complex + smb.conf(5) file via a Web browser. In addition, + a swat configuration page has help links + to all the configurable options in the smb.conf file allowing an + administrator to easily look up the effects of any change. + + swat is run from inetd + + + + + OPTIONS + + + + -s smb configuration file + The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the smbd + server. This is the file that swat will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See smb.conf for more information. + + + + + + -a + This option disables authentication and puts + swat in demo mode. In that mode anyone will be able to modify + the smb.conf file. + + Do NOT enable this option on a production + server. + + + + + + + + INSTALLATION + + After you compile SWAT you need to run make install + to install the swat binary + and the various help files and images. A default install would put + these in: + + + /usr/local/samba/bin/swat + /usr/local/samba/swat/images/* + /usr/local/samba/swat/help/* + + + + Inetd Installation + + You need to edit your /etc/inetd.conf + and /etc/services + to enable SWAT to be launched via inetd. + + In /etc/services you need to + add a line like this: + + swat 901/tcp + + Note for NIS/YP users - you may need to rebuild the + NIS service maps rather than alter your local + /etc/services file. + + the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + inetd daemon). + + In /etc/inetd.conf you should + add a line like this: + + swat stream tcp nowait.400 root + /usr/local/samba/bin/swat swat + + One you have edited /etc/services + and /etc/inetd.conf you need to send a + HUP signal to inetd. To do this use kill -1 PID + where PID is the process ID of the inetd daemon. + + + + + + Launching + + To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/". + + Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire. + + + + + FILES + + + + /etc/inetd.conf + This file must contain suitable startup + information for the meta-daemon. + + + + /etc/services + This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp). + + + + /usr/local/samba/lib/smb.conf + This is the default location of the smb.conf(5) + server configuration file that swat edits. Other + common places that systems install this file are + /usr/samba/lib/smb.conf and /etc/smb.conf + . This file describes all the services the server + is to make available to clients. + + + + + + + WARNINGS + + swat will rewrite your smb.conf + file. It will rearrange the entries and delete all + comments, include= and copy=" + options. If you have a carefully crafted + smb.conf then back it up or don't use swat! + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + inetd(5), + smbd(8), + smb.conf(5) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + diff --git a/docs/docbook/manpages/testparm.1.sgml b/docs/docbook/manpages/testparm.1.sgml new file mode 100644 index 00000000000..320e39e6f58 --- /dev/null +++ b/docs/docbook/manpages/testparm.1.sgml @@ -0,0 +1,168 @@ + + + + + testparm + 1 + + + + + testparm + check an smb.conf configuration file for + internal correctness + + + + + testparm + -s + -h + -L <servername> + config filename + hostname hostIP + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + testparm is a very simple test program + to check an smbd configuration file for + internal correctness. If this program reports no problems, you + can use the configuration file with confidence that smbd + will successfully load the configuration file. + + + Note that this is NOT a guarantee that + the services specified in the configuration file will be + available or will operate as expected. + + If the optional host name and host IP address are + specified on the command line, this test program will run through + the service entries reporting whether the specified host + has access to each service. + + If testparm finds an error in the + smb.conf file it returns an exit code of 1 to the calling + program, else it returns an exit code of 0. This allows shell scripts + to test the output from testparm. + + + + OPTIONS + + + + -s + Without this option, testparm + will prompt for a carriage return after printing the service + names and before dumping the service definitions. + + + + + -h + Print usage message + + + + + -L servername + Sets the value of the %L macro to servername. + This is useful for testing include files specified with the + %L macro. + + + + + configfilename + This is the name of the configuration file + to check. If this parameter is not present then the + default smb.conf file will be checked. + + + + + + hostname + If this parameter and the following are + specified, then testparm will examine the hosts + allow and hosts deny + parameters in the smb.conf file to + determine if the hostname with this IP address would be + allowed access to the smbd server. If + this parameter is supplied, the hostIP parameter must also + be supplied. + + + + + hostIP + This is the IP address of the host specified + in the previous parameter. This address must be supplied + if the hostname parameter is supplied. + + + + + + FILES + + + + smb.conf + This is usually the name of the configuration + file used by smbd. + + + + + + + DIAGNOSTICS + + The program will issue a message saying whether the + configuration file loaded OK or not. This message may be preceded by + errors and warnings if the file did not load. If the file was + loaded OK, the program then dumps all known service details + to stdout. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + smb.conf(5), + smbd(8) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + + diff --git a/docs/docbook/manpages/testprns.1.sgml b/docs/docbook/manpages/testprns.1.sgml new file mode 100644 index 00000000000..cd99494a9af --- /dev/null +++ b/docs/docbook/manpages/testprns.1.sgml @@ -0,0 +1,143 @@ + + + + + testprns + 1 + + + + + testprns + check printer name for validity with smbd + + + + + testprns + printername + printcapname + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + testprns is a very simple test program + to determine whether a given printer name is valid for use in + a service to be provided by + smbd(8). + + "Valid" in this context means "can be found in the + printcap specified". This program is very stupid - so stupid in + fact that it would be wisest to always specify the printcap file + to use. + + + + + + OPTIONS + + + + printername + The printer name to validate. + + Printer names are taken from the first field in each + record in the printcap file, single printer names and sets + of aliases separated by vertical bars ("|") are recognized. + Note that no validation or checking of the printcap syntax is + done beyond that required to extract the printer name. It may + be that the print spooling system is more forgiving or less + forgiving than testprns. However, if + testprns finds the printer then + smbd should do so as well. + + + + printcapname + This is the name of the printcap file within + which to search for the given printer name. + + If no printcap name is specified testprns + will attempt to scan the printcap file name + specified at compile time. + + + + + + + FILES + + + + /etc/printcap + This is usually the default printcap + file to scan. See printcap (5). + + + + + + + + DIAGNOSTICS + + If a printer is found to be valid, the message + "Printer name <printername> is valid" will be + displayed. + + If a printer is found to be invalid, the message + "Printer name <printername> is not valid" will be + displayed. + + All messages that would normally be logged during + operation of the Samba daemons are logged by this program to the + file test.log in the current directory. The + program runs at debuglevel 3, so quite extensive logging + information is written. The log should be checked carefully + for errors and warnings. + + Other messages are self-explanatory. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + printcap(5), + smbd(8), + smbclient(1) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter + + + + diff --git a/docs/docbook/manpages/wbinfo.1.sgml b/docs/docbook/manpages/wbinfo.1.sgml new file mode 100644 index 00000000000..7f2c4624a9a --- /dev/null +++ b/docs/docbook/manpages/wbinfo.1.sgml @@ -0,0 +1,201 @@ + + + + + wbinfo + 1 + + + + + wbinfo + Query information from winbind daemon + + + + + wbinfo + -u + -g + -n name + -s sid + -U uid + -G gid + -S sid + -Y sid + -t + -m + -a user%password + -p + + + + + DESCRIPTION + + This tool is part of the + Samba suite. + + The wbinfo program queries and returns information + created and used by the + winbindd(8) daemon. + + The winbindd(8) daemon must be configured + and running for the wbinfo program to be able + to return information. + + + + OPTIONS + + + + -u + This option will list all users available + in the Windows NT domain for which the winbindd(8) + daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign + user ids to any users that have not already been seen by + winbindd(8). + + + + -g + This option will list all groups available + in the Windows NT domain for which the winbindd(8) + daemon is operating in. Groups in all trusted domains + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been seen by + winbindd(8). + + + + + -n name + The -n option + queries winbindd(8) for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. + For example CWDOM1/Administrator refers to the Administrator + user in the domain CWDOM1. If no domain is specified then the + domain used is the one specified in the smb.conf + workgroup parameter. + + + + + -s sid + Use -s to resolve + a SID to a name. This is the inverse of the -n + option above. SIDs must be specified as ASCII strings + in the traditional Microsoft format. For example, + S-1-5-21-1455342024-3071081365-2475485837-500. + + + + + -U uid + Try to convert a UNIX user id to a Windows NT + SID. If the uid specified does not refer to one within + the winbind uid range then the operation will fail. + + + + + -G gid + Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within + the winbind gid range then the operation will fail. + + + + + -S sid + Convert a SID to a UNIX user id. If the SID + does not correspond to a UNIX user mapped by + winbindd(8) then the operation will fail. + + + + + -Y sid + Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by + winbindd(8) then the operation will fail. + + + + + + -t + Verify that the workstation trust account + created when the Samba server is added to the Windows NT + domain is working. + + + + + -m + Produce a list of domains trusted by the + Windows NT server winbindd(8) contacts + when resolving names. This list does not include the Windows + NT domain the server is a Primary Domain Controller for. + + + + + -a username%password + Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. + + + + + -p + Attempt a simple 'ping' check that the winbindd + is indeed alive. + + + + + + + + EXIT STATUS + + The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the winbindd(8) + daemon is not working wbinfo will always return + failure. + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + winbindd(8) + + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + wbinfo and winbindd + were written by Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter + + + diff --git a/docs/docbook/manpages/winbindd.8.sgml b/docs/docbook/manpages/winbindd.8.sgml new file mode 100644 index 00000000000..bd1dafa07e8 --- /dev/null +++ b/docs/docbook/manpages/winbindd.8.sgml @@ -0,0 +1,514 @@ + + + + + winbindd + 8 + + + + + winbindd + Name Service Switch daemon for resolving names + from NT servers + + + + + winbindd + -i + -d <debug level> + -s <smb config file> + + + + + DESCRIPTION + + This program is part of the + Samba suite. + + winbindd is a daemon that provides + a service for the Name Service Switch capability that is present + in most modern C libraries. The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the /etc/nsswitch.conf file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system. + + The service provided by winbindd is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module. + + + The pam_winbind module in the 2.2.2 release only + supports the auth and account + module-types. The latter is simply + performs a getpwnam() to verify that the system can obtain a uid for the + user. If the libnss_winbind library has been correctly + installed, this should always suceed. + + + The following nsswitch databases are implemented by + the winbindd service: + + + + passwd + User information traditionally stored in + the passwd(5) file and used by + getpwent(3) functions. + + + + group + Group information traditionally stored in + the group(5) file and used by + getgrent(3) functions. + + + + For example, the following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve user and group information from /etc/passwd + and /etc/group and then from the + Windows NT server. + + +passwd: files winbind +group: files winbind + + + + + + OPTIONS + + + + -d debuglevel + Sets the debuglevel to an integer between + 0 and 100. 0 is for no debugging and 100 is for reams and + reams. To submit a bug report to the Samba Team, use debug + level 100 (see BUGS.txt). + + + + -i + Tells winbindd to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of winbindd is required. + + + + + + + NAME AND ID RESOLUTION + + Users and groups on a Windows NT server are assigned + a relative id (rid) which is unique for the domain when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between rids and unix user + and group ids is required. This is one of the jobs that + winbindd performs. + + As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database file under the Samba lock directory and will be + remembered. + + WARNING: The rid to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + file is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids. + + + + + CONFIGURATION + + Configuration of the winbindd daemon + is done through configuration parameters in the smb.conf(5) + file. All parameters should be specified in the + [global] section of smb.conf. + + + + winbind separator + The winbind separator option allows you + to specify how NT domain names and user names are combined + into unix user names when presented to users. By default, + winbindd will use the traditional '\' + separator so that the unix user names look like + DOMAIN\username. In some cases this separator character may + cause problems as the '\' character has special meaning in + unix shells. In that case you can use the winbind separator + option to specify an alternative separator character. Good + alternatives may be '/' (although that conflicts + with the unix directory separator) or a '+ 'character. + The '+' character appears to be the best choice for 100% + compatibility with existing unix utilities, but may be an + aesthetically bad choice depending on your taste. + + Default: winbind separator = \ + + Example: winbind separator = + + + + + + winbind uid + The winbind uid parameter specifies the + range of user ids that are allocated by the winbindd daemon. + This range of ids should have no existing local or NIS users + within it as strange conflicts can occur otherwise. + + Default: winbind uid = <empty string> + + Example: winbind uid = 10000-20000 + + + + + + winbind gid + The winbind gid parameter specifies the + range of group ids that are allocated by the winbindd daemon. + This range of group ids should have no existing local or NIS + groups within it as strange conflicts can occur otherwise. + + Default: winbind gid = <empty string> + + Example: winbind gid = 10000-20000 + + + + + + winbind cache time + This parameter specifies the number of + seconds the winbindd daemon will cache user and group information + before querying a Windows NT server again. When a item in the + cache is older than this time winbindd will ask the domain + controller for the sequence number of the server's account database. + If the sequence number has not changed then the cached item is + marked as valid for a further winbind cache time + seconds. Otherwise the item is fetched from the + server. This means that as long as the account database is not + actively changing winbindd will only have to send one sequence + number query packet every winbind cache time + seconds. + + Default: winbind cache time = 15 + + + + + winbind enum users + On large installations it may be necessary + to suppress the enumeration of users through the + setpwent(), getpwent() and + endpwent() group of system calls. If + the winbind enum users parameter is false, + calls to the getpwent system call will not + return any data. + + Warning: Turning off user enumeration + may cause some programs to behave oddly. For example, the finger + program relies on having access to the full user list when + searching for matching usernames. + + Default: winbind enum users = yes + + + + + winbind enum groups + On large installations it may be necessary + to suppress the enumeration of groups through the + setgrent(), getgrent() and + endgrent() group of system calls. If + the winbind enum groups parameter is + false, calls to the getgrent() system + call will not return any data. + + Warning: Turning off group + enumeration may cause some programs to behave oddly. + + + Default: winbind enum groups = no + + + + + + + template homedir + When filling out the user information + for a Windows NT user, the winbindd daemon + uses this parameter to fill in the home directory for that user. + If the string %D is present it is + substituted with the user's Windows NT domain name. If the + string %U is present it is substituted + with the user's Windows NT user name. + + Default: template homedir = /home/%D/%U + + + + + + template shell + When filling out the user information for + a Windows NT user, the winbindd daemon + uses this parameter to fill in the shell for that user. + + + Default: template shell = /bin/false + + + + + winbind use default domain + This parameter specifies whether the winbindd + daemon should operate on users without domain component in their username. + Users without a domain component are treated as is part of the winbindd server's + own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail + function in a way much closer to the way they would in a native unix system. + + Default: winbind use default domain = <falseg> + + Example: winbind use default domain = true + + + + + + + + EXAMPLE SETUP + + To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on a RedHat 6.2 Linux box. + + In /etc/nsswitch.conf put the + following: + + +passwd: files winbind +group: files winbind + + + In /etc/pam.d/* replace the + auth lines with something like this: + + + +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok + + + + Note in particular the use of the sufficient + keyword and the use_first_pass keyword. + + Now replace the account lines with this: + + account required /lib/security/pam_winbind.so + + + The next step is to join the domain. To do that use the + smbpasswd program like this: + + smbpasswd -j DOMAIN -r PDC -U + Administrator + + The username after the -U can be any + Domain user that has administrator privileges on the machine. + Substitute your domain name for "DOMAIN" and the name of your PDC + for "PDC". + + Next copy libnss_winbind.so to + /lib and pam_winbind.so + to /lib/security. A symbolic link needs to be + made from /lib/libnss_winbind.so to + /lib/libnss_winbind.so.2. If you are using an + older version of glibc then the target of the link should be + /lib/libnss_winbind.so.1. + + Finally, setup a smb.conf containing directives like the + following: + + +[global] + winbind separator = + + winbind cache time = 10 + template shell = /bin/bash + template homedir = /home/%D/%U + winbind uid = 10000-20000 + winbind gid = 10000-20000 + workgroup = DOMAIN + security = domain + password server = * + + + + Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands getent passwd and getent group + to confirm the correct operation of winbindd. + + + + + NOTES + + The following notes are useful when configuring and + running winbindd: + + nmbd must be running on the local machine + for winbindd to work. winbindd + queries the list of trusted domains for the Windows NT server + on startup and when a SIGHUP is received. Thus, for a running + winbindd to become aware of new trust relationships between + servers, it must be sent a SIGHUP signal. + + Client processes resolving names through the winbindd + nsswitch module read an environment variable named + $WINBINDD_DOMAIN. If this variable contains a comma separated + list of Windows NT domain names, then winbindd will only resolve users + and groups within those Windows NT domains. + + PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system. + + If more than one UNIX machine is running winbindd, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine. + + If the the Windows NT RID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost. + + + + + SIGNALS + + The following signals can be used to manipulate the + winbindd daemon. + + + + SIGHUP + Reload the smb.conf(5) + file and apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded. + + + + SIGUSR1 + The SIGUSR1 signal will cause + winbindd to write status information to the winbind + log file including information about the number of user and + group ids allocated by winbindd. + + Log files are stored in the filename specified by the + log file parameter. + + + + + + FILES + + + + /etc/nsswitch.conf(5) + Name service switch configuration file. + + + + + /tmp/.winbindd/pipe + The UNIX pipe over which clients communicate with + the winbindd program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the /tmp/.winbindd directory + and /tmp/.winbindd/pipe file are owned by + root. + + + + /lib/libnss_winbind.so.X + Implementation of name service switch library. + + + + + $LOCKDIR/winbindd_idmap.tdb + Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the --with-lockdir option. + This directory is by default /usr/local/samba/var/locks + . + + + + $LOCKDIR/winbindd_cache.tdb + Storage for cached user and group information. + + + + + + + + VERSION + + This man page is correct for version 2.2 of + the Samba suite. + + + + SEE ALSO + + nsswitch.conf(5), + samba(7), + wbinfo(1), + smb.conf(5) + + + + AUTHOR + + The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed. + + wbinfo and winbindd + were written by Tim Potter. + + The conversion to DocBook for Samba 2.2 was done + by Gerald Carter + + + diff --git a/docs/docbook/projdoc/CVS-Access.sgml b/docs/docbook/projdoc/CVS-Access.sgml new file mode 100644 index 00000000000..98ef925f20f --- /dev/null +++ b/docs/docbook/projdoc/CVS-Access.sgml @@ -0,0 +1,157 @@ + + + + + + + Samba Team + + + + + (22 May 2001) + + +HOWTO Access Samba source code via CVS + + +Introduction + + +Samba is developed in an open environment. Developers use CVS +(Concurrent Versioning System) to "checkin" (also known as +"commit") new source code. Samba's various CVS branches can +be accessed via anonymous CVS using the instructions +detailed in this chapter. + + + +This document is a modified version of the instructions found at +http://samba.org/samba/cvs.html + + + + + + +CVS Access to samba.org + + +The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host. + + + +Access via CVSweb + + +You can access the source code via your +favourite WWW browser. This allows you to access the contents of +individual files in the repository and also to look at the revision +history and commit logs of individual files. You can also ask for a diff +listing between any two versions on the repository. + + + +Use the URL : http://samba.org/cgi-bin/cvsweb + + + + +Access via cvs + + +You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser. + + + +To download the latest cvs source code, point your +browser at the URL : http://www.cyclic.com/. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com. + + + +To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name + + + + + + Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. + + + + + + + Run the command + + + + cvs -d :pserver:cvs@samba.org:/cvsroot login + + + + When it asks you for a password type cvs. + + + + + + + Run the command + + + + cvs -d :pserver:cvs@samba.org:/cvsroot co samba + + + + This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. + + + + CVS branches other HEAD can be obtained by using the -r + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. + + + + cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba + + + + + + Whenever you want to merge in the latest code changes use + the following command from within the samba directory: + + + + cvs update -d -P + + + + + + + + diff --git a/docs/docbook/projdoc/DOMAIN_MEMBER.sgml b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml new file mode 100644 index 00000000000..6d0b36eafcc --- /dev/null +++ b/docs/docbook/projdoc/DOMAIN_MEMBER.sgml @@ -0,0 +1,224 @@ + + + + + JeremyAllison + + Samba Team +
+ samba@samba.org +
+ + + + JerryCarter + + Samba Team +
+ jerry@samba.org +
+ + + + + 16 Apr 2001 + + + +security = domain in Samba 2.x + + + + Joining an NT Domain with Samba 2.2 + + Assume you have a Samba 2.x server with a NetBIOS name of + SERV1 and are joining an NT domain called + DOM, which has a PDC with a NetBIOS name + of DOMPDC and two backup domain controllers + with NetBIOS names DOMBDC1 and DOMBDC2 + . + + In order to join the domain, first stop all Samba daemons + and run the command: + + root# smbpasswd -j DOM -r DOMPDC + -UAdministrator%password + + as we are joining the domain DOM and the PDC for that domain + (the only machine that has write access to the domain SAM database) + is DOMPDC. The Administrator%password is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message: + + smbpasswd: Joined domain DOM. + + + in your terminal window. See the + smbpasswd(8) man page for more details. + + There is existing development code to join a domain + without having to create the machine trust account on the PDC + beforehand. This code will hopefully be available soon + in release branches as well. + + This command goes through the machine account password + change protocol, then writes the new (random) machine account + password for this Samba server into a file in the same directory + in which an smbpasswd file would be stored - normally : + + /usr/local/samba/private + + In Samba 2.0.x, the filename looks like this: + + <NT DOMAIN NAME>.<Samba + Server Name>.mac + + The .mac suffix stands for machine account + password file. So in our example above, the file would be called: + + DOM.SERV1.mac + + In Samba 2.2, this file has been replaced with a TDB + (Trivial Database) file named secrets.tdb. + + + + This file is created and owned by root and is not + readable by any other user. It is the key to the domain-level + security for your system, and should be treated as carefully + as a shadow password file. + + Now, before restarting the Samba daemons you must + edit your smb.conf(5) + file to tell Samba it should now use domain security. + + Change (or add) your + security = line in the [global] section + of your smb.conf to read: + + security = domain + + Next change the + workgroup = line in the [global] section to read: + + workgroup = DOM + + as this is the name of the domain we are joining. + + You must also have the parameter + encrypt passwords set to yes + in order for your users to authenticate to the NT PDC. + + Finally, add (or modify) a + password server = line in the [global] + section to read: + + password server = DOMPDC DOMBDC1 DOMBDC2 + + These are the primary and backup domain controllers Samba + will attempt to contact in order to authenticate users. Samba will + try to contact each of these servers in order, so you may want to + rearrange this list in order to spread out the authentication load + among domain controllers. + + Alternatively, if you want smbd to automatically determine + the list of Domain controllers to use for authentication, you may + set this line to be : + + password server = * + + This method, which was introduced in Samba 2.0.6, + allows Samba to use exactly the same mechanism that NT does. This + method either broadcasts or uses a WINS database in order to + find domain controllers to authenticate against. + + Finally, restart your Samba daemons and get ready for + clients to begin using domain security! + + + +Samba and Windows 2000 Domains + + +Many people have asked regarding the state of Samba's ability to participate in +a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows +2000 domain operating in mixed or native mode. + + + +There is much confusion between the circumstances that require a "mixed" mode +Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode +Win2k domain controller is only needed if Windows NT BDCs must exist in the same +domain. By default, a Win2k DC in "native" mode will still support +NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and +NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server. + + + +The steps for adding a Samba 2.2 host to a Win2k domain are the same as those +for adding a Samba server to a Windows NT 4.0 domain. The only exception is that +the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and +Computers" MMC (Microsoft Management Console) plugin. + + + + + + + Why is this better than security = server? + + Currently, domain security in Samba doesn't free you from + having to create local Unix users to represent the users attaching + to your server. This means that if domain user DOM\fred + attaches to your domain security Samba server, there needs + to be a local Unix user fred to represent that user in the Unix + filesystem. This is very similar to the older Samba security mode + security = server, + where Samba would pass through the authentication request to a Windows + NT server in the same way as a Windows 95 or Windows 98 server would. + + + Please refer to the Winbind + paper for information on a system to automatically + assign UNIX uids and gids to Windows NT Domain users and groups. + This code is available in development branches only at the moment, + but will be moved to release branches soon. + + The advantage to domain-level security is that the + authentication in domain-level security is passed down the authenticated + RPC channel in exactly the same way that an NT server would do it. This + means Samba servers now participate in domain trust relationships in + exactly the same way NT servers do (i.e., you can add Samba servers into + a resource domain and have the authentication passed on from a resource + domain PDC to an account domain PDC. + + In addition, with security = server every Samba + daemon on a server has to keep a connection open to the + authenticating server for as long as that daemon lasts. This can drain + the connection resources on a Microsoft NT server and cause it to run + out of available connections. With security = domain, + however, the Samba daemons connect to the PDC/BDC only for as long + as is necessary to authenticate the user, and then drop the connection, + thus conserving PDC connection resources. + + And finally, acting in the same manner as an NT server + authenticating to a PDC means that as part of the authentication + reply, the Samba server gets the user identification information such + as the user SID, the list of NT groups the user belongs to, etc. All + this information will allow Samba to be extended in the future into + a mode the developers currently call appliance mode. In this mode, + no local Unix users will be necessary, and Samba will generate Unix + uids and gids from the information passed back from the PDC when a + user is authenticated, making a Samba server truly plug and play + in an NT domain environment. Watch for this code soon. + + NOTE: Much of the text of this document + was first published in the Web magazine + LinuxWorld as the article Doing + the NIS/NT Samba. + + + + diff --git a/docs/docbook/projdoc/ENCRYPTION.sgml b/docs/docbook/projdoc/ENCRYPTION.sgml new file mode 100644 index 00000000000..6a26dbeffac --- /dev/null +++ b/docs/docbook/projdoc/ENCRYPTION.sgml @@ -0,0 +1,378 @@ + + + + + + JeremyAllison + + Samba Team +
+ samba@samba.org +
+ + + + + 19 Apr 1999 + + +LanMan and NT Password Encryption in Samba 2.x + + + + Introduction + + With the development of LanManager and Windows NT + compatible password encryption for Samba, it is now able + to validate user connections in exactly the same way as + a LanManager or Windows NT server. + + This document describes how the SMB password encryption + algorithm works and what issues there are in choosing whether + you want to use it. You should read it carefully, especially + the part about security and the "PROS and CONS" section. + + + + + How does it work? + + LanManager encryption is somewhat similar to UNIX + password encryption. The server uses a file containing a + hashed value of a user's password. This is created by taking + the user's plaintext password, capitalising it, and either + truncating to 14 bytes or padding to 14 bytes with null bytes. + This 14 byte value is used as two 56 bit DES keys to encrypt + a 'magic' eight byte value, forming a 16 byte value which is + stored by the server and client. Let this value be known as + the "hashed password". + + Windows NT encryption is a higher quality mechanism, + consisting of doing an MD4 hash on a Unicode version of the user's + password. This also produces a 16 byte hash value that is + non-reversible. + + When a client (LanManager, Windows for WorkGroups, Windows + 95 or Windows NT) wishes to mount a Samba drive (or use a Samba + resource), it first requests a connection and negotiates the + protocol that the client and server will use. In the reply to this + request the Samba server generates and appends an 8 byte, random + value - this is stored in the Samba server after the reply is sent + and is known as the "challenge". The challenge is different for + every client connection. + + The client then uses the hashed password (16 byte values + described above), appended with 5 null bytes, as three 56 bit + DES keys, each of which is used to encrypt the challenge 8 byte + value, forming a 24 byte value known as the "response". + + In the SMB call SMBsessionsetupX (when user level security + is selected) or the call SMBtconX (when share level security is + selected), the 24 byte response is returned by the client to the + Samba server. For Windows NT protocol levels the above calculation + is done on both hashes of the user's password and both responses are + returned in the SMB call, giving two 24 byte values. + + The Samba server then reproduces the above calculation, using + its own stored value of the 16 byte hashed password (read from the + smbpasswd file - described later) and the challenge + value that it kept from the negotiate protocol reply. It then checks + to see if the 24 byte value it calculates matches the 24 byte value + returned to it from the client. + + If these values match exactly, then the client knew the + correct password (or the 16 byte hashed value - see security note + below) and is thus allowed access. If not, then the client did not + know the correct password and is denied access. + + Note that the Samba server never knows or stores the cleartext + of the user's password - just the 16 byte hashed values derived from + it. Also note that the cleartext password or 16 byte hashed values + are never transmitted over the network - thus increasing security. + + + + Important Notes About Security + + The unix and SMB password encryption techniques seem similar + on the surface. This similarity is, however, only skin deep. The unix + scheme typically sends clear text passwords over the network when + logging in. This is bad. The SMB encryption scheme never sends the + cleartext password over the network but it does store the 16 byte + hashed values on disk. This is also bad. Why? Because the 16 byte hashed + values are a "password equivalent". You cannot derive the user's + password from them, but they could potentially be used in a modified + client to gain access to a server. This would require considerable + technical knowledge on behalf of the attacker but is perfectly possible. + You should thus treat the smbpasswd file as though it contained the + cleartext passwords of all your users. Its contents must be kept + secret, and the file should be protected accordingly. + + Ideally we would like a password scheme which neither requires + plain text passwords on the net or on disk. Unfortunately this + is not available as Samba is stuck with being compatible with + other SMB systems (WinNT, WfWg, Win95 etc). + + + Note that Windows NT 4.0 Service pack 3 changed the + default for permissible authentication so that plaintext + passwords are never sent over the wire. + The solution to this is either to switch to encrypted passwords + with Samba or edit the Windows NT registry to re-enable plaintext + passwords. See the document WinNT.txt for details on how to do + this. + + Other Microsoft operating systems which also exhibit + this behavior includes + + + MS DOS Network client 3.0 with + the basic network redirector installed + + Windows 95 with the network redirector + update installed + + Windows 98 [se] + + Windows 2000 + + + Note :All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication. + + + + Advantages of SMB Encryption + + + plain text passwords are not passed across + the network. Someone using a network sniffer cannot just + record passwords going to the SMB server. + + + WinNT doesn't like talking to a server + that isn't using SMB encrypted passwords. It will refuse + to browse the server if the server is also in user level + security mode. It will insist on prompting the user for the + password on each connection, which is very annoying. The + only things you can do to stop this is to use SMB encryption. + + + + + + + Advantages of non-encrypted passwords + + + plain text passwords are not kept + on disk. + + uses same password file as other unix + services such as login and ftp + + you are probably already using other + services (such as telnet and ftp) which send plain text + passwords over the net, so sending them for SMB isn't + such a big deal. + + + + + + + <anchor id="SMBPASSWDFILEFORMAT">The smbpasswd file + + In order for Samba to participate in the above protocol + it must be able to look up the 16 byte hashed values given a user name. + Unfortunately, as the UNIX password value is also a one way hash + function (ie. it is impossible to retrieve the cleartext of the user's + password given the UNIX hash of it), a separate password file + containing this 16 byte value must be kept. To minimise problems with + these two password files, getting out of sync, the UNIX + /etc/passwd and the smbpasswd file, + a utility, mksmbpasswd.sh, is provided to generate + a smbpasswd file from a UNIX /etc/passwd file. + To generate the smbpasswd file from your /etc/passwd + file use the following command : + + $ cat /etc/passwd | mksmbpasswd.sh + > /usr/local/samba/private/smbpasswd + + If you are running on a system that uses NIS, use + + $ ypcat passwd | mksmbpasswd.sh + > /usr/local/samba/private/smbpasswd + + The mksmbpasswd.sh program is found in + the Samba source directory. By default, the smbpasswd file is + stored in : + + /usr/local/samba/private/smbpasswd + + The owner of the /usr/local/samba/private/ + directory should be set to root, and the permissions on it should + be set to 0500 (chmod 500 /usr/local/samba/private). + + + Likewise, the smbpasswd file inside the private directory should + be owned by root and the permissions on is should be set to 0600 + (chmod 600 smbpasswd). + + + The format of the smbpasswd file is (The line has been + wrapped here. It should appear as one entry per line in + your smbpasswd file.) + + +username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX: + [Account type]:LCT-<last-change-time>:Long name + + + Although only the username, + uid, + XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, + [Account type] and + last-change-time sections are significant + and are looked at in the Samba code. + + It is VITALLY important that there by 32 + 'X' characters between the two ':' characters in the XXX sections - + the smbpasswd and Samba code will fail to validate any entries that + do not have 32 characters between ':' characters. The first XXX + section is for the Lanman password hash, the second is for the + Windows NT version. + + When the password file is created all users have password entries + consisting of 32 'X' characters. By default this disallows any access + as this user. When a user has a password set, the 'X' characters change + to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii + representation of the 16 byte hashed value of a user's password. + + To set a user to have no password (not recommended), edit the file + using vi, and replace the first 11 characters with the ascii text + "NO PASSWORD" (minus the quotes). + + For example, to clear the password for user bob, his smbpasswd file + entry would look like : + + + bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:Bob's full name:/bobhome:/bobshell + + + If you are allowing users to use the smbpasswd command to set + their own passwords, you may want to give users NO PASSWORD initially + so they do not have to enter a previous password when changing to their + new password (not recommended). In order for you to allow this the + smbpasswd program must be able to connect to the + smbd daemon as that user with no password. Enable this + by adding the line : + + null passwords = yes + + to the [global] section of the smb.conf file (this is why + the above scenario is not recommended). Preferably, allocate your + users a default password to begin with, so you do not have + to enable this on your server. + + Note : This file should be protected very + carefully. Anyone with access to this file can (with enough knowledge of + the protocols) gain access to your SMB server. The file is thus more + sensitive than a normal unix /etc/passwd file. + + + + + The smbpasswd Command + + The smbpasswd command maintains the two 32 byte password fields + in the smbpasswd file. If you wish to make it similar to the unix + passwd or yppasswd programs, + install it in /usr/local/samba/bin/ (or your + main Samba binary directory). + + Note that as of Samba 1.9.18p4 this program MUST NOT + BE INSTALLED setuid root (the new smbpasswd + code enforces this restriction so it cannot be run this way by + accident). + + smbpasswd now works in a client-server mode + where it contacts the local smbd to change the user's password on its + behalf. This has enormous benefits - as follows. + + + smbpasswd no longer has to be setuid root - + an enormous range of potential security problems is + eliminated. + + smbpasswd now has the capability + to change passwords on Windows NT servers (this only works when + the request is sent to the NT Primary Domain Controller if you + are changing an NT Domain user's password). + + + To run smbpasswd as a normal user just type : + + $ smbpasswd + Old SMB password: <type old value here - + or hit return if there was no old password> + New SMB Password: <type new value> + + Repeat New SMB Password: <re-type new value + + + If the old value does not match the current value stored for + that user, or the two new values do not match each other, then the + password will not be changed. + + If invoked by an ordinary user it will only allow the user + to change his or her own Samba password. + + If run by the root user smbpasswd may take an optional + argument, specifying the user name whose SMB password you wish to + change. Note that when run as root smbpasswd does not prompt for + or check the old password value, thus allowing root to set passwords + for users who have forgotten their passwords. + + smbpasswd is designed to work in the same way + and be familiar to UNIX users who use the passwd or + yppasswd commands. + + For more details on using smbpasswd refer + to the man page which will always be the definitive reference. + + + + + Setting up Samba to support LanManager Encryption + + This is a very brief description on how to setup samba to + support password encryption. + + + compile and install samba as usual + + + enable encrypted passwords in + smb.conf by adding the line encrypt + passwords = yes in the [global] section + + + create the initial smbpasswd + password file in the place you specified in the Makefile + (--prefix=<dir>). See the notes under the The smbpasswd File + section earlier in the document for details. + + + + Note that you can test things using smbclient. + + + diff --git a/docs/docbook/projdoc/Integrating-with-Windows.sgml b/docs/docbook/projdoc/Integrating-with-Windows.sgml new file mode 100644 index 00000000000..0b6abaf80f6 --- /dev/null +++ b/docs/docbook/projdoc/Integrating-with-Windows.sgml @@ -0,0 +1,935 @@ + + + + + + JohnTerpstra + + Samba Team +
+ jht@samba.org +
+ + + + + (Jan 01 2001) + + +Integrating MS Windows networks with Samba + + +Agenda + + +To identify the key functional mechanisms of MS Windows networking +to enable the deployment of Samba as a means of extending and/or +replacing MS Windows NT/2000 technology. + + + +We will examine: + + + + Name resolution in a pure Unix/Linux TCP/IP + environment + + + Name resolution as used within MS Windows + networking + + + How browsing functions and how to deploy stable + and dependable browsing using Samba + + + MS Windows security options and how to + configure Samba for seemless integration + + + Configuration of Samba as: + + A stand-alone server + An MS Windows NT 3.x/4.0 security domain member + + An alternative to an MS Windows NT 3.x/4.0 Domain Controller + + + + + + + + + +Name Resolution in a pure Unix/Linux world + + +The key configuration files covered in this section are: + + + + /etc/hosts + /etc/resolv.conf + /etc/host.conf + /etc/nsswitch.conf + + + +<filename>/etc/hosts</filename> + + +Contains a static list of IP Addresses and names. +eg: + + + 127.0.0.1 localhost localhost.localdomain + 192.168.1.1 bigbox.caldera.com bigbox alias4box + + + +The purpose of /etc/hosts is to provide a +name resolution mechanism so that uses do not need to remember +IP addresses. + + + + +Network packets that are sent over the physical network transport +layer communicate not via IP addresses but rather using the Media +Access Control address, or MAC address. IP Addresses are currently +32 bits in length and are typically presented as four (4) decimal +numbers that are separated by a dot (or period). eg: 168.192.1.1 + + + +MAC Addresses use 48 bits (or 6 bytes) and are typically represented +as two digit hexadecimal numbers separated by colons. eg: +40:8e:0a:12:34:56 + + + +Every network interfrace must have an MAC address. Associated with +a MAC address there may be one or more IP addresses. There is NO +relationship between an IP address and a MAC address, all such assignments +are arbitary or discretionary in nature. At the most basic level all +network communications takes place using MAC addressing. Since MAC +addresses must be globally unique, and generally remains fixed for +any particular interface, the assignment of an IP address makes sense +from a network management perspective. More than one IP address can +be assigned per MAC address. One address must be the primary IP address, +this is the address that will be returned in the ARP reply. + + + +When a user or a process wants to communicate with another machine +the protocol implementation ensures that the "machine name" or "host +name" is resolved to an IP address in a manner that is controlled +by the TCP/IP configuration control files. The file +/etc/hosts is one such file. + + + +When the IP address of the destination interface has been +determined a protocol called ARP/RARP isused to identify +the MAC address of the target interface. ARP stands for Address +Resolution Protocol, and is a broadcast oriented method that +uses UDP (User Datagram Protocol) to send a request to all +interfaces on the local network segment using the all 1's MAC +address. Network interfaces are programmed to respond to two +MAC addresses only; their own unique address and the address +ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will +contain the MAC address and the primary IP address for each +interface. + + + +The /etc/hosts file is foundational to all +Unix/Linux TCP/IP installations and as a minumum will contain +the localhost and local network interface IP addresses and the +primary names by which they are known within the local machine. +This file helps to prime the pump so that a basic level of name +resolution can exist before any other method of name resolution +becomes available. + + + + + + +<filename>/etc/resolv.conf</filename> + + +This file tells the name resolution libraries: + + + + The name of the domain to which the machine + belongs + + + The name(s) of any domains that should be + automatically searched when trying to resolve unqualified + host names to their IP address + + + The name or IP address of available Domain + Name Servers that may be asked to perform name to address + translation lookups + + + + + + + +<filename>/etc/host.conf</filename> + + + +/etc/host.conf is the primary means by +which the setting in /etc/resolv.conf may be affected. It is a +critical configuration file. This file controls the order by +which name resolution may procede. The typical structure is: + + + + order hosts,bind + multi on + + + +then both addresses should be returned. Please refer to the +man page for host.conf for further details. + + + + + + + + +<filename>/etc/nsswitch.conf</filename> + + +This file controls the actual name resolution targets. The +file typically has resolver object specifications as follows: + + + + + # /etc/nsswitch.conf + # + # Name Service Switch configuration file. + # + + passwd: compat + # Alternative entries for password authentication are: + # passwd: compat files nis ldap winbind + shadow: compat + group: compat + + hosts: files nis dns + # Alternative entries for host name resolution are: + # hosts: files dns nis nis+ hesoid db compat ldap wins + networks: nis files dns + + ethers: nis files + protocols: nis files + rpc: nis files + services: nis files + + + +Of course, each of these mechanisms requires that the appropriate +facilities and/or services are correctly configured. + + + +It should be noted that unless a network request/message must be +sent, TCP/IP networks are silent. All TCP/IP communications assumes a +principal of speaking only when necessary. + + + +Samba version 2.2.0 will add Linux support for extensions to +the name service switch infrastructure so that linux clients will +be able to obtain resolution of MS Windows NetBIOS names to IP +Addresses. To gain this functionality Samba needs to be compiled +with appropriate arguments to the make command (ie: make +nsswitch/libnss_wins.so). The resulting library should +then be installed in the /lib directory and +the "wins" parameter needs to be added to the "hosts:" line in +the /etc/nsswitch.conf file. At this point it +will be possible to ping any MS Windows machine by it's NetBIOS +machine name, so long as that machine is within the workgroup to +which both the samba machine and the MS Windows machine belong. + + + + + + + +Name resolution as used within MS Windows networking + + +MS Windows networking is predicated about the name each machine +is given. This name is known variously (and inconsistently) as +the "computer name", "machine name", "networking name", "netbios name", +"SMB name". All terms mean the same thing with the exception of +"netbios name" which can apply also to the name of the workgroup or the +domain name. The terms "workgroup" and "domain" are really just a +simply name with which the machine is associated. All NetBIOS names +are exactly 16 characters in length. The 16th character is reserved. +It is used to store a one byte value that indicates service level +information for the NetBIOS name that is registered. A NetBIOS machine +name is therefore registered for each service type that is provided by +the client/server. + + + +The following are typical NetBIOS name/service type registrations: + + + + Unique NetBIOS Names: + MACHINENAME<00> = Server Service is running on MACHINENAME + MACHINENAME<03> = Generic Machine Name (NetBIOS name) + MACHINENAME<20> = LanMan Server service is running on MACHINENAME + WORKGROUP<1b> = Domain Master Browser + + Group Names: + WORKGROUP<03> = Generic Name registered by all members of WORKGROUP + WORKGROUP<1c> = Domain Controllers / Netlogon Servers + WORKGROUP<1d> = Local Master Browsers + WORKGROUP<1e> = Internet Name Resolvers + + + +It should be noted that all NetBIOS machines register their own +names as per the above. This is in vast contrast to TCP/IP +installations where traditionally the system administrator will +determine in the /etc/hosts or in the DNS database what names +are associated with each IP address. + + + +One further point of clarification should be noted, the /etc/hosts +file and the DNS records do not provide the NetBIOS name type information +that MS Windows clients depend on to locate the type of service that may +be needed. An example of this is what happens when an MS Windows client +wants to locate a domain logon server. It find this service and the IP +address of a server that provides it by performing a lookup (via a +NetBIOS broadcast) for enumeration of all machines that have +registered the name type *<1c>. A logon request is then sent to each +IP address that is returned in the enumerated list of IP addresses. Which +ever machine first replies then ends up providing the logon services. + + + +The name "workgroup" or "domain" really can be confusing since these +have the added significance of indicating what is the security +architecture of the MS Windows network. The term "workgroup" indicates +that the primary nature of the network environment is that of a +peer-to-peer design. In a WORKGROUP all machines are responsible for +their own security, and generally such security is limited to use of +just a password (known as SHARE MORE security). In most situations +with peer-to-peer networking the users who control their own machines +will simply opt to have no security at all. It is possible to have +USER MODE security in a WORKGROUP environment, thus requiring use +of a user name and a matching password. + + + +MS Windows networking is thus predetermined to use machine names +for all local and remote machine message passing. The protocol used is +called Server Message Block (SMB) and this is implemented using +the NetBIOS protocol (Network Basic Input Output System). NetBIOS can +be encapsulated using LLC (Logical Link Control) protocol - in which case +the resulting protocol is called NetBEUI (Network Basic Extended User +Interface). NetBIOS can also be run over IPX (Internetworking Packet +Exchange) protocol as used by Novell NetWare, and it can be run +over TCP/IP protocols - in which case the resulting protocol is called +NBT or NetBT, the NetBIOS over TCP/IP. + + + +MS Windows machines use a complex array of name resolution mechanisms. +Since we are primarily concerned with TCP/IP this demonstration is +limited to this area. + + + +The NetBIOS Name Cache + + +All MS Windows machines employ an in memory buffer in which is +stored the NetBIOS names and their IP addresses for all external +machines that that the local machine has communicated with over the +past 10-15 minutes. It is more efficient to obtain an IP address +for a machine from the local cache than it is to go through all the +configured name resolution mechanisms. + + + +If a machine whose name is in the local name cache has been shut +down before the name had been expired and flushed from the cache, then +an attempt to exchange a message with that machine will be subject +to time-out delays. ie: It's name is in the cache, so a name resolution +lookup will succeed, but the machine can not respond. This can be +frustrating for users - but it is a characteristic of the protocol. + + + +The MS Windows utility that allows examination of the NetBIOS +name cache is called "nbtstat". The Samba equivalent of this +is called "nmblookup". + + + + + +The LMHOSTS file + + +This file is usually located in MS Windows NT 4.0 or +2000 in C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the machine name in matched pairs. The +LMHOSTS file performs NetBIOS name +to IP address mapping oriented. + + + +It typically looks like: + + + + # Copyright (c) 1998 Microsoft Corp. + # + # This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS + # over TCP/IP) stack for Windows98 + # + # This file contains the mappings of IP addresses to NT computernames + # (NetBIOS) names. Each entry should be kept on an individual line. + # The IP address should be placed in the first column followed by the + # corresponding computername. The address and the comptername + # should be separated by at least one space or tab. The "#" character + # is generally used to denote the start of a comment (see the exceptions + # below). + # + # This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts + # files and offers the following extensions: + # + # #PRE + # #DOM:<domain> + # #INCLUDE <filename> + # #BEGIN_ALTERNATE + # #END_ALTERNATE + # \0xnn (non-printing character support) + # + # Following any entry in the file with the characters "#PRE" will cause + # the entry to be preloaded into the name cache. By default, entries are + # not preloaded, but are parsed only after dynamic name resolution fails. + # + # Following an entry with the "#DOM:<domain>" tag will associate the + # entry with the domain specified by <domain>. This affects how the + # browser and logon services behave in TCP/IP environments. To preload + # the host name associated with #DOM entry, it is necessary to also add a + # #PRE to the line. The <domain> is always preloaded although it will not + # be shown when the name cache is viewed. + # + # Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT) + # software to seek the specified <filename> and parse it as if it were + # local. <filename> is generally a UNC-based name, allowing a + # centralized lmhosts file to be maintained on a server. + # It is ALWAYS necessary to provide a mapping for the IP address of the + # server prior to the #INCLUDE. This mapping must use the #PRE directive. + # In addtion the share "public" in the example below must be in the + # LanManServer list of "NullSessionShares" in order for client machines to + # be able to read the lmhosts file successfully. This key is under + # \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares + # in the registry. Simply add "public" to the list found there. + # + # The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE + # statements to be grouped together. Any single successful include + # will cause the group to succeed. + # + # Finally, non-printing characters can be embedded in mappings by + # first surrounding the NetBIOS name in quotations, then using the + # \0xnn notation to specify a hex value for a non-printing character. + # + # The following example illustrates all of these extensions: + # + # 102.54.94.97 rhino #PRE #DOM:networking #net group's DC + # 102.54.94.102 "appname \0x14" #special app server + # 102.54.94.123 popular #PRE #source server + # 102.54.94.117 localsrv #PRE #needed for the include + # + # #BEGIN_ALTERNATE + # #INCLUDE \\localsrv\public\lmhosts + # #INCLUDE \\rhino\public\lmhosts + # #END_ALTERNATE + # + # In the above example, the "appname" server contains a special + # character in its name, the "popular" and "localsrv" server names are + # preloaded, and the "rhino" server name is specified so it can be used + # to later #INCLUDE a centrally maintained lmhosts file if the "localsrv" + # system is unavailable. + # + # Note that the whole file is parsed including comments on each lookup, + # so keeping the number of comments to a minimum will improve performance. + # Therefore it is not advisable to simply add lmhosts file entries onto the + # end of this file. + + + + + +HOSTS file + + +This file is usually located in MS Windows NT 4.0 or 2000 in +C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the IP hostname in matched pairs. It can be +used by the name resolution infrastructure in MS Windows, depending +on how the TCP/IP environment is configured. This file is in +every way the equivalent of the Unix/Linux /etc/hosts file. + + + + + +DNS Lookup + + +This capability is configured in the TCP/IP setup area in the network +configuration facility. If enabled an elaborate name resolution sequence +is followed the precise nature of which isdependant on what the NetBIOS +Node Type parameter is configured to. A Node Type of 0 means use +NetBIOS broadcast (over UDP broadcast) is first used if the name +that is the subject of a name lookup is not found in the NetBIOS name +cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to +Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the +WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast +lookup is used. + + + + + +WINS Lookup + + +A WINS (Windows Internet Name Server) service is the equivaent of the +rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores +the names and IP addresses that are registered by a Windows client +if the TCP/IP setup has been given at least one WINS Server IP Address. + + + +To configure Samba to be a WINS server the following parameter needs +to be added to the smb.conf file: + + + + wins support = Yes + + + +To configure Samba to use a WINS server the following parameters are +needed in the smb.conf file: + + + + wins support = No + wins server = xxx.xxx.xxx.xxx + + + +where xxx.xxx.xxx.xxx is the IP address +of the WINS server. + + + + + + + +How browsing functions and how to deploy stable and +dependable browsing using Samba + + + +As stated above, MS Windows machines register their NetBIOS names +(ie: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc. + + + +In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter). + + + +Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks. + + + +During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser. + + + +Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses. + + + +Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services. + + + +Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, /etc/hosts, +and so on. + + + + + +MS Windows security options and how to configure +Samba for seemless integration + + +MS Windows clients may use encrypted passwords as part of a +challenege/response authentication model (a.k.a. NTLMv1) or +alone, or clear text strings for simple password based +authentication. It should be realized that with the SMB +protocol the password is passed over the network either +in plain text or encrypted, but not both in the same +authentication requets. + + + +When encrypted passwords are used a password that has been +entered by the user is encrypted in two ways: + + + + An MD4 hash of the UNICODE of the password + string. This is known as the NT hash. + + + The password is converted to upper case, + and then padded or trucated to 14 bytes. This string is + then appended with 5 bytes of NULL characters and split to + form two 56 bit DES keys to encrypt a "magic" 8 byte value. + The resulting 16 bytes for the LanMan hash. + + + + +You should refer to the +Password Encryption chapter in this HOWTO collection +for more details on the inner workings + + + +MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x +and version 4.0 pre-service pack 3 will use either mode of +password authentication. All versions of MS Windows that follow +these versions no longer support plain text passwords by default. + + + +MS Windows clients have a habit of dropping network mappings that +have been idle for 10 minutes or longer. When the user attempts to +use the mapped drive connection that has been dropped the SMB protocol +has a mechanism by which the connection can be re-established using +a cached copy of the password. + + + +When Microsoft changed the default password mode, they dropped support for +caching of the plain text password. This means that when the registry +parameter is changed to re-enable use of plain text passwords it appears to +work, but when a dropped mapping attempts to revalidate it will fail if +the remote authentication server does not support encrypted passwords. +This means that it is definitely not a good idea to re-enable plain text +password support in such clients. + + + +The following parameters can be used to work around the +issue of Windows 9x client upper casing usernames and +password before transmitting them to the SMB server +when using clear text authentication. + + + + passsword level = integer + username level = integer + + + +By default Samba will lower case the username before attempting +to lookup the user in the database of local system accounts. +Because UNIX usernames conventionally only contain lower case +character, the username level parameter +is rarely even needed. + + + +However, password on UNIX systems often make use of mixed case +characters. This means that in order for a user on a Windows 9x +client to connect to a Samba server using clear text authentication, +the password level must be set to the maximum +number of upper case letter which could appear +is a password. Note that is the server OS uses the traditional +DES version of crypt(), then a password level +of 8 will result in case insensitive passwords as seen from Windows +users. This will also result in longer login times as Samba +hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail). + + + +The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords: + + + + +Use MS Windows NT as an authentication server + + +This method involves the additions of the following parameters +in the smb.conf file: + + + + encrypt passwords = Yes + security = server + password server = "NetBIOS_name_of_PDC" + + + + +There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code. + + + +The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts. + + + +Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients. + + + + + +Make Samba a member of an MS Windows NT security domain + + +This method involves additon of the following paramters in the smb.conf file: + + + + encrypt passwords = Yes + security = domain + workgroup = "name of NT domain" + password server = * + + + +The use of the "*" argument to "password server" will cause samba +to locate the domain controller in a way analogous to the way +this is done within MS Windows NT. + + + +In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows: + + + + On the MS Windows NT domain controller using + the Server Manager add a machine account for the Samba server. + + + Next, on the Linux system execute: + smbpasswd -r PDC_NAME -j DOMAIN_NAME + + + + +Use of this mode of authentication does require there to be +a standard Unix account for the user in order to assign +a uid once the account has been authenticated by the remote +Windows DC. This account can be blocked to prevent logons by +other than MS Windows clients by things such as setting an invalid +shell in the /etc/passwd entry. + + + +An alternative to assigning UIDs to Windows users on a +Samba member server is presented in the Winbind Overview chapter in +this HOWTO collection. + + + + + + + +Configure Samba as an authentication server + + +This mode of authentication demands that there be on the +Unix/Linux system both a Unix style account as well as and +smbpasswd entry for the user. The Unix system account can be +locked if required as only the encrypted password will be +used for SMB client authentication. + + + +This method involves addition of the following parameters to +the smb.conf file: + + + +## please refer to the Samba PDC HOWTO chapter later in +## this collection for more details +[global] + encrypt passwords = Yes + security = user + domain logons = Yes + ; an OS level of 33 or more is recommended + os level = 33 + +[NETLOGON] + path = /somewhare/in/file/system + read only = yes + + + +in order for this method to work a Unix system account needs +to be created for each user, as well as for each MS Windows NT/2000 +machine. The following structure is required. + + + +Users + + +A user account that may provide a home directory should be +created. The following Linux system commands are typical of +the procedure for creating an account. + + + + # useradd -s /bin/bash -d /home/"userid" -m "userid" + # passwd "userid" + Enter Password: <pw> + + # smbpasswd -a "userid" + Enter Password: <pw> + + + + +MS Windows NT Machine Accounts + + +These are required only when Samba is used as a domain +controller. Refer to the Samba-PDC-HOWTO for more details. + + + + # useradd -s /bin/false -d /dev/null "machine_name"\$ + # passwd -l "machine_name"\$ + # smbpasswd -a -m "machine_name" + + + + + + + +Conclusions + + +Samba provides a flexible means to operate as... + + + + A Stand-alone server - No special action is needed + other than to create user accounts. Stand-alone servers do NOT + provide network logon services, meaning that machines that use this + server do NOT perform a domain logon but instead make use only of + the MS Windows logon which is local to the MS Windows + workstation/server. + + + An MS Windows NT 3.x/4.0 security domain member. + + + + An alternative to an MS Windows NT 3.x/4.0 + Domain Controller. + + + + + + + diff --git a/docs/docbook/projdoc/NT_Security.sgml b/docs/docbook/projdoc/NT_Security.sgml new file mode 100644 index 00000000000..2259dae029e --- /dev/null +++ b/docs/docbook/projdoc/NT_Security.sgml @@ -0,0 +1,358 @@ + + + + + JeremyAllison + + Samba Team +
+ samba@samba.org +
+ + + + + 12 Apr 1999 + + + +UNIX Permission Bits and Windows NT Access Control Lists + + + Viewing and changing UNIX permissions using the NT + security dialogs + + + New in the Samba 2.0.4 release is the ability for Windows + NT clients to use their native security settings dialog box to + view and modify the underlying UNIX permissions. + + Note that this ability is careful not to compromise + the security of the UNIX host Samba is running on, and + still obeys all the file permission rules that a Samba + administrator can set. + + In Samba 2.0.4 and above the default value of the + parameter + nt acl support has been changed from + false to true, so + manipulation of permissions is turned on by default. + + + + How to view file security on a Samba share + + From an NT 4.0 client, single-click with the right + mouse button on any file or directory in a Samba mounted + drive letter or UNC path. When the menu pops-up, click + on the Properties entry at the bottom of + the menu. This brings up the normal file properties dialog + box, but with Samba 2.0.4 this will have a new tab along the top + marked Security. Click on this tab and you + will see three buttons, Permissions, + Auditing, and Ownership. + The Auditing button will cause either + an error message A requested privilege is not held + by the client to appear if the user is not the + NT Administrator, or a dialog which is intended to allow an + Administrator to add auditing requirements to a file if the + user is logged on as the NT Administrator. This dialog is + non-functional with a Samba share at this time, as the only + useful button, the Add button will not currently + allow a list of users to be seen. + + + + + Viewing file ownership + + Clicking on the "Ownership" button + brings up a dialog box telling you who owns the given file. The + owner name will be of the form : + + "SERVER\user (Long name)" + + Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). Click on the Close + button to remove this dialog. + + If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone". + + The Take Ownership button will not allow + you to change the ownership of this file to yourself (clicking on + it will display a dialog box complaining that the user you are + currently logged onto the NT client cannot be found). The reason + for this is that changing the ownership of a file is a privileged + operation in UNIX, available only to the root + user. As clicking on this button causes NT to attempt to change + the ownership of a file to the current user logged into the NT + client this will not work with Samba at this time. + + There is an NT chown command that will work with Samba + and allow a user with Administrator privilege connected + to a Samba 2.0.4 server as root to change the ownership of + files on both a local NTFS filesystem or remote mounted NTFS + or Samba drive. This is available as part of the Seclib + NT security library written by Jeremy Allison of + the Samba Team, available from the main Samba ftp site. + + + + + Viewing file or directory permissions + + The third button is the "Permissions" + button. Clicking on this brings up a dialog box that shows both + the permissions and the UNIX owner of the file or directory. + The owner is displayed in the form : + + "SERVER\user (Long name)" + + Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). + + If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone" and the + permissions will be shown as NT "Full Control". + + + The permissions field is displayed differently for files + and directories, so I'll describe the way file permissions + are displayed first. + + + File Permissions + + The standard UNIX user/group/world triple and + the corresponding "read", "write", "execute" permissions + triples are mapped by Samba into a three element NT ACL + with the 'r', 'w', and 'x' bits mapped into the corresponding + NT permissions. The UNIX world permissions are mapped into + the global NT group Everyone, followed + by the list of permissions allowed for UNIX world. The UNIX + owner and group permissions are displayed as an NT + user icon and an NT local + group icon respectively followed by the list + of permissions allowed for the UNIX user and group. + + As many UNIX permission sets don't map into common + NT names such as "read", + "change" or "full control" then + usually the permissions will be prefixed by the words + "Special Access" in the NT display list. + + But what happens if the file has no permissions allowed + for a particular UNIX user group or world component ? In order + to allow "no permissions" to be seen and modified then Samba + overloads the NT "Take Ownership" ACL attribute + (which has no meaning in UNIX) and reports a component with + no permissions as having the NT "O" bit set. + This was chosen of course to make it look like a zero, meaning + zero permissions. More details on the decision behind this will + be given below. + + + + Directory Permissions + + Directories on an NT NTFS file system have two + different sets of permissions. The first set of permissions + is the ACL set on the directory itself, this is usually displayed + in the first set of parentheses in the normal "RW" + NT style. This first set of permissions is created by Samba in + exactly the same way as normal file permissions are, described + above, and is displayed in the same way. + + The second set of directory permissions has no real meaning + in the UNIX permissions world and represents the + "inherited" permissions that any file created within + this directory would inherit. + + Samba synthesises these inherited permissions for NT by + returning as an NT ACL the UNIX permission mode that a new file + created by Samba on this share would receive. + + + + + Modifying file or directory permissions + + Modifying file and directory permissions is as simple + as changing the displayed permissions in the dialog box, and + clicking the OK button. However, there are + limitations that a user needs to be aware of, and also interactions + with the standard Samba permission masks and mapping of DOS + attributes that need to also be taken into account. + + If the parameter nt acl support + is set to false then any attempt to set + security permissions will fail with an "Access Denied" + message. + + The first thing to note is that the "Add" + button will not return a list of users in Samba 2.0.4 (it will give + an error message of "The remote procedure call failed + and did not execute"). This means that you can only + manipulate the current user/group/world permissions listed in + the dialog box. This actually works quite well as these are the + only permissions that UNIX actually has. + + If a permission triple (either user, group, or world) + is removed from the list of permissions in the NT dialog box, + then when the "OK" button is pressed it will + be applied as "no permissions" on the UNIX side. If you then + view the permissions again the "no permissions" entry will appear + as the NT "O" flag, as described above. This + allows you to add permissions back to a file or directory once + you have removed them from a triple component. + + As UNIX supports only the "r", "w" and "x" bits of + an NT ACL then if other NT security attributes such as "Delete + access" are selected then they will be ignored when applied on + the Samba server. + + When setting permissions on a directory the second + set of permissions (in the second set of parentheses) is + by default applied to all files within that directory. If this + is not what you want you must uncheck the "Replace + permissions on existing files" checkbox in the NT + dialog before clicking "OK". + + If you wish to remove all permissions from a + user/group/world component then you may either highlight the + component and click the "Remove" button, + or set the component to only have the special "Take + Ownership" permission (displayed as "O" + ) highlighted. + + + + Interaction with the standard Samba create mask + parameters + + Note that with Samba 2.0.5 there are four new parameters + to control this interaction. These are : + + security mask + force security mode + directory security mask + force directory security mode + + Once a user clicks "OK" to apply the + permissions Samba maps the given permissions into a user/group/world + r/w/x triple set, and then will check the changed permissions for a + file against the bits set in the + security mask parameter. Any bits that + were changed that are not set to '1' in this parameter are left alone + in the file permissions. + + Essentially, zero bits in the security mask + mask may be treated as a set of bits the user is not + allowed to change, and one bits are those the user is allowed to change. + + + If not set explicitly this parameter is set to the same value as + the create mask + parameter to provide compatibility with Samba 2.0.4 + where this permission change facility was introduced. To allow a user to + modify all the user/group/world permissions on a file, set this parameter + to 0777. + + Next Samba checks the changed permissions for a file against + the bits set in the + force security mode parameter. Any bits + that were changed that correspond to bits set to '1' in this parameter + are forced to be set. + + Essentially, bits set in the force security mode + parameter may be treated as a set of bits that, when + modifying security on a file, the user has always set to be 'on'. + + If not set explicitly this parameter is set to the same value + as the force + create mode parameter to provide compatibility + with Samba 2.0.4 where the permission change facility was introduced. + To allow a user to modify all the user/group/world permissions on a file + with no restrictions set this parameter to 000. + + The security mask and force + security mode parameters are applied to the change + request in that order. + + For a directory Samba will perform the same operations as + described above for a file except using the parameter + directory security mask instead of security + mask, and force directory security mode + parameter instead of force security mode + . + + The directory security mask parameter + by default is set to the same value as the directory mask + parameter and the force directory security + mode parameter by default is set to the same value as + the force directory mode parameter to provide + compatibility with Samba 2.0.4 where the permission change facility + was introduced. + + In this way Samba enforces the permission restrictions that + an administrator can set on a Samba share, whilst still allowing users + to modify the permission bits within that restriction. + + If you want to set up a share that allows users full control + in modifying the permission bits on their files and directories and + doesn't force any particular bits to be set 'on', then set the following + parameters in the smb.conf(5) + file in that share specific section : + + security mask = 0777 + force security mode = 0 + directory security mask = 0777 + force directory security mode = 0 + + As described, in Samba 2.0.4 the parameters : + + create mask + force create mode + directory mask + force directory mode + + were used instead of the parameters discussed here. + + + + Interaction with the standard Samba file attribute + mapping + + Samba maps some of the DOS attribute bits (such as "read + only") into the UNIX permissions of a file. This means there can + be a conflict between the permission bits set via the security + dialog and the permission bits set by the file attribute mapping. + + + One way this can show up is if a file has no UNIX read access + for the owner it will show up as "read only" in the standard + file attributes tabbed dialog. Unfortunately this dialog is + the same one that contains the security info in another tab. + + What this can mean is that if the owner changes the permissions + to allow themselves read access using the security dialog, clicks + "OK" to get back to the standard attributes tab + dialog, and then clicks "OK" on that dialog, then + NT will set the file permissions back to read-only (as that is what + the attributes still say in the dialog). This means that after setting + permissions and clicking "OK" to get back to the + attributes dialog you should always hit "Cancel" + rather than "OK" to ensure that your changes + are not overridden. + + + diff --git a/docs/docbook/projdoc/OS2-Client-HOWTO.sgml b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml new file mode 100644 index 00000000000..ca7ad6a754e --- /dev/null +++ b/docs/docbook/projdoc/OS2-Client-HOWTO.sgml @@ -0,0 +1,142 @@ + + + + + + JimMcDonough + + IBM +
+ jerry@samba.org +
+ + + + + 5 Mar 2001 + + +OS2 Client HOWTO + + + FAQs + + + How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba? + + A more complete answer to this question can be + found on + http://carol.wins.uva.nl/~leeuw/samba/warp.html. + + Basically, you need three components: + + + The File and Print Client ('IBM Peer') + + TCP/IP ('Internet support') + + The "NetBIOS over TCP/IP" driver ('TCPBEUI') + + + + Installing the first two together with the base operating + system on a blank system is explained in the Warp manual. If Warp + has already been installed, but you now want to install the + networking support, use the "Selective Install for Networking" + object in the "System Setup" folder. + + Adding the "NetBIOS over TCP/IP" driver is not described + in the manual and just barely in the online documentation. Start + MPTS.EXE, click on OK, click on "Configure LAPS" and click + on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line + is then moved to 'Current Configuration'. Select that line, + click on "Change number" and increase it from 0 to 1. Save this + configuration. + + If the Samba server(s) is not on your local subnet, you + can optionally add IP names and addresses of these servers + to the "Names List", or specify a WINS server ('NetBIOS + Nameserver' in IBM and RFC terminology). For Warp Connect you + may need to download an update for 'IBM Peer' to bring it on + the same level as Warp 4. See the webpage mentioned above. + + + + How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba? + + You can use the free Microsoft LAN Manager 2.2c Client + for OS/2 from + + ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. + See + http://carol.wins.uva.nl/~leeuw/lanman.html for + more information on how to install and use this client. In + a nutshell, edit the file \OS2VER in the root directory of + the OS/2 boot partition and add the lines: + + + 20=setup.exe + 20=netwksta.sys + 20=netvdd.sys + + + before you install the client. Also, don't use the + included NE2000 driver because it is buggy. Try the NE2000 + or NS2000 driver from + + ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. + + + + + Are there any other issues when OS/2 (any version) + is used as a client? + + When you do a NET VIEW or use the "File and Print + Client Resource Browser", no Samba servers show up. This can + be fixed by a patch from + http://carol.wins.uva.nl/~leeuw/samba/fix.html. + The patch will be included in a later version of Samba. It also + fixes a couple of other problems, such as preserving long + filenames when objects are dragged from the Workplace Shell + to the Samba server. + + + + How do I get printer driver download working + for OS/2 clients? + + First, create a share called [PRINTDRV] that is + world-readable. Copy your OS/2 driver files there. Note + that the .EA_ files must still be separate, so you will need + to use the original install files, and not copy an installed + driver from an OS/2 system. + + Install the NT driver first for that printer. Then, + add to your smb.conf a parameter, "os2 driver map = + filename". Then, in the file + specified by filename, map the + name of the NT driver name to the OS/2 driver name as + follows: + + <nt driver name> = <os2 driver + name>.<device name>, e.g.: + HP LaserJet 5L = LASERJET.HP LaserJet 5L + + You can have multiple drivers mapped in this file. + + If you only specify the OS/2 driver name, and not the + device name, the first attempt to download the driver will + actually download the files, but the OS/2 client will tell + you the driver is not available. On the second attempt, it + will work. This is fixed simply by adding the device name + to the mapping, after which it will work on the first attempt. + + + + + + diff --git a/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml new file mode 100644 index 00000000000..594516640de --- /dev/null +++ b/docs/docbook/projdoc/PAM-Authentication-And-Samba.sgml @@ -0,0 +1,215 @@ + + + + + + JohnTerpstra + + Samba Team +
+ jht@samba.org +
+ + + + + (Jun 21 2001) + + +Configuring PAM for distributed but centrally +managed authentication + + +Samba and PAM + + +A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc. + + + +PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d. + + + +The following is an example /etc/pam.d/login configuration file. +This example had all options been uncommented is probably not usable +as it stacks many conditions before allowing successful completion +of the login process. Essentially all conditions can be disabled +by commenting them out except the calls to pam_pwdb.so. + + + +#%PAM-1.0 +# The PAM configuration file for the `login' service +# +auth required pam_securetty.so +auth required pam_nologin.so +# auth required pam_dialup.so +# auth optional pam_mail.so +auth required pam_pwdb.so shadow md5 +# account requisite pam_time.so +account required pam_pwdb.so +session required pam_pwdb.so +# session optional pam_lastlog.so +# password required pam_cracklib.so retry=3 +password required pam_pwdb.so shadow md5 + + + +PAM allows use of replacable modules. Those available on a +sample system include: + + + +$ /bin/ls /lib/security +pam_access.so pam_ftp.so pam_limits.so +pam_ncp_auth.so pam_rhosts_auth.so pam_stress.so +pam_cracklib.so pam_group.so pam_listfile.so +pam_nologin.so pam_rootok.so pam_tally.so +pam_deny.so pam_issue.so pam_mail.so +pam_permit.so pam_securetty.so pam_time.so +pam_dialup.so pam_lastlog.so pam_mkhomedir.so +pam_pwdb.so pam_shells.so pam_unix.so +pam_env.so pam_ldap.so pam_motd.so +pam_radius.so pam_smbpass.so pam_unix_acct.so +pam_wheel.so pam_unix_auth.so pam_unix_passwd.so +pam_userdb.so pam_warn.so pam_unix_session.so + + + +The following example for the login program replaces the use of +the pam_pwdb.so module which uses the system +password database (/etc/passwd, +/etc/shadow, /etc/group) with +the module pam_smbpass.so which uses the Samba +database which contains the Microsoft MD4 encrypted password +hashes. This database is stored in either +/usr/local/samba/private/smbpasswd, +/etc/samba/smbpasswd, or in +/etc/samba.d/smbpasswd, depending on the +Samba implementation for your Unix/Linux system. The +pam_smbpass.so module is provided by +Samba version 2.2.1 or later. It can be compiled by specifying the +--with-pam_smbpass options when running Samba's +configure script. For more information +on the pam_smbpass module, see the documentation +in the source/pam_smbpass directory of the Samba +source distribution. + + + +#%PAM-1.0 +# The PAM configuration file for the `login' service +# +auth required pam_smbpass.so nodelay +account required pam_smbpass.so nodelay +session required pam_smbpass.so nodelay +password required pam_smbpass.so nodelay + + + +The following is the PAM configuration file for a particular +Linux system. The default condition uses pam_pwdb.so. + + + +#%PAM-1.0 +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_pwdb.so nullok nodelay shadow audit +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_pwdb.so shadow md5 + + + +In the following example the decision has been made to use the +smbpasswd database even for basic samba authentication. Such a +decision could also be made for the passwd program and would +thus allow the smbpasswd passwords to be changed using the passwd +program. + + + +#%PAM-1.0 +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_smbpass.so nodelay +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf + + + +Note: PAM allows stacking of authentication mechanisms. It is +also possible to pass information obtained within on PAM module through +to the next module in the PAM stack. Please refer to the documentation for +your particular system implementation for details regarding the specific +capabilities of PAM in this environment. Some Linux implmentations also +provide the pam_stack.so module that allows all +authentication to be configured in a single central file. The +pam_stack.so method has some very devoted followers +on the basis that it allows for easier administration. As with all issues in +life though, every decision makes trade-offs, so you may want examine the +PAM documentation for further helpful information. + + + + + +Distributed Authentication + + +The astute administrator will realize from this that the +combination of pam_smbpass.so, +winbindd, and rsync (see +http://rsync.samba.org/) +will allow the establishment of a centrally managed, distributed +user/password database that can also be used by all +PAM (eg: Linux) aware programs and applications. This arrangement +can have particularly potent advantages compared with the +use of Microsoft Active Directory Service (ADS) in so far as +reduction of wide area network authentication traffic. + + + + + +PAM Configuration in smb.conf + + +There is an option in smb.conf called obey pam restrictions. +The following is from the on-line help for this option in SWAT; + + + +When Samba 2.2 is configure to enable PAM support (i.e. +--with-pam), this parameter will +control whether or not Samba should obey PAM's account +and session management directives. The default behavior +is to use PAM for clear text authentication only and to +ignore any account or session management. Note that Samba always +ignores PAM for authentication in the case of +encrypt passwords = yes. +The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB +password encryption. + + +Default: obey pam restrictions = no + + + diff --git a/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml new file mode 100644 index 00000000000..53a0959c39a --- /dev/null +++ b/docs/docbook/projdoc/Samba-BDC-HOWTO.sgml @@ -0,0 +1,233 @@ + + + + + + VolkerLendecke + + Samba Team +
Volker.Lendecke@SerNet.DE
+ + + (26 Apr 2001) + + + +How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain + + + +Prerequisite Reading + + +Before you continue reading in this chapter, please make sure +that you are comfortable with configuring a Samba PDC +as described in the Samba-PDC-HOWTO. + + + + + + + +Background + + +What is a Domain Controller? It is a machine that is able to answer +logon requests from workstations in a Windows NT Domain. Whenever a +user logs into a Windows NT Workstation, the workstation connects to a +Domain Controller and asks him whether the username and password the +user typed in is correct. The Domain Controller replies with a lot of +information about the user, for example the place where the users +profile is stored, the users full name of the user. All this +information is stored in the NT user database, the so-called SAM. + + + +There are two kinds of Domain Controller in a NT 4 compatible Domain: +A Primary Domain Controller (PDC) and one or more Backup Domain +Controllers (BDC). The PDC contains the master copy of the +SAM. Whenever the SAM has to change, for example when a user changes +his password, this change has to be done on the PDC. A Backup Domain +Controller is a machine that maintains a read-only copy of the +SAM. This way it is able to reply to logon requests and authenticate +users in case the PDC is not available. During this time no changes to +the SAM are possible. Whenever changes to the SAM are done on the PDC, +all BDC receive the changes from the PDC. + + + +Since version 2.2 Samba officially supports domain logons for all +current Windows Clients, including Windows 2000 and XP. This text +assumes the domain to be named SAMBA. To be able to act as a PDC, some +parameters in the [global]-section of the smb.conf have to be set: + + + +workgroup = SAMBA +domain master = yes +domain logons = yes + + + +Several other things like a [homes] and a [netlogon] share also may be +set along with settings for the profile path, the users home drive and +others. This will not be covered in this document. + + + + + + +What qualifies a Domain Controller on the network? + + +Every machine that is a Domain Controller for the domain SAMBA has to +register the NetBIOS group name SAMBA#1c with the WINS server and/or +by broadcast on the local network. The PDC also registers the unique +NetBIOS name SAMBA#1b with the WINS server. The name type #1b is +normally reserved for the domain master browser, a role that has +nothing to do with anything related to authentication, but the +Microsoft Domain implementation requires the domain master browser to +be on the same machine as the PDC. + + + + +How does a Workstation find its domain controller? + + +A NT workstation in the domain SAMBA that wants a local user to be +authenticated has to find the domain controller for SAMBA. It does +this by doing a NetBIOS name query for the group name SAMBA#1c. It +assumes that each of the machines it gets back from the queries is a +domain controller and can answer logon requests. To not open security +holes both the workstation and the selected (TODO: How is the DC +chosen) domain controller authenticate each other. After that the +workstation sends the user's credentials (his name and password) to +the domain controller, asking for approval. + + + + + + +When is the PDC needed? + + +Whenever a user wants to change his password, this has to be done on +the PDC. To find the PDC, the workstation does a NetBIOS name query +for SAMBA#1b, assuming this machine maintains the master copy of the +SAM. The workstation contacts the PDC, both mutually authenticate and +the password change is done. + + + + + + + + +Can Samba be a Backup Domain Controller? + + +With version 2.2, no. The native NT SAM replication protocols have +not yet been fully implemented. The Samba Team is working on +understanding and implementing the protocols, but this work has not +been finished for version 2.2. + + + +Can I get the benefits of a BDC with Samba? Yes. The main reason for +implementing a BDC is availability. If the PDC is a Samba machine, +a second Samba machine can be set up to +service logon requests whenever the PDC is down. + + + + + + +How do I set up a Samba BDC? + + +Several things have to be done: + + + + + +The file private/MACHINE.SID identifies the domain. When a samba +server is first started, it is created on the fly and must never be +changed again. This file has to be the same on the PDC and the BDC, +so the MACHINE.SID has to be copied from the PDC to the BDC. + + + +The Unix user database has to be synchronized from the PDC to the +BDC. This means that both the /etc/passwd and /etc/group have to be +replicated from the PDC to the BDC. This can be done manually +whenever changes are made, or the PDC is set up as a NIS master +server and the BDC as a NIS slave server. To set up the BDC as a +mere NIS client would not be enough, as the BDC would not be able to +access its user database in case of a PDC failure. + + + +The Samba password database in the file private/smbpasswd has to be +replicated from the PDC to the BDC. This is a bit tricky, see the +next section. + + + +Any netlogon share has to be replicated from the PDC to the +BDC. This can be done manually whenever login scripts are changed, +or it can be done automatically together with the smbpasswd +synchronization. + + + + + +Finally, the BDC has to be found by the workstations. This can be done +by setting + + + +workgroup = samba +domain master = no +domain logons = yes + + + +in the [global]-section of the smb.conf of the BDC. This makes the BDC +only register the name SAMBA#1c with the WINS server. This is no +problem as the name SAMBA#1c is a NetBIOS group name that is meant to +be registered by more than one machine. The parameter 'domain master = +no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS +name is reserved for the Primary Domain Controller. + + + +How do I replicate the smbpasswd file? + + +Replication of the smbpasswd file is sensitive. It has to be done +whenever changes to the SAM are made. Every user's password change is +done in the smbpasswd file and has to be replicated to the BDC. So +replicating the smbpasswd file very often is necessary. + + + +As the smbpasswd file contains plain text password equivalents, it +must not be sent unencrypted over the wire. The best way to set up +smbpasswd replication from the PDC to the BDC is to use the utility +rsync. rsync can use ssh as a transport. ssh itself can be set up to +accept *only* rsync transfer without requiring the user to type a +password. + + + + + + diff --git a/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml new file mode 100644 index 00000000000..21d2c55ec7a --- /dev/null +++ b/docs/docbook/projdoc/Samba-LDAP-HOWTO.sgml @@ -0,0 +1,594 @@ + + + + + Gerald (Jerry)>Carter + + Samba Team +
jerry@samba.org
+ + Olivier (lem)>Lemaire + + IDEALX +
olem@IDEALX.org
+ + + + + (13 Jan 2002) + + +Storing Samba's User/Machine Account information in an LDAP Directory + + +Purpose + + +This document describes how to use an LDAP directory for storing Samba user +account information traditionally stored in the smbpasswd(5) file. It is +assumed that the reader already has a basic understanding of LDAP concepts +and has a working directory server already installed. For more information +on LDAP architectures and Directories, please refer to the following sites. + + + + OpenLDAP - http://www.openldap.org/ + iPlanet Directory Server - http://iplanet.netscape.com/directory + + + +Note that O'Reilly Publishing is working on +a guide to LDAP for System Administrators which has a planned release date of +early summer, 2002. + + + +Two additional Samba resources which may prove to be helpful are + + + + The Samba-PDC-LDAP-HOWTO + maintained by Ignacio Coupeau. + + The NT migration scripts from IDEALX that are + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. + + + + + + + +Introduction + + +Traditionally, when configuring "encrypt +passwords = yes" in Samba's smb.conf file, user account +information such as username, LM/NT password hashes, password change times, and account +flags have been stored in the smbpasswd(5) file. There are several +disadvantages to this approach for sites with very large numbers of users (counted +in the thousands). + + + + +The first is that all lookups must be performed sequentially. Given that +there are approximately two lookups per domain logon (one for a normal +session connection such as when mapping a network drive or printer), this +is a performance bottleneck for lareg sites. What is needed is an indexed approach +such as is used in databases. + + + +The second problem is that administrators who desired to replicate a +smbpasswd file to more than one Samba server were left to use external +tools such as rsync(1) and ssh(1) +and wrote custom, in-house scripts. + + + +And finally, the amount of information which is stored in an +smbpasswd entry leaves no room for additional attributes such as +a home directory, password expiration time, or even a Relative +Identified (RID). + + + + +As a result of these defeciencies, a more robust means of storing user attributes +used by smbd was developed. The API which defines access to user accounts +is commonly referred to as the samdb interface (previously this was called the passdb +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +for a samdb backend (e.g. --with-ldapsam or +--with-tdbsam) requires compile time support. + + + +When compiling Samba to include the --with-ldapsam autoconf +option, smbd (and associated tools) will store and lookup user accounts in +an LDAP directory. In reality, this is very easy to understand. If you are +comfortable with using an smbpasswd file, simply replace "smbpasswd" with +"LDAP directory" in all the documentation. + + + +There are a few points to stress about what the --with-ldapsam +does not provide. The LDAP support referred to in the this documentation does not +include: + + + + A means of retrieving user account information from + an Windows 2000 Active Directory server. + A means of replacing /etc/passwd. + + + +The second item can be accomplished by using LDAP NSS and PAM modules. LGPL +versions of these libraries can be obtained from PADL Software +(http://www.padl.com/). However, +the details of configuring these packages are beyond the scope of this document. + + + + + +Supported LDAP Servers + + +The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP +2.0 server and client libraries. The same code should be able to work with +Netscape's Directory Server and client SDK. However, due to lack of testing +so far, there are bound to be compile errors and bugs. These should not be +hard to fix. If you are so inclined, please be sure to forward all patches to +samba-patches@samba.org and +jerry@samba.org. + + + + + + + + +Schema and Relationship to the RFC 2307 posixAccount + + + +Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in +examples/LDAP/samba.schema. (Note that this schema +file has been modified since the experimental support initially included +in 2.2.2). The sambaAccount objectclass is given here: + + + +objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL + DESC 'Samba Account' + MUST ( uid $ rid ) + MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ + logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ + displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ + description $ userWorkstations $ primaryGroupID $ domain )) + + + +The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +owned by the Samba Team and as such is legal to be openly published. +If you translate the schema to be used with Netscape DS, please +submit the modified schema file as a patch to jerry@samba.org + + + +Just as the smbpasswd file is mean to store information which supplements a +user's /etc/passwd entry, so is the sambaAccount object +meant to supplement the UNIX user account information. A sambaAccount is a +STRUCTURAL objectclass so it can be stored individually +in the directory. However, there are several fields (e.g. uid) which overlap +with the posixAccount objectclass outlined in RFC2307. This is by design. + + + + + +In order to store all user account information (UNIX and Samba) in the directory, +it is necessary to use the sambaAccount and posixAccount objectclasses in +combination. However, smbd will still obtain the user's UNIX account +information via the standard C library calls (e.g. getpwnam(), et. al.). +This means that the Samba server must also have the LDAP NSS library installed +and functioning correctly. This division of information makes it possible to +store all Samba account information in LDAP, but still maintain UNIX account +information in NIS while the network is transitioning to a full LDAP infrastructure. + + + + +Configuring Samba with LDAP + + + +OpenLDAP configuration + + +To include support for the sambaAccount object in an OpenLDAP directory +server, first copy the samba.schema file to slapd's configuration directory. + + + +root# cp samba.schema /etc/openldap/schema/ + + + +Next, include the samba.schema file in slapd.conf. +The sambaAccount object contains two attributes which depend upon other schema +files. The 'uid' attribute is defined in cosine.schema and +the 'displayName' attribute is defined in the inetorgperson.schema +file. Both of these must be included before the samba.schema file. + + + +## /etc/openldap/slapd.conf + +## schema files (core.schema is required by default) +include /etc/openldap/schema/core.schema + +## needed for sambaAccount +include /etc/openldap/schema/cosine.schema +include /etc/openldap/schema/inetorgperson.schema +include /etc/openldap/schema/samba.schema + +## uncomment this line if you want to support the RFC2307 (NIS) schema +## include /etc/openldap/schema/nis.schema + +.... + + + +It is recommended that you maintain some indices on some of the most usefull attributes, +like in the following example, to speed up searches made on sambaAccount objectclasses +(and possibly posixAccount and posixGroup as well). + + +# Indices to maintain +## required by OpenLDAP 2.0 +index objectclass eq + +## support pb_getsampwnam() +index uid pres,eq +## support pdb_getsambapwrid() +index rid eq + +## uncomment these if you are storing posixAccount and +## posixGroup entries in the directory as well +##index uidNumber eq +##index gidNumber eq +##index cn eq +##index memberUid eq + + + + + +Configuring Samba + + + +The following parameters are available in smb.conf only with --with-ldapsam +was included with compiling Samba. + + + + ldap ssl + ldap server + ldap admin dn + ldap suffix + ldap filter + ldap port + + + +These are described in the smb.conf(5) man +page and so will not be repeated here. However, a sample smb.conf file for +use with an LDAP directory could appear as + + + +## /usr/local/samba/lib/smb.conf +[global] + security = user + encrypt passwords = yes + + netbios name = TASHTEGO + workgroup = NARNIA + + # ldap related parameters + + # define the DN to use when binding to the directory servers + # The password for this DN is not stored in smb.conf. Rather it + # must be set by using 'smbpasswd -w secretpw' to store the + # passphrase in the secrets.tdb file. If the "ldap admin dn" values + # changes, this password will need to be reset. + ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org" + + # specify the LDAP server's hostname (defaults to locahost) + ldap server = ahab.samba.org + + # Define the SSL option when connecting to the directory + # ('off', 'start tls', or 'on' (default)) + ldap ssl = start tls + + # define the port to use in the LDAP session (defaults to 636 when + # "ldap ssl = on") + ldap port = 389 + + # specify the base DN to use when searching the directory + ldap suffix = "ou=people,dc=samba,dc=org" + + # generally the default ldap search filter is ok + # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))" + + + + + + + + +Accounts and Groups management + + +As users accounts are managed thru the sambaAccount objectclass, you should +modify you existing administration tools to deal with sambaAccount attributes. + + + +Machines accounts are managed with the sambaAccount objectclass, just +like users accounts. However, it's up to you to stored thoses accounts +in a different tree of you LDAP namespace: you should use +"ou=Groups,dc=plainjoe,dc=org" to store groups and +"ou=People,dc=plainjoe,dc=org" to store users. Just configure your +NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration +file). + + + +In Samba release 2.2.3, the group management system is based on posix +groups. This meand that Samba make usage of the posixGroup objectclass. +For now, there is no NT-like group system management (global and local +groups). + + + + + +Security and sambaAccount + + + +There are two important points to remember when discussing the security +of sambaAccount entries in the directory. + + + + Never retrieve the lmPassword or + ntPassword attribute values over an unencrypted LDAP session. + Never allow non-admin users to + view the lmPassword or ntPassword attribute values. + + + +These password hashes are clear text equivalents and can be used to impersonate +the user without deriving the original clear text strings. For more information +on the details of LM/NT password hashes, refer to the ENCRYPTION chapter of the Samba-HOWTO-Collection. + + + +To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +to require an encrypted session (ldap ssl = on) using +the default port of 636 +when contacting the directory server. When using an OpenLDAP 2.0 server, it +is possible to use the use the StartTLS LDAP extended operation in the place of +LDAPS. In either case, you are strongly discouraged to disable this security +(ldap ssl = off). + + + +Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS +extended operation. However, the OpenLDAP library still provides support for +the older method of securing communication between clients and servers. + + + +The second security precaution is to prevent non-administrative users from +harvesting password hashes from the directory. This can be done using the +following ACL in slapd.conf: + + + +## allow the "ldap admin dn" access, but deny everyone else +access to attrs=lmPassword,ntPassword + by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write + by * none + + + + + + + + +LDAP specials attributes for sambaAccounts + + +The sambaAccount objectclass is composed of the following attributes: + + + + + lmPassword: the LANMAN password 16-byte hash stored as a character + representation of a hexidecimal string. + + ntPassword: the NT password hash 16-byte stored as a character + representation of a hexidecimal string. + + pwdLastSet: The integer time in seconds since 1970 when the + lmPassword and ntPassword attributes were last set. + + + acctFlags: string of 11 characters surrounded by square brackets [] + representing account flags such as U (user), W(workstation), X(no password expiration), and + D(disabled). + + logonTime: Integer value currently unused + + logoffTime: Integer value currently unused + + kickoffTime: Integer value currently unused + + pwdCanChange: Integer value currently unused + + pwdMustChange: Integer value currently unused + + homeDrive: specifies the drive letter to which to map the + UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" + where X is the letter of the drive to map. Refer to the "logon drive" parameter in the + smb.conf(5) man page for more information. + + scriptPath: The scriptPath property specifies the path of + the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path + is relative to the netlogon share. Refer to the "logon script" parameter in the + smb.conf(5) man page for more information. + + profilePath: specifies a path to the user's profile. + This value can be a null string, a local absolute path, or a UNC path. Refer to the + "logon path" parameter in the smb.conf(5) man page for more information. + + smbHome: The homeDirectory property specifies the path of + the home directory for the user. The string can be null. If homeDrive is set and specifies + a drive letter, homeDirectory should be a UNC path. The path must be a network + UNC path of the form \\server\share\directory. This value can be a null string. + Refer to the "logon home" parameter in the smb.conf(5) man page for more information. + + + userWorkstation: character string value currently unused. + + + rid: the integer representation of the user's relative identifier + (RID). + + primaryGroupID: the relative identifier (RID) of the primary group + of the user. + + + + +The majority of these parameters are only used when Samba is acting as a PDC of +a domain (refer to the Samba-PDC-HOWTO for details on +how to configure Samba as a Primary Domain Controller). The following four attributes +are only stored with the sambaAccount entry if the values are non-default values: + + + + smbHome + scriptPath + logonPath + homeDrive + + + +These attributes are only stored with the sambaAccount entry if +the values are non-default values. For example, assume TASHTEGO has now been +configured as a PDC and that logon home = \\%L\%u was defined in +its smb.conf file. When a user named "becky" logons to the domain, +the logon home string is expanded to \\TASHTEGO\becky. +If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", +this value is used. However, if this attribute does not exist, then the value +of the logon home parameter is used in its place. Samba +will only write the attribute value to the directory entry is the value is +something other than the default (e.g. \\MOBY\becky). + + + + + + + + + +Example LDIF Entries for a sambaAccount + + + +The following is a working LDIF with the inclusion of the posixAccount objectclass: + + + +dn: uid=guest2, ou=people,dc=plainjoe,dc=org +ntPassword: 878D8014606CDA29677A44EFA1353FC7 +pwdMustChange: 2147483647 +primaryGroupID: 1201 +lmPassword: 552902031BEDE9EFAAD3B435B51404EE +pwdLastSet: 1010179124 +logonTime: 0 +objectClass: sambaAccount +uid: guest2 +kickoffTime: 2147483647 +acctFlags: [UX ] +logoffTime: 2147483647 +rid: 19006 +pwdCanChange: 0 + + + +The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses: + + + +dn: uid=gcarter, ou=people,dc=plainjoe,dc=org +logonTime: 0 +displayName: Gerald Carter +lmPassword: 552902031BEDE9EFAAD3B435B51404EE +primaryGroupID: 1201 +objectClass: posixAccount +objectClass: sambaAccount +acctFlags: [UX ] +userPassword: {crypt}BpM2ej8Rkzogo +uid: gcarter +uidNumber: 9000 +cn: Gerald Carter +loginShell: /bin/bash +logoffTime: 2147483647 +gidNumber: 100 +kickoffTime: 2147483647 +pwdLastSet: 1010179230 +rid: 19000 +homeDirectory: /home/tashtego/gcarter +pwdCanChange: 0 +pwdMustChange: 2147483647 +ntPassword: 878D8014606CDA29677A44EFA1353FC7 + + + + + + + + +Comments + + + +Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was +last updated to reflect the Samba 2.2.3 release. + + + + + + + + diff --git a/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml new file mode 100644 index 00000000000..475b66598c2 --- /dev/null +++ b/docs/docbook/projdoc/Samba-PDC-HOWTO.sgml @@ -0,0 +1,1828 @@ + + + + + + Gerald (Jerry)Carter + + VA Linux Systems/Samba Team +
jerry@samba.org
+ + DavidBannon + + Samba Team +
dbannon@samba.org
+ + + + (26 Apr 2001) + + + +How to Configure Samba 2.2 as a Primary Domain Controller + + + + + +Prerequisite Reading + + +Before you continue reading in this chapter, please make sure +that you are comfortable with configuring basic files services +in smb.conf and how to enable and administer password +encryption in Samba. Theses two topics are covered in the +smb.conf(5) +manpage and the Encryption chapter +of this HOWTO Collection. + + + + + + + + + + +Background + + + + +Author's Note: This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". +Both documents are superseded by this one. + + + + +Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller +Primary Domain Controller +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in UNIX_INSTALL.html, please make sure +that your server is configured correctly before proceeding. Another +good resource in the smb.conf(5) man +page. The following functionality should work in 2.2: + + + + + domain logons for Windows NT 4.0/2000 clients. + + + + placing a Windows 9x client in user level security + + + + retrieving a list of users and groups from a Samba PDC to + Windows 9x/NT/2000 clients + + + + roving (roaming) user profiles + + + + Windows NT 4.0-style system policies + + + + + +The following pieces of functionality are not included in the 2.2 release: + + + + + Windows NT 4 domain trusts + + + + SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa) + + + + Adding users via the User Manager for Domains + + + + Acting as a Windows 2000 Domain Controller (i.e. Kerberos and + Active Directory) + + + + +Please note that Windows 9x clients are not true members of a domain +for reasons outlined in this article. Therefore the protocol for +support Windows 9x-style domain logons is completely different +from NT4 domain logons and has been officially supported for some +time. + + + + +Implementing a Samba PDC can basically be divided into 2 broad +steps. + + + + + Configuring the Samba PDC + + + + Creating machine trust accounts and joining clients + to the domain + + + + +There are other minor details such as user profiles, system +policies, etc... However, these are not necessarily specific +to a Samba PDC as much as they are related to Windows NT networking +concepts. They will be mentioned only briefly here. + + + + + + + + +Configuring the Samba Domain Controller + + +The first step in creating a working Samba PDC is to +understand the parameters necessary in smb.conf. I will not +attempt to re-explain the parameters here as they are more that +adequately covered in the smb.conf +man page. For convenience, the parameters have been +linked with the actual smb.conf description. + + + +Here is an example smb.conf for acting as a PDC: + + + +[global] + ; Basic server settings + netbios name = POGO + workgroup = NARNIA + + ; we should act as the domain and local master browser + os level = 64 + preferred master = yes + domain master = yes + local master = yes + + ; security settings (must user security = user) + security = user + + ; encrypted passwords are a requirement for a PDC + encrypt passwords = yes + + ; support domain logons + domain logons = yes + + ; where to store user profiles? + logon path = \\%N\profiles\%u + + ; where is a user's home directory and where should it + ; be mounted at? + logon drive = H: + logon home = \\homeserver\%u + + ; specify a generic logon script for all users + ; this is a relative **DOS** path to the [netlogon] share + logon script = logon.cmd + +; necessary share for domain controller +[netlogon] + path = /usr/local/samba/lib/netlogon + read only = yes + write list = ntadmin + +; share for storing user profiles +[profiles] + path = /export/smb/ntprofile + read only = no + create mask = 0600 + directory mask = 0700 + + + +There are a couple of points to emphasize in the above configuration. + + + + + Encrypted passwords must be enabled. For more details on how + to do this, refer to ENCRYPTION.html. + + + + The server must support domain logons and a + [netlogon] share + + + + The server must be the domain master browser in order for Windows + client to locate the server as a DC. Please refer to the various + Network Browsing documentation included with this distribution for + details. + + + + +As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +domain admin +group smb.conf parameter for information of creating "Domain +Admins" style accounts. + + + + + + +Creating Machine Trust Accounts and Joining Clients to the +Domain + + +A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account." + + +The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller. + + +A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + + + A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + smbpasswd). The Samba account + possesses and uses only the NT password hash. + + A corresponding Unix account, typically stored in + /etc/passwd. (Future releases will alleviate the need to + create /etc/passwd entries.) + + + + +There are two ways to create machine trust accounts: + + + + Manual creation. Both the Samba and corresponding + Unix account are created by hand. + + "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually. + + + + + +Manual Creation of Machine Trust Accounts + + +The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +/etc/passwd. This can be done using +vipw or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server: + + + + root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine +nickname" -s /bin/false machine_name$ + + +root# passwd -l machine_name$ + + + +The /etc/passwd entry will list the machine name +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an +/etc/passwd entry like this: + + + +doppy$:x:505:501:machine_nickname:/dev/null:/bin/false + + + +Above, machine_nickname can be any +descriptive name for the client, i.e., BasementComputer. +machine_name absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account. + + + + +Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the smbpasswd(8) command +as shown here: + + + +root# smbpasswd -a -m machine_name + + + +where machine_name is the machine's NetBIOS +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account. + + + + Join the client to the domain immediately + + + Manually creating a machine trust account using this method is the + equivalent of creating a machine trust account on a Windows NT PDC using + the "Server Manager". From the time at which the account is created + to the time which the client joins the domain and changes the password, + your domain is vulnerable to an intruder joining your domain using a + a machine with the same NetBIOS name. A PDC inherently trusts + members of the domain and will serve out a large degree of user + information to such clients. You have been warned! + + + + + + +"On-the-Fly" Creation of Machine Trust Accounts + + +The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain. + +Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +add user script +option in smb.conf. This +method is not required, however; corresponding Unix accounts may also +be created manually. + + + +Below is an example for a RedHat 6.2 Linux system. + + + +[global] + # <...remainder of parameters...> + add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u + + + + + +Joining the Client to the Domain + + +The procedure for joining a client to the domain varies with the +version of Windows. + + + +Windows 2000 + + When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + /etc/passwd entry, for security + reasons. + + The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists. + + +Windows NT + + If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain. + + If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted). + + + + + + + + +Common Problems and Errors + + + + + + + I cannot include a '$' in a machine name. + + + + A 'machine name' in (typically) /etc/passwd + of the machine name with a '$' appended. FreeBSD (and other BSD + systems?) won't create a user with a '$' in their name. + + + + The problem is only in the program used to make the entry, once + made, it works perfectly. So create a user without the '$' and + use vipw to edit the entry, adding the '$'. Or create + the whole entry with vipw if you like, make sure you use a + unique User ID ! + + + + + + I get told "You already have a connection to the Domain...." + or "Cannot join domain, the credentials supplied conflict with an + existing set.." when creating a machine trust account. + + + + This happens if you try to create a machine trust account from the + machine itself and already have a connection (e.g. mapped drive) + to a share (or IPC$) on the Samba PDC. The following command + will remove all network drive connections: + + + + C:\WINNT\> net use * /d + + + + Further, if the machine is a already a 'member of a workgroup' that + is the same name as the domain you are joining (bad idea) you will + get this message. Change the workgroup name to something else, it + does not matter what, reboot, and try again. + + + + + + The system can not log you on (C000019B).... + + + I joined the domain successfully but after upgrading + to a newer version of the Samba code I get the message, "The system + can not log you on (C000019B), Please try a gain or consult your + system administrator" when attempting to logon. + + + + This occurs when the domain SID stored in + private/WORKGROUP.SID is + changed. For example, you remove the file and smbd automatically + creates a new one. Or you are swapping back and forth between + versions 2.0.7, TNG and the HEAD branch code (not recommended). The + only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. + + + + + + The machine trust account for this computer either does not + exist or is not accessible. + + + + When I try to join the domain I get the message "The machine account + for this computer either does not exist or is not accessible". What's + wrong? + + + + This problem is caused by the PDC not having a suitable machine trust account. + If you are using the add user script method to create + accounts then this would indicate that it has not worked. Ensure the domain + admin user system is working. + + + + Alternatively if you are creating account entries manually then they + have not been created correctly. Make sure that you have the entry + correct for the machine trust account in smbpasswd file on the Samba PDC. + If you added the account using an editor rather than using the smbpasswd + utility, make sure that the account name is the machine NetBIOS name + with a '$' appended to it ( i.e. computer_name$ ). There must be an entry + in both /etc/passwd and the smbpasswd file. Some people have reported + that inconsistent subnet masks between the Samba server and the NT + client have caused this problem. Make sure that these are consistent + for both client and server. + + + + + + When I attempt to login to a Samba Domain from a NT4/W2K workstation, + I get a message about my account being disabled. + + + + This problem is caused by a PAM related bug in Samba 2.2.0. This bug is + fixed in 2.2.1. Other symptoms could be unaccessible shares on + NT/W2K member servers in the domain or the following error in your smbd.log: + passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% + + + + At first be ensure to enable the useraccounts with smbpasswd -e + %user%, this is normally done, when you create an account. + + + + In order to work around this problem in 2.2.0, configure the + account control flag in + /etc/pam.d/samba file as follows: + + + + account required pam_permit.so + + + + If you want to remain backward compatibility to samba 2.0.x use + pam_permit.so, it's also possible to use + pam_pwdb.so. There are some bugs if you try to + use pam_unix.so, if you need this, be ensure to use + the most recent version of this file. + + + + + + + + + + + + +System Policies and Profiles + + + +Much of the information necessary to implement System Policies and +Roving User Profiles in a Samba domain is the same as that for +implementing these same items in a Windows NT 4.0 domain. +You should read the white paper Implementing +Profiles and Policies in Windows NT 4.0 available from Microsoft. + + + +Here are some additional details: + + + + + + + What about Windows NT Policy Editor? + + + + To create or edit ntconfig.pol you must use + the NT Server Policy Editor, poledit.exe which + is included with NT Server but not NT Workstation. + There is a Policy Editor on a NTws + but it is not suitable for creating Domain Policies. + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need poledit.exe, common.adm and winnt.adm. It is convenient + to put the two *.adm files in c:\winnt\inf which is where + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'. + + + + The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using servicepackname /x, + i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, + poledit.exe and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft. + + + + + + + Can Win95 do Policies? + + + + Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. + Install group policies on a Win9x client by double-clicking + grouppol.inf. Log off and on again a couple of + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... + + + + If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group. + + + + + + + How do I get 'User Manager' and 'Server Manager' + + + + Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager'? + + + + Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes + + + + Server Manager + + User Manager for Domains + + Event Viewer + + + + Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE + + + + The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE + + + + + + + + + + + + +What other help can I get? + + +There are many sources of information available in the form +of mailing lists, RFC's and documentation. The docs that come +with the samba distribution contain very good explanations of +general SMB topics such as browsing. + + + + + What are some diagnostics tools I can use to debug the domain logon + process and where can I find them? + + + + One of the best diagnostic tools for debugging problems is Samba itself. + You can use the -d option for both smbd and nmbd to specify what + 'debug level' at which to run. See the man pages on smbd, nmbd and + smb.conf for more information on debugging options. The debug + level can range from 1 (the default) to 10 (100 for debugging passwords). + + + + Another helpful method of debugging is to compile samba using the + gcc -g flag. This will include debug + information in the binaries and allow you to attach gdb to the + running smbd / nmbd process. In order to attach gdb to an smbd + process for an NT workstation, first get the workstation to make the + connection. Pressing ctrl-alt-delete and going down to the domain box + is sufficient (at least, on the first time you join the domain) to + generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation + maintains an open connection, and therefore there will be an smbd + process running (assuming that you haven't set a really short smbd + idle timeout) So, in between pressing ctrl alt delete, and actually + typing in your password, you can gdb attach and continue. + + + + Some useful samba commands worth investigating: + + + + testparam | more + smbclient -L //{netbios name of server} + + + + An SMB enabled version of tcpdump is available from + http://www.tcpdup.org/. + Ethereal, another good packet sniffer for Unix and Win32 + hosts, can be downloaded from http://www.ethereal.com. + + + + For tracing things on the Microsoft Windows NT, Network Monitor + (aka. netmon) is available on the Microsoft Developer Network CD's, + the Windows NT Server install CD and the SMS CD's. The version of + netmon that ships with SMS allows for dumping packets between any two + computers (i.e. placing the network interface in promiscuous mode). + The version on the NT Server install CD will only allow monitoring + of network traffic directed to the local NT box and broadcasts on the + local subnet. Be aware that Ethereal can read and write netmon + formatted files. + + + + + + + How do I install 'Network Monitor' on an NT Workstation + or a Windows 9x box? + + + + Installing netmon on an NT workstation requires a couple + of steps. The following are for installing Netmon V4.00.349, which comes + with Microsoft Windows NT Server 4.0, on Microsoft Windows NT + Workstation 4.0. The process should be similar for other version of + Windows NT / Netmon. You will need both the Microsoft Windows + NT Server 4.0 Install CD and the Workstation 4.0 Install CD. + + + + Initially you will need to install 'Network Monitor Tools and Agent' + on the NT Server. To do this + + + + Goto Start - Settings - Control Panel - + Network - Services - Add + + Select the 'Network Monitor Tools and Agent' and + click on 'OK'. + + Click 'OK' on the Network Control Panel. + + + Insert the Windows NT Server 4.0 install CD + when prompted. + + + + At this point the Netmon files should exist in + %SYSTEMROOT%\System32\netmon\*.*. + Two subdirectories exist as well, parsers\ + which contains the necessary DLL's for parsing the netmon packet + dump, and captures\. + + + + In order to install the Netmon tools on an NT Workstation, you will + first need to install the 'Network Monitor Agent' from the Workstation + install CD. + + + + Goto Start - Settings - Control Panel - + Network - Services - Add + + Select the 'Network Monitor Agent' and click + on 'OK'. + + Click 'OK' on the Network Control Panel. + + + Insert the Windows NT Workstation 4.0 install + CD when prompted. + + + + + Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* + to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set + permissions as you deem appropriate for your site. You will need + administrative rights on the NT box to run netmon. + + + + To install Netmon on a Windows 9x box install the network monitor agent + from the Windows 9x CD (\admin\nettools\netmon). There is a readme + file located with the netmon driver files on the CD if you need + information on how to do this. Copy the files from a working + Netmon installation. + + + + + + + + + The following is a list if helpful URLs and other links: + + + + + Home of Samba site + http://samba.org. We have a mirror near you ! + + The Development document + on the Samba mirrors might mention your problem. If so, + it might mean that the developers are working on it. + + See how Scott Merrill simulates a BDC behavior at + + http://www.skippy.net/linux/smb-howto.html. + + Although 2.0.7 has almost had its day as a PDC, David Bannon will + keep the 2.0.7 PDC pages at + http://bioserve.latrobe.edu.au/samba going for a while yet. + + Misc links to CIFS information + http://samba.org/cifs/ + + NT Domains for Unix + http://mailhost.cb1.com/~lkcl/ntdom/ + + FTP site for older SMB specs: + + ftp://ftp.microsoft.com/developr/drg/CIFS/ + + + + + + + + + + How do I get help from the mailing lists? + + + + There are a number of Samba related mailing lists. Go to http://samba.org, click on your nearest mirror + and then click on Support and then click on + Samba related mailing lists. + + + + For questions relating to Samba TNG go to + http://www.samba-tng.org/ + It has been requested that you don't post questions about Samba-TNG to the + main stream Samba lists. + + + If you post a message to one of the lists please observe the following guide lines : + + + + + Always remember that the developers are volunteers, they are + not paid and they never guarantee to produce a particular feature at + a particular time. Any time lines are 'best guess' and nothing more. + + + Always mention what version of samba you are using and what + operating system its running under. You should probably list the + relevant sections of your smb.conf file, at least the options + in [global] that affect PDC support. + + In addition to the version, if you obtained Samba via + CVS mention the date when you last checked it out. + + Try and make your question clear and brief, lots of long, + convoluted questions get deleted before they are completely read ! + Don't post html encoded messages (if you can select colour or font + size its html). + + If you run one of those nifty 'I'm on holidays' things when + you are away, make sure its configured to not answer mailing lists. + + + Don't cross post. Work out which is the best list to post to + and see what happens, i.e. don't post to both samba-ntdom and samba-technical. + Many people active on the lists subscribe to more + than one list and get annoyed to see the same message two or more times. + Often someone will see a message and thinking it would be better dealt + with on another, will forward it on for you. + + You might include partial + log files written at a debug level set to as much as 20. + Please don't send the entire log but enough to give the context of the + error messages. + + (Possibly) If you have a complete netmon trace ( from the opening of + the pipe to the error ) you can send the *.CAP file as well. + + Please think carefully before attaching a document to an email. + Consider pasting the relevant parts into the body of the message. The samba + mailing lists go to a huge number of people, do they all need a copy of your + smb.conf in their attach directory? + + + + + + + + How do I get off the mailing lists? + + + To have your name removed from a samba mailing list, go to the + same place you went to to get on it. Go to http://lists.samba.org, + click on your nearest mirror and then click on Support and + then click on Samba related mailing lists. Or perhaps see + here + + + + Please don't post messages to the list asking to be removed, you will just + be referred to the above address (unless that process failed in some way...) + + + + + + + + + +Domain Control for Windows 9x/ME + + + +The following section contains much of the original +DOMAIN.txt file previously included with Samba. Much of +the material is based on what went into the book Special +Edition, Using Samba, by Richard Sharpe. + + + + +A domain and a workgroup are exactly the same thing in terms of network +browsing. The difference is that a distributable authentication +database is associated with a domain, for secure login access to a +network. Also, different access rights can be granted to users if they +successfully authenticate against a domain logon server (NT server and +other systems based on NT server support this, as does at least Samba TNG now). + + + +The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +Network browsing functionality of domains and workgroups is +identical and is explained in BROWSING.txt. It should be noted, that browsing +is totally orthogonal to logon support. + + + +Issues related to the single-logon network model are discussed in this +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section. + + + + +When an SMB client in a domain wishes to logon it broadcast requests for a +logon server. The first one to reply gets the job, and validates its +password using whatever mechanism the Samba administrator has installed. +It is possible (but very stupid) to create a domain where the user +database is not shared between servers, i.e. they are effectively workgroup +servers advertising themselves as participating in a domain. This +demonstrates how authentication is quite different from but closely +involved with domains. + + + + +Using these features you can make your clients verify their logon via +the Samba server; make clients run a batch file when they logon to +the network and download their preferences, desktop and start menu. + + + +Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon: + + + + + + The client broadcasts (to the IP broadcast address of the subnet it is in) + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the + NetBIOS layer. The client chooses the first response it receives, which + contains the NetBIOS name of the logon server to use in the format of + \\SERVER. + + + + + + The client then connects to that server, logs on (does an SMBsessetupX) and + then connects to the IPC$ share (using an SMBtconX). + + + + + + The client then does a NetWkstaUserLogon request, which retrieves the name + of the user's logon script. + + + + + + The client then connects to the NetLogon share and searches for this + and if it is found and can be read, is retrieved and executed by the client. + After this, the client disconnects from the NetLogon share. + + + + + + The client then sends a NetUserGetInfo request to the server, to retrieve + the user's home share, which is used to search for profiles. Since the + response to the NetUserGetInfo request does not contain much more + the user's home share, profiles for Win9X clients MUST reside in the user + home directory. + + + + + + The client then connects to the user's home share and searches for the + user's profile. As it turns out, you can specify the user's home share as + a sharename and path. For example, \\server\fred\.profile. + If the profiles are found, they are implemented. + + + + + + The client then disconnects from the user's home share, and reconnects to + the NetLogon share and looks for CONFIG.POL, the policies file. If this is + found, it is read and implemented. + + + + + + +Configuration Instructions: Network Logons + + +The main difference between a PDC and a Windows 9x logon +server configuration is that + + + + + +Password encryption is not required for a Windows 9x logon server. + + + +Windows 9x/ME clients do not possess machine trust accounts. + + + + + +Therefore, a Samba PDC will also act as a Windows 9x logon +server. + + + + +security mode and master browsers + + +There are a few comments to make in order to tie up some +loose ends. There has been much debate over the issue of whether +or not it is ok to configure Samba as a Domain Controller in security +modes other than USER. The only security mode +which will not work due to technical reasons is SHARE +mode security. DOMAIN and SERVER +mode security is really just a variation on SMB user level security. + + + +Actually, this issue is also closely tied to the debate on whether +or not Samba must be the domain master browser for its workgroup +when operating as a DC. While it may technically be possible +to configure a server as such (after all, browsing and domain logons +are two distinctly different functions), it is not a good idea to +so. You should remember that the DC must register the DOMAIN#1b NetBIOS +name. This is the name used by Windows clients to locate the DC. +Windows clients do not distinguish between the DC and the DMB. +For this reason, it is very wise to configure the Samba DC as the DMB. + + + +Now back to the issue of configuring a Samba DC to use a mode other +than "security = user". If a Samba host is configured to use +another SMB server or DC in order to validate user connection +requests, then it is a fact that some other machine on the network +(the "password server") knows more about user than the Samba host. +99% of the time, this other host is a domain controller. Now +in order to operate in domain mode security, the "workgroup" parameter +must be set to the name of the Windows NT domain (which already +has a domain controller, right?) + + + +Therefore configuring a Samba box as a DC for a domain that +already by definition has a PDC is asking for trouble. +Therefore, you should always configure the Samba DC to be the DMB +for its domain. + + + + + + + +Configuration Instructions: Setting up Roaming User Profiles + + + +NOTE! Roaming profiles support is different +for Win9X and WinNT. + + + + +Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features. + + + +Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory. + + + + +WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT. + + + + + +Windows NT Configuration + + +To support WinNT clients, in the [global] section of smb.conf set the +following (for example): + + + +logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath + + + +The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable. + + + + +[lkcl 26aug96 - we have discovered a problem where Windows clients can +maintain a connection to the [homes] share in between logins. The +[homes] share must NOT therefore be used in a profile path.] + + + + + + + +Windows 9X Configuration + + +To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use/home" now works as well, and it, too, relies +on the "logon home" parameter. + + + +By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file: + + + +logon home = \\%L\%U\.profiles + + + +then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden). + + + +Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home". + + + + + + + +Win9X and WinNT Configuration + + +You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example: + + + +logon home = \\%L\%U\.profiles +logon path = \\%L\profiles\%U + + + + +I have not checked what 'net use /home' does on NT when "logon home" is +set as above. + + + + + + + +Windows 9X Profile Setup + + +When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders. + + + + +The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file. + + + + + + On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. + + + + + + + On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. + + + + + + +Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me. + + + +You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password. + + + +Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'. + + + +Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created. + + + +These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set. + + + +If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server. + + + +If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time". + + + + + + instead of logging in under the [user, password, domain] dialog, + press escape. + + + + + + run the regedit.exe program, and look in: + + + + HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList + + + + you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. + + + + [Exit the registry editor]. + + + + + + WARNING - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). + + + + This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. + + + + + + search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. + + + + + + + log off the windows 95 client. + + + + + + check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. + + + + + + +If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports. + + + +If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace. + + + + + + +Windows NT Workstation 4.0 + + +When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter. + + + + +[lkcl 10aug97 - i tried setting the path to +\\samba-server\homes\profile, and discovered that this fails because +a background process maintains the connection to the [homes] share +which does _not_ close down in between user logins. you have to +have \\samba-server\%L\profile, where user is the username created +from the [homes] share]. + + + + +There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter. + + + +The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension) +[lkcl 10aug97 - i found that the creation of the .PDS directory failed, +and had to create these manually for each user, with a shell script. +also, i presume, but have not tested, that the full profile path must +be browseable just as it is for w95, due to the manner in which they +attempt to create the full profile path: test existence of each path +component; create path component]. + + + +In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown. + + + +You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one. + + + + +[lkcl 10aug97 - i notice that NT Workstation tells me that it is +downloading a profile from a slow link. whether this is actually the +case, or whether there is some configuration issue, as yet unknown, +that makes NT Workstation _think_ that the link is a slow one is a +matter to be resolved]. + + + +[lkcl 20aug97 - after samba digest correspondence, one user found, and +another confirmed, that profiles cannot be loaded from a samba server +unless "security = user" and "encrypt passwords = yes" (see the file +ENCRYPTION.txt) or "security = server" and "password server = ip.address. +of.yourNTserver" are used. Either of these options will allow the NT +workstation to access the samba server using LAN manager encrypted +passwords, without the user intervention normally required by NT +workstation for clear-text passwords]. + + + +[lkcl 25aug97 - more comments received about NT profiles: the case of +the profile _matters_. the file _must_ be called NTuser.DAT or, for +a mandatory profile, NTuser.MAN]. + + + + + + + +Windows NT Server + + +There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords. + + + + + + +Sharing Profiles between W95 and NT Workstation 4.0 + + +Potentially outdated or incorrect material follows + +I think this is all bogus, but have not deleted it. (Richard Sharpe) + + + + +The default logon path is \\%N\U%. NT Workstation will attempt to create +a directory "\\samba-server\username.PDS" if you specify the logon path +as "\\samba-server\username" with the NT User Manager. Therefore, you +will need to specify (for example) "\\samba-server\username\profile". +NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which +is more likely to succeed. + + + +If you then want to share the same Start Menu / Desktop with W95, you will +need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 +this has its drawbacks: i created a shortcut to telnet.exe, which attempts +to run from the c:\winnt\system32 directory. this directory is obviously +unlikely to exist on a Win95-only host]. + + + + +If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory. + + + + +[lkcl 25aug97 - there are some issues to resolve with downloading of +NT profiles, probably to do with time/date stamps. i have found that +NTuser.DAT is never updated on the workstation after the first time that +it is copied to the local workstation profile directory. this is in +contrast to w95, where it _does_ transfer / update profiles correctly]. + + + + + + + + + + + + + +DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba + + + + Possibly Outdated Material + + + This appendix was originally authored by John H Terpstra of + the Samba Team and is included here for posterity. + + + + + +NOTE : +The term "Domain Controller" and those related to it refer to one specific +method of authentication that can underly an SMB domain. Domain Controllers +prior to Windows NT Server 3.1 were sold by various companies and based on +private extensions to the LAN Manager 2.1 protocol. Windows NT introduced +Microsoft-specific ways of distributing the user authentication database. +See DOMAIN.txt for examples of how Samba can participate in or create +SMB domains based on shared authentication database schemes other than the +Windows NT SAM. + + + +Windows NT Server can be installed as either a plain file and print server +(WORKGROUP workstation or server) or as a server that participates in Domain +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT. + + + +To many people these terms can be confusing, so let's try to clear the air. + + + +Every Windows NT system (workstation or server) has a registry database. +The registry contains entries that describe the initialization information +for all services (the equivalent of Unix Daemons) that run within the Windows +NT environment. The registry also contains entries that tell application +software where to find dynamically loadable libraries that they depend upon. +In fact, the registry contains entries that describes everything that anything +may need to know to interact with the rest of the system. + + + +The registry files can be located on any Windows NT machine by opening a +command prompt and typing: + + + +C:\WINNT\> dir %SystemRoot%\System32\config + + + +The environment variable %SystemRoot% value can be obtained by typing: + + + +C:\WINNT>echo %SystemRoot% + + + +The active parts of the registry that you may want to be familiar with are +the files called: default, system, software, sam and security. + + + +In a domain environment, Microsoft Windows NT domain controllers participate +in replication of the SAM and SECURITY files so that all controllers within +the domain have an exactly identical copy of each. + + + +The Microsoft Windows NT system is structured within a security model that +says that all applications and services must authenticate themselves before +they can obtain permission from the security manager to do what they set out +to do. + + + +The Windows NT User database also resides within the registry. This part of +the registry contains the user's security identifier, home directory, group +memberships, desktop profile, and so on. + + + +Every Windows NT system (workstation as well as server) will have its own +registry. Windows NT Servers that participate in Domain Security control +have a database that they share in common - thus they do NOT own an +independent full registry database of their own, as do Workstations and +plain Servers. + + + +The User database is called the SAM (Security Access Manager) database and +is used for all user authentication as well as for authentication of inter- +process authentication (i.e. to ensure that the service action a user has +requested is permitted within the limits of that user's privileges). + + + +The Samba team have produced a utility that can dump the Windows NT SAM into +smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and +/pub/samba/pwdump on your nearest Samba mirror for the utility. This +facility is useful but cannot be easily used to implement SAM replication +to Samba systems. + + + +Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers +can participate in a Domain security system that is controlled by Windows NT +servers that have been correctly configured. Almost every domain will have +ONE Primary Domain Controller (PDC). It is desirable that each domain will +have at least one Backup Domain Controller (BDC). + + + +The PDC and BDCs then participate in replication of the SAM database so that +each Domain Controlling participant will have an up to date SAM component +within its registry. + + + + + diff --git a/docs/docbook/projdoc/UNIX_INSTALL.sgml b/docs/docbook/projdoc/UNIX_INSTALL.sgml new file mode 100644 index 00000000000..90d48435770 --- /dev/null +++ b/docs/docbook/projdoc/UNIX_INSTALL.sgml @@ -0,0 +1,451 @@ + + +How to Install and Test SAMBA + + + Step 0: Read the man pages + + The man pages distributed with SAMBA contain + lots of useful info that will help to get you started. + If you don't know how to read man pages then try + something like: + + $ nroff -man smbd.8 | more + + + Other sources of information are pointed to + by the Samba web site, + http://www.samba.org + + + + Step 1: Building the Binaries + + To do this, first run the program ./configure + in the source directory. This should automatically + configure Samba for your operating system. If you have unusual + needs then you may wish to run + + root# ./configure --help + + + first to see what special options you can enable. + Then executing + + root# make + + will create the binaries. Once it's successfully + compiled you can use + + root# make install + + to install the binaries and manual pages. You can + separately install the binaries and/or man pages using + + root# make installbin + + + and + + root# make installman + + + Note that if you are upgrading for a previous version + of Samba you might like to know that the old versions of + the binaries will be renamed with a ".old" extension. You + can go back to the previous version with + + root# make revert + + + if you find this version a disaster! + + + + Step 2: The all important step + + At this stage you must fetch yourself a + coffee or other drink you find stimulating. Getting the rest + of the install right can sometimes be tricky, so you will + probably need it. + + If you have installed samba before then you can skip + this step. + + + + Step 3: Create the smb configuration file. + + There are sample configuration files in the examples + subdirectory in the distribution. I suggest you read them + carefully so you can see how the options go together in + practice. See the man page for all the options. + + The simplest useful configuration file would be + something like this: + + + [global] + workgroup = MYGROUP + + [homes] + guest ok = no + read only = no + + + which would allow connections by anyone with an + account on the server, using either their login name or + "homes" as the service name. (Note that I also set the + workgroup that Samba is part of. See BROWSING.txt for details) + + Note that make install will not install + a smb.conf file. You need to create it + yourself. + + Make sure you put the smb.conf file in the same place + you specified in theMakefile (the default is to + look for it in /usr/local/samba/lib/). + + For more information about security settings for the + [homes] share please refer to the document UNIX_SECURITY.txt. + + + + Step 4: Test your config file with + <command>testparm</command> + + It's important that you test the validity of your + smb.conf file using the testparm program. + If testparm runs OK then it will list the loaded services. If + not it will give an error message. + + Make sure it runs OK and that the services look + reasonable before proceeding. + + + + + Step 5: Starting the smbd and nmbd + + You must choose to start smbd and nmbd either + as daemons or from inetd. Don't try + to do both! Either you can put them in + inetd.conf and have them started on demand + by inetd, or you can start them as + daemons either from the command line or in + /etc/rc.local. See the man pages for details + on the command line options. Take particular care to read + the bit about what user you need to be in order to start + Samba. In many cases you must be root. + + The main advantage of starting smbd + and nmbd using the recommended daemon method + is that they will respond slightly more quickly to an initial connection + request. + + + Step 5a: Starting from inetd.conf + + NOTE; The following will be different if + you use NIS or NIS+ to distributed services maps. + + Look at your /etc/services. + What is defined at port 139/tcp. If nothing is defined + then add a line like this: + + netbios-ssn 139/tcp + + similarly for 137/udp you should have an entry like: + + netbios-ns 137/udp + + Next edit your /etc/inetd.conf + and add two lines something like this: + + + netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd + netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd + + + The exact syntax of /etc/inetd.conf + varies between unixes. Look at the other entries in inetd.conf + for a guide. + + NOTE: Some unixes already have entries like netbios_ns + (note the underscore) in /etc/services. + You must either edit /etc/services or + /etc/inetd.conf to make them consistent. + + NOTE: On many systems you may need to use the + "interfaces" option in smb.conf to specify the IP address + and netmask of your interfaces. Run ifconfig + as root if you don't know what the broadcast is for your + net. nmbd tries to determine it at run + time, but fails on some unixes. See the section on "testing nmbd" + for a method of finding if you need to do this. + + !!!WARNING!!! Many unixes only accept around 5 + parameters on the command line in inetd.conf. + This means you shouldn't use spaces between the options and + arguments, or you should use a script, and start the script + from inetd. + + Restart inetd, perhaps just send + it a HUP. If you have installed an earlier version of + nmbd then you may need to kill nmbd as well. + + + + Step 5b. Alternative: starting it as a daemon + + To start the server as a daemon you should create + a script something like this one, perhaps calling + it startsmb. + + + #!/bin/sh + /usr/local/samba/bin/smbd -D + /usr/local/samba/bin/nmbd -D + + + then make it executable with chmod + +x startsmb + + You can then run startsmb by + hand or execute it from /etc/rc.local + + + To kill it send a kill signal to the processes + nmbd and smbd. + + NOTE: If you use the SVR4 style init system then + you may like to look at the examples/svr4-startup + script to make Samba fit into that system. + + + + + Step 6: Try listing the shares available on your + server + + $ smbclient -L + yourhostname + + Your should get back a list of shares available on + your server. If you don't then something is incorrectly setup. + Note that this method can also be used to see what shares + are available on other LanManager clients (such as WfWg). + + If you choose user level security then you may find + that Samba requests a password before it will list the shares. + See the smbclient man page for details. (you + can force it to list the shares without a password by + adding the option -U% to the command line. This will not work + with non-Samba servers) + + + + Step 7: Try connecting with the unix client + + $ smbclient + //yourhostname/aservice + + Typically the yourhostname + would be the name of the host where you installed + smbd. The aservice is + any service you have defined in the smb.conf + file. Try your user name if you just have a [homes] section + in smb.conf. + + For example if your unix host is bambi and your login + name is fred you would type: + + $ smbclient //bambi/fred + + + + + Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client + + Try mounting disks. eg: + + C:\WINDOWS\> net use d: \\servername\service + + + Try printing. eg: + + C:\WINDOWS\> net use lpt1: + \\servername\spoolservice + + C:\WINDOWS\> print filename + + + Celebrate, or send me a bug report! + + + + What If Things Don't Work? + + If nothing works and you start to think "who wrote + this pile of trash" then I suggest you do step 2 again (and + again) till you calm down. + + Then you might read the file DIAGNOSIS.txt and the + FAQ. If you are still stuck then try the mailing list or + newsgroup (look in the README for details). Samba has been + successfully installed at thousands of sites worldwide, so maybe + someone else has hit your problem and has overcome it. You could + also use the WWW site to scan back issues of the samba-digest. + + When you fix the problem PLEASE send me some updates to the + documentation (or source code) so that the next person will find it + easier. + + + Diagnosing Problems + + If you have installation problems then go to + DIAGNOSIS.txt to try to find the + problem. + + + + Scope IDs + + By default Samba uses a blank scope ID. This means + all your windows boxes must also have a blank scope ID. + If you really want to use a non-blank scope ID then you will + need to use the -i <scope> option to nmbd, smbd, and + smbclient. All your PCs will need to have the same setting for + this to work. I do not recommend scope IDs. + + + + + Choosing the Protocol Level + + The SMB protocol has many dialects. Currently + Samba supports 5, called CORE, COREPLUS, LANMAN1, + LANMAN2 and NT1. + + You can choose what maximum protocol to support + in the smb.conf file. The default is + NT1 and that is the best for the vast majority of sites. + + In older versions of Samba you may have found it + necessary to use COREPLUS. The limitations that led to + this have mostly been fixed. It is now less likely that you + will want to use less than LANMAN1. The only remaining advantage + of COREPLUS is that for some obscure reason WfWg preserves + the case of passwords in this protocol, whereas under LANMAN1, + LANMAN2 or NT1 it uppercases all passwords before sending them, + forcing you to use the "password level=" option in some cases. + + The main advantage of LANMAN2 and NT1 is support for + long filenames with some clients (eg: smbclient, Windows NT + or Win95). + + See the smb.conf(5) manual page for more details. + + Note: To support print queue reporting you may find + that you have to use TCP/IP as the default protocol under + WfWg. For some reason if you leave Netbeui as the default + it may break the print queue reporting on some systems. + It is presumably a WfWg bug. + + + + Printing from UNIX to a Client PC + + To use a printer that is available via a smb-based + server from a unix host you will need to compile the + smbclient program. You then need to install the script + "smbprint". Read the instruction in smbprint for more details. + + + There is also a SYSV style script that does much + the same thing called smbprint.sysv. It contains instructions. + + + + Locking + + One area which sometimes causes trouble is locking. + + There are two types of locking which need to be + performed by a SMB server. The first is "record locking" + which allows a client to lock a range of bytes in a open file. + The second is the "deny modes" that are specified when a file + is open. + + Record locking semantics under Unix is very + different from record locking under Windows. Versions + of Samba before 2.2 have tried to use the native + fcntl() unix system call to implement proper record + locking between different Samba clients. This can not + be fully correct due to several reasons. The simplest + is the fact that a Windows client is allowed to lock a + byte range up to 2^32 or 2^64, depending on the client + OS. The unix locking only supports byte ranges up to + 2^31. So it is not possible to correctly satisfy a + lock request above 2^31. There are many more + differences, too many to be listed here. + + Samba 2.2 and above implements record locking + completely independent of the underlying unix + system. If a byte range lock that the client requests + happens to fall into the range 0-2^31, Samba hands + this request down to the Unix system. All other locks + can not be seen by unix anyway. + + Strictly a SMB server should check for locks before + every read and write call on a file. Unfortunately with the + way fcntl() works this can be slow and may overstress the + rpc.lockd. It is also almost always unnecessary as clients + are supposed to independently make locking calls before reads + and writes anyway if locking is important to them. By default + Samba only makes locking calls when explicitly asked + to by a client, but if you set "strict locking = yes" then it will + make lock checking calls on every read and write. + + You can also disable by range locking completely + using "locking = no". This is useful for those shares that + don't support locking or don't need it (such as cdroms). In + this case Samba fakes the return codes of locking calls to + tell clients that everything is OK. + + The second class of locking is the "deny modes". These + are set by an application when it opens a file to determine + what types of access should be allowed simultaneously with + its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE + or DENY_ALL. There are also special compatibility modes called + DENY_FCB and DENY_DOS. + + You can disable share modes using "share modes = no". + This may be useful on a heavily loaded server as the share + modes code is very slow. See also the FAST_SHARE_MODES + option in the Makefile for a way to do full share modes + very fast using shared memory (if your OS supports it). + + + + Mapping Usernames + + If you have different usernames on the PCs and + the unix server then take a look at the "username map" option. + See the smb.conf man page for details. + + + + Other Character Sets + + If you have problems using filenames with accented + characters in them (like the German, French or Scandinavian + character sets) then I recommend you look at the "valid chars" + option in smb.conf and also take a look at the validchars + package in the examples directory. + + + + diff --git a/docs/docbook/projdoc/msdfs_setup.sgml b/docs/docbook/projdoc/msdfs_setup.sgml new file mode 100644 index 00000000000..35c9d40840a --- /dev/null +++ b/docs/docbook/projdoc/msdfs_setup.sgml @@ -0,0 +1,117 @@ + + + + + ShirishKalele + + Samba Team & Veritas Software +
+ samba@samba.org +
+ + + + + 12 Jul 200 + + + +Hosting a Microsoft Distributed File System tree on Samba + + + + Instructions + + The Distributed File System (or Dfs) provides a means of + separating the logical view of files and directories that users + see from the actual physical locations of these resources on the + network. It allows for higher availability, smoother storage expansion, + load balancing etc. For more information about Dfs, refer to + Microsoft documentation. + + This document explains how to host a Dfs tree on a Unix + machine (for Dfs-aware clients to browse) using Samba. + + To enable SMB-based DFS for Samba, configure it with the + --with-msdfs option. Once built, a + Samba server can be made a Dfs server by setting the global + boolean + host msdfs parameter in the smb.conf + file. You designate a share as a Dfs root using the share + level boolean + msdfs root parameter. A Dfs root directory on + Samba hosts Dfs links in the form of symbolic links that point + to other servers. For example, a symbolic link + junction->msdfs:storage1\share1 in + the share directory acts as the Dfs junction. When Dfs-aware + clients attempt to access the junction link, they are redirected + to the storage location (in this case, \\storage1\share1). + + Dfs trees on Samba work with all Dfs-aware clients ranging + from Windows 95 to 2000. + + Here's an example of setting up a Dfs tree on a Samba + server. + + +# The smb.conf file: +[global] + netbios name = SAMBA + host msdfs = yes + +[dfs] + path = /export/dfsroot + msdfs root = yes + + + + In the /export/dfsroot directory we set up our dfs links to + other servers on the network. + + root# cd /export/dfsroot + root# chown root /export/dfsroot + root# chmod 755 /export/dfsroot + root# ln -s msdfs:storageA\\shareA linka + root# ln -s msdfs:serverB\\share,serverC\\share linkb + + + You should set up the permissions and ownership of + the directory acting as the Dfs root such that only designated + users can create, delete or modify the msdfs links. Also note + that symlink names should be all lowercase. This limitation exists + to have Samba avoid trying all the case combinations to get at + the link name. Finally set up the symbolic links to point to the + network shares you want, and start Samba. + + Users on Dfs-aware clients can now browse the Dfs tree + on the Samba server at \\samba\dfs. Accessing + links linka or linkb (which appear as directories to the client) + takes users directly to the appropriate shares on the network. + + + Notes + + + Windows clients need to be rebooted + if a previously mounted non-dfs share is made a dfs + root or vice versa. A better way is to introduce a + new share and make it the dfs root. + + + Currently there's a restriction that msdfs + symlink names should all be lowercase. + + + For security purposes, the directory + acting as the root of the Dfs tree should have ownership + and permissions set so that only designated users can + modify the symbolic links in the directory. + + + + + + + + diff --git a/docs/docbook/projdoc/printer_driver2.sgml b/docs/docbook/projdoc/printer_driver2.sgml new file mode 100644 index 00000000000..84a24bcdefc --- /dev/null +++ b/docs/docbook/projdoc/printer_driver2.sgml @@ -0,0 +1,689 @@ + + + + + + Gerald (Jerry)Carter + + Samba Team +
+ jerry@samba.org +
+ + + + + (3 May 2001) + + +Printing Support in Samba 2.2.x + + +Introduction + +Beginning with the 2.2.0 release, Samba supports +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls. + +The additional functionality provided by the new +SPOOLSS support includes: + + + Support for downloading printer driver + files to Windows 95/98/NT/2000 clients upon demand. + + + Uploading of printer drivers via the + Windows NT Add Printer Wizard (APW) or the + Imprints tool set (refer to http://imprints.sourceforge.net). + + + Support for the native MS-RPC printing + calls such as StartDocPrinter, EnumJobs(), etc... (See + the MSDN documentation at http://msdn.microsoft.com/ + for more information on the Win32 printing API) + + + Support for NT Access Control Lists (ACL) + on printer objects + + Improved support for printer queue manipulation + through the use of an internal databases for spooled job + information + + + +There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients +require that the Samba server possess a valid driver for the printer. +This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients +can use the local APW for installing drivers to be used with a Samba +served printer. This is the same behavior exhibited by Windows 9x clients. +As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients. + + + +The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: How to Add Printers with No User +Interaction in Windows 2000 + + + +http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP + + + + + + +Configuration + + +[print$] vs. [printer$] + + +Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads. + + + +However, the initial implementation allowed for a +parameter named printer driver location +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named printer driver provided +a means of defining the printer driver name to be sent to +the client. + + + +These parameters, including printer driver +file parameter, are being depreciated and should not +be used in new installations. For more information on this change, +you should refer to the Migration section +of this document. + + + + +Creating [print$] + + +In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download). + + +You should modify the server's smb.conf file to add the global +parameters and to create the +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site): + + +[global] + ; members of the ntadmin group should be able + ; to add drivers and set printer properties + ; root is implicitly a 'printer admin' + printer admin = @ntadmin + +[print$] + path = /usr/local/samba/printers + guest ok = yes + browseable = yes + read only = yes + ; since this share is configured as read only, then we need + ; a 'write list'. Check the file system permissions to make + ; sure this account can copy files to the share. If this + ; is setup to a non-root account, then it should also exist + ; as a 'printer admin' + write list = @ntadmin,root + + +The +write list is used to allow administrative +level user accounts to have write access in order to update files +on the share. See the smb.conf(5) +man page for more information on configuring file shares. + +The requirement for guest +ok = yes depends upon how your +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue. + + +Author's Note + + +The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add map to guest = Bad User + in the [global] section as well. Make sure +you understand what this parameter does before using it +though. --jerry + + + +In order for a Windows NT print server to support +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well. + +Next create the directory tree below the [print$] share +for each architecture you wish to support. + + +[print$]----- + |-W32X86 ; "Windows NT x86" + |-WIN40 ; "Windows 95/98" + |-W32ALPHA ; "Windows NT Alpha_AXP" + |-W32MIPS ; "Windows NT R4000" + |-W32PPC ; "Windows NT PowerPC" + + + +ATTENTION! REQUIRED PERMISSIONS + + +In order to currently add a new driver to you Samba host, +one of two conditions must hold true: + + + + The account used to connect to the Samba host + must have a uid of 0 (i.e. a root account) + + The account used to connect to the Samba host + must be a member of the printer + admin list. + + + +Of course, the connected account must still possess access +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default. + + + + + +Once you have created the required [print$] service and +associated subdirectories, simply log onto the Samba server using +a root (or printer admin) account +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers +that matches the printer shares defined on your Samba host. + + + + +Setting Drivers for Existing Printers + +The initial listing of printers in the Samba host's +Printers folder will have no real printer driver assigned +to them. By default, in Samba 2.2.0 this driver name was set to +NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER. +Later versions changed this to a NULL string to allow the use +tof the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message: + + +Device settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now? + + + +Click "No" in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a +printer is to either + + + + Use the "New Driver..." button to install + a new printer driver, or + + Select a driver from the popup list of + installed drivers. Initially this list will be empty. + + + +If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog. + +Assuming you have connected with a root account, you +will also be able modify other printer properties such as +ACLs and device settings using this dialog box. + +A few closing comments for this section, it is possible +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +smb.conf. + +Another interesting side note is that Windows NT clients do +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group. + + + + + + +Support a large number of printers + +One issue that has arisen during the development +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the rpcclient's +setdriver command can be used to set the driver +associated with an installed driver. The following is example +of how this could be accomplished: + + +$ rpcclient pogo -U root%secret -c "enumdrivers" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] + +[Windows NT x86] +Printer Driver Info 1: + Driver Name: [HP LaserJet 4000 Series PS] + +Printer Driver Info 1: + Driver Name: [HP LaserJet 2100 Series PS] + +Printer Driver Info 1: + Driver Name: [HP LaserJet 4Si/4SiMX PS] + +$ rpcclient pogo -U root%secret -c "enumprinters" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] + flags:[0x800000] + name:[\\POGO\hp-print] + description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,] + comment:[] + +$ rpcclient pogo -U root%secret \ +> -c "setdriver hp-print \"HP LaserJet 4000 Series PS\"" +Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3] +Successfully set hp-print to driver HP LaserJet 4000 Series PS. + + + + + + +Adding New Printers via the Windows NT APW + + +By default, Samba offers all printer shares defined in smb.conf +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if + + + + The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + privileges (i.e. root or printer admin). + + + show + add printer wizard = yes (the default). + + + + +In order to be able to use the APW to successfully add a printer to a Samba +server, the add +printer command must have a defined value. The program +hook must successfully add the printer to the system (i.e. +/etc/printcap or appropriate files) and +smb.conf if necessary. + + + +When using the APW from a client, if the named printer share does +not exist, smbd will execute the add printer +command and reparse to the smb.conf +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +add printer program is executed under the context +of the connected user, not necessarily a root account. + + + +There is a complementing delete +printer command for removing entries from the "Printers..." +folder. + + + + + + +Samba and Printer Ports + + +Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients. + + + +Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over. + + + +If you require that multiple ports be defined for some reason, +smb.conf possesses a enumports +command which can be used to define an external program +that generates a listing of ports on a system. + + + + + + + + + The Imprints Toolset + + The Imprints tool set provides a UNIX equivalent of the + Windows NT Add Printer Wizard. For complete information, please + refer to the Imprints web site at + http://imprints.sourceforge.net/ as well as the documentation + included with the imprints source distribution. This section will + only provide a brief introduction to the features of Imprints. + + + + What is Imprints? + + Imprints is a collection of tools for supporting the goals + of + + + Providing a central repository information + regarding Windows NT and 95/98 printer driver packages + + + Providing the tools necessary for creating + the Imprints printer driver packages. + + Providing an installation client which + will obtain and install printer drivers on remote Samba + and Windows NT 4 print servers. + + + + + + + Creating Printer Driver Packages + + The process of creating printer driver packages is beyond + the scope of this document (refer to Imprints.txt also included + with the Samba distribution for more information). In short, + an Imprints driver package is a gzipped tarball containing the + driver files, related INF files, and a control file needed by the + installation client. + + + + + The Imprints server + + The Imprints server is really a database server that + may be queried via standard HTTP mechanisms. Each printer + entry in the database has an associated URL for the actual + downloading of the package. Each package is digitally signed + via GnuPG which can be used to verify that package downloaded + is actually the one referred in the Imprints database. It is + not recommended that this security check + be disabled. + + + + The Installation Client + + More information regarding the Imprints installation client + is available in the Imprints-Client-HOWTO.ps + file included with the imprints source package. + + The Imprints installation client comes in two forms. + + + a set of command line Perl scripts + + + a GTK+ based graphical interface to + the command line perl scripts + + + The installation client (in both forms) provides a means + of querying the Imprints database server for a matching + list of known printer model names as well as a means to + download and install the drivers on remote Samba and Windows + NT print servers. + + The basic installation process is in four steps and + perl code is wrapped around smbclient + and rpcclient. + + +foreach (supported architecture for a given driver) +{ + 1. rpcclient: Get the appropriate upload directory + on the remote server + 2. smbclient: Upload the driver files + 3. rpcclient: Issues an AddPrinterDriver() MS-RPC +} + +4. rpcclient: Issue an AddPrinterEx() MS-RPC to actually + create the printer + + + One of the problems encountered when implementing + the Imprints tool set was the name space issues between + various supported client architectures. For example, Windows + NT includes a driver named "Apple LaserWriter II NTX v51.8" + and Windows 95 calls its version of this driver "Apple + LaserWriter II NTX" + + The problem is how to know what client drivers have + been uploaded for a printer. As astute reader will remember + that the Windows NT Printer Properties dialog only includes + space for one printer driver name. A quick look in the + Windows NT 4.0 system registry at + + HKLM\System\CurrentControlSet\Control\Print\Environment + + + will reveal that Windows NT always uses the NT driver + name. This is ok as Windows NT always requires that at least + the Windows NT version of the printer driver is present. + However, Samba does not have the requirement internally. + Therefore, how can you use the NT driver name if is has not + already been installed? + + The way of sidestepping this limitation is to require + that all Imprints printer driver packages include both the Intel + Windows NT and 95/98 printer drivers and that NT driver is + installed first. + + + + + + +<anchor id="MIGRATION">Migration to from Samba 2.0.x to 2.2.x + + +Given that printer driver management has changed (we hope improved) in +2.2 over prior releases, migration from an existing setup to 2.2 can +follow several paths. Here are the possible scenarios for +migration: + + + + If you do not desire the new Windows NT + print driver support, nothing needs to be done. + All existing parameters work the same. + + If you want to take advantage of NT printer + driver support but do not want to migrate the + 9x drivers to the new setup, the leave the existing + printers.def file. When smbd attempts + to locate a + 9x driver for the printer in the TDB and fails it + will drop down to using the printers.def (and all + associated parameters). The make_printerdef + tool will also remain for backwards compatibility but will + be removed in the next major release. + + If you install a Windows 9x driver for a printer + on your Samba host (in the printing TDB), this information will + take precedence and the three old printing parameters + will be ignored (including print driver location). + + If you want to migrate an existing printers.def + file into the new setup, the current only solution is to use the Windows + NT APW to install the NT drivers and the 9x drivers. This can be scripted + using smbclient and rpcclient. See the + Imprints installation client at http://imprints.sourceforge.net/ + for an example. + + + + + +Achtung! + + +The following smb.conf parameters are considered to +be deprecated and will be removed soon. Do not use them in new +installations + + + + printer driver file (G) + + + printer driver (S) + + + printer driver location (S) + + + + + + +The have been two new parameters add in Samba 2.2.2 to for +better support of Samba 2.0.x backwards capability (disable +spoolss) and for using local printers drivers on Windows +NT/2000 clients (use client driver). Both of +these options are described in the smb.coinf(5) man page and are +disabled by default. + + + + + + + + + diff --git a/docs/docbook/projdoc/samba-doc.sgml b/docs/docbook/projdoc/samba-doc.sgml new file mode 100644 index 00000000000..28baa7f6094 --- /dev/null +++ b/docs/docbook/projdoc/samba-doc.sgml @@ -0,0 +1,77 @@ + + + + + + + + + + + + + + + +]> + + + +SAMBA Project Documentation + + + + SAMBA Team + +
samba@samba.org
+ + + +Abstract + + +Last Update : Mon Apr 1 08:47:26 CST 2002 + + + +This book is a collection of HOWTOs added to Samba documentation over the years. +I try to ensure that all are current, but sometimes the is a larger job +than one person can maintain. The most recent version of this document +can be found at http://www.samba.org/ +on the "Documentation" page. Please send updates to jerry@samba.org. + + + +This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at http://www.fsf.org/licenses/gpl.txt + + + +Cheers, jerry + + + + + +&UNIX-INSTALL; +&IntegratingWithWindows; +&Samba-PAM; +&MS-Dfs-Setup; +&NT-Security; +&PRINTER-DRIVER2; +&DOMAIN-MEMBER; +&Samba-PDC-HOWTO; +&Samba-BDC-HOWTO; +&Samba-LDAP; +&WINBIND; +&OS2-Client; +&CVS-Access; + + +&INDEX-FILE; + + diff --git a/docs/docbook/projdoc/winbind.sgml b/docs/docbook/projdoc/winbind.sgml new file mode 100644 index 00000000000..fc8d8d52a12 --- /dev/null +++ b/docs/docbook/projdoc/winbind.sgml @@ -0,0 +1,919 @@ + + + + + + TimPotter + + Samba Team +
tpot@linuxcare.com.au
+ + + + AndrewTrigdell + + Samba Team +
tridge@linuxcare.com.au
+ + + + JohnTrostel + + Snapserver +
jtrostel@snapserver.com
+ + + + + 16 Oct 2000 + + +Unified Logons between Windows NT and UNIX using Winbind + + + Abstract + + Integration of UNIX and Microsoft Windows NT through + a unified logon has been considered a "holy grail" in heterogeneous + computing environments for a long time. We present + winbind, a component of the Samba suite + of programs as a solution to the unified logon problem. Winbind + uses a UNIX implementation + of Microsoft RPC calls, Pluggable Authentication Modules, and the Name + Service Switch to allow Windows NT domain users to appear and operate + as UNIX users on a UNIX machine. This paper describes the winbind + system, explaining the functionality it provides, how it is configured, + and how it works internally. + + + + + Introduction + + It is well known that UNIX and Microsoft Windows NT have + different models for representing user and group information and + use different technologies for implementing them. This fact has + made it difficult to integrate the two systems in a satisfactory + manner. + + One common solution in use today has been to create + identically named user accounts on both the UNIX and Windows systems + and use the Samba suite of programs to provide file and print services + between the two. This solution is far from perfect however, as + adding and deleting users on both sets of machines becomes a chore + and two sets of passwords are required both of which + can lead to synchronization problems between the UNIX and Windows + systems and confusion for users. + + We divide the unified logon problem for UNIX machines into + three smaller problems: + + + Obtaining Windows NT user and group information + + + Authenticating Windows NT users + + + Password changing for Windows NT users + + + + + Ideally, a prospective solution to the unified logon problem + would satisfy all the above components without duplication of + information on the UNIX machines and without creating additional + tasks for the system administrator when maintaining users and + groups on either system. The winbind system provides a simple + and elegant solution to all three components of the unified logon + problem. + + + + + What Winbind Provides + + Winbind unifies UNIX and Windows NT account management by + allowing a UNIX box to become a full member of a NT domain. Once + this is done the UNIX box will see NT users and groups as if + they were native UNIX users and groups, allowing the NT domain + to be used in much the same manner that NIS+ is used within + UNIX-only environments. + + The end result is that whenever any + program on the UNIX machine asks the operating system to lookup + a user or group name, the query will be resolved by asking the + NT domain controller for the specified domain to do the lookup. + Because Winbind hooks into the operating system at a low level + (via the NSS name resolution modules in the C library) this + redirection to the NT domain controller is completely + transparent. + + Users on the UNIX machine can then use NT user and group + names as they would use "native" UNIX names. They can chown files + so that they are owned by NT domain users or even login to the + UNIX machine and run a UNIX X-Window session as a domain user. + + The only obvious indication that Winbind is being used is + that user and group names take the form DOMAIN\user and + DOMAIN\group. This is necessary as it allows Winbind to determine + that redirection to a domain controller is wanted for a particular + lookup and which trusted domain is being referenced. + + Additionally, Winbind provides an authentication service + that hooks into the Pluggable Authentication Modules (PAM) system + to provide authentication via a NT domain to any PAM enabled + applications. This capability solves the problem of synchronizing + passwords between systems since all passwords are stored in a single + location (on the domain controller). + + + Target Uses + + Winbind is targeted at organizations that have an + existing NT based domain infrastructure into which they wish + to put UNIX workstations or servers. Winbind will allow these + organizations to deploy UNIX workstations without having to + maintain a separate account infrastructure. This greatly + simplifies the administrative overhead of deploying UNIX + workstations into a NT based organization. + + Another interesting way in which we expect Winbind to + be used is as a central part of UNIX based appliances. Appliances + that provide file and print services to Microsoft based networks + will be able to use Winbind to provide seamless integration of + the appliance into the domain. + + + + + + + How Winbind Works + + The winbind system is designed around a client/server + architecture. A long running winbindd daemon + listens on a UNIX domain socket waiting for requests + to arrive. These requests are generated by the NSS and PAM + clients and processed sequentially. + + The technologies used to implement winbind are described + in detail below. + + + Microsoft Remote Procedure Calls + + Over the last two years, efforts have been underway + by various Samba Team members to decode various aspects of + the Microsoft Remote Procedure Call (MSRPC) system. This + system is used for most network related operations between + Windows NT machines including remote management, user authentication + and print spooling. Although initially this work was done + to aid the implementation of Primary Domain Controller (PDC) + functionality in Samba, it has also yielded a body of code which + can be used for other purposes. + + Winbind uses various MSRPC calls to enumerate domain users + and groups and to obtain detailed information about individual + users or groups. Other MSRPC calls can be used to authenticate + NT domain users and to change user passwords. By directly querying + a Windows PDC for user and group information, winbind maps the + NT account information onto UNIX user and group names. + + + + Name Service Switch + + The Name Service Switch, or NSS, is a feature that is + present in many UNIX operating systems. It allows system + information such as hostnames, mail aliases and user information + to be resolved from different sources. For example, a standalone + UNIX workstation may resolve system information from a series of + flat files stored on the local filesystem. A networked workstation + may first attempt to resolve system information from local files, + and then consult a NIS database for user information or a DNS server + for hostname information. + + The NSS application programming interface allows winbind + to present itself as a source of system information when + resolving UNIX usernames and groups. Winbind uses this interface, + and information obtained from a Windows NT server using MSRPC + calls to provide a new source of account enumeration. Using standard + UNIX library calls, one can enumerate the users and groups on + a UNIX machine running winbind and see all users and groups in + a NT domain plus any trusted domain as though they were local + users and groups. + + The primary control file for NSS is + /etc/nsswitch.conf. + When a UNIX application makes a request to do a lookup + the C library looks in /etc/nsswitch.conf + for a line which matches the service type being requested, for + example the "passwd" service type is used when user or group names + are looked up. This config line species which implementations + of that service should be tried and in what order. If the passwd + config line is: + + passwd: files example + + then the C library will first load a module called + /lib/libnss_files.so followed by + the module /lib/libnss_example.so. The + C library will dynamically load each of these modules in turn + and call resolver functions within the modules to try to resolve + the request. Once the request is resolved the C library returns the + result to the application. + + This NSS interface provides a very easy way for Winbind + to hook into the operating system. All that needs to be done + is to put libnss_winbind.so in /lib/ + then add "winbind" into /etc/nsswitch.conf at + the appropriate place. The C library will then call Winbind to + resolve user and group names. + + + + Pluggable Authentication Modules + + Pluggable Authentication Modules, also known as PAM, + is a system for abstracting authentication and authorization + technologies. With a PAM module it is possible to specify different + authentication methods for different system applications without + having to recompile these applications. PAM is also useful + for implementing a particular policy for authorization. For example, + a system administrator may only allow console logins from users + stored in the local password file but only allow users resolved from + a NIS database to log in over the network. + + Winbind uses the authentication management and password + management PAM interface to integrate Windows NT users into a + UNIX system. This allows Windows NT users to log in to a UNIX + machine and be authenticated against a suitable Primary Domain + Controller. These users can also change their passwords and have + this change take effect directly on the Primary Domain Controller. + + + PAM is configured by providing control files in the directory + /etc/pam.d/ for each of the services that + require authentication. When an authentication request is made + by an application the PAM code in the C library looks up this + control file to determine what modules to load to do the + authentication check and in what order. This interface makes adding + a new authentication service for Winbind very easy, all that needs + to be done is that the pam_winbind.so module + is copied to /lib/security/ and the PAM + control files for relevant services are updated to allow + authentication via winbind. See the PAM documentation + for more details. + + + + + User and Group ID Allocation + + When a user or group is created under Windows NT + is it allocated a numerical relative identifier (RID). This is + slightly different to UNIX which has a range of numbers that are + used to identify users, and the same range in which to identify + groups. It is winbind's job to convert RIDs to UNIX id numbers and + vice versa. When winbind is configured it is given part of the UNIX + user id space and a part of the UNIX group id space in which to + store Windows NT users and groups. If a Windows NT user is + resolved for the first time, it is allocated the next UNIX id from + the range. The same process applies for Windows NT groups. Over + time, winbind will have mapped all Windows NT users and groups + to UNIX user ids and group ids. + + The results of this mapping are stored persistently in + an ID mapping database held in a tdb database). This ensures that + RIDs are mapped to UNIX IDs in a consistent way. + + + + + Result Caching + + An active system can generate a lot of user and group + name lookups. To reduce the network cost of these lookups winbind + uses a caching scheme based on the SAM sequence number supplied + by NT domain controllers. User or group information returned + by a PDC is cached by winbind along with a sequence number also + returned by the PDC. This sequence number is incremented by + Windows NT whenever any user or group information is modified. If + a cached entry has expired, the sequence number is requested from + the PDC and compared against the sequence number of the cached entry. + If the sequence numbers do not match, then the cached information + is discarded and up to date information is requested directly + from the PDC. + + + + + + Installation and Configuration + + +Many thanks to John Trostel jtrostel@snapserver.com +for providing the HOWTO for this section. + + + +This HOWTO describes how to get winbind services up and running +to control access and authenticate users on your Linux box using +the winbind services which come with SAMBA 2.2.2. + + + + +Introduction + + +This HOWTO describes the procedures used to get winbind up and +running on my RedHat 7.1 system. Winbind is capable of providing access +and authentication control for Windows Domain users through an NT +or Win2K PDC for 'regular' services, such as telnet a nd ftp, as +well for SAMBA services. + + + +This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution, you may have to modify the instructions +somewhat to fit the way your distribution works. + + + + + + + Why should I to this? + + + This allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate + accounts on the SAMBA server. + + + + + + Who should be reading this document? + + + + This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) + integrate existing NT/Win2K users from your PDC onto the + SAMBA server, this HOWTO is for you. That said, I am no NT or PAM + expert, so you may find a better or easier way to accomplish + these tasks. + + + + + + + +Requirements + + +If you have a samba configuration file that you are currently +using... BACK IT UP! If your system already uses PAM, +back up the /etc/pam.d directory +contents! If you haven't already made a boot disk, +MAKE ONE NOW! + + + +Messing with the pam configuration files can make it nearly impossible +to log in to yourmachine. That's why you want to be able to boot back +into your machine in single user mode and restore your +/etc/pam.d back to the original state they were in if +you get frustrated with the way things are going. ;-) + + + +The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +main SAMBA web page or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code. + + + +To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your +SAMBA machine, PAM (pluggable authentication modules) must +be setup properly on your machine. In order to compile the +winbind modules, you should have at least the pam libraries resident +on your system. For recent RedHat systems (7.1, for instance), that +means pam-0.74-22. For best results, it is helpful to also +install the development packages in pam-devel-0.74-22. + + + + + + +Testing Things Out + + +Before starting, it is probably best to kill off all the SAMBA +related daemons running on your server. Kill off all smbd, +nmbd, and winbindd processes that may +be running. To use PAM, you will want to make sure that you have the +standard PAM package (for RedHat) which supplies the /etc/pam.d +directory structure, including the pam modules are used by pam-aware +services, several pam libraries, and the /usr/doc +and /usr/man entries for pam. Winbind built better +in SAMBA if the pam-devel package was also installed. This package includes +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both pam-0.74-22 and +pam-devel-0.74-22 RPMs installed. + + + +Configure and compile SAMBA + + +The configuration and compilation of SAMBA is pretty straightforward. +The first three steps may not be necessary depending upon +whether or not you have previously built the Samba binaries. + + + +root# autoconf +root# make clean +root# rm config.cache +root# ./configure --with-winbind +root# make +root# make install + + + + +This will, by default, install SAMBA in /usr/local/samba. +See the main SAMBA documentation if you want to install SAMBA somewhere else. +It will also build the winbindd executable and libraries. + + + + + +Configure <filename>nsswitch.conf</filename> and the +winbind libraries + + +The libraries needed to run the winbindd daemon +through nsswitch need to be copied to their proper locations, so + + + +root# cp ../samba/source/nsswitch/libnss_winbind.so /lib + + + +I also found it necessary to make the following symbolic link: + + + +root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 + + + +Now, as root you need to edit /etc/nsswitch.conf to +allow user and group entries to be visible from the winbindd +daemon. My /etc/nsswitch.conf file look like +this after editing: + + + + passwd: files winbind + shadow: files + group: files winbind + + + +The libraries needed by the winbind daemon will be automatically +entered into the ldconfig cache the next time +your system reboots, but it +is faster (and you don't need to reboot) if you do it manually: + + + +root# /sbin/ldconfig -v | grep winbind + + + +This makes libnss_winbind available to winbindd +and echos back a check to you. + + + + + + +Configure smb.conf + + +Several parameters are needed in the smb.conf file to control +the behavior of winbindd. Configure +smb.conf These are described in more detail in +the winbindd(8) man page. My +smb.conf file was modified to +include the following entries in the [global] section: + + + +[global] + <...> + # separate domain and username with '+', like DOMAIN+username + winbind separator = + + # use uids from 10000 to 20000 for domain users + winbind uid = 10000-20000 + # use gids from 10000 to 20000 for domain groups + winbind gid = 10000-20000 + # allow enumeration of winbind users and groups + winbind enum users = yes + winbind enum groups = yes + # give winbind users a real shell (only needed if they have telnet access) + template homedir = /home/winnt/%D/%U + template shell = /bin/bash + + + + + + +Join the SAMBA server to the PDC domain + + +Enter the following command to make the SAMBA server join the +PDC domain, where DOMAIN is the name of +your Windows domain and Administrator is +a domain user who has administrative privileges in the domain. + + + + +root# /usr/local/samba/bin/net rpc join -s PDC -U Administrator + + + + +The proper response to the command should be: "Joined the domain +DOMAIN" where DOMAIN +is your DOMAIN name. + + + + + + +Start up the winbindd daemon and test it! + + +Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of +SAMBA start, but it is possible to test out just the winbind +portion first. To start up winbind services, enter the following +command as root: + + + +root# /usr/local/samba/bin/winbindd + + + +I'm always paranoid and like to make sure the daemon +is really running... + + + +root# ps -ae | grep winbindd + + +This command should produce output like this, if the daemon is running + + +3025 ? 00:00:00 winbindd + + + +Now... for the real test, try to get some information about the +users on your PDC + + + +root# /usr/local/samba/bin/wbinfo -u + + + +This should echo back a list of users on your Windows users on +your PDC. For example, I get the following response: + + + +CEO+Administrator +CEO+burdell +CEO+Guest +CEO+jt-ad +CEO+krbtgt +CEO+TsInternetUser + + + +Obviously, I have named my domain 'CEO' and my winbind +separator is '+'. + + + +You can do the same sort of thing to get group information from +the PDC: + + + +root# /usr/local/samba/bin/wbinfo -g +CEO+Domain Admins +CEO+Domain Users +CEO+Domain Guests +CEO+Domain Computers +CEO+Domain Controllers +CEO+Cert Publishers +CEO+Schema Admins +CEO+Enterprise Admins +CEO+Group Policy Creator Owners + + + +The function 'getent' can now be used to get unified +lists of both local and PDC users and groups. +Try the following command: + + + +root# getent passwd + + + +You should get a list that looks like your /etc/passwd +list followed by the domain users with their new uids, gids, home +directories and default shells. + + + +The same thing can be done for groups with the command + + + +root# getent group + + + + + + +Fix the <filename>/etc/rc.d/init.d/smb</filename> startup files + + +The winbindd daemon needs to start up after the +smbd and nmbd daemons are running. +To accomplish this task, you need to modify the /etc/init.d/smb +script to add commands to invoke this daemon in the proper sequence. My +/etc/init.d/smb file starts up smbd, +nmbd, and winbindd from the +/usr/local/samba/bin directory directly. The 'start' +function in the script looks like this: + + + +start() { + KIND="SMB" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/smbd $SMBDOPTIONS + RETVAL=$? + echo + KIND="NMB" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS + RETVAL2=$? + echo + KIND="Winbind" + echo -n $"Starting $KIND services: " + daemon /usr/local/samba/bin/winbindd + RETVAL3=$? + echo + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \ + RETVAL=1 + return $RETVAL +} + + + +The 'stop' function has a corresponding entry to shut down the +services and look s like this: + + + +stop() { + KIND="SMB" + echo -n $"Shutting down $KIND services: " + killproc smbd + RETVAL=$? + echo + KIND="NMB" + echo -n $"Shutting down $KIND services: " + killproc nmbd + RETVAL2=$? + echo + KIND="Winbind" + echo -n $"Shutting down $KIND services: " + killproc winbindd + RETVAL3=$? + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb + echo "" + return $RETVAL +} + + + +If you restart the smbd, nmbd, +and winbindd daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user. + + + + + + + +Configure Winbind and PAM + + +If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in +this step. (Did you remember to make backups of your original +/etc/pam.d files? If not, do it now.) + + + +You will need a pam module to use winbindd with these other services. This +module will be compiled in the ../source/nsswitch directory +by invoking the command + + + +root# make nsswitch/pam_winbind.so + + + +from the ../source directory. The +pam_winbind.so file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +/lib/security directory. + + + +root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security + + + +The /etc/pam.d/samba file does not need to be changed. I +just left this fileas it was: + + + + +auth required /lib/security/pam_stack.so service=system-auth +account required /lib/security/pam_stack.so service=system-auth + + + +The other services that I modified to allow the use of winbind +as an authentication service were the normal login on the console (or a terminal +session), telnet logins, and ftp service. In order to enable these +services, you may first need to change the entries in +/etc/xinetd.d (or /etc/inetd.conf). +RedHat 7.1 uses the new xinetd.d structure, in this case you need +to change the lines in /etc/xinetd.d/telnet +and /etc/xinetd.d/wu-ftp from + + + +enable = no + + + +to + + + +enable = yes + + + +For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on +the server, or change the home directory template to a general +directory for all domain users. These can be easily set using +the smb.conf global entry +template homedir. + + + +The /etc/pam.d/ftp file can be changed +to allow winbind ftp access in a manner similar to the +samba file. My /etc/pam.d/ftp file was +changed to look like this: + + + +auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_shells.so +account sufficient /lib/security/pam_winbind.so +account required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth + + + +The /etc/pam.d/login file can be changed nearly the +same way. It now looks like this: + + + +auth required /lib/security/pam_securetty.so +auth sufficient /lib/security/pam_winbind.so +auth sufficient /lib/security/pam_unix.so use_first_pass +auth required /lib/security/pam_stack.so service=system-auth +auth required /lib/security/pam_nologin.so +account sufficient /lib/security/pam_winbind.so +account required /lib/security/pam_stack.so service=system-auth +password required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth +session optional /lib/security/pam_console.so + + + +In this case, I added the auth sufficient /lib/security/pam_winbind.so +lines as before, but also added the required pam_securetty.so +above it, to disallow root logins over the network. I also added a +sufficient /lib/security/pam_unix.so use_first_pass +line after the winbind.so line to get rid of annoying +double prompts for passwords. + + + + + + + + + + + Limitations + + Winbind has a number of limitations in its current + released version that we hope to overcome in future + releases: + + + Winbind is currently only available for + the Linux operating system, although ports to other operating + systems are certainly possible. For such ports to be feasible, + we require the C library of the target operating system to + support the Name Service Switch and Pluggable Authentication + Modules systems. This is becoming more common as NSS and + PAM gain support among UNIX vendors. + + The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file + containing this information is corrupted or destroyed. + + + Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions + that may be been set for Windows NT users. + + + + + + Conclusion + + The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network. + + + + diff --git a/docs/docbook/scripts/README.ldp_print b/docs/docbook/scripts/README.ldp_print new file mode 100644 index 00000000000..8d61a855343 --- /dev/null +++ b/docs/docbook/scripts/README.ldp_print @@ -0,0 +1,60 @@ + +###################################################################### + ldp_print - print tool/script for DocBook SGML/XML documents +###################################################################### + +This process/script is used in the production environment for the +LDP. It relies on the HTMLDOC software package (GPL'ed) which can be +obtained from the Easy Software Products (c) web site: + + http://www.easysw.com/htmldoc/ + +This process creates a PDF variant from the single-file HTML +representation of a DocBook SGML (or XML) instance. The simple +wrapper script (ldp_print) assumes that the file was created using +{open}jade in a manner similar to: + + jade -t sgml -i html -V nochunks -d $style $fname > $fname.html + +Give the script the filename as an argument. It will then parse the +file into 'title.html' and 'body.html' and send each to htmldoc (as +the corresponding title page and body of the document). + + +CAVEATS +======= + +o Assumes perl is in /usr/bin; adjust if necessary + +o You may need to specify where the htmldoc executable resides. + The script assumes it's within your $PATH. + +o If you want Postscript as an output variant, uncomment the + appropriate lines (see below). + +o Relies on output from a DocBook instance created via DSSSL/{open}jade! + +o Cleans up (removes) the intermediate files it creates (but not the + PDF or Postscript files, obviously!) + +o Works silently; PDF (PostScript) will be created in the same directory + as was specified for the input (single-file HTML) file. + +o Provided without warranty or support! + +o I ran into a problem with htmldoc v1.8.8 which required a source + code change (I was getting a core dump from the htmldoc process). + Here is the change required: + + htmldoc/ps-pdf.cxx : + 3662,3665d3661 + < /* gjf = 11Oct2000 */ + < if( temprow == NULL ) + < break; + < + + +==== +gferg (at) sgi.com / Ferg +11 Jan 2000 + diff --git a/docs/docbook/scripts/collateindex.pl b/docs/docbook/scripts/collateindex.pl new file mode 100644 index 00000000000..fd757edb320 --- /dev/null +++ b/docs/docbook/scripts/collateindex.pl @@ -0,0 +1,595 @@ +# -*- Perl -*- +# + +use Getopt::Std; + +$usage = "Usage: $0 file +Where are: + -p Link to points in the document. The default is to link + to the closest containing section. + -g Group terms with IndexDiv based on the first letter + of the term (or its sortas attribute). + (This probably doesn't handle i10n particularly well) + -s name Name the IndexDiv that contains symbols. The default + is 'Symbols'. Meaningless if -g is not used. + -t name Title for the index. + -P file Read a preamble from file. The content of file will + be inserted before the tag. + -i id The ID for the tag. + -o file Output to file. Defaults to stdout. + -S scope Scope of the index, must be 'all', 'local', or 'global'. + If unspecified, 'all' is assumed. + -I scope The implied scope, must be 'all', 'local', or 'global'. + IndexTerms which do not specify a scope will have the + implied scope. If unspecified, 'all' is assumed. + -x Make a SetIndex. + -f Force the output file to be written, even if it appears + to have been edited by hand. + -N New index (generates an empty index file). + file The file containing index data generated by Jade + with the DocBook HTML Stylesheet.\n"; + +die $usage if ! getopts('Dfgi:NpP:s:o:S:I:t:x'); + +$linkpoints = $opt_p; +$lettergroups = $opt_g; +$symbolsname = $opt_s || "Symbols"; +$title = $opt_t; +$preamble = $opt_P; +$outfile = $opt_o || '-'; +$indexid = $opt_i; +$scope = uc($opt_S) || 'ALL'; +$impliedscope = uc($opt_I) || 'ALL'; +$setindex = $opt_x; +$forceoutput = $opt_f; +$newindex = $opt_N; +$debug = $opt_D; + +$indextag = $setindex ? 'setindex' : 'index'; + +if ($newindex) { + safe_open(*OUT, $outfile); + if ($indexid) { + print OUT "<$indextag id='$indexid'>\n\n"; + } else { + print OUT "<$indextag>\n\n"; + } + + print OUT "\n"; + print OUT "\n"; + + print OUT "\n"; + exit 0; +} + +$dat = shift @ARGV || die $usage; +die "$0: cannot find $dat.\n" if ! -f $dat; + +%legal_scopes = ('ALL' => 1, 'LOCAL' => 1, 'GLOBAL' => 1); +if ($scope && !$legal_scopes{$scope}) { + die "Invalid scope.\n$usage\n"; +} +if ($impliedscope && !$legal_scopes{$impliedscope}) { + die "Invalid implied scope.\n$usage\n"; +} + +@term = (); +%id = (); + +$termcount = 0; + +print STDERR "Processing $dat...\n"; + +# Read the index file, creating an array of objects. Each object +# represents and indexterm and has fields for the content of the +# indexterm + +open (F, $dat); +while () { + chop; + + if (/^\/indexterm/i) { + push (@term, $idx); + next; + } + + if (/^indexterm (.*)$/i) { + $termcount++; + $idx = {}; + $idx->{'zone'} = {}; + $idx->{'href'} = $1; + $idx->{'count'} = $termcount; + $idx->{'scope'} = $impliedscope; + next; + } + + if (/^indexpoint (.*)$/i) { + $idx->{'hrefpoint'} = $1; + next; + } + + if (/^title (.*)$/i) { + $idx->{'title'} = $1; + next; + } + + if (/^primary[\[ ](.*)$/i) { + if (/^primary\[(.*?)\] (.*)$/i) { + $idx->{'psortas'} = $1; + $idx->{'primary'} = $2; + } else { + $idx->{'psortas'} = $1; + $idx->{'primary'} = $1; + } + next; + } + + if (/^secondary[\[ ](.*)$/i) { + if (/^secondary\[(.*?)\] (.*)$/i) { + $idx->{'ssortas'} = $1; + $idx->{'secondary'} = $2; + } else { + $idx->{'ssortas'} = $1; + $idx->{'secondary'} = $1; + } + next; + } + + if (/^tertiary[\[ ](.*)$/i) { + if (/^tertiary\[(.*?)\] (.*)$/i) { + $idx->{'tsortas'} = $1; + $idx->{'tertiary'} = $2; + } else { + $idx->{'tsortas'} = $1; + $idx->{'tertiary'} = $1; + } + next; + } + + if (/^see (.*)$/i) { + $idx->{'see'} = $1; + next; + } + + if (/^seealso (.*)$/i) { + $idx->{'seealso'} = $1; + next; + } + + if (/^significance (.*)$/i) { + $idx->{'significance'} = $1; + next; + } + + if (/^class (.*)$/i) { + $idx->{'class'} = $1; + next; + } + + if (/^scope (.*)$/i) { + $idx->{'scope'} = uc($1); + next; + } + + if (/^startref (.*)$/i) { + $idx->{'startref'} = $1; + next; + } + + if (/^id (.*)$/i) { + $idx->{'id'} = $1; + $id{$1} = $idx; + next; + } + + if (/^zone (.*)$/i) { + my($href) = $1; + $_ = scalar(); + chop; + die "Bad zone: $_\n" if !/^title (.*)$/i; + $idx->{'zone'}->{$href} = $1; + next; + } + + die "Unrecognized: $_\n"; +} +close (F); + +print STDERR "$termcount entries loaded...\n"; + +# Fixup the startrefs... +# In DocBook, STARTREF is a #CONREF attribute; support this by copying +# all of the fields from the indexterm with the id specified by STARTREF +# to the indexterm that has the STARTREF. +foreach $idx (@term) { + my($ididx, $field); + if ($idx->{'startref'}) { + $ididx = $id{$idx->{'startref'}}; + foreach $field ('primary', 'secondary', 'tertiary', 'see', 'seealso', + 'psortas', 'ssortas', 'tsortas', 'significance', + 'class', 'scope') { + $idx->{$field} = $ididx->{$field}; + } + } +} + +# Sort the index terms +@term = sort termsort @term; + +# Move all of the non-alphabetic entries to the front of the index. +@term = sortsymbols(@term); + +safe_open(*OUT, $outfile); + +# Write the index... +if ($indexid) { + print OUT "<$indextag id='$indexid'>\n\n"; +} else { + print OUT "<$indextag>\n\n"; +} + +print OUT "\n"; +print OUT "\n"; + +print OUT "\n\n"; + +print OUT "$title\n\n" if $title; + +$last = {}; # the last indexterm we processed +$first = 1; # this is the first one +$group = ""; # we're not in a group yet +$lastout = ""; # we've not put anything out yet + +foreach $idx (@term) { + next if $idx->{'startref'}; # no way to represent spans... + next if ($idx->{'scope'} eq 'LOCAL') && ($scope eq 'GLOBAL'); + next if ($idx->{'scope'} eq 'GLOBAL') && ($scope eq 'LOCAL'); + next if &same($idx, $last); # suppress duplicates + + $termcount--; + + # If primary changes, output a whole new index term, otherwise just + # output another secondary or tertiary, as appropriate. We know from + # sorting that the terms will always be in the right order. + if (!&tsame($last, $idx, 'primary')) { + print "DIFF PRIM\n" if $debug; + &end_entry() if not $first; + + if ($lettergroups) { + # If we're grouping, make the right indexdivs + $letter = $idx->{'psortas'}; + $letter = $idx->{'primary'} if !$letter; + $letter = uc(substr($letter, 0, 1)); + + # symbols are a special case + if (($letter lt 'A') || ($letter gt 'Z')) { + if (($group eq '') + || (($group ge 'A') && ($group le 'Z'))) { + print OUT "\n" if !$first; + print OUT "$symbolsname\n\n"; + $group = $letter; + } + } elsif (($group eq '') || ($group ne $letter)) { + print OUT "\n" if !$first; + print OUT "$letter\n\n"; + $group = $letter; + } + } + + $first = 0; # there can only be on first ;-) + + print OUT "\n"; + print OUT " ", $idx->{'primary'}; + $lastout = "primaryie"; + + if ($idx->{'secondary'}) { + print OUT "\n \n"; + print OUT " ", $idx->{'secondary'}; + $lastout = "secondaryie"; + }; + + if ($idx->{'tertiary'}) { + print OUT "\n \n"; + print OUT " ", $idx->{'tertiary'}; + $lastout = "tertiaryie"; + } + } elsif (!&tsame($last, $idx, 'secondary')) { + print "DIFF SEC\n" if $debug; + + print OUT "\n \n" if $lastout; + + print OUT " ", $idx->{'secondary'}; + $lastout = "secondaryie"; + if ($idx->{'tertiary'}) { + print OUT "\n \n"; + print OUT " ", $idx->{'tertiary'}; + $lastout = "tertiaryie"; + } + } elsif (!&tsame($last, $idx, 'tertiary')) { + print "DIFF TERT\n" if $debug; + + print OUT "\n \n" if $lastout; + + if ($idx->{'tertiary'}) { + print OUT " ", $idx->{'tertiary'}; + $lastout = "tertiaryie"; + } + } + + &print_term($idx); + + $last = $idx; +} + +# Termcount is > 0 iff some entries were skipped. +print STDERR "$termcount entries ignored...\n"; + +&end_entry(); + +print OUT "\n" if $lettergroups; +print OUT "\n"; + +close (OUT); + +print STDERR "Done.\n"; + +sub same { + my($a) = shift; + my($b) = shift; + + my($aP) = $a->{'psortas'} || $a->{'primary'}; + my($aS) = $a->{'ssortas'} || $a->{'secondary'}; + my($aT) = $a->{'tsortas'} || $a->{'tertiary'}; + + my($bP) = $b->{'psortas'} || $b->{'primary'}; + my($bS) = $b->{'ssortas'} || $b->{'secondary'}; + my($bT) = $b->{'tsortas'} || $b->{'tertiary'}; + + my($same); + + $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP); + $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS); + $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT); + $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP); + $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS); + $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT); + +# print "[$aP]=[$bP]\n"; +# print "[$aS]=[$bS]\n"; +# print "[$aT]=[$bT]\n"; + + # Two index terms are the same if: + # 1. the primary, secondary, and tertiary entries are the same + # (or have the same SORTAS) + # AND + # 2. They occur in the same titled section + # AND + # 3. They point to the same place + # + # Notes: Scope is used to suppress some entries, but can't be used + # for comparing duplicates. + # Interpretation of "the same place" depends on whether or + # not $linkpoints is true. + + $same = (($aP eq $bP) + && ($aS eq $bS) + && ($aT eq $bT) + && ($a->{'title'} eq $b->{'title'}) + && ($a->{'href'} eq $b->{'href'})); + + # If we're linking to points, they're only the same if they link + # to exactly the same spot. (surely this is redundant?) + $same = $same && ($a->{'hrefpoint'} eq $b->{'hrefpoint'}) + if $linkpoints; + + $same; +} + +sub tsame { + # Unlike same(), tsame only compares a single term + my($a) = shift; + my($b) = shift; + my($term) = shift; + my($sterm) = substr($term, 0, 1) . "sortas"; + my($A, $B); + + $A = $a->{$sterm} || $a->{$term}; + $B = $b->{$sterm} || $b->{$term}; + + $A =~ s/^\s*//; $A =~ s/\s*$//; $A = uc($A); + $B =~ s/^\s*//; $B =~ s/\s*$//; $B = uc($B); + + return $A eq $B; +} + +sub end_entry { + # End any open elements... + print OUT "\n \n" if $lastout; + print OUT "\n\n"; + $lastout = ""; +} + +sub print_term { + # Print out the links for an indexterm. There can be more than + # one if the term has a ZONE that points to more than one place. + # (do we do the right thing in that case?) + my($idx) = shift; + my($key, $indent, @hrefs); + my(%href) = (); + my(%phref) = (); + + $indent = " "; + + if ($idx->{'see'}) { + # it'd be nice to make this a link... + if ($lastout) { + print OUT "\n \n"; + $lastout = ""; + } + print OUT $indent, "", $idx->{'see'}, "\n"; + return; + } + + if ($idx->{'seealso'}) { + # it'd be nice to make this a link... + if ($lastout) { + print OUT "\n \n"; + $lastout = ""; + } + print OUT $indent, "", $idx->{'seealso'}, "\n"; + return; + } + + if (keys %{$idx->{'zone'}}) { + foreach $key (keys %{$idx->{'zone'}}) { + $href{$key} = $idx->{'zone'}->{$key}; + $phref{$key} = $idx->{'zone'}->{$key}; + } + } else { + $href{$idx->{'href'}} = $idx->{'title'}; + $phref{$idx->{'href'}} = $idx->{'hrefpoint'}; + } + + # We can't use because we don't know the ID of the term in the + # original source (and, in fact, it might not have one). + print OUT ",\n"; + @hrefs = keys %href; + while (@hrefs) { + my($linkend) = ""; + my($role) = ""; + $key = shift @hrefs; + if ($linkpoints) { + $linkend = $phref{$key}; + } else { + $linkend = $key; + } + + $role = $linkend; + $role = $1 if $role =~ /\#(.*)$/; + + print OUT $indent; + print OUT ""; + print OUT "" if ($idx->{'significance'} eq 'PREFERRED'); + print OUT $href{$key}; + print OUT "" if ($idx->{'significance'} eq 'PREFERRED'); + print OUT ""; + } +} + +sub termsort { + my($aP) = $a->{'psortas'} || $a->{'primary'}; + my($aS) = $a->{'ssortas'} || $a->{'secondary'}; + my($aT) = $a->{'tsortas'} || $a->{'tertiary'}; + my($ap) = $a->{'count'}; + + my($bP) = $b->{'psortas'} || $b->{'primary'}; + my($bS) = $b->{'ssortas'} || $b->{'secondary'}; + my($bT) = $b->{'tsortas'} || $b->{'tertiary'}; + my($bp) = $b->{'count'}; + + $aP =~ s/^\s*//; $aP =~ s/\s*$//; $aP = uc($aP); + $aS =~ s/^\s*//; $aS =~ s/\s*$//; $aS = uc($aS); + $aT =~ s/^\s*//; $aT =~ s/\s*$//; $aT = uc($aT); + $bP =~ s/^\s*//; $bP =~ s/\s*$//; $bP = uc($bP); + $bS =~ s/^\s*//; $bS =~ s/\s*$//; $bS = uc($bS); + $bT =~ s/^\s*//; $bT =~ s/\s*$//; $bT = uc($bT); + + if ($aP eq $bP) { + if ($aS eq $bS) { + if ($aT eq $bT) { + # make sure seealso's always sort to the bottom + return 1 if ($a->{'seealso'}); + return -1 if ($b->{'seealso'}); + # if everything else is the same, keep these elements + # in document order (so the index links are in the right + # order) + return $ap <=> $bp; + } else { + return $aT cmp $bT; + } + } else { + return $aS cmp $bS; + } + } else { + return $aP cmp $bP; + } +} + +sub sortsymbols { + my(@term) = @_; + my(@new) = (); + my(@sym) = (); + my($letter); + my($idx); + + # Move the non-letter things to the front. Should digits be thier + # own group? Maybe... + foreach $idx (@term) { + $letter = $idx->{'psortas'}; + $letter = $idx->{'primary'} if !$letter; + $letter = uc(substr($letter, 0, 1)); + + if (($letter lt 'A') || ($letter gt 'Z')) { + push (@sym, $idx); + } else { + push (@new, $idx); + } + } + + return (@sym, @new); +} + +sub safe_open { + local(*OUT) = shift; + local(*F, $_); + + if (($outfile ne '-') && (!$forceoutput)) { + my($handedit) = 1; + if (open (OUT, $outfile)) { + while () { + if (//){ + $handedit = 0; + last; + } + } + close (OUT); + } else { + $handedit = 0; + } + + if ($handedit) { + print "\n$outfile appears to have been edited by hand; use -f or\n"; + print " change the output file.\n"; + exit 1; + } + } + + open (OUT, ">$outfile") || die "$usage\nCannot write to $outfile.\n"; + + if ($preamble) { + # Copy the preamble + if (open(F, $preamble)) { + while () { + print OUT $_; + } + close(F); + } else { + warn "$0: cannot open preamble $preamble.\n"; + } + } +} diff --git a/docs/docbook/scripts/fix_print_html.lib b/docs/docbook/scripts/fix_print_html.lib new file mode 100644 index 00000000000..e8a9aaa4c77 --- /dev/null +++ b/docs/docbook/scripts/fix_print_html.lib @@ -0,0 +1,172 @@ +# +# fix_print_html.lib +# +# Dan Scott / +# Ferg / +# +# Used to prepare single-file HTML variant for PDF/Postscript creation +# thru htmldoc. +# +# log: +# 16Oct2000 - initial entry +# 03Apr2001 - fix for +# +# + +sub fix_print_html { + + my($in,$out,$ttl) = @_; + + open(IN_FILE, "< $in") || do { + print "fix_print_html: cannot open $in: $!\n"; + return 0; + }; + + my($buf,$ttl_buf) = ''; + my($indx) = -1; + my($is_article) = 0; + while() { + + if( $indx == 1 ) { + + # ignore everything until we see the chapter or sect + # + if( $_ =~ /CLASS="CHAP/i || $_ =~ /CLASS="PREF/i ) { + + $buf .= $_; + $indx++; + + } elsif( $_ =~ /CLASS="SECT/ || $_ =~ /CLASS="sect/ ) { + + $buf .= $_; + $indx++; + $is_article = 1; + + } else { + next; + } + + } elsif( $indx == 0 ) { + + # write out the title page file + # + if( $_ =~ /CLASS="TOC"/ ) { + + $ttl_buf .= ">\n\n\n"; + $ttl_buf =~ s/<\/H1\n/<\/H1\n>


$ttl") || do { + print "fix_print_html: cannot open $ttl: $!\n"; + close(IN_FILE); + return 0; + }; + print TOC_FILE $ttl_buf; + close(TOC_FILE); + $ttl_buf = ''; + $indx++; + + } else { + $ttl_buf .= $_; + } + + } elsif( $indx < 0 ) { + + # up to this point, both buffers get the line + # + if( $_ =~ /CLASS="TITLEPAGE"/ ) { + + $ttl_buf .= $_ . ">\n

\n



\n<\/P\n"; + $indx++; + + } else { + $buf .= $_; + $ttl_buf .= $_; + } + + } else { + + $buf .= $_; + } + } + close(IN_FILE); + + open(OUT_FILE, "> $out") || do { + print "fix_print_html: cannot open $out: $!\n"; + return 0; + }; + + + # make these corrections and write out the file + # + + $buf =~ s/(\n>/$1$2\n/gms; + $buf =~ s/(\n>/$1$2\n/gms; + $buf =~ s/(\n>/$1$2\n/gms; + if( $is_article == 0 ) { + $buf =~ s/(\nCLASS="SECT[TION\d]+"\n>)

) -1 ) { + $buf = substr($buf, 0, $indx); + $buf .= "\n<\/BODY>\n<\/HTML>\n\n"; + } elsif( ($indx = rindex($buf, " -1 ) { + $buf = substr($buf, 0, $indx); + $buf .= "\n<\/BODY>\n<\/HTML>\n\n"; + } + $buf =~ s/\&\#13;//g; + $buf =~ s/\&\#60;/\</g; + $buf =~ s/\&\#62;/\>/g; + $buf =~ s/\&\#8211;/\-/g; + $buf =~ s/WIDTH=\"\d\"//g; + $buf =~ s/><[\/]*TBODY//g; + $buf =~ s/><[\/]*THEAD//g; + $buf =~ s/TYPE=\"1\"\n//gim; + + if( $is_article == 0 ) { + + # for books...decrement the headers by 1 and then re-set the + # chapter level only to H1... + # + my($cnt,$j) = 0; + for($cnt=5; $cnt > 0; $cnt--) { + $j = $cnt + 1; + $buf =~ s/<\/DIV\n//gms; + $buf =~ s/(>(<\/LI\n)/$1$2$3/gms; + + print OUT_FILE $buf; + close(OUT_FILE); + + return 1; +} + +# Return true from package include +# +1; + diff --git a/docs/docbook/scripts/ldp_print b/docs/docbook/scripts/ldp_print new file mode 100755 index 00000000000..70bb801def4 --- /dev/null +++ b/docs/docbook/scripts/ldp_print @@ -0,0 +1,71 @@ +#!/usr/bin/perl -w +# +# usage: ldp_print +# +# Creates a PDF variant of a single-file HTML representation of a +# DocBook SGML (or XML) instance. This simple wrapper assumes that +# the file was created using {open}jade in a manner similar to: +# +# jade -t sgml -i html -V nochunks -d $style $fname > $fname.html +# +# Give this script the filename as an argument. It will then parse +# the file into 'title.html' and 'body.html' and send each to +# htmldoc (as the corresponding title page and body of the document). +# +# +# CAVEATS: +# +# Assumes perl is in /usr/bin; adjust if necessary +# +# You may need to specify where the htmldoc executable resides. +# The script assumes it's within your $PATH. +# +# If you want Postscript as an output variant, uncomment the +# appropriate lines (see below). +# +# Relies on output from a DocBook instance created via DSSSL/{open}jade! +# +# Cleans up (removes) the intermediate files it creates (but not the +# PDF or Postscript files, obviously!) +# +# Works silently; PDF (PostScript) will be created in the same directory +# as was specified for the input (single-file HTML) file. +# +# Provided without warranty or support! +# +# gferg@sgi.com / Ferg (used as part of the LDP production env) +# + +use strict; +push(@INC, "./"); +require 'fix_print_html.lib'; + +if( $ARGV[0] eq '' || !(-r $ARGV[0]) ) { + die "\nusage: ldp_print \n\n"; +} + +my($fname_wo_ext) = $ARGV[0]; +$fname_wo_ext =~ s/\.[\w]+$//; + + +# create new files from single HTML file to use for print +# +&fix_print_html($ARGV[0], 'body.html', 'title.html'); + +my($cmd) = "htmldoc --size universal -t pdf -f ${fname_wo_ext}.pdf " . + "--firstpage p1 --titlefile title.html body.html"; + +# For postscript output; append onto the above cmd string: +# +# "; htmldoc --size universal -t ps -f -f ${fname_wo_ext}.ps " . +# "--firstpage p1 --titlefile title.html body.html"; +# +system($cmd); +die "\nldp_print: could not create ${fname_wo_ext}.pdf ($!)\n" if ($?); + +# cleanup +# +system("rm -f body.html title.html"); + +exit(0); + diff --git a/docs/docbook/scripts/make-article.pl b/docs/docbook/scripts/make-article.pl new file mode 100644 index 00000000000..d1f8c668326 --- /dev/null +++ b/docs/docbook/scripts/make-article.pl @@ -0,0 +1,25 @@ +#!/usr/bin/perl + +$ignore = 0; + +print "\n"; + +while () { + + $_ =~ s/') { + $ignore = 1; + } + + if ( $_ =~ '') { + $ignore = 0; + $_ = ""; + } + + + if (! $ignore) { print "$_"; } + + +} diff --git a/docs/docbook/scripts/strip-links.pl b/docs/docbook/scripts/strip-links.pl new file mode 100644 index 00000000000..dbbdceaabcc --- /dev/null +++ b/docs/docbook/scripts/strip-links.pl @@ -0,0 +1,14 @@ +#!/usr/bin/perl + +## small script to stirp the tags from +## manpages generated from docbook2man. we'll leave +## the and links for now + +while () { + + chomp ($_); + $_ =~ s/\s*\s*//g; + print "$_\n"; + +} +exit 0; diff --git a/docs/docbook/stylesheets/ldp.dsl.in b/docs/docbook/stylesheets/ldp.dsl.in new file mode 100644 index 00000000000..d6e06f4b6d1 --- /dev/null +++ b/docs/docbook/stylesheets/ldp.dsl.in @@ -0,0 +1,256 @@ + + + +]]> + + +]]> +]> + + + + + + +;; ============================== +;; customize the print stylesheet +;; ============================== + +(declare-characteristic preserve-sdata? + ;; this is necessary because right now jadetex does not understand + ;; symbolic entities, whereas things work well with numeric entities. + "UNREGISTERED::James Clark//Characteristic::preserve-sdata?" + #f) + +(define %generate-article-toc% + ;; Should a Table of Contents be produced for Articles? + #t) + +(define (toc-depth nd) + 2) + +(define %generate-article-titlepage-on-separate-page% + ;; Should the article title page be on a separate page? + #t) + +(define %section-autolabel% + ;; Are sections enumerated? + #t) + +(define %footnote-ulinks% + ;; Generate footnotes for ULinks? + #f) + +(define %bop-footnotes% + ;; Make "bottom-of-page" footnotes? + #f) + +(define %body-start-indent% + ;; Default indent of body text + 0pi) + +(define %para-indent-firstpara% + ;; First line start-indent for the first paragraph + 0pt) + +(define %para-indent% + ;; First line start-indent for paragraphs (other than the first) + 0pt) + +(define %block-start-indent% + ;; Extra start-indent for block-elements + 0pt) + +(define formal-object-float + ;; Do formal objects float? + #t) + +(define %hyphenation% + ;; Allow automatic hyphenation? + #t) + +(define %admon-graphics% + ;; Use graphics in admonitions? + #f) + + + + + + + + + + +(declare-characteristic preserve-sdata? + ;; this is necessary because right now jadetex does not understand + ;; symbolic entities, whereas things work well with numeric entities. + "UNREGISTERED::James Clark//Characteristic::preserve-sdata?" + #f) + +(define %generate-legalnotice-link% + ;; put the legal notice in a separate file + #t) + +(define %admon-graphics-path% + ;; use graphics in admonitions, set their + "../images/") + +(define %admon-graphics% + #f) + +(define %funcsynopsis-decoration% + ;; make funcsynopsis look pretty + #t) + +(define %html-ext% + ;; when producing HTML files, use this extension + ".html") + +(define %generate-book-toc% + ;; Should a Table of Contents be produced for books? + #t) + +(define %generate-article-toc% + ;; Should a Table of Contents be produced for articles? + #t) + +(define %generate-part-toc% + ;; Should a Table of Contents be produced for parts? + #t) + +(define %generate-book-titlepage% + ;; produce a title page for books + #t) + +(define %generate-article-titlepage% + ;; produce a title page for articles + #t) + +(define (chunk-skip-first-element-list) + ;; forces the Table of Contents on separate page + '()) + +(define (list-element-list) + ;; fixes bug in Table of Contents generation + '()) + +(define %root-filename% + ;; The filename of the root HTML document (e.g, "index"). + "index") + +(define %shade-verbatim% + ;; verbatim sections will be shaded if t(rue) + #t) + +(define %use-id-as-filename% + ;; Use ID attributes as name for component HTML files? + #t) + +(define %graphic-extensions% + ;; graphic extensions allowed + '("gif" "png" "jpg" "jpeg" "tif" "tiff" "eps" "epsf" )) + +(define %graphic-default-extension% + "gif") + +(define %section-autolabel% + ;; For enumerated sections (1.1, 1.1.1, 1.2, etc.) + #t) + +(define (toc-depth nd) + ;; more depth (2 levels) to toc; instead of flat hierarchy + ;; 2) + 4) + +(element emphasis + ;; make role=strong equate to bold for emphasis tag + (if (equal? (attribute-string "role") "strong") + (make element gi: "STRONG" (process-children)) + (make element gi: "EM" (process-children)))) + +(define (book-titlepage-recto-elements) + ;; elements on a book's titlepage + ;; note: added revhistory to the default list + (list (normalize "title") + (normalize "subtitle") + (normalize "graphic") + (normalize "mediaobject") + (normalize "corpauthor") + (normalize "authorgroup") + (normalize "author") + (normalize "editor") + (normalize "copyright") + (normalize "revhistory") + (normalize "abstract") + (normalize "legalnotice"))) + +(define (article-titlepage-recto-elements) + ;; elements on an article's titlepage + ;; note: added othercredit to the default list + (list (normalize "title") + (normalize "subtitle") + (normalize "authorgroup") + (normalize "author") + (normalize "othercredit") + (normalize "releaseinfo") + (normalize "copyright") + (normalize "pubdate") + (normalize "revhistory") + (normalize "abstract"))) + +(mode article-titlepage-recto-mode + + (element contrib + ;; print out with othercredit information; for translators, etc. + (make sequence + (make element gi: "SPAN" + attributes: (list (list "CLASS" (gi))) + (process-children)))) + + (element othercredit + ;; print out othercredit information; for translators, etc. + (let ((author-name (author-string)) + (author-contrib (select-elements (children (current-node)) + (normalize "contrib")))) + (make element gi: "P" + attributes: (list (list "CLASS" (gi))) + (make element gi: "B" + (literal author-name) + (literal " - ")) + (process-node-list author-contrib)))) +) + +(define (article-title nd) + (let* ((artchild (children nd)) + (artheader (select-elements artchild (normalize "artheader"))) + (artinfo (select-elements artchild (normalize "articleinfo"))) + (ahdr (if (node-list-empty? artheader) + artinfo + artheader)) + (ahtitles (select-elements (children ahdr) + (normalize "title"))) + (artitles (select-elements artchild (normalize "title"))) + (titles (if (node-list-empty? artitles) + ahtitles + artitles))) + (if (node-list-empty? titles) + "" + (node-list-first titles)))) + + + + + + + + + diff --git a/docs/faq/Samba-Server-FAQ-1.html b/docs/faq/Samba-Server-FAQ-1.html new file mode 100644 index 00000000000..0bf7f046109 --- /dev/null +++ b/docs/faq/Samba-Server-FAQ-1.html @@ -0,0 +1,77 @@ + + + Samba Server FAQ: What is Samba? + + +Previous +Next +Table of Contents +
+

1. What is Samba?

+ +

+ +

+

See the +meta FAQ introduction if you don't have any idea what Samba does.

+

Samba has many features that are not supported in other CIFS and SMB +implementations, all of which are commercial. It approaches some +problems from a different angle.

+

Some of its features include: +

    +
  • extremely dynamic runtime configuration
    • +
  • host as well as username/password security
    • +
  • scriptable SMB client
    • +
  • automatic home directory exporting
    • +
  • automatic printer exporting
    • +
  • intelligent dead connection timeouts
    • +
  • guest connections
    • +
+

+

Look at the +manual pages included with the package for a full list of +features. The components of the suite are (in summary):

+

+

+ +
smbd

the SMB server. This handles actual connections from clients, +doing all the interfacing with the +authentication database for file, permission and username work.

+ +
nmbd

the NetBIOS name server, which helps clients locate servers, +maintaining the +authentication database doing the browsing work and managing +domains as this capability is being built into Samba.

+ +
smbclient

the scriptable commandline SMB client program. +Useful for automated work, printer filters and testing purposes. It is +more CIFS-compliant than most commercial implementations. Note that this +is not a filesystem. The Samba team does not supply a network filesystem +driver, although the smbfs filesystem for Linux is derived from +smbclient code.

+ +
smbrun

a little 'glue' program to help the server run +external programs.

+ +
testprns

a program to test server access to printers

+ +
testparms

a program to test the Samba configuration file +for correctness

+ +
smb.conf

the Samba configuration file

+ +
examples

many examples have been put together for the different +operating systems that Samba supports.

+ +
Documentation!

DON'T neglect to read it - you will save a great +deal of time!

+ +
+

+ +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-Server-FAQ-2.html b/docs/faq/Samba-Server-FAQ-2.html new file mode 100644 index 00000000000..37a39833990 --- /dev/null +++ b/docs/faq/Samba-Server-FAQ-2.html @@ -0,0 +1,500 @@ + + + Samba Server FAQ: How do I get the CIFS, SMB and NetBIOS protocols? + + +Previous +Next +Table of Contents +
+

2. How do I get the CIFS, SMB and NetBIOS protocols?

+ +

+ +

+

See the +meta FAQ on CIFS and SMB if you don't have any idea what these protocols are.

+

CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. +.....

+

nmbd speaks a limited amount of CIFS (...) but is mostly concerned with +NetBIOS. NetBIOS is ....

+

RFC1001, RFC1002 ...

+

So, provided you have got Samba correctly installed and running you have +all three of these protocols. Some operating systems already come with +stacks for all or some of these, such as SCO Unix, OS/2 and ... In this +case you must ...

+ +

2.1 What server operating systems are supported?

+ +

+ +

+

At the last count, Samba runs on about 40 operating systems! This +section looks at general questions about running Samba on the different +platforms. Issues specific to particular operating systems are dealt +with in elsewhere in this document.

+

Many of the ports have been done by people outside the Samba team keen +to get the advantages of Samba. The Samba team is currently trying to +bring as many of these ports as possible into the main source tree and +integrate the documentation. Samba is an integration tool, and so it has +been made as easy as possible to port. The platforms most widely used +and thus best tested are Linux and SunOS.

+

This migration has not been completed yet. This means that some +documentation is on web sites ...

+

There are two main families of Samba ports, Unix and other. The Unix +ports cover anything that remotely resembles Unix and includes some +extremely old products as well as best-sellers, tiny PCs to massive +multiprocessor machines supporting hundreds of thousands of users. Samba +has been run on more than 30 Unix and Unix-like operating systems.

+ +

Running Samba on a Unix or Unix-like system

+ +

+ +

+

+../UNIX-SMB.txt describes some of the issues that confront a +SMB implementation on unix, and how Samba copes with them. They may help +people who are looking at unix<->PC interoperability.

+

There is great variation between Unix implementations, especially those +not adhering to the Common Unix Specification agreed to in 1996. Things +that can be quite tricky are .....

+

There are also some considerable advantages conferred on Samba running +under Unix compared to, say, Windows NT or LAN Server. Unix has ...

+

At time of writing, the Makefile claimed support for: +

    +
  • A/UX 3.0
    • +
  • AIX
    • +
  • Altos Series 386/1000
    • +
  • Amiga
    • +
  • Apollo Domain/OS sr10.3
    • +
  • BSDI
    • +
  • B.O.S. (Bull Operating System)
    • +
  • Cray, Unicos 8.0
    • +
  • Convex
    • +
  • DGUX.
    • +
  • DNIX.
    • +
  • FreeBSD
    • +
  • HP-UX
    • +
  • Intergraph.
    • +
  • Linux with/without shadow passwords and quota
    • +
  • LYNX 2.3.0
    • +
  • MachTen (a unix like system for Macintoshes)
    • +
  • Motorola 88xxx/9xx range of machines
    • +
  • NetBSD
    • +
  • NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
    • +
  • OS/2 using EMX 0.9b
    • +
  • OSF1
    • +
  • QNX 4.22
    • +
  • RiscIX.
    • +
  • RISCOs 5.0B
    • +
  • SEQUENT.
    • +
  • SCO (including: 3.2v2, European dist., OpenServer 5)
    • +
  • SGI.
    • +
  • SMP_DC.OSx v1.1-94c079 on Pyramid S series
    • +
  • SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
    • +
  • SUNOS 4
    • +
  • SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
    • +
  • Sunsoft ISC SVR3V4
    • +
  • SVR4
    • +
  • System V with some berkely extensions (Motorola 88k R32V3.2).
    • +
  • ULTRIX.
    • +
  • UNIXWARE
    • +
  • UXP/DS
    • +
+

+ + +

Running Samba on systems unlike Unix

+ +

+ +

+

More recently Samba has been ported to a number of operating systems +which can provide a BSD Unix-like implementation of TCP/IP sockets. +These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, +Windows NT and several others are being worked on but not yet available +for use.

+

Home pages for these ports are:

+

...

+ + +

2.2 Exporting server resources with Samba

+ +

+ +

+

Files, printers, CD ROMs and other local devices. Network devices, +including networked filesystems and remote printer queues. Other devices +such as ....

+

1.4) Configuring SHARES +1.4.1) Homes service +1.4.2) Public services +1.4.3) Application serving +1.4.4) Team sharing a Samba resource

+

1.5) Printer configuration +1.5.1) Berkeley LPR/LPD systems +1.5.2) ATT SysV lp systems +1.5.3) Using a private printcap file +1.5.4) Use of the smbprint utility +1.5.5) Printing from Windows to Unix +1.5.6) Printing from Unix to Windows

+ + +

2.3 Name Resolution and Browsing

+ +

+ +

+

See also +../BROWSING.txt

+

1.6) Name resolution issues +1.6.1) LMHOSTS file and when to use it +1.6.2) configuring WINS (support, server, proxy) +1.6.3) configuring DNS proxy

+

1.7) Problem Diagnosis +1.8) What NOT to do!!!!

+

3.2) Browse list managment +3.3) Name resolution mangement

+ + + +

2.4 Handling SMB Encryption

+ +

+ +

+

SMB encryption is ...

+

...in +../ENCRYPTION.txt there is...

+

Samba compiled with libdes - enabling encrypted passwords

+ + +

Laws in different countries affecting Samba

+ +

+ +

+ +

Relationship between encryption and Domain Authentication

+ + + + +

2.5 Files and record locking 3.1.1) Old DOS clients 3.1.2) Opportunistic locking and the consequences 3.1.3) Files caching under Windows for Workgroups, Win95 and NT Some of the foregoing links into Client-FAQ

+ + +

2.6 Managing Samba Log files

+ +

+ +

+ + +

2.7 I can't see the Samba server in any browse lists!

+ +

+ + +See +BROWSING.txt +for more information on browsing. Browsing.txt can also be found +in the docs directory of the Samba source.

+

If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +

+
+   net use M: \\mary\fred
+
+
+ +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation.

+ + +

2.8 Some files that I KNOW are on the server doesn't show up when I view the files from my client!

+ +

+ + +See the next question.

+ + +

2.9 Some files on the server show up with really wierd filenames when I view the files from my client!

+ +

+ + +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason).

+

The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes".

+ + +

2.10 My client reports "cannot locate specified computer" or similar

+ +

+ + +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved.

+

After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution.

+

If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document.

+

If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas.

+

By the way, remember to REMOVE the hardcoded mapping before further +tests :-)

+ + +

2.11 My client reports "cannot locate specified share name" or similar

+ +

+ + +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave.

+

The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on:

+

+

    +
  • Many clients cannot accept or use service names longer than eight characters.
    • +
  • Many clients cannot accept or use service names containing spaces.
    • +
  • Some servers (not Samba though) are case sensitive with service names.
    • +
  • Some clients force service names into upper case.
    • +
+

+ + +

2.12 My client reports "cannot find domain controller", "cannot log on to the network" or similar

+ +

+ + +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +samba@samba.org !

+

Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about.

+

For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message.

+ + +

2.13 Printing doesn't work :-(

+ +

+ +

+

Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr", if you happen to be using +Unix).

+

Make sure that the spool directory specified for the service is +writable by the user connected to the service.

+

Make sure that the user specified in the service is permitted to use +the printer.

+

Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol.

+

If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug.

+

If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism.

+ + +

2.14 My programs install on the server OK, but refuse to work properly

+ +

+ + +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution.

+

In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at +samba@samba.org.

+ + +

2.15 My "server string" doesn't seem to be recognised

+ +

+ + +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file.

+

You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out.

+

Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete.

+ + +

2.16 My client reports "This server is not configured to list shared resources"

+ +

+ + +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid.

+

See also 'guest account' in smb.conf man page.

+ + +

2.17 Issues specific to Unix and Unix-like systems

+ +

+ +

+ +

Printing doesn't work with my Unix Samba server

+ +

+ +

+

The user "nobody" often has problems with printing, even if it worked +with an earlier version of Samba. Try creating another guest user other +than "nobody".

+ +

Log message "you appear to have a trapdoor uid system"

+ +

+ + +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535.

+

It might also mean that your OS has a trapdoor uid/gid system :-)

+

This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems.

+

The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user.

+

Complain to your OS vendor and ask them to fix their system.

+

Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good!

+ + +

2.18 Issues specific to IBM OS/2 systems

+ +

+ +

+

+Samba for OS/2

+ + +

2.19 Issues specific to IBM MVS systems

+ +

+ +

+

+Samba for OS/390 MVS

+ + +

2.20 Issues specific to Digital VMS systems

+ +

+ +

+ + +

2.21 Issues specific to Amiga systems

+ +

+ +

+

+Samba for Amiga

+

There is a mailing list for Samba on the Amiga.

+

Subscribing.

+

Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe +in the message. The list server will use the address in the Reply-To: or +From: header field, in that order.

+

Unsubscribing.

+

Send an email to rask-samba-request@kampsax.dtu.dk with the word +unsubscribe in the message. The list server will use the address in the +Reply-To: or From: header field, in that order. If you are unsure which +address you are subscribed with, look at the headers. You should see a +"From " (no colon) or Return-Path: header looking something like

+

rask-samba-owner-myname=my.domain@kampsax.dtu.dk

+

where myname=my.domain gives you the address myname@my.domain. This also +means that I will always be able to find out which address is causing +bounces, for example. +List archive.

+

Messages sent to the list are archived in HTML. See the mailing list home +page at +http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/

+ + +

2.22 Issues specific to Novell IntraNetware systems

+ +

+ +

+ + +

2.23 Issues specific to Stratus VOS systems

+ +

+ +

+

+Samba for Stratus VOS

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-Server-FAQ.html b/docs/faq/Samba-Server-FAQ.html new file mode 100644 index 00000000000..2abfe50db6b --- /dev/null +++ b/docs/faq/Samba-Server-FAQ.html @@ -0,0 +1,88 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Samba Server FAQ + + +Previous +Next +Table of Contents +
+

Samba Server FAQ

+ +

Dan Shearer & Paul Blackman, ictinus@samba.org

v 0.3, 7 Oct '97 +

This is the Server Frequently Asked Questions (FAQ) +document for Samba, the free and very popular SMB and CIFS server +product. A general +meta FAQ +exists and also a companion +Client FAQ, together with more detailed HOWTO documents on +topics to do with Samba software. This is current to Samba version +1.9.17. Please send any corrections to the author.

+

+

1. What is Samba?

+ +

+

2. How do I get the CIFS, SMB and NetBIOS protocols?

+ + + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-Server-FAQ.sgml b/docs/faq/Samba-Server-FAQ.sgml new file mode 100644 index 00000000000..da6b50f99e2 --- /dev/null +++ b/docs/faq/Samba-Server-FAQ.sgml @@ -0,0 +1,492 @@ + + + + +
+ + Samba Server FAQ + +<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> + +<date>v 0.3, 7 Oct '97 + +<abstract> This is the <em>Server</em> Frequently Asked Questions (FAQ) +document for Samba, the free and very popular SMB and CIFS server +product. A general <url url="Samba-meta-FAQ.html" name="meta FAQ"> +exists and also a companion <url url="Samba-Client-FAQ.html" +name="Client FAQ">, together with more detailed HOWTO documents on +topics to do with Samba software. This is current to Samba version +1.9.17. Please send any corrections to the author. + +</abstract> + +<toc> + +<sect>What is Samba?<p><label id="WhatIsSamba"> + +See the <url url="Samba-meta-FAQ.html#introduction" name="meta FAQ +introduction"> if you don't have any idea what Samba does. + +Samba has many features that are not supported in other CIFS and SMB +implementations, all of which are commercial. It approaches some +problems from a different angle. + +Some of its features include: +<itemize> +<item>extremely dynamic runtime configuration +<item>host as well as username/password security +<item>scriptable SMB client +<item>automatic home directory exporting +<item>automatic printer exporting +<item>intelligent dead connection timeouts +<item>guest connections +</itemize> + +Look at the <url url="samba-man-index.html" name="manual pages"> included with the package for a full list of +features. The components of the suite are (in summary): + +<descrip> + +<tag/smbd/ the SMB server. This handles actual connections from clients, +doing all the interfacing with the <url +url="Samba-meta-FAQ.html#DomainModeSecurity" name="authentication +database"> for file, permission and username work. + +<tag/nmbd/ the NetBIOS name server, which helps clients locate servers, +maintaining the <url url="Samba-meta-FAQ.html#BrowseAndDomainDefs" +name="authentication database"> doing the browsing work and managing +domains as this capability is being built into Samba. + +<tag/smbclient/ the scriptable commandline SMB client program. +Useful for automated work, printer filters and testing purposes. It is +more CIFS-compliant than most commercial implementations. Note that this +is not a filesystem. The Samba team does not supply a network filesystem +driver, although the smbfs filesystem for Linux is derived from +smbclient code. + +<tag/smbrun/ a little 'glue' program to help the server run +external programs. + +<tag/testprns/ a program to test server access to printers + +<tag/testparms/ a program to test the Samba configuration file +for correctness + +<tag/smb.conf/ the Samba configuration file + +<tag/examples/ many examples have been put together for the different +operating systems that Samba supports. + +<tag/Documentation!/ DON'T neglect to read it - you will save a great +deal of time! + +</descrip> + +<sect>How do I get the CIFS, SMB and NetBIOS protocols?<p><label id="ServerProtocols"> + +See the <url url="Samba-meta-FAQ.html#CifsSmb" name="meta FAQ +on CIFS and SMB"> if you don't have any idea what these protocols are. + +CIFS and SMB are implemented by the main Samba fileserving daemon, smbd. +[.....] + +nmbd speaks a limited amount of CIFS (...) but is mostly concerned with +NetBIOS. NetBIOS is [....] + +RFC1001, RFC1002 [...] + +So, provided you have got Samba correctly installed and running you have +all three of these protocols. Some operating systems already come with +stacks for all or some of these, such as SCO Unix, OS/2 and [...] In this +case you must [...] + +<sect1>What server operating systems are supported?<p><label id="PortInfo"> + +At the last count, Samba runs on about 40 operating systems! This +section looks at general questions about running Samba on the different +platforms. Issues specific to particular operating systems are dealt +with in elsewhere in this document. + +Many of the ports have been done by people outside the Samba team keen +to get the advantages of Samba. The Samba team is currently trying to +bring as many of these ports as possible into the main source tree and +integrate the documentation. Samba is an integration tool, and so it has +been made as easy as possible to port. The platforms most widely used +and thus best tested are Linux and SunOS. + +This migration has not been completed yet. This means that some +documentation is on web sites [...] + +There are two main families of Samba ports, Unix and other. The Unix +ports cover anything that remotely resembles Unix and includes some +extremely old products as well as best-sellers, tiny PCs to massive +multiprocessor machines supporting hundreds of thousands of users. Samba +has been run on more than 30 Unix and Unix-like operating systems. + +<sect2>Running Samba on a Unix or Unix-like system<p><label id="OnUnix"> + +<url url="../UNIX-SMB.txt"> describes some of the issues that confront a +SMB implementation on unix, and how Samba copes with them. They may help +people who are looking at unix<->PC interoperability. + +There is great variation between Unix implementations, especially those +not adhering to the Common Unix Specification agreed to in 1996. Things +that can be quite tricky are [.....] + +There are also some considerable advantages conferred on Samba running +under Unix compared to, say, Windows NT or LAN Server. Unix has [...] + +At time of writing, the Makefile claimed support for: +<itemize> +<item> A/UX 3.0 +<item> AIX +<item> Altos Series 386/1000 +<item> Amiga +<item> Apollo Domain/OS sr10.3 +<item> BSDI +<item> B.O.S. (Bull Operating System) +<item> Cray, Unicos 8.0 +<item> Convex +<item> DGUX. +<item> DNIX. +<item> FreeBSD +<item> HP-UX +<item> Intergraph. +<item> Linux with/without shadow passwords and quota +<item> LYNX 2.3.0 +<item> MachTen (a unix like system for Macintoshes) +<item> Motorola 88xxx/9xx range of machines +<item> NetBSD +<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). +<item> OS/2 using EMX 0.9b +<item> OSF1 +<item> QNX 4.22 +<item> RiscIX. +<item> RISCOs 5.0B +<item> SEQUENT. +<item> SCO (including: 3.2v2, European dist., OpenServer 5) +<item> SGI. +<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series +<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) +<item> SUNOS 4 +<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') +<item> Sunsoft ISC SVR3V4 +<item> SVR4 +<item> System V with some berkely extensions (Motorola 88k R32V3.2). +<item> ULTRIX. +<item> UNIXWARE +<item> UXP/DS +</itemize> + + +<sect2>Running Samba on systems unlike Unix<p><label id="OnUnlikeUnix"> + +More recently Samba has been ported to a number of operating systems +which can provide a BSD Unix-like implementation of TCP/IP sockets. +These include OS/2, Netware, VMS, StratOS, Amiga and MVS. BeOS, +Windows NT and several others are being worked on but not yet available +for use. + +Home pages for these ports are: + +[... ] + +<sect1>Exporting server resources with Samba<p><label id="Exporting"> + +Files, printers, CD ROMs and other local devices. Network devices, +including networked filesystems and remote printer queues. Other devices +such as [....] + + 1.4) Configuring SHARES + 1.4.1) Homes service + 1.4.2) Public services + 1.4.3) Application serving + 1.4.4) Team sharing a Samba resource + + 1.5) Printer configuration + 1.5.1) Berkeley LPR/LPD systems + 1.5.2) ATT SysV lp systems + 1.5.3) Using a private printcap file + 1.5.4) Use of the smbprint utility + 1.5.5) Printing from Windows to Unix + 1.5.6) Printing from Unix to Windows + +<sect1>Name Resolution and Browsing<p><label id="NameBrowsing"> + +See also <url url="../BROWSING.txt"> + + 1.6) Name resolution issues + 1.6.1) LMHOSTS file and when to use it + 1.6.2) configuring WINS (support, server, proxy) + 1.6.3) configuring DNS proxy + + 1.7) Problem Diagnosis + 1.8) What NOT to do!!!! + + 3.2) Browse list managment + 3.3) Name resolution mangement + + +<sect1>Handling SMB Encryption<p><label id="SMBEncryptionSteps"> + +SMB encryption is ... + +...in <url url="../ENCRYPTION.txt"> there is... + +Samba compiled with libdes - enabling encrypted passwords + + +<sect2>Laws in different countries affecting Samba<p><label id="CryptoLaws"> + +<sect2>Relationship between encryption and Domain Authentication<p> + +<sect1> Files and record locking + + 3.1.1) Old DOS clients + 3.1.2) Opportunistic locking and the consequences + 3.1.3) Files caching under Windows for Workgroups, Win95 and NT + + Some of the foregoing links into Client-FAQ + +<sect1>Managing Samba Log files<p><label id="LogFiles"> + +<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> + See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> + for more information on browsing. Browsing.txt can also be found + in the docs directory of the Samba source. + +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<tscreen><verb> + net use M: \\mary\fred +</verb></tscreen> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. + +<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> +See the next question. + +<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). + +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". + +<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. + +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. + +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. + +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. + +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) + +<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. + +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on: + +<itemize> +<item> Many clients cannot accept or use service names longer than eight characters. +<item> Many clients cannot accept or use service names containing spaces. +<item> Some servers (not Samba though) are case sensitive with service names. +<item> Some clients force service names into upper case. +</itemize> + +<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! + +Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about. + +For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message. + +<sect1>Printing doesn't work :-(<p> <label id="no_printing"> + +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr", if you happen to be using +Unix). + +Make sure that the spool directory specified for the service is +writable by the user connected to the service. + +Make sure that the user specified in the service is permitted to use +the printer. + +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. + +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. + +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. + +<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution. + +In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. + +<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file. + +You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out. + +Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete. + +<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. + +See also 'guest account' in smb.conf man page. + +<sect1>Issues specific to Unix and Unix-like systems<p><label id="UnixIssues"> + +<sect2>Printing doesn't work with my Unix Samba server<p> <label id="no_printing"> + +The user "nobody" often has problems with printing, even if it worked +with an earlier version of Samba. Try creating another guest user other +than "nobody". + +<sect2>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + +It might also mean that your OS has a trapdoor uid/gid system :-) + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + +Complain to your OS vendor and ask them to fix their system. + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! + +<sect1>Issues specific to IBM OS/2 systems<p><label id="OS2Issues"> + +<url url="http://carol.wins.uva.nl/~leeuw/samba/samba2.html" name="Samba for OS/2"> + +<sect1>Issues specific to IBM MVS systems<p><label id="MVSIssues"> + +<url url="ftp://ftp.mks.com/pub/samba/" name="Samba for OS/390 MVS"> + +<sect1>Issues specific to Digital VMS systems<p><label id="VMSIssues"> + +<sect1>Issues specific to Amiga systems<p><label id="AmigaIssues"> + +<url url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/" name="Samba for Amiga"> + +There is a mailing list for Samba on the Amiga. + + Subscribing. + + Send an email to rask-samba-request@kampsax.dtu.dk with the word subscribe +in the message. The list server will use the address in the Reply-To: or +From: header field, in that order. + + Unsubscribing. + + Send an email to rask-samba-request@kampsax.dtu.dk with the word +unsubscribe in the message. The list server will use the address in the +Reply-To: or From: header field, in that order. If you are unsure which +address you are subscribed with, look at the headers. You should see a +"From " (no colon) or Return-Path: header looking something like + + rask-samba-owner-myname=my.domain@kampsax.dtu.dk + +where myname=my.domain gives you the address myname@my.domain. This also +means that I will always be able to find out which address is causing +bounces, for example. + List archive. + + Messages sent to the list are archived in HTML. See the mailing list home +page at <URL url="http://www.gbar.dtu.dk/~c948374/Amiga/Samba/mailinglist/"> + +<sect1>Issues specific to Novell IntraNetware systems<p><label id="NetwareIssues"> + +<sect1>Issues specific to Stratos VOS systems<p><label id="NetwareIssues"> + +<url url="ftp://ftp.stratus.com/pub/vos/tools/" name="Samba for Stratus VOS"> + +</article> diff --git a/docs/faq/Samba-meta-FAQ-1.html b/docs/faq/Samba-meta-FAQ-1.html new file mode 100644 index 00000000000..7258a32f1e2 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-1.html @@ -0,0 +1,160 @@ +<HTML> +<HEAD> +<TITLE> Samba meta FAQ: Quick Reference Guides to Samba Documentation + + +Previous +Next +Table of Contents +
+

1. Quick Reference Guides to Samba Documentation

+ +

+ +

+

We are endeavouring to provide links here to every major class of +information about Samba or things related to Samba. We cannot list every +document, but we are aiming for all documents to be at most two +referrals from those listed here. This needs constant maintaining, so +please send the author your feedback.

+ +

1.1 Samba for the Impatient

+ +

+ +

+

You know you should read the documentation but can't wait to start? What +you need to do then is follow the instructions in the following +documents in the order given. This should be enough to get a fairly +simple site going quickly. If you have any problems, refer back to this +meta-FAQ and follow the links to find more reading material.

+

+

+

+ +

+
Getting Samba:

The fastest way to get Samba +going is and install it is to have an operating system for which the +Samba team has put together an installation package. To see if your OS +is included have a look at the directory +/pub/samba/Binary_Packages/"OS_Vendor" on your nearest +mirror site. If it is included follow the +installation instructions in the README file there and then do some +basic testing. If you are not so fortunate, follow the normal +download instructions and then continue with +building and installing Samba.

+

+ +

+
Building and Installing Samba:

At the moment +there are two kinds of Samba server installs besides the prepackaged +binaries mentioned in the previous step. You need to decide if you have a +Unix or close relative or +other supported operating system.

+

+ +

+
Basic Testing:

Try to connect using the +supplied smbclient command-line program. You need to know the IP +hostname of your server. A service name must be defined in smb.conf, as +given in the examples (under many operating systems if there is a +homes service you can just use a valid username.) Then type +smbclient \\hostname\servicename +Under most Unixes you will need to put the parameters within quotation +marks. If this works, try connecting from one of the SMB clients you +were planning to use with Samba.

+

+ +

+
Debug sequence:

If you think you have completed the +previous step and things aren't working properly work through +the diagnosis recipe.

+

+ +

+
Exporting files to SMB clients:

You should read the manual pages +for smb.conf, but here is a +quick answer guide.

+

+ +

+
Controlling user access:

the quickest and dirtiest way of sharing +resources is to use +share level security. If you want to spend more time and have a proper username +and password database you must read the paragraph on +domain mode security. If you want +encryption (eg you are using Windows NT clients) follow the +SMB encryption instructions.

+

+ +

+
Browsing:

if you are happy to type in "\\samba-server\sharename" +at the client end then do not read any further. Otherwise you need to +understand the +browsing terminology +and read +Samba-Server-FAQ.html#NameBrowsing.

+

+ +

+
Printing:

See the +printing quick answer guide.

+ +
+

+

If you have got everything working to this point, you can expect Samba +to be stable and secure: these are its greatest strengths. However Samba +has a great deal to offer and to go further you must do some more +reading. Speed and security optimisations, printer accounting, network +logons, roving profiles, browsing across multiple subnets and so on are +all covered either in this document or in those it refers to.

+ + +

1.2 All Samba Documentation

+ +

+ +

+

+

    +
  • Meta-FAQ. This is the mother of all documents, and is the one you +are reading now. The latest version is always at +http://samba.org/[.....] but there is probably a much +nearer +mirror site which you should use +instead. +
    • +
  • +Samba-Server-FAQ.html is the best starting point for +information about server-side issues. Includes configuration tips and +pointers for Samba on particular operating systems (with 40 to choose +from...) +
    • +
  • +Samba-Client-FAQ.html is the best starting point for +information about client-side issues, includes a list of all clients +that are known to work with Samba. +
    • +
  • +manual pages contains +descriptions of and links to all the Samba manual pages, in Unix man and +postscript format. +
    • +
  • +samba-txt-index.html has descriptions of and links to +a large number of text files have been contributed to samba covering +many topics. These are gradually being absorbed into the FAQs and HOWTOs +but in the meantime you might find helpful answers here. +
    • +
  • +
    • +
+

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ-2.html b/docs/faq/Samba-meta-FAQ-2.html new file mode 100644 index 00000000000..1e36332d426 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-2.html @@ -0,0 +1,384 @@ + + + Samba meta FAQ: General Information + + +Previous +Next +Table of Contents +
+

2. General Information

+ +

+ +

+

All about Samba - what it is, how to get it, related sources of +information, how to understand the numbering scheme, pizza +details.

+ +

2.1 What is Samba?

+ +

+ +

+

Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server Message +Block) and CIFS (Common Internet Filesystem) protocols. Initially +written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and +Amigas. Ports to BeOS and other operating systems are underway. Samba +gives the capability for these operating systems to behave much like a +LAN Server, Windows NT Server or Pathworks machine, only with added +functionality and flexibility designed to make life easier for +administrators.

+

This means that using Samba you can share a server's disks and printers +to many sorts of network clients, including Lan Manager, Windows for +Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic +client program supplied as part of the Samba suite which gives a user on +the server an ftp-like interface to access filespace and printers on any +other SMB/CIFS servers.

+

SMB has been implemented over many protocols, including XNS, NBT, IPX, +NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change +although there have been some requests for NetBEUI support.

+

Many users report that compared to other SMB implementations Samba is +more stable, faster, and compatible with more clients. Administrators of +some large installations say that Samba is the only SMB server available +which will scale to many tens of thousands of users without crashing. +The easy way to test these claims is to download it and try it for +yourself!

+

The suite is supplied with full source code under the +GNU Public License. The GPL means that you can +use Samba for whatever purpose you wish (including changing the source +or selling it for money) but under all circumstances the source code +must be made freely available. A copy of the GPL must always be included +in any copy of the package.

+

The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer.

+ + +

2.2 What is the current version of Samba?

+ +

+ +

+

At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. +ftp://samba.org/pub/samba/alpha/change-log

+

For more information see +What do the version numbers mean?

+ + +

2.3 Where can I get it?

+ +

+ +

+

The Samba suite is available via anonymous ftp from samba.org and +many +mirror sites. You will get much +faster performance if you use a mirror site. The latest and greatest +versions of the suite are in the directory:

+

/pub/samba/

+

Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are available +in the directory:

+

/pub/samba/alpha

+

Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Most Linux distributions, for example, do contain Samba +binaries for that platform. The VMS, OS/2, Netware and Amiga and other +ports typically have binaries made available.

+

A special case is vendor-provided binary packages. Samba binaries and +default configuration files are put into packages for a specific +operating system. RedHat Linux and Sun Solaris (Sparc and x86) is +already included, and others such as OS/2 may follow. All packages are +in the directory:

+

/pub/samba/Binary_Packages/"OS_Vendor"

+ + +

2.4 What do the version numbers mean?

+ +

+ +

+

It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases.

+

How the scheme works:

+

+

    +
  1. When major changes are made the version number is increased. For +example, the transition from 1.9.16 to 1.9.17. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) +
    2. +
  2. Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. +
    3. +
  3. When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.17. +
    4. +
  4. Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.17p2. +
    5. +
+

+

So the progression goes:

+

+

+                1.9.16p10       (production)
+                1.9.16p11       (production)
+                1.9.17alpha1    (test sites only)
+                  :
+                1.9.17alpha20   (test sites only)
+                1.9.17          (production)
+                1.9.17p1        (production)
+
+

+

The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version.

+ + +

2.5 Where can I go for further information?

+ +

+ +

+

There are a number of places to look for more information on Samba, +including:

+

+

    +
  • Two mailing lists devoted to discussion of Samba-related matters. +See below for subscription information. +
    • +
  • The newsgroup comp.protocols.smb, which has a great deal of +discussion about Samba. +
    • +
  • The WWW site 'SAMBA Web Pages' at +http://samba.org/samba/ includes: + +
      +
    • Links to man pages and documentation, including this FAQ
      • +
    • A comprehensive survey of Samba users
      • +
    • A searchable hypertext archive of the Samba mailing list
      • +
    • Links to Samba source code, binaries, and mirrors of both
      • +
    • This FAQ and the rest in its family
      • +
    + +
    • +
+

+ + +

2.6 How do I subscribe to the Samba Mailing Lists?

+ +

+ +

+

Send email to +listproc@samba.org. Make sure the subject line is blank, +and include the following two lines in the body of the message:

+

+

+
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+
+
+

+

Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature, it +sometimes confuses the list processor.

+

The samba list is a digest list - every eight hours or so it sends a +single message containing all the messages that have been received by +the list since the last time and sends a copy of this message to all +subscribers. There are thousands of people on this list.

+

If you stop being interested in Samba, please send another email to +listproc@samba.org. Make sure the subject line is blank, and +include the following two lines in the body of the message:

+

+

+
+unsubscribe samba
+unsubscribe samba-announce
+
+
+

+

The From: line in your message MUST be the same +address you used when you subscribed.

+ + +

2.7 Something's gone wrong - what should I do?

+ +

+ +

+

# *** IMPORTANT! *** #

+ +

DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here!

+

+

    +
  1. See if there are any likely looking entries in this FAQ! +If you have just installed Samba, have you run through the checklist in +DIAGNOSIS.txt? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba +distribution. +
    2. +
  2. Read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do. +
    3. +
  3. If there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:". +
    4. +
  4. If you need urgent help and are willing to pay for it see +Paid Support. +
    5. +
+

+

If you still haven't got anywhere, ask the mailing list or newsgroup. In +general nobody minds answering questions provided you have followed the +preceding steps. It might be a good idea to scan the archives of the +mailing list, which are available through the Samba web site described +in the previous section. When you post be sure to include a good +description of your environment and your problem.

+

If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +that an explanation can be incorporated into the next version.

+ + +

2.8 How do I submit patches or bug reports?

+ + +

If you make changes to the source code, please submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to +samba@samba.org. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do.

+

Patch format +------------

+

If you are sending a patch to fix a problem then please don't just use +standard diff format. As an example, samba@samba.org received this patch from +someone:

+

382a +#endif +.. +381a +#if !defined(NEWS61)

+

How are we supposed to work out what this does and where it goes? These +sort of patches only work if we both have identical files in the first +place. The Samba sources are constantly changing at the hands of multiple +developers, so it doesn't work.

+

Please use either context diffs or (even better) unified diffs. You +get these using "diff -c4" or "diff -u". If you don't have a diff that +can generate these then please send manualy commented patches to I +know what is being changed and where. Most patches are applied by hand so +the info must be clear.

+

This is a basic guideline that will assist us with assessing your problem +more efficiently :

+

Machine Arch: +Machine OS: +OS Version: +Kernel:

+

Compiler: +Libc Version:

+

Samba Version:

+

Network Layout (description):

+

What else is on machine (services, etc):

+

Some extras :

+

+

    +
  • what you did and what happened +
    • +
  • relevant parts of a debugging output file with debuglevel higher. +If you can't find the relevant parts, please ask before mailing +huge files. +
    • +
  • anything else you think is useful to trace down the bug +
    • +
+

+ + +

2.9 What if I have an URGENT message for the developers?

+ + +

If you have spotted something very serious and believe that it is +important to contact the developers quickly send a message to +samba-urgent@samba.org. This will be processed more quickly than +mail to samba@samba.org. Please think carefully before using this address. An +example of its use might be to report a security hole.

+

Examples of things not to send to samba-urgent include problems +getting Samba to work at all and bugs that cannot potentially cause damage.

+ + +

2.10 What if I need paid-for support?

+ +

+ +

+

Samba has a large network of consultants who provide Samba support on a +commercial basis. The list is included in the package in +../Support.txt, and the latest version will always be on the main +samba ftp site. Any company in the world can request that the samba team +include their details in Support.txt so we can give no guarantee of +their services.

+ + +

2.11 Pizza supply details

+ +

+ + +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done.

+

+

    +
  1. Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US. +
    2. +
  2. Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. +
    3. +
  3. Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) +
    4. +
  4. Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. +
    5. +
+

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ-3.html b/docs/faq/Samba-meta-FAQ-3.html new file mode 100644 index 00000000000..8ebb38a3345 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-3.html @@ -0,0 +1,101 @@ + + + Samba meta FAQ: About the CIFS and SMB Protocols + + +Previous +Next +Table of Contents +
+

3. About the CIFS and SMB Protocols

+ +

+ +

+ +

3.1 What is the Server Message Block (SMB) Protocol?

+ +

SMB is a filesharing protocol that has had several maintainers and +contributors over the years including Xerox, 3Com and most recently +Microsoft. Names for this protocol include LAN Manager and Microsoft +Networking. Parts of the specification has been made public at several +versions including in an X/Open document, as listed at +ftp://ftp.microsoft.com/developr/drg/CIFS/. No specification +releases were made between 1992 and 1996, and during that period +Microsoft became the SMB implementor with the largest market share. +Microsoft developed the specification further for its products but for +various reasons connected with developer's workload rather than market +strategy did not make the changes public. This culminated with the +"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant +improvements and bugs. Because Microsoft client systems are so popular, +it is fair to say that what Microsoft with Windows affects all suppliers +of SMB server products.

+

From 1994 Andrew Tridgell began doing some serious work on his +Smbserver (now Samba) product and with some helpers started to +implement more and more of these protocols. Samba began to take +a significant share of the SMB server market.

+ + +

3.2 What is the Common Internet Filesystem (CIFS)?

+ +

The initial pressure for Microsoft to document their current SMB +implementation came from the Samba team, who kept coming across things +on the wire that Microsoft either didn't know about or hadn't documented +anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems +came out with their WebNFS initiative, designed to replace FTP for file +transfers on the Internet. There are many drawbacks to WebNFS (including +its scope - it aims to replace HTTP as well!) but the concept was +attractive. FTP is not very clever, and why should it be harder to get +files from across the world than across the room?

+

Some hasty revisions were made and an Internet Draft for the Common +Internet Filesystem (CIFS) was released. Note that CIFS is not an +Internet standard and is a very long way from becoming one, BUT the +protocol specification is in the public domain and ongoing discussions +concerning the spec take place on a public mailing list according to the +rules of the Internet Engineering Task Force. For more information and +pointers see +http://samba.org/cifs/

+

The following is taken from +http://www.microsoft.com/intdev/cifs/

+

+

+    CIFS defines a standard remote file system access protocol for use
+    over the Internet, enabling groups of users to work together and
+    share documents across the Internet or within their corporate
+    intranets. CIFS is an open, cross-platform technology based on the
+    native file-sharing protocols built into Microsoft® Windows® and
+    other popular PC operating systems, and supported on dozens of
+    other platforms, including UNIX®. With CIFS, millions of computer
+    users can open and share remote files on the Internet without having
+    to install new software or change the way they work."
+
+

+

If you consider CIFS as a backwardsly-compatible refinement of SMB that +will work reasonably efficiently over the Internet you won't be too far +wrong.

+

The net effect is that Microsoft is now documenting large parts of their +Windows NT fileserver protocols. The security concepts embodied in +Windows NT are part of the specification, which is why Samba +documentation often talks in terms of Windows NT. However there is no +reason why a site shouldn't conduct all its file and printer sharing +with CIFS and yet have no Microsoft products at all.

+ + +

3.3 What is Browsing?

+ +

The term "Browsing" causes a lot of confusion. It is the part of the +SMB/CIFS protocol which allows for resource discovery. For example, in +the Windows NT Explorer it is possible to see a "Network Neighbourhood" +of computers in the same SMB workgroup. Clicking on the name of one of +these machines brings up a list of file and printer resources for +connecting to. In this way you can cruise the network, seeing what +things are available. How this scales to the Internet is a subject for +debate. Look at the CIFS list archives to see what the experts think.

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ-4.html b/docs/faq/Samba-meta-FAQ-4.html new file mode 100644 index 00000000000..73a9eea8471 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-4.html @@ -0,0 +1,215 @@ + + + Samba meta FAQ: Designing A SMB and CIFS Network + + +Previous +Next +Table of Contents +
+

4. Designing A SMB and CIFS Network

+ + +

The big issues for installing any network of LAN or WAN file and print +servers are

+

+

    +
  • How and where usernames, passwords and other security information +is stored +
    • +
  • What method can be used for locating the resources that users have +permission to use +
    • +
  • What protocols the clients can converse with +
    • +
+

+

If you buy Netware, Windows NT or just about any other LAN fileserver +product you are expected to lock yourself into the product's preferred +answers to these questions. This tendancy is restrictive and often very +expensive for a site where there is only one kind of client or server, +and for sites with a mixture of operating systems it often makes it +impossible to share resources between some sets of users.

+

The Samba philosophy is to make things as easy as possible for +administators, which means allowing as many combinations of clients, +servers, operating systems and protocols as possible.

+ +

4.1 Workgroups, Domains, Authentication and Browsing

+ + +

From the point of view of networking implementation, Domains and +Workgroups are exactly the same, except for the client logon +sequence. Some kind of distributed authentication database is associated +with a domain (there are quite a few choices) and this adds so much +flexibility that many people think of a domain as a completely different +entity to a workgroup. From Samba's point of view a client connecting to +a service presents an authentication token, and it if it is valid they +have access. Samba does not care what mechanism was used to generate +that token in the first place.

+

The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +However the network browsing functionality of domains and workgroups is +identical and is explained in +../BROWSING.txt.

+

There are some implementation differences: Windows 95 can be a member of +both a workgroup and a domain, but Windows NT cannot. Windows 95 also +has the concept of an "alternative workgroup". Samba can only be a +member of a single workgroup or domain, although this is due to change +with a future version when nmbd will be split into two daemons, one for +WINS and the other for browsing ( +../NetBIOS.txt explains +what WINS is.)

+ +

Defining the Terms

+ +

+ +

+

+

+ +
Workgroup

means a collection of machines that maintain a common +browsing database containing information about their shared resources. +They do not necessarily have any security information in common (if they +do, it gets called a Domain.) The browsing database is dynamic, modified +as servers come and go on the network and as resources are added or +deleted. The term "browsing" refers to a user accessing the database via +whatever interface the client provides, eg the OS/2 Workplace Shell or +Windows 95 Explorer. SMB servers agree between themselves as to which +ones will maintain the browsing database. Workgroups can be anywhere on +a connected TCP/IP network, including on different subnets or even on +the Interet. This is a very tricky part of SMB to implement.

+ +
Master Browsers

are machines which holds the master browsing +database for a workgroup or domain. There are two kinds of Master Browser:

+

+

    +
  • Domain Master Browser, which holds the master browsing +information for an entire domain, which may well cross multiple TCP/IP +subnets. +
    • +
  • Local Master Browser, which holds the master browsing database +for a particular subnet and communicates with the Domain Master Browser +to get information on other subnets. +
    • +
+

+

Subnets are differentiated because browsing is based on broadcasts, and +broadcasts do not pass through routers. Subnets are not routed: while it +is possible to have more than one subnet on a single network segment +this is regarded as very bad practice.

+

Master Browsers (both Domain and Local) are elected dynamically +according to an algorithm which is supposed to take into account the +machine's ability to sustain the browsing load. Samba can be configured +to always act as a master browser, ie it always wins elections under all +circumstances, even against systems such as a Windows NT Primary Domain +Controller which themselves expect to win.

+

There are also Backup Browsers which are promoted to Master Browsers in +the event of a Master Browser disappearing from the network.

+

Alternative terms include confusing variations such as "Browse Master", +and "Master Browser" which we are trying to eliminate from the Samba +documentation.

+ +
Domain Controller

is a term which comes from the Microsoft and IBM +etc implementation of the LAN Manager protocols. It is tied to +authentication. There are other ways of doing domain authentication, but +the Windows NT method has a large market share. The general issues are +discussed in +../DOMAIN.txt and a Windows NT-specific +discussion is in +../DOMAIN_CONTROL.txt.

+ +
+

+ +

Sharelevel (Workgroup) Security Services

+ +

+ +

+

With the Samba setting "security = SHARE", all shared resources +information about what password is associated with them but only hints +as to what usernames might be valid (the hint can be 'all users', in +which case any username will work. This is usually a bad idea, but +reflects both the initial implementations of SMB in the mid-80s and +its reincarnation with Windows for Workgroups in 1992. The idea behind +workgroup security was that small independant groups of people could +share information on an ad-hoc basis without there being an +authentication infrastructure present or requiring them to do more than +fill in a dialogue box.

+ +

Authentication Domain Mode Services

+ +

+ +

+

With the Samba settings "security = USER" or "security = SERVER" +accesses to all resources are checked for username/password pair matches +in a more rigorous manner. To the client, this has the effect of +emulating a Microsoft Domain. The client is not concerned whether or not +Samba looks up a Windows NT SAM or does it in some other way.

+ + +

4.2 Authentication Schemes

+ + +

In the simple case authentication information is stored on a single +server and the user types a password on connecting for the first time. +However client operating systems often require a password before they +can be used at all, and in addition users usually want access to more +than one server. Asking users to remember many different passwords in +different contexts just does not work. Some kind of distributed +authentication database is needed. It must cope with password changes +and provide for assigning groups of users the same level of access +permissions. This is why Samba installations often choose to implement a +Domain model straight away.

+

Authentication decisions are some of the biggest in designing a network. +Are you going to use a scheme native to the client operating system, +native to the server operating system, or newly installed on both? A +list of options relevant to Samba (ie that make sense in the context of +the SMB protocol) follows. Any experiences with other setups would be +appreciated. refer to server FAQ for "passwd chat" passwd program +password server etc etc...

+ +

NIS

+ + +

For Windows 95, Windows for Workgroups and most other clients Samba can +be a domain controller and share the password database via NIS +transparently. Windows NT is different. +Free NIS NT client

+ +

Kerberos

+ + +

Kerberos for US users only: +Kerberos overview +Download Kerberos

+ +

FTP

+ + +

Other NT w/s logon hack via NT

+ +

Default Server Method

+ + + +

Client-side Database Only

+ + + + +

4.3 Post-Authentication: Netlogon, Logon Scripts, Profiles

+ + +

See +../DOMAIN.txt

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ-5.html b/docs/faq/Samba-meta-FAQ-5.html new file mode 100644 index 00000000000..ad528b0a975 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-5.html @@ -0,0 +1,30 @@ + + + Samba meta FAQ: Cross-Protocol File Sharing + + +Previous +Next +Table of Contents +
+

5. Cross-Protocol File Sharing

+ + +

Samba is an important tool for...

+

It is possible to...

+

File protocol gateways...

+

"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html

+

Two free implementations of Appletalk for Unix are Netatalk, +http://www.umich.edu/~rsug/netatalk/, and CAP, +http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see +http://www.eats.com/linux_mac_win.html 3.5) Sniffing your nework

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ-6.html b/docs/faq/Samba-meta-FAQ-6.html new file mode 100644 index 00000000000..f8cd7817d69 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ-6.html @@ -0,0 +1,30 @@ + + + Samba meta FAQ: Miscellaneous + + +Previous +Next +Table of Contents +
+

6. Miscellaneous

+ +

+ +

+

6.1 Is Samba Year 2000 compliant?

+ +

+ + +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000.

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ.html b/docs/faq/Samba-meta-FAQ.html new file mode 100644 index 00000000000..38f094bf339 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ.html @@ -0,0 +1,102 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Samba meta FAQ + + +Previous +Next +Table of Contents +
+

Samba meta FAQ

+ +

Dan Shearer & Paul Blackman, ictinus@samba.org

v 0.3, 7 Oct '97 +

This is the meta-Frequently Asked Questions (FAQ) document +for Samba, the free and very popular SMB and CIFS server product. It +contains overview information for the Samba suite of programs, a +quick-start guide, and pointers to all other Samba documentation. Other +FAQs exist for specific client and server issues, and HOWTO documents +for more extended topics to do with Samba software. Current to version +Samba 1.9.17. Please send any corrections to the author.

+

+

1. Quick Reference Guides to Samba Documentation

+ + +

+

2. General Information

+ + +

+

3. About the CIFS and SMB Protocols

+ + +

+

4. Designing A SMB and CIFS Network

+ + +

+

5. Cross-Protocol File Sharing

+ +

+

6. Miscellaneous

+ + + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/Samba-meta-FAQ.sgml b/docs/faq/Samba-meta-FAQ.sgml new file mode 100644 index 00000000000..377d81663d7 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ.sgml @@ -0,0 +1,771 @@ + + + +
+ + Samba meta FAQ + +<author>Dan Shearer & Paul Blackman, <tt>ictinus@samba.org</tt> + +<date>v 0.3, 7 Oct '97 + +<abstract> This is the meta-Frequently Asked Questions (FAQ) document +for Samba, the free and very popular SMB and CIFS server product. It +contains overview information for the Samba suite of programs, a +quick-start guide, and pointers to all other Samba documentation. Other +FAQs exist for specific client and server issues, and HOWTO documents +for more extended topics to do with Samba software. Current to version +Samba 1.9.17. Please send any corrections to the author. +</abstract> + +<toc> + +<sect> Quick Reference Guides to Samba Documentation<p><label id=quickref> + +We are endeavouring to provide links here to every major class of +information about Samba or things related to Samba. We cannot list every +document, but we are aiming for all documents to be at most two +referrals from those listed here. This needs constant maintaining, so +please send the author your feedback. + +<sect1> Samba for the Impatient<p><label id="impatient"> + +You know you should read the documentation but can't wait to start? What +you need to do then is follow the instructions in the following +documents in the order given. This should be enough to get a fairly +simple site going quickly. If you have any problems, refer back to this +meta-FAQ and follow the links to find more reading material. + +<descrip> + +<label id="ImpGet"><tag/Getting Samba:/ The fastest way to get Samba +going is and install it is to have an operating system for which the +Samba team has put together an installation package. To see if your OS +is included have a look at the directory +/pub/samba/Binary_Packages/"OS_Vendor" on your nearest <url +url="../MIRRORS" name="mirror site">. If it is included follow the +installation instructions in the README file there and then do some <ref id="ImpTest" +name="basic testing">. If you are not so fortunate, follow the normal <ref +id="WhereFrom" name="download instructions"> and then continue with <ref +id="ImpInst" name="building and installing Samba">. + +<label id="ImpInst"><tag/Building and Installing Samba:/ At the moment +there are two kinds of Samba server installs besides the prepackaged +binaries mentioned in the previous step. You need to decide if you have a <url url="../UNIX_INSTALL.txt" +name="Unix or close relative"> or <url +url="Samba-Server-FAQ.html#PortInfo" name="other supported operating system">. + +<label id="ImpTest"><tag/Basic Testing:/ Try to connect using the +supplied smbclient command-line program. You need to know the IP +hostname of your server. A service name must be defined in smb.conf, as +given in the examples (under many operating systems if there is a +[homes] service you can just use a valid username.) Then type +<tt> + smbclient \\hostname\servicename +</tt> +Under most Unixes you will need to put the parameters within quotation +marks. If this works, try connecting from one of the SMB clients you +were planning to use with Samba. + +<label id="ImpDebug"><tag/Debug sequence:/ If you think you have completed the +previous step and things aren't working properly work through +<url url="../DIAGNOSIS.txt" name="the diagnosis recipe."> + +<label id="ImpExp"><tag/Exporting files to SMB clients:/ You should read the manual pages +for smb.conf, but here is a <url url="Samba-Server-FAQ.html#Exporting" +name="quick answer guide."> + +<label id="ImpControl"><tag/Controlling user access:/ the quickest and dirtiest way of sharing +resources is to use <ref id="ShareModeSecurity" name="share level +security."> If you want to spend more time and have a proper username +and password database you must read the paragraph on <ref +id="DomainModeSecurity" name="domain mode security."> If you want +encryption (eg you are using Windows NT clients) follow the <url +url="Samba-Server-FAQ.html#SMBEncryptionSteps" name="SMB encryption +instructions."> + +<label id="ImpBrowse"><tag/Browsing:/ if you are happy to type in "\\samba-server\sharename" +at the client end then do not read any further. Otherwise you need to +understand the <ref id="BrowsingDefinitions" name="browsing terminology"> +and read <url url="Samba-Server-FAQ.html#NameBrowsing">. + +<label id="ImpPrint"><tag/Printing:/ See the <url url="Samba-Server-FAQ.html#Printing" +name="printing quick answer guide."> + +</descrip> + +If you have got everything working to this point, you can expect Samba +to be stable and secure: these are its greatest strengths. However Samba +has a great deal to offer and to go further you must do some more +reading. Speed and security optimisations, printer accounting, network +logons, roving profiles, browsing across multiple subnets and so on are +all covered either in this document or in those it refers to. + +<sect1> All Samba Documentation<p><label id=AllDocs> + +<itemize> + +<item> Meta-FAQ. This is the mother of all documents, and is the one you +are reading now. The latest version is always at <url +url="http://samba.org/[.....]"> but there is probably a much +nearer <url url="../MIRRORS" name="mirror site"> which you should use +instead. + +<item> <url url="Samba-Server-FAQ.html"> is the best starting point for +information about server-side issues. Includes configuration tips and +pointers for Samba on particular operating systems (with 40 to choose +from...) + +<item> <url url="Samba-Client-FAQ.html"> is the best starting point for +information about client-side issues, includes a list of all clients +that are known to work with Samba. + +<item> <url url="samba-man-index.html" name="manual pages"> contains +descriptions of and links to all the Samba manual pages, in Unix man and +postscript format. + +<item> <url url="samba-txt-index.html"> has descriptions of and links to +a large number of text files have been contributed to samba covering +many topics. These are gradually being absorbed into the FAQs and HOWTOs +but in the meantime you might find helpful answers here. + +<item> + +</itemize> + +<sect> General Information<p><label id="general_info"> + +All about Samba - what it is, how to get it, related sources of +information, how to understand the numbering scheme, pizza +details. + +<sect1> What is Samba?<p><label id="introduction"> + +Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server Message +Block) and CIFS (Common Internet Filesystem) protocols. Initially +written for Unix, Samba now also runs on Netware, OS/2, VMS, StratOS and +Amigas. Ports to BeOS and other operating systems are underway. Samba +gives the capability for these operating systems to behave much like a +LAN Server, Windows NT Server or Pathworks machine, only with added +functionality and flexibility designed to make life easier for +administrators. + +This means that using Samba you can share a server's disks and printers +to many sorts of network clients, including Lan Manager, Windows for +Workgroups, Windows NT, Linux, OS/2, and AIX. There is also a generic +client program supplied as part of the Samba suite which gives a user on +the server an ftp-like interface to access filespace and printers on any +other SMB/CIFS servers. + +SMB has been implemented over many protocols, including XNS, NBT, IPX, +NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to change +although there have been some requests for NetBEUI support. + +Many users report that compared to other SMB implementations Samba is +more stable, faster, and compatible with more clients. Administrators of +some large installations say that Samba is the only SMB server available +which will scale to many tens of thousands of users without crashing. +The easy way to test these claims is to download it and try it for +yourself! + +The suite is supplied with full source code under the <url +url="../COPYING" name="GNU Public License">. The GPL means that you can +use Samba for whatever purpose you wish (including changing the source +or selling it for money) but under all circumstances the source code +must be made freely available. A copy of the GPL must always be included +in any copy of the package. + +The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer. + +<sect1> What is the current version of Samba?<p><label id="current_version"> + +At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log"> + +For more information see <ref id="version_nums" name="What do the version numbers mean?"> + +<sect1> Where can I get it? <p><label id="WhereFrom"> + +The Samba suite is available via anonymous ftp from samba.org and +many <url url="../MIRRORS" name="mirror"> sites. You will get much +faster performance if you use a mirror site. The latest and greatest +versions of the suite are in the directory: + +/pub/samba/ + +Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are available +in the directory: + +/pub/samba/alpha + +Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Most Linux distributions, for example, do contain Samba +binaries for that platform. The VMS, OS/2, Netware and Amiga and other +ports typically have binaries made available. + +A special case is vendor-provided binary packages. Samba binaries and +default configuration files are put into packages for a specific +operating system. RedHat Linux and Sun Solaris (Sparc and x86) is +already included, and others such as OS/2 may follow. All packages are +in the directory: + +/pub/samba/Binary_Packages/"OS_Vendor" + +<sect1>What do the version numbers mean?<p><label id="version_nums"> + +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. + +How the scheme works: + +<enum> + +<item>When major changes are made the version number is increased. For +example, the transition from 1.9.16 to 1.9.17. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) + +<item>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. + +<item>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.17. + +<item>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.17p2. + +</enum> + +So the progression goes: + +<verb> + 1.9.16p10 (production) + 1.9.16p11 (production) + 1.9.17alpha1 (test sites only) + : + 1.9.17alpha20 (test sites only) + 1.9.17 (production) + 1.9.17p1 (production) +</verb> + +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. + +<sect1> Where can I go for further information?<p><label id="more"> + +There are a number of places to look for more information on Samba, +including: + +<itemize> + +<item>Two mailing lists devoted to discussion of Samba-related matters. +See below for subscription information. + +<item>The newsgroup comp.protocols.smb, which has a great deal of +discussion about Samba. + +<item>The WWW site 'SAMBA Web Pages' at <url +url="http://samba.org/samba/"> includes: + + <itemize> + <item>Links to man pages and documentation, including this FAQ + <item>A comprehensive survey of Samba users + <item>A searchable hypertext archive of the Samba mailing list + <item>Links to Samba source code, binaries, and mirrors of both + <item>This FAQ and the rest in its family + </itemize> + +</itemize> + +<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist"> + +Send email to <htmlurl url="mailto:listproc@samba.org" +name="listproc@samba.org">. Make sure the subject line is blank, +and include the following two lines in the body of the message: + +<tscreen><verb> +subscribe samba Firstname Lastname +subscribe samba-announce Firstname Lastname +</verb></tscreen> + +Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature, it +sometimes confuses the list processor. + +The samba list is a digest list - every eight hours or so it sends a +single message containing all the messages that have been received by +the list since the last time and sends a copy of this message to all +subscribers. There are thousands of people on this list. + +If you stop being interested in Samba, please send another email to +<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and +include the following two lines in the body of the message: + +<tscreen><verb> +unsubscribe samba +unsubscribe samba-announce +</verb></tscreen> + +The <bf>From:</bf> line in your message <em>MUST</em> be the same +address you used when you subscribed. + +<sect1> Something's gone wrong - what should I do?<p><label id="wrong"> + +<bf>[#] *** IMPORTANT! *** [#]</bf> +<p> + +DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here! + +<enum> <item> See if there are any likely looking entries in this FAQ! +If you have just installed Samba, have you run through the checklist in +<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" +name="DIAGNOSIS.txt">? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba +distribution. + +<item> Read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do. + +<item> If there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:". + +<item> If you need urgent help and are willing to pay for it see +<ref id="PaidSupport" name="Paid Support">. + +</enum> + +If you still haven't got anywhere, ask the mailing list or newsgroup. In +general nobody minds answering questions provided you have followed the +preceding steps. It might be a good idea to scan the archives of the +mailing list, which are available through the Samba web site described +in the previous section. When you post be sure to include a good +description of your environment and your problem. + +If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +that an explanation can be incorporated into the next version. + +<sect1> How do I submit patches or bug reports?<p> + +If you make changes to the source code, <em>please</em> submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do. + +Patch format +------------ + +If you are sending a patch to fix a problem then please don't just use +standard diff format. As an example, samba@samba.org received this patch from +someone: + +382a +#endif +.. +381a +#if !defined(NEWS61) + +How are we supposed to work out what this does and where it goes? These +sort of patches only work if we both have identical files in the first +place. The Samba sources are constantly changing at the hands of multiple +developers, so it doesn't work. + +Please use either context diffs or (even better) unified diffs. You +get these using "diff -c4" or "diff -u". If you don't have a diff that +can generate these then please send manualy commented patches to I +know what is being changed and where. Most patches are applied by hand so +the info must be clear. + +This is a basic guideline that will assist us with assessing your problem +more efficiently : + +Machine Arch: +Machine OS: +OS Version: +Kernel: + +Compiler: +Libc Version: + +Samba Version: + +Network Layout (description): + +What else is on machine (services, etc): + +Some extras : + +<itemize> + +<item> what you did and what happened + +<item> relevant parts of a debugging output file with debuglevel higher. + If you can't find the relevant parts, please ask before mailing + huge files. + +<item> anything else you think is useful to trace down the bug + +</itemize> + +<sect1> What if I have an URGENT message for the developers?<p> + +If you have spotted something very serious and believe that it is +important to contact the developers quickly send a message to +samba-urgent@samba.org. This will be processed more quickly than +mail to samba@samba.org. Please think carefully before using this address. An +example of its use might be to report a security hole. + +Examples of things <em>not</em> to send to samba-urgent include problems +getting Samba to work at all and bugs that cannot potentially cause damage. + +<sect1> What if I need paid-for support?<p><label id=PaidSupport> + +Samba has a large network of consultants who provide Samba support on a +commercial basis. The list is included in the package in <url +url="../Support.txt">, and the latest version will always be on the main +samba ftp site. Any company in the world can request that the samba team +include their details in Support.txt so we can give no guarantee of +their services. + +<sect1> Pizza supply details<p><label id="pizza"> +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. + +<enum> +<item> Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US. + +<item>Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. + +<item>Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) + +<item>Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. + +</enum> + +<sect>About the CIFS and SMB Protocols<p><label id="CifsSmb"> + +<sect1> What is the Server Message Block (SMB) Protocol?<p> +SMB is a filesharing protocol that has had several maintainers and +contributors over the years including Xerox, 3Com and most recently +Microsoft. Names for this protocol include LAN Manager and Microsoft +Networking. Parts of the specification has been made public at several +versions including in an X/Open document, as listed at +<url url="ftp://ftp.microsoft.com/developr/drg/CIFS/">. No specification +releases were made between 1992 and 1996, and during that period +Microsoft became the SMB implementor with the largest market share. +Microsoft developed the specification further for its products but for +various reasons connected with developer's workload rather than market +strategy did not make the changes public. This culminated with the +"Windows NT 0.12" version released with NT 3.5 in 1995 which had significant +improvements and bugs. Because Microsoft client systems are so popular, +it is fair to say that what Microsoft with Windows affects all suppliers +of SMB server products. + +From 1994 Andrew Tridgell began doing some serious work on his +Smbserver (now Samba) product and with some helpers started to +implement more and more of these protocols. Samba began to take +a significant share of the SMB server market. + +<sect1> What is the Common Internet Filesystem (CIFS)?<p> +The initial pressure for Microsoft to document their current SMB +implementation came from the Samba team, who kept coming across things +on the wire that Microsoft either didn't know about or hadn't documented +anywhere (even in the sourcecode to Windows NT.) Then Sun Microsystems +came out with their WebNFS initiative, designed to replace FTP for file +transfers on the Internet. There are many drawbacks to WebNFS (including +its scope - it aims to replace HTTP as well!) but the concept was +attractive. FTP is not very clever, and why should it be harder to get +files from across the world than across the room? + +Some hasty revisions were made and an Internet Draft for the Common +Internet Filesystem (CIFS) was released. Note that CIFS is not an +Internet standard and is a very long way from becoming one, BUT the +protocol specification is in the public domain and ongoing discussions +concerning the spec take place on a public mailing list according to the +rules of the Internet Engineering Task Force. For more information and +pointers see <url url="http://samba.org/cifs/"> + +The following is taken from <url url="http://www.microsoft.com/intdev/cifs/"> + +<verb> + CIFS defines a standard remote file system access protocol for use + over the Internet, enabling groups of users to work together and + share documents across the Internet or within their corporate + intranets. CIFS is an open, cross-platform technology based on the + native file-sharing protocols built into Microsoft® Windows® and + other popular PC operating systems, and supported on dozens of + other platforms, including UNIX®. With CIFS, millions of computer + users can open and share remote files on the Internet without having + to install new software or change the way they work." +</verb> + +If you consider CIFS as a backwardsly-compatible refinement of SMB that +will work reasonably efficiently over the Internet you won't be too far +wrong. + +The net effect is that Microsoft is now documenting large parts of their +Windows NT fileserver protocols. The security concepts embodied in +Windows NT are part of the specification, which is why Samba +documentation often talks in terms of Windows NT. However there is no +reason why a site shouldn't conduct all its file and printer sharing +with CIFS and yet have no Microsoft products at all. + +<sect1> What is Browsing? <p> +The term "Browsing" causes a lot of confusion. It is the part of the +SMB/CIFS protocol which allows for resource discovery. For example, in +the Windows NT Explorer it is possible to see a "Network Neighbourhood" +of computers in the same SMB workgroup. Clicking on the name of one of +these machines brings up a list of file and printer resources for +connecting to. In this way you can cruise the network, seeing what +things are available. How this scales to the Internet is a subject for +debate. Look at the CIFS list archives to see what the experts think. + +<sect>Designing A SMB and CIFS Network<p> + +The big issues for installing any network of LAN or WAN file and print +servers are + +<itemize> + +<item>How and where usernames, passwords and other security information +is stored + +<item>What method can be used for locating the resources that users have +permission to use + +<item>What protocols the clients can converse with + +</itemize> + +If you buy Netware, Windows NT or just about any other LAN fileserver +product you are expected to lock yourself into the product's preferred +answers to these questions. This tendancy is restrictive and often very +expensive for a site where there is only one kind of client or server, +and for sites with a mixture of operating systems it often makes it +impossible to share resources between some sets of users. + +The Samba philosophy is to make things as easy as possible for +administators, which means allowing as many combinations of clients, +servers, operating systems and protocols as possible. + +<sect1>Workgroups, Domains, Authentication and Browsing<p> + +From the point of view of networking implementation, Domains and +Workgroups are <em>exactly</em> the same, except for the client logon +sequence. Some kind of distributed authentication database is associated +with a domain (there are quite a few choices) and this adds so much +flexibility that many people think of a domain as a completely different +entity to a workgroup. From Samba's point of view a client connecting to +a service presents an authentication token, and it if it is valid they +have access. Samba does not care what mechanism was used to generate +that token in the first place. + +The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +However the network browsing functionality of domains and workgroups is +identical and is explained in <url url="../BROWSING.txt">. + +There are some implementation differences: Windows 95 can be a member of +both a workgroup and a domain, but Windows NT cannot. Windows 95 also +has the concept of an "alternative workgroup". Samba can only be a +member of a single workgroup or domain, although this is due to change +with a future version when nmbd will be split into two daemons, one for +WINS and the other for browsing (<url url="../NetBIOS.txt"> explains +what WINS is.) + +<sect2> Defining the Terms<p><label id="BrowseAndDomainDefs"> + +<descrip> + +<tag/Workgroup/ means a collection of machines that maintain a common +browsing database containing information about their shared resources. +They do not necessarily have any security information in common (if they +do, it gets called a Domain.) The browsing database is dynamic, modified +as servers come and go on the network and as resources are added or +deleted. The term "browsing" refers to a user accessing the database via +whatever interface the client provides, eg the OS/2 Workplace Shell or +Windows 95 Explorer. SMB servers agree between themselves as to which +ones will maintain the browsing database. Workgroups can be anywhere on +a connected TCP/IP network, including on different subnets or even on +the Interet. This is a very tricky part of SMB to implement. + +<tag/Master Browsers/ are machines which holds the master browsing +database for a workgroup or domain. There are two kinds of Master Browser: + +<itemize> + +<item> Domain Master Browser, which holds the master browsing +information for an entire domain, which may well cross multiple TCP/IP +subnets. + +<item> Local Master Browser, which holds the master browsing database +for a particular subnet and communicates with the Domain Master Browser +to get information on other subnets. + +</itemize> + +Subnets are differentiated because browsing is based on broadcasts, and +broadcasts do not pass through routers. Subnets are not routed: while it +is possible to have more than one subnet on a single network segment +this is regarded as very bad practice. + +Master Browsers (both Domain and Local) are elected dynamically +according to an algorithm which is supposed to take into account the +machine's ability to sustain the browsing load. Samba can be configured +to always act as a master browser, ie it always wins elections under all +circumstances, even against systems such as a Windows NT Primary Domain +Controller which themselves expect to win. + +There are also Backup Browsers which are promoted to Master Browsers in +the event of a Master Browser disappearing from the network. + +Alternative terms include confusing variations such as "Browse Master", +and "Master Browser" which we are trying to eliminate from the Samba +documentation. + +<tag/Domain Controller/ is a term which comes from the Microsoft and IBM +etc implementation of the LAN Manager protocols. It is tied to +authentication. There are other ways of doing domain authentication, but +the Windows NT method has a large market share. The general issues are +discussed in <url url="../DOMAIN.txt"> and a Windows NT-specific +discussion is in <url url="../DOMAIN_CONTROL.txt">. + +</descrip> + +<sect2>Sharelevel (Workgroup) Security Services<p><label id="ShareModeSecurity"> + +With the Samba setting "security = SHARE", all shared resources +information about what password is associated with them but only hints +as to what usernames might be valid (the hint can be 'all users', in +which case any username will work. This is usually a bad idea, but +reflects both the initial implementations of SMB in the mid-80s and +its reincarnation with Windows for Workgroups in 1992. The idea behind +workgroup security was that small independant groups of people could +share information on an ad-hoc basis without there being an +authentication infrastructure present or requiring them to do more than +fill in a dialogue box. + +<sect2>Authentication Domain Mode Services<p><label id="DomainModeSecurity"> + +With the Samba settings "security = USER" or "security = SERVER" +accesses to all resources are checked for username/password pair matches +in a more rigorous manner. To the client, this has the effect of +emulating a Microsoft Domain. The client is not concerned whether or not +Samba looks up a Windows NT SAM or does it in some other way. + +<sect1>Authentication Schemes<p> + +In the simple case authentication information is stored on a single +server and the user types a password on connecting for the first time. +However client operating systems often require a password before they +can be used at all, and in addition users usually want access to more +than one server. Asking users to remember many different passwords in +different contexts just does not work. Some kind of distributed +authentication database is needed. It must cope with password changes +and provide for assigning groups of users the same level of access +permissions. This is why Samba installations often choose to implement a +Domain model straight away. + +Authentication decisions are some of the biggest in designing a network. +Are you going to use a scheme native to the client operating system, +native to the server operating system, or newly installed on both? A +list of options relevant to Samba (ie that make sense in the context of +the SMB protocol) follows. Any experiences with other setups would be +appreciated. [refer to server FAQ for "passwd chat" passwd program +password server etc etc...] + +<sect2>NIS<p> + +For Windows 95, Windows for Workgroups and most other clients Samba can +be a domain controller and share the password database via NIS +transparently. Windows NT is different. +<url url="http://www.dcs.qmw.ac.uk/~williams" name="Free NIS NT client"> + +<sect2>Kerberos<p> + +Kerberos for US users only: +<url url="http://www.cygnus.com/product/unifying-security.html" +name="Kerberos overview"> +<url url="http://www.cygnus.com/product/kerbnet-download.html" +name="Download Kerberos"> + +<sect2>FTP<p> + +Other NT w/s logon hack via NT + +<sect2>Default Server Method<p> + +<sect2>Client-side Database Only<p> + +<sect1>Post-Authentication: Netlogon, Logon Scripts, Profiles<p> + +See <url url="../DOMAIN.txt"> + +<sect>Cross-Protocol File Sharing<p> + +Samba is an important tool for... + +It is possible to... + +File protocol gateways... + +"Setting up a Linux File Server" http://vetrec.mit.edu/people/narf/linux.html + +Two free implementations of Appletalk for Unix are Netatalk, <url +url="http://www.umich.edu/~rsug/netatalk/">, and CAP, <url +url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see <url +url="http://www.eats.com/linux_mac_win.html"> 3.5) Sniffing your nework + + +<sect>Miscellaneous<p><label id="miscellaneous"> +<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant"> +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000. + +</article> diff --git a/docs/faq/Samba-meta-FAQ.txt b/docs/faq/Samba-meta-FAQ.txt new file mode 100644 index 00000000000..01fc8d6ccf1 --- /dev/null +++ b/docs/faq/Samba-meta-FAQ.txt @@ -0,0 +1,924 @@ + Samba meta FAQ + Dan Shearer & Paul Blackman, ictinus@samba.org + v 0.3, 7 Oct '97 + + This is the meta-Frequently Asked Questions (FAQ) document for Samba, + the free and very popular SMB and CIFS server product. It contains + overview information for the Samba suite of programs, a quick-start + guide, and pointers to all other Samba documentation. Other FAQs exist + for specific client and server issues, and HOWTO documents for more + extended topics to do with Samba software. Current to version Samba + 1.9.17. Please send any corrections to the author. + ______________________________________________________________________ + + Table of Contents: + + 1. Quick Reference Guides to Samba Documentation + + 1.1. Samba for the Impatient + + 1.2. All Samba Documentation + + 2. General Information + + 2.1. What is Samba? + + 2.2. What is the current version of Samba? + + 2.3. Where can I get it? + + 2.4. What do the version numbers mean? + + 2.5. Where can I go for further information? + + 2.6. How do I subscribe to the Samba Mailing Lists? + + 2.7. Something's gone wrong - what should I do? + + 2.8. How do I submit patches or bug reports? + + 2.9. What if I have an URGENT message for the developers? + + 2.10. What if I need paid-for support? + + 2.11. Pizza supply details + + 3. About the CIFS and SMB Protocols + + 3.1. What is the Server Message Block (SMB) Protocol? + + 3.2. What is the Common Internet Filesystem (CIFS)? + + 3.3. What is Browsing? + + 4. Designing A SMB and CIFS Network + + 4.1. Workgroups, Domains, Authentication and Browsing + + 4.1.1. Defining the Terms + + 4.1.2. Sharelevel (Workgroup) Security Services + + 4.1.3. Authentication Domain Mode Services + + 4.2. Authentication Schemes + + + 4.2.1. NIS + + 4.2.2. Kerberos + + 4.2.3. FTP + + 4.2.4. Default Server Method + + 4.2.5. Client-side Database Only + + 4.3. Post-Authentication: Netlogon, Logon Scripts, Profiles + + 5. Cross-Protocol File Sharing + + 6. Miscellaneous + + 6.1. Is Samba Year 2000 compliant? + ______________________________________________________________________ + + 11.. QQuuiicckk RReeffeerreennccee GGuuiiddeess ttoo SSaammbbaa DDooccuummeennttaattiioonn + + + We are endeavouring to provide links here to every major class of + information about Samba or things related to Samba. We cannot list + every document, but we are aiming for all documents to be at most two + referrals from those listed here. This needs constant maintaining, so + please send the author your feedback. + + + 11..11.. SSaammbbaa ffoorr tthhee IImmppaattiieenntt + + + You know you should read the documentation but can't wait to start? + What you need to do then is follow the instructions in the following + documents in the order given. This should be enough to get a fairly + simple site going quickly. If you have any problems, refer back to + this meta-FAQ and follow the links to find more reading material. + + + + GGeettttiinngg SSaammbbaa:: + The fastest way to get Samba going is and install it is to have + an operating system for which the Samba team has put together an + installation package. To see if your OS is included have a look + at the directory /pub/samba/Binary_Packages/"OS_Vendor" on your + nearest mirror site <../MIRRORS>. If it is included follow the + installation instructions in the README file there and then do + some ``basic testing''. If you are not so fortunate, follow the + normal ``download instructions'' and then continue with + ``building and installing Samba''. + + + BBuuiillddiinngg aanndd IInnssttaalllliinngg SSaammbbaa:: + At the moment there are two kinds of Samba server installs + besides the prepackaged binaries mentioned in the previous step. + You need to decide if you have a Unix or close relative + <../UNIX_INSTALL.txt> or other supported operating system + <Samba-Server-FAQ.html#PortInfo>. + + + BBaassiicc TTeessttiinngg:: + Try to connect using the supplied smbclient command-line + program. You need to know the IP hostname of your server. A + service name must be defined in smb.conf, as given in the + examples (under many operating systems if there is a homes + service you can just use a valid username.) Then type smbclient + \hostnamevicename Under most Unixes you will need to put the + parameters within quotation marks. If this works, try connecting + from one of the SMB clients you were planning to use with Samba. + + + DDeebbuugg sseeqquueennccee:: + If you think you have completed the previous step and things + aren't working properly work through the diagnosis recipe. + <../DIAGNOSIS.txt> + + + EExxppoorrttiinngg ffiilleess ttoo SSMMBB cclliieennttss:: + You should read the manual pages for smb.conf, but here is a + quick answer guide. <Samba-Server-FAQ.html#Exporting> + + + CCoonnttrroolllliinngg uusseerr aacccceessss:: + the quickest and dirtiest way of sharing resources is to use + ``share level security.'' If you want to spend more time and + have a proper username and password database you must read the + paragraph on ``domain mode security.'' If you want encryption + (eg you are using Windows NT clients) follow the SMB encryption + instructions. <Samba-Server-FAQ.html#SMBEncryptionSteps> + + + BBrroowwssiinngg:: + if you are happy to type in "\samba-serverrename" at the client + end then do not read any further. Otherwise you need to + understand the ``browsing terminology'' and read <Samba-Server- + FAQ.html#NameBrowsing>. + + + PPrriinnttiinngg:: + See the printing quick answer guide. <Samba-Server- + FAQ.html#Printing> + + + If you have got everything working to this point, you can expect Samba + to be stable and secure: these are its greatest strengths. However + Samba has a great deal to offer and to go further you must do some + more reading. Speed and security optimisations, printer accounting, + network logons, roving profiles, browsing across multiple subnets and + so on are all covered either in this document or in those it refers + to. + + + 11..22.. AAllll SSaammbbaa DDooccuummeennttaattiioonn + + + + +o Meta-FAQ. This is the mother of all documents, and is the one you + are reading now. The latest version is always at + <http://samba.org/[.....]> but there is probably a much + nearer mirror site <../MIRRORS> which you should use instead. + + +o <Samba-Server-FAQ.html> is the best starting point for information + about server-side issues. Includes configuration tips and pointers + for Samba on particular operating systems (with 40 to choose + from...) + + +o <Samba-Client-FAQ.html> is the best starting point for information + about client-side issues, includes a list of all clients that are + known to work with Samba. + + +o manual pages <samba-man-index.html> contains descriptions of and + links to all the Samba manual pages, in Unix man and postscript + format. + + +o <samba-txt-index.html> has descriptions of and links to a large + number of text files have been contributed to samba covering many + topics. These are gradually being absorbed into the FAQs and HOWTOs + but in the meantime you might find helpful answers here. + + +o + + + 22.. GGeenneerraall IInnffoorrmmaattiioonn + + + All about Samba - what it is, how to get it, related sources of + information, how to understand the numbering scheme, pizza details. + + + 22..11.. WWhhaatt iiss SSaammbbaa?? + + + Samba is a suite of programs which work together to allow clients to + access to a server's filespace and printers via the SMB (Server + Message Block) and CIFS (Common Internet Filesystem) protocols. + Initially written for Unix, Samba now also runs on Netware, OS/2, VMS, + StratOS and Amigas. Ports to BeOS and other operating systems are + underway. Samba gives the capability for these operating systems to + behave much like a LAN Server, Windows NT Server or Pathworks machine, + only with added functionality and flexibility designed to make life + easier for administrators. + + This means that using Samba you can share a server's disks and + printers to many sorts of network clients, including Lan Manager, + Windows for Workgroups, Windows NT, Linux, OS/2, and AIX. There is + also a generic client program supplied as part of the Samba suite + which gives a user on the server an ftp-like interface to access + filespace and printers on any other SMB/CIFS servers. + + SMB has been implemented over many protocols, including XNS, NBT, IPX, + NetBEUI and TCP/IP. Samba only uses TCP/IP. This is not likely to + change although there have been some requests for NetBEUI support. + + Many users report that compared to other SMB implementations Samba is + more stable, faster, and compatible with more clients. Administrators + of some large installations say that Samba is the only SMB server + available which will scale to many tens of thousands of users without + crashing. The easy way to test these claims is to download it and try + it for yourself! + + The suite is supplied with full source code under the GNU Public + License <../COPYING>. The GPL means that you can use Samba for + whatever purpose you wish (including changing the source or selling it + for money) but under all circumstances the source code must be made + freely available. A copy of the GPL must always be included in any + copy of the package. + + The primary creator of the Samba suite is Andrew Tridgell. Later + versions incorporate much effort by many net.helpers. The man pages + and this FAQ were originally written by Karl Auer. + + + 22..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? + + + At time of writing, the current version was 1.9.17. If you want to be + sure check the bottom of the change-log file. + <ftp://samba.org/pub/samba/alpha/change-log> + For more information see ``What do the version numbers mean?'' + + + 22..33.. WWhheerree ccaann II ggeett iitt?? + + + The Samba suite is available via anonymous ftp from samba.org + and many mirror <../MIRRORS> sites. You will get much faster + performance if you use a mirror site. The latest and greatest versions + of the suite are in the directory: + + /pub/samba/ + + Development (read "alpha") versions, which are NOT necessarily stable + and which do NOT necessarily have accurate documentation, are + available in the directory: + + /pub/samba/alpha + + Note that binaries are NOT included in any of the above. Samba is + distributed ONLY in source form, though binaries may be available from + other sites. Most Linux distributions, for example, do contain Samba + binaries for that platform. The VMS, OS/2, Netware and Amiga and other + ports typically have binaries made available. + + A special case is vendor-provided binary packages. Samba binaries and + default configuration files are put into packages for a specific + operating system. RedHat Linux and Sun Solaris (Sparc and x86) is + already included, and others such as OS/2 may follow. All packages are + in the directory: + + /pub/samba/Binary_Packages/"OS_Vendor" + + + 22..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? + + + It is not recommended that you run a version of Samba with the word + "alpha" in its name unless you know what you are doing and are willing + to do some debugging. Many, many people just get the latest + recommended stable release version and are happy. If you are brave, by + all means take the plunge and help with the testing and development - + but don't install it on your departmental server. Samba is typically + very stable and safe, and this is mostly due to the policy of many + public releases. + + How the scheme works: + + + 1. When major changes are made the version number is increased. For + example, the transition from 1.9.16 to 1.9.17. However, this + version number will not appear immediately and people should + continue to use 1.9.15 for production systems (see next point.) + + 2. Just after major changes are made the software is considered + unstable, and a series of alpha releases are distributed, for + example 1.9.16alpha1. These are for testing by those who know what + they are doing. The "alpha" in the filename will hopefully scare + off those who are just looking for the latest version to install. + + 3. When Andrew thinks that the alphas have stabilised to the point + where he would recommend new users install it, he renames it to the + same version number without the alpha, for example 1.9.17. + + 4. Inevitably bugs are found in the "stable" releases and minor patch + levels are released which give us the pXX series, for example + 1.9.17p2. + + So the progression goes: + + + 1.9.16p10 (production) + 1.9.16p11 (production) + 1.9.17alpha1 (test sites only) + : + 1.9.17alpha20 (test sites only) + 1.9.17 (production) + 1.9.17p1 (production) + + + + The above system means that whenever someone looks at the samba ftp + site they will be able to grab the highest numbered release without an + alpha in the name and be sure of getting the current recommended + version. + + + 22..55.. WWhheerree ccaann II ggoo ffoorr ffuurrtthheerr iinnffoorrmmaattiioonn?? + + + There are a number of places to look for more information on Samba, + including: + + + +o Two mailing lists devoted to discussion of Samba-related matters. + See below for subscription information. + + +o The newsgroup comp.protocols.smb, which has a great deal of + discussion about Samba. + + +o The WWW site 'SAMBA Web Pages' at <http://samba.org/samba/> + includes: + + + +o Links to man pages and documentation, including this FAQ + + +o A comprehensive survey of Samba users + + +o A searchable hypertext archive of the Samba mailing list + + +o Links to Samba source code, binaries, and mirrors of both + + +o This FAQ and the rest in its family + + + + 22..66.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? + + + Send email to listproc@samba.org. Make sure the subject line is + blank, and include the following two lines in the body of the message: + + + + subscribe samba Firstname Lastname + subscribe samba-announce Firstname Lastname + + + + + Obviously you should substitute YOUR first name for "Firstname" and + YOUR last name for "Lastname"! Try not to send any signature, it + sometimes confuses the list processor. + + The samba list is a digest list - every eight hours or so it sends a + single message containing all the messages that have been received by + the list since the last time and sends a copy of this message to all + subscribers. There are thousands of people on this list. + + If you stop being interested in Samba, please send another email to + listproc@samba.org. Make sure the subject line is blank, and + include the following two lines in the body of the message: + + + + unsubscribe samba + unsubscribe samba-announce + + + + + The FFrroomm:: line in your message _M_U_S_T be the same address you used when + you subscribed. + + + 22..77.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? + + + ## ****** IIMMPPOORRTTAANNTT!! ****** ## + + + DO NOT post messages on mailing lists or in newsgroups until you have + carried out the first three steps given here! + + + 1. See if there are any likely looking entries in this FAQ! If you + have just installed Samba, have you run through the checklist in + DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It + can save you a lot of time and effort. DIAGNOSIS.txt can also be + found in the docs directory of the Samba distribution. + + 2. Read the man pages for smbd, nmbd and smb.conf, looking for topics + that relate to what you are trying to do. + + 3. If there is no obvious solution to hand, try to get a look at the + log files for smbd and/or nmbd for the period during which you were + having problems. You may need to reconfigure the servers to provide + more extensive debugging information - usually level 2 or level 3 + provide ample debugging info. Inspect these logs closely, looking + particularly for the string "Error:". + + 4. If you need urgent help and are willing to pay for it see ``Paid + Support''. + + If you still haven't got anywhere, ask the mailing list or newsgroup. + In general nobody minds answering questions provided you have followed + the preceding steps. It might be a good idea to scan the archives of + the mailing list, which are available through the Samba web site + described in the previous section. When you post be sure to include a + good description of your environment and your problem. + + If you successfully solve a problem, please mail the FAQ maintainer a + succinct description of the symptom, the problem and the solution, so + that an explanation can be incorporated into the next version. + + + + + 22..88.. HHooww ddoo II ssuubbmmiitt ppaattcchheess oorr bbuugg rreeppoorrttss?? + + + If you make changes to the source code, _p_l_e_a_s_e submit these patches so + that everyone else gets the benefit of your work. This is one of the + most important aspects to the maintainence of Samba. Send all patches + to samba@samba.org. Do not send patches to Andrew Tridgell + or any other individual, they may be lost if you do. + + Patch format ------------ + + If you are sending a patch to fix a problem then please don't just use + standard diff format. As an example, samba@samba.org received this patch + from someone: + + 382a #endif 381a #if !defined(NEWS61) + + How are we supposed to work out what this does and where it goes? + These sort of patches only work if we both have identical files in the + first place. The Samba sources are constantly changing at the hands of + multiple developers, so it doesn't work. + + Please use either context diffs or (even better) unified diffs. You + get these using "diff -c4" or "diff -u". If you don't have a diff that + can generate these then please send manualy commented patches to I + know what is being changed and where. Most patches are applied by hand + so the info must be clear. + + This is a basic guideline that will assist us with assessing your + problem more efficiently : + + Machine Arch: Machine OS: OS Version: Kernel: + + Compiler: Libc Version: + + Samba Version: + + Network Layout (description): + + What else is on machine (services, etc): + + Some extras : + + + +o what you did and what happened + + +o relevant parts of a debugging output file with debuglevel higher. + If you can't find the relevant parts, please ask before mailing + huge files. + + +o anything else you think is useful to trace down the bug + + + 22..99.. WWhhaatt iiff II hhaavvee aann UURRGGEENNTT mmeessssaaggee ffoorr tthhee ddeevveellooppeerrss?? + + + If you have spotted something very serious and believe that it is + important to contact the developers quickly send a message to samba- + urgent@samba.org. This will be processed more quickly than mail + to samba@samba.org. Please think carefully before using this address. An + example of its use might be to report a security hole. + + Examples of things _n_o_t to send to samba-urgent include problems + getting Samba to work at all and bugs that cannot potentially cause + damage. + + 22..1100.. WWhhaatt iiff II nneeeedd ppaaiidd--ffoorr ssuuppppoorrtt?? + + + Samba has a large network of consultants who provide Samba support on + a commercial basis. The list is included in the package in + <../Support.txt>, and the latest version will always be on the main + samba ftp site. Any company in the world can request that the samba + team include their details in Support.txt so we can give no guarantee + of their services. + + + 22..1111.. PPiizzzzaa ssuuppppllyy ddeettaaiillss + + + Those who have registered in the Samba survey as "Pizza Factory" will + already know this, but the rest may need some help. Andrew doesn't ask + for payment, but he does appreciate it when people give him pizza. + This calls for a little organisation when the pizza donor is twenty + thousand kilometres away, but it has been done. + + + 1. Ring up your local branch of an international pizza chain and see + if they honour their vouchers internationally. Pizza Hut do, which + is how the entire Canberra Linux Users Group got to eat pizza one + night, courtesy of someone in the US. + + 2. Ring up a local pizza shop in Canberra and quote a credit card + number for a certain amount, and tell them that Andrew will be + collecting it (don't forget to tell him.) One kind soul from + Germany did this. + + 3. Purchase a pizza voucher from your local pizza shop that has no + international affiliations and send it to Andrew. It is completely + useless but he can hang it on the wall next to the one he already + has from Germany :-) + + 4. Air freight him a pizza with your favourite regional flavours. It + will probably get stuck in customs or torn apart by hungry sniffer + dogs but it will have been a noble gesture. + + + 33.. AAbboouutt tthhee CCIIFFSS aanndd SSMMBB PPrroottooccoollss + + + + 33..11.. WWhhaatt iiss tthhee SSeerrvveerr MMeessssaaggee BBlloocckk ((SSMMBB)) PPrroottooccooll?? + + SMB is a filesharing protocol that has had several maintainers and + contributors over the years including Xerox, 3Com and most recently + Microsoft. Names for this protocol include LAN Manager and Microsoft + Networking. Parts of the specification has been made public at several + versions including in an X/Open document, as listed at + <ftp://ftp.microsoft.com/developr/drg/CIFS/>. No specification + releases were made between 1992 and 1996, and during that period + Microsoft became the SMB implementor with the largest market share. + Microsoft developed the specification further for its products but for + various reasons connected with developer's workload rather than market + strategy did not make the changes public. This culminated with the + "Windows NT 0.12" version released with NT 3.5 in 1995 which had + significant improvements and bugs. Because Microsoft client systems + are so popular, it is fair to say that what Microsoft with Windows + affects all suppliers of SMB server products. + + From 1994 Andrew Tridgell began doing some serious work on his + Smbserver (now Samba) product and with some helpers started to + implement more and more of these protocols. Samba began to take a + significant share of the SMB server market. + + + 33..22.. WWhhaatt iiss tthhee CCoommmmoonn IInntteerrnneett FFiilleessyysstteemm ((CCIIFFSS))?? + + The initial pressure for Microsoft to document their current SMB + implementation came from the Samba team, who kept coming across things + on the wire that Microsoft either didn't know about or hadn't + documented anywhere (even in the sourcecode to Windows NT.) Then Sun + Microsystems came out with their WebNFS initiative, designed to + replace FTP for file transfers on the Internet. There are many + drawbacks to WebNFS (including its scope - it aims to replace HTTP as + well!) but the concept was attractive. FTP is not very clever, and why + should it be harder to get files from across the world than across the + room? + + Some hasty revisions were made and an Internet Draft for the Common + Internet Filesystem (CIFS) was released. Note that CIFS is not an + Internet standard and is a very long way from becoming one, BUT the + protocol specification is in the public domain and ongoing discussions + concerning the spec take place on a public mailing list according to + the rules of the Internet Engineering Task Force. For more information + and pointers see <http://samba.org/cifs/> + + The following is taken from <http://www.microsoft.com/intdev/cifs/> + + + CIFS defines a standard remote file system access protocol for use + over the Internet, enabling groups of users to work together and + share documents across the Internet or within their corporate + intranets. CIFS is an open, cross-platform technology based on the + native file-sharing protocols built into Microsoft Windows and + other popular PC operating systems, and supported on dozens of + other platforms, including UNIX. With CIFS, millions of computer + users can open and share remote files on the Internet without having + to install new software or change the way they work." + + + + If you consider CIFS as a backwardsly-compatible refinement of SMB + that will work reasonably efficiently over the Internet you won't be + too far wrong. + + The net effect is that Microsoft is now documenting large parts of + their Windows NT fileserver protocols. The security concepts embodied + in Windows NT are part of the specification, which is why Samba + documentation often talks in terms of Windows NT. However there is no + reason why a site shouldn't conduct all its file and printer sharing + with CIFS and yet have no Microsoft products at all. + + + 33..33.. WWhhaatt iiss BBrroowwssiinngg?? + + The term "Browsing" causes a lot of confusion. It is the part of the + SMB/CIFS protocol which allows for resource discovery. For example, in + the Windows NT Explorer it is possible to see a "Network + Neighbourhood" of computers in the same SMB workgroup. Clicking on the + name of one of these machines brings up a list of file and printer + resources for connecting to. In this way you can cruise the network, + seeing what things are available. How this scales to the Internet is a + subject for debate. Look at the CIFS list archives to see what the + experts think. + + + + + 44.. DDeessiiggnniinngg AA SSMMBB aanndd CCIIFFSS NNeettwwoorrkk + + + The big issues for installing any network of LAN or WAN file and print + servers are + + + +o How and where usernames, passwords and other security information + is stored + + +o What method can be used for locating the resources that users have + permission to use + + +o What protocols the clients can converse with + + + If you buy Netware, Windows NT or just about any other LAN fileserver + product you are expected to lock yourself into the product's preferred + answers to these questions. This tendancy is restrictive and often + very expensive for a site where there is only one kind of client or + server, and for sites with a mixture of operating systems it often + makes it impossible to share resources between some sets of users. + + The Samba philosophy is to make things as easy as possible for + administators, which means allowing as many combinations of clients, + servers, operating systems and protocols as possible. + + + 44..11.. WWoorrkkggrroouuppss,, DDoommaaiinnss,, AAuutthheennttiiccaattiioonn aanndd BBrroowwssiinngg + + + From the point of view of networking implementation, Domains and + Workgroups are _e_x_a_c_t_l_y the same, except for the client logon sequence. + Some kind of distributed authentication database is associated with a + domain (there are quite a few choices) and this adds so much + flexibility that many people think of a domain as a completely + different entity to a workgroup. From Samba's point of view a client + connecting to a service presents an authentication token, and it if it + is valid they have access. Samba does not care what mechanism was used + to generate that token in the first place. + + The SMB client logging on to a domain has an expectation that every + other server in the domain should accept the same authentication + information. However the network browsing functionality of domains + and workgroups is identical and is explained in <../BROWSING.txt>. + + There are some implementation differences: Windows 95 can be a member + of both a workgroup and a domain, but Windows NT cannot. Windows 95 + also has the concept of an "alternative workgroup". Samba can only be + a member of a single workgroup or domain, although this is due to + change with a future version when nmbd will be split into two daemons, + one for WINS and the other for browsing ( <../NetBIOS.txt> explains + what WINS is.) + + + 44..11..11.. DDeeffiinniinngg tthhee TTeerrmmss + + + + + WWoorrkkggrroouupp + means a collection of machines that maintain a common browsing + database containing information about their shared resources. + They do not necessarily have any security information in common + (if they do, it gets called a Domain.) The browsing database is + dynamic, modified as servers come and go on the network and as + resources are added or deleted. The term "browsing" refers to a + user accessing the database via whatever interface the client + provides, eg the OS/2 Workplace Shell or Windows 95 Explorer. + SMB servers agree between themselves as to which ones will + maintain the browsing database. Workgroups can be anywhere on a + connected TCP/IP network, including on different subnets or even + on the Interet. This is a very tricky part of SMB to implement. + + + MMaasstteerr BBrroowwsseerrss + are machines which holds the master browsing database for a + workgroup or domain. There are two kinds of Master Browser: + + + +o Domain Master Browser, which holds the master browsing + information for an entire domain, which may well cross multiple + TCP/IP subnets. + + +o Local Master Browser, which holds the master browsing database + for a particular subnet and communicates with the Domain Master + Browser to get information on other subnets. + + Subnets are differentiated because browsing is based on + broadcasts, and broadcasts do not pass through routers. Subnets + are not routed: while it is possible to have more than one + subnet on a single network segment this is regarded as very bad + practice. + + Master Browsers (both Domain and Local) are elected dynamically + according to an algorithm which is supposed to take into account + the machine's ability to sustain the browsing load. Samba can be + configured to always act as a master browser, ie it always wins + elections under all circumstances, even against systems such as + a Windows NT Primary Domain Controller which themselves expect + to win. + + There are also Backup Browsers which are promoted to Master + Browsers in the event of a Master Browser disappearing from the + network. + + Alternative terms include confusing variations such as "Browse + Master", and "Master Browser" which we are trying to eliminate + from the Samba documentation. + + + DDoommaaiinn CCoonnttrroolllleerr + is a term which comes from the Microsoft and IBM etc + implementation of the LAN Manager protocols. It is tied to + authentication. There are other ways of doing domain + authentication, but the Windows NT method has a large market + share. The general issues are discussed in <../DOMAIN.txt> and + a Windows NT-specific discussion is in <../DOMAIN_CONTROL.txt>. + + + + 44..11..22.. SShhaarreelleevveell ((WWoorrkkggrroouupp)) SSeeccuurriittyy SSeerrvviicceess + + + With the Samba setting "security = SHARE", all shared resources + information about what password is associated with them but only hints + as to what usernames might be valid (the hint can be 'all users', in + which case any username will work. This is usually a bad idea, but + reflects both the initial implementations of SMB in the mid-80s and + its reincarnation with Windows for Workgroups in 1992. The idea behind + workgroup security was that small independant groups of people could + share information on an ad-hoc basis without there being an + authentication infrastructure present or requiring them to do more + than fill in a dialogue box. + + + 44..11..33.. AAuutthheennttiiccaattiioonn DDoommaaiinn MMooddee SSeerrvviicceess + + + With the Samba settings "security = USER" or "security = SERVER" + accesses to all resources are checked for username/password pair + matches in a more rigorous manner. To the client, this has the effect + of emulating a Microsoft Domain. The client is not concerned whether + or not Samba looks up a Windows NT SAM or does it in some other way. + + + 44..22.. AAuutthheennttiiccaattiioonn SScchheemmeess + + + In the simple case authentication information is stored on a single + server and the user types a password on connecting for the first time. + However client operating systems often require a password before they + can be used at all, and in addition users usually want access to more + than one server. Asking users to remember many different passwords in + different contexts just does not work. Some kind of distributed + authentication database is needed. It must cope with password changes + and provide for assigning groups of users the same level of access + permissions. This is why Samba installations often choose to implement + a Domain model straight away. + + Authentication decisions are some of the biggest in designing a + network. Are you going to use a scheme native to the client operating + system, native to the server operating system, or newly installed on + both? A list of options relevant to Samba (ie that make sense in the + context of the SMB protocol) follows. Any experiences with other + setups would be appreciated. refer to server FAQ for "passwd chat" + passwd program password server etc etc... + + + 44..22..11.. NNIISS + + + For Windows 95, Windows for Workgroups and most other clients Samba + can be a domain controller and share the password database via NIS + transparently. Windows NT is different. Free NIS NT client + <http://www.dcs.qmw.ac.uk/~williams> + + + 44..22..22.. KKeerrbbeerrooss + + + Kerberos for US users only: Kerberos overview + <http://www.cygnus.com/product/unifying-security.html> Download + Kerberos <http://www.cygnus.com/product/kerbnet-download.html> + + + 44..22..33.. FFTTPP + + + Other NT w/s logon hack via NT + + + 44..22..44.. DDeeffaauulltt SSeerrvveerr MMeetthhoodd + + + + + + 44..22..55.. CClliieenntt--ssiiddee DDaattaabbaassee OOnnllyy + + + + 44..33.. PPoosstt--AAuutthheennttiiccaattiioonn:: NNeettllooggoonn,, LLooggoonn SSccrriippttss,, PPrrooffiilleess + + + See <../DOMAIN.txt> + + + 55.. CCrroossss--PPrroottooccooll FFiillee SShhaarriinngg + + + Samba is an important tool for... + + It is possible to... + + File protocol gateways... + + "Setting up a Linux File Server" + http://vetrec.mit.edu/people/narf/linux.html + + Two free implementations of Appletalk for Unix are Netatalk, + <http://www.umich.edu/~rsug/netatalk/>, and CAP, + <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS + Windows users, these packages offer to Macs. For more info on these + packages, Samba, and Linux (and other UNIX-based systems) see + <http://www.eats.com/linux_mac_win.html> 3.5) Sniffing your nework + + + + 66.. MMiisscceellllaanneeoouuss + + + 66..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? + + + The CIFS protocol that Samba implements negotiates times in various + formats, all of which are able to cope with dates beyond 2000. + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/docs/faq/sambafaq-1.html b/docs/faq/sambafaq-1.html new file mode 100644 index 00000000000..dde07840999 --- /dev/null +++ b/docs/faq/sambafaq-1.html @@ -0,0 +1,392 @@ +<HTML> +<HEAD> +<TITLE> Samba FAQ: General Information + + +Previous +Next +Table of Contents +
+

1. General Information

+ +

+ +

+

All about Samba - what it is, how to get it, related sources of +information, how to understand the version numbering scheme, pizza +details

+ +

1.1 What is Samba?

+ +

+ + +Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server +Message Block) protocol. Initially written for Unix, Samba now also +runs on Netware, OS/2 and VMS.

+

In practice, this means that you can redirect disks and printers to +Unix disks and printers from Lan Manager clients, Windows for +Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 +clients. There is also a generic Unix client program supplied as part +of the suite which allows Unix users to use an ftp-like interface to +access filespace and printers on any other SMB servers. This gives the +capability for these operating systems to behave much like a LAN +Server or Windows NT Server machine, only with added functionality and +flexibility designed to make life easier for administrators.

+

The components of the suite are (in summary):

+

+

    +
  • smbd, the SMB server. This handles actual connections from clients, doing all the file, permission and username work
    • +
  • nmbd, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba
    • +
  • smbclient, the Unix-hosted client program
    • +
  • smbrun, a little 'glue' program to help the server run external programs
    • +
  • testprns, a program to test server access to printers
    • +
  • testparms, a program to test the Samba configuration file for correctness
    • +
  • smb.conf, the Samba configuration file
    • +
  • smbprint, a sample script to allow a Unix host to use smbclient to print to an SMB server
    • +
  • Documentation! DON'T neglect to read it - you will save a great deal of time!
    • +
+

+

The suite is supplied with full source (of course!) and is GPLed.

+

The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer.

+ + +

1.2 What is the current version of Samba?

+ +

+ + +At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. +ftp://samba.org/pub/samba/alpha/change-log

+

For more information see +What do the version numbers mean?

+ + +

1.3 Where can I get it?

+ +

+ + +The Samba suite is available via anonymous ftp from +samba.org. The latest and greatest versions of the suite are in +the directory:

+

/pub/samba/

+

Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are +available in the directory:

+

/pub/samba/alpha

+

Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Recent versions of some Linux distributions, for example, +do contain Samba binaries for that platform.

+ + +

1.4 What do the version numbers mean?

+ +

+ + +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases.

+

How the scheme works: +

    +
  1. When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) +
    2. +
  2. Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. +
    3. +
  3. When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16. +
    4. +
  4. Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2.
    5. +
+ +So the progression goes: +
+                1.9.15p7        (production)
+                1.9.15p8        (production)
+                1.9.16alpha1    (test sites only)
+                  :
+                1.9.16alpha20   (test sites only)
+                1.9.16          (production)
+                1.9.16p1        (production)
+
+ +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version.

+ + +

1.5 What platforms are supported?

+ +

+ + +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS.

+

At time of writing, the Makefile claimed support for: +

    +
  • A/UX 3.0
    • +
  • AIX
    • +
  • Altos Series 386/1000
    • +
  • Amiga
    • +
  • Apollo Domain/OS sr10.3
    • +
  • BSDI
    • +
  • B.O.S. (Bull Operating System)
    • +
  • Cray, Unicos 8.0
    • +
  • Convex
    • +
  • DGUX.
    • +
  • DNIX.
    • +
  • FreeBSD
    • +
  • HP-UX
    • +
  • Intergraph.
    • +
  • Linux with/without shadow passwords and quota
    • +
  • LYNX 2.3.0
    • +
  • MachTen (a unix like system for Macintoshes)
    • +
  • Motorola 88xxx/9xx range of machines
    • +
  • NetBSD
    • +
  • NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach).
    • +
  • OS/2 using EMX 0.9b
    • +
  • OSF1
    • +
  • QNX 4.22
    • +
  • RiscIX.
    • +
  • RISCOs 5.0B
    • +
  • SEQUENT.
    • +
  • SCO (including: 3.2v2, European dist., OpenServer 5)
    • +
  • SGI.
    • +
  • SMP_DC.OSx v1.1-94c079 on Pyramid S series
    • +
  • SONY NEWS, NEWS-OS (4.2.x and 6.1.x)
    • +
  • SUNOS 4
    • +
  • SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later')
    • +
  • Sunsoft ISC SVR3V4
    • +
  • SVR4
    • +
  • System V with some berkely extensions (Motorola 88k R32V3.2).
    • +
  • ULTRIX.
    • +
  • UNIXWARE
    • +
  • UXP/DS
    • +
+

+ + +

1.6 How can I find out more about Samba?

+ +

+ + +There are a number of places to look for more information on Samba, including: +

+

+ + +

1.7 How do I subscribe to the Samba Mailing Lists?

+ +

+ + +Send email to +listproc@samba.org. Make sure the subject line is +blank, and include the following two lines in the body of the message: +

+
+subscribe samba Firstname Lastname
+subscribe samba-announce Firstname Lastname
+
+
+ +Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature stuff, it +sometimes confuses the list processor.

+

The samba list is a digest list - every eight hours or so it +regurgitates a single message containing all the messages that have +been received by the list since the last time and sends a copy of this +message to all subscribers.

+

If you stop being interested in Samba, please send another email to +listproc@samba.org. Make sure the subject line is blank, and +include the following two lines in the body of the message: +

+
+unsubscribe samba
+unsubscribe samba-announce
+
+
+ +The From: line in your message MUST be the same address you used when +you subscribed.

+ + +

1.8 Something's gone wrong - what should I do?

+ +

+ + +# *** IMPORTANT! *** #

+

DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here!

+

Firstly, see if there are any likely looking entries in this FAQ! If +you have just installed Samba, have you run through the checklist in +DIAGNOSIS.txt? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution.

+

Secondly, read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do.

+

Thirdly, if there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:".

+

Fourthly, if you still haven't got anywhere, ask the mailing list or +newsgroup. In general nobody minds answering questions provided you +have followed the preceding steps. It might be a good idea to scan the +archives of the mailing list, which are available through the Samba +web site described in the previous +section.

+

If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +I can incorporate it in the next version.

+

If you make changes to the source code, _please_ submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to +samba@samba.org. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do.

+ + +

1.9 Pizza supply details

+ +

+ + +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done.

+

Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US

+

Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this.

+

Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-)

+

Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture.

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/sambafaq-2.html b/docs/faq/sambafaq-2.html new file mode 100644 index 00000000000..8978bc331ca --- /dev/null +++ b/docs/faq/sambafaq-2.html @@ -0,0 +1,236 @@ + + + Samba FAQ: Compiling and installing Samba on a Unix host + + +Previous +Next +Table of Contents +
+

2. Compiling and installing Samba on a Unix host

+ +

+ +

+ +

2.1 I can't see the Samba server in any browse lists!

+ +

+ + +See BROWSING.txt for more information on browsing. BROWSING.txt can +be found in the docs directory of the Samba source.

If your GUI +client does not permit you to select non-browsable servers, you may +need to do so on the command line. For example, under Lan Manager you +might connect to the above service as disk drive M: thusly: +

+
+   net use M: \\mary\fred
+
+
+ +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation.

+ + +

2.2 Some files that I KNOW are on the server doesn't show up when I view the files from my client!

+ +

+ + +See the next question.

+ +

2.3 Some files on the server show up with really wierd filenames when I view the files from my client!

+ +

+ + +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason).

+

The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes".

+ + +

2.4 My client reports "cannot locate specified computer" or similar

+ +

+ + +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved.

+

After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution.

+

If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document.

+

If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas.

+

By the way, remember to REMOVE the hardcoded mapping before further +tests :-)

+ + +

2.5 My client reports "cannot locate specified share name" or similar

+ +

+ + +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave.

+

The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on:

+

+

    +
  • Many clients cannot accept or use service names longer than eight characters.
    • +
  • Many clients cannot accept or use service names containing spaces.
    • +
  • Some servers (not Samba though) are case sensitive with service names.
    • +
  • Some clients force service names into upper case.
    • +
+

+ + +

2.6 My client reports "cannot find domain controller", "cannot log on to the network" or similar

+ +

+ + +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +samba@samba.org !

+

Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about.

+

For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message.

+ + +

2.7 Printing doesn't work :-(

+ +

+ + +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr").

+

Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody".

+

Make sure that the user specified in the service is permitted to use +the printer.

+

Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol.

+

If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug.

+

If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism.

+ + +

2.8 My programs install on the server OK, but refuse to work properly

+ +

+ + +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution.

+

In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at +samba@samba.org.

+ + +

2.9 My "server string" doesn't seem to be recognised

+ +

+ + +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file.

+

You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out.

+

Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete.

+ + +

2.10 My client reports "This server is not configured to list shared resources"

+ +

+ + +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid.

+

See also 'guest account' in smb.conf man page.

+ + +

2.11 Log message "you appear to have a trapdoor uid system"

+ +

+ + +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535.

+

It might also mean that your OS has a trapdoor uid/gid system :-)

+

This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems.

+

The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user.

+

Complain to your OS vendor and ask them to fix their system.

+

Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good!

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/sambafaq-3.html b/docs/faq/sambafaq-3.html new file mode 100644 index 00000000000..d7e0c7abd21 --- /dev/null +++ b/docs/faq/sambafaq-3.html @@ -0,0 +1,322 @@ + + + Samba FAQ: Common client questions + + +Previous +Next +Table of Contents +
+

3. Common client questions

+ +

+ +

+ +

3.1 Are there any Macintosh clients for Samba?

+ +

+ + +Yes! Thursby now have a CIFS Client / Server called DAVE - see +http://www.thursby.com/. +They test it against Windows 95, Windows NT and samba for compatibility issues. +At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available +as a free download from the Thursby web site (the speed of finder copies has +been greatly enhanced, and there are bug-fixes included).

+

Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are Netatalk, +http://www.umich.edu/~rsug/netatalk/, and CAP, +http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers +MS Windows users, these packages offer to Macs. For more info on +these packages, Samba, and Linux (and other UNIX-based systems) +see +http://www.eats.com/linux_mac_win.html

+ + +

3.2 "Session request failed (131,130)" error

+ +

+ + +The following answer is provided by John E. Miller:

+

I'll assume that you're able to ping back and forth between the +machines by IP address and name, and that you're using some security +model where you're confident that you've got user IDs and passwords +right. The logging options (-d3 or greater) can help a lot with that. +DNS and WINS configuration can also impact connectivity as well.

+

Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network +configuration (I'm too much of an NT bigot to know where it's located +in the Win95 setup, but I'll have to learn someday since I teach for a +Microsoft Solution Provider Authorized Tech Education Center - what an +acronym...) Note: It's under Control Panel | Network | TCP/IP | WINS +Configuration there's a little text entry field called something like +'Scope ID'.

+

This field essentially creates 'invisible' sub-workgroups on the same +wire. Boxes can only see other boxes whose Scope IDs are set to the +exact same value - it's sometimes used by OEMs to configure their +boxes to browse only other boxes from the same vendor and, in most +environments, this field should be left blank. If you, in fact, have +something in this box that EXACT value (case-sensitive!) needs to be +provided to smbclient and nmbd as the -i (lowercase) parameter. So, if +your Scope ID is configured as the string 'SomeStr' in Win95 then +you'd have to use smbclient -iSomeStr otherparms in connecting to +it.

+ + +

3.3 How do I synchronise my PC's clock with my Samba server?

+ +

+ + +To syncronize your PC's clock with your Samba server: +

    +
  • Copy timesync.pif to your windows directory
    • +
  • timesync.pif can be found at: +http://samba.org/samba/binaries/miscellaneous/timesync.pif
    • +
  • Add timesync.pif to your 'Start Up' group/folder
    • +
  • Open the properties dialog box for the program/icon
    • +
  • Make sure the 'Run Minimized' option is set in program 'Properties'
    • +
  • Change the command line section that reads \\sambahost to reflect the name of your server.
    • +
  • Close the properties dialog box by choosing 'OK'
    • +
+ +Each time you start your computer (or login for Win95) your PC will +synchronize its clock with your Samba server.

+

Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba +- see: +BROWSING.txt *** for more information.

+

Then add +

+
+NET TIME \\%L /SET /YES
+
+
+ +as one of the lines in the logon script.

+ +

3.4 Problems with WinDD, NTrigue, WinCenterPro etc

+ +

+ +

+

All of the above programs are applications that sit on an NT box and +allow multiple users to access the NT GUI applications from remote +workstations (often over X).

+

What has this got to do with Samba? The problem comes when these users +use filemanager to mount shares from a Samba server. The most common +symptom is that the first user to connect get correct file permissions +and has a nice day, but subsequent connections get logged in as the +same user as the first person to login. They find that they cannot +access files in their own home directory, but that they can access +files in the first users home directory (maybe not such a nice day +after all?)

+

Why does this happen? The above products all share a common heritage +(and code base I believe). They all open just a single TCP based SMB +connection to the Samba server, and requests from all users are piped +over this connection. This is unfortunate, but not fatal.

+

It means that if you run your Samba server in share level security +(the default) then things will definately break as described +above. The share level SMB security model has no provision for +multiple user IDs on the one SMB connection. See +security_level.txt in +the docs for more info on share/user/server level security.

+

If you run in user or server level security then you have a chance, +but only if you have a recent version of Samba (at least 1.9.15p6). In +older versions bugs in Samba meant you still would have had problems.

+

If you have a trapdoor uid system in your OS then it will never work +properly. Samba needs to be able to switch uids on the connection and +it can't if your OS has a trapdoor uid system. You'll know this +because Samba will note it in your logs.

+

Also note that you should not use the magic "homes" share name with +products like these, as otherwise all users will end up with the same +home directory. Use \\server\username instead.

+ + +

3.5 Problem with printers under NT

+ +

+ + +This info from Stefan Hergeth +hergeth@f7axp1.informatik.fh-muenchen.de may be useful:

+

A network-printer (with ethernetcard) is connected to the NT-Clients +via our UNIX-Fileserver (SAMBA-Server), like the configuration told by +Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) +

    +
  1. If a user has choosen this printer as the default printer in his +NT-Session and this printer is not connected to the network +(e.g. switched off) than this user has a problem with the SAMBA- +connection of his filesystems. It's very slow. +
    2. +
  2. If the printer is connected to the network everything works fine. +
    3. +
  3. When the smbd ist started with debug level 3, you can see that the +NT spooling system try to connect to the printer many times. If the +printer ist not connected to the network this request fails and the +NT spooler is wasting a lot of time to connect to the printer service. +This seems to be the reason for the slow network connection. +
    4. +
  4. Maybe it's possible to change this behaviour by setting different +printer properties in the Print-Manager-Menu of NT, but i didn't try it yet.
    5. +
+

+ + +

3.6 Why are my file's timestamps off by an hour, or by a few hours?

+ +

+ + +This is from Paul Eggert eggert@twinsun.com.

+

Most likely it's a problem with your time zone settings.

+

Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds.

+

On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +

    +
  1. The Unix system clock must have the correct Universal time. +Use the shell command "sh -c 'TZ=UTC0 date'" to check this. +
    2. +
  2. The TZ environment variable must be set on the server +before Samba is invoked. The details of this depend on the +server OS, but typically you must edit a file whose name is +/etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. +
    3. +
  3. TZ must have the correct value. +
      +
    1. If possible, use geographical time zone settings +(e.g. TZ='America/Los_Angeles' or perhaps +TZ=':US/Pacific'). These are supported by most +popular Unix OSes, are easier to get right, and are +more accurate for historical timestamps. If your +operating system has out-of-date tables, you should be +able to update them from the public domain time zone +tables at +ftp://elsie.nci.nih.gov/pub/. +
      2. +
    2. If your system does not support geographical timezone +settings, you must use a Posix-style TZ strings, e.g. +TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. +Posix TZ strings can take the following form (with optional +items in brackets): +
      +        StdOffset[Dst[Offset],Date/Time,Date/Time]
+
      + +where: +
        +
      • `Std' is the standard time designation (e.g. `PST'). +
        • +
      • `Offset' is the number of hours behind UTC (e.g. `8'). +Prepend a `-' if you are ahead of UTC, and +append `:30' if you are at a half-hour offset. +Omit all the remaining items if you do not use +daylight-saving time. +
        • +
      • `Dst' is the daylight-saving time designation +(e.g. `PDT'). + +The optional second `Offset' is the number of +hours that daylight-saving time is behind UTC. +The default is 1 hour ahead of standard time. +
        • +
      • `Date/Time,Date/Time' specify when daylight-saving +time starts and ends. The format for a date is +`Mm.n.d', which specifies the dth day (0 is Sunday) +of the nth week of the mth month, where week 5 means +the last such day in the month. The format for a +time is hh:mm[:ss], using a 24-hour clock.
        • +
      + +Other Posix string formats are allowed but you don't want +to know about them.
      3. +
    +
    4. +
+ +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [I don't know how to do this.] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. A common symptom is for file timestamps to be off by an hour. +To work around the problem, try disconnecting from your Samba server +and then reconnecting to it; or upgrade your Samba server to +1.9.16alpha10 or later.

+ + +

3.7 How do I set the printer driver name correctly?

+ +

+ + +Question: +On NT, I opened "Printer Manager" and "Connect to Printer". +Enter "\\ptdi270\ps1" in the box of printer. I got the +following error message: +

+
+     You do not have sufficient access to your machine
+     to connect to the selected printer, since a driver
+     needs to be installed locally.
+
+
+ +Answer:

+

In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example: +

+
+     printer driver = HP LaserJet 4L
+
+
+ +with this, NT knows to use the right driver. You have to get this string +exactly right.

+

To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box.

+

You could also try setting the driver to NULL like this: +

+
+     printer driver = NULL
+
+
+ +this is effectively what older versions of Samba did, so if that +worked for you then give it a go. If this does work then let us know via +samba@samba.org, +and we'll make it the default. Currently the default is a 0 length +string.

+ + +

3.8 I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?

+ +

+ + +As of SP3, Microsoft has decided that they will no longer default to +passing clear text passwords over the network. To enable access to +Samba shares from NT 4.0 SP3, you must do ONE of two things: +

    +
  1. Set the Samba configuration option 'security = user' and implement all of the stuff detailed in +ENCRYPTION.txt.
    2. +
  2. Follow Microsoft's directions for setting your NT box to allow plain text passwords. see +Knowledge Base Article Q166730
    3. +
+

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/sambafaq-4.html b/docs/faq/sambafaq-4.html new file mode 100644 index 00000000000..94d5c419906 --- /dev/null +++ b/docs/faq/sambafaq-4.html @@ -0,0 +1,37 @@ + + + Samba FAQ: Specific client application problems + + +Previous +Next +Table of Contents +
+

4. Specific client application problems

+ +

+ +

+ +

4.1 MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"

+ +

+ + +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation.

+

To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing.

+

Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner.

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/sambafaq-5.html b/docs/faq/sambafaq-5.html new file mode 100644 index 00000000000..0a6e9d08f03 --- /dev/null +++ b/docs/faq/sambafaq-5.html @@ -0,0 +1,30 @@ + + + Samba FAQ: Miscellaneous + + +Previous +Next +Table of Contents +
+

5. Miscellaneous

+ +

+ +

+

5.1 Is Samba Year 2000 compliant?

+ +

+ + +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000.

+ + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/sambafaq.html b/docs/faq/sambafaq.html new file mode 100644 index 00000000000..2c703885cdf --- /dev/null +++ b/docs/faq/sambafaq.html @@ -0,0 +1,115 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + Samba FAQ + + +Previous +Next +Table of Contents +
+

Samba FAQ

+ +

Paul Blackman, ictinus@samba.org

v 0.8, June '97 +

This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 1.9.17. Please send any +corrections to the author.

+

+

1. General Information

+ + +

+

2. Compiling and installing Samba on a Unix host

+ + +

+

3. Common client questions

+ + +

+

4. Specific client application problems

+ + +

+

5. Miscellaneous

+ + + +
+Previous +Next +Table of Contents + + diff --git a/docs/faq/sambafaq.sgml b/docs/faq/sambafaq.sgml new file mode 100644 index 00000000000..333ac55f673 --- /dev/null +++ b/docs/faq/sambafaq.sgml @@ -0,0 +1,792 @@ + + + +
+ + Samba FAQ + +<author>Paul Blackman, <tt>ictinus@samba.org</tt> + +<date>v 0.8, June '97 + +<abstract> This is the Frequently Asked Questions (FAQ) document for +Samba, the free and very popular SMB server product. An SMB server +allows file and printer connections from clients such as Windows, +OS/2, Linux and others. Current to version 1.9.17. Please send any +corrections to the author. +</abstract> + +<toc> + +<sect> General Information<p> <label id="general_info"> + +All about Samba - what it is, how to get it, related sources of +information, how to understand the version numbering scheme, pizza +details + +<sect1> What is Samba? <p> <label id="introduction"> +Samba is a suite of programs which work together to allow clients to +access to a server's filespace and printers via the SMB (Server +Message Block) protocol. Initially written for Unix, Samba now also +runs on Netware, OS/2 and VMS. + +In practice, this means that you can redirect disks and printers to +Unix disks and printers from Lan Manager clients, Windows for +Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 +clients. There is also a generic Unix client program supplied as part +of the suite which allows Unix users to use an ftp-like interface to +access filespace and printers on any other SMB servers. This gives the +capability for these operating systems to behave much like a LAN +Server or Windows NT Server machine, only with added functionality and +flexibility designed to make life easier for administrators. + +The components of the suite are (in summary): + +<itemize> +<item><bf>smbd</bf>, the SMB server. This handles actual connections from clients, doing all the file, permission and username work +<item><bf>nmbd</bf>, the Netbios name server, which helps clients locate servers, doing the browsing work and managing domains as this capability is being built into Samba +<item><bf>smbclient</bf>, the Unix-hosted client program +<item><bf>smbrun</bf>, a little 'glue' program to help the server run external programs +<item><bf>testprns</bf>, a program to test server access to printers +<item><bf>testparms</bf>, a program to test the Samba configuration file for correctness +<item><bf>smb.conf</bf>, the Samba configuration file +<item><bf>smbprint</bf>, a sample script to allow a Unix host to use smbclient to print to an SMB server +<item><bf>Documentation!</bf> DON'T neglect to read it - you will save a great deal of time! +</itemize> + +The suite is supplied with full source (of course!) and is GPLed. + +The primary creator of the Samba suite is Andrew Tridgell. Later +versions incorporate much effort by many net.helpers. The man pages +and this FAQ were originally written by Karl Auer. + +<sect1> What is the current version of Samba? <p><label id="current_version"> +At time of writing, the current version was 1.9.17. If you want to be +sure check the bottom of the change-log file. <url url="ftp://samba.org/pub/samba/alpha/change-log"> + +For more information see <ref id="version_nums" name="What do the +version numbers mean?"> + +<sect1> Where can I get it? <p> <label id="where"> +The Samba suite is available via anonymous ftp from +samba.org. The latest and greatest versions of the suite are in +the directory: + +/pub/samba/ + +Development (read "alpha") versions, which are NOT necessarily stable +and which do NOT necessarily have accurate documentation, are +available in the directory: + +/pub/samba/alpha + +Note that binaries are NOT included in any of the above. Samba is +distributed ONLY in source form, though binaries may be available from +other sites. Recent versions of some Linux distributions, for example, +do contain Samba binaries for that platform. + +<sect1> What do the version numbers mean? <p> <label id="version_nums"> +It is not recommended that you run a version of Samba with the word +"alpha" in its name unless you know what you are doing and are willing +to do some debugging. Many, many people just get the latest +recommended stable release version and are happy. If you are brave, by +all means take the plunge and help with the testing and development - +but don't install it on your departmental server. Samba is typically +very stable and safe, and this is mostly due to the policy of many +public releases. + +How the scheme works: +<enum> +<item>When major changes are made the version number is increased. For +example, the transition from 1.9.15 to 1.9.16. However, this version +number will not appear immediately and people should continue to use +1.9.15 for production systems (see next point.) + +<item>Just after major changes are made the software is considered +unstable, and a series of alpha releases are distributed, for example +1.9.16alpha1. These are for testing by those who know what they are +doing. The "alpha" in the filename will hopefully scare off those who +are just looking for the latest version to install. + +<item>When Andrew thinks that the alphas have stabilised to the point +where he would recommend new users install it, he renames it to the +same version number without the alpha, for example 1.9.16. + +<item>Inevitably bugs are found in the "stable" releases and minor patch +levels are released which give us the pXX series, for example 1.9.16p2. +</enum> +So the progression goes: +<verb> + 1.9.15p7 (production) + 1.9.15p8 (production) + 1.9.16alpha1 (test sites only) + : + 1.9.16alpha20 (test sites only) + 1.9.16 (production) + 1.9.16p1 (production) +</verb> +The above system means that whenever someone looks at the samba ftp +site they will be able to grab the highest numbered release without an +alpha in the name and be sure of getting the current recommended +version. + +<sect1> What platforms are supported? <p> <label id="platforms"> +Many different platforms have run Samba successfully. The platforms +most widely used and thus best tested are Linux and SunOS. + +At time of writing, the Makefile claimed support for: +<itemize> +<item> A/UX 3.0 +<item> AIX +<item> Altos Series 386/1000 +<item> Amiga +<item> Apollo Domain/OS sr10.3 +<item> BSDI +<item> B.O.S. (Bull Operating System) +<item> Cray, Unicos 8.0 +<item> Convex +<item> DGUX. +<item> DNIX. +<item> FreeBSD +<item> HP-UX +<item> Intergraph. +<item> Linux with/without shadow passwords and quota +<item> LYNX 2.3.0 +<item> MachTen (a unix like system for Macintoshes) +<item> Motorola 88xxx/9xx range of machines +<item> NetBSD +<item> NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for Mach). +<item> OS/2 using EMX 0.9b +<item> OSF1 +<item> QNX 4.22 +<item> RiscIX. +<item> RISCOs 5.0B +<item> SEQUENT. +<item> SCO (including: 3.2v2, European dist., OpenServer 5) +<item> SGI. +<item> SMP_DC.OSx v1.1-94c079 on Pyramid S series +<item> SONY NEWS, NEWS-OS (4.2.x and 6.1.x) +<item> SUNOS 4 +<item> SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') +<item> Sunsoft ISC SVR3V4 +<item> SVR4 +<item> System V with some berkely extensions (Motorola 88k R32V3.2). +<item> ULTRIX. +<item> UNIXWARE +<item> UXP/DS +</itemize> + +<sect1> How can I find out more about Samba? <p> <label id="more"> +There are a number of places to look for more information on Samba, including: +<itemize> +<item>Two mailing lists devoted to discussion of Samba-related matters. +<item>The newsgroup, comp.protocols.smb, which has a great deal of discussion on Samba. +<item>The WWW site 'SAMBA Web Pages' at <url url="http://samba.edu.au/samba/"> includes: + <itemize> + <item>Links to man pages and documentation, including this FAQ + <item>A comprehensive survey of Samba users. + <item>A searchable hypertext archive of the Samba mailing list. + <item>Links to Samba source code, binaries, and mirrors of both. + </itemize> +<item>The long list of topic documentation. These files can be found in the 'docs' directory of the Samba source, or at <url url="ftp://samba.org/pub/samba/docs/"> + <itemize> + <item><url url="ftp://samba.org/pub/samba/docs/Application_Serving.txt" name="Application_Serving.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/BUGS.txt" name="BUGS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt" name="DIAGNOSIS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DNIX.txt" name="DNIX.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN.txt" name="DOMAIN.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt" name="CONTROL.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Faxing.txt" name="Faxing.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/GOTCHAS.txt" name="GOTCHAS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/HINTS.txt" name="HINTS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.sambatar" name="INSTALL.sambatar"> + <item><url url="ftp://samba.org/pub/samba/docs/INSTALL.txt" name="INSTALL.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/MIRRORS" name="MIRRORS"> + <item><url url="ftp://samba.org/pub/samba/docs/NetBIOS.txt" name="NetBIOS.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/OS2.txt" name="OS2.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/PROJECTS" name="PROJECTS"> + <item><url url="ftp://samba.org/pub/samba/docs/Passwords.txt" name="Passwords.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Printing.txt" name="Printing.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/README.DCEDFS" name="README.DCEDFS"> + <item><url url="ftp://samba.org/pub/samba/docs/README.OS2" name="README.OS2"> + <item><url url="ftp://samba.org/pub/samba/docs/README.jis" name="README.jis"> + <item><url url="ftp://samba.org/pub/samba/docs/README.sambatar" name="README.sambatar"> + <item><url url="ftp://samba.org/pub/samba/docs/SCO.txt" name="SCO.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/SMBTAR.notes" name="SMBTAR.notes"> + <item><url url="ftp://samba.org/pub/samba/docs/Speed.txt" name="Speed.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Support.txt" name="Support.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/THANKS" name="THANKS"> + <item><url url="ftp://samba.org/pub/samba/docs/Tracing.txt" name="Tracing.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/UNIX-SMB.txt" name="SMB.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/Warp.txt" name="Warp.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/WinNT.txt" name="WinNT.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/history" name="history"> + <item><url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="level.txt"> + <item><url url="ftp://samba.org/pub/samba/docs/wfw_slip.htm" name="slip.htm"> + </itemize> +</itemize> + +<sect1>How do I subscribe to the Samba Mailing Lists?<p><label id="mailinglist"> +Send email to <htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is +blank, and include the following two lines in the body of the message: +<tscreen><verb> +subscribe samba Firstname Lastname +subscribe samba-announce Firstname Lastname +</verb></tscreen> +Obviously you should substitute YOUR first name for "Firstname" and +YOUR last name for "Lastname"! Try not to send any signature stuff, it +sometimes confuses the list processor. + +The samba list is a digest list - every eight hours or so it +regurgitates a single message containing all the messages that have +been received by the list since the last time and sends a copy of this +message to all subscribers. + +If you stop being interested in Samba, please send another email to +<htmlurl url="mailto:listproc@samba.org" name="listproc@samba.org">. Make sure the subject line is blank, and +include the following two lines in the body of the message: +<tscreen><verb> +unsubscribe samba +unsubscribe samba-announce +</verb></tscreen> +The <bf>From:</bf> line in your message <em>MUST</em> be the same address you used when +you subscribed. + +<sect1> Something's gone wrong - what should I do? <p> <label id="wrong"> +<bf>[#] *** IMPORTANT! *** [#]</bf> +<p>DO NOT post messages on mailing lists or in newsgroups until you have +carried out the first three steps given here! + +Firstly, see if there are any likely looking entries in this FAQ! If +you have just installed Samba, have you run through the checklist in +<url url="ftp://samba.org/pub/samba/DIAGNOSIS.txt" name="DIAGNOSIS.txt">? It can save you a lot of time and effort. +DIAGNOSIS.txt can also be found in the docs directory of the Samba distribution. + +Secondly, read the man pages for smbd, nmbd and smb.conf, looking for +topics that relate to what you are trying to do. + +Thirdly, if there is no obvious solution to hand, try to get a look at +the log files for smbd and/or nmbd for the period during which you +were having problems. You may need to reconfigure the servers to +provide more extensive debugging information - usually level 2 or +level 3 provide ample debugging info. Inspect these logs closely, +looking particularly for the string "Error:". + +Fourthly, if you still haven't got anywhere, ask the mailing list or +newsgroup. In general nobody minds answering questions provided you +have followed the preceding steps. It might be a good idea to scan the +archives of the mailing list, which are available through the Samba +web site described in the previous +section. + +If you successfully solve a problem, please mail the FAQ maintainer a +succinct description of the symptom, the problem and the solution, so +I can incorporate it in the next version. + +If you make changes to the source code, _please_ submit these patches +so that everyone else gets the benefit of your work. This is one of +the most important aspects to the maintainence of Samba. Send all +patches to <htmlurl url="mailto:samba-patches@samba.org" name="samba-patches@samba.org">. Do not send patches to Andrew Tridgell or any +other individual, they may be lost if you do. + +<sect1> Pizza supply details <p> <label id="pizza"> +Those who have registered in the Samba survey as "Pizza Factory" will +already know this, but the rest may need some help. Andrew doesn't ask +for payment, but he does appreciate it when people give him +pizza. This calls for a little organisation when the pizza donor is +twenty thousand kilometres away, but it has been done. + +Method 1: Ring up your local branch of an international pizza chain +and see if they honour their vouchers internationally. Pizza Hut do, +which is how the entire Canberra Linux Users Group got to eat pizza +one night, courtesy of someone in the US + +Method 2: Ring up a local pizza shop in Canberra and quote a credit +card number for a certain amount, and tell them that Andrew will be +collecting it (don't forget to tell him.) One kind soul from Germany +did this. + +Method 3: Purchase a pizza voucher from your local pizza shop that has +no international affiliations and send it to Andrew. It is completely +useless but he can hang it on the wall next to the one he already has +from Germany :-) + +Method 4: Air freight him a pizza with your favourite regional +flavours. It will probably get stuck in customs or torn apart by +hungry sniffer dogs but it will have been a noble gesture. + +<sect>Compiling and installing Samba on a Unix host<p><label id="unix_install"> + +<sect1>I can't see the Samba server in any browse lists!<p><label id="no_browse"> + See <url url="ftp://samba.org/pub/samba/BROWSING.txt" name="BROWSING.txt"> + for more information on browsing. Browsing.txt can also be found + in the docs directory of the Samba source. + +If your GUI client does not permit you to select non-browsable +servers, you may need to do so on the command line. For example, under +Lan Manager you might connect to the above service as disk drive M: +thusly: +<tscreen><verb> + net use M: \\mary\fred +</verb></tscreen> +The details of how to do this and the specific syntax varies from +client to client - check your client's documentation. + +<sect1>Some files that I KNOW are on the server doesn't show up when I view the files from my client! <p> <label id="missing_files"> +See the next question. +<sect1>Some files on the server show up with really wierd filenames when I view the files from my client! <p> <label id="strange_filenames"> +If you check what files are not showing up, you will note that they +are files which contain upper case letters or which are otherwise not +DOS-compatible (ie, they are not legal DOS filenames for some reason). + +The Samba server can be configured either to ignore such files +completely, or to present them to the client in "mangled" form. If you +are not seeing the files at all, the Samba server has most likely been +configured to ignore them. Consult the man page smb.conf(5) for +details of how to change this - the parameter you need to set is +"mangled names = yes". + +<sect1>My client reports "cannot locate specified computer" or similar<p><label id="cant_see_server"> +This indicates one of three things: You supplied an incorrect server +name, the underlying TCP/IP layer is not working correctly, or the +name you specified cannot be resolved. + +After carefully checking that the name you typed is the name you +should have typed, try doing things like pinging a host or telnetting +to somewhere on your network to see if TCP/IP is functioning OK. If it +is, the problem is most likely name resolution. + +If your client has a facility to do so, hardcode a mapping between the +hosts IP and the name you want to use. For example, with Man Manager +or Windows for Workgroups you would put a suitable entry in the file +LMHOSTS. If this works, the problem is in the communication between +your client and the netbios name server. If it does not work, then +there is something fundamental wrong with your naming and the solution +is beyond the scope of this document. + +If you do not have any server on your subnet supplying netbios name +resolution, hardcoded mappings are your only option. If you DO have a +netbios name server running (such as the Samba suite's nmbd program), +the problem probably lies in the way it is set up. Refer to Section +Two of this FAQ for more ideas. + +By the way, remember to REMOVE the hardcoded mapping before further +tests :-) + +<sect1>My client reports "cannot locate specified share name" or similar<p> <label id="cant_see_share"> +This message indicates that your client CAN locate the specified +server, which is a good start, but that it cannot find a service of +the name you gave. + +The first step is to check the exact name of the service you are +trying to connect to (consult your system administrator). Assuming it +exists and you specified it correctly (read your client's doco on how +to specify a service name correctly), read on: + +<itemize> +<item> Many clients cannot accept or use service names longer than eight characters. +<item> Many clients cannot accept or use service names containing spaces. +<item> Some servers (not Samba though) are case sensitive with service names. +<item> Some clients force service names into upper case. +</itemize> + +<sect1>My client reports "cannot find domain controller", "cannot log on to the network" or similar <p> <label id="cant_see_net"> +Nothing is wrong - Samba does not implement the primary domain name +controller stuff for several reasons, including the fact that the +whole concept of a primary domain controller and "logging in to a +network" doesn't fit well with clients possibly running on multiuser +machines (such as users of smbclient under Unix). Having said that, +several developers are working hard on building it in to the next +major version of Samba. If you can contribute, send a message to +<htmlurl url="mailto:samba@samba.org" name="samba@samba.org"> ! + +Seeing this message should not affect your ability to mount redirected +disks and printers, which is really what all this is about. + +For many clients (including Windows for Workgroups and Lan Manager), +setting the domain to STANDALONE at least gets rid of the message. + +<sect1>Printing doesn't work :-(<p> <label id="no_printing"> +Make sure that the specified print command for the service you are +connecting to is correct and that it has a fully-qualified path (eg., +use "/usr/bin/lpr" rather than just "lpr"). + +Make sure that the spool directory specified for the service is +writable by the user connected to the service. In particular the user +"nobody" often has problems with printing, even if it worked with an +earlier version of Samba. Try creating another guest user other than +"nobody". + +Make sure that the user specified in the service is permitted to use +the printer. + +Check the debug log produced by smbd. Search for the printer name and +see if the log turns up any clues. Note that error messages to do with +a service ipc$ are meaningless - they relate to the way the client +attempts to retrieve status information when using the LANMAN1 +protocol. + +If using WfWg then you need to set the default protocol to TCP/IP, not +Netbeui. This is a WfWg bug. + +If using the Lanman1 protocol (the default) then try switching to +coreplus. Also not that print status error messages don't mean +printing won't work. The print status is received by a different +mechanism. + +<sect1>My programs install on the server OK, but refuse to work properly<p><label id="programs_wont_run"> +There are numerous possible reasons for this, but one MAJOR +possibility is that your software uses locking. Make sure you are +using Samba 1.6.11 or later. It may also be possible to work around +the problem by setting "locking=no" in the Samba configuration file +for the service the software is installed on. This should be regarded +as a strictly temporary solution. + +In earlier Samba versions there were some difficulties with the very +latest Microsoft products, particularly Excel 5 and Word for Windows +6. These should have all been solved. If not then please let Andrew +Tridgell know via email at <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">. + +<sect1>My "server string" doesn't seem to be recognised<p><label id="bad_server_string"> +OR My client reports the default setting, eg. "Samba 1.9.15p4", instead +of what I have changed it to in the smb.conf file. + +You need to use the -C option in nmbd. The "server string" affects +what smbd puts out and -C affects what nmbd puts out. + +Current versions of Samba (1.9.16 +) have combined these options into +the "server string" field of smb.conf, -C for nmbd is now obsolete. + +<sect1>My client reports "This server is not configured to list shared resources" <p> <label id="cant_list_shares"> +Your guest account is probably invalid for some reason. Samba uses the +guest account for browsing in smbd. Check that your guest account is +valid. + +See also 'guest account' in smb.conf man page. + +<sect1>Log message "you appear to have a trapdoor uid system" <p><label id="trapdoor_uid"> +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + +It might also mean that your OS has a trapdoor uid/gid system :-) + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + +Complain to your OS vendor and ask them to fix their system. + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! + +<sect>Common client questions<p> <label id="client_questions"> + +<sect1>Are there any Macintosh clients for Samba?<p> <label id="mac_clients"> +Yes! Thursby now have a CIFS Client / Server called DAVE - see <url url="http://www.thursby.com/">. +They test it against Windows 95, Windows NT and samba for compatibility issues. +At the time of writing, DAVE was at version 1.0.1. The 1.0.0 to 1.0.1 update is available +as a free download from the Thursby web site (the speed of finder copies has +been greatly enhanced, and there are bug-fixes included). + +Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are Netatalk, +<url url="http://www.umich.edu/~rsug/netatalk/">, and CAP, +<url url="http://www.cs.mu.oz.au/appletalk/atalk.html">. What Samba offers +MS Windows users, these packages offer to Macs. For more info on +these packages, Samba, and Linux (and other UNIX-based systems) +see <url url="http://www.eats.com/linux_mac_win.html"> + +<sect1>"Session request failed (131,130)" error<p> <label id="sess_req_fail"> +The following answer is provided by John E. Miller: + +I'll assume that you're able to ping back and forth between the +machines by IP address and name, and that you're using some security +model where you're confident that you've got user IDs and passwords +right. The logging options (-d3 or greater) can help a lot with that. +DNS and WINS configuration can also impact connectivity as well. + +Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network +configuration (I'm too much of an NT bigot to know where it's located +in the Win95 setup, but I'll have to learn someday since I teach for a +Microsoft Solution Provider Authorized Tech Education Center - what an +acronym...) [Note: It's under Control Panel | Network | TCP/IP | WINS +Configuration] there's a little text entry field called something like +'Scope ID'. + +This field essentially creates 'invisible' sub-workgroups on the same +wire. Boxes can only see other boxes whose Scope IDs are set to the +exact same value - it's sometimes used by OEMs to configure their +boxes to browse only other boxes from the same vendor and, in most +environments, this field should be left blank. If you, in fact, have +something in this box that EXACT value (case-sensitive!) needs to be +provided to smbclient and nmbd as the -i (lowercase) parameter. So, if +your Scope ID is configured as the string 'SomeStr' in Win95 then +you'd have to use smbclient -iSomeStr [otherparms] in connecting to +it. + +<sect1>How do I synchronise my PC's clock with my Samba server? <p><label id="synchronise_clock"> +To syncronize your PC's clock with your Samba server: +<itemize> +<item> Copy timesync.pif to your windows directory + <item> timesync.pif can be found at: + <url +url="http://samba.org/samba/binaries/miscellaneous/timesync.pif"> +<item> Add timesync.pif to your 'Start Up' group/folder +<item> Open the properties dialog box for the program/icon +<item> Make sure the 'Run Minimized' option is set in program 'Properties' +<iteM> Change the command line section that reads [\\sambahost] to reflect the name of your server. +<item> Close the properties dialog box by choosing 'OK' +</itemize> +Each time you start your computer (or login for Win95) your PC will +synchronize its clock with your Samba server. + +Alternativley, if you clients support Domain Logons, you can setup Domain Logons with Samba + - see: <url url="ftp://samba.org/pub/samba/docs/BROWSING.txt" name="BROWSING.txt"> *** for more information. +<p>Then add +<tscreen><verb> +NET TIME \\%L /SET /YES +</verb></tscreen> +as one of the lines in the logon script. +<sect1>Problems with WinDD, NTrigue, WinCenterPro etc<p> +<label id="multiple_session_clients"> + +All of the above programs are applications that sit on an NT box and +allow multiple users to access the NT GUI applications from remote +workstations (often over X). + +What has this got to do with Samba? The problem comes when these users +use filemanager to mount shares from a Samba server. The most common +symptom is that the first user to connect get correct file permissions +and has a nice day, but subsequent connections get logged in as the +same user as the first person to login. They find that they cannot +access files in their own home directory, but that they can access +files in the first users home directory (maybe not such a nice day +after all?) + +Why does this happen? The above products all share a common heritage +(and code base I believe). They all open just a single TCP based SMB +connection to the Samba server, and requests from all users are piped +over this connection. This is unfortunate, but not fatal. + +It means that if you run your Samba server in share level security +(the default) then things will definately break as described +above. The share level SMB security model has no provision for +multiple user IDs on the one SMB connection. See <url url="ftp://samba.org/pub/samba/docs/security_level.txt" name="security_level.txt"> in +the docs for more info on share/user/server level security. + +If you run in user or server level security then you have a chance, +but only if you have a recent version of Samba (at least 1.9.15p6). In +older versions bugs in Samba meant you still would have had problems. + +If you have a trapdoor uid system in your OS then it will never work +properly. Samba needs to be able to switch uids on the connection and +it can't if your OS has a trapdoor uid system. You'll know this +because Samba will note it in your logs. + +Also note that you should not use the magic "homes" share name with +products like these, as otherwise all users will end up with the same +home directory. Use [\\server\username] instead. + +<sect1>Problem with printers under NT<p> <label id="nt_printers"> +This info from Stefan Hergeth +hergeth@f7axp1.informatik.fh-muenchen.de may be useful: + + A network-printer (with ethernetcard) is connected to the NT-Clients +via our UNIX-Fileserver (SAMBA-Server), like the configuration told by + Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) +<enum> +<item>If a user has choosen this printer as the default printer in his + NT-Session and this printer is not connected to the network + (e.g. switched off) than this user has a problem with the SAMBA- + connection of his filesystems. It's very slow. + +<item>If the printer is connected to the network everything works fine. + +<item>When the smbd ist started with debug level 3, you can see that the + NT spooling system try to connect to the printer many times. If the + printer ist not connected to the network this request fails and the + NT spooler is wasting a lot of time to connect to the printer service. + This seems to be the reason for the slow network connection. + +<item>Maybe it's possible to change this behaviour by setting different + printer properties in the Print-Manager-Menu of NT, but i didn't try it yet. +</enum> + +<sect1>Why are my file's timestamps off by an hour, or by a few hours?<p><label id="dst_bugs"> +This is from Paul Eggert eggert@twinsun.com. + +Most likely it's a problem with your time zone settings. + +Internally, Samba maintains time in traditional Unix format, +namely, the number of seconds since 1970-01-01 00:00:00 Universal Time +(or ``GMT''), not counting leap seconds. + +On the server side, Samba uses the Unix TZ variable to convert +internal timestamps to and from local time. So on the server side, there are +two things to get right. +<enum> +<item>The Unix system clock must have the correct Universal time. + Use the shell command "sh -c 'TZ=UTC0 date'" to check this. + +<item>The TZ environment variable must be set on the server + before Samba is invoked. The details of this depend on the + server OS, but typically you must edit a file whose name is + /etc/TIMEZONE or /etc/default/init, or run the command `zic -l'. + +<item>TZ must have the correct value. +<enum> + <item>If possible, use geographical time zone settings + (e.g. TZ='America/Los_Angeles' or perhaps + TZ=':US/Pacific'). These are supported by most + popular Unix OSes, are easier to get right, and are + more accurate for historical timestamps. If your + operating system has out-of-date tables, you should be + able to update them from the public domain time zone + tables at <url url="ftp://elsie.nci.nih.gov/pub/">. + + <item>If your system does not support geographical timezone + settings, you must use a Posix-style TZ strings, e.g. + TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. + Posix TZ strings can take the following form (with optional + items in brackets): +<verb> + StdOffset[Dst[Offset],Date/Time,Date/Time] +</verb> + where: +<itemize> +<item> `Std' is the standard time designation (e.g. `PST'). + +<item> `Offset' is the number of hours behind UTC (e.g. `8'). + Prepend a `-' if you are ahead of UTC, and + append `:30' if you are at a half-hour offset. + Omit all the remaining items if you do not use + daylight-saving time. + +<item> `Dst' is the daylight-saving time designation + (e.g. `PDT'). + + The optional second `Offset' is the number of + hours that daylight-saving time is behind UTC. + The default is 1 hour ahead of standard time. + +<item> `Date/Time,Date/Time' specify when daylight-saving + time starts and ends. The format for a date is + `Mm.n.d', which specifies the dth day (0 is Sunday) + of the nth week of the mth month, where week 5 means + the last such day in the month. The format for a + time is [h]h[:mm[:ss]], using a 24-hour clock. +</itemize> + Other Posix string formats are allowed but you don't want + to know about them. +</enum> +</enum> +On the client side, you must make sure that your client's clock and +time zone is also set appropriately. [[I don't know how to do this.]] +Samba traditionally has had many problems dealing with time zones, due +to the bizarre ways that Microsoft network protocols handle time +zones. A common symptom is for file timestamps to be off by an hour. +To work around the problem, try disconnecting from your Samba server +and then reconnecting to it; or upgrade your Samba server to +1.9.16alpha10 or later. + +<sect1> How do I set the printer driver name correctly? <p><label id="printer_driver_name"> +Question: + On NT, I opened "Printer Manager" and "Connect to Printer". + Enter ["\\ptdi270\ps1"] in the box of printer. I got the + following error message: +<tscreen><verb> + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. +</verb></tscreen> +Answer: + +In the more recent versions of Samba you can now set the "printer +driver" in smb.conf. This tells the client what driver to use. For +example: +<tscreen><verb> + printer driver = HP LaserJet 4L +</verb></tscreen> +with this, NT knows to use the right driver. You have to get this string +exactly right. + +To find the exact string to use, you need to get to the dialog box in +your client where you select which printer driver to install. The +correct strings for all the different printers are shown in a listbox +in that dialog box. + +You could also try setting the driver to NULL like this: +<tscreen><verb> + printer driver = NULL +</verb></tscreen> +this is effectively what older versions of Samba did, so if that +worked for you then give it a go. If this does work then let us know via <htmlurl url="mailto:samba@samba.org" name="samba@samba.org">, +and we'll make it the default. Currently the default is a 0 length +string. + +<sect1>I've applied NT 4.0 SP3, and now I can't access Samba shares, Why?<p><label id="NT_SP3_FIX"> +As of SP3, Microsoft has decided that they will no longer default to +passing clear text passwords over the network. To enable access to +Samba shares from NT 4.0 SP3, you must do <bf>ONE</bf> of two things: +<enum> +<item> Set the Samba configuration option 'security = user' and implement all of the stuff detailed in <url url="ftp://samba.org/pub/samba/docs/ENCRYPTION.txt" name="ENCRYPTION.txt">. +<item> Follow Microsoft's directions for setting your NT box to allow plain text passwords. see <url url="http://www.microsoft.com/kb/articles/q166/7/30.htm" name="Knowledge Base Article Q166730"> +</enum> + +<sect>Specific client application problems<p> <label id="client_problems"> + +<sect1>MS Office Setup reports "Cannot change properties of '\MSOFFICE\SETUP.INI'"<p> <label id="cant_change_properties"> +When installing MS Office on a Samba drive for which you have admin +user permissions, ie. admin users = username, you will find the +setup program unable to complete the installation. + +To get around this problem, do the installation without admin user +permissions The problem is that MS Office Setup checks that a file is +rdonly by trying to open it for writing. + +Admin users can always open a file for writing, as they run as root. +You just have to install as a non-admin user and then use "chown -R" +to fix the owner. + +<sect>Miscellaneous<p> <label id="miscellaneous"> +<sect1>Is Samba Year 2000 compliant?<p><label id="Year2000Compliant"> +The CIFS protocol that Samba implements +negotiates times in various formats, all of which +are able to cope with dates beyond 2000. + +</article> diff --git a/docs/faq/sambafaq.txt b/docs/faq/sambafaq.txt new file mode 100644 index 00000000000..e629e8ad878 --- /dev/null +++ b/docs/faq/sambafaq.txt @@ -0,0 +1,1122 @@ + Samba FAQ + Paul Blackman, ictinus@samba.org + v 0.8, June '97 + + This is the Frequently Asked Questions (FAQ) document for Samba, the + free and very popular SMB server product. An SMB server allows file + and printer connections from clients such as Windows, OS/2, Linux and + others. Current to version 1.9.17. Please send any corrections to the + author. + ______________________________________________________________________ + + Table of Contents: + + 1. General Information + + 1.1. What is Samba? + + 1.2. What is the current version of Samba? + + 1.3. Where can I get it? + + 1.4. What do the version numbers mean? + + 1.5. What platforms are supported? + + 1.6. How can I find out more about Samba? + + 1.7. How do I subscribe to the Samba Mailing Lists? + + 1.8. Something's gone wrong - what should I do? + + 1.9. Pizza supply details + + 2. Compiling and installing Samba on a Unix host + + 2.1. I can't see the Samba server in any browse lists! + + 2.2. Some files that I KNOW are on the server doesn't show up when + I view the files from my client! + + 2.3. Some files on the server show up with really wierd filenames + when I view the files from my client! + + 2.4. My client reports "cannot locate specified computer" or + similar + + 2.5. My client reports "cannot locate specified share name" or + similar + + 2.6. My client reports "cannot find domain controller", "cannot log + on to the network" or similar + + 2.7. Printing doesn't work :-( + + 2.8. My programs install on the server OK, but refuse to work + properly + + 2.9. My "server string" doesn't seem to be recognised + + 2.10. My client reports "This server is not configured to list + shared resources" + + 2.11. Log message "you appear to have a trapdoor uid system" + + 3. Common client questions + + 3.1. Are there any Macintosh clients for Samba? + + 3.2. "Session request failed (131,130)" error + + 3.3. How do I synchronise my PC's clock with my Samba server? + + 3.4. Problems with WinDD, NTrigue, WinCenterPro etc + + 3.5. Problem with printers under NT + + 3.6. Why are my file's timestamps off by an hour, or by a few + hours? + + 3.7. How do I set the printer driver name correctly? + + 3.8. I've applied NT 4.0 SP3, and now I can't access Samba shares, + Why? + + 4. Specific client application problems + + 4.1. MS Office Setup reports "Cannot change properties of + 'MSOFFICEUP.INI'" + + 5. Miscellaneous + + 5.1. Is Samba Year 2000 compliant? + ______________________________________________________________________ + + 11.. GGeenneerraall IInnffoorrmmaattiioonn + + + + All about Samba - what it is, how to get it, related sources of + information, how to understand the version numbering scheme, pizza + details + + + 11..11.. WWhhaatt iiss SSaammbbaa?? + + + Samba is a suite of programs which work together to allow clients to + access to a server's filespace and printers via the SMB (Server + Message Block) protocol. Initially written for Unix, Samba now also + runs on Netware, OS/2 and VMS. + + In practice, this means that you can redirect disks and printers to + Unix disks and printers from Lan Manager clients, Windows for + Workgroups 3.11 clients, Windows NT clients, Linux clients and OS/2 + clients. There is also a generic Unix client program supplied as part + of the suite which allows Unix users to use an ftp-like interface to + access filespace and printers on any other SMB servers. This gives the + capability for these operating systems to behave much like a LAN + Server or Windows NT Server machine, only with added functionality and + flexibility designed to make life easier for administrators. + + The components of the suite are (in summary): + + + +o ssmmbbdd, the SMB server. This handles actual connections from clients, + doing all the file, permission and username work + + +o nnmmbbdd, the Netbios name server, which helps clients locate servers, + doing the browsing work and managing domains as this capability is + being built into Samba + + + +o ssmmbbcclliieenntt, the Unix-hosted client program + + +o ssmmbbrruunn, a little 'glue' program to help the server run external + programs + + +o tteessttpprrnnss, a program to test server access to printers + + +o tteessttppaarrmmss, a program to test the Samba configuration file for + correctness + + +o ssmmbb..ccoonnff, the Samba configuration file + + +o ssmmbbpprriinntt, a sample script to allow a Unix host to use smbclient to + print to an SMB server + + +o DDooccuummeennttaattiioonn!! DON'T neglect to read it - you will save a great + deal of time! + + The suite is supplied with full source (of course!) and is GPLed. + + The primary creator of the Samba suite is Andrew Tridgell. Later + versions incorporate much effort by many net.helpers. The man pages + and this FAQ were originally written by Karl Auer. + + + 11..22.. WWhhaatt iiss tthhee ccuurrrreenntt vveerrssiioonn ooff SSaammbbaa?? + + + At time of writing, the current version was 1.9.17. If you want to be + sure check the bottom of the change-log file. + <ftp://samba.org/pub/samba/alpha/change-log> + + For more information see ``What do the version numbers mean?'' + + + 11..33.. WWhheerree ccaann II ggeett iitt?? + + + The Samba suite is available via anonymous ftp from samba.org. + The latest and greatest versions of the suite are in the directory: + + /pub/samba/ + + Development (read "alpha") versions, which are NOT necessarily stable + and which do NOT necessarily have accurate documentation, are + available in the directory: + + /pub/samba/alpha + + Note that binaries are NOT included in any of the above. Samba is + distributed ONLY in source form, though binaries may be available from + other sites. Recent versions of some Linux distributions, for example, + do contain Samba binaries for that platform. + + + 11..44.. WWhhaatt ddoo tthhee vveerrssiioonn nnuummbbeerrss mmeeaann?? + + + It is not recommended that you run a version of Samba with the word + "alpha" in its name unless you know what you are doing and are willing + to do some debugging. Many, many people just get the latest + recommended stable release version and are happy. If you are brave, by + all means take the plunge and help with the testing and development - + but don't install it on your departmental server. Samba is typically + very stable and safe, and this is mostly due to the policy of many + public releases. + How the scheme works: + + 1. When major changes are made the version number is increased. For + example, the transition from 1.9.15 to 1.9.16. However, this + version number will not appear immediately and people should + continue to use 1.9.15 for production systems (see next point.) + + 2. Just after major changes are made the software is considered + unstable, and a series of alpha releases are distributed, for + example 1.9.16alpha1. These are for testing by those who know what + they are doing. The "alpha" in the filename will hopefully scare + off those who are just looking for the latest version to install. + + 3. When Andrew thinks that the alphas have stabilised to the point + where he would recommend new users install it, he renames it to the + same version number without the alpha, for example 1.9.16. + + 4. Inevitably bugs are found in the "stable" releases and minor patch + levels are released which give us the pXX series, for example + 1.9.16p2. + + So the progression goes: + + 1.9.15p7 (production) + 1.9.15p8 (production) + 1.9.16alpha1 (test sites only) + : + 1.9.16alpha20 (test sites only) + 1.9.16 (production) + 1.9.16p1 (production) + + + The above system means that whenever someone looks at the samba ftp + site they will be able to grab the highest numbered release without an + alpha in the name and be sure of getting the current recommended ver- + sion. + + + 11..55.. WWhhaatt ppllaattffoorrmmss aarree ssuuppppoorrtteedd?? + + + Many different platforms have run Samba successfully. The platforms + most widely used and thus best tested are Linux and SunOS. + + At time of writing, the Makefile claimed support for: + + +o A/UX 3.0 + + +o AIX + + +o Altos Series 386/1000 + + +o Amiga + + +o Apollo Domain/OS sr10.3 + + +o BSDI + + +o B.O.S. (Bull Operating System) + + +o Cray, Unicos 8.0 + + +o Convex + + +o DGUX. + + +o DNIX. + + +o FreeBSD + + +o HP-UX + + +o Intergraph. + + +o Linux with/without shadow passwords and quota + + +o LYNX 2.3.0 + + +o MachTen (a unix like system for Macintoshes) + + +o Motorola 88xxx/9xx range of machines + + +o NetBSD + + +o NEXTSTEP Release 2.X, 3.0 and greater (including OPENSTEP for + Mach). + + +o OS/2 using EMX 0.9b + + +o OSF1 + + +o QNX 4.22 + + +o RiscIX. + + +o RISCOs 5.0B + + +o SEQUENT. + + +o SCO (including: 3.2v2, European dist., OpenServer 5) + + +o SGI. + + +o SMP_DC.OSx v1.1-94c079 on Pyramid S series + + +o SONY NEWS, NEWS-OS (4.2.x and 6.1.x) + + +o SUNOS 4 + + +o SUNOS 5.2, 5.3, and 5.4 (Solaris 2.2, 2.3, and '2.4 and later') + + +o Sunsoft ISC SVR3V4 + + +o SVR4 + + +o System V with some berkely extensions (Motorola 88k R32V3.2). + + +o ULTRIX. + + +o UNIXWARE + + +o UXP/DS + + + 11..66.. HHooww ccaann II ffiinndd oouutt mmoorree aabboouutt SSaammbbaa?? + + + There are a number of places to look for more information on Samba, + including: + + +o Two mailing lists devoted to discussion of Samba-related matters. + + +o The newsgroup, comp.protocols.smb, which has a great deal of + discussion on Samba. + + +o The WWW site 'SAMBA Web Pages' at <http://samba.edu.au/samba/> + includes: + + +o Links to man pages and documentation, including this FAQ + + +o A comprehensive survey of Samba users. + + +o A searchable hypertext archive of the Samba mailing list. + + +o Links to Samba source code, binaries, and mirrors of both. + + +o The long list of topic documentation. These files can be found in + the 'docs' directory of the Samba source, or at + <ftp://samba.org/pub/samba/docs/> + + +o Application_Serving.txt + <ftp://samba.org/pub/samba/docs/Application_Serving.txt> + + +o BROWSING.txt <ftp://samba.org/pub/samba/docs/BROWSING.txt> + + +o BUGS.txt <ftp://samba.org/pub/samba/docs/BUGS.txt> + + +o DIAGNOSIS.txt <ftp://samba.org/pub/samba/docs/DIAGNOSIS.txt> + + +o DNIX.txt <ftp://samba.org/pub/samba/docs/DNIX.txt> + + +o DOMAIN.txt <ftp://samba.org/pub/samba/docs/DOMAIN.txt> + + +o CONTROL.txt + <ftp://samba.org/pub/samba/docs/DOMAIN_CONTROL.txt> + + +o ENCRYPTION.txt + <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt> + + +o Faxing.txt <ftp://samba.org/pub/samba/docs/Faxing.txt> + + +o GOTCHAS.txt <ftp://samba.org/pub/samba/docs/GOTCHAS.txt> + + +o HINTS.txt <ftp://samba.org/pub/samba/docs/HINTS.txt> + + +o INSTALL.sambatar + <ftp://samba.org/pub/samba/docs/INSTALL.sambatar> + + +o INSTALL.txt <ftp://samba.org/pub/samba/docs/INSTALL.txt> + + +o MIRRORS <ftp://samba.org/pub/samba/docs/MIRRORS> + + +o NetBIOS.txt <ftp://samba.org/pub/samba/docs/NetBIOS.txt> + + +o OS2.txt <ftp://samba.org/pub/samba/docs/OS2.txt> + + +o PROJECTS <ftp://samba.org/pub/samba/docs/PROJECTS> + + +o Passwords.txt <ftp://samba.org/pub/samba/docs/Passwords.txt> + + +o Printing.txt <ftp://samba.org/pub/samba/docs/Printing.txt> + + +o README.DCEDFS <ftp://samba.org/pub/samba/docs/README.DCEDFS> + + +o README.OS2 <ftp://samba.org/pub/samba/docs/README.OS2> + + +o README.jis <ftp://samba.org/pub/samba/docs/README.jis> + + +o README.sambatar + <ftp://samba.org/pub/samba/docs/README.sambatar> + + +o SCO.txt <ftp://samba.org/pub/samba/docs/SCO.txt> + + +o SMBTAR.notes <ftp://samba.org/pub/samba/docs/SMBTAR.notes> + + +o Speed.txt <ftp://samba.org/pub/samba/docs/Speed.txt> + + +o Support.txt <ftp://samba.org/pub/samba/docs/Support.txt> + + +o THANKS <ftp://samba.org/pub/samba/docs/THANKS> + + +o Tracing.txt <ftp://samba.org/pub/samba/docs/Tracing.txt> + + +o SMB.txt <ftp://samba.org/pub/samba/docs/UNIX-SMB.txt> + + +o Warp.txt <ftp://samba.org/pub/samba/docs/Warp.txt> + + +o WinNT.txt <ftp://samba.org/pub/samba/docs/WinNT.txt> + + +o history <ftp://samba.org/pub/samba/docs/history> + + +o level.txt + <ftp://samba.org/pub/samba/docs/security_level.txt> + + +o slip.htm <ftp://samba.org/pub/samba/docs/wfw_slip.htm> + + + 11..77.. HHooww ddoo II ssuubbssccrriibbee ttoo tthhee SSaammbbaa MMaaiilliinngg LLiissttss?? + + + Send email to listproc@samba.org. Make sure the subject line is + blank, and include the following two lines in the body of the message: + + + subscribe samba Firstname Lastname + subscribe samba-announce Firstname Lastname + + + + + Obviously you should substitute YOUR first name for "Firstname" and + YOUR last name for "Lastname"! Try not to send any signature stuff, it + sometimes confuses the list processor. + + The samba list is a digest list - every eight hours or so it + regurgitates a single message containing all the messages that have + been received by the list since the last time and sends a copy of this + message to all subscribers. + + If you stop being interested in Samba, please send another email to + listproc@samba.org. Make sure the subject line is blank, and + include the following two lines in the body of the message: + + + unsubscribe samba + unsubscribe samba-announce + + + + + The FFrroomm:: line in your message _M_U_S_T be the same address you used when + you subscribed. + + + 11..88.. SSoommeetthhiinngg''ss ggoonnee wwrroonngg -- wwhhaatt sshhoouulldd II ddoo?? + + + ## ****** IIMMPPOORRTTAANNTT!! ****** ## + + DO NOT post messages on mailing lists or in newsgroups until you have + carried out the first three steps given here! + + Firstly, see if there are any likely looking entries in this FAQ! If + you have just installed Samba, have you run through the checklist in + DIAGNOSIS.txt <ftp://samba.org/pub/samba/DIAGNOSIS.txt>? It can + save you a lot of time and effort. DIAGNOSIS.txt can also be found in + the docs directory of the Samba distribution. + + Secondly, read the man pages for smbd, nmbd and smb.conf, looking for + topics that relate to what you are trying to do. + + Thirdly, if there is no obvious solution to hand, try to get a look at + the log files for smbd and/or nmbd for the period during which you + were having problems. You may need to reconfigure the servers to + provide more extensive debugging information - usually level 2 or + level 3 provide ample debugging info. Inspect these logs closely, + looking particularly for the string "Error:". + + Fourthly, if you still haven't got anywhere, ask the mailing list or + newsgroup. In general nobody minds answering questions provided you + have followed the preceding steps. It might be a good idea to scan the + archives of the mailing list, which are available through the Samba + web site described in the previous section. + + If you successfully solve a problem, please mail the FAQ maintainer a + succinct description of the symptom, the problem and the solution, so + I can incorporate it in the next version. + + If you make changes to the source code, _please_ submit these patches + so that everyone else gets the benefit of your work. This is one of + the most important aspects to the maintainence of Samba. Send all + patches to samba@samba.org. Do not send patches to Andrew + Tridgell or any other individual, they may be lost if you do. + + + 11..99.. PPiizzzzaa ssuuppppllyy ddeettaaiillss + + + Those who have registered in the Samba survey as "Pizza Factory" will + already know this, but the rest may need some help. Andrew doesn't ask + for payment, but he does appreciate it when people give him pizza. + This calls for a little organisation when the pizza donor is twenty + thousand kilometres away, but it has been done. + + Method 1: Ring up your local branch of an international pizza chain + and see if they honour their vouchers internationally. Pizza Hut do, + which is how the entire Canberra Linux Users Group got to eat pizza + one night, courtesy of someone in the US + + Method 2: Ring up a local pizza shop in Canberra and quote a credit + card number for a certain amount, and tell them that Andrew will be + collecting it (don't forget to tell him.) One kind soul from Germany + did this. + + Method 3: Purchase a pizza voucher from your local pizza shop that has + no international affiliations and send it to Andrew. It is completely + useless but he can hang it on the wall next to the one he already has + from Germany :-) + + + Method 4: Air freight him a pizza with your favourite regional + flavours. It will probably get stuck in customs or torn apart by + hungry sniffer dogs but it will have been a noble gesture. + + + 22.. CCoommppiilliinngg aanndd iinnssttaalllliinngg SSaammbbaa oonn aa UUnniixx hhoosstt + + + + 22..11.. II ccaann''tt sseeee tthhee SSaammbbaa sseerrvveerr iinn aannyy bbrroowwssee lliissttss!! + + + See BROWSING.txt <ftp://samba.org/pub/samba/BROWSING.txt> for + more information on browsing. Browsing.txt can also be found in the + docs directory of the Samba source. + + If your GUI client does not permit you to select non-browsable + servers, you may need to do so on the command line. For example, under + Lan Manager you might connect to the above service as disk drive M: + thusly: + + + net use M: \\mary\fred + + + + + The details of how to do this and the specific syntax varies from + client to client - check your client's documentation. + + + 22..22.. SSoommee ffiilleess tthhaatt II KKNNOOWW aarree oonn tthhee sseerrvveerr ddooeessnn''tt sshhooww uupp wwhheenn II + vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!! + + + See the next question. + + 22..33.. SSoommee ffiilleess oonn tthhee sseerrvveerr sshhooww uupp wwiitthh rreeaallllyy wwiieerrdd ffiilleennaammeess + wwhheenn II vviieeww tthhee ffiilleess ffrroomm mmyy cclliieenntt!! + + + If you check what files are not showing up, you will note that they + are files which contain upper case letters or which are otherwise not + DOS-compatible (ie, they are not legal DOS filenames for some reason). + + The Samba server can be configured either to ignore such files + completely, or to present them to the client in "mangled" form. If you + are not seeing the files at all, the Samba server has most likely been + configured to ignore them. Consult the man page smb.conf(5) for + details of how to change this - the parameter you need to set is + "mangled names = yes". + + + 22..44.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd ccoommppuutteerr"" oorr ssiimmiillaarr + + + This indicates one of three things: You supplied an incorrect server + name, the underlying TCP/IP layer is not working correctly, or the + name you specified cannot be resolved. + + After carefully checking that the name you typed is the name you + should have typed, try doing things like pinging a host or telnetting + to somewhere on your network to see if TCP/IP is functioning OK. If it + is, the problem is most likely name resolution. + + + If your client has a facility to do so, hardcode a mapping between the + hosts IP and the name you want to use. For example, with Man Manager + or Windows for Workgroups you would put a suitable entry in the file + LMHOSTS. If this works, the problem is in the communication between + your client and the netbios name server. If it does not work, then + there is something fundamental wrong with your naming and the solution + is beyond the scope of this document. + + If you do not have any server on your subnet supplying netbios name + resolution, hardcoded mappings are your only option. If you DO have a + netbios name server running (such as the Samba suite's nmbd program), + the problem probably lies in the way it is set up. Refer to Section + Two of this FAQ for more ideas. + + By the way, remember to REMOVE the hardcoded mapping before further + tests :-) + + + 22..55.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott llooccaattee ssppeecciiffiieedd sshhaarree nnaammee"" oorr ssiimmii-- + llaarr + + + This message indicates that your client CAN locate the specified + server, which is a good start, but that it cannot find a service of + the name you gave. + + The first step is to check the exact name of the service you are + trying to connect to (consult your system administrator). Assuming it + exists and you specified it correctly (read your client's doco on how + to specify a service name correctly), read on: + + + +o Many clients cannot accept or use service names longer than eight + characters. + + +o Many clients cannot accept or use service names containing spaces. + + +o Some servers (not Samba though) are case sensitive with service + names. + + +o Some clients force service names into upper case. + + + 22..66.. MMyy cclliieenntt rreeppoorrttss ""ccaannnnoott ffiinndd ddoommaaiinn ccoonnttrroolllleerr"",, ""ccaannnnoott lloogg + oonn ttoo tthhee nneettwwoorrkk"" oorr ssiimmiillaarr + + + Nothing is wrong - Samba does not implement the primary domain name + controller stuff for several reasons, including the fact that the + whole concept of a primary domain controller and "logging in to a + network" doesn't fit well with clients possibly running on multiuser + machines (such as users of smbclient under Unix). Having said that, + several developers are working hard on building it in to the next + major version of Samba. If you can contribute, send a message to + samba@samba.org ! + + Seeing this message should not affect your ability to mount redirected + disks and printers, which is really what all this is about. + + For many clients (including Windows for Workgroups and Lan Manager), + setting the domain to STANDALONE at least gets rid of the message. + + + + + + 22..77.. PPrriinnttiinngg ddooeessnn''tt wwoorrkk ::--(( + + + Make sure that the specified print command for the service you are + connecting to is correct and that it has a fully-qualified path (eg., + use "/usr/bin/lpr" rather than just "lpr"). + + Make sure that the spool directory specified for the service is + writable by the user connected to the service. In particular the user + "nobody" often has problems with printing, even if it worked with an + earlier version of Samba. Try creating another guest user other than + "nobody". + + Make sure that the user specified in the service is permitted to use + the printer. + + Check the debug log produced by smbd. Search for the printer name and + see if the log turns up any clues. Note that error messages to do with + a service ipc$ are meaningless - they relate to the way the client + attempts to retrieve status information when using the LANMAN1 + protocol. + + If using WfWg then you need to set the default protocol to TCP/IP, not + Netbeui. This is a WfWg bug. + + If using the Lanman1 protocol (the default) then try switching to + coreplus. Also not that print status error messages don't mean + printing won't work. The print status is received by a different + mechanism. + + + 22..88.. MMyy pprrooggrraammss iinnssttaallll oonn tthhee sseerrvveerr OOKK,, bbuutt rreeffuussee ttoo wwoorrkk pprroopp-- + eerrllyy + + + There are numerous possible reasons for this, but one MAJOR + possibility is that your software uses locking. Make sure you are + using Samba 1.6.11 or later. It may also be possible to work around + the problem by setting "locking=no" in the Samba configuration file + for the service the software is installed on. This should be regarded + as a strictly temporary solution. + + In earlier Samba versions there were some difficulties with the very + latest Microsoft products, particularly Excel 5 and Word for Windows + 6. These should have all been solved. If not then please let Andrew + Tridgell know via email at samba@samba.org. + + + 22..99.. MMyy ""sseerrvveerr ssttrriinngg"" ddooeessnn''tt sseeeemm ttoo bbee rreeccooggnniisseedd + + + OR My client reports the default setting, eg. "Samba 1.9.15p4", + instead of what I have changed it to in the smb.conf file. + + You need to use the -C option in nmbd. The "server string" affects + what smbd puts out and -C affects what nmbd puts out. + + Current versions of Samba (1.9.16 +) have combined these options into + the "server string" field of smb.conf, -C for nmbd is now obsolete. + + + 22..1100.. MMyy cclliieenntt rreeppoorrttss ""TThhiiss sseerrvveerr iiss nnoott ccoonnffiigguurreedd ttoo lliisstt sshhaarreedd + rreessoouurrcceess"" + + + Your guest account is probably invalid for some reason. Samba uses the + guest account for browsing in smbd. Check that your guest account is + valid. + + See also 'guest account' in smb.conf man page. + + + 22..1111.. LLoogg mmeessssaaggee ""yyoouu aappppeeaarr ttoo hhaavvee aa ttrraappddoooorr uuiidd ssyysstteemm"" + + + This can have several causes. It might be because you are using a uid + or gid of 65535 or -1. This is a VERY bad idea, and is a big security + hole. Check carefully in your /etc/passwd file and make sure that no + user has uid 65535 or -1. Especially check the "nobody" user, as many + broken systems are shipped with nobody setup with a uid of 65535. + + It might also mean that your OS has a trapdoor uid/gid system :-) + + This means that once a process changes effective uid from root to + another user it can't go back to root. Unfortunately Samba relies on + being able to change effective uid from root to non-root and back + again to implement its security policy. If your OS has a trapdoor uid + system this won't work, and several things in Samba may break. Less + things will break if you use user or server level security instead of + the default share level security, but you may still strike problems. + + The problems don't give rise to any security holes, so don't panic, + but it does mean some of Samba's capabilities will be unavailable. In + particular you will not be able to connect to the Samba server as two + different uids at once. This may happen if you try to print as a + "guest" while accessing a share as a normal user. It may also affect + your ability to list the available shares as this is normally done as + the guest user. + + Complain to your OS vendor and ask them to fix their system. + + Note: the reason why 65535 is a VERY bad choice of uid and gid is that + it casts to -1 as a uid, and the setreuid() system call ignores (with + no error) uid changes to -1. This means any daemon attempting to run + as uid 65535 will actually run as root. This is not good! + + + 33.. CCoommmmoonn cclliieenntt qquueessttiioonnss + + + + + 33..11.. AArree tthheerree aannyy MMaacciinnttoosshh cclliieennttss ffoorr SSaammbbaa?? + + + Yes! Thursby now have a CIFS Client / Server called DAVE - see + <http://www.thursby.com/>. They test it against Windows 95, Windows + NT and samba for compatibility issues. At the time of writing, DAVE + was at version 1.0.1. The 1.0.0 to 1.0.1 update is available as a free + download from the Thursby web site (the speed of finder copies has + been greatly enhanced, and there are bug-fixes included). + + Alternatives - There are two free implementations of AppleTalk for + several kinds of UNIX machnes, and several more commercial ones. + These products allow you to run file services and print services + natively to Macintosh users, with no additional support required on + the Macintosh. The two free omplementations are Netatalk, + <http://www.umich.edu/~rsug/netatalk/>, and CAP, + <http://www.cs.mu.oz.au/appletalk/atalk.html>. What Samba offers MS + Windows users, these packages offer to Macs. For more info on these + packages, Samba, and Linux (and other UNIX-based systems) see + <http://www.eats.com/linux_mac_win.html> + 33..22.. SSeessssiioonn rreeqquueesstt ffaaiilleedd ((113311,,113300))"" eerrrroorr + + + The following answer is provided by John E. Miller: + + I'll assume that you're able to ping back and forth between the + machines by IP address and name, and that you're using some security + model where you're confident that you've got user IDs and passwords + right. The logging options (-d3 or greater) can help a lot with that. + DNS and WINS configuration can also impact connectivity as well. + + Now, on to 'scope id's. Somewhere in your Win95 TCP/IP network + configuration (I'm too much of an NT bigot to know where it's located + in the Win95 setup, but I'll have to learn someday since I teach for a + Microsoft Solution Provider Authorized Tech Education Center - what an + acronym...) Note: It's under Control Panel | Network | TCP/IP | WINS + Configuration there's a little text entry field called something like + + This field essentially creates 'invisible' sub-workgroups on the same + wire. Boxes can only see other boxes whose Scope IDs are set to the + exact same value - it's sometimes used by OEMs to configure their + boxes to browse only other boxes from the same vendor and, in most + environments, this field should be left blank. If you, in fact, have + something in this box that EXACT value (case-sensitive!) needs to be + provided to smbclient and nmbd as the -i (lowercase) parameter. So, if + your Scope ID is configured as the string 'SomeStr' in Win95 then + you'd have to use smbclient -iSomeStr otherparms in connecting to it. + + + 33..33.. HHooww ddoo II ssyynncchhrroonniissee mmyy PPCC''ss cclloocckk wwiitthh mmyy SSaammbbaa sseerrvveerr?? + + + To syncronize your PC's clock with your Samba server: + + +o Copy timesync.pif to your windows directory + + +o timesync.pif can be found at: + <http://samba.org/samba/binaries/miscellaneous/timesync.pif> + + +o Add timesync.pif to your 'Start Up' group/folder + + +o Open the properties dialog box for the program/icon + + +o Make sure the 'Run Minimized' option is set in program 'Properties' + + +o Change the command line section that reads \sambahost to reflect + the name of your server. + + +o Close the properties dialog box by choosing 'OK' + + Each time you start your computer (or login for Win95) your PC will + synchronize its clock with your Samba server. + + Alternativley, if you clients support Domain Logons, you can setup + Domain Logons with Samba - see: BROWSING.txt + <ftp://samba.org/pub/samba/docs/BROWSING.txt> *** for more + information. + + Then add + + + NET TIME \\%L /SET /YES + + + + + as one of the lines in the logon script. + + 33..44.. PPrroobblleemmss wwiitthh WWiinnDDDD,, NNTTrriigguuee,, WWiinnCCeenntteerrPPrroo eettcc + + + All of the above programs are applications that sit on an NT box and + allow multiple users to access the NT GUI applications from remote + workstations (often over X). + + What has this got to do with Samba? The problem comes when these users + use filemanager to mount shares from a Samba server. The most common + symptom is that the first user to connect get correct file permissions + and has a nice day, but subsequent connections get logged in as the + same user as the first person to login. They find that they cannot + access files in their own home directory, but that they can access + files in the first users home directory (maybe not such a nice day + after all?) + + Why does this happen? The above products all share a common heritage + (and code base I believe). They all open just a single TCP based SMB + connection to the Samba server, and requests from all users are piped + over this connection. This is unfortunate, but not fatal. + + It means that if you run your Samba server in share level security + (the default) then things will definately break as described above. + The share level SMB security model has no provision for multiple user + IDs on the one SMB connection. See security_level.txt + <ftp://samba.org/pub/samba/docs/security_level.txt> in the docs + for more info on share/user/server level security. + + If you run in user or server level security then you have a chance, + but only if you have a recent version of Samba (at least 1.9.15p6). In + older versions bugs in Samba meant you still would have had problems. + + If you have a trapdoor uid system in your OS then it will never work + properly. Samba needs to be able to switch uids on the connection and + it can't if your OS has a trapdoor uid system. You'll know this + because Samba will note it in your logs. + + Also note that you should not use the magic "homes" share name with + products like these, as otherwise all users will end up with the same + home directory. Use \serversername instead. + + + 33..55.. PPrroobblleemm wwiitthh pprriinntteerrss uunnddeerr NNTT + + + This info from Stefan Hergeth hergeth@f7axp1.informatik.fh-muenchen.de + may be useful: + + A network-printer (with ethernetcard) is connected to the NT-Clients + via our UNIX-Fileserver (SAMBA-Server), like the configuration told by + Matthew Harrell harrell@leech.nrl.navy.mil (see WinNT.txt) + + 1. If a user has choosen this printer as the default printer in his + NT-Session and this printer is not connected to the network (e.g. + switched off) than this user has a problem with the SAMBA- + connection of his filesystems. It's very slow. + + 2. If the printer is connected to the network everything works fine. + + 3. When the smbd ist started with debug level 3, you can see that the + NT spooling system try to connect to the printer many times. If the + printer ist not connected to the network this request fails and the + NT spooler is wasting a lot of time to connect to the printer + service. This seems to be the reason for the slow network + connection. + + 4. Maybe it's possible to change this behaviour by setting different + printer properties in the Print-Manager-Menu of NT, but i didn't + try it yet. + + + 33..66.. WWhhyy aarree mmyy ffiillee''ss ttiimmeessttaammppss ooffff bbyy aann hhoouurr,, oorr bbyy aa ffeeww hhoouurrss?? + + + This is from Paul Eggert eggert@twinsun.com. + + Most likely it's a problem with your time zone settings. + + Internally, Samba maintains time in traditional Unix format, namely, + the number of seconds since 1970-01-01 00:00:00 Universal Time (or + ``GMT''), not counting leap seconds. + + On the server side, Samba uses the Unix TZ variable to convert + internal timestamps to and from local time. So on the server side, + there are two things to get right. + + 1. The Unix system clock must have the correct Universal time. Use + the shell command "sh -c 'TZ=UTC0 date'" to check this. + + 2. The TZ environment variable must be set on the server before Samba + is invoked. The details of this depend on the server OS, but + typically you must edit a file whose name is /etc/TIMEZONE or + /etc/default/init, or run the command `zic -l'. + + 3. TZ must have the correct value. + + a. If possible, use geographical time zone settings (e.g. + TZ='America/Los_Angeles' or perhaps TZ=':US/Pacific'). These + are supported by most popular Unix OSes, are easier to get + right, and are more accurate for historical timestamps. If your + operating system has out-of-date tables, you should be able to + update them from the public domain time zone tables at + <ftp://elsie.nci.nih.gov/pub/>. + + b. If your system does not support geographical timezone settings, + you must use a Posix-style TZ strings, e.g. + TZ='PST8PDT,M4.1.0/2,M10.5.0/2' for US Pacific time. Posix TZ + strings can take the following form (with optional items in + brackets): + + StdOffset[Dst[Offset],Date/Time,Date/Time] + + + where: + + +o `Std' is the standard time designation (e.g. `PST'). + + +o `Offset' is the number of hours behind UTC (e.g. `8'). Prepend + a `-' if you are ahead of UTC, and append `:30' if you are at a + half-hour offset. Omit all the remaining items if you do not + use daylight-saving time. + + +o `Dst' is the daylight-saving time designation (e.g. `PDT'). + + The optional second `Offset' is the number of hours that + daylight-saving time is behind UTC. The default is 1 hour ahead + of standard time. + + +o `Date/Time,Date/Time' specify when daylight-saving time starts + and ends. The format for a date is `Mm.n.d', which specifies + the dth day (0 is Sunday) of the nth week of the mth month, + where week 5 means the last such day in the month. The format + for a time is hh:mm[:ss], using a 24-hour clock. + + Other Posix string formats are allowed but you don't want to + know about them. + + On the client side, you must make sure that your client's clock and + time zone is also set appropriately. [I don't know how to do + this.] Samba traditionally has had many problems dealing with time + zones, due to the bizarre ways that Microsoft network protocols + handle time zones. A common symptom is for file timestamps to be + off by an hour. To work around the problem, try disconnecting from + your Samba server and then reconnecting to it; or upgrade your + Samba server to 1.9.16alpha10 or later. + + + 33..77.. HHooww ddoo II sseett tthhee pprriinntteerr ddrriivveerr nnaammee ccoorrrreeccttllyy?? + + + Question: On NT, I opened "Printer Manager" and "Connect to Printer". + Enter "\ptdi270s1" + in the box of printer. I got the following error message: + + + You do not have sufficient access to your machine + to connect to the selected printer, since a driver + needs to be installed locally. + + + + + Answer: + + In the more recent versions of Samba you can now set the "printer + driver" in smb.conf. This tells the client what driver to use. For + example: + + + printer driver = HP LaserJet 4L + + + + + with this, NT knows to use the right driver. You have to get this + string exactly right. + + To find the exact string to use, you need to get to the dialog box in + your client where you select which printer driver to install. The + correct strings for all the different printers are shown in a listbox + in that dialog box. + + You could also try setting the driver to NULL like this: + + + printer driver = NULL + + + + + this is effectively what older versions of Samba did, so if that + worked for you then give it a go. If this does work then let us know + via samba@samba.org, and we'll make it the default. Cur- + rently the default is a 0 length string. + + + 33..88.. II''vvee aapppplliieedd NNTT 44..00 SSPP33,, aanndd nnooww II ccaann''tt aacccceessss SSaammbbaa sshhaarreess,, + WWhhyy?? + + + As of SP3, Microsoft has decided that they will no longer default to + passing clear text passwords over the network. To enable access to + Samba shares from NT 4.0 SP3, you must do OONNEE of two things: + + 1. Set the Samba configuration option 'security = user' and implement + all of the stuff detailed in ENCRYPTION.txt + <ftp://samba.org/pub/samba/docs/ENCRYPTION.txt>. + + 2. Follow Microsoft's directions for setting your NT box to allow + plain text passwords. see Knowledge Base Article Q166730 + <http://www.microsoft.com/kb/articles/q166/7/30.htm> + + + 44.. SSppeecciiffiicc cclliieenntt aapppplliiccaattiioonn pprroobblleemmss + + + + + 44..11.. MMSS OOffffiiccee SSeettuupp rreeppoorrttss ""CCaannnnoott cchhaannggee pprrooppeerrttiieess ooff ''MMSSOOFF-- + FFIICCEEUUPP..IINNII''"" + + + When installing MS Office on a Samba drive for which you have admin + user permissions, ie. admin users = username, you will find the setup + program unable to complete the installation. + + To get around this problem, do the installation without admin user + permissions The problem is that MS Office Setup checks that a file is + rdonly by trying to open it for writing. + + Admin users can always open a file for writing, as they run as root. + You just have to install as a non-admin user and then use "chown -R" + to fix the owner. + + + 55.. MMiisscceellllaanneeoouuss + + + + 55..11.. IIss SSaammbbaa YYeeaarr 22000000 ccoommpplliiaanntt?? + + + The CIFS protocol that Samba implements negotiates times in various + formats, all of which are able to cope with dates beyond 2000. + + + + + + + + + + + + + + + + + + diff --git a/docs/history b/docs/history index 83761e23b86..7bcbe3564ad 100644 --- a/docs/history +++ b/docs/history @@ -1,8 +1,9 @@ -Note: This file is now quite out of date - but perhaps that's -appropriate? +Contributor: Andrew Tridgell and the Samba Team +Date: June 27, 1997 +Satus: Always out of date! (Would not be the same without it!) - -========= +Subject: A bit of history and a bit of fun +============================================================================ This is a short history of this project. It's not supposed to be comprehensive, just enough so that new users can get a feel for where @@ -10,7 +11,7 @@ this project has come from and maybe where it's going to. The whole thing really started in December 1991. I was (and still am) a PhD student in the Computer Sciences Laboratory at the Australian -Netional University, in Canberra, Australia. We had just got a +National University, in Canberra, Australia. We had just got a beta copy of eXcursion from Digital, and I was testing it on my PC. At this stage I was a MS-DOS user, dabbling in windows. @@ -111,7 +112,7 @@ code! I wrote back saying it was OK, but never heard from him again. I don't know if it went on the cd-rom. Anyway, the next big event was in December 1993, when Dan again sent -me an e-mail saying my server had "raised it's ugly head" on +me an e-mail saying my server had "raised its ugly head" on comp.protocols.tcpip.ibmpc. I had a quick look on the group, and was surprised to see that there were people interested in this thing. @@ -163,3 +164,55 @@ support and the ability to do domain logons etc. Samba has also been ported to OS/2, the amiga and NetWare. There are now 3000 people on the samba mailing list. --------------------- + + +--------------------- +It's now June 1997 and samba-1.9.17 is due out soon. My how time passes! +Please refer to the WHATSNEW.txt for an update on new features. Just when +you think you understand what is happening the ground rules change - this +is a real world after all. Since the heady days of March 1996 there has +been a concerted effort within the SMB protocol using community to document +and standardize the protocols. The CIFS initiative has helped a long way +towards creating a better understood and more interoperable environment. +The Samba Team has grown in number and have been very active in the standards +formation and documentation process. + +The net effect has been that we have had to do a lot of work to bring Samba +into line with new features and capabilities in the SMB protocols. + +The past year has been a productive one with the following releases: + 1.9.16, 1.9.16p2, 1.9.16p6, 1.9.16p9, 1.9.16p10, 1.9.16p11 + +There are some who believe that 1.9.15p8 was the best release and others +who would not want to be without the latest. Whatever your perception we +hope that 1.9.17 will close the gap and convince you all that the long +wait and the rolling changes really were worth it. Here is functionality +and a level of code maturity that ..., well - you can be the judge! + +Happy SMB networking! +Samba Team + +ps: The bugs are ours, so please report any you find. +--------------------- + +--------------------- +It's now October 1998. We just got back from the 3rd CIFS conference +in SanJose. The Samba Team was the biggest contingent there. + +Samba 2.0 should be shipping in the next few weeks with much better +domain controller support, GUI configuration, a new user space SMB +filesystem and lots of other neat stuff. I've also noticed that a +search of job ads in DejaNews turned up 3900 that mention Samba. Looks +like we've created a small industry. + +I've been asked again where the name Samba came from. I might as well +put it down here for everyone to read. The code in Samba was first +called just "server", it then got renamed "smbserver" when I +discovered that the protocol is called SMB. Then in April 1994 I got +an email from Syntax, the makers of "TotalNet advanced Server", a +commercial SMB server. They told me that they had a trademark on the +name SMBserver and I would have to change the name. I ran an egrep for +words containing S, M, and B on /usr/dict/words and the name Samba +looked like the best choice. Strangely enough when I repeat that now I +notice that Samba isn't in /usr/dict/words on my system anymore! +--------------------- diff --git a/docs/htmldocs/CVS-Access.html b/docs/htmldocs/CVS-Access.html new file mode 100644 index 00000000000..1329433f1a1 --- /dev/null +++ b/docs/htmldocs/CVS-Access.html @@ -0,0 +1,193 @@ +<HTML +><HEAD +><TITLE +>HOWTO Access Samba source code via CVS

Introduction

Samba is developed in an open environment. Developers use CVS +(Concurrent Versioning System) to "checkin" (also known as +"commit") new source code. Samba's various CVS branches can +be accessed via anonymous CVS using the instructions +detailed in this chapter.

This document is a modified version of the instructions found at +http://samba.org/samba/cvs.html

CVS Access to samba.org

The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host.

Access via CVSweb

You can access the source code via your +favourite WWW browser. This allows you to access the contents of +individual files in the repository and also to look at the revision +history and commit logs of individual files. You can also ask for a diff +listing between any two versions on the repository.

Use the URL : http://samba.org/cgi-bin/cvsweb

Access via cvs

You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser.

To download the latest cvs source code, point your +browser at the URL : http://www.cyclic.com/. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com.

To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name

  1. Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. +

  2. Run the command +

    cvs -d :pserver:cvs@samba.org:/cvsroot login +

    When it asks you for a password type cvs. +

  3. Run the command +

    cvs -d :pserver:cvs@samba.org:/cvsroot co samba +

    This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. +

    CVS branches other HEAD can be obtained by using the -r + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. +

    cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba +

  4. Whenever you want to merge in the latest code changes use + the following command from within the samba directory: +

    cvs update -d -P +

\ No newline at end of file diff --git a/docs/htmldocs/DOMAIN_MEMBER.html b/docs/htmldocs/DOMAIN_MEMBER.html new file mode 100644 index 00000000000..b7ef4c9a61b --- /dev/null +++ b/docs/htmldocs/DOMAIN_MEMBER.html @@ -0,0 +1,372 @@ +security = domain in Samba 2.x

Joining an NT Domain with Samba 2.2

Assume you have a Samba 2.x server with a NetBIOS name of + SERV1 and are joining an NT domain called + DOM, which has a PDC with a NetBIOS name + of DOMPDC and two backup domain controllers + with NetBIOS names DOMBDC1 and DOMBDC2 + .

In order to join the domain, first stop all Samba daemons + and run the command:

root# smbpasswd -j DOM -r DOMPDC + -UAdministrator%password

as we are joining the domain DOM and the PDC for that domain + (the only machine that has write access to the domain SAM database) + is DOMPDC. The Administrator%password is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:

smbpasswd: Joined domain DOM. +

in your terminal window. See the smbpasswd(8) man page for more details.

There is existing development code to join a domain + without having to create the machine trust account on the PDC + beforehand. This code will hopefully be available soon + in release branches as well.

This command goes through the machine account password + change protocol, then writes the new (random) machine account + password for this Samba server into a file in the same directory + in which an smbpasswd file would be stored - normally :

/usr/local/samba/private

In Samba 2.0.x, the filename looks like this:

<NT DOMAIN NAME>.<Samba + Server Name>.mac

The .mac suffix stands for machine account + password file. So in our example above, the file would be called:

DOM.SERV1.mac

In Samba 2.2, this file has been replaced with a TDB + (Trivial Database) file named secrets.tdb. +

This file is created and owned by root and is not + readable by any other user. It is the key to the domain-level + security for your system, and should be treated as carefully + as a shadow password file.

Now, before restarting the Samba daemons you must + edit your smb.conf(5) + file to tell Samba it should now use domain security.

Change (or add) your security = line in the [global] section + of your smb.conf to read:

security = domain

Next change the workgroup = line in the [global] section to read:

workgroup = DOM

as this is the name of the domain we are joining.

You must also have the parameter encrypt passwords set to yes + in order for your users to authenticate to the NT PDC.

Finally, add (or modify) a password server = line in the [global] + section to read:

password server = DOMPDC DOMBDC1 DOMBDC2

These are the primary and backup domain controllers Samba + will attempt to contact in order to authenticate users. Samba will + try to contact each of these servers in order, so you may want to + rearrange this list in order to spread out the authentication load + among domain controllers.

Alternatively, if you want smbd to automatically determine + the list of Domain controllers to use for authentication, you may + set this line to be :

password server = *

This method, which was introduced in Samba 2.0.6, + allows Samba to use exactly the same mechanism that NT does. This + method either broadcasts or uses a WINS database in order to + find domain controllers to authenticate against.

Finally, restart your Samba daemons and get ready for + clients to begin using domain security!

Samba and Windows 2000 Domains

Many people have asked regarding the state of Samba's ability to participate in +a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows +2000 domain operating in mixed or native mode.

There is much confusion between the circumstances that require a "mixed" mode +Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode +Win2k domain controller is only needed if Windows NT BDCs must exist in the same +domain. By default, a Win2k DC in "native" mode will still support +NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and +NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.

The steps for adding a Samba 2.2 host to a Win2k domain are the same as those +for adding a Samba server to a Windows NT 4.0 domain. The only exception is that +the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and +Computers" MMC (Microsoft Management Console) plugin.

Why is this better than security = server?

Currently, domain security in Samba doesn't free you from + having to create local Unix users to represent the users attaching + to your server. This means that if domain user DOM\fred + attaches to your domain security Samba server, there needs + to be a local Unix user fred to represent that user in the Unix + filesystem. This is very similar to the older Samba security mode + security = server, + where Samba would pass through the authentication request to a Windows + NT server in the same way as a Windows 95 or Windows 98 server would. +

Please refer to the Winbind + paper for information on a system to automatically + assign UNIX uids and gids to Windows NT Domain users and groups. + This code is available in development branches only at the moment, + but will be moved to release branches soon.

The advantage to domain-level security is that the + authentication in domain-level security is passed down the authenticated + RPC channel in exactly the same way that an NT server would do it. This + means Samba servers now participate in domain trust relationships in + exactly the same way NT servers do (i.e., you can add Samba servers into + a resource domain and have the authentication passed on from a resource + domain PDC to an account domain PDC.

In addition, with security = server every Samba + daemon on a server has to keep a connection open to the + authenticating server for as long as that daemon lasts. This can drain + the connection resources on a Microsoft NT server and cause it to run + out of available connections. With security = domain, + however, the Samba daemons connect to the PDC/BDC only for as long + as is necessary to authenticate the user, and then drop the connection, + thus conserving PDC connection resources.

And finally, acting in the same manner as an NT server + authenticating to a PDC means that as part of the authentication + reply, the Samba server gets the user identification information such + as the user SID, the list of NT groups the user belongs to, etc. All + this information will allow Samba to be extended in the future into + a mode the developers currently call appliance mode. In this mode, + no local Unix users will be necessary, and Samba will generate Unix + uids and gids from the information passed back from the PDC when a + user is authenticated, making a Samba server truly plug and play + in an NT domain environment. Watch for this code soon.

NOTE: Much of the text of this document + was first published in the Web magazine + LinuxWorld as the article Doing + the NIS/NT Samba.

\ No newline at end of file diff --git a/docs/htmldocs/ENCRYPTION.html b/docs/htmldocs/ENCRYPTION.html new file mode 100644 index 00000000000..e4d3ef5fed2 --- /dev/null +++ b/docs/htmldocs/ENCRYPTION.html @@ -0,0 +1,656 @@ +LanMan and NT Password Encryption in Samba 2.x

Introduction

With the development of LanManager and Windows NT + compatible password encryption for Samba, it is now able + to validate user connections in exactly the same way as + a LanManager or Windows NT server.

This document describes how the SMB password encryption + algorithm works and what issues there are in choosing whether + you want to use it. You should read it carefully, especially + the part about security and the "PROS and CONS" section.

How does it work?

LanManager encryption is somewhat similar to UNIX + password encryption. The server uses a file containing a + hashed value of a user's password. This is created by taking + the user's plaintext password, capitalising it, and either + truncating to 14 bytes or padding to 14 bytes with null bytes. + This 14 byte value is used as two 56 bit DES keys to encrypt + a 'magic' eight byte value, forming a 16 byte value which is + stored by the server and client. Let this value be known as + the "hashed password".

Windows NT encryption is a higher quality mechanism, + consisting of doing an MD4 hash on a Unicode version of the user's + password. This also produces a 16 byte hash value that is + non-reversible.

When a client (LanManager, Windows for WorkGroups, Windows + 95 or Windows NT) wishes to mount a Samba drive (or use a Samba + resource), it first requests a connection and negotiates the + protocol that the client and server will use. In the reply to this + request the Samba server generates and appends an 8 byte, random + value - this is stored in the Samba server after the reply is sent + and is known as the "challenge". The challenge is different for + every client connection.

The client then uses the hashed password (16 byte values + described above), appended with 5 null bytes, as three 56 bit + DES keys, each of which is used to encrypt the challenge 8 byte + value, forming a 24 byte value known as the "response".

In the SMB call SMBsessionsetupX (when user level security + is selected) or the call SMBtconX (when share level security is + selected), the 24 byte response is returned by the client to the + Samba server. For Windows NT protocol levels the above calculation + is done on both hashes of the user's password and both responses are + returned in the SMB call, giving two 24 byte values.

The Samba server then reproduces the above calculation, using + its own stored value of the 16 byte hashed password (read from the + smbpasswd file - described later) and the challenge + value that it kept from the negotiate protocol reply. It then checks + to see if the 24 byte value it calculates matches the 24 byte value + returned to it from the client.

If these values match exactly, then the client knew the + correct password (or the 16 byte hashed value - see security note + below) and is thus allowed access. If not, then the client did not + know the correct password and is denied access.

Note that the Samba server never knows or stores the cleartext + of the user's password - just the 16 byte hashed values derived from + it. Also note that the cleartext password or 16 byte hashed values + are never transmitted over the network - thus increasing security.

Important Notes About Security

The unix and SMB password encryption techniques seem similar + on the surface. This similarity is, however, only skin deep. The unix + scheme typically sends clear text passwords over the network when + logging in. This is bad. The SMB encryption scheme never sends the + cleartext password over the network but it does store the 16 byte + hashed values on disk. This is also bad. Why? Because the 16 byte hashed + values are a "password equivalent". You cannot derive the user's + password from them, but they could potentially be used in a modified + client to gain access to a server. This would require considerable + technical knowledge on behalf of the attacker but is perfectly possible. + You should thus treat the smbpasswd file as though it contained the + cleartext passwords of all your users. Its contents must be kept + secret, and the file should be protected accordingly.

Ideally we would like a password scheme which neither requires + plain text passwords on the net or on disk. Unfortunately this + is not available as Samba is stuck with being compatible with + other SMB systems (WinNT, WfWg, Win95 etc).

Warning

Note that Windows NT 4.0 Service pack 3 changed the + default for permissible authentication so that plaintext + passwords are never sent over the wire. + The solution to this is either to switch to encrypted passwords + with Samba or edit the Windows NT registry to re-enable plaintext + passwords. See the document WinNT.txt for details on how to do + this.

Other Microsoft operating systems which also exhibit + this behavior includes

  • MS DOS Network client 3.0 with + the basic network redirector installed

  • Windows 95 with the network redirector + update installed

  • Windows 98 [se]

  • Windows 2000

Note :All current release of + Microsoft SMB/CIFS clients support authentication via the + SMB Challenge/Response mechanism described here. Enabling + clear text authentication does not disable the ability + of the client to participate in encrypted authentication.

Advantages of SMB Encryption

  • plain text passwords are not passed across + the network. Someone using a network sniffer cannot just + record passwords going to the SMB server.

  • WinNT doesn't like talking to a server + that isn't using SMB encrypted passwords. It will refuse + to browse the server if the server is also in user level + security mode. It will insist on prompting the user for the + password on each connection, which is very annoying. The + only things you can do to stop this is to use SMB encryption. +

Advantages of non-encrypted passwords

  • plain text passwords are not kept + on disk.

  • uses same password file as other unix + services such as login and ftp

  • you are probably already using other + services (such as telnet and ftp) which send plain text + passwords over the net, so sending them for SMB isn't + such a big deal.

The smbpasswd file

In order for Samba to participate in the above protocol + it must be able to look up the 16 byte hashed values given a user name. + Unfortunately, as the UNIX password value is also a one way hash + function (ie. it is impossible to retrieve the cleartext of the user's + password given the UNIX hash of it), a separate password file + containing this 16 byte value must be kept. To minimise problems with + these two password files, getting out of sync, the UNIX /etc/passwd and the smbpasswd file, + a utility, mksmbpasswd.sh, is provided to generate + a smbpasswd file from a UNIX /etc/passwd file. +

To generate the smbpasswd file from your /etc/passwd + file use the following command :

$ cat /etc/passwd | mksmbpasswd.sh + > /usr/local/samba/private/smbpasswd

If you are running on a system that uses NIS, use

$ ypcat passwd | mksmbpasswd.sh + > /usr/local/samba/private/smbpasswd

The mksmbpasswd.sh program is found in + the Samba source directory. By default, the smbpasswd file is + stored in :

/usr/local/samba/private/smbpasswd

The owner of the /usr/local/samba/private/ + directory should be set to root, and the permissions on it should + be set to 0500 (chmod 500 /usr/local/samba/private). +

Likewise, the smbpasswd file inside the private directory should + be owned by root and the permissions on is should be set to 0600 + (chmod 600 smbpasswd).

The format of the smbpasswd file is (The line has been + wrapped here. It should appear as one entry per line in + your smbpasswd file.)

username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:
+	[Account type]:LCT-<last-change-time>:Long name
+

Although only the username, + uid, XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX, + [Account type] and last-change-time sections are significant + and are looked at in the Samba code.

It is VITALLY important that there by 32 + 'X' characters between the two ':' characters in the XXX sections - + the smbpasswd and Samba code will fail to validate any entries that + do not have 32 characters between ':' characters. The first XXX + section is for the Lanman password hash, the second is for the + Windows NT version.

When the password file is created all users have password entries + consisting of 32 'X' characters. By default this disallows any access + as this user. When a user has a password set, the 'X' characters change + to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii + representation of the 16 byte hashed value of a user's password.

To set a user to have no password (not recommended), edit the file + using vi, and replace the first 11 characters with the ascii text + "NO PASSWORD" (minus the quotes).

For example, to clear the password for user bob, his smbpasswd file + entry would look like :

	bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:Bob's full name:/bobhome:/bobshell
+

If you are allowing users to use the smbpasswd command to set + their own passwords, you may want to give users NO PASSWORD initially + so they do not have to enter a previous password when changing to their + new password (not recommended). In order for you to allow this the + smbpasswd program must be able to connect to the + smbd daemon as that user with no password. Enable this + by adding the line :

null passwords = yes

to the [global] section of the smb.conf file (this is why + the above scenario is not recommended). Preferably, allocate your + users a default password to begin with, so you do not have + to enable this on your server.

Note : This file should be protected very + carefully. Anyone with access to this file can (with enough knowledge of + the protocols) gain access to your SMB server. The file is thus more + sensitive than a normal unix /etc/passwd file.

The smbpasswd Command

The smbpasswd command maintains the two 32 byte password fields + in the smbpasswd file. If you wish to make it similar to the unix + passwd or yppasswd programs, + install it in /usr/local/samba/bin/ (or your + main Samba binary directory).

Note that as of Samba 1.9.18p4 this program MUST NOT + BE INSTALLED setuid root (the new smbpasswd + code enforces this restriction so it cannot be run this way by + accident).

smbpasswd now works in a client-server mode + where it contacts the local smbd to change the user's password on its + behalf. This has enormous benefits - as follows.

  • smbpasswd no longer has to be setuid root - + an enormous range of potential security problems is + eliminated.

  • smbpasswd now has the capability + to change passwords on Windows NT servers (this only works when + the request is sent to the NT Primary Domain Controller if you + are changing an NT Domain user's password).

To run smbpasswd as a normal user just type :

$ smbpasswd

Old SMB password: <type old value here - + or hit return if there was no old password>

New SMB Password: <type new value> +

Repeat New SMB Password: <re-type new value +

If the old value does not match the current value stored for + that user, or the two new values do not match each other, then the + password will not be changed.

If invoked by an ordinary user it will only allow the user + to change his or her own Samba password.

If run by the root user smbpasswd may take an optional + argument, specifying the user name whose SMB password you wish to + change. Note that when run as root smbpasswd does not prompt for + or check the old password value, thus allowing root to set passwords + for users who have forgotten their passwords.

smbpasswd is designed to work in the same way + and be familiar to UNIX users who use the passwd or + yppasswd commands.

For more details on using smbpasswd refer + to the man page which will always be the definitive reference.

Setting up Samba to support LanManager Encryption

This is a very brief description on how to setup samba to + support password encryption.

  1. compile and install samba as usual

  2. enable encrypted passwords in smb.conf by adding the line encrypt + passwords = yes in the [global] section

  3. create the initial smbpasswd + password file in the place you specified in the Makefile + (--prefix=<dir>). See the notes under the The smbpasswd File + section earlier in the document for details.

Note that you can test things using smbclient.

\ No newline at end of file diff --git a/docs/htmldocs/Integrating-with-Windows.html b/docs/htmldocs/Integrating-with-Windows.html new file mode 100644 index 00000000000..7c5fe316272 --- /dev/null +++ b/docs/htmldocs/Integrating-with-Windows.html @@ -0,0 +1,1072 @@ +Integrating MS Windows networks with Samba

Agenda

To identify the key functional mechanisms of MS Windows networking +to enable the deployment of Samba as a means of extending and/or +replacing MS Windows NT/2000 technology.

We will examine:

  1. Name resolution in a pure Unix/Linux TCP/IP + environment +

  2. Name resolution as used within MS Windows + networking +

  3. How browsing functions and how to deploy stable + and dependable browsing using Samba +

  4. MS Windows security options and how to + configure Samba for seemless integration +

  5. Configuration of Samba as:

    1. A stand-alone server

    2. An MS Windows NT 3.x/4.0 security domain member +

    3. An alternative to an MS Windows NT 3.x/4.0 Domain Controller +

Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

  • /etc/hosts

  • /etc/resolv.conf

  • /etc/host.conf

  • /etc/nsswitch.conf

/etc/hosts

Contains a static list of IP Addresses and names. +eg:

	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box

The purpose of /etc/hosts is to provide a +name resolution mechanism so that uses do not need to remember +IP addresses.

Network packets that are sent over the physical network transport +layer communicate not via IP addresses but rather using the Media +Access Control address, or MAC address. IP Addresses are currently +32 bits in length and are typically presented as four (4) decimal +numbers that are separated by a dot (or period). eg: 168.192.1.1

MAC Addresses use 48 bits (or 6 bytes) and are typically represented +as two digit hexadecimal numbers separated by colons. eg: +40:8e:0a:12:34:56

Every network interfrace must have an MAC address. Associated with +a MAC address there may be one or more IP addresses. There is NO +relationship between an IP address and a MAC address, all such assignments +are arbitary or discretionary in nature. At the most basic level all +network communications takes place using MAC addressing. Since MAC +addresses must be globally unique, and generally remains fixed for +any particular interface, the assignment of an IP address makes sense +from a network management perspective. More than one IP address can +be assigned per MAC address. One address must be the primary IP address, +this is the address that will be returned in the ARP reply.

When a user or a process wants to communicate with another machine +the protocol implementation ensures that the "machine name" or "host +name" is resolved to an IP address in a manner that is controlled +by the TCP/IP configuration control files. The file +/etc/hosts is one such file.

When the IP address of the destination interface has been +determined a protocol called ARP/RARP isused to identify +the MAC address of the target interface. ARP stands for Address +Resolution Protocol, and is a broadcast oriented method that +uses UDP (User Datagram Protocol) to send a request to all +interfaces on the local network segment using the all 1's MAC +address. Network interfaces are programmed to respond to two +MAC addresses only; their own unique address and the address +ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will +contain the MAC address and the primary IP address for each +interface.

The /etc/hosts file is foundational to all +Unix/Linux TCP/IP installations and as a minumum will contain +the localhost and local network interface IP addresses and the +primary names by which they are known within the local machine. +This file helps to prime the pump so that a basic level of name +resolution can exist before any other method of name resolution +becomes available.

/etc/resolv.conf

This file tells the name resolution libraries:

  • The name of the domain to which the machine + belongs +

  • The name(s) of any domains that should be + automatically searched when trying to resolve unqualified + host names to their IP address +

  • The name or IP address of available Domain + Name Servers that may be asked to perform name to address + translation lookups +

/etc/host.conf

/etc/host.conf is the primary means by +which the setting in /etc/resolv.conf may be affected. It is a +critical configuration file. This file controls the order by +which name resolution may procede. The typical structure is:

	order hosts,bind
+	multi on

then both addresses should be returned. Please refer to the +man page for host.conf for further details.

/etc/nsswitch.conf

This file controls the actual name resolution targets. The +file typically has resolver object specifications as follows:

	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files

Of course, each of these mechanisms requires that the appropriate +facilities and/or services are correctly configured.

It should be noted that unless a network request/message must be +sent, TCP/IP networks are silent. All TCP/IP communications assumes a +principal of speaking only when necessary.

Samba version 2.2.0 will add Linux support for extensions to +the name service switch infrastructure so that linux clients will +be able to obtain resolution of MS Windows NetBIOS names to IP +Addresses. To gain this functionality Samba needs to be compiled +with appropriate arguments to the make command (ie: make +nsswitch/libnss_wins.so). The resulting library should +then be installed in the /lib directory and +the "wins" parameter needs to be added to the "hosts:" line in +the /etc/nsswitch.conf file. At this point it +will be possible to ping any MS Windows machine by it's NetBIOS +machine name, so long as that machine is within the workgroup to +which both the samba machine and the MS Windows machine belong.

Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine +is given. This name is known variously (and inconsistently) as +the "computer name", "machine name", "networking name", "netbios name", +"SMB name". All terms mean the same thing with the exception of +"netbios name" which can apply also to the name of the workgroup or the +domain name. The terms "workgroup" and "domain" are really just a +simply name with which the machine is associated. All NetBIOS names +are exactly 16 characters in length. The 16th character is reserved. +It is used to store a one byte value that indicates service level +information for the NetBIOS name that is registered. A NetBIOS machine +name is therefore registered for each service type that is provided by +the client/server.

The following are typical NetBIOS name/service type registrations:

	Unique NetBIOS Names:
+		MACHINENAME<00>	= Server Service is running on MACHINENAME
+		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
+		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
+		WORKGROUP<1b> = Domain Master Browser
+
+	Group Names:
+		WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
+		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
+		WORKGROUP<1d> = Local Master Browsers
+		WORKGROUP<1e> = Internet Name Resolvers

It should be noted that all NetBIOS machines register their own +names as per the above. This is in vast contrast to TCP/IP +installations where traditionally the system administrator will +determine in the /etc/hosts or in the DNS database what names +are associated with each IP address.

One further point of clarification should be noted, the /etc/hosts +file and the DNS records do not provide the NetBIOS name type information +that MS Windows clients depend on to locate the type of service that may +be needed. An example of this is what happens when an MS Windows client +wants to locate a domain logon server. It find this service and the IP +address of a server that provides it by performing a lookup (via a +NetBIOS broadcast) for enumeration of all machines that have +registered the name type *<1c>. A logon request is then sent to each +IP address that is returned in the enumerated list of IP addresses. Which +ever machine first replies then ends up providing the logon services.

The name "workgroup" or "domain" really can be confusing since these +have the added significance of indicating what is the security +architecture of the MS Windows network. The term "workgroup" indicates +that the primary nature of the network environment is that of a +peer-to-peer design. In a WORKGROUP all machines are responsible for +their own security, and generally such security is limited to use of +just a password (known as SHARE MORE security). In most situations +with peer-to-peer networking the users who control their own machines +will simply opt to have no security at all. It is possible to have +USER MODE security in a WORKGROUP environment, thus requiring use +of a user name and a matching password.

MS Windows networking is thus predetermined to use machine names +for all local and remote machine message passing. The protocol used is +called Server Message Block (SMB) and this is implemented using +the NetBIOS protocol (Network Basic Input Output System). NetBIOS can +be encapsulated using LLC (Logical Link Control) protocol - in which case +the resulting protocol is called NetBEUI (Network Basic Extended User +Interface). NetBIOS can also be run over IPX (Internetworking Packet +Exchange) protocol as used by Novell NetWare, and it can be run +over TCP/IP protocols - in which case the resulting protocol is called +NBT or NetBT, the NetBIOS over TCP/IP.

MS Windows machines use a complex array of name resolution mechanisms. +Since we are primarily concerned with TCP/IP this demonstration is +limited to this area.

The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is +stored the NetBIOS names and their IP addresses for all external +machines that that the local machine has communicated with over the +past 10-15 minutes. It is more efficient to obtain an IP address +for a machine from the local cache than it is to go through all the +configured name resolution mechanisms.

If a machine whose name is in the local name cache has been shut +down before the name had been expired and flushed from the cache, then +an attempt to exchange a message with that machine will be subject +to time-out delays. ie: It's name is in the cache, so a name resolution +lookup will succeed, but the machine can not respond. This can be +frustrating for users - but it is a characteristic of the protocol.

The MS Windows utility that allows examination of the NetBIOS +name cache is called "nbtstat". The Samba equivalent of this +is called "nmblookup".

The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or +2000 in C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the machine name in matched pairs. The +LMHOSTS file performs NetBIOS name +to IP address mapping oriented.

It typically looks like:

	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:<domain>
+	#      #INCLUDE <filename>
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:<domain>" tag will associate the
+	# entry with the domain specified by <domain>. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The <domain> is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
+	# software to seek the specified <filename> and parse it as if it were
+	# local. <filename> is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.

HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in +C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the IP hostname in matched pairs. It can be +used by the name resolution infrastructure in MS Windows, depending +on how the TCP/IP environment is configured. This file is in +every way the equivalent of the Unix/Linux /etc/hosts file.

DNS Lookup

This capability is configured in the TCP/IP setup area in the network +configuration facility. If enabled an elaborate name resolution sequence +is followed the precise nature of which isdependant on what the NetBIOS +Node Type parameter is configured to. A Node Type of 0 means use +NetBIOS broadcast (over UDP broadcast) is first used if the name +that is the subject of a name lookup is not found in the NetBIOS name +cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to +Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the +WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast +lookup is used.

WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the +rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores +the names and IP addresses that are registered by a Windows client +if the TCP/IP setup has been given at least one WINS Server IP Address.

To configure Samba to be a WINS server the following parameter needs +to be added to the smb.conf file:

	wins support = Yes

To configure Samba to use a WINS server the following parameters are +needed in the smb.conf file:

	wins support = No
+	wins server = xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address +of the WINS server.

How browsing functions and how to deploy stable and +dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names +(ie: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc.

In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter).

Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks.

During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser.

Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses.

Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services.

Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, /etc/hosts, +and so on.

MS Windows security options and how to configure +Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a +challenege/response authentication model (a.k.a. NTLMv1) or +alone, or clear text strings for simple password based +authentication. It should be realized that with the SMB +protocol the password is passed over the network either +in plain text or encrypted, but not both in the same +authentication requets.

When encrypted passwords are used a password that has been +entered by the user is encrypted in two ways:

  • An MD4 hash of the UNICODE of the password + string. This is known as the NT hash. +

  • The password is converted to upper case, + and then padded or trucated to 14 bytes. This string is + then appended with 5 bytes of NULL characters and split to + form two 56 bit DES keys to encrypt a "magic" 8 byte value. + The resulting 16 bytes for the LanMan hash. +

You should refer to the Password Encryption chapter in this HOWTO collection +for more details on the inner workings

MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x +and version 4.0 pre-service pack 3 will use either mode of +password authentication. All versions of MS Windows that follow +these versions no longer support plain text passwords by default.

MS Windows clients have a habit of dropping network mappings that +have been idle for 10 minutes or longer. When the user attempts to +use the mapped drive connection that has been dropped the SMB protocol +has a mechanism by which the connection can be re-established using +a cached copy of the password.

When Microsoft changed the default password mode, they dropped support for +caching of the plain text password. This means that when the registry +parameter is changed to re-enable use of plain text passwords it appears to +work, but when a dropped mapping attempts to revalidate it will fail if +the remote authentication server does not support encrypted passwords. +This means that it is definitely not a good idea to re-enable plain text +password support in such clients.

The following parameters can be used to work around the +issue of Windows 9x client upper casing usernames and +password before transmitting them to the SMB server +when using clear text authentication.

	passsword level = integer
+	username level = integer

By default Samba will lower case the username before attempting +to lookup the user in the database of local system accounts. +Because UNIX usernames conventionally only contain lower case +character, the username level parameter +is rarely even needed.

However, password on UNIX systems often make use of mixed case +characters. This means that in order for a user on a Windows 9x +client to connect to a Samba server using clear text authentication, +the password level must be set to the maximum +number of upper case letter which could appear +is a password. Note that is the server OS uses the traditional +DES version of crypt(), then a password level +of 8 will result in case insensitive passwords as seen from Windows +users. This will also result in longer login times as Samba +hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail).

The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords:

Use MS Windows NT as an authentication server

This method involves the additions of the following parameters +in the smb.conf file:

	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"

There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code.

The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts.

Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients.

Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *

The use of the "*" argument to "password server" will cause samba +to locate the domain controller in a way analogous to the way +this is done within MS Windows NT.

In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows:

  • On the MS Windows NT domain controller using + the Server Manager add a machine account for the Samba server. +

  • Next, on the Linux system execute: + smbpasswd -r PDC_NAME -j DOMAIN_NAME +

Use of this mode of authentication does require there to be +a standard Unix account for the user in order to assign +a uid once the account has been authenticated by the remote +Windows DC. This account can be blocked to prevent logons by +other than MS Windows clients by things such as setting an invalid +shell in the /etc/passwd entry.

An alternative to assigning UIDs to Windows users on a +Samba member server is presented in the Winbind Overview chapter in +this HOWTO collection.

Configure Samba as an authentication server

This mode of authentication demands that there be on the +Unix/Linux system both a Unix style account as well as and +smbpasswd entry for the user. The Unix system account can be +locked if required as only the encrypted password will be +used for SMB client authentication.

This method involves addition of the following parameters to +the smb.conf file:

## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes

in order for this method to work a Unix system account needs +to be created for each user, as well as for each MS Windows NT/2000 +machine. The following structure is required.

Users

A user account that may provide a home directory should be +created. The following Linux system commands are typical of +the procedure for creating an account.

	# useradd -s /bin/bash -d /home/"userid" -m "userid"
+	# passwd "userid"
+	  Enter Password: <pw>
+	  
+	# smbpasswd -a "userid"
+	  Enter Password: <pw>

MS Windows NT Machine Accounts

These are required only when Samba is used as a domain +controller. Refer to the Samba-PDC-HOWTO for more details.

	# useradd -s /bin/false -d /dev/null "machine_name"\$
+	# passwd -l "machine_name"\$
+	# smbpasswd -a -m "machine_name"

Conclusions

Samba provides a flexible means to operate as...

  • A Stand-alone server - No special action is needed + other than to create user accounts. Stand-alone servers do NOT + provide network logon services, meaning that machines that use this + server do NOT perform a domain logon but instead make use only of + the MS Windows logon which is local to the MS Windows + workstation/server. +

  • An MS Windows NT 3.x/4.0 security domain member. +

  • An alternative to an MS Windows NT 3.x/4.0 + Domain Controller. +

\ No newline at end of file diff --git a/docs/htmldocs/NT_Security.html b/docs/htmldocs/NT_Security.html new file mode 100644 index 00000000000..ab8797563e3 --- /dev/null +++ b/docs/htmldocs/NT_Security.html @@ -0,0 +1,783 @@ +UNIX Permission Bits and Windows NT Access Control Lists

Viewing and changing UNIX permissions using the NT + security dialogs

New in the Samba 2.0.4 release is the ability for Windows + NT clients to use their native security settings dialog box to + view and modify the underlying UNIX permissions.

Note that this ability is careful not to compromise + the security of the UNIX host Samba is running on, and + still obeys all the file permission rules that a Samba + administrator can set.

In Samba 2.0.4 and above the default value of the + parameter nt acl support has been changed from + false to true, so + manipulation of permissions is turned on by default.

How to view file security on a Samba share

From an NT 4.0 client, single-click with the right + mouse button on any file or directory in a Samba mounted + drive letter or UNC path. When the menu pops-up, click + on the Properties entry at the bottom of + the menu. This brings up the normal file properties dialog + box, but with Samba 2.0.4 this will have a new tab along the top + marked Security. Click on this tab and you + will see three buttons, Permissions, + Auditing, and Ownership. + The Auditing button will cause either + an error message A requested privilege is not held + by the client to appear if the user is not the + NT Administrator, or a dialog which is intended to allow an + Administrator to add auditing requirements to a file if the + user is logged on as the NT Administrator. This dialog is + non-functional with a Samba share at this time, as the only + useful button, the Add button will not currently + allow a list of users to be seen.

Viewing file ownership

Clicking on the "Ownership" button + brings up a dialog box telling you who owns the given file. The + owner name will be of the form :

"SERVER\user (Long name)"

Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). Click on the Close + button to remove this dialog.

If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone".

The Take Ownership button will not allow + you to change the ownership of this file to yourself (clicking on + it will display a dialog box complaining that the user you are + currently logged onto the NT client cannot be found). The reason + for this is that changing the ownership of a file is a privileged + operation in UNIX, available only to the root + user. As clicking on this button causes NT to attempt to change + the ownership of a file to the current user logged into the NT + client this will not work with Samba at this time.

There is an NT chown command that will work with Samba + and allow a user with Administrator privilege connected + to a Samba 2.0.4 server as root to change the ownership of + files on both a local NTFS filesystem or remote mounted NTFS + or Samba drive. This is available as part of the Seclib + NT security library written by Jeremy Allison of + the Samba Team, available from the main Samba ftp site.

Viewing file or directory permissions

The third button is the "Permissions" + button. Clicking on this brings up a dialog box that shows both + the permissions and the UNIX owner of the file or directory. + The owner is displayed in the form :

"SERVER\user (Long name)"

Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database).

If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone" and the + permissions will be shown as NT "Full Control".

The permissions field is displayed differently for files + and directories, so I'll describe the way file permissions + are displayed first.

File Permissions

The standard UNIX user/group/world triple and + the corresponding "read", "write", "execute" permissions + triples are mapped by Samba into a three element NT ACL + with the 'r', 'w', and 'x' bits mapped into the corresponding + NT permissions. The UNIX world permissions are mapped into + the global NT group Everyone, followed + by the list of permissions allowed for UNIX world. The UNIX + owner and group permissions are displayed as an NT + user icon and an NT local + group icon respectively followed by the list + of permissions allowed for the UNIX user and group.

As many UNIX permission sets don't map into common + NT names such as "read", "change" or "full control" then + usually the permissions will be prefixed by the words "Special Access" in the NT display list.

But what happens if the file has no permissions allowed + for a particular UNIX user group or world component ? In order + to allow "no permissions" to be seen and modified then Samba + overloads the NT "Take Ownership" ACL attribute + (which has no meaning in UNIX) and reports a component with + no permissions as having the NT "O" bit set. + This was chosen of course to make it look like a zero, meaning + zero permissions. More details on the decision behind this will + be given below.

Directory Permissions

Directories on an NT NTFS file system have two + different sets of permissions. The first set of permissions + is the ACL set on the directory itself, this is usually displayed + in the first set of parentheses in the normal "RW" + NT style. This first set of permissions is created by Samba in + exactly the same way as normal file permissions are, described + above, and is displayed in the same way.

The second set of directory permissions has no real meaning + in the UNIX permissions world and represents the "inherited" permissions that any file created within + this directory would inherit.

Samba synthesises these inherited permissions for NT by + returning as an NT ACL the UNIX permission mode that a new file + created by Samba on this share would receive.

Modifying file or directory permissions

Modifying file and directory permissions is as simple + as changing the displayed permissions in the dialog box, and + clicking the OK button. However, there are + limitations that a user needs to be aware of, and also interactions + with the standard Samba permission masks and mapping of DOS + attributes that need to also be taken into account.

If the parameter nt acl support + is set to false then any attempt to set + security permissions will fail with an "Access Denied" + message.

The first thing to note is that the "Add" + button will not return a list of users in Samba 2.0.4 (it will give + an error message of "The remote procedure call failed + and did not execute"). This means that you can only + manipulate the current user/group/world permissions listed in + the dialog box. This actually works quite well as these are the + only permissions that UNIX actually has.

If a permission triple (either user, group, or world) + is removed from the list of permissions in the NT dialog box, + then when the "OK" button is pressed it will + be applied as "no permissions" on the UNIX side. If you then + view the permissions again the "no permissions" entry will appear + as the NT "O" flag, as described above. This + allows you to add permissions back to a file or directory once + you have removed them from a triple component.

As UNIX supports only the "r", "w" and "x" bits of + an NT ACL then if other NT security attributes such as "Delete + access" are selected then they will be ignored when applied on + the Samba server.

When setting permissions on a directory the second + set of permissions (in the second set of parentheses) is + by default applied to all files within that directory. If this + is not what you want you must uncheck the "Replace + permissions on existing files" checkbox in the NT + dialog before clicking "OK".

If you wish to remove all permissions from a + user/group/world component then you may either highlight the + component and click the "Remove" button, + or set the component to only have the special "Take + Ownership" permission (displayed as "O" + ) highlighted.

Interaction with the standard Samba create mask + parameters

Note that with Samba 2.0.5 there are four new parameters + to control this interaction. These are :

security mask

force security mode

directory security mask

force directory security mode

Once a user clicks "OK" to apply the + permissions Samba maps the given permissions into a user/group/world + r/w/x triple set, and then will check the changed permissions for a + file against the bits set in the + security mask parameter. Any bits that + were changed that are not set to '1' in this parameter are left alone + in the file permissions.

Essentially, zero bits in the security mask + mask may be treated as a set of bits the user is not + allowed to change, and one bits are those the user is allowed to change. +

If not set explicitly this parameter is set to the same value as + the create mask + parameter to provide compatibility with Samba 2.0.4 + where this permission change facility was introduced. To allow a user to + modify all the user/group/world permissions on a file, set this parameter + to 0777.

Next Samba checks the changed permissions for a file against + the bits set in the force security mode parameter. Any bits + that were changed that correspond to bits set to '1' in this parameter + are forced to be set.

Essentially, bits set in the force security mode + parameter may be treated as a set of bits that, when + modifying security on a file, the user has always set to be 'on'.

If not set explicitly this parameter is set to the same value + as the force + create mode parameter to provide compatibility + with Samba 2.0.4 where the permission change facility was introduced. + To allow a user to modify all the user/group/world permissions on a file + with no restrictions set this parameter to 000.

The security mask and force + security mode parameters are applied to the change + request in that order.

For a directory Samba will perform the same operations as + described above for a file except using the parameter directory security mask instead of security + mask, and force directory security mode + parameter instead of force security mode + .

The directory security mask parameter + by default is set to the same value as the directory mask + parameter and the force directory security + mode parameter by default is set to the same value as + the force directory mode parameter to provide + compatibility with Samba 2.0.4 where the permission change facility + was introduced.

In this way Samba enforces the permission restrictions that + an administrator can set on a Samba share, whilst still allowing users + to modify the permission bits within that restriction.

If you want to set up a share that allows users full control + in modifying the permission bits on their files and directories and + doesn't force any particular bits to be set 'on', then set the following + parameters in the smb.conf(5) + file in that share specific section :

security mask = 0777

force security mode = 0

directory security mask = 0777

force directory security mode = 0

As described, in Samba 2.0.4 the parameters :

create mask

force create mode

directory mask

force directory mode

were used instead of the parameters discussed here.

Interaction with the standard Samba file attribute + mapping

Samba maps some of the DOS attribute bits (such as "read + only") into the UNIX permissions of a file. This means there can + be a conflict between the permission bits set via the security + dialog and the permission bits set by the file attribute mapping. +

One way this can show up is if a file has no UNIX read access + for the owner it will show up as "read only" in the standard + file attributes tabbed dialog. Unfortunately this dialog is + the same one that contains the security info in another tab.

What this can mean is that if the owner changes the permissions + to allow themselves read access using the security dialog, clicks + "OK" to get back to the standard attributes tab + dialog, and then clicks "OK" on that dialog, then + NT will set the file permissions back to read-only (as that is what + the attributes still say in the dialog). This means that after setting + permissions and clicking "OK" to get back to the + attributes dialog you should always hit "Cancel" + rather than "OK" to ensure that your changes + are not overridden.

\ No newline at end of file diff --git a/docs/htmldocs/OS2-Client-HOWTO.html b/docs/htmldocs/OS2-Client-HOWTO.html new file mode 100644 index 00000000000..90f62306e82 --- /dev/null +++ b/docs/htmldocs/OS2-Client-HOWTO.html @@ -0,0 +1,210 @@ +OS2 Client HOWTO

FAQs

How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?

A more complete answer to this question can be + found on http://carol.wins.uva.nl/~leeuw/samba/warp.html.

Basically, you need three components:

  • The File and Print Client ('IBM Peer') +

  • TCP/IP ('Internet support') +

  • The "NetBIOS over TCP/IP" driver ('TCPBEUI') +

Installing the first two together with the base operating + system on a blank system is explained in the Warp manual. If Warp + has already been installed, but you now want to install the + networking support, use the "Selective Install for Networking" + object in the "System Setup" folder.

Adding the "NetBIOS over TCP/IP" driver is not described + in the manual and just barely in the online documentation. Start + MPTS.EXE, click on OK, click on "Configure LAPS" and click + on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line + is then moved to 'Current Configuration'. Select that line, + click on "Change number" and increase it from 0 to 1. Save this + configuration.

If the Samba server(s) is not on your local subnet, you + can optionally add IP names and addresses of these servers + to the "Names List", or specify a WINS server ('NetBIOS + Nameserver' in IBM and RFC terminology). For Warp Connect you + may need to download an update for 'IBM Peer' to bring it on + the same level as Warp 4. See the webpage mentioned above.

How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?

You can use the free Microsoft LAN Manager 2.2c Client + for OS/2 from + ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. + See http://carol.wins.uva.nl/~leeuw/lanman.html for + more information on how to install and use this client. In + a nutshell, edit the file \OS2VER in the root directory of + the OS/2 boot partition and add the lines:

		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+

before you install the client. Also, don't use the + included NE2000 driver because it is buggy. Try the NE2000 + or NS2000 driver from + ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. +

Are there any other issues when OS/2 (any version) + is used as a client?

When you do a NET VIEW or use the "File and Print + Client Resource Browser", no Samba servers show up. This can + be fixed by a patch from http://carol.wins.uva.nl/~leeuw/samba/fix.html. + The patch will be included in a later version of Samba. It also + fixes a couple of other problems, such as preserving long + filenames when objects are dragged from the Workplace Shell + to the Samba server.

How do I get printer driver download working + for OS/2 clients?

First, create a share called [PRINTDRV] that is + world-readable. Copy your OS/2 driver files there. Note + that the .EA_ files must still be separate, so you will need + to use the original install files, and not copy an installed + driver from an OS/2 system.

Install the NT driver first for that printer. Then, + add to your smb.conf a parameter, "os2 driver map = + filename". Then, in the file + specified by filename, map the + name of the NT driver name to the OS/2 driver name as + follows:

<nt driver name> = <os2 driver + name>.<device name>, e.g.: + HP LaserJet 5L = LASERJET.HP LaserJet 5L

You can have multiple drivers mapped in this file.

If you only specify the OS/2 driver name, and not the + device name, the first attempt to download the driver will + actually download the files, but the OS/2 client will tell + you the driver is not available. On the second attempt, it + will work. This is fixed simply by adding the device name + to the mapping, after which it will work on the first attempt. +

\ No newline at end of file diff --git a/docs/htmldocs/PAM-Authentication-And-Samba.html b/docs/htmldocs/PAM-Authentication-And-Samba.html new file mode 100644 index 00000000000..6dc815b87bf --- /dev/null +++ b/docs/htmldocs/PAM-Authentication-And-Samba.html @@ -0,0 +1,318 @@ +Configuring PAM for distributed but centrally +managed authentication

Samba and PAM

A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc.

PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d.

The following is an example /etc/pam.d/login configuration file. +This example had all options been uncommented is probably not usable +as it stacks many conditions before allowing successful completion +of the login process. Essentially all conditions can be disabled +by commenting them out except the calls to pam_pwdb.so.

#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5

PAM allows use of replacable modules. Those available on a +sample system include:

$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so

The following example for the login program replaces the use of +the pam_pwdb.so module which uses the system +password database (/etc/passwd, +/etc/shadow, /etc/group) with +the module pam_smbpass.so which uses the Samba +database which contains the Microsoft MD4 encrypted password +hashes. This database is stored in either +/usr/local/samba/private/smbpasswd, +/etc/samba/smbpasswd, or in +/etc/samba.d/smbpasswd, depending on the +Samba implementation for your Unix/Linux system. The +pam_smbpass.so module is provided by +Samba version 2.2.1 or later. It can be compiled by specifying the +--with-pam_smbpass options when running Samba's +configure script. For more information +on the pam_smbpass module, see the documentation +in the source/pam_smbpass directory of the Samba +source distribution.

#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay

The following is the PAM configuration file for a particular +Linux system. The default condition uses pam_pwdb.so.

#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5

In the following example the decision has been made to use the +smbpasswd database even for basic samba authentication. Such a +decision could also be made for the passwd program and would +thus allow the smbpasswd passwords to be changed using the passwd +program.

#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf

Note: PAM allows stacking of authentication mechanisms. It is +also possible to pass information obtained within on PAM module through +to the next module in the PAM stack. Please refer to the documentation for +your particular system implementation for details regarding the specific +capabilities of PAM in this environment. Some Linux implmentations also +provide the pam_stack.so module that allows all +authentication to be configured in a single central file. The +pam_stack.so method has some very devoted followers +on the basis that it allows for easier administration. As with all issues in +life though, every decision makes trade-offs, so you may want examine the +PAM documentation for further helpful information.

Distributed Authentication

The astute administrator will realize from this that the +combination of pam_smbpass.so, +winbindd, and rsync (see +http://rsync.samba.org/) +will allow the establishment of a centrally managed, distributed +user/password database that can also be used by all +PAM (eg: Linux) aware programs and applications. This arrangement +can have particularly potent advantages compared with the +use of Microsoft Active Directory Service (ADS) in so far as +reduction of wide area network authentication traffic.

PAM Configuration in smb.conf

There is an option in smb.conf called obey pam restrictions. +The following is from the on-line help for this option in SWAT;

When Samba 2.2 is configure to enable PAM support (i.e. +--with-pam), this parameter will +control whether or not Samba should obey PAM's account +and session management directives. The default behavior +is to use PAM for clear text authentication only and to +ignore any account or session management. Note that Samba always +ignores PAM for authentication in the case of +encrypt passwords = yes. +The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB +password encryption.

Default: obey pam restrictions = no

\ No newline at end of file diff --git a/docs/htmldocs/Samba-BDC-HOWTO.html b/docs/htmldocs/Samba-BDC-HOWTO.html new file mode 100644 index 00000000000..fd83c4e09a3 --- /dev/null +++ b/docs/htmldocs/Samba-BDC-HOWTO.html @@ -0,0 +1,245 @@ +How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

Prerequisite Reading

Before you continue reading in this chapter, please make sure +that you are comfortable with configuring a Samba PDC +as described in the Samba-PDC-HOWTO.

Background

What is a Domain Controller? It is a machine that is able to answer +logon requests from workstations in a Windows NT Domain. Whenever a +user logs into a Windows NT Workstation, the workstation connects to a +Domain Controller and asks him whether the username and password the +user typed in is correct. The Domain Controller replies with a lot of +information about the user, for example the place where the users +profile is stored, the users full name of the user. All this +information is stored in the NT user database, the so-called SAM.

There are two kinds of Domain Controller in a NT 4 compatible Domain: +A Primary Domain Controller (PDC) and one or more Backup Domain +Controllers (BDC). The PDC contains the master copy of the +SAM. Whenever the SAM has to change, for example when a user changes +his password, this change has to be done on the PDC. A Backup Domain +Controller is a machine that maintains a read-only copy of the +SAM. This way it is able to reply to logon requests and authenticate +users in case the PDC is not available. During this time no changes to +the SAM are possible. Whenever changes to the SAM are done on the PDC, +all BDC receive the changes from the PDC.

Since version 2.2 Samba officially supports domain logons for all +current Windows Clients, including Windows 2000 and XP. This text +assumes the domain to be named SAMBA. To be able to act as a PDC, some +parameters in the [global]-section of the smb.conf have to be set:

workgroup = SAMBA
+domain master = yes
+domain logons = yes

Several other things like a [homes] and a [netlogon] share also may be +set along with settings for the profile path, the users home drive and +others. This will not be covered in this document.

What qualifies a Domain Controller on the network?

Every machine that is a Domain Controller for the domain SAMBA has to +register the NetBIOS group name SAMBA#1c with the WINS server and/or +by broadcast on the local network. The PDC also registers the unique +NetBIOS name SAMBA#1b with the WINS server. The name type #1b is +normally reserved for the domain master browser, a role that has +nothing to do with anything related to authentication, but the +Microsoft Domain implementation requires the domain master browser to +be on the same machine as the PDC.

How does a Workstation find its domain controller?

A NT workstation in the domain SAMBA that wants a local user to be +authenticated has to find the domain controller for SAMBA. It does +this by doing a NetBIOS name query for the group name SAMBA#1c. It +assumes that each of the machines it gets back from the queries is a +domain controller and can answer logon requests. To not open security +holes both the workstation and the selected (TODO: How is the DC +chosen) domain controller authenticate each other. After that the +workstation sends the user's credentials (his name and password) to +the domain controller, asking for approval.

When is the PDC needed?

Whenever a user wants to change his password, this has to be done on +the PDC. To find the PDC, the workstation does a NetBIOS name query +for SAMBA#1b, assuming this machine maintains the master copy of the +SAM. The workstation contacts the PDC, both mutually authenticate and +the password change is done.

Can Samba be a Backup Domain Controller?

With version 2.2, no. The native NT SAM replication protocols have +not yet been fully implemented. The Samba Team is working on +understanding and implementing the protocols, but this work has not +been finished for version 2.2.

Can I get the benefits of a BDC with Samba? Yes. The main reason for +implementing a BDC is availability. If the PDC is a Samba machine, +a second Samba machine can be set up to +service logon requests whenever the PDC is down.

How do I set up a Samba BDC?

Several things have to be done:

  • The file private/MACHINE.SID identifies the domain. When a samba +server is first started, it is created on the fly and must never be +changed again. This file has to be the same on the PDC and the BDC, +so the MACHINE.SID has to be copied from the PDC to the BDC.

  • The Unix user database has to be synchronized from the PDC to the +BDC. This means that both the /etc/passwd and /etc/group have to be +replicated from the PDC to the BDC. This can be done manually +whenever changes are made, or the PDC is set up as a NIS master +server and the BDC as a NIS slave server. To set up the BDC as a +mere NIS client would not be enough, as the BDC would not be able to +access its user database in case of a PDC failure.

  • The Samba password database in the file private/smbpasswd has to be +replicated from the PDC to the BDC. This is a bit tricky, see the +next section.

  • Any netlogon share has to be replicated from the PDC to the +BDC. This can be done manually whenever login scripts are changed, +or it can be done automatically together with the smbpasswd +synchronization.

Finally, the BDC has to be found by the workstations. This can be done +by setting

workgroup = samba
+domain master = no
+domain logons = yes

in the [global]-section of the smb.conf of the BDC. This makes the BDC +only register the name SAMBA#1c with the WINS server. This is no +problem as the name SAMBA#1c is a NetBIOS group name that is meant to +be registered by more than one machine. The parameter 'domain master = +no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS +name is reserved for the Primary Domain Controller.

How do I replicate the smbpasswd file?

Replication of the smbpasswd file is sensitive. It has to be done +whenever changes to the SAM are made. Every user's password change is +done in the smbpasswd file and has to be replicated to the BDC. So +replicating the smbpasswd file very often is necessary.

As the smbpasswd file contains plain text password equivalents, it +must not be sent unencrypted over the wire. The best way to set up +smbpasswd replication from the PDC to the BDC is to use the utility +rsync. rsync can use ssh as a transport. ssh itself can be set up to +accept *only* rsync transfer without requiring the user to type a +password.

\ No newline at end of file diff --git a/docs/htmldocs/Samba-HOWTO-Collection.html b/docs/htmldocs/Samba-HOWTO-Collection.html new file mode 100644 index 00000000000..5b44d17968d --- /dev/null +++ b/docs/htmldocs/Samba-HOWTO-Collection.html @@ -0,0 +1,10925 @@ +SAMBA Project Documentation

Abstract

Last Update : Mon Apr 1 08:47:26 CST 2002

This book is a collection of HOWTOs added to Samba documentation over the years. +I try to ensure that all are current, but sometimes the is a larger job +than one person can maintain. The most recent version of this document +can be found at http://www.samba.org/ +on the "Documentation" page. Please send updates to jerry@samba.org.

This documentation is distributed under the GNU General Public License (GPL) +version 2. A copy of the license is included with the Samba source +distribution. A copy can be found on-line at http://www.fsf.org/licenses/gpl.txt

Cheers, jerry

Table of Contents
1. How to Install and Test SAMBA
1.1. Step 0: Read the man pages
1.2. Step 1: Building the Binaries
1.3. Step 2: The all important step
1.4. Step 3: Create the smb configuration file.
1.5. Step 4: Test your config file with + testparm
1.6. Step 5: Starting the smbd and nmbd
1.6.1. Step 5a: Starting from inetd.conf
1.6.2. Step 5b. Alternative: starting it as a daemon
1.7. Step 6: Try listing the shares available on your + server
1.8. Step 7: Try connecting with the unix client
1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client
1.10. What If Things Don't Work?
1.10.1. Diagnosing Problems
1.10.2. Scope IDs
1.10.3. Choosing the Protocol Level
1.10.4. Printing from UNIX to a Client PC
1.10.5. Locking
1.10.6. Mapping Usernames
1.10.7. Other Character Sets
2. Integrating MS Windows networks with Samba
2.1. Agenda
2.2. Name Resolution in a pure Unix/Linux world
2.2.1. /etc/hosts
2.2.2. /etc/resolv.conf
2.2.3. /etc/host.conf
2.2.4. /etc/nsswitch.conf
2.3. Name resolution as used within MS Windows networking
2.3.1. The NetBIOS Name Cache
2.3.2. The LMHOSTS file
2.3.3. HOSTS file
2.3.4. DNS Lookup
2.3.5. WINS Lookup
2.4. How browsing functions and how to deploy stable and +dependable browsing using Samba
2.5. MS Windows security options and how to configure +Samba for seemless integration
2.5.1. Use MS Windows NT as an authentication server
2.5.2. Make Samba a member of an MS Windows NT security domain
2.5.3. Configure Samba as an authentication server
2.5.3.1. Users
2.5.3.2. MS Windows NT Machine Accounts
2.6. Conclusions
3. Configuring PAM for distributed but centrally +managed authentication
3.1. Samba and PAM
3.2. Distributed Authentication
3.3. PAM Configuration in smb.conf
4. Hosting a Microsoft Distributed File System tree on Samba
4.1. Instructions
4.1.1. Notes
5. UNIX Permission Bits and Windows NT Access Control Lists
5.1. Viewing and changing UNIX permissions using the NT + security dialogs
5.2. How to view file security on a Samba share
5.3. Viewing file ownership
5.4. Viewing file or directory permissions
5.4.1. File Permissions
5.4.2. Directory Permissions
5.5. Modifying file or directory permissions
5.6. Interaction with the standard Samba create mask + parameters
5.7. Interaction with the standard Samba file attribute + mapping
6. Printing Support in Samba 2.2.x
6.1. Introduction
6.2. Configuration
6.2.1. Creating [print$]
6.2.2. Setting Drivers for Existing Printers
6.2.3. Support a large number of printers
6.2.4. Adding New Printers via the Windows NT APW
6.2.5. Samba and Printer Ports
6.3. The Imprints Toolset
6.3.1. What is Imprints?
6.3.2. Creating Printer Driver Packages
6.3.3. The Imprints server
6.3.4. The Installation Client
6.4. Migration to from Samba 2.0.x to 2.2.x
7. security = domain in Samba 2.x
7.1. Joining an NT Domain with Samba 2.2
7.2. Samba and Windows 2000 Domains
7.3. Why is this better than security = server?
8. How to Configure Samba 2.2 as a Primary Domain Controller
8.1. Prerequisite Reading
8.2. Background
8.3. Configuring the Samba Domain Controller
8.4. Creating Machine Trust Accounts and Joining Clients to the +Domain
8.4.1. Manual Creation of Machine Trust Accounts
8.4.2. "On-the-Fly" Creation of Machine Trust Accounts
8.4.3. Joining the Client to the Domain
8.5. Common Problems and Errors
8.6. System Policies and Profiles
8.7. What other help can I get?
8.8. Domain Control for Windows 9x/ME
8.8.1. Configuration Instructions: Network Logons
8.8.2. Configuration Instructions: Setting up Roaming User Profiles
8.8.2.1. Windows NT Configuration
8.8.2.2. Windows 9X Configuration
8.8.2.3. Win9X and WinNT Configuration
8.8.2.4. Windows 9X Profile Setup
8.8.2.5. Windows NT Workstation 4.0
8.8.2.6. Windows NT Server
8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0
8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba
9. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain
9.1. Prerequisite Reading
9.2. Background
9.3. What qualifies a Domain Controller on the network?
9.3.1. How does a Workstation find its domain controller?
9.3.2. When is the PDC needed?
9.4. Can Samba be a Backup Domain Controller?
9.5. How do I set up a Samba BDC?
9.5.1. How do I replicate the smbpasswd file?
10. Storing Samba's User/Machine Account information in an LDAP Directory
10.1. Purpose
10.2. Introduction
10.3. Supported LDAP Servers
10.4. Schema and Relationship to the RFC 2307 posixAccount
10.5. Configuring Samba with LDAP
10.5.1. OpenLDAP configuration
10.5.2. Configuring Samba
10.6. Accounts and Groups management
10.7. Security and sambaAccount
10.8. LDAP specials attributes for sambaAccounts
10.9. Example LDIF Entries for a sambaAccount
10.10. Comments
11. Unified Logons between Windows NT and UNIX using Winbind
11.1. Abstract
11.2. Introduction
11.3. What Winbind Provides
11.3.1. Target Uses
11.4. How Winbind Works
11.4.1. Microsoft Remote Procedure Calls
11.4.2. Name Service Switch
11.4.3. Pluggable Authentication Modules
11.4.4. User and Group ID Allocation
11.4.5. Result Caching
11.5. Installation and Configuration
11.5.1. Introduction
11.5.2. Requirements
11.5.3. Testing Things Out
11.5.3.1. Configure and compile SAMBA
11.5.3.2. Configure nsswitch.conf and the +winbind libraries
11.5.3.3. Configure smb.conf
11.5.3.4. Join the SAMBA server to the PDC domain
11.5.3.5. Start up the winbindd daemon and test it!
11.5.3.6. Fix the /etc/rc.d/init.d/smb startup files
11.5.3.7. Configure Winbind and PAM
11.6. Limitations
11.7. Conclusion
12. OS2 Client HOWTO
12.1. FAQs
12.1.1. How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?
12.1.2. How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?
12.1.3. Are there any other issues when OS/2 (any version) + is used as a client?
12.1.4. How do I get printer driver download working + for OS/2 clients?
13. HOWTO Access Samba source code via CVS
13.1. Introduction
13.2. CVS Access to samba.org
13.2.1. Access via CVSweb
13.2.2. Access via cvs
Index

Chapter 1. How to Install and Test SAMBA

1.1. Step 0: Read the man pages

The man pages distributed with SAMBA contain + lots of useful info that will help to get you started. + If you don't know how to read man pages then try + something like:

$ nroff -man smbd.8 | more +

Other sources of information are pointed to + by the Samba web site, http://www.samba.org

1.2. Step 1: Building the Binaries

To do this, first run the program ./configure + in the source directory. This should automatically + configure Samba for your operating system. If you have unusual + needs then you may wish to run

root# ./configure --help +

first to see what special options you can enable. + Then executing

root# make

will create the binaries. Once it's successfully + compiled you can use

root# make install

to install the binaries and manual pages. You can + separately install the binaries and/or man pages using

root# make installbin +

and

root# make installman +

Note that if you are upgrading for a previous version + of Samba you might like to know that the old versions of + the binaries will be renamed with a ".old" extension. You + can go back to the previous version with

root# make revert +

if you find this version a disaster!

1.3. Step 2: The all important step

At this stage you must fetch yourself a + coffee or other drink you find stimulating. Getting the rest + of the install right can sometimes be tricky, so you will + probably need it.

If you have installed samba before then you can skip + this step.

1.4. Step 3: Create the smb configuration file.

There are sample configuration files in the examples + subdirectory in the distribution. I suggest you read them + carefully so you can see how the options go together in + practice. See the man page for all the options.

The simplest useful configuration file would be + something like this:

	[global]
+	   workgroup = MYGROUP
+
+	   [homes]
+	      guest ok = no
+	      read only = no
+

which would allow connections by anyone with an + account on the server, using either their login name or + "homes" as the service name. (Note that I also set the + workgroup that Samba is part of. See BROWSING.txt for details)

Note that make install will not install + a smb.conf file. You need to create it + yourself.

Make sure you put the smb.conf file in the same place + you specified in theMakefile (the default is to + look for it in /usr/local/samba/lib/).

For more information about security settings for the + [homes] share please refer to the document UNIX_SECURITY.txt.

1.5. Step 4: Test your config file with + testparm

It's important that you test the validity of your + smb.conf file using the testparm program. + If testparm runs OK then it will list the loaded services. If + not it will give an error message.

Make sure it runs OK and that the services look + reasonable before proceeding.

1.6. Step 5: Starting the smbd and nmbd

You must choose to start smbd and nmbd either + as daemons or from inetd. Don't try + to do both! Either you can put them in inetd.conf and have them started on demand + by inetd, or you can start them as + daemons either from the command line or in /etc/rc.local. See the man pages for details + on the command line options. Take particular care to read + the bit about what user you need to be in order to start + Samba. In many cases you must be root.

The main advantage of starting smbd + and nmbd using the recommended daemon method + is that they will respond slightly more quickly to an initial connection + request.

1.6.1. Step 5a: Starting from inetd.conf

NOTE; The following will be different if + you use NIS or NIS+ to distributed services maps.

Look at your /etc/services. + What is defined at port 139/tcp. If nothing is defined + then add a line like this:

netbios-ssn 139/tcp

similarly for 137/udp you should have an entry like:

netbios-ns 137/udp

Next edit your /etc/inetd.conf + and add two lines something like this:

		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
+

The exact syntax of /etc/inetd.conf + varies between unixes. Look at the other entries in inetd.conf + for a guide.

NOTE: Some unixes already have entries like netbios_ns + (note the underscore) in /etc/services. + You must either edit /etc/services or + /etc/inetd.conf to make them consistent.

NOTE: On many systems you may need to use the + "interfaces" option in smb.conf to specify the IP address + and netmask of your interfaces. Run ifconfig + as root if you don't know what the broadcast is for your + net. nmbd tries to determine it at run + time, but fails on some unixes. See the section on "testing nmbd" + for a method of finding if you need to do this.

!!!WARNING!!! Many unixes only accept around 5 + parameters on the command line in inetd.conf. + This means you shouldn't use spaces between the options and + arguments, or you should use a script, and start the script + from inetd.

Restart inetd, perhaps just send + it a HUP. If you have installed an earlier version of nmbd then you may need to kill nmbd as well.

1.6.2. Step 5b. Alternative: starting it as a daemon

To start the server as a daemon you should create + a script something like this one, perhaps calling + it startsmb.

		#!/bin/sh
+		/usr/local/samba/bin/smbd -D 
+		/usr/local/samba/bin/nmbd -D 
+

then make it executable with chmod + +x startsmb

You can then run startsmb by + hand or execute it from /etc/rc.local +

To kill it send a kill signal to the processes + nmbd and smbd.

NOTE: If you use the SVR4 style init system then + you may like to look at the examples/svr4-startup + script to make Samba fit into that system.

1.7. Step 6: Try listing the shares available on your + server

$ smbclient -L + yourhostname

Your should get back a list of shares available on + your server. If you don't then something is incorrectly setup. + Note that this method can also be used to see what shares + are available on other LanManager clients (such as WfWg).

If you choose user level security then you may find + that Samba requests a password before it will list the shares. + See the smbclient man page for details. (you + can force it to list the shares without a password by + adding the option -U% to the command line. This will not work + with non-Samba servers)

1.8. Step 7: Try connecting with the unix client

$ smbclient //yourhostname/aservice

Typically the yourhostname + would be the name of the host where you installed smbd. The aservice is + any service you have defined in the smb.conf + file. Try your user name if you just have a [homes] section + in smb.conf.

For example if your unix host is bambi and your login + name is fred you would type:

$ smbclient //bambi/fred +

1.9. Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client

Try mounting disks. eg:

C:\WINDOWS\> net use d: \\servername\service +

Try printing. eg:

C:\WINDOWS\> net use lpt1: + \\servername\spoolservice

C:\WINDOWS\> print filename +

Celebrate, or send me a bug report!

1.10. What If Things Don't Work?

If nothing works and you start to think "who wrote + this pile of trash" then I suggest you do step 2 again (and + again) till you calm down.

Then you might read the file DIAGNOSIS.txt and the + FAQ. If you are still stuck then try the mailing list or + newsgroup (look in the README for details). Samba has been + successfully installed at thousands of sites worldwide, so maybe + someone else has hit your problem and has overcome it. You could + also use the WWW site to scan back issues of the samba-digest.

When you fix the problem PLEASE send me some updates to the + documentation (or source code) so that the next person will find it + easier.

1.10.1. Diagnosing Problems

If you have installation problems then go to + DIAGNOSIS.txt to try to find the + problem.

1.10.2. Scope IDs

By default Samba uses a blank scope ID. This means + all your windows boxes must also have a blank scope ID. + If you really want to use a non-blank scope ID then you will + need to use the -i <scope> option to nmbd, smbd, and + smbclient. All your PCs will need to have the same setting for + this to work. I do not recommend scope IDs.

1.10.3. Choosing the Protocol Level

The SMB protocol has many dialects. Currently + Samba supports 5, called CORE, COREPLUS, LANMAN1, + LANMAN2 and NT1.

You can choose what maximum protocol to support + in the smb.conf file. The default is + NT1 and that is the best for the vast majority of sites.

In older versions of Samba you may have found it + necessary to use COREPLUS. The limitations that led to + this have mostly been fixed. It is now less likely that you + will want to use less than LANMAN1. The only remaining advantage + of COREPLUS is that for some obscure reason WfWg preserves + the case of passwords in this protocol, whereas under LANMAN1, + LANMAN2 or NT1 it uppercases all passwords before sending them, + forcing you to use the "password level=" option in some cases.

The main advantage of LANMAN2 and NT1 is support for + long filenames with some clients (eg: smbclient, Windows NT + or Win95).

See the smb.conf(5) manual page for more details.

Note: To support print queue reporting you may find + that you have to use TCP/IP as the default protocol under + WfWg. For some reason if you leave Netbeui as the default + it may break the print queue reporting on some systems. + It is presumably a WfWg bug.

1.10.4. Printing from UNIX to a Client PC

To use a printer that is available via a smb-based + server from a unix host you will need to compile the + smbclient program. You then need to install the script + "smbprint". Read the instruction in smbprint for more details. +

There is also a SYSV style script that does much + the same thing called smbprint.sysv. It contains instructions.

1.10.5. Locking

One area which sometimes causes trouble is locking.

There are two types of locking which need to be + performed by a SMB server. The first is "record locking" + which allows a client to lock a range of bytes in a open file. + The second is the "deny modes" that are specified when a file + is open.

Record locking semantics under Unix is very + different from record locking under Windows. Versions + of Samba before 2.2 have tried to use the native + fcntl() unix system call to implement proper record + locking between different Samba clients. This can not + be fully correct due to several reasons. The simplest + is the fact that a Windows client is allowed to lock a + byte range up to 2^32 or 2^64, depending on the client + OS. The unix locking only supports byte ranges up to + 2^31. So it is not possible to correctly satisfy a + lock request above 2^31. There are many more + differences, too many to be listed here.

Samba 2.2 and above implements record locking + completely independent of the underlying unix + system. If a byte range lock that the client requests + happens to fall into the range 0-2^31, Samba hands + this request down to the Unix system. All other locks + can not be seen by unix anyway.

Strictly a SMB server should check for locks before + every read and write call on a file. Unfortunately with the + way fcntl() works this can be slow and may overstress the + rpc.lockd. It is also almost always unnecessary as clients + are supposed to independently make locking calls before reads + and writes anyway if locking is important to them. By default + Samba only makes locking calls when explicitly asked + to by a client, but if you set "strict locking = yes" then it will + make lock checking calls on every read and write.

You can also disable by range locking completely + using "locking = no". This is useful for those shares that + don't support locking or don't need it (such as cdroms). In + this case Samba fakes the return codes of locking calls to + tell clients that everything is OK.

The second class of locking is the "deny modes". These + are set by an application when it opens a file to determine + what types of access should be allowed simultaneously with + its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE + or DENY_ALL. There are also special compatibility modes called + DENY_FCB and DENY_DOS.

You can disable share modes using "share modes = no". + This may be useful on a heavily loaded server as the share + modes code is very slow. See also the FAST_SHARE_MODES + option in the Makefile for a way to do full share modes + very fast using shared memory (if your OS supports it).

1.10.6. Mapping Usernames

If you have different usernames on the PCs and + the unix server then take a look at the "username map" option. + See the smb.conf man page for details.

1.10.7. Other Character Sets

If you have problems using filenames with accented + characters in them (like the German, French or Scandinavian + character sets) then I recommend you look at the "valid chars" + option in smb.conf and also take a look at the validchars + package in the examples directory.

Chapter 2. Integrating MS Windows networks with Samba

2.1. Agenda

To identify the key functional mechanisms of MS Windows networking +to enable the deployment of Samba as a means of extending and/or +replacing MS Windows NT/2000 technology.

We will examine:

  1. Name resolution in a pure Unix/Linux TCP/IP + environment +

  2. Name resolution as used within MS Windows + networking +

  3. How browsing functions and how to deploy stable + and dependable browsing using Samba +

  4. MS Windows security options and how to + configure Samba for seemless integration +

  5. Configuration of Samba as:

    1. A stand-alone server

    2. An MS Windows NT 3.x/4.0 security domain member +

    3. An alternative to an MS Windows NT 3.x/4.0 Domain Controller +

2.2. Name Resolution in a pure Unix/Linux world

The key configuration files covered in this section are:

  • /etc/hosts

  • /etc/resolv.conf

  • /etc/host.conf

  • /etc/nsswitch.conf

2.2.1. /etc/hosts

Contains a static list of IP Addresses and names. +eg:

	127.0.0.1	localhost localhost.localdomain
+	192.168.1.1	bigbox.caldera.com	bigbox	alias4box

The purpose of /etc/hosts is to provide a +name resolution mechanism so that uses do not need to remember +IP addresses.

Network packets that are sent over the physical network transport +layer communicate not via IP addresses but rather using the Media +Access Control address, or MAC address. IP Addresses are currently +32 bits in length and are typically presented as four (4) decimal +numbers that are separated by a dot (or period). eg: 168.192.1.1

MAC Addresses use 48 bits (or 6 bytes) and are typically represented +as two digit hexadecimal numbers separated by colons. eg: +40:8e:0a:12:34:56

Every network interfrace must have an MAC address. Associated with +a MAC address there may be one or more IP addresses. There is NO +relationship between an IP address and a MAC address, all such assignments +are arbitary or discretionary in nature. At the most basic level all +network communications takes place using MAC addressing. Since MAC +addresses must be globally unique, and generally remains fixed for +any particular interface, the assignment of an IP address makes sense +from a network management perspective. More than one IP address can +be assigned per MAC address. One address must be the primary IP address, +this is the address that will be returned in the ARP reply.

When a user or a process wants to communicate with another machine +the protocol implementation ensures that the "machine name" or "host +name" is resolved to an IP address in a manner that is controlled +by the TCP/IP configuration control files. The file +/etc/hosts is one such file.

When the IP address of the destination interface has been +determined a protocol called ARP/RARP isused to identify +the MAC address of the target interface. ARP stands for Address +Resolution Protocol, and is a broadcast oriented method that +uses UDP (User Datagram Protocol) to send a request to all +interfaces on the local network segment using the all 1's MAC +address. Network interfaces are programmed to respond to two +MAC addresses only; their own unique address and the address +ff:ff:ff:ff:ff:ff. The reply packet from an ARP request will +contain the MAC address and the primary IP address for each +interface.

The /etc/hosts file is foundational to all +Unix/Linux TCP/IP installations and as a minumum will contain +the localhost and local network interface IP addresses and the +primary names by which they are known within the local machine. +This file helps to prime the pump so that a basic level of name +resolution can exist before any other method of name resolution +becomes available.

2.2.2. /etc/resolv.conf

This file tells the name resolution libraries:

  • The name of the domain to which the machine + belongs +

  • The name(s) of any domains that should be + automatically searched when trying to resolve unqualified + host names to their IP address +

  • The name or IP address of available Domain + Name Servers that may be asked to perform name to address + translation lookups +

2.2.3. /etc/host.conf

/etc/host.conf is the primary means by +which the setting in /etc/resolv.conf may be affected. It is a +critical configuration file. This file controls the order by +which name resolution may procede. The typical structure is:

	order hosts,bind
+	multi on

then both addresses should be returned. Please refer to the +man page for host.conf for further details.

2.2.4. /etc/nsswitch.conf

This file controls the actual name resolution targets. The +file typically has resolver object specifications as follows:

	# /etc/nsswitch.conf
+	#
+	# Name Service Switch configuration file.
+	#
+
+	passwd:		compat
+	# Alternative entries for password authentication are:
+	# passwd:	compat files nis ldap winbind
+	shadow:		compat
+	group:		compat
+
+	hosts:		files nis dns
+	# Alternative entries for host name resolution are:
+	# hosts:	files dns nis nis+ hesoid db compat ldap wins
+	networks:	nis files dns
+
+	ethers:		nis files
+	protocols:	nis files
+	rpc:		nis files
+	services:	nis files

Of course, each of these mechanisms requires that the appropriate +facilities and/or services are correctly configured.

It should be noted that unless a network request/message must be +sent, TCP/IP networks are silent. All TCP/IP communications assumes a +principal of speaking only when necessary.

Samba version 2.2.0 will add Linux support for extensions to +the name service switch infrastructure so that linux clients will +be able to obtain resolution of MS Windows NetBIOS names to IP +Addresses. To gain this functionality Samba needs to be compiled +with appropriate arguments to the make command (ie: make +nsswitch/libnss_wins.so). The resulting library should +then be installed in the /lib directory and +the "wins" parameter needs to be added to the "hosts:" line in +the /etc/nsswitch.conf file. At this point it +will be possible to ping any MS Windows machine by it's NetBIOS +machine name, so long as that machine is within the workgroup to +which both the samba machine and the MS Windows machine belong.

2.3. Name resolution as used within MS Windows networking

MS Windows networking is predicated about the name each machine +is given. This name is known variously (and inconsistently) as +the "computer name", "machine name", "networking name", "netbios name", +"SMB name". All terms mean the same thing with the exception of +"netbios name" which can apply also to the name of the workgroup or the +domain name. The terms "workgroup" and "domain" are really just a +simply name with which the machine is associated. All NetBIOS names +are exactly 16 characters in length. The 16th character is reserved. +It is used to store a one byte value that indicates service level +information for the NetBIOS name that is registered. A NetBIOS machine +name is therefore registered for each service type that is provided by +the client/server.

The following are typical NetBIOS name/service type registrations:

	Unique NetBIOS Names:
+		MACHINENAME<00>	= Server Service is running on MACHINENAME
+		MACHINENAME<03> = Generic Machine Name (NetBIOS name)
+		MACHINENAME<20> = LanMan Server service is running on MACHINENAME
+		WORKGROUP<1b> = Domain Master Browser
+
+	Group Names:
+		WORKGROUP<03> = Generic Name registered by all members of WORKGROUP
+		WORKGROUP<1c> = Domain Controllers / Netlogon Servers
+		WORKGROUP<1d> = Local Master Browsers
+		WORKGROUP<1e> = Internet Name Resolvers

It should be noted that all NetBIOS machines register their own +names as per the above. This is in vast contrast to TCP/IP +installations where traditionally the system administrator will +determine in the /etc/hosts or in the DNS database what names +are associated with each IP address.

One further point of clarification should be noted, the /etc/hosts +file and the DNS records do not provide the NetBIOS name type information +that MS Windows clients depend on to locate the type of service that may +be needed. An example of this is what happens when an MS Windows client +wants to locate a domain logon server. It find this service and the IP +address of a server that provides it by performing a lookup (via a +NetBIOS broadcast) for enumeration of all machines that have +registered the name type *<1c>. A logon request is then sent to each +IP address that is returned in the enumerated list of IP addresses. Which +ever machine first replies then ends up providing the logon services.

The name "workgroup" or "domain" really can be confusing since these +have the added significance of indicating what is the security +architecture of the MS Windows network. The term "workgroup" indicates +that the primary nature of the network environment is that of a +peer-to-peer design. In a WORKGROUP all machines are responsible for +their own security, and generally such security is limited to use of +just a password (known as SHARE MORE security). In most situations +with peer-to-peer networking the users who control their own machines +will simply opt to have no security at all. It is possible to have +USER MODE security in a WORKGROUP environment, thus requiring use +of a user name and a matching password.

MS Windows networking is thus predetermined to use machine names +for all local and remote machine message passing. The protocol used is +called Server Message Block (SMB) and this is implemented using +the NetBIOS protocol (Network Basic Input Output System). NetBIOS can +be encapsulated using LLC (Logical Link Control) protocol - in which case +the resulting protocol is called NetBEUI (Network Basic Extended User +Interface). NetBIOS can also be run over IPX (Internetworking Packet +Exchange) protocol as used by Novell NetWare, and it can be run +over TCP/IP protocols - in which case the resulting protocol is called +NBT or NetBT, the NetBIOS over TCP/IP.

MS Windows machines use a complex array of name resolution mechanisms. +Since we are primarily concerned with TCP/IP this demonstration is +limited to this area.

2.3.1. The NetBIOS Name Cache

All MS Windows machines employ an in memory buffer in which is +stored the NetBIOS names and their IP addresses for all external +machines that that the local machine has communicated with over the +past 10-15 minutes. It is more efficient to obtain an IP address +for a machine from the local cache than it is to go through all the +configured name resolution mechanisms.

If a machine whose name is in the local name cache has been shut +down before the name had been expired and flushed from the cache, then +an attempt to exchange a message with that machine will be subject +to time-out delays. ie: It's name is in the cache, so a name resolution +lookup will succeed, but the machine can not respond. This can be +frustrating for users - but it is a characteristic of the protocol.

The MS Windows utility that allows examination of the NetBIOS +name cache is called "nbtstat". The Samba equivalent of this +is called "nmblookup".

2.3.2. The LMHOSTS file

This file is usually located in MS Windows NT 4.0 or +2000 in C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the machine name in matched pairs. The +LMHOSTS file performs NetBIOS name +to IP address mapping oriented.

It typically looks like:

	# Copyright (c) 1998 Microsoft Corp.
+	#
+	# This is a sample LMHOSTS file used by the Microsoft Wins Client (NetBIOS
+	# over TCP/IP) stack for Windows98
+	#
+	# This file contains the mappings of IP addresses to NT computernames
+	# (NetBIOS) names.  Each entry should be kept on an individual line.
+	# The IP address should be placed in the first column followed by the
+	# corresponding computername. The address and the comptername
+	# should be separated by at least one space or tab. The "#" character
+	# is generally used to denote the start of a comment (see the exceptions
+	# below).
+	#
+	# This file is compatible with Microsoft LAN Manager 2.x TCP/IP lmhosts
+	# files and offers the following extensions:
+	#
+	#      #PRE
+	#      #DOM:<domain>
+	#      #INCLUDE <filename>
+	#      #BEGIN_ALTERNATE
+	#      #END_ALTERNATE
+	#      \0xnn (non-printing character support)
+	#
+	# Following any entry in the file with the characters "#PRE" will cause
+	# the entry to be preloaded into the name cache. By default, entries are
+	# not preloaded, but are parsed only after dynamic name resolution fails.
+	#
+	# Following an entry with the "#DOM:<domain>" tag will associate the
+	# entry with the domain specified by <domain>. This affects how the
+	# browser and logon services behave in TCP/IP environments. To preload
+	# the host name associated with #DOM entry, it is necessary to also add a
+	# #PRE to the line. The <domain> is always preloaded although it will not
+	# be shown when the name cache is viewed.
+	#
+	# Specifying "#INCLUDE <filename>" will force the RFC NetBIOS (NBT)
+	# software to seek the specified <filename> and parse it as if it were
+	# local. <filename> is generally a UNC-based name, allowing a
+	# centralized lmhosts file to be maintained on a server.
+	# It is ALWAYS necessary to provide a mapping for the IP address of the
+	# server prior to the #INCLUDE. This mapping must use the #PRE directive.
+	# In addtion the share "public" in the example below must be in the
+	# LanManServer list of "NullSessionShares" in order for client machines to
+	# be able to read the lmhosts file successfully. This key is under
+	# \machine\system\currentcontrolset\services\lanmanserver\parameters\nullsessionshares
+	# in the registry. Simply add "public" to the list found there.
+	#
+	# The #BEGIN_ and #END_ALTERNATE keywords allow multiple #INCLUDE
+	# statements to be grouped together. Any single successful include
+	# will cause the group to succeed.
+	#
+	# Finally, non-printing characters can be embedded in mappings by
+	# first surrounding the NetBIOS name in quotations, then using the
+	# \0xnn notation to specify a hex value for a non-printing character.
+	#
+	# The following example illustrates all of these extensions:
+	#
+	# 102.54.94.97     rhino         #PRE #DOM:networking  #net group's DC
+	# 102.54.94.102    "appname  \0x14"                    #special app server
+	# 102.54.94.123    popular            #PRE             #source server
+	# 102.54.94.117    localsrv           #PRE             #needed for the include
+	#
+	# #BEGIN_ALTERNATE
+	# #INCLUDE \\localsrv\public\lmhosts
+	# #INCLUDE \\rhino\public\lmhosts
+	# #END_ALTERNATE
+	#
+	# In the above example, the "appname" server contains a special
+	# character in its name, the "popular" and "localsrv" server names are
+	# preloaded, and the "rhino" server name is specified so it can be used
+	# to later #INCLUDE a centrally maintained lmhosts file if the "localsrv"
+	# system is unavailable.
+	#
+	# Note that the whole file is parsed including comments on each lookup,
+	# so keeping the number of comments to a minimum will improve performance.
+	# Therefore it is not advisable to simply add lmhosts file entries onto the
+	# end of this file.

2.3.3. HOSTS file

This file is usually located in MS Windows NT 4.0 or 2000 in +C:\WINNT\SYSTEM32\DRIVERS\ETC and contains +the IP Address and the IP hostname in matched pairs. It can be +used by the name resolution infrastructure in MS Windows, depending +on how the TCP/IP environment is configured. This file is in +every way the equivalent of the Unix/Linux /etc/hosts file.

2.3.4. DNS Lookup

This capability is configured in the TCP/IP setup area in the network +configuration facility. If enabled an elaborate name resolution sequence +is followed the precise nature of which isdependant on what the NetBIOS +Node Type parameter is configured to. A Node Type of 0 means use +NetBIOS broadcast (over UDP broadcast) is first used if the name +that is the subject of a name lookup is not found in the NetBIOS name +cache. If that fails then DNS, HOSTS and LMHOSTS are checked. If set to +Node Type 8, then a NetBIOS Unicast (over UDP Unicast) is sent to the +WINS Server to obtain a lookup before DNS, HOSTS, LMHOSTS, or broadcast +lookup is used.

2.3.5. WINS Lookup

A WINS (Windows Internet Name Server) service is the equivaent of the +rfc1001/1002 specified NBNS (NetBIOS Name Server). A WINS server stores +the names and IP addresses that are registered by a Windows client +if the TCP/IP setup has been given at least one WINS Server IP Address.

To configure Samba to be a WINS server the following parameter needs +to be added to the smb.conf file:

	wins support = Yes

To configure Samba to use a WINS server the following parameters are +needed in the smb.conf file:

	wins support = No
+	wins server = xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address +of the WINS server.

2.4. How browsing functions and how to deploy stable and +dependable browsing using Samba

As stated above, MS Windows machines register their NetBIOS names +(ie: the machine name for each service type in operation) on start +up. Also, as stated above, the exact method by which this name registration +takes place is determined by whether or not the MS Windows client/server +has been given a WINS server address, whether or not LMHOSTS lookup +is enabled, or if DNS for NetBIOS name resolution is enabled, etc.

In the case where there is no WINS server all name registrations as +well as name lookups are done by UDP broadcast. This isolates name +resolution to the local subnet, unless LMHOSTS is used to list all +names and IP addresses. In such situations Samba provides a means by +which the samba server name may be forcibly injected into the browse +list of a remote MS Windows network (using the "remote announce" parameter).

Where a WINS server is used, the MS Windows client will use UDP +unicast to register with the WINS server. Such packets can be routed +and thus WINS allows name resolution to function across routed networks.

During the startup process an election will take place to create a +local master browser if one does not already exist. On each NetBIOS network +one machine will be elected to function as the domain master browser. This +domain browsing has nothing to do with MS security domain control. +Instead, the domain master browser serves the role of contacting each local +master browser (found by asking WINS or from LMHOSTS) and exchanging browse +list contents. This way every master browser will eventually obtain a complete +list of all machines that are on the network. Every 11-15 minutes an election +is held to determine which machine will be the master browser. By nature of +the election criteria used, the machine with the highest uptime, or the +most senior protocol version, or other criteria, will win the election +as domain master browser.

Clients wishing to browse the network make use of this list, but also depend +on the availability of correct name resolution to the respective IP +address/addresses.

Any configuration that breaks name resolution and/or browsing intrinsics +will annoy users because they will have to put up with protracted +inability to use the network services.

Samba supports a feature that allows forced synchonisation +of browse lists across routed networks using the "remote +browse sync" parameter in the smb.conf file. This causes Samba +to contact the local master browser on a remote network and +to request browse list synchronisation. This effectively bridges +two networks that are separated by routers. The two remote +networks may use either broadcast based name resolution or WINS +based name resolution, but it should be noted that the "remote +browse sync" parameter provides browse list synchronisation - and +that is distinct from name to address resolution, in other +words, for cross subnet browsing to function correctly it is +essential that a name to address resolution mechanism be provided. +This mechanism could be via DNS, /etc/hosts, +and so on.

2.5. MS Windows security options and how to configure +Samba for seemless integration

MS Windows clients may use encrypted passwords as part of a +challenege/response authentication model (a.k.a. NTLMv1) or +alone, or clear text strings for simple password based +authentication. It should be realized that with the SMB +protocol the password is passed over the network either +in plain text or encrypted, but not both in the same +authentication requets.

When encrypted passwords are used a password that has been +entered by the user is encrypted in two ways:

  • An MD4 hash of the UNICODE of the password + string. This is known as the NT hash. +

  • The password is converted to upper case, + and then padded or trucated to 14 bytes. This string is + then appended with 5 bytes of NULL characters and split to + form two 56 bit DES keys to encrypt a "magic" 8 byte value. + The resulting 16 bytes for the LanMan hash. +

You should refer to the Password Encryption chapter in this HOWTO collection +for more details on the inner workings

MS Windows 95 pre-service pack 1, MS Windows NT versions 3.x +and version 4.0 pre-service pack 3 will use either mode of +password authentication. All versions of MS Windows that follow +these versions no longer support plain text passwords by default.

MS Windows clients have a habit of dropping network mappings that +have been idle for 10 minutes or longer. When the user attempts to +use the mapped drive connection that has been dropped the SMB protocol +has a mechanism by which the connection can be re-established using +a cached copy of the password.

When Microsoft changed the default password mode, they dropped support for +caching of the plain text password. This means that when the registry +parameter is changed to re-enable use of plain text passwords it appears to +work, but when a dropped mapping attempts to revalidate it will fail if +the remote authentication server does not support encrypted passwords. +This means that it is definitely not a good idea to re-enable plain text +password support in such clients.

The following parameters can be used to work around the +issue of Windows 9x client upper casing usernames and +password before transmitting them to the SMB server +when using clear text authentication.

	passsword level = integer
+	username level = integer

By default Samba will lower case the username before attempting +to lookup the user in the database of local system accounts. +Because UNIX usernames conventionally only contain lower case +character, the username level parameter +is rarely even needed.

However, password on UNIX systems often make use of mixed case +characters. This means that in order for a user on a Windows 9x +client to connect to a Samba server using clear text authentication, +the password level must be set to the maximum +number of upper case letter which could appear +is a password. Note that is the server OS uses the traditional +DES version of crypt(), then a password level +of 8 will result in case insensitive passwords as seen from Windows +users. This will also result in longer login times as Samba +hash to compute the permutations of the password string and +try them one by one until a match is located (or all combinations fail).

The best option to adopt is to enable support for encrypted passwords +where ever Samba is used. There are three configuration possibilities +for support of encrypted passwords:

2.5.1. Use MS Windows NT as an authentication server

This method involves the additions of the following parameters +in the smb.conf file:

	encrypt passwords = Yes
+	security = server
+	password server = "NetBIOS_name_of_PDC"

There are two ways of identifying whether or not a username and +password pair was valid or not. One uses the reply information provided +as part of the authentication messaging process, the other uses +just and error code.

The down-side of this mode of configuration is the fact that +for security reasons Samba will send the password server a bogus +username and a bogus password and if the remote server fails to +reject the username and password pair then an alternative mode +of identification of validation is used. Where a site uses password +lock out after a certain number of failed authentication attempts +this will result in user lockouts.

Use of this mode of authentication does require there to be +a standard Unix account for the user, this account can be blocked +to prevent logons by other than MS Windows clients.

2.5.2. Make Samba a member of an MS Windows NT security domain

This method involves additon of the following paramters in the smb.conf file:

	encrypt passwords = Yes
+	security = domain
+	workgroup = "name of NT domain"
+	password server = *

The use of the "*" argument to "password server" will cause samba +to locate the domain controller in a way analogous to the way +this is done within MS Windows NT.

In order for this method to work the Samba server needs to join the +MS Windows NT security domain. This is done as follows:

  • On the MS Windows NT domain controller using + the Server Manager add a machine account for the Samba server. +

  • Next, on the Linux system execute: + smbpasswd -r PDC_NAME -j DOMAIN_NAME +

Use of this mode of authentication does require there to be +a standard Unix account for the user in order to assign +a uid once the account has been authenticated by the remote +Windows DC. This account can be blocked to prevent logons by +other than MS Windows clients by things such as setting an invalid +shell in the /etc/passwd entry.

An alternative to assigning UIDs to Windows users on a +Samba member server is presented in the Winbind Overview chapter in +this HOWTO collection.

2.5.3. Configure Samba as an authentication server

This mode of authentication demands that there be on the +Unix/Linux system both a Unix style account as well as and +smbpasswd entry for the user. The Unix system account can be +locked if required as only the encrypted password will be +used for SMB client authentication.

This method involves addition of the following parameters to +the smb.conf file:

## please refer to the Samba PDC HOWTO chapter later in 
+## this collection for more details
+[global]
+	encrypt passwords = Yes
+	security = user
+	domain logons = Yes
+	; an OS level of 33 or more is recommended
+	os level = 33
+
+[NETLOGON]
+	path = /somewhare/in/file/system
+	read only = yes

in order for this method to work a Unix system account needs +to be created for each user, as well as for each MS Windows NT/2000 +machine. The following structure is required.

2.5.3.1. Users

A user account that may provide a home directory should be +created. The following Linux system commands are typical of +the procedure for creating an account.

	# useradd -s /bin/bash -d /home/"userid" -m "userid"
+	# passwd "userid"
+	  Enter Password: <pw>
+	  
+	# smbpasswd -a "userid"
+	  Enter Password: <pw>

2.5.3.2. MS Windows NT Machine Accounts

These are required only when Samba is used as a domain +controller. Refer to the Samba-PDC-HOWTO for more details.

	# useradd -s /bin/false -d /dev/null "machine_name"\$
+	# passwd -l "machine_name"\$
+	# smbpasswd -a -m "machine_name"

2.6. Conclusions

Samba provides a flexible means to operate as...

  • A Stand-alone server - No special action is needed + other than to create user accounts. Stand-alone servers do NOT + provide network logon services, meaning that machines that use this + server do NOT perform a domain logon but instead make use only of + the MS Windows logon which is local to the MS Windows + workstation/server. +

  • An MS Windows NT 3.x/4.0 security domain member. +

  • An alternative to an MS Windows NT 3.x/4.0 + Domain Controller. +

Chapter 3. Configuring PAM for distributed but centrally +managed authentication

3.1. Samba and PAM

A number of Unix systems (eg: Sun Solaris), as well as the +xxxxBSD family and Linux, now utilize the Pluggable Authentication +Modules (PAM) facility to provide all authentication, +authorization and resource control services. Prior to the +introduction of PAM, a decision to use an alternative to +the system password database (/etc/passwd) +would require the provision of alternatives for all programs that provide +security services. Such a choice would involve provision of +alternatives to such programs as: login, +passwd, chown, etc.

PAM provides a mechanism that disconnects these security programs +from the underlying authentication/authorization infrastructure. +PAM is configured either through one file /etc/pam.conf (Solaris), +or by editing individual files that are located in /etc/pam.d.

The following is an example /etc/pam.d/login configuration file. +This example had all options been uncommented is probably not usable +as it stacks many conditions before allowing successful completion +of the login process. Essentially all conditions can be disabled +by commenting them out except the calls to pam_pwdb.so.

#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth 		required	pam_securetty.so
+auth 		required	pam_nologin.so
+# auth 		required	pam_dialup.so
+# auth 		optional	pam_mail.so
+auth		required	pam_pwdb.so shadow md5
+# account    	requisite  	pam_time.so
+account		required	pam_pwdb.so
+session		required	pam_pwdb.so
+# session 	optional	pam_lastlog.so
+# password   	required   	pam_cracklib.so retry=3
+password	required	pam_pwdb.so shadow md5

PAM allows use of replacable modules. Those available on a +sample system include:

$ /bin/ls /lib/security
+pam_access.so    pam_ftp.so          pam_limits.so     
+pam_ncp_auth.so  pam_rhosts_auth.so  pam_stress.so     
+pam_cracklib.so  pam_group.so        pam_listfile.so   
+pam_nologin.so   pam_rootok.so       pam_tally.so      
+pam_deny.so      pam_issue.so        pam_mail.so       
+pam_permit.so    pam_securetty.so    pam_time.so       
+pam_dialup.so    pam_lastlog.so      pam_mkhomedir.so  
+pam_pwdb.so      pam_shells.so       pam_unix.so       
+pam_env.so       pam_ldap.so         pam_motd.so       
+pam_radius.so    pam_smbpass.so      pam_unix_acct.so  
+pam_wheel.so     pam_unix_auth.so    pam_unix_passwd.so
+pam_userdb.so    pam_warn.so         pam_unix_session.so

The following example for the login program replaces the use of +the pam_pwdb.so module which uses the system +password database (/etc/passwd, +/etc/shadow, /etc/group) with +the module pam_smbpass.so which uses the Samba +database which contains the Microsoft MD4 encrypted password +hashes. This database is stored in either +/usr/local/samba/private/smbpasswd, +/etc/samba/smbpasswd, or in +/etc/samba.d/smbpasswd, depending on the +Samba implementation for your Unix/Linux system. The +pam_smbpass.so module is provided by +Samba version 2.2.1 or later. It can be compiled by specifying the +--with-pam_smbpass options when running Samba's +configure script. For more information +on the pam_smbpass module, see the documentation +in the source/pam_smbpass directory of the Samba +source distribution.

#%PAM-1.0
+# The PAM configuration file for the `login' service
+#
+auth		required	pam_smbpass.so nodelay
+account		required	pam_smbpass.so nodelay
+session		required	pam_smbpass.so nodelay
+password	required	pam_smbpass.so nodelay

The following is the PAM configuration file for a particular +Linux system. The default condition uses pam_pwdb.so.

#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_pwdb.so nullok nodelay shadow audit
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_pwdb.so shadow md5

In the following example the decision has been made to use the +smbpasswd database even for basic samba authentication. Such a +decision could also be made for the passwd program and would +thus allow the smbpasswd passwords to be changed using the passwd +program.

#%PAM-1.0
+# The PAM configuration file for the `samba' service
+#
+auth       required     /lib/security/pam_smbpass.so nodelay
+account    required     /lib/security/pam_pwdb.so audit nodelay
+session    required     /lib/security/pam_pwdb.so nodelay
+password   required     /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf

Note: PAM allows stacking of authentication mechanisms. It is +also possible to pass information obtained within on PAM module through +to the next module in the PAM stack. Please refer to the documentation for +your particular system implementation for details regarding the specific +capabilities of PAM in this environment. Some Linux implmentations also +provide the pam_stack.so module that allows all +authentication to be configured in a single central file. The +pam_stack.so method has some very devoted followers +on the basis that it allows for easier administration. As with all issues in +life though, every decision makes trade-offs, so you may want examine the +PAM documentation for further helpful information.

3.2. Distributed Authentication

The astute administrator will realize from this that the +combination of pam_smbpass.so, +winbindd, and rsync (see +http://rsync.samba.org/) +will allow the establishment of a centrally managed, distributed +user/password database that can also be used by all +PAM (eg: Linux) aware programs and applications. This arrangement +can have particularly potent advantages compared with the +use of Microsoft Active Directory Service (ADS) in so far as +reduction of wide area network authentication traffic.

3.3. PAM Configuration in smb.conf

There is an option in smb.conf called obey pam restrictions. +The following is from the on-line help for this option in SWAT;

When Samba 2.2 is configure to enable PAM support (i.e. +--with-pam), this parameter will +control whether or not Samba should obey PAM's account +and session management directives. The default behavior +is to use PAM for clear text authentication only and to +ignore any account or session management. Note that Samba always +ignores PAM for authentication in the case of +encrypt passwords = yes. +The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB +password encryption.

Default: obey pam restrictions = no

Chapter 4. Hosting a Microsoft Distributed File System tree on Samba

4.1. Instructions

The Distributed File System (or Dfs) provides a means of + separating the logical view of files and directories that users + see from the actual physical locations of these resources on the + network. It allows for higher availability, smoother storage expansion, + load balancing etc. For more information about Dfs, refer to Microsoft documentation.

This document explains how to host a Dfs tree on a Unix + machine (for Dfs-aware clients to browse) using Samba.

To enable SMB-based DFS for Samba, configure it with the + --with-msdfs option. Once built, a + Samba server can be made a Dfs server by setting the global + boolean host msdfs parameter in the smb.conf + file. You designate a share as a Dfs root using the share + level boolean msdfs root parameter. A Dfs root directory on + Samba hosts Dfs links in the form of symbolic links that point + to other servers. For example, a symbolic link + junction->msdfs:storage1\share1 in + the share directory acts as the Dfs junction. When Dfs-aware + clients attempt to access the junction link, they are redirected + to the storage location (in this case, \\storage1\share1).

Dfs trees on Samba work with all Dfs-aware clients ranging + from Windows 95 to 2000.

Here's an example of setting up a Dfs tree on a Samba + server.

# The smb.conf file:
+[global]
+	netbios name = SAMBA
+	host msdfs   = yes
+
+[dfs]
+	path = /export/dfsroot
+	msdfs root = yes
+

In the /export/dfsroot directory we set up our dfs links to + other servers on the network.

root# cd /export/dfsroot

root# chown root /export/dfsroot

root# chmod 755 /export/dfsroot

root# ln -s msdfs:storageA\\shareA linka

root# ln -s msdfs:serverB\\share,serverC\\share linkb

You should set up the permissions and ownership of + the directory acting as the Dfs root such that only designated + users can create, delete or modify the msdfs links. Also note + that symlink names should be all lowercase. This limitation exists + to have Samba avoid trying all the case combinations to get at + the link name. Finally set up the symbolic links to point to the + network shares you want, and start Samba.

Users on Dfs-aware clients can now browse the Dfs tree + on the Samba server at \\samba\dfs. Accessing + links linka or linkb (which appear as directories to the client) + takes users directly to the appropriate shares on the network.

4.1.1. Notes

  • Windows clients need to be rebooted + if a previously mounted non-dfs share is made a dfs + root or vice versa. A better way is to introduce a + new share and make it the dfs root.

  • Currently there's a restriction that msdfs + symlink names should all be lowercase.

  • For security purposes, the directory + acting as the root of the Dfs tree should have ownership + and permissions set so that only designated users can + modify the symbolic links in the directory.

Chapter 5. UNIX Permission Bits and Windows NT Access Control Lists

5.1. Viewing and changing UNIX permissions using the NT + security dialogs

New in the Samba 2.0.4 release is the ability for Windows + NT clients to use their native security settings dialog box to + view and modify the underlying UNIX permissions.

Note that this ability is careful not to compromise + the security of the UNIX host Samba is running on, and + still obeys all the file permission rules that a Samba + administrator can set.

In Samba 2.0.4 and above the default value of the + parameter nt acl support has been changed from + false to true, so + manipulation of permissions is turned on by default.

5.2. How to view file security on a Samba share

From an NT 4.0 client, single-click with the right + mouse button on any file or directory in a Samba mounted + drive letter or UNC path. When the menu pops-up, click + on the Properties entry at the bottom of + the menu. This brings up the normal file properties dialog + box, but with Samba 2.0.4 this will have a new tab along the top + marked Security. Click on this tab and you + will see three buttons, Permissions, + Auditing, and Ownership. + The Auditing button will cause either + an error message A requested privilege is not held + by the client to appear if the user is not the + NT Administrator, or a dialog which is intended to allow an + Administrator to add auditing requirements to a file if the + user is logged on as the NT Administrator. This dialog is + non-functional with a Samba share at this time, as the only + useful button, the Add button will not currently + allow a list of users to be seen.

5.3. Viewing file ownership

Clicking on the "Ownership" button + brings up a dialog box telling you who owns the given file. The + owner name will be of the form :

"SERVER\user (Long name)"

Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database). Click on the Close + button to remove this dialog.

If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone".

The Take Ownership button will not allow + you to change the ownership of this file to yourself (clicking on + it will display a dialog box complaining that the user you are + currently logged onto the NT client cannot be found). The reason + for this is that changing the ownership of a file is a privileged + operation in UNIX, available only to the root + user. As clicking on this button causes NT to attempt to change + the ownership of a file to the current user logged into the NT + client this will not work with Samba at this time.

There is an NT chown command that will work with Samba + and allow a user with Administrator privilege connected + to a Samba 2.0.4 server as root to change the ownership of + files on both a local NTFS filesystem or remote mounted NTFS + or Samba drive. This is available as part of the Seclib + NT security library written by Jeremy Allison of + the Samba Team, available from the main Samba ftp site.

5.4. Viewing file or directory permissions

The third button is the "Permissions" + button. Clicking on this brings up a dialog box that shows both + the permissions and the UNIX owner of the file or directory. + The owner is displayed in the form :

"SERVER\user (Long name)"

Where SERVER is the NetBIOS name of + the Samba server, user is the user name of + the UNIX user who owns the file, and (Long name) + is the descriptive string identifying the user (normally found in the + GECOS field of the UNIX password database).

If the parameter nt acl support + is set to false then the file owner will + be shown as the NT user "Everyone" and the + permissions will be shown as NT "Full Control".

The permissions field is displayed differently for files + and directories, so I'll describe the way file permissions + are displayed first.

5.4.1. File Permissions

The standard UNIX user/group/world triple and + the corresponding "read", "write", "execute" permissions + triples are mapped by Samba into a three element NT ACL + with the 'r', 'w', and 'x' bits mapped into the corresponding + NT permissions. The UNIX world permissions are mapped into + the global NT group Everyone, followed + by the list of permissions allowed for UNIX world. The UNIX + owner and group permissions are displayed as an NT + user icon and an NT local + group icon respectively followed by the list + of permissions allowed for the UNIX user and group.

As many UNIX permission sets don't map into common + NT names such as "read", "change" or "full control" then + usually the permissions will be prefixed by the words "Special Access" in the NT display list.

But what happens if the file has no permissions allowed + for a particular UNIX user group or world component ? In order + to allow "no permissions" to be seen and modified then Samba + overloads the NT "Take Ownership" ACL attribute + (which has no meaning in UNIX) and reports a component with + no permissions as having the NT "O" bit set. + This was chosen of course to make it look like a zero, meaning + zero permissions. More details on the decision behind this will + be given below.

5.4.2. Directory Permissions

Directories on an NT NTFS file system have two + different sets of permissions. The first set of permissions + is the ACL set on the directory itself, this is usually displayed + in the first set of parentheses in the normal "RW" + NT style. This first set of permissions is created by Samba in + exactly the same way as normal file permissions are, described + above, and is displayed in the same way.

The second set of directory permissions has no real meaning + in the UNIX permissions world and represents the "inherited" permissions that any file created within + this directory would inherit.

Samba synthesises these inherited permissions for NT by + returning as an NT ACL the UNIX permission mode that a new file + created by Samba on this share would receive.

5.5. Modifying file or directory permissions

Modifying file and directory permissions is as simple + as changing the displayed permissions in the dialog box, and + clicking the OK button. However, there are + limitations that a user needs to be aware of, and also interactions + with the standard Samba permission masks and mapping of DOS + attributes that need to also be taken into account.

If the parameter nt acl support + is set to false then any attempt to set + security permissions will fail with an "Access Denied" + message.

The first thing to note is that the "Add" + button will not return a list of users in Samba 2.0.4 (it will give + an error message of "The remote procedure call failed + and did not execute"). This means that you can only + manipulate the current user/group/world permissions listed in + the dialog box. This actually works quite well as these are the + only permissions that UNIX actually has.

If a permission triple (either user, group, or world) + is removed from the list of permissions in the NT dialog box, + then when the "OK" button is pressed it will + be applied as "no permissions" on the UNIX side. If you then + view the permissions again the "no permissions" entry will appear + as the NT "O" flag, as described above. This + allows you to add permissions back to a file or directory once + you have removed them from a triple component.

As UNIX supports only the "r", "w" and "x" bits of + an NT ACL then if other NT security attributes such as "Delete + access" are selected then they will be ignored when applied on + the Samba server.

When setting permissions on a directory the second + set of permissions (in the second set of parentheses) is + by default applied to all files within that directory. If this + is not what you want you must uncheck the "Replace + permissions on existing files" checkbox in the NT + dialog before clicking "OK".

If you wish to remove all permissions from a + user/group/world component then you may either highlight the + component and click the "Remove" button, + or set the component to only have the special "Take + Ownership" permission (displayed as "O" + ) highlighted.

5.6. Interaction with the standard Samba create mask + parameters

Note that with Samba 2.0.5 there are four new parameters + to control this interaction. These are :

security mask

force security mode

directory security mask

force directory security mode

Once a user clicks "OK" to apply the + permissions Samba maps the given permissions into a user/group/world + r/w/x triple set, and then will check the changed permissions for a + file against the bits set in the + security mask parameter. Any bits that + were changed that are not set to '1' in this parameter are left alone + in the file permissions.

Essentially, zero bits in the security mask + mask may be treated as a set of bits the user is not + allowed to change, and one bits are those the user is allowed to change. +

If not set explicitly this parameter is set to the same value as + the create mask + parameter to provide compatibility with Samba 2.0.4 + where this permission change facility was introduced. To allow a user to + modify all the user/group/world permissions on a file, set this parameter + to 0777.

Next Samba checks the changed permissions for a file against + the bits set in the force security mode parameter. Any bits + that were changed that correspond to bits set to '1' in this parameter + are forced to be set.

Essentially, bits set in the force security mode + parameter may be treated as a set of bits that, when + modifying security on a file, the user has always set to be 'on'.

If not set explicitly this parameter is set to the same value + as the force + create mode parameter to provide compatibility + with Samba 2.0.4 where the permission change facility was introduced. + To allow a user to modify all the user/group/world permissions on a file + with no restrictions set this parameter to 000.

The security mask and force + security mode parameters are applied to the change + request in that order.

For a directory Samba will perform the same operations as + described above for a file except using the parameter directory security mask instead of security + mask, and force directory security mode + parameter instead of force security mode + .

The directory security mask parameter + by default is set to the same value as the directory mask + parameter and the force directory security + mode parameter by default is set to the same value as + the force directory mode parameter to provide + compatibility with Samba 2.0.4 where the permission change facility + was introduced.

In this way Samba enforces the permission restrictions that + an administrator can set on a Samba share, whilst still allowing users + to modify the permission bits within that restriction.

If you want to set up a share that allows users full control + in modifying the permission bits on their files and directories and + doesn't force any particular bits to be set 'on', then set the following + parameters in the smb.conf(5) + file in that share specific section :

security mask = 0777

force security mode = 0

directory security mask = 0777

force directory security mode = 0

As described, in Samba 2.0.4 the parameters :

create mask

force create mode

directory mask

force directory mode

were used instead of the parameters discussed here.

5.7. Interaction with the standard Samba file attribute + mapping

Samba maps some of the DOS attribute bits (such as "read + only") into the UNIX permissions of a file. This means there can + be a conflict between the permission bits set via the security + dialog and the permission bits set by the file attribute mapping. +

One way this can show up is if a file has no UNIX read access + for the owner it will show up as "read only" in the standard + file attributes tabbed dialog. Unfortunately this dialog is + the same one that contains the security info in another tab.

What this can mean is that if the owner changes the permissions + to allow themselves read access using the security dialog, clicks + "OK" to get back to the standard attributes tab + dialog, and then clicks "OK" on that dialog, then + NT will set the file permissions back to read-only (as that is what + the attributes still say in the dialog). This means that after setting + permissions and clicking "OK" to get back to the + attributes dialog you should always hit "Cancel" + rather than "OK" to ensure that your changes + are not overridden.

Chapter 6. Printing Support in Samba 2.2.x

6.1. Introduction

Beginning with the 2.2.0 release, Samba supports +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls.

The additional functionality provided by the new +SPOOLSS support includes:

  • Support for downloading printer driver + files to Windows 95/98/NT/2000 clients upon demand. +

  • Uploading of printer drivers via the + Windows NT Add Printer Wizard (APW) or the + Imprints tool set (refer to http://imprints.sourceforge.net). +

  • Support for the native MS-RPC printing + calls such as StartDocPrinter, EnumJobs(), etc... (See + the MSDN documentation at http://msdn.microsoft.com/ + for more information on the Win32 printing API) +

  • Support for NT Access Control Lists (ACL) + on printer objects

  • Improved support for printer queue manipulation + through the use of an internal databases for spooled job + information

There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients +require that the Samba server possess a valid driver for the printer. +This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients +can use the local APW for installing drivers to be used with a Samba +served printer. This is the same behavior exhibited by Windows 9x clients. +As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients.

The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: How to Add Printers with No User +Interaction in Windows 2000

http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP

6.2. Configuration

[print$] vs. [printer$]

Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads.

However, the initial implementation allowed for a +parameter named printer driver location +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named printer driver provided +a means of defining the printer driver name to be sent to +the client.

These parameters, including printer driver +file parameter, are being depreciated and should not +be used in new installations. For more information on this change, +you should refer to the Migration section +of this document.

6.2.1. Creating [print$]

In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download).

You should modify the server's smb.conf file to add the global +parameters and to create the +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site):

[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root

The write list is used to allow administrative +level user accounts to have write access in order to update files +on the share. See the smb.conf(5) +man page for more information on configuring file shares.

The requirement for guest +ok = yes depends upon how your +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue.

Author's Note: The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add map to guest = Bad User in the [global] section as well. Make sure +you understand what this parameter does before using it +though. --jerry

In order for a Windows NT print server to support +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well.

Next create the directory tree below the [print$] share +for each architecture you wish to support.

[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"

ATTENTION! REQUIRED PERMISSIONS

In order to currently add a new driver to you Samba host, +one of two conditions must hold true:

  • The account used to connect to the Samba host + must have a uid of 0 (i.e. a root account)

  • The account used to connect to the Samba host + must be a member of the printer + admin list.

Of course, the connected account must still possess access +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default.

Once you have created the required [print$] service and +associated subdirectories, simply log onto the Samba server using +a root (or printer admin) account +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers +that matches the printer shares defined on your Samba host.

6.2.2. Setting Drivers for Existing Printers

The initial listing of printers in the Samba host's +Printers folder will have no real printer driver assigned +to them. By default, in Samba 2.2.0 this driver name was set to +NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER. +Later versions changed this to a NULL string to allow the use +tof the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message:

Device settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now?

Click "No" in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a +printer is to either

  • Use the "New Driver..." button to install + a new printer driver, or

  • Select a driver from the popup list of + installed drivers. Initially this list will be empty.

If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog.

Assuming you have connected with a root account, you +will also be able modify other printer properties such as +ACLs and device settings using this dialog box.

A few closing comments for this section, it is possible +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +smb.conf.

Another interesting side note is that Windows NT clients do +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group.

6.2.3. Support a large number of printers

One issue that has arisen during the development +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the rpcclient's +setdriver command can be used to set the driver +associated with an installed driver. The following is example +of how this could be accomplished:

 
+$ rpcclient pogo -U root%secret -c "enumdrivers"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+ 
+[Windows NT x86]
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4000 Series PS]
+ 
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 2100 Series PS]
+ 
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
+				  
+$ rpcclient pogo -U root%secret -c "enumprinters"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
+				  
+$ rpcclient pogo -U root%secret \
+>  -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.

6.2.4. Adding New Printers via the Windows NT APW

By default, Samba offers all printer shares defined in smb.conf +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if

  • The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + privileges (i.e. root or printer admin). +

  • show + add printer wizard = yes (the default). +

In order to be able to use the APW to successfully add a printer to a Samba +server, the add +printer command must have a defined value. The program +hook must successfully add the printer to the system (i.e. +/etc/printcap or appropriate files) and +smb.conf if necessary.

When using the APW from a client, if the named printer share does +not exist, smbd will execute the add printer +command and reparse to the smb.conf +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +add printer program is executed under the context +of the connected user, not necessarily a root account.

There is a complementing delete +printer command for removing entries from the "Printers..." +folder.

6.2.5. Samba and Printer Ports

Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients.

Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over.

If you require that multiple ports be defined for some reason, +smb.conf possesses a enumports +command which can be used to define an external program +that generates a listing of ports on a system.

6.3. The Imprints Toolset

The Imprints tool set provides a UNIX equivalent of the + Windows NT Add Printer Wizard. For complete information, please + refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation + included with the imprints source distribution. This section will + only provide a brief introduction to the features of Imprints.

6.3.1. What is Imprints?

Imprints is a collection of tools for supporting the goals + of

  • Providing a central repository information + regarding Windows NT and 95/98 printer driver packages

  • Providing the tools necessary for creating + the Imprints printer driver packages.

  • Providing an installation client which + will obtain and install printer drivers on remote Samba + and Windows NT 4 print servers.

6.3.2. Creating Printer Driver Packages

The process of creating printer driver packages is beyond + the scope of this document (refer to Imprints.txt also included + with the Samba distribution for more information). In short, + an Imprints driver package is a gzipped tarball containing the + driver files, related INF files, and a control file needed by the + installation client.

6.3.3. The Imprints server

The Imprints server is really a database server that + may be queried via standard HTTP mechanisms. Each printer + entry in the database has an associated URL for the actual + downloading of the package. Each package is digitally signed + via GnuPG which can be used to verify that package downloaded + is actually the one referred in the Imprints database. It is + not recommended that this security check + be disabled.

6.3.4. The Installation Client

More information regarding the Imprints installation client + is available in the Imprints-Client-HOWTO.ps + file included with the imprints source package.

The Imprints installation client comes in two forms.

  • a set of command line Perl scripts

  • a GTK+ based graphical interface to + the command line perl scripts

The installation client (in both forms) provides a means + of querying the Imprints database server for a matching + list of known printer model names as well as a means to + download and install the drivers on remote Samba and Windows + NT print servers.

The basic installation process is in four steps and + perl code is wrapped around smbclient + and rpcclient.

	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
+	
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer

One of the problems encountered when implementing + the Imprints tool set was the name space issues between + various supported client architectures. For example, Windows + NT includes a driver named "Apple LaserWriter II NTX v51.8" + and Windows 95 calls its version of this driver "Apple + LaserWriter II NTX"

The problem is how to know what client drivers have + been uploaded for a printer. As astute reader will remember + that the Windows NT Printer Properties dialog only includes + space for one printer driver name. A quick look in the + Windows NT 4.0 system registry at

HKLM\System\CurrentControlSet\Control\Print\Environment +

will reveal that Windows NT always uses the NT driver + name. This is ok as Windows NT always requires that at least + the Windows NT version of the printer driver is present. + However, Samba does not have the requirement internally. + Therefore, how can you use the NT driver name if is has not + already been installed?

The way of sidestepping this limitation is to require + that all Imprints printer driver packages include both the Intel + Windows NT and 95/98 printer drivers and that NT driver is + installed first.

6.4. Migration to from Samba 2.0.x to 2.2.x

Given that printer driver management has changed (we hope improved) in +2.2 over prior releases, migration from an existing setup to 2.2 can +follow several paths. Here are the possible scenarios for +migration:

  • If you do not desire the new Windows NT + print driver support, nothing needs to be done. + All existing parameters work the same.

  • If you want to take advantage of NT printer + driver support but do not want to migrate the + 9x drivers to the new setup, the leave the existing + printers.def file. When smbd attempts + to locate a + 9x driver for the printer in the TDB and fails it + will drop down to using the printers.def (and all + associated parameters). The make_printerdef + tool will also remain for backwards compatibility but will + be removed in the next major release.

  • If you install a Windows 9x driver for a printer + on your Samba host (in the printing TDB), this information will + take precedence and the three old printing parameters + will be ignored (including print driver location).

  • If you want to migrate an existing printers.def + file into the new setup, the current only solution is to use the Windows + NT APW to install the NT drivers and the 9x drivers. This can be scripted + using smbclient and rpcclient. See the + Imprints installation client at http://imprints.sourceforge.net/ + for an example. +

Achtung!

The following smb.conf parameters are considered to +be deprecated and will be removed soon. Do not use them in new +installations

  • printer driver file (G) +

  • printer driver (S) +

  • printer driver location (S) +

The have been two new parameters add in Samba 2.2.2 to for +better support of Samba 2.0.x backwards capability (disable +spoolss) and for using local printers drivers on Windows +NT/2000 clients (use client driver). Both of +these options are described in the smb.coinf(5) man page and are +disabled by default.

Chapter 7. security = domain in Samba 2.x

7.1. Joining an NT Domain with Samba 2.2

Assume you have a Samba 2.x server with a NetBIOS name of + SERV1 and are joining an NT domain called + DOM, which has a PDC with a NetBIOS name + of DOMPDC and two backup domain controllers + with NetBIOS names DOMBDC1 and DOMBDC2 + .

In order to join the domain, first stop all Samba daemons + and run the command:

root# smbpasswd -j DOM -r DOMPDC + -UAdministrator%password

as we are joining the domain DOM and the PDC for that domain + (the only machine that has write access to the domain SAM database) + is DOMPDC. The Administrator%password is + the login name and password for an account which has the necessary + privilege to add machines to the domain. If this is successful + you will see the message:

smbpasswd: Joined domain DOM. +

in your terminal window. See the smbpasswd(8) man page for more details.

There is existing development code to join a domain + without having to create the machine trust account on the PDC + beforehand. This code will hopefully be available soon + in release branches as well.

This command goes through the machine account password + change protocol, then writes the new (random) machine account + password for this Samba server into a file in the same directory + in which an smbpasswd file would be stored - normally :

/usr/local/samba/private

In Samba 2.0.x, the filename looks like this:

<NT DOMAIN NAME>.<Samba + Server Name>.mac

The .mac suffix stands for machine account + password file. So in our example above, the file would be called:

DOM.SERV1.mac

In Samba 2.2, this file has been replaced with a TDB + (Trivial Database) file named secrets.tdb. +

This file is created and owned by root and is not + readable by any other user. It is the key to the domain-level + security for your system, and should be treated as carefully + as a shadow password file.

Now, before restarting the Samba daemons you must + edit your smb.conf(5) + file to tell Samba it should now use domain security.

Change (or add) your security = line in the [global] section + of your smb.conf to read:

security = domain

Next change the workgroup = line in the [global] section to read:

workgroup = DOM

as this is the name of the domain we are joining.

You must also have the parameter encrypt passwords set to yes + in order for your users to authenticate to the NT PDC.

Finally, add (or modify) a password server = line in the [global] + section to read:

password server = DOMPDC DOMBDC1 DOMBDC2

These are the primary and backup domain controllers Samba + will attempt to contact in order to authenticate users. Samba will + try to contact each of these servers in order, so you may want to + rearrange this list in order to spread out the authentication load + among domain controllers.

Alternatively, if you want smbd to automatically determine + the list of Domain controllers to use for authentication, you may + set this line to be :

password server = *

This method, which was introduced in Samba 2.0.6, + allows Samba to use exactly the same mechanism that NT does. This + method either broadcasts or uses a WINS database in order to + find domain controllers to authenticate against.

Finally, restart your Samba daemons and get ready for + clients to begin using domain security!

7.2. Samba and Windows 2000 Domains

Many people have asked regarding the state of Samba's ability to participate in +a Windows 2000 Domain. Samba 2.2 is able to act as a member server of a Windows +2000 domain operating in mixed or native mode.

There is much confusion between the circumstances that require a "mixed" mode +Win2k DC and a when this host can be switched to "native" mode. A "mixed" mode +Win2k domain controller is only needed if Windows NT BDCs must exist in the same +domain. By default, a Win2k DC in "native" mode will still support +NetBIOS and NTLMv1 for authentication of legacy clients such as Windows 9x and +NT 4.0. Samba has the same requirements as a Windows NT 4.0 member server.

The steps for adding a Samba 2.2 host to a Win2k domain are the same as those +for adding a Samba server to a Windows NT 4.0 domain. The only exception is that +the "Server Manager" from NT 4 has been replaced by the "Active Directory Users and +Computers" MMC (Microsoft Management Console) plugin.

7.3. Why is this better than security = server?

Currently, domain security in Samba doesn't free you from + having to create local Unix users to represent the users attaching + to your server. This means that if domain user DOM\fred + attaches to your domain security Samba server, there needs + to be a local Unix user fred to represent that user in the Unix + filesystem. This is very similar to the older Samba security mode + security = server, + where Samba would pass through the authentication request to a Windows + NT server in the same way as a Windows 95 or Windows 98 server would. +

Please refer to the Winbind + paper for information on a system to automatically + assign UNIX uids and gids to Windows NT Domain users and groups. + This code is available in development branches only at the moment, + but will be moved to release branches soon.

The advantage to domain-level security is that the + authentication in domain-level security is passed down the authenticated + RPC channel in exactly the same way that an NT server would do it. This + means Samba servers now participate in domain trust relationships in + exactly the same way NT servers do (i.e., you can add Samba servers into + a resource domain and have the authentication passed on from a resource + domain PDC to an account domain PDC.

In addition, with security = server every Samba + daemon on a server has to keep a connection open to the + authenticating server for as long as that daemon lasts. This can drain + the connection resources on a Microsoft NT server and cause it to run + out of available connections. With security = domain, + however, the Samba daemons connect to the PDC/BDC only for as long + as is necessary to authenticate the user, and then drop the connection, + thus conserving PDC connection resources.

And finally, acting in the same manner as an NT server + authenticating to a PDC means that as part of the authentication + reply, the Samba server gets the user identification information such + as the user SID, the list of NT groups the user belongs to, etc. All + this information will allow Samba to be extended in the future into + a mode the developers currently call appliance mode. In this mode, + no local Unix users will be necessary, and Samba will generate Unix + uids and gids from the information passed back from the PDC when a + user is authenticated, making a Samba server truly plug and play + in an NT domain environment. Watch for this code soon.

NOTE: Much of the text of this document + was first published in the Web magazine + LinuxWorld as the article Doing + the NIS/NT Samba.

Chapter 8. How to Configure Samba 2.2 as a Primary Domain Controller

8.1. Prerequisite Reading

Before you continue reading in this chapter, please make sure +that you are comfortable with configuring basic files services +in smb.conf and how to enable and administer password +encryption in Samba. Theses two topics are covered in the +smb.conf(5) +manpage and the Encryption chapter +of this HOWTO Collection.

8.2. Background

Note: Author's Note: This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". +Both documents are superseded by this one.

Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller + +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in UNIX_INSTALL.html, please make sure +that your server is configured correctly before proceeding. Another +good resource in the smb.conf(5) man +page. The following functionality should work in 2.2:

  • domain logons for Windows NT 4.0/2000 clients. +

  • placing a Windows 9x client in user level security +

  • retrieving a list of users and groups from a Samba PDC to + Windows 9x/NT/2000 clients +

  • roving (roaming) user profiles +

  • Windows NT 4.0-style system policies +

The following pieces of functionality are not included in the 2.2 release:

  • Windows NT 4 domain trusts +

  • SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa) +

  • Adding users via the User Manager for Domains +

  • Acting as a Windows 2000 Domain Controller (i.e. Kerberos and + Active Directory) +

Please note that Windows 9x clients are not true members of a domain +for reasons outlined in this article. Therefore the protocol for +support Windows 9x-style domain logons is completely different +from NT4 domain logons and has been officially supported for some +time.

Implementing a Samba PDC can basically be divided into 2 broad +steps.

  1. Configuring the Samba PDC +

  2. Creating machine trust accounts and joining clients + to the domain +

There are other minor details such as user profiles, system +policies, etc... However, these are not necessarily specific +to a Samba PDC as much as they are related to Windows NT networking +concepts. They will be mentioned only briefly here.

8.3. Configuring the Samba Domain Controller

The first step in creating a working Samba PDC is to +understand the parameters necessary in smb.conf. I will not +attempt to re-explain the parameters here as they are more that +adequately covered in the smb.conf +man page. For convenience, the parameters have been +linked with the actual smb.conf description.

Here is an example smb.conf for acting as a PDC:

[global]
+    ; Basic server settings
+    netbios name = POGO
+    workgroup = NARNIA
+
+    ; we should act as the domain and local master browser
+    os level = 64
+    preferred master = yes
+    domain master = yes
+    local master = yes
+    
+    ; security settings (must user security = user)
+    security = user
+    
+    ; encrypted passwords are a requirement for a PDC
+    encrypt passwords = yes
+    
+    ; support domain logons
+    domain logons = yes
+    
+    ; where to store user profiles?
+    logon path = \\%N\profiles\%u
+    
+    ; where is a user's home directory and where should it
+    ; be mounted at?
+    logon drive = H:
+    logon home = \\homeserver\%u
+    
+    ; specify a generic logon script for all users
+    ; this is a relative **DOS** path to the [netlogon] share
+    logon script = logon.cmd
+
+; necessary share for domain controller
+[netlogon]
+    path = /usr/local/samba/lib/netlogon
+    read only = yes
+    write list = ntadmin
+    
+; share for storing user profiles
+[profiles]
+    path = /export/smb/ntprofile
+    read only = no
+    create mask = 0600
+    directory mask = 0700

There are a couple of points to emphasize in the above configuration.

  • Encrypted passwords must be enabled. For more details on how + to do this, refer to ENCRYPTION.html. +

  • The server must support domain logons and a + [netlogon] share +

  • The server must be the domain master browser in order for Windows + client to locate the server as a DC. Please refer to the various + Network Browsing documentation included with this distribution for + details. +

As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +domain admin +group smb.conf parameter for information of creating "Domain +Admins" style accounts.

8.4. Creating Machine Trust Accounts and Joining Clients to the +Domain

A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account."

The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller.

A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + +

  • A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + smbpasswd). The Samba account + possesses and uses only the NT password hash.

  • A corresponding Unix account, typically stored in + /etc/passwd. (Future releases will alleviate the need to + create /etc/passwd entries.)

There are two ways to create machine trust accounts:

  • Manual creation. Both the Samba and corresponding + Unix account are created by hand.

  • "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually.

8.4.1. Manual Creation of Machine Trust Accounts

The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +/etc/passwd. This can be done using +vipw or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server:

root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine +nickname" -s /bin/false machine_name$

root# passwd -l machine_name$

The /etc/passwd entry will list the machine name +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an +/etc/passwd entry like this:

doppy$:x:505:501:machine_nickname:/dev/null:/bin/false

Above, machine_nickname can be any +descriptive name for the client, i.e., BasementComputer. +machine_name absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account.

Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the smbpasswd(8) command +as shown here:

root# smbpasswd -a -m machine_name

where machine_name is the machine's NetBIOS +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account.

Join the client to the domain immediately

Manually creating a machine trust account using this method is the + equivalent of creating a machine trust account on a Windows NT PDC using + the "Server Manager". From the time at which the account is created + to the time which the client joins the domain and changes the password, + your domain is vulnerable to an intruder joining your domain using a + a machine with the same NetBIOS name. A PDC inherently trusts + members of the domain and will serve out a large degree of user + information to such clients. You have been warned! +

8.4.2. "On-the-Fly" Creation of Machine Trust Accounts

The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain.

Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +add user script +option in smb.conf. This +method is not required, however; corresponding Unix accounts may also +be created manually.

Below is an example for a RedHat 6.2 Linux system.

[global]
+   # <...remainder of parameters...>
+   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

8.4.3. Joining the Client to the Domain

The procedure for joining a client to the domain varies with the +version of Windows.

  • Windows 2000

    When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + /etc/passwd entry, for security + reasons.

    The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists.

  • Windows NT

    If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain.

    If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted).

8.5. Common Problems and Errors

  • I cannot include a '$' in a machine name. +

    A 'machine name' in (typically) /etc/passwd + of the machine name with a '$' appended. FreeBSD (and other BSD + systems?) won't create a user with a '$' in their name. +

    The problem is only in the program used to make the entry, once + made, it works perfectly. So create a user without the '$' and + use vipw to edit the entry, adding the '$'. Or create + the whole entry with vipw if you like, make sure you use a + unique User ID ! +

  • I get told "You already have a connection to the Domain...." + or "Cannot join domain, the credentials supplied conflict with an + existing set.." when creating a machine trust account. +

    This happens if you try to create a machine trust account from the + machine itself and already have a connection (e.g. mapped drive) + to a share (or IPC$) on the Samba PDC. The following command + will remove all network drive connections: +

    C:\WINNT\> net use * /d +

    Further, if the machine is a already a 'member of a workgroup' that + is the same name as the domain you are joining (bad idea) you will + get this message. Change the workgroup name to something else, it + does not matter what, reboot, and try again. +

  • The system can not log you on (C000019B).... +

    I joined the domain successfully but after upgrading + to a newer version of the Samba code I get the message, "The system + can not log you on (C000019B), Please try a gain or consult your + system administrator" when attempting to logon. +

    This occurs when the domain SID stored in + private/WORKGROUP.SID is + changed. For example, you remove the file and smbd automatically + creates a new one. Or you are swapping back and forth between + versions 2.0.7, TNG and the HEAD branch code (not recommended). The + only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. +

  • The machine trust account for this computer either does not + exist or is not accessible. +

    When I try to join the domain I get the message "The machine account + for this computer either does not exist or is not accessible". What's + wrong? +

    This problem is caused by the PDC not having a suitable machine trust account. + If you are using the add user script method to create + accounts then this would indicate that it has not worked. Ensure the domain + admin user system is working. +

    Alternatively if you are creating account entries manually then they + have not been created correctly. Make sure that you have the entry + correct for the machine trust account in smbpasswd file on the Samba PDC. + If you added the account using an editor rather than using the smbpasswd + utility, make sure that the account name is the machine NetBIOS name + with a '$' appended to it ( i.e. computer_name$ ). There must be an entry + in both /etc/passwd and the smbpasswd file. Some people have reported + that inconsistent subnet masks between the Samba server and the NT + client have caused this problem. Make sure that these are consistent + for both client and server. +

  • When I attempt to login to a Samba Domain from a NT4/W2K workstation, + I get a message about my account being disabled. +

    This problem is caused by a PAM related bug in Samba 2.2.0. This bug is + fixed in 2.2.1. Other symptoms could be unaccessible shares on + NT/W2K member servers in the domain or the following error in your smbd.log: + passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% +

    At first be ensure to enable the useraccounts with smbpasswd -e + %user%, this is normally done, when you create an account. +

    In order to work around this problem in 2.2.0, configure the + account control flag in + /etc/pam.d/samba file as follows: + 

    	account required        pam_permit.so
+

    If you want to remain backward compatibility to samba 2.0.x use + pam_permit.so, it's also possible to use + pam_pwdb.so. There are some bugs if you try to + use pam_unix.so, if you need this, be ensure to use + the most recent version of this file. +

8.6. System Policies and Profiles

Much of the information necessary to implement System Policies and +Roving User Profiles in a Samba domain is the same as that for +implementing these same items in a Windows NT 4.0 domain. +You should read the white paper Implementing +Profiles and Policies in Windows NT 4.0 available from Microsoft.

Here are some additional details:

  • What about Windows NT Policy Editor? +

    To create or edit ntconfig.pol you must use + the NT Server Policy Editor, poledit.exe which + is included with NT Server but not NT Workstation. + There is a Policy Editor on a NTws + but it is not suitable for creating Domain Policies. + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need poledit.exe, common.adm and winnt.adm. It is convenient + to put the two *.adm files in c:\winnt\inf which is where + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'. +

    The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using servicepackname /x, + i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, + poledit.exe and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft. +

  • Can Win95 do Policies? +

    Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. + Install group policies on a Win9x client by double-clicking + grouppol.inf. Log off and on again a couple of + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... +

    If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group. +

  • How do I get 'User Manager' and 'Server Manager' +

    Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager'? +

    Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes +

    • Server Manager

    • User Manager for Domains

    • Event Viewer

    Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE +

    The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE +

8.7. What other help can I get?

There are many sources of information available in the form +of mailing lists, RFC's and documentation. The docs that come +with the samba distribution contain very good explanations of +general SMB topics such as browsing.

  • What are some diagnostics tools I can use to debug the domain logon + process and where can I find them? +

    One of the best diagnostic tools for debugging problems is Samba itself. + You can use the -d option for both smbd and nmbd to specify what + 'debug level' at which to run. See the man pages on smbd, nmbd and + smb.conf for more information on debugging options. The debug + level can range from 1 (the default) to 10 (100 for debugging passwords). +

    Another helpful method of debugging is to compile samba using the + gcc -g flag. This will include debug + information in the binaries and allow you to attach gdb to the + running smbd / nmbd process. In order to attach gdb to an smbd + process for an NT workstation, first get the workstation to make the + connection. Pressing ctrl-alt-delete and going down to the domain box + is sufficient (at least, on the first time you join the domain) to + generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation + maintains an open connection, and therefore there will be an smbd + process running (assuming that you haven't set a really short smbd + idle timeout) So, in between pressing ctrl alt delete, and actually + typing in your password, you can gdb attach and continue. +

    Some useful samba commands worth investigating: +

    • testparam | more

    • smbclient -L //{netbios name of server}

    An SMB enabled version of tcpdump is available from + http://www.tcpdup.org/. + Ethereal, another good packet sniffer for Unix and Win32 + hosts, can be downloaded from http://www.ethereal.com. +

    For tracing things on the Microsoft Windows NT, Network Monitor + (aka. netmon) is available on the Microsoft Developer Network CD's, + the Windows NT Server install CD and the SMS CD's. The version of + netmon that ships with SMS allows for dumping packets between any two + computers (i.e. placing the network interface in promiscuous mode). + The version on the NT Server install CD will only allow monitoring + of network traffic directed to the local NT box and broadcasts on the + local subnet. Be aware that Ethereal can read and write netmon + formatted files. +

  • How do I install 'Network Monitor' on an NT Workstation + or a Windows 9x box? +

    Installing netmon on an NT workstation requires a couple + of steps. The following are for installing Netmon V4.00.349, which comes + with Microsoft Windows NT Server 4.0, on Microsoft Windows NT + Workstation 4.0. The process should be similar for other version of + Windows NT / Netmon. You will need both the Microsoft Windows + NT Server 4.0 Install CD and the Workstation 4.0 Install CD. +

    Initially you will need to install 'Network Monitor Tools and Agent' + on the NT Server. To do this +

    • Goto Start - Settings - Control Panel - + Network - Services - Add

    • Select the 'Network Monitor Tools and Agent' and + click on 'OK'.

    • Click 'OK' on the Network Control Panel. +

    • Insert the Windows NT Server 4.0 install CD + when prompted.

    At this point the Netmon files should exist in + %SYSTEMROOT%\System32\netmon\*.*. + Two subdirectories exist as well, parsers\ + which contains the necessary DLL's for parsing the netmon packet + dump, and captures\. +

    In order to install the Netmon tools on an NT Workstation, you will + first need to install the 'Network Monitor Agent' from the Workstation + install CD. +

    • Goto Start - Settings - Control Panel - + Network - Services - Add

    • Select the 'Network Monitor Agent' and click + on 'OK'.

    • Click 'OK' on the Network Control Panel. +

    • Insert the Windows NT Workstation 4.0 install + CD when prompted.

    Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* + to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set + permissions as you deem appropriate for your site. You will need + administrative rights on the NT box to run netmon. +

    To install Netmon on a Windows 9x box install the network monitor agent + from the Windows 9x CD (\admin\nettools\netmon). There is a readme + file located with the netmon driver files on the CD if you need + information on how to do this. Copy the files from a working + Netmon installation. +

  • The following is a list if helpful URLs and other links: +

  • How do I get help from the mailing lists? +

    There are a number of Samba related mailing lists. Go to http://samba.org, click on your nearest mirror + and then click on Support and then click on Samba related mailing lists. +

    For questions relating to Samba TNG go to + http://www.samba-tng.org/ + It has been requested that you don't post questions about Samba-TNG to the + main stream Samba lists.

    If you post a message to one of the lists please observe the following guide lines : +

    • Always remember that the developers are volunteers, they are + not paid and they never guarantee to produce a particular feature at + a particular time. Any time lines are 'best guess' and nothing more. +

    • Always mention what version of samba you are using and what + operating system its running under. You should probably list the + relevant sections of your smb.conf file, at least the options + in [global] that affect PDC support.

    • In addition to the version, if you obtained Samba via + CVS mention the date when you last checked it out.

    • Try and make your question clear and brief, lots of long, + convoluted questions get deleted before they are completely read ! + Don't post html encoded messages (if you can select colour or font + size its html).

    • If you run one of those nifty 'I'm on holidays' things when + you are away, make sure its configured to not answer mailing lists. +

    • Don't cross post. Work out which is the best list to post to + and see what happens, i.e. don't post to both samba-ntdom and samba-technical. + Many people active on the lists subscribe to more + than one list and get annoyed to see the same message two or more times. + Often someone will see a message and thinking it would be better dealt + with on another, will forward it on for you.

    • You might include partial + log files written at a debug level set to as much as 20. + Please don't send the entire log but enough to give the context of the + error messages.

    • (Possibly) If you have a complete netmon trace ( from the opening of + the pipe to the error ) you can send the *.CAP file as well.

    • Please think carefully before attaching a document to an email. + Consider pasting the relevant parts into the body of the message. The samba + mailing lists go to a huge number of people, do they all need a copy of your + smb.conf in their attach directory?

  • How do I get off the mailing lists? +

    To have your name removed from a samba mailing list, go to the + same place you went to to get on it. Go to http://lists.samba.org, + click on your nearest mirror and then click on Support and + then click on Samba related mailing lists. Or perhaps see + here +

    Please don't post messages to the list asking to be removed, you will just + be referred to the above address (unless that process failed in some way...) +

8.8. Domain Control for Windows 9x/ME

Note: The following section contains much of the original +DOMAIN.txt file previously included with Samba. Much of +the material is based on what went into the book Special +Edition, Using Samba, by Richard Sharpe.

A domain and a workgroup are exactly the same thing in terms of network +browsing. The difference is that a distributable authentication +database is associated with a domain, for secure login access to a +network. Also, different access rights can be granted to users if they +successfully authenticate against a domain logon server (NT server and +other systems based on NT server support this, as does at least Samba TNG now).

The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +Network browsing functionality of domains and workgroups is +identical and is explained in BROWSING.txt. It should be noted, that browsing +is totally orthogonal to logon support.

Issues related to the single-logon network model are discussed in this +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section.

When an SMB client in a domain wishes to logon it broadcast requests for a +logon server. The first one to reply gets the job, and validates its +password using whatever mechanism the Samba administrator has installed. +It is possible (but very stupid) to create a domain where the user +database is not shared between servers, i.e. they are effectively workgroup +servers advertising themselves as participating in a domain. This +demonstrates how authentication is quite different from but closely +involved with domains.

Using these features you can make your clients verify their logon via +the Samba server; make clients run a batch file when they logon to +the network and download their preferences, desktop and start menu.

Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon:

  1. The client broadcasts (to the IP broadcast address of the subnet it is in) + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the + NetBIOS layer. The client chooses the first response it receives, which + contains the NetBIOS name of the logon server to use in the format of + \\SERVER. +

  2. The client then connects to that server, logs on (does an SMBsessetupX) and + then connects to the IPC$ share (using an SMBtconX). +

  3. The client then does a NetWkstaUserLogon request, which retrieves the name + of the user's logon script. +

  4. The client then connects to the NetLogon share and searches for this + and if it is found and can be read, is retrieved and executed by the client. + After this, the client disconnects from the NetLogon share. +

  5. The client then sends a NetUserGetInfo request to the server, to retrieve + the user's home share, which is used to search for profiles. Since the + response to the NetUserGetInfo request does not contain much more + the user's home share, profiles for Win9X clients MUST reside in the user + home directory. +

  6. The client then connects to the user's home share and searches for the + user's profile. As it turns out, you can specify the user's home share as + a sharename and path. For example, \\server\fred\.profile. + If the profiles are found, they are implemented. +

  7. The client then disconnects from the user's home share, and reconnects to + the NetLogon share and looks for CONFIG.POL, the policies file. If this is + found, it is read and implemented. +

8.8.1. Configuration Instructions: Network Logons

The main difference between a PDC and a Windows 9x logon +server configuration is that

  • Password encryption is not required for a Windows 9x logon server.

  • Windows 9x/ME clients do not possess machine trust accounts.

Therefore, a Samba PDC will also act as a Windows 9x logon +server.

security mode and master browsers

There are a few comments to make in order to tie up some +loose ends. There has been much debate over the issue of whether +or not it is ok to configure Samba as a Domain Controller in security +modes other than USER. The only security mode +which will not work due to technical reasons is SHARE +mode security. DOMAIN and SERVER +mode security is really just a variation on SMB user level security.

Actually, this issue is also closely tied to the debate on whether +or not Samba must be the domain master browser for its workgroup +when operating as a DC. While it may technically be possible +to configure a server as such (after all, browsing and domain logons +are two distinctly different functions), it is not a good idea to +so. You should remember that the DC must register the DOMAIN#1b NetBIOS +name. This is the name used by Windows clients to locate the DC. +Windows clients do not distinguish between the DC and the DMB. +For this reason, it is very wise to configure the Samba DC as the DMB.

Now back to the issue of configuring a Samba DC to use a mode other +than "security = user". If a Samba host is configured to use +another SMB server or DC in order to validate user connection +requests, then it is a fact that some other machine on the network +(the "password server") knows more about user than the Samba host. +99% of the time, this other host is a domain controller. Now +in order to operate in domain mode security, the "workgroup" parameter +must be set to the name of the Windows NT domain (which already +has a domain controller, right?)

Therefore configuring a Samba box as a DC for a domain that +already by definition has a PDC is asking for trouble. +Therefore, you should always configure the Samba DC to be the DMB +for its domain.

8.8.2. Configuration Instructions: Setting up Roaming User Profiles

Warning

NOTE! Roaming profiles support is different +for Win9X and WinNT.

Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features.

Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory.

WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT.

8.8.2.1. Windows NT Configuration

To support WinNT clients, in the [global] section of smb.conf set the +following (for example):

logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath

The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable.

Note: [lkcl 26aug96 - we have discovered a problem where Windows clients can +maintain a connection to the [homes] share in between logins. The +[homes] share must NOT therefore be used in a profile path.]

8.8.2.2. Windows 9X Configuration

To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use/home" now works as well, and it, too, relies +on the "logon home" parameter.

By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file:

logon home = \\%L\%U\.profiles

then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden).

Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home".

8.8.2.3. Win9X and WinNT Configuration

You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example:

logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U

Note: I have not checked what 'net use /home' does on NT when "logon home" is +set as above.

8.8.2.4. Windows 9X Profile Setup

When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders.

The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file.

  1. On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. +

  2. On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. +

Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me.

You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password.

Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'.

Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created.

These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set.

If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server.

If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time".

  1. instead of logging in under the [user, password, domain] dialog, + press escape. +

  2. run the regedit.exe program, and look in: +

    HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList +

    you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. +

    [Exit the registry editor]. +

  3. WARNING - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). +

    This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. +

  4. search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. +

  5. log off the windows 95 client. +

  6. check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. +

If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports.

If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace.

8.8.2.5. Windows NT Workstation 4.0

When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter.

Note: [lkcl 10aug97 - i tried setting the path to +\\samba-server\homes\profile, and discovered that this fails because +a background process maintains the connection to the [homes] share +which does _not_ close down in between user logins. you have to +have \\samba-server\%L\profile, where user is the username created +from the [homes] share].

There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter.

The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension) +[lkcl 10aug97 - i found that the creation of the .PDS directory failed, +and had to create these manually for each user, with a shell script. +also, i presume, but have not tested, that the full profile path must +be browseable just as it is for w95, due to the manner in which they +attempt to create the full profile path: test existence of each path +component; create path component].

In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown.

You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one.

Note: [lkcl 10aug97 - i notice that NT Workstation tells me that it is +downloading a profile from a slow link. whether this is actually the +case, or whether there is some configuration issue, as yet unknown, +that makes NT Workstation _think_ that the link is a slow one is a +matter to be resolved].

[lkcl 20aug97 - after samba digest correspondence, one user found, and +another confirmed, that profiles cannot be loaded from a samba server +unless "security = user" and "encrypt passwords = yes" (see the file +ENCRYPTION.txt) or "security = server" and "password server = ip.address. +of.yourNTserver" are used. Either of these options will allow the NT +workstation to access the samba server using LAN manager encrypted +passwords, without the user intervention normally required by NT +workstation for clear-text passwords].

[lkcl 25aug97 - more comments received about NT profiles: the case of +the profile _matters_. the file _must_ be called NTuser.DAT or, for +a mandatory profile, NTuser.MAN].

8.8.2.6. Windows NT Server

There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords.

8.8.2.7. Sharing Profiles between W95 and NT Workstation 4.0

Potentially outdated or incorrect material follows

I think this is all bogus, but have not deleted it. (Richard Sharpe)

The default logon path is \\%N\U%. NT Workstation will attempt to create +a directory "\\samba-server\username.PDS" if you specify the logon path +as "\\samba-server\username" with the NT User Manager. Therefore, you +will need to specify (for example) "\\samba-server\username\profile". +NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which +is more likely to succeed.

If you then want to share the same Start Menu / Desktop with W95, you will +need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 +this has its drawbacks: i created a shortcut to telnet.exe, which attempts +to run from the c:\winnt\system32 directory. this directory is obviously +unlikely to exist on a Win95-only host].

If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory.

Note: [lkcl 25aug97 - there are some issues to resolve with downloading of +NT profiles, probably to do with time/date stamps. i have found that +NTuser.DAT is never updated on the workstation after the first time that +it is copied to the local workstation profile directory. this is in +contrast to w95, where it _does_ transfer / update profiles correctly].

8.9. DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

Possibly Outdated Material

This appendix was originally authored by John H Terpstra of + the Samba Team and is included here for posterity. +

NOTE : +The term "Domain Controller" and those related to it refer to one specific +method of authentication that can underly an SMB domain. Domain Controllers +prior to Windows NT Server 3.1 were sold by various companies and based on +private extensions to the LAN Manager 2.1 protocol. Windows NT introduced +Microsoft-specific ways of distributing the user authentication database. +See DOMAIN.txt for examples of how Samba can participate in or create +SMB domains based on shared authentication database schemes other than the +Windows NT SAM.

Windows NT Server can be installed as either a plain file and print server +(WORKGROUP workstation or server) or as a server that participates in Domain +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT.

To many people these terms can be confusing, so let's try to clear the air.

Every Windows NT system (workstation or server) has a registry database. +The registry contains entries that describe the initialization information +for all services (the equivalent of Unix Daemons) that run within the Windows +NT environment. The registry also contains entries that tell application +software where to find dynamically loadable libraries that they depend upon. +In fact, the registry contains entries that describes everything that anything +may need to know to interact with the rest of the system.

The registry files can be located on any Windows NT machine by opening a +command prompt and typing:

C:\WINNT\> dir %SystemRoot%\System32\config

The environment variable %SystemRoot% value can be obtained by typing:

C:\WINNT>echo %SystemRoot%

The active parts of the registry that you may want to be familiar with are +the files called: default, system, software, sam and security.

In a domain environment, Microsoft Windows NT domain controllers participate +in replication of the SAM and SECURITY files so that all controllers within +the domain have an exactly identical copy of each.

The Microsoft Windows NT system is structured within a security model that +says that all applications and services must authenticate themselves before +they can obtain permission from the security manager to do what they set out +to do.

The Windows NT User database also resides within the registry. This part of +the registry contains the user's security identifier, home directory, group +memberships, desktop profile, and so on.

Every Windows NT system (workstation as well as server) will have its own +registry. Windows NT Servers that participate in Domain Security control +have a database that they share in common - thus they do NOT own an +independent full registry database of their own, as do Workstations and +plain Servers.

The User database is called the SAM (Security Access Manager) database and +is used for all user authentication as well as for authentication of inter- +process authentication (i.e. to ensure that the service action a user has +requested is permitted within the limits of that user's privileges).

The Samba team have produced a utility that can dump the Windows NT SAM into +smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and +/pub/samba/pwdump on your nearest Samba mirror for the utility. This +facility is useful but cannot be easily used to implement SAM replication +to Samba systems.

Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers +can participate in a Domain security system that is controlled by Windows NT +servers that have been correctly configured. Almost every domain will have +ONE Primary Domain Controller (PDC). It is desirable that each domain will +have at least one Backup Domain Controller (BDC).

The PDC and BDCs then participate in replication of the SAM database so that +each Domain Controlling participant will have an up to date SAM component +within its registry.

Chapter 9. How to Act as a Backup Domain Controller in a Purely Samba Controlled Domain

9.1. Prerequisite Reading

Before you continue reading in this chapter, please make sure +that you are comfortable with configuring a Samba PDC +as described in the Samba-PDC-HOWTO.

9.2. Background

What is a Domain Controller? It is a machine that is able to answer +logon requests from workstations in a Windows NT Domain. Whenever a +user logs into a Windows NT Workstation, the workstation connects to a +Domain Controller and asks him whether the username and password the +user typed in is correct. The Domain Controller replies with a lot of +information about the user, for example the place where the users +profile is stored, the users full name of the user. All this +information is stored in the NT user database, the so-called SAM.

There are two kinds of Domain Controller in a NT 4 compatible Domain: +A Primary Domain Controller (PDC) and one or more Backup Domain +Controllers (BDC). The PDC contains the master copy of the +SAM. Whenever the SAM has to change, for example when a user changes +his password, this change has to be done on the PDC. A Backup Domain +Controller is a machine that maintains a read-only copy of the +SAM. This way it is able to reply to logon requests and authenticate +users in case the PDC is not available. During this time no changes to +the SAM are possible. Whenever changes to the SAM are done on the PDC, +all BDC receive the changes from the PDC.

Since version 2.2 Samba officially supports domain logons for all +current Windows Clients, including Windows 2000 and XP. This text +assumes the domain to be named SAMBA. To be able to act as a PDC, some +parameters in the [global]-section of the smb.conf have to be set:

workgroup = SAMBA
+domain master = yes
+domain logons = yes

Several other things like a [homes] and a [netlogon] share also may be +set along with settings for the profile path, the users home drive and +others. This will not be covered in this document.

9.3. What qualifies a Domain Controller on the network?

Every machine that is a Domain Controller for the domain SAMBA has to +register the NetBIOS group name SAMBA#1c with the WINS server and/or +by broadcast on the local network. The PDC also registers the unique +NetBIOS name SAMBA#1b with the WINS server. The name type #1b is +normally reserved for the domain master browser, a role that has +nothing to do with anything related to authentication, but the +Microsoft Domain implementation requires the domain master browser to +be on the same machine as the PDC.

9.3.1. How does a Workstation find its domain controller?

A NT workstation in the domain SAMBA that wants a local user to be +authenticated has to find the domain controller for SAMBA. It does +this by doing a NetBIOS name query for the group name SAMBA#1c. It +assumes that each of the machines it gets back from the queries is a +domain controller and can answer logon requests. To not open security +holes both the workstation and the selected (TODO: How is the DC +chosen) domain controller authenticate each other. After that the +workstation sends the user's credentials (his name and password) to +the domain controller, asking for approval.

9.3.2. When is the PDC needed?

Whenever a user wants to change his password, this has to be done on +the PDC. To find the PDC, the workstation does a NetBIOS name query +for SAMBA#1b, assuming this machine maintains the master copy of the +SAM. The workstation contacts the PDC, both mutually authenticate and +the password change is done.

9.4. Can Samba be a Backup Domain Controller?

With version 2.2, no. The native NT SAM replication protocols have +not yet been fully implemented. The Samba Team is working on +understanding and implementing the protocols, but this work has not +been finished for version 2.2.

Can I get the benefits of a BDC with Samba? Yes. The main reason for +implementing a BDC is availability. If the PDC is a Samba machine, +a second Samba machine can be set up to +service logon requests whenever the PDC is down.

9.5. How do I set up a Samba BDC?

Several things have to be done:

  • The file private/MACHINE.SID identifies the domain. When a samba +server is first started, it is created on the fly and must never be +changed again. This file has to be the same on the PDC and the BDC, +so the MACHINE.SID has to be copied from the PDC to the BDC.

  • The Unix user database has to be synchronized from the PDC to the +BDC. This means that both the /etc/passwd and /etc/group have to be +replicated from the PDC to the BDC. This can be done manually +whenever changes are made, or the PDC is set up as a NIS master +server and the BDC as a NIS slave server. To set up the BDC as a +mere NIS client would not be enough, as the BDC would not be able to +access its user database in case of a PDC failure.

  • The Samba password database in the file private/smbpasswd has to be +replicated from the PDC to the BDC. This is a bit tricky, see the +next section.

  • Any netlogon share has to be replicated from the PDC to the +BDC. This can be done manually whenever login scripts are changed, +or it can be done automatically together with the smbpasswd +synchronization.

Finally, the BDC has to be found by the workstations. This can be done +by setting

workgroup = samba
+domain master = no
+domain logons = yes

in the [global]-section of the smb.conf of the BDC. This makes the BDC +only register the name SAMBA#1c with the WINS server. This is no +problem as the name SAMBA#1c is a NetBIOS group name that is meant to +be registered by more than one machine. The parameter 'domain master = +no' forces the BDC not to register SAMBA#1b which as a unique NetBIOS +name is reserved for the Primary Domain Controller.

9.5.1. How do I replicate the smbpasswd file?

Replication of the smbpasswd file is sensitive. It has to be done +whenever changes to the SAM are made. Every user's password change is +done in the smbpasswd file and has to be replicated to the BDC. So +replicating the smbpasswd file very often is necessary.

As the smbpasswd file contains plain text password equivalents, it +must not be sent unencrypted over the wire. The best way to set up +smbpasswd replication from the PDC to the BDC is to use the utility +rsync. rsync can use ssh as a transport. ssh itself can be set up to +accept *only* rsync transfer without requiring the user to type a +password.

Chapter 10. Storing Samba's User/Machine Account information in an LDAP Directory

10.1. Purpose

This document describes how to use an LDAP directory for storing Samba user +account information traditionally stored in the smbpasswd(5) file. It is +assumed that the reader already has a basic understanding of LDAP concepts +and has a working directory server already installed. For more information +on LDAP architectures and Directories, please refer to the following sites.

Note that O'Reilly Publishing is working on +a guide to LDAP for System Administrators which has a planned release date of +early summer, 2002.

Two additional Samba resources which may prove to be helpful are

  • The Samba-PDC-LDAP-HOWTO + maintained by Ignacio Coupeau.

  • The NT migration scripts from IDEALX that are + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. +

10.2. Introduction

Traditionally, when configuring "encrypt +passwords = yes" in Samba's smb.conf file, user account +information such as username, LM/NT password hashes, password change times, and account +flags have been stored in the smbpasswd(5) file. There are several +disadvantages to this approach for sites with very large numbers of users (counted +in the thousands).

  • The first is that all lookups must be performed sequentially. Given that +there are approximately two lookups per domain logon (one for a normal +session connection such as when mapping a network drive or printer), this +is a performance bottleneck for lareg sites. What is needed is an indexed approach +such as is used in databases.

  • The second problem is that administrators who desired to replicate a +smbpasswd file to more than one Samba server were left to use external +tools such as rsync(1) and ssh(1) +and wrote custom, in-house scripts.

  • And finally, the amount of information which is stored in an +smbpasswd entry leaves no room for additional attributes such as +a home directory, password expiration time, or even a Relative +Identified (RID).

As a result of these defeciencies, a more robust means of storing user attributes +used by smbd was developed. The API which defines access to user accounts +is commonly referred to as the samdb interface (previously this was called the passdb +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +for a samdb backend (e.g. --with-ldapsam or +--with-tdbsam) requires compile time support.

When compiling Samba to include the --with-ldapsam autoconf +option, smbd (and associated tools) will store and lookup user accounts in +an LDAP directory. In reality, this is very easy to understand. If you are +comfortable with using an smbpasswd file, simply replace "smbpasswd" with +"LDAP directory" in all the documentation.

There are a few points to stress about what the --with-ldapsam +does not provide. The LDAP support referred to in the this documentation does not +include:

  • A means of retrieving user account information from + an Windows 2000 Active Directory server.

  • A means of replacing /etc/passwd.

The second item can be accomplished by using LDAP NSS and PAM modules. LGPL +versions of these libraries can be obtained from PADL Software +(http://www.padl.com/). However, +the details of configuring these packages are beyond the scope of this document.

10.3. Supported LDAP Servers

The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP +2.0 server and client libraries. The same code should be able to work with +Netscape's Directory Server and client SDK. However, due to lack of testing +so far, there are bound to be compile errors and bugs. These should not be +hard to fix. If you are so inclined, please be sure to forward all patches to +samba-patches@samba.org and +jerry@samba.org.

10.4. Schema and Relationship to the RFC 2307 posixAccount

Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in +examples/LDAP/samba.schema. (Note that this schema +file has been modified since the experimental support initially included +in 2.2.2). The sambaAccount objectclass is given here:

objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))

The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +owned by the Samba Team and as such is legal to be openly published. +If you translate the schema to be used with Netscape DS, please +submit the modified schema file as a patch to jerry@samba.org

Just as the smbpasswd file is mean to store information which supplements a +user's /etc/passwd entry, so is the sambaAccount object +meant to supplement the UNIX user account information. A sambaAccount is a +STRUCTURAL objectclass so it can be stored individually +in the directory. However, there are several fields (e.g. uid) which overlap +with the posixAccount objectclass outlined in RFC2307. This is by design.

In order to store all user account information (UNIX and Samba) in the directory, +it is necessary to use the sambaAccount and posixAccount objectclasses in +combination. However, smbd will still obtain the user's UNIX account +information via the standard C library calls (e.g. getpwnam(), et. al.). +This means that the Samba server must also have the LDAP NSS library installed +and functioning correctly. This division of information makes it possible to +store all Samba account information in LDAP, but still maintain UNIX account +information in NIS while the network is transitioning to a full LDAP infrastructure.

10.5. Configuring Samba with LDAP

10.5.1. OpenLDAP configuration

To include support for the sambaAccount object in an OpenLDAP directory +server, first copy the samba.schema file to slapd's configuration directory.

root# cp samba.schema /etc/openldap/schema/

Next, include the samba.schema file in slapd.conf. +The sambaAccount object contains two attributes which depend upon other schema +files. The 'uid' attribute is defined in cosine.schema and +the 'displayName' attribute is defined in the inetorgperson.schema +file. Both of these must be included before the samba.schema file.

## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....

It is recommended that you maintain some indices on some of the most usefull attributes, +like in the following example, to speed up searches made on sambaAccount objectclasses +(and possibly posixAccount and posixGroup as well).

# Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsambapwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq

10.5.2. Configuring Samba

The following parameters are available in smb.conf only with --with-ldapsam +was included with compiling Samba.

These are described in the smb.conf(5) man +page and so will not be repeated here. However, a sample smb.conf file for +use with an LDAP directory could appear as

## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w secretpw' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"

10.6. Accounts and Groups management

As users accounts are managed thru the sambaAccount objectclass, you should +modify you existing administration tools to deal with sambaAccount attributes.

Machines accounts are managed with the sambaAccount objectclass, just +like users accounts. However, it's up to you to stored thoses accounts +in a different tree of you LDAP namespace: you should use +"ou=Groups,dc=plainjoe,dc=org" to store groups and +"ou=People,dc=plainjoe,dc=org" to store users. Just configure your +NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration +file).

In Samba release 2.2.3, the group management system is based on posix +groups. This meand that Samba make usage of the posixGroup objectclass. +For now, there is no NT-like group system management (global and local +groups).

10.7. Security and sambaAccount

There are two important points to remember when discussing the security +of sambaAccount entries in the directory.

  • Never retrieve the lmPassword or + ntPassword attribute values over an unencrypted LDAP session.

  • Never allow non-admin users to + view the lmPassword or ntPassword attribute values.

These password hashes are clear text equivalents and can be used to impersonate +the user without deriving the original clear text strings. For more information +on the details of LM/NT password hashes, refer to the ENCRYPTION chapter of the Samba-HOWTO-Collection.

To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +to require an encrypted session (ldap ssl = on) using +the default port of 636 +when contacting the directory server. When using an OpenLDAP 2.0 server, it +is possible to use the use the StartTLS LDAP extended operation in the place of +LDAPS. In either case, you are strongly discouraged to disable this security +(ldap ssl = off).

Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS +extended operation. However, the OpenLDAP library still provides support for +the older method of securing communication between clients and servers.

The second security precaution is to prevent non-administrative users from +harvesting password hashes from the directory. This can be done using the +following ACL in slapd.conf:

## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none

10.8. LDAP specials attributes for sambaAccounts

The sambaAccount objectclass is composed of the following attributes:

  • lmPassword: the LANMAN password 16-byte hash stored as a character + representation of a hexidecimal string.

  • ntPassword: the NT password hash 16-byte stored as a character + representation of a hexidecimal string.

  • pwdLastSet: The integer time in seconds since 1970 when the + lmPassword and ntPassword attributes were last set. +

  • acctFlags: string of 11 characters surrounded by square brackets [] + representing account flags such as U (user), W(workstation), X(no password expiration), and + D(disabled).

  • logonTime: Integer value currently unused

  • logoffTime: Integer value currently unused

  • kickoffTime: Integer value currently unused

  • pwdCanChange: Integer value currently unused

  • pwdMustChange: Integer value currently unused

  • homeDrive: specifies the drive letter to which to map the + UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" + where X is the letter of the drive to map. Refer to the "logon drive" parameter in the + smb.conf(5) man page for more information.

  • scriptPath: The scriptPath property specifies the path of + the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path + is relative to the netlogon share. Refer to the "logon script" parameter in the + smb.conf(5) man page for more information.

  • profilePath: specifies a path to the user's profile. + This value can be a null string, a local absolute path, or a UNC path. Refer to the + "logon path" parameter in the smb.conf(5) man page for more information.

  • smbHome: The homeDirectory property specifies the path of + the home directory for the user. The string can be null. If homeDrive is set and specifies + a drive letter, homeDirectory should be a UNC path. The path must be a network + UNC path of the form \\server\share\directory. This value can be a null string. + Refer to the "logon home" parameter in the smb.conf(5) man page for more information. +

  • userWorkstation: character string value currently unused. +

  • rid: the integer representation of the user's relative identifier + (RID).

  • primaryGroupID: the relative identifier (RID) of the primary group + of the user.

The majority of these parameters are only used when Samba is acting as a PDC of +a domain (refer to the Samba-PDC-HOWTO for details on +how to configure Samba as a Primary Domain Controller). The following four attributes +are only stored with the sambaAccount entry if the values are non-default values:

  • smbHome

  • scriptPath

  • logonPath

  • homeDrive

These attributes are only stored with the sambaAccount entry if +the values are non-default values. For example, assume TASHTEGO has now been +configured as a PDC and that logon home = \\%L\%u was defined in +its smb.conf file. When a user named "becky" logons to the domain, +the logon home string is expanded to \\TASHTEGO\becky. +If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", +this value is used. However, if this attribute does not exist, then the value +of the logon home parameter is used in its place. Samba +will only write the attribute value to the directory entry is the value is +something other than the default (e.g. \\MOBY\becky).

10.9. Example LDIF Entries for a sambaAccount

The following is a working LDIF with the inclusion of the posixAccount objectclass:

dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0

The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses:

dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7

10.10. Comments

Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was +last updated to reflect the Samba 2.2.3 release.

Chapter 11. Unified Logons between Windows NT and UNIX using Winbind

11.1. Abstract

Integration of UNIX and Microsoft Windows NT through + a unified logon has been considered a "holy grail" in heterogeneous + computing environments for a long time. We present + winbind, a component of the Samba suite + of programs as a solution to the unified logon problem. Winbind + uses a UNIX implementation + of Microsoft RPC calls, Pluggable Authentication Modules, and the Name + Service Switch to allow Windows NT domain users to appear and operate + as UNIX users on a UNIX machine. This paper describes the winbind + system, explaining the functionality it provides, how it is configured, + and how it works internally.

11.2. Introduction

It is well known that UNIX and Microsoft Windows NT have + different models for representing user and group information and + use different technologies for implementing them. This fact has + made it difficult to integrate the two systems in a satisfactory + manner.

One common solution in use today has been to create + identically named user accounts on both the UNIX and Windows systems + and use the Samba suite of programs to provide file and print services + between the two. This solution is far from perfect however, as + adding and deleting users on both sets of machines becomes a chore + and two sets of passwords are required both of which + can lead to synchronization problems between the UNIX and Windows + systems and confusion for users.

We divide the unified logon problem for UNIX machines into + three smaller problems:

  • Obtaining Windows NT user and group information +

  • Authenticating Windows NT users +

  • Password changing for Windows NT users +

Ideally, a prospective solution to the unified logon problem + would satisfy all the above components without duplication of + information on the UNIX machines and without creating additional + tasks for the system administrator when maintaining users and + groups on either system. The winbind system provides a simple + and elegant solution to all three components of the unified logon + problem.

11.3. What Winbind Provides

Winbind unifies UNIX and Windows NT account management by + allowing a UNIX box to become a full member of a NT domain. Once + this is done the UNIX box will see NT users and groups as if + they were native UNIX users and groups, allowing the NT domain + to be used in much the same manner that NIS+ is used within + UNIX-only environments.

The end result is that whenever any + program on the UNIX machine asks the operating system to lookup + a user or group name, the query will be resolved by asking the + NT domain controller for the specified domain to do the lookup. + Because Winbind hooks into the operating system at a low level + (via the NSS name resolution modules in the C library) this + redirection to the NT domain controller is completely + transparent.

Users on the UNIX machine can then use NT user and group + names as they would use "native" UNIX names. They can chown files + so that they are owned by NT domain users or even login to the + UNIX machine and run a UNIX X-Window session as a domain user.

The only obvious indication that Winbind is being used is + that user and group names take the form DOMAIN\user and + DOMAIN\group. This is necessary as it allows Winbind to determine + that redirection to a domain controller is wanted for a particular + lookup and which trusted domain is being referenced.

Additionally, Winbind provides an authentication service + that hooks into the Pluggable Authentication Modules (PAM) system + to provide authentication via a NT domain to any PAM enabled + applications. This capability solves the problem of synchronizing + passwords between systems since all passwords are stored in a single + location (on the domain controller).

11.3.1. Target Uses

Winbind is targeted at organizations that have an + existing NT based domain infrastructure into which they wish + to put UNIX workstations or servers. Winbind will allow these + organizations to deploy UNIX workstations without having to + maintain a separate account infrastructure. This greatly + simplifies the administrative overhead of deploying UNIX + workstations into a NT based organization.

Another interesting way in which we expect Winbind to + be used is as a central part of UNIX based appliances. Appliances + that provide file and print services to Microsoft based networks + will be able to use Winbind to provide seamless integration of + the appliance into the domain.

11.4. How Winbind Works

The winbind system is designed around a client/server + architecture. A long running winbindd daemon + listens on a UNIX domain socket waiting for requests + to arrive. These requests are generated by the NSS and PAM + clients and processed sequentially.

The technologies used to implement winbind are described + in detail below.

11.4.1. Microsoft Remote Procedure Calls

Over the last two years, efforts have been underway + by various Samba Team members to decode various aspects of + the Microsoft Remote Procedure Call (MSRPC) system. This + system is used for most network related operations between + Windows NT machines including remote management, user authentication + and print spooling. Although initially this work was done + to aid the implementation of Primary Domain Controller (PDC) + functionality in Samba, it has also yielded a body of code which + can be used for other purposes.

Winbind uses various MSRPC calls to enumerate domain users + and groups and to obtain detailed information about individual + users or groups. Other MSRPC calls can be used to authenticate + NT domain users and to change user passwords. By directly querying + a Windows PDC for user and group information, winbind maps the + NT account information onto UNIX user and group names.

11.4.2. Name Service Switch

The Name Service Switch, or NSS, is a feature that is + present in many UNIX operating systems. It allows system + information such as hostnames, mail aliases and user information + to be resolved from different sources. For example, a standalone + UNIX workstation may resolve system information from a series of + flat files stored on the local filesystem. A networked workstation + may first attempt to resolve system information from local files, + and then consult a NIS database for user information or a DNS server + for hostname information.

The NSS application programming interface allows winbind + to present itself as a source of system information when + resolving UNIX usernames and groups. Winbind uses this interface, + and information obtained from a Windows NT server using MSRPC + calls to provide a new source of account enumeration. Using standard + UNIX library calls, one can enumerate the users and groups on + a UNIX machine running winbind and see all users and groups in + a NT domain plus any trusted domain as though they were local + users and groups.

The primary control file for NSS is + /etc/nsswitch.conf. + When a UNIX application makes a request to do a lookup + the C library looks in /etc/nsswitch.conf + for a line which matches the service type being requested, for + example the "passwd" service type is used when user or group names + are looked up. This config line species which implementations + of that service should be tried and in what order. If the passwd + config line is:

passwd: files example

then the C library will first load a module called + /lib/libnss_files.so followed by + the module /lib/libnss_example.so. The + C library will dynamically load each of these modules in turn + and call resolver functions within the modules to try to resolve + the request. Once the request is resolved the C library returns the + result to the application.

This NSS interface provides a very easy way for Winbind + to hook into the operating system. All that needs to be done + is to put libnss_winbind.so in /lib/ + then add "winbind" into /etc/nsswitch.conf at + the appropriate place. The C library will then call Winbind to + resolve user and group names.

11.4.3. Pluggable Authentication Modules

Pluggable Authentication Modules, also known as PAM, + is a system for abstracting authentication and authorization + technologies. With a PAM module it is possible to specify different + authentication methods for different system applications without + having to recompile these applications. PAM is also useful + for implementing a particular policy for authorization. For example, + a system administrator may only allow console logins from users + stored in the local password file but only allow users resolved from + a NIS database to log in over the network.

Winbind uses the authentication management and password + management PAM interface to integrate Windows NT users into a + UNIX system. This allows Windows NT users to log in to a UNIX + machine and be authenticated against a suitable Primary Domain + Controller. These users can also change their passwords and have + this change take effect directly on the Primary Domain Controller. +

PAM is configured by providing control files in the directory + /etc/pam.d/ for each of the services that + require authentication. When an authentication request is made + by an application the PAM code in the C library looks up this + control file to determine what modules to load to do the + authentication check and in what order. This interface makes adding + a new authentication service for Winbind very easy, all that needs + to be done is that the pam_winbind.so module + is copied to /lib/security/ and the PAM + control files for relevant services are updated to allow + authentication via winbind. See the PAM documentation + for more details.

11.4.4. User and Group ID Allocation

When a user or group is created under Windows NT + is it allocated a numerical relative identifier (RID). This is + slightly different to UNIX which has a range of numbers that are + used to identify users, and the same range in which to identify + groups. It is winbind's job to convert RIDs to UNIX id numbers and + vice versa. When winbind is configured it is given part of the UNIX + user id space and a part of the UNIX group id space in which to + store Windows NT users and groups. If a Windows NT user is + resolved for the first time, it is allocated the next UNIX id from + the range. The same process applies for Windows NT groups. Over + time, winbind will have mapped all Windows NT users and groups + to UNIX user ids and group ids.

The results of this mapping are stored persistently in + an ID mapping database held in a tdb database). This ensures that + RIDs are mapped to UNIX IDs in a consistent way.

11.4.5. Result Caching

An active system can generate a lot of user and group + name lookups. To reduce the network cost of these lookups winbind + uses a caching scheme based on the SAM sequence number supplied + by NT domain controllers. User or group information returned + by a PDC is cached by winbind along with a sequence number also + returned by the PDC. This sequence number is incremented by + Windows NT whenever any user or group information is modified. If + a cached entry has expired, the sequence number is requested from + the PDC and compared against the sequence number of the cached entry. + If the sequence numbers do not match, then the cached information + is discarded and up to date information is requested directly + from the PDC.

11.5. Installation and Configuration

Many thanks to John Trostel jtrostel@snapserver.com +for providing the HOWTO for this section.

This HOWTO describes how to get winbind services up and running +to control access and authenticate users on your Linux box using +the winbind services which come with SAMBA 2.2.2.

11.5.1. Introduction

This HOWTO describes the procedures used to get winbind up and +running on my RedHat 7.1 system. Winbind is capable of providing access +and authentication control for Windows Domain users through an NT +or Win2K PDC for 'regular' services, such as telnet a nd ftp, as +well for SAMBA services.

This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution, you may have to modify the instructions +somewhat to fit the way your distribution works.

  • Why should I to this? +

    This allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate + accounts on the SAMBA server. +

  • Who should be reading this document? +

    This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) + integrate existing NT/Win2K users from your PDC onto the + SAMBA server, this HOWTO is for you. That said, I am no NT or PAM + expert, so you may find a better or easier way to accomplish + these tasks. +

11.5.2. Requirements

If you have a samba configuration file that you are currently +using... BACK IT UP! If your system already uses PAM, +back up the /etc/pam.d directory +contents! If you haven't already made a boot disk, +MAKE ONE NOW!

Messing with the pam configuration files can make it nearly impossible +to log in to yourmachine. That's why you want to be able to boot back +into your machine in single user mode and restore your +/etc/pam.d back to the original state they were in if +you get frustrated with the way things are going. ;-)

The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +main SAMBA web page or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code.

To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your +SAMBA machine, PAM (pluggable authentication modules) must +be setup properly on your machine. In order to compile the +winbind modules, you should have at least the pam libraries resident +on your system. For recent RedHat systems (7.1, for instance), that +means pam-0.74-22. For best results, it is helpful to also +install the development packages in pam-devel-0.74-22.

11.5.3. Testing Things Out

Before starting, it is probably best to kill off all the SAMBA +related daemons running on your server. Kill off all smbd, +nmbd, and winbindd processes that may +be running. To use PAM, you will want to make sure that you have the +standard PAM package (for RedHat) which supplies the /etc/pam.d +directory structure, including the pam modules are used by pam-aware +services, several pam libraries, and the /usr/doc +and /usr/man entries for pam. Winbind built better +in SAMBA if the pam-devel package was also installed. This package includes +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both pam-0.74-22 and +pam-devel-0.74-22 RPMs installed.

11.5.3.1. Configure and compile SAMBA

The configuration and compilation of SAMBA is pretty straightforward. +The first three steps may not be necessary depending upon +whether or not you have previously built the Samba binaries.

root# autoconf
+root# make clean
+root# rm config.cache
+root# ./configure --with-winbind
+root# make
+root# make install

This will, by default, install SAMBA in /usr/local/samba. +See the main SAMBA documentation if you want to install SAMBA somewhere else. +It will also build the winbindd executable and libraries.

11.5.3.2. Configure nsswitch.conf and the +winbind libraries

The libraries needed to run the winbindd daemon +through nsswitch need to be copied to their proper locations, so

root# cp ../samba/source/nsswitch/libnss_winbind.so /lib

I also found it necessary to make the following symbolic link:

root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

Now, as root you need to edit /etc/nsswitch.conf to +allow user and group entries to be visible from the winbindd +daemon. My /etc/nsswitch.conf file look like +this after editing:

	passwd:     files winbind
+	shadow:     files 
+	group:      files winbind

+The libraries needed by the winbind daemon will be automatically +entered into the ldconfig cache the next time +your system reboots, but it +is faster (and you don't need to reboot) if you do it manually:

root# /sbin/ldconfig -v | grep winbind

This makes libnss_winbind available to winbindd +and echos back a check to you.

11.5.3.3. Configure smb.conf

Several parameters are needed in the smb.conf file to control +the behavior of winbindd. Configure +smb.conf These are described in more detail in +the winbindd(8) man page. My +smb.conf file was modified to +include the following entries in the [global] section:

[global]
+     <...>
+     # separate domain and username with '+', like DOMAIN+username
+     winbind separator = +
+     # use uids from 10000 to 20000 for domain users
+     winbind uid = 10000-20000
+     # use gids from 10000 to 20000 for domain groups
+     winbind gid = 10000-20000
+     # allow enumeration of winbind users and groups
+     winbind enum users = yes
+     winbind enum groups = yes
+     # give winbind users a real shell (only needed if they have telnet access)
+     template homedir = /home/winnt/%D/%U
+     template shell = /bin/bash

11.5.3.4. Join the SAMBA server to the PDC domain

Enter the following command to make the SAMBA server join the +PDC domain, where DOMAIN is the name of +your Windows domain and Administrator is +a domain user who has administrative privileges in the domain.

root# /usr/local/samba/bin/net rpc join -s PDC -U Administrator

The proper response to the command should be: "Joined the domain +DOMAIN" where DOMAIN +is your DOMAIN name.

11.5.3.5. Start up the winbindd daemon and test it!

Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of +SAMBA start, but it is possible to test out just the winbind +portion first. To start up winbind services, enter the following +command as root:

root# /usr/local/samba/bin/winbindd

I'm always paranoid and like to make sure the daemon +is really running...

root# ps -ae | grep winbindd

This command should produce output like this, if the daemon is running

3025 ? 00:00:00 winbindd

Now... for the real test, try to get some information about the +users on your PDC

root# /usr/local/samba/bin/wbinfo -u

+This should echo back a list of users on your Windows users on +your PDC. For example, I get the following response:

CEO+Administrator
+CEO+burdell
+CEO+Guest
+CEO+jt-ad
+CEO+krbtgt
+CEO+TsInternetUser

Obviously, I have named my domain 'CEO' and my winbind +separator is '+'.

You can do the same sort of thing to get group information from +the PDC:

root# /usr/local/samba/bin/wbinfo -g
+CEO+Domain Admins
+CEO+Domain Users
+CEO+Domain Guests
+CEO+Domain Computers
+CEO+Domain Controllers
+CEO+Cert Publishers
+CEO+Schema Admins
+CEO+Enterprise Admins
+CEO+Group Policy Creator Owners

The function 'getent' can now be used to get unified +lists of both local and PDC users and groups. +Try the following command:

root# getent passwd

You should get a list that looks like your /etc/passwd +list followed by the domain users with their new uids, gids, home +directories and default shells.

The same thing can be done for groups with the command

root# getent group

11.5.3.6. Fix the /etc/rc.d/init.d/smb startup files

The winbindd daemon needs to start up after the +smbd and nmbd daemons are running. +To accomplish this task, you need to modify the /etc/init.d/smb +script to add commands to invoke this daemon in the proper sequence. My +/etc/init.d/smb file starts up smbd, +nmbd, and winbindd from the +/usr/local/samba/bin directory directly. The 'start' +function in the script looks like this:

start() {
+        KIND="SMB"
+        echo -n $"Starting $KIND services: "
+        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
+        RETVAL=$?
+        echo
+        KIND="NMB"
+        echo -n $"Starting $KIND services: "
+        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
+        RETVAL2=$?
+        echo
+        KIND="Winbind"
+        echo -n $"Starting $KIND services: "
+        daemon /usr/local/samba/bin/winbindd
+        RETVAL3=$?
+        echo
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \
+           RETVAL=1
+        return $RETVAL
+}

The 'stop' function has a corresponding entry to shut down the +services and look s like this:

stop() {
+        KIND="SMB"
+        echo -n $"Shutting down $KIND services: "
+        killproc smbd
+        RETVAL=$?
+        echo
+        KIND="NMB"
+        echo -n $"Shutting down $KIND services: "
+        killproc nmbd
+        RETVAL2=$?
+        echo
+        KIND="Winbind"
+        echo -n $"Shutting down $KIND services: "
+        killproc winbindd
+        RETVAL3=$?
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb
+        echo ""
+        return $RETVAL
+}

If you restart the smbd, nmbd, +and winbindd daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user.

11.5.3.7. Configure Winbind and PAM

If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in +this step. (Did you remember to make backups of your original +/etc/pam.d files? If not, do it now.)

You will need a pam module to use winbindd with these other services. This +module will be compiled in the ../source/nsswitch directory +by invoking the command

root# make nsswitch/pam_winbind.so

from the ../source directory. The +pam_winbind.so file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +/lib/security directory.

root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security

The /etc/pam.d/samba file does not need to be changed. I +just left this fileas it was:

auth    required        /lib/security/pam_stack.so service=system-auth
+account required        /lib/security/pam_stack.so service=system-auth

The other services that I modified to allow the use of winbind +as an authentication service were the normal login on the console (or a terminal +session), telnet logins, and ftp service. In order to enable these +services, you may first need to change the entries in +/etc/xinetd.d (or /etc/inetd.conf). +RedHat 7.1 uses the new xinetd.d structure, in this case you need +to change the lines in /etc/xinetd.d/telnet +and /etc/xinetd.d/wu-ftp from 

enable = no

to

enable = yes

+For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on +the server, or change the home directory template to a general +directory for all domain users. These can be easily set using +the smb.conf global entry +template homedir.

The /etc/pam.d/ftp file can be changed +to allow winbind ftp access in a manner similar to the +samba file. My /etc/pam.d/ftp file was +changed to look like this:

auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       sufficient   /lib/security/pam_winbind.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_shells.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth

The /etc/pam.d/login file can be changed nearly the +same way. It now looks like this:

auth       required     /lib/security/pam_securetty.so
+auth       sufficient   /lib/security/pam_winbind.so
+auth       sufficient   /lib/security/pam_unix.so use_first_pass
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so

In this case, I added the auth sufficient /lib/security/pam_winbind.so +lines as before, but also added the required pam_securetty.so +above it, to disallow root logins over the network. I also added a +sufficient /lib/security/pam_unix.so use_first_pass +line after the winbind.so line to get rid of annoying +double prompts for passwords.

11.6. Limitations

Winbind has a number of limitations in its current + released version that we hope to overcome in future + releases:

  • Winbind is currently only available for + the Linux operating system, although ports to other operating + systems are certainly possible. For such ports to be feasible, + we require the C library of the target operating system to + support the Name Service Switch and Pluggable Authentication + Modules systems. This is becoming more common as NSS and + PAM gain support among UNIX vendors.

  • The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file + containing this information is corrupted or destroyed.

  • Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions + that may be been set for Windows NT users.

11.7. Conclusion

The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network.

Chapter 12. OS2 Client HOWTO

12.1. FAQs

12.1.1. How can I configure OS/2 Warp Connect or + OS/2 Warp 4 as a client for Samba?

A more complete answer to this question can be + found on http://carol.wins.uva.nl/~leeuw/samba/warp.html.

Basically, you need three components:

  • The File and Print Client ('IBM Peer') +

  • TCP/IP ('Internet support') +

  • The "NetBIOS over TCP/IP" driver ('TCPBEUI') +

Installing the first two together with the base operating + system on a blank system is explained in the Warp manual. If Warp + has already been installed, but you now want to install the + networking support, use the "Selective Install for Networking" + object in the "System Setup" folder.

Adding the "NetBIOS over TCP/IP" driver is not described + in the manual and just barely in the online documentation. Start + MPTS.EXE, click on OK, click on "Configure LAPS" and click + on "IBM OS/2 NETBIOS OVER TCP/IP" in 'Protocols'. This line + is then moved to 'Current Configuration'. Select that line, + click on "Change number" and increase it from 0 to 1. Save this + configuration.

If the Samba server(s) is not on your local subnet, you + can optionally add IP names and addresses of these servers + to the "Names List", or specify a WINS server ('NetBIOS + Nameserver' in IBM and RFC terminology). For Warp Connect you + may need to download an update for 'IBM Peer' to bring it on + the same level as Warp 4. See the webpage mentioned above.

12.1.2. How can I configure OS/2 Warp 3 (not Connect), + OS/2 1.2, 1.3 or 2.x for Samba?

You can use the free Microsoft LAN Manager 2.2c Client + for OS/2 from + ftp://ftp.microsoft.com/BusSys/Clients/LANMAN.OS2/. + See http://carol.wins.uva.nl/~leeuw/lanman.html for + more information on how to install and use this client. In + a nutshell, edit the file \OS2VER in the root directory of + the OS/2 boot partition and add the lines:

		20=setup.exe
+		20=netwksta.sys
+		20=netvdd.sys
+

before you install the client. Also, don't use the + included NE2000 driver because it is buggy. Try the NE2000 + or NS2000 driver from + ftp://ftp.cdrom.com/pub/os2/network/ndis/ instead. +

12.1.3. Are there any other issues when OS/2 (any version) + is used as a client?

When you do a NET VIEW or use the "File and Print + Client Resource Browser", no Samba servers show up. This can + be fixed by a patch from http://carol.wins.uva.nl/~leeuw/samba/fix.html. + The patch will be included in a later version of Samba. It also + fixes a couple of other problems, such as preserving long + filenames when objects are dragged from the Workplace Shell + to the Samba server.

12.1.4. How do I get printer driver download working + for OS/2 clients?

First, create a share called [PRINTDRV] that is + world-readable. Copy your OS/2 driver files there. Note + that the .EA_ files must still be separate, so you will need + to use the original install files, and not copy an installed + driver from an OS/2 system.

Install the NT driver first for that printer. Then, + add to your smb.conf a parameter, "os2 driver map = + filename". Then, in the file + specified by filename, map the + name of the NT driver name to the OS/2 driver name as + follows:

<nt driver name> = <os2 driver + name>.<device name>, e.g.: + HP LaserJet 5L = LASERJET.HP LaserJet 5L

You can have multiple drivers mapped in this file.

If you only specify the OS/2 driver name, and not the + device name, the first attempt to download the driver will + actually download the files, but the OS/2 client will tell + you the driver is not available. On the second attempt, it + will work. This is fixed simply by adding the device name + to the mapping, after which it will work on the first attempt. +

Chapter 13. HOWTO Access Samba source code via CVS

13.1. Introduction

Samba is developed in an open environment. Developers use CVS +(Concurrent Versioning System) to "checkin" (also known as +"commit") new source code. Samba's various CVS branches can +be accessed via anonymous CVS using the instructions +detailed in this chapter.

This document is a modified version of the instructions found at +http://samba.org/samba/cvs.html

13.2. CVS Access to samba.org

The machine samba.org runs a publicly accessible CVS +repository for access to the source code of several packages, +including samba, rsync and jitterbug. There are two main ways of +accessing the CVS server on this host.

13.2.1. Access via CVSweb

You can access the source code via your +favourite WWW browser. This allows you to access the contents of +individual files in the repository and also to look at the revision +history and commit logs of individual files. You can also ask for a diff +listing between any two versions on the repository.

Use the URL : http://samba.org/cgi-bin/cvsweb

13.2.2. Access via cvs

You can also access the source code via a +normal cvs client. This gives you much more control over you can +do with the repository and allows you to checkout whole source trees +and keep them up to date via normal cvs commands. This is the +preferred method of access if you are a developer and not +just a casual browser.

To download the latest cvs source code, point your +browser at the URL : http://www.cyclic.com/. +and click on the 'How to get cvs' link. CVS is free software under +the GNU GPL (as is Samba). Note that there are several graphical CVS clients +which provide a graphical interface to the sometimes mundane CVS commands. +Links to theses clients are also available from http://www.cyclic.com.

To gain access via anonymous cvs use the following steps. +For this example it is assumed that you want a copy of the +samba source code. For the other source code repositories +on this system just substitute the correct package name

  1. Install a recent copy of cvs. All you really need is a + copy of the cvs client binary. +

  2. Run the command +

    cvs -d :pserver:cvs@samba.org:/cvsroot login +

    When it asks you for a password type cvs. +

  3. Run the command +

    cvs -d :pserver:cvs@samba.org:/cvsroot co samba +

    This will create a directory called samba containing the + latest samba source code (i.e. the HEAD tagged cvs branch). This + currently corresponds to the 3.0 development tree. +

    CVS branches other HEAD can be obtained by using the -r + and defining a tag name. A list of branch tag names can be found on the + "Development" page of the samba web site. A common request is to obtain the + latest 2.2 release code. This could be done by using the following command. +

    cvs -d :pserver:cvs@samba.org:/cvsroot co -r SAMBA_2_2 samba +

  4. Whenever you want to merge in the latest code changes use + the following command from within the samba directory: +

    cvs update -d -P +

Index

Primary Domain Controller, + Background +
\ No newline at end of file diff --git a/docs/htmldocs/Samba-LDAP-HOWTO.html b/docs/htmldocs/Samba-LDAP-HOWTO.html new file mode 100644 index 00000000000..3fb4e1df096 --- /dev/null +++ b/docs/htmldocs/Samba-LDAP-HOWTO.html @@ -0,0 +1,891 @@ +Storing Samba's User/Machine Account information in an LDAP Directory

Purpose

This document describes how to use an LDAP directory for storing Samba user +account information traditionally stored in the smbpasswd(5) file. It is +assumed that the reader already has a basic understanding of LDAP concepts +and has a working directory server already installed. For more information +on LDAP architectures and Directories, please refer to the following sites.

Note that O'Reilly Publishing is working on +a guide to LDAP for System Administrators which has a planned release date of +early summer, 2002.

Two additional Samba resources which may prove to be helpful are

  • The Samba-PDC-LDAP-HOWTO + maintained by Ignacio Coupeau.

  • The NT migration scripts from IDEALX that are + geared to manage users and group in such a Samba-LDAP Domain Controller configuration. +

Introduction

Traditionally, when configuring "encrypt +passwords = yes" in Samba's smb.conf file, user account +information such as username, LM/NT password hashes, password change times, and account +flags have been stored in the smbpasswd(5) file. There are several +disadvantages to this approach for sites with very large numbers of users (counted +in the thousands).

  • The first is that all lookups must be performed sequentially. Given that +there are approximately two lookups per domain logon (one for a normal +session connection such as when mapping a network drive or printer), this +is a performance bottleneck for lareg sites. What is needed is an indexed approach +such as is used in databases.

  • The second problem is that administrators who desired to replicate a +smbpasswd file to more than one Samba server were left to use external +tools such as rsync(1) and ssh(1) +and wrote custom, in-house scripts.

  • And finally, the amount of information which is stored in an +smbpasswd entry leaves no room for additional attributes such as +a home directory, password expiration time, or even a Relative +Identified (RID).

As a result of these defeciencies, a more robust means of storing user attributes +used by smbd was developed. The API which defines access to user accounts +is commonly referred to as the samdb interface (previously this was called the passdb +API, and is still so named in the CVS trees). In Samba 2.2.3, enabling support +for a samdb backend (e.g. --with-ldapsam or +--with-tdbsam) requires compile time support.

When compiling Samba to include the --with-ldapsam autoconf +option, smbd (and associated tools) will store and lookup user accounts in +an LDAP directory. In reality, this is very easy to understand. If you are +comfortable with using an smbpasswd file, simply replace "smbpasswd" with +"LDAP directory" in all the documentation.

There are a few points to stress about what the --with-ldapsam +does not provide. The LDAP support referred to in the this documentation does not +include:

  • A means of retrieving user account information from + an Windows 2000 Active Directory server.

  • A means of replacing /etc/passwd.

The second item can be accomplished by using LDAP NSS and PAM modules. LGPL +versions of these libraries can be obtained from PADL Software +(http://www.padl.com/). However, +the details of configuring these packages are beyond the scope of this document.

Supported LDAP Servers

The LDAP samdb code in 2.2.3 has been developed and tested using the OpenLDAP +2.0 server and client libraries. The same code should be able to work with +Netscape's Directory Server and client SDK. However, due to lack of testing +so far, there are bound to be compile errors and bugs. These should not be +hard to fix. If you are so inclined, please be sure to forward all patches to +samba-patches@samba.org and +jerry@samba.org.

Schema and Relationship to the RFC 2307 posixAccount

Samba 2.2.3 includes the necessary schema file for OpenLDAP 2.0 in +examples/LDAP/samba.schema. (Note that this schema +file has been modified since the experimental support initially included +in 2.2.2). The sambaAccount objectclass is given here:

objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+     DESC 'Samba Account'
+     MUST ( uid $ rid )
+     MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+            logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+            displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+            description $ userWorkstations $ primaryGroupID $ domain ))

The samba.schema file has been formatted for OpenLDAP 2.0. The OID's are +owned by the Samba Team and as such is legal to be openly published. +If you translate the schema to be used with Netscape DS, please +submit the modified schema file as a patch to jerry@samba.org

Just as the smbpasswd file is mean to store information which supplements a +user's /etc/passwd entry, so is the sambaAccount object +meant to supplement the UNIX user account information. A sambaAccount is a +STRUCTURAL objectclass so it can be stored individually +in the directory. However, there are several fields (e.g. uid) which overlap +with the posixAccount objectclass outlined in RFC2307. This is by design.

In order to store all user account information (UNIX and Samba) in the directory, +it is necessary to use the sambaAccount and posixAccount objectclasses in +combination. However, smbd will still obtain the user's UNIX account +information via the standard C library calls (e.g. getpwnam(), et. al.). +This means that the Samba server must also have the LDAP NSS library installed +and functioning correctly. This division of information makes it possible to +store all Samba account information in LDAP, but still maintain UNIX account +information in NIS while the network is transitioning to a full LDAP infrastructure.

Configuring Samba with LDAP

OpenLDAP configuration

To include support for the sambaAccount object in an OpenLDAP directory +server, first copy the samba.schema file to slapd's configuration directory.

root# cp samba.schema /etc/openldap/schema/

Next, include the samba.schema file in slapd.conf. +The sambaAccount object contains two attributes which depend upon other schema +files. The 'uid' attribute is defined in cosine.schema and +the 'displayName' attribute is defined in the inetorgperson.schema +file. Both of these must be included before the samba.schema file.

## /etc/openldap/slapd.conf
+
+## schema files (core.schema is required by default)
+include	           /etc/openldap/schema/core.schema
+
+## needed for sambaAccount
+include            /etc/openldap/schema/cosine.schema
+include            /etc/openldap/schema/inetorgperson.schema
+include            /etc/openldap/schema/samba.schema
+
+## uncomment this line if you want to support the RFC2307 (NIS) schema
+## include         /etc/openldap/schema/nis.schema
+
+....

It is recommended that you maintain some indices on some of the most usefull attributes, +like in the following example, to speed up searches made on sambaAccount objectclasses +(and possibly posixAccount and posixGroup as well).

# Indices to maintain
+## required by OpenLDAP 2.0
+index objectclass   eq
+
+## support pb_getsampwnam()
+index uid           pres,eq
+## support pdb_getsambapwrid()
+index rid           eq
+
+## uncomment these if you are storing posixAccount and
+## posixGroup entries in the directory as well
+##index uidNumber     eq
+##index gidNumber     eq
+##index cn            eq
+##index memberUid     eq

Configuring Samba

The following parameters are available in smb.conf only with --with-ldapsam +was included with compiling Samba.

These are described in the smb.conf(5) man +page and so will not be repeated here. However, a sample smb.conf file for +use with an LDAP directory could appear as

## /usr/local/samba/lib/smb.conf
+[global]
+     security = user
+     encrypt passwords = yes
+
+     netbios name = TASHTEGO
+     workgroup = NARNIA
+
+     # ldap related parameters
+
+     # define the DN to use when binding to the directory servers
+     # The password for this DN is not stored in smb.conf.  Rather it
+     # must be set by using 'smbpasswd -w secretpw' to store the
+     # passphrase in the secrets.tdb file.  If the "ldap admin dn" values
+     # changes, this password will need to be reset.
+     ldap admin dn = "cn=Samba Manager,ou=people,dc=samba,dc=org"
+
+     #  specify the LDAP server's hostname (defaults to locahost)
+     ldap server = ahab.samba.org
+
+     # Define the SSL option when connecting to the directory
+     # ('off', 'start tls', or 'on' (default))
+     ldap ssl = start tls
+
+     # define the port to use in the LDAP session (defaults to 636 when
+     # "ldap ssl = on")
+     ldap port = 389
+
+     # specify the base DN to use when searching the directory
+     ldap suffix = "ou=people,dc=samba,dc=org"
+
+     # generally the default ldap search filter is ok
+     # ldap filter = "(&(uid=%u)(objectclass=sambaAccount))"

Accounts and Groups management

As users accounts are managed thru the sambaAccount objectclass, you should +modify you existing administration tools to deal with sambaAccount attributes.

Machines accounts are managed with the sambaAccount objectclass, just +like users accounts. However, it's up to you to stored thoses accounts +in a different tree of you LDAP namespace: you should use +"ou=Groups,dc=plainjoe,dc=org" to store groups and +"ou=People,dc=plainjoe,dc=org" to store users. Just configure your +NSS and PAM accordingly (usually, in the /etc/ldap.conf configuration +file).

In Samba release 2.2.3, the group management system is based on posix +groups. This meand that Samba make usage of the posixGroup objectclass. +For now, there is no NT-like group system management (global and local +groups).

Security and sambaAccount

There are two important points to remember when discussing the security +of sambaAccount entries in the directory.

  • Never retrieve the lmPassword or + ntPassword attribute values over an unencrypted LDAP session.

  • Never allow non-admin users to + view the lmPassword or ntPassword attribute values.

These password hashes are clear text equivalents and can be used to impersonate +the user without deriving the original clear text strings. For more information +on the details of LM/NT password hashes, refer to the ENCRYPTION chapter of the Samba-HOWTO-Collection.

To remedy the first security issue, the "ldap ssl" smb.conf parameter defaults +to require an encrypted session (ldap ssl = on) using +the default port of 636 +when contacting the directory server. When using an OpenLDAP 2.0 server, it +is possible to use the use the StartTLS LDAP extended operation in the place of +LDAPS. In either case, you are strongly discouraged to disable this security +(ldap ssl = off).

Note that the LDAPS protocol is deprecated in favor of the LDAPv3 StartTLS +extended operation. However, the OpenLDAP library still provides support for +the older method of securing communication between clients and servers.

The second security precaution is to prevent non-administrative users from +harvesting password hashes from the directory. This can be done using the +following ACL in slapd.conf:

## allow the "ldap admin dn" access, but deny everyone else
+access to attrs=lmPassword,ntPassword
+     by dn="cn=Samba Admin,ou=people,dc=plainjoe,dc=org" write
+     by * none

LDAP specials attributes for sambaAccounts

The sambaAccount objectclass is composed of the following attributes:

  • lmPassword: the LANMAN password 16-byte hash stored as a character + representation of a hexidecimal string.

  • ntPassword: the NT password hash 16-byte stored as a character + representation of a hexidecimal string.

  • pwdLastSet: The integer time in seconds since 1970 when the + lmPassword and ntPassword attributes were last set. +

  • acctFlags: string of 11 characters surrounded by square brackets [] + representing account flags such as U (user), W(workstation), X(no password expiration), and + D(disabled).

  • logonTime: Integer value currently unused

  • logoffTime: Integer value currently unused

  • kickoffTime: Integer value currently unused

  • pwdCanChange: Integer value currently unused

  • pwdMustChange: Integer value currently unused

  • homeDrive: specifies the drive letter to which to map the + UNC path specified by homeDirectory. The drive letter must be specified in the form "X:" + where X is the letter of the drive to map. Refer to the "logon drive" parameter in the + smb.conf(5) man page for more information.

  • scriptPath: The scriptPath property specifies the path of + the user's logon script, .CMD, .EXE, or .BAT file. The string can be null. The path + is relative to the netlogon share. Refer to the "logon script" parameter in the + smb.conf(5) man page for more information.

  • profilePath: specifies a path to the user's profile. + This value can be a null string, a local absolute path, or a UNC path. Refer to the + "logon path" parameter in the smb.conf(5) man page for more information.

  • smbHome: The homeDirectory property specifies the path of + the home directory for the user. The string can be null. If homeDrive is set and specifies + a drive letter, homeDirectory should be a UNC path. The path must be a network + UNC path of the form \\server\share\directory. This value can be a null string. + Refer to the "logon home" parameter in the smb.conf(5) man page for more information. +

  • userWorkstation: character string value currently unused. +

  • rid: the integer representation of the user's relative identifier + (RID).

  • primaryGroupID: the relative identifier (RID) of the primary group + of the user.

The majority of these parameters are only used when Samba is acting as a PDC of +a domain (refer to the Samba-PDC-HOWTO for details on +how to configure Samba as a Primary Domain Controller). The following four attributes +are only stored with the sambaAccount entry if the values are non-default values:

  • smbHome

  • scriptPath

  • logonPath

  • homeDrive

These attributes are only stored with the sambaAccount entry if +the values are non-default values. For example, assume TASHTEGO has now been +configured as a PDC and that logon home = \\%L\%u was defined in +its smb.conf file. When a user named "becky" logons to the domain, +the logon home string is expanded to \\TASHTEGO\becky. +If the smbHome attribute exists in the entry "uid=becky,ou=people,dc=samba,dc=org", +this value is used. However, if this attribute does not exist, then the value +of the logon home parameter is used in its place. Samba +will only write the attribute value to the directory entry is the value is +something other than the default (e.g. \\MOBY\becky).

Example LDIF Entries for a sambaAccount

The following is a working LDIF with the inclusion of the posixAccount objectclass:

dn: uid=guest2, ou=people,dc=plainjoe,dc=org
+ntPassword: 878D8014606CDA29677A44EFA1353FC7
+pwdMustChange: 2147483647
+primaryGroupID: 1201
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+pwdLastSet: 1010179124
+logonTime: 0
+objectClass: sambaAccount
+uid: guest2
+kickoffTime: 2147483647
+acctFlags: [UX         ]
+logoffTime: 2147483647
+rid: 19006
+pwdCanChange: 0

The following is an LDIF entry for using both the sambaAccount and +posixAccount objectclasses:

dn: uid=gcarter, ou=people,dc=plainjoe,dc=org
+logonTime: 0
+displayName: Gerald Carter
+lmPassword: 552902031BEDE9EFAAD3B435B51404EE
+primaryGroupID: 1201
+objectClass: posixAccount
+objectClass: sambaAccount
+acctFlags: [UX         ]
+userPassword: {crypt}BpM2ej8Rkzogo
+uid: gcarter
+uidNumber: 9000
+cn: Gerald Carter
+loginShell: /bin/bash
+logoffTime: 2147483647
+gidNumber: 100
+kickoffTime: 2147483647
+pwdLastSet: 1010179230
+rid: 19000
+homeDirectory: /home/tashtego/gcarter
+pwdCanChange: 0
+pwdMustChange: 2147483647
+ntPassword: 878D8014606CDA29677A44EFA1353FC7

Comments

Please mail all comments regarding this HOWTO to jerry@samba.org. This documents was +last updated to reflect the Samba 2.2.3 release.

\ No newline at end of file diff --git a/docs/htmldocs/Samba-PDC-HOWTO.html b/docs/htmldocs/Samba-PDC-HOWTO.html new file mode 100644 index 00000000000..58f3989b4f0 --- /dev/null +++ b/docs/htmldocs/Samba-PDC-HOWTO.html @@ -0,0 +1,2284 @@ +How to Configure Samba 2.2 as a Primary Domain Controller

Prerequisite Reading

Before you continue reading in this chapter, please make sure +that you are comfortable with configuring basic files services +in smb.conf and how to enable and administer password +encryption in Samba. Theses two topics are covered in the +smb.conf(5) +manpage and the Encryption chapter +of this HOWTO Collection.

Background

Note: Author's Note: This document is a combination +of David Bannon's "Samba 2.2 PDC HOWTO" and "Samba NT Domain FAQ". +Both documents are superseded by this one.

Versions of Samba prior to release 2.2 had marginal capabilities to act +as a Windows NT 4.0 Primary Domain Controller + +(PDC). With Samba 2.2.0, we are proud to announce official support for +Windows NT 4.0-style domain logons from Windows NT 4.0 and Windows +2000 clients. This article outlines the steps +necessary for configuring Samba as a PDC. It is necessary to have a +working Samba server prior to implementing the PDC functionality. If +you have not followed the steps outlined in UNIX_INSTALL.html, please make sure +that your server is configured correctly before proceeding. Another +good resource in the smb.conf(5) man +page. The following functionality should work in 2.2:

  • domain logons for Windows NT 4.0/2000 clients. +

  • placing a Windows 9x client in user level security +

  • retrieving a list of users and groups from a Samba PDC to + Windows 9x/NT/2000 clients +

  • roving (roaming) user profiles +

  • Windows NT 4.0-style system policies +

The following pieces of functionality are not included in the 2.2 release:

  • Windows NT 4 domain trusts +

  • SAM replication with Windows NT 4.0 Domain Controllers + (i.e. a Samba PDC and a Windows NT BDC or vice versa) +

  • Adding users via the User Manager for Domains +

  • Acting as a Windows 2000 Domain Controller (i.e. Kerberos and + Active Directory) +

Please note that Windows 9x clients are not true members of a domain +for reasons outlined in this article. Therefore the protocol for +support Windows 9x-style domain logons is completely different +from NT4 domain logons and has been officially supported for some +time.

Implementing a Samba PDC can basically be divided into 2 broad +steps.

  1. Configuring the Samba PDC +

  2. Creating machine trust accounts and joining clients + to the domain +

There are other minor details such as user profiles, system +policies, etc... However, these are not necessarily specific +to a Samba PDC as much as they are related to Windows NT networking +concepts. They will be mentioned only briefly here.

Configuring the Samba Domain Controller

The first step in creating a working Samba PDC is to +understand the parameters necessary in smb.conf. I will not +attempt to re-explain the parameters here as they are more that +adequately covered in the smb.conf +man page. For convenience, the parameters have been +linked with the actual smb.conf description.

Here is an example smb.conf for acting as a PDC:

[global]
+    ; Basic server settings
+    netbios name = POGO
+    workgroup = NARNIA
+
+    ; we should act as the domain and local master browser
+    os level = 64
+    preferred master = yes
+    domain master = yes
+    local master = yes
+    
+    ; security settings (must user security = user)
+    security = user
+    
+    ; encrypted passwords are a requirement for a PDC
+    encrypt passwords = yes
+    
+    ; support domain logons
+    domain logons = yes
+    
+    ; where to store user profiles?
+    logon path = \\%N\profiles\%u
+    
+    ; where is a user's home directory and where should it
+    ; be mounted at?
+    logon drive = H:
+    logon home = \\homeserver\%u
+    
+    ; specify a generic logon script for all users
+    ; this is a relative **DOS** path to the [netlogon] share
+    logon script = logon.cmd
+
+; necessary share for domain controller
+[netlogon]
+    path = /usr/local/samba/lib/netlogon
+    read only = yes
+    write list = ntadmin
+    
+; share for storing user profiles
+[profiles]
+    path = /export/smb/ntprofile
+    read only = no
+    create mask = 0600
+    directory mask = 0700

There are a couple of points to emphasize in the above configuration.

  • Encrypted passwords must be enabled. For more details on how + to do this, refer to ENCRYPTION.html. +

  • The server must support domain logons and a + [netlogon] share +

  • The server must be the domain master browser in order for Windows + client to locate the server as a DC. Please refer to the various + Network Browsing documentation included with this distribution for + details. +

As Samba 2.2 does not offer a complete implementation of group mapping +between Windows NT groups and Unix groups (this is really quite +complicated to explain in a short space), you should refer to the +domain admin +group smb.conf parameter for information of creating "Domain +Admins" style accounts.

Creating Machine Trust Accounts and Joining Clients to the +Domain

A machine trust account is a Samba account that is used to +authenticate a client machine (rather than a user) to the Samba +server. In Windows terminology, this is known as a "Computer +Account."

The password of a machine trust account acts as the shared secret for +secure communication with the Domain Controller. This is a security +feature to prevent an unauthorized machine with the same NetBIOS name +from joining the domain and gaining access to domain user/group +accounts. Windows NT and 2000 clients use machine trust accounts, but +Windows 9x clients do not. Hence, a Windows 9x client is never a true +member of a domain because it does not possess a machine trust +account, and thus has no shared secret with the domain controller.

A Windows PDC stores each machine trust account in the Windows +Registry. A Samba PDC, however, stores each machine trust account +in two parts, as follows: + +

  • A Samba account, stored in the same location as user + LanMan and NT password hashes (currently + smbpasswd). The Samba account + possesses and uses only the NT password hash.

  • A corresponding Unix account, typically stored in + /etc/passwd. (Future releases will alleviate the need to + create /etc/passwd entries.)

There are two ways to create machine trust accounts:

  • Manual creation. Both the Samba and corresponding + Unix account are created by hand.

  • "On-the-fly" creation. The Samba machine trust + account is automatically created by Samba at the time the client + is joined to the domain. (For security, this is the + recommended method.) The corresponding Unix account may be + created automatically or manually.

Manual Creation of Machine Trust Accounts

The first step in manually creating a machine trust account is to +manually create the corresponding Unix account in +/etc/passwd. This can be done using +vipw or other 'add user' command that is normally +used to create new Unix accounts. The following is an example for a +Linux based Samba server:

root# /usr/sbin/useradd -g 100 -d /dev/null -c "machine +nickname" -s /bin/false machine_name$

root# passwd -l machine_name$

The /etc/passwd entry will list the machine name +with a "$" appended, won't have a password, will have a null shell and no +home directory. For example a machine named 'doppy' would have an +/etc/passwd entry like this:

doppy$:x:505:501:machine_nickname:/dev/null:/bin/false

Above, machine_nickname can be any +descriptive name for the client, i.e., BasementComputer. +machine_name absolutely must be the NetBIOS +name of the client to be joined to the domain. The "$" must be +appended to the NetBIOS name of the client or Samba will not recognize +this as a machine trust account.

Now that the corresponding Unix account has been created, the next step is to create +the Samba account for the client containing the well-known initial +machine trust account password. This can be done using the smbpasswd(8) command +as shown here:

root# smbpasswd -a -m machine_name

where machine_name is the machine's NetBIOS +name. The RID of the new machine account is generated from the UID of +the corresponding Unix account.

Join the client to the domain immediately

Manually creating a machine trust account using this method is the + equivalent of creating a machine trust account on a Windows NT PDC using + the "Server Manager". From the time at which the account is created + to the time which the client joins the domain and changes the password, + your domain is vulnerable to an intruder joining your domain using a + a machine with the same NetBIOS name. A PDC inherently trusts + members of the domain and will serve out a large degree of user + information to such clients. You have been warned! +

"On-the-Fly" Creation of Machine Trust Accounts

The second (and recommended) way of creating machine trust accounts is +simply to allow the Samba server to create them as needed when the client +is joined to the domain.

Since each Samba machine trust account requires a corresponding +Unix account, a method for automatically creating the +Unix account is usually supplied; this requires configuration of the +add user script +option in smb.conf. This +method is not required, however; corresponding Unix accounts may also +be created manually.

Below is an example for a RedHat 6.2 Linux system.

[global]
+   # <...remainder of parameters...>
+   add user script = /usr/sbin/useradd -d /dev/null -g 100 -s /bin/false -M %u

Joining the Client to the Domain

The procedure for joining a client to the domain varies with the +version of Windows.

  • Windows 2000

    When the user elects to join the client to a domain, Windows prompts for + an account and password that is privileged to join the domain. A + Samba administrative account (i.e., a Samba account that has root + privileges on the Samba server) must be entered here; the + operation will fail if an ordinary user account is given. + The password for this account should be + set to a different password than the associated + /etc/passwd entry, for security + reasons.

    The session key of the Samba administrative account acts as an + encryption key for setting the password of the machine trust + account. The machine trust account will be created on-the-fly, or + updated if it already exists.

  • Windows NT

    If the machine trust account was created manually, on the + Identification Changes menu enter the domain name, but do not + check the box "Create a Computer Account in the Domain." In this case, + the existing machine trust account is used to join the machine to + the domain.

    If the machine trust account is to be created + on-the-fly, on the Identification Changes menu enter the domain + name, and check the box "Create a Computer Account in the Domain." In + this case, joining the domain proceeds as above for Windows 2000 + (i.e., you must supply a Samba administrative account when + prompted).

Common Problems and Errors

  • I cannot include a '$' in a machine name. +

    A 'machine name' in (typically) /etc/passwd + of the machine name with a '$' appended. FreeBSD (and other BSD + systems?) won't create a user with a '$' in their name. +

    The problem is only in the program used to make the entry, once + made, it works perfectly. So create a user without the '$' and + use vipw to edit the entry, adding the '$'. Or create + the whole entry with vipw if you like, make sure you use a + unique User ID ! +

  • I get told "You already have a connection to the Domain...." + or "Cannot join domain, the credentials supplied conflict with an + existing set.." when creating a machine trust account. +

    This happens if you try to create a machine trust account from the + machine itself and already have a connection (e.g. mapped drive) + to a share (or IPC$) on the Samba PDC. The following command + will remove all network drive connections: +

    C:\WINNT\> net use * /d +

    Further, if the machine is a already a 'member of a workgroup' that + is the same name as the domain you are joining (bad idea) you will + get this message. Change the workgroup name to something else, it + does not matter what, reboot, and try again. +

  • The system can not log you on (C000019B).... +

    I joined the domain successfully but after upgrading + to a newer version of the Samba code I get the message, "The system + can not log you on (C000019B), Please try a gain or consult your + system administrator" when attempting to logon. +

    This occurs when the domain SID stored in + private/WORKGROUP.SID is + changed. For example, you remove the file and smbd automatically + creates a new one. Or you are swapping back and forth between + versions 2.0.7, TNG and the HEAD branch code (not recommended). The + only way to correct the problem is to restore the original domain + SID or remove the domain client from the domain and rejoin. +

  • The machine trust account for this computer either does not + exist or is not accessible. +

    When I try to join the domain I get the message "The machine account + for this computer either does not exist or is not accessible". What's + wrong? +

    This problem is caused by the PDC not having a suitable machine trust account. + If you are using the add user script method to create + accounts then this would indicate that it has not worked. Ensure the domain + admin user system is working. +

    Alternatively if you are creating account entries manually then they + have not been created correctly. Make sure that you have the entry + correct for the machine trust account in smbpasswd file on the Samba PDC. + If you added the account using an editor rather than using the smbpasswd + utility, make sure that the account name is the machine NetBIOS name + with a '$' appended to it ( i.e. computer_name$ ). There must be an entry + in both /etc/passwd and the smbpasswd file. Some people have reported + that inconsistent subnet masks between the Samba server and the NT + client have caused this problem. Make sure that these are consistent + for both client and server. +

  • When I attempt to login to a Samba Domain from a NT4/W2K workstation, + I get a message about my account being disabled. +

    This problem is caused by a PAM related bug in Samba 2.2.0. This bug is + fixed in 2.2.1. Other symptoms could be unaccessible shares on + NT/W2K member servers in the domain or the following error in your smbd.log: + passdb/pampass.c:pam_account(268) PAM: UNKNOWN ERROR for User: %user% +

    At first be ensure to enable the useraccounts with smbpasswd -e + %user%, this is normally done, when you create an account. +

    In order to work around this problem in 2.2.0, configure the + account control flag in + /etc/pam.d/samba file as follows: + 

    	account required        pam_permit.so
+

    If you want to remain backward compatibility to samba 2.0.x use + pam_permit.so, it's also possible to use + pam_pwdb.so. There are some bugs if you try to + use pam_unix.so, if you need this, be ensure to use + the most recent version of this file. +

System Policies and Profiles

Much of the information necessary to implement System Policies and +Roving User Profiles in a Samba domain is the same as that for +implementing these same items in a Windows NT 4.0 domain. +You should read the white paper Implementing +Profiles and Policies in Windows NT 4.0 available from Microsoft.

Here are some additional details:

  • What about Windows NT Policy Editor? +

    To create or edit ntconfig.pol you must use + the NT Server Policy Editor, poledit.exe which + is included with NT Server but not NT Workstation. + There is a Policy Editor on a NTws + but it is not suitable for creating Domain Policies. + Further, although the Windows 95 + Policy Editor can be installed on an NT Workstation/Server, it will not + work with NT policies because the registry key that are set by the policy templates. + However, the files from the NT Server will run happily enough on an NTws. + You need poledit.exe, common.adm and winnt.adm. It is convenient + to put the two *.adm files in c:\winnt\inf which is where + the binary will look for them unless told otherwise. Note also that that + directory is 'hidden'. +

    The Windows NT policy editor is also included with the Service Pack 3 (and + later) for Windows NT 4.0. Extract the files using servicepackname /x, + i.e. that's Nt4sp6ai.exe /x for service pack 6a. The policy editor, + poledit.exe and the associated template files (*.adm) should + be extracted as well. It is also possible to downloaded the policy template + files for Office97 and get a copy of the policy editor. Another possible + location is with the Zero Administration Kit available for download from Microsoft. +

  • Can Win95 do Policies? +

    Install the group policy handler for Win9x to pick up group + policies. Look on the Win98 CD in \tools\reskit\netadmin\poledit. + Install group policies on a Win9x client by double-clicking + grouppol.inf. Log off and on again a couple of + times and see if Win98 picks up group policies. Unfortunately this needs + to be done on every Win9x machine that uses group policies.... +

    If group policies don't work one reports suggests getting the updated + (read: working) grouppol.dll for Windows 9x. The group list is grabbed + from /etc/group. +

  • How do I get 'User Manager' and 'Server Manager' +

    Since I don't need to buy an NT Server CD now, how do I get + the 'User Manager for Domains', the 'Server Manager'? +

    Microsoft distributes a version of these tools called nexus for + installation on Windows 95 systems. The tools set includes +

    • Server Manager

    • User Manager for Domains

    • Event Viewer

    Click here to download the archived file ftp://ftp.microsoft.com/Softlib/MSLFILES/NEXUS.EXE +

    The Windows NT 4.0 version of the 'User Manager for + Domains' and 'Server Manager' are available from Microsoft via ftp + from ftp://ftp.microsoft.com/Softlib/MSLFILES/SRVTOOLS.EXE +

What other help can I get?

There are many sources of information available in the form +of mailing lists, RFC's and documentation. The docs that come +with the samba distribution contain very good explanations of +general SMB topics such as browsing.

  • What are some diagnostics tools I can use to debug the domain logon + process and where can I find them? +

    One of the best diagnostic tools for debugging problems is Samba itself. + You can use the -d option for both smbd and nmbd to specify what + 'debug level' at which to run. See the man pages on smbd, nmbd and + smb.conf for more information on debugging options. The debug + level can range from 1 (the default) to 10 (100 for debugging passwords). +

    Another helpful method of debugging is to compile samba using the + gcc -g flag. This will include debug + information in the binaries and allow you to attach gdb to the + running smbd / nmbd process. In order to attach gdb to an smbd + process for an NT workstation, first get the workstation to make the + connection. Pressing ctrl-alt-delete and going down to the domain box + is sufficient (at least, on the first time you join the domain) to + generate a 'LsaEnumTrustedDomains'. Thereafter, the workstation + maintains an open connection, and therefore there will be an smbd + process running (assuming that you haven't set a really short smbd + idle timeout) So, in between pressing ctrl alt delete, and actually + typing in your password, you can gdb attach and continue. +

    Some useful samba commands worth investigating: +

    • testparam | more

    • smbclient -L //{netbios name of server}

    An SMB enabled version of tcpdump is available from + http://www.tcpdup.org/. + Ethereal, another good packet sniffer for Unix and Win32 + hosts, can be downloaded from http://www.ethereal.com. +

    For tracing things on the Microsoft Windows NT, Network Monitor + (aka. netmon) is available on the Microsoft Developer Network CD's, + the Windows NT Server install CD and the SMS CD's. The version of + netmon that ships with SMS allows for dumping packets between any two + computers (i.e. placing the network interface in promiscuous mode). + The version on the NT Server install CD will only allow monitoring + of network traffic directed to the local NT box and broadcasts on the + local subnet. Be aware that Ethereal can read and write netmon + formatted files. +

  • How do I install 'Network Monitor' on an NT Workstation + or a Windows 9x box? +

    Installing netmon on an NT workstation requires a couple + of steps. The following are for installing Netmon V4.00.349, which comes + with Microsoft Windows NT Server 4.0, on Microsoft Windows NT + Workstation 4.0. The process should be similar for other version of + Windows NT / Netmon. You will need both the Microsoft Windows + NT Server 4.0 Install CD and the Workstation 4.0 Install CD. +

    Initially you will need to install 'Network Monitor Tools and Agent' + on the NT Server. To do this +

    • Goto Start - Settings - Control Panel - + Network - Services - Add

    • Select the 'Network Monitor Tools and Agent' and + click on 'OK'.

    • Click 'OK' on the Network Control Panel. +

    • Insert the Windows NT Server 4.0 install CD + when prompted.

    At this point the Netmon files should exist in + %SYSTEMROOT%\System32\netmon\*.*. + Two subdirectories exist as well, parsers\ + which contains the necessary DLL's for parsing the netmon packet + dump, and captures\. +

    In order to install the Netmon tools on an NT Workstation, you will + first need to install the 'Network Monitor Agent' from the Workstation + install CD. +

    • Goto Start - Settings - Control Panel - + Network - Services - Add

    • Select the 'Network Monitor Agent' and click + on 'OK'.

    • Click 'OK' on the Network Control Panel. +

    • Insert the Windows NT Workstation 4.0 install + CD when prompted.

    Now copy the files from the NT Server in %SYSTEMROOT%\System32\netmon\*.* + to %SYSTEMROOT%\System32\netmon\*.* on the Workstation and set + permissions as you deem appropriate for your site. You will need + administrative rights on the NT box to run netmon. +

    To install Netmon on a Windows 9x box install the network monitor agent + from the Windows 9x CD (\admin\nettools\netmon). There is a readme + file located with the netmon driver files on the CD if you need + information on how to do this. Copy the files from a working + Netmon installation. +

  • The following is a list if helpful URLs and other links: +

  • How do I get help from the mailing lists? +

    There are a number of Samba related mailing lists. Go to http://samba.org, click on your nearest mirror + and then click on Support and then click on Samba related mailing lists. +

    For questions relating to Samba TNG go to + http://www.samba-tng.org/ + It has been requested that you don't post questions about Samba-TNG to the + main stream Samba lists.

    If you post a message to one of the lists please observe the following guide lines : +

    • Always remember that the developers are volunteers, they are + not paid and they never guarantee to produce a particular feature at + a particular time. Any time lines are 'best guess' and nothing more. +

    • Always mention what version of samba you are using and what + operating system its running under. You should probably list the + relevant sections of your smb.conf file, at least the options + in [global] that affect PDC support.

    • In addition to the version, if you obtained Samba via + CVS mention the date when you last checked it out.

    • Try and make your question clear and brief, lots of long, + convoluted questions get deleted before they are completely read ! + Don't post html encoded messages (if you can select colour or font + size its html).

    • If you run one of those nifty 'I'm on holidays' things when + you are away, make sure its configured to not answer mailing lists. +

    • Don't cross post. Work out which is the best list to post to + and see what happens, i.e. don't post to both samba-ntdom and samba-technical. + Many people active on the lists subscribe to more + than one list and get annoyed to see the same message two or more times. + Often someone will see a message and thinking it would be better dealt + with on another, will forward it on for you.

    • You might include partial + log files written at a debug level set to as much as 20. + Please don't send the entire log but enough to give the context of the + error messages.

    • (Possibly) If you have a complete netmon trace ( from the opening of + the pipe to the error ) you can send the *.CAP file as well.

    • Please think carefully before attaching a document to an email. + Consider pasting the relevant parts into the body of the message. The samba + mailing lists go to a huge number of people, do they all need a copy of your + smb.conf in their attach directory?

  • How do I get off the mailing lists? +

    To have your name removed from a samba mailing list, go to the + same place you went to to get on it. Go to http://lists.samba.org, + click on your nearest mirror and then click on Support and + then click on Samba related mailing lists. Or perhaps see + here +

    Please don't post messages to the list asking to be removed, you will just + be referred to the above address (unless that process failed in some way...) +

Domain Control for Windows 9x/ME

Note: The following section contains much of the original +DOMAIN.txt file previously included with Samba. Much of +the material is based on what went into the book Special +Edition, Using Samba, by Richard Sharpe.

A domain and a workgroup are exactly the same thing in terms of network +browsing. The difference is that a distributable authentication +database is associated with a domain, for secure login access to a +network. Also, different access rights can be granted to users if they +successfully authenticate against a domain logon server (NT server and +other systems based on NT server support this, as does at least Samba TNG now).

The SMB client logging on to a domain has an expectation that every other +server in the domain should accept the same authentication information. +Network browsing functionality of domains and workgroups is +identical and is explained in BROWSING.txt. It should be noted, that browsing +is totally orthogonal to logon support.

Issues related to the single-logon network model are discussed in this +section. Samba supports domain logons, network logon scripts, and user +profiles for MS Windows for workgroups and MS Windows 9X/ME clients +which will be the focus of this section.

When an SMB client in a domain wishes to logon it broadcast requests for a +logon server. The first one to reply gets the job, and validates its +password using whatever mechanism the Samba administrator has installed. +It is possible (but very stupid) to create a domain where the user +database is not shared between servers, i.e. they are effectively workgroup +servers advertising themselves as participating in a domain. This +demonstrates how authentication is quite different from but closely +involved with domains.

Using these features you can make your clients verify their logon via +the Samba server; make clients run a batch file when they logon to +the network and download their preferences, desktop and start menu.

Before launching into the configuration instructions, it is +worthwhile lookingat how a Windows 9x/ME client performs a logon:

  1. The client broadcasts (to the IP broadcast address of the subnet it is in) + a NetLogon request. This is sent to the NetBIOS name DOMAIN<1c> at the + NetBIOS layer. The client chooses the first response it receives, which + contains the NetBIOS name of the logon server to use in the format of + \\SERVER. +

  2. The client then connects to that server, logs on (does an SMBsessetupX) and + then connects to the IPC$ share (using an SMBtconX). +

  3. The client then does a NetWkstaUserLogon request, which retrieves the name + of the user's logon script. +

  4. The client then connects to the NetLogon share and searches for this + and if it is found and can be read, is retrieved and executed by the client. + After this, the client disconnects from the NetLogon share. +

  5. The client then sends a NetUserGetInfo request to the server, to retrieve + the user's home share, which is used to search for profiles. Since the + response to the NetUserGetInfo request does not contain much more + the user's home share, profiles for Win9X clients MUST reside in the user + home directory. +

  6. The client then connects to the user's home share and searches for the + user's profile. As it turns out, you can specify the user's home share as + a sharename and path. For example, \\server\fred\.profile. + If the profiles are found, they are implemented. +

  7. The client then disconnects from the user's home share, and reconnects to + the NetLogon share and looks for CONFIG.POL, the policies file. If this is + found, it is read and implemented. +

Configuration Instructions: Network Logons

The main difference between a PDC and a Windows 9x logon +server configuration is that

  • Password encryption is not required for a Windows 9x logon server.

  • Windows 9x/ME clients do not possess machine trust accounts.

Therefore, a Samba PDC will also act as a Windows 9x logon +server.

security mode and master browsers

There are a few comments to make in order to tie up some +loose ends. There has been much debate over the issue of whether +or not it is ok to configure Samba as a Domain Controller in security +modes other than USER. The only security mode +which will not work due to technical reasons is SHARE +mode security. DOMAIN and SERVER +mode security is really just a variation on SMB user level security.

Actually, this issue is also closely tied to the debate on whether +or not Samba must be the domain master browser for its workgroup +when operating as a DC. While it may technically be possible +to configure a server as such (after all, browsing and domain logons +are two distinctly different functions), it is not a good idea to +so. You should remember that the DC must register the DOMAIN#1b NetBIOS +name. This is the name used by Windows clients to locate the DC. +Windows clients do not distinguish between the DC and the DMB. +For this reason, it is very wise to configure the Samba DC as the DMB.

Now back to the issue of configuring a Samba DC to use a mode other +than "security = user". If a Samba host is configured to use +another SMB server or DC in order to validate user connection +requests, then it is a fact that some other machine on the network +(the "password server") knows more about user than the Samba host. +99% of the time, this other host is a domain controller. Now +in order to operate in domain mode security, the "workgroup" parameter +must be set to the name of the Windows NT domain (which already +has a domain controller, right?)

Therefore configuring a Samba box as a DC for a domain that +already by definition has a PDC is asking for trouble. +Therefore, you should always configure the Samba DC to be the DMB +for its domain.

Configuration Instructions: Setting up Roaming User Profiles

Warning

NOTE! Roaming profiles support is different +for Win9X and WinNT.

Before discussing how to configure roaming profiles, it is useful to see how +Win9X and WinNT clients implement these features.

Win9X clients send a NetUserGetInfo request to the server to get the user's +profiles location. However, the response does not have room for a separate +profiles location field, only the user's home share. This means that Win9X +profiles are restricted to being in the user's home directory.

WinNT clients send a NetSAMLogon RPC request, which contains many fields, +including a separate field for the location of the user's profiles. +This means that support for profiles is different for Win9X and WinNT.

Windows NT Configuration

To support WinNT clients, in the [global] section of smb.conf set the +following (for example):

logon path = \\profileserver\profileshare\profilepath\%U\moreprofilepath

The default for this option is \\%N\%U\profile, namely +\\sambaserver\username\profile. The \\N%\%U service is created +automatically by the [homes] service. +If you are using a samba server for the profiles, you _must_ make the +share specified in the logon path browseable.

Note: [lkcl 26aug96 - we have discovered a problem where Windows clients can +maintain a connection to the [homes] share in between logins. The +[homes] share must NOT therefore be used in a profile path.]

Windows 9X Configuration

To support Win9X clients, you must use the "logon home" parameter. Samba has +now been fixed so that "net use/home" now works as well, and it, too, relies +on the "logon home" parameter.

By using the logon home parameter, you are restricted to putting Win9X +profiles in the user's home directory. But wait! There is a trick you +can use. If you set the following in the [global] section of your +smb.conf file:

logon home = \\%L\%U\.profiles

then your Win9X clients will dutifully put their clients in a subdirectory +of your home directory called .profiles (thus making them hidden).

Not only that, but 'net use/home' will also work, because of a feature in +Win9X. It removes any directory stuff off the end of the home directory area +and only uses the server and share portion. That is, it looks like you +specified \\%L\%U for "logon home".

Win9X and WinNT Configuration

You can support profiles for both Win9X and WinNT clients by setting both the +"logon home" and "logon path" parameters. For example:

logon home = \\%L\%U\.profiles
+logon path = \\%L\profiles\%U

Note: I have not checked what 'net use /home' does on NT when "logon home" is +set as above.

Windows 9X Profile Setup

When a user first logs in on Windows 9X, the file user.DAT is created, +as are folders "Start Menu", "Desktop", "Programs" and "Nethood". +These directories and their contents will be merged with the local +versions stored in c:\windows\profiles\username on subsequent logins, +taking the most recent from each. You will need to use the [global] +options "preserve case = yes", "short preserve case = yes" and +"case sensitive = no" in order to maintain capital letters in shortcuts +in any of the profile folders.

The user.DAT file contains all the user's preferences. If you wish to +enforce a set of preferences, rename their user.DAT file to user.MAN, +and deny them write access to this file.

  1. On the Windows 95 machine, go to Control Panel | Passwords and + select the User Profiles tab. Select the required level of + roaming preferences. Press OK, but do _not_ allow the computer + to reboot. +

  2. On the Windows 95 machine, go to Control Panel | Network | + Client for Microsoft Networks | Preferences. Select 'Log on to + NT Domain'. Then, ensure that the Primary Logon is 'Client for + Microsoft Networks'. Press OK, and this time allow the computer + to reboot. +

Under Windows 95, Profiles are downloaded from the Primary Logon. +If you have the Primary Logon as 'Client for Novell Networks', then +the profiles and logon script will be downloaded from your Novell +Server. If you have the Primary Logon as 'Windows Logon', then the +profiles will be loaded from the local machine - a bit against the +concept of roaming profiles, if you ask me.

You will now find that the Microsoft Networks Login box contains +[user, password, domain] instead of just [user, password]. Type in +the samba server's domain name (or any other domain known to exist, +but bear in mind that the user will be authenticated against this +domain and profiles downloaded from it, if that domain logon server +supports it), user name and user's password.

Once the user has been successfully validated, the Windows 95 machine +will inform you that 'The user has not logged on before' and asks you +if you wish to save the user's preferences? Select 'yes'.

Once the Windows 95 client comes up with the desktop, you should be able +to examine the contents of the directory specified in the "logon path" +on the samba server and verify that the "Desktop", "Start Menu", +"Programs" and "Nethood" folders have been created.

These folders will be cached locally on the client, and updated when +the user logs off (if you haven't made them read-only by then :-). +You will find that if the user creates further folders or short-cuts, +that the client will merge the profile contents downloaded with the +contents of the profile directory already on the local client, taking +the newest folders and short-cuts from each set.

If you have made the folders / files read-only on the samba server, +then you will get errors from the w95 machine on logon and logout, as +it attempts to merge the local and the remote profile. Basically, if +you have any errors reported by the w95 machine, check the Unix file +permissions and ownership rights on the profile directory contents, +on the samba server.

If you have problems creating user profiles, you can reset the user's +local desktop cache, as shown below. When this user then next logs in, +they will be told that they are logging in "for the first time".

  1. instead of logging in under the [user, password, domain] dialog, + press escape. +

  2. run the regedit.exe program, and look in: +

    HKEY_LOCAL_MACHINE\Windows\CurrentVersion\ProfileList +

    you will find an entry, for each user, of ProfilePath. Note the + contents of this key (likely to be c:\windows\profiles\username), + then delete the key ProfilePath for the required user. +

    [Exit the registry editor]. +

  3. WARNING - before deleting the contents of the + directory listed in + the ProfilePath (this is likely to be c:\windows\profiles\username), + ask them if they have any important files stored on their desktop + or in their start menu. delete the contents of the directory + ProfilePath (making a backup if any of the files are needed). +

    This will have the effect of removing the local (read-only hidden + system file) user.DAT in their profile directory, as well as the + local "desktop", "nethood", "start menu" and "programs" folders. +

  4. search for the user's .PWL password-caching file in the c:\windows + directory, and delete it. +

  5. log off the windows 95 client. +

  6. check the contents of the profile path (see "logon path" described + above), and delete the user.DAT or user.MAN file for the user, + making a backup if required. +

If all else fails, increase samba's debug log levels to between 3 and 10, +and / or run a packet trace program such as tcpdump or netmon.exe, and +look for any error reports.

If you have access to an NT server, then first set up roaming profiles +and / or netlogons on the NT server. Make a packet trace, or examine +the example packet traces provided with NT server, and see what the +differences are with the equivalent samba trace.

Windows NT Workstation 4.0

When a user first logs in to a Windows NT Workstation, the profile +NTuser.DAT is created. The profile location can be now specified +through the "logon path" parameter.

Note: [lkcl 10aug97 - i tried setting the path to +\\samba-server\homes\profile, and discovered that this fails because +a background process maintains the connection to the [homes] share +which does _not_ close down in between user logins. you have to +have \\samba-server\%L\profile, where user is the username created +from the [homes] share].

There is a parameter that is now available for use with NT Profiles: +"logon drive". This should be set to "h:" or any other drive, and +should be used in conjunction with the new "logon home" parameter.

The entry for the NT 4.0 profile is a _directory_ not a file. The NT +help on profiles mentions that a directory is also created with a .PDS +extension. The user, while logging in, must have write permission to +create the full profile path (and the folder with the .PDS extension) +[lkcl 10aug97 - i found that the creation of the .PDS directory failed, +and had to create these manually for each user, with a shell script. +also, i presume, but have not tested, that the full profile path must +be browseable just as it is for w95, due to the manner in which they +attempt to create the full profile path: test existence of each path +component; create path component].

In the profile directory, NT creates more folders than 95. It creates +"Application Data" and others, as well as "Desktop", "Nethood", +"Start Menu" and "Programs". The profile itself is stored in a file +NTuser.DAT. Nothing appears to be stored in the .PDS directory, and +its purpose is currently unknown.

You can use the System Control Panel to copy a local profile onto +a samba server (see NT Help on profiles: it is also capable of firing +up the correct location in the System Control Panel for you). The +NT Help file also mentions that renaming NTuser.DAT to NTuser.MAN +turns a profile into a mandatory one.

Note: [lkcl 10aug97 - i notice that NT Workstation tells me that it is +downloading a profile from a slow link. whether this is actually the +case, or whether there is some configuration issue, as yet unknown, +that makes NT Workstation _think_ that the link is a slow one is a +matter to be resolved].

[lkcl 20aug97 - after samba digest correspondence, one user found, and +another confirmed, that profiles cannot be loaded from a samba server +unless "security = user" and "encrypt passwords = yes" (see the file +ENCRYPTION.txt) or "security = server" and "password server = ip.address. +of.yourNTserver" are used. Either of these options will allow the NT +workstation to access the samba server using LAN manager encrypted +passwords, without the user intervention normally required by NT +workstation for clear-text passwords].

[lkcl 25aug97 - more comments received about NT profiles: the case of +the profile _matters_. the file _must_ be called NTuser.DAT or, for +a mandatory profile, NTuser.MAN].

Windows NT Server

There is nothing to stop you specifying any path that you like for the +location of users' profiles. Therefore, you could specify that the +profile be stored on a samba server, or any other SMB server, as long as +that SMB server supports encrypted passwords.

Sharing Profiles between W95 and NT Workstation 4.0

Potentially outdated or incorrect material follows

I think this is all bogus, but have not deleted it. (Richard Sharpe)

The default logon path is \\%N\U%. NT Workstation will attempt to create +a directory "\\samba-server\username.PDS" if you specify the logon path +as "\\samba-server\username" with the NT User Manager. Therefore, you +will need to specify (for example) "\\samba-server\username\profile". +NT 4.0 will attempt to create "\\samba-server\username\profile.PDS", which +is more likely to succeed.

If you then want to share the same Start Menu / Desktop with W95, you will +need to specify "logon path = \\samba-server\username\profile" [lkcl 10aug97 +this has its drawbacks: i created a shortcut to telnet.exe, which attempts +to run from the c:\winnt\system32 directory. this directory is obviously +unlikely to exist on a Win95-only host].

If you have this set up correctly, you will find separate user.DAT and +NTuser.DAT files in the same profile directory.

Note: [lkcl 25aug97 - there are some issues to resolve with downloading of +NT profiles, probably to do with time/date stamps. i have found that +NTuser.DAT is never updated on the workstation after the first time that +it is copied to the local workstation profile directory. this is in +contrast to w95, where it _does_ transfer / update profiles correctly].

DOMAIN_CONTROL.txt : Windows NT Domain Control & Samba

Possibly Outdated Material

This appendix was originally authored by John H Terpstra of + the Samba Team and is included here for posterity. +

NOTE : +The term "Domain Controller" and those related to it refer to one specific +method of authentication that can underly an SMB domain. Domain Controllers +prior to Windows NT Server 3.1 were sold by various companies and based on +private extensions to the LAN Manager 2.1 protocol. Windows NT introduced +Microsoft-specific ways of distributing the user authentication database. +See DOMAIN.txt for examples of how Samba can participate in or create +SMB domains based on shared authentication database schemes other than the +Windows NT SAM.

Windows NT Server can be installed as either a plain file and print server +(WORKGROUP workstation or server) or as a server that participates in Domain +Control (DOMAIN member, Primary Domain controller or Backup Domain controller). +The same is true for OS/2 Warp Server, Digital Pathworks and other similar +products, all of which can participate in Domain Control along with Windows NT.

To many people these terms can be confusing, so let's try to clear the air.

Every Windows NT system (workstation or server) has a registry database. +The registry contains entries that describe the initialization information +for all services (the equivalent of Unix Daemons) that run within the Windows +NT environment. The registry also contains entries that tell application +software where to find dynamically loadable libraries that they depend upon. +In fact, the registry contains entries that describes everything that anything +may need to know to interact with the rest of the system.

The registry files can be located on any Windows NT machine by opening a +command prompt and typing:

C:\WINNT\> dir %SystemRoot%\System32\config

The environment variable %SystemRoot% value can be obtained by typing:

C:\WINNT>echo %SystemRoot%

The active parts of the registry that you may want to be familiar with are +the files called: default, system, software, sam and security.

In a domain environment, Microsoft Windows NT domain controllers participate +in replication of the SAM and SECURITY files so that all controllers within +the domain have an exactly identical copy of each.

The Microsoft Windows NT system is structured within a security model that +says that all applications and services must authenticate themselves before +they can obtain permission from the security manager to do what they set out +to do.

The Windows NT User database also resides within the registry. This part of +the registry contains the user's security identifier, home directory, group +memberships, desktop profile, and so on.

Every Windows NT system (workstation as well as server) will have its own +registry. Windows NT Servers that participate in Domain Security control +have a database that they share in common - thus they do NOT own an +independent full registry database of their own, as do Workstations and +plain Servers.

The User database is called the SAM (Security Access Manager) database and +is used for all user authentication as well as for authentication of inter- +process authentication (i.e. to ensure that the service action a user has +requested is permitted within the limits of that user's privileges).

The Samba team have produced a utility that can dump the Windows NT SAM into +smbpasswd format: see ENCRYPTION.txt for information on smbpasswd and +/pub/samba/pwdump on your nearest Samba mirror for the utility. This +facility is useful but cannot be easily used to implement SAM replication +to Samba systems.

Windows for Workgroups, Windows 95, and Windows NT Workstations and Servers +can participate in a Domain security system that is controlled by Windows NT +servers that have been correctly configured. Almost every domain will have +ONE Primary Domain Controller (PDC). It is desirable that each domain will +have at least one Backup Domain Controller (BDC).

The PDC and BDCs then participate in replication of the SAM database so that +each Domain Controlling participant will have an up to date SAM component +within its registry.

\ No newline at end of file diff --git a/docs/htmldocs/UNIX_INSTALL.html b/docs/htmldocs/UNIX_INSTALL.html new file mode 100644 index 00000000000..35b1d9b01bc --- /dev/null +++ b/docs/htmldocs/UNIX_INSTALL.html @@ -0,0 +1,820 @@ +How to Install and Test SAMBA

Step 0: Read the man pages

The man pages distributed with SAMBA contain + lots of useful info that will help to get you started. + If you don't know how to read man pages then try + something like:

$ nroff -man smbd.8 | more +

Other sources of information are pointed to + by the Samba web site, http://www.samba.org

Step 1: Building the Binaries

To do this, first run the program ./configure + in the source directory. This should automatically + configure Samba for your operating system. If you have unusual + needs then you may wish to run

root# ./configure --help +

first to see what special options you can enable. + Then executing

root# make

will create the binaries. Once it's successfully + compiled you can use

root# make install

to install the binaries and manual pages. You can + separately install the binaries and/or man pages using

root# make installbin +

and

root# make installman +

Note that if you are upgrading for a previous version + of Samba you might like to know that the old versions of + the binaries will be renamed with a ".old" extension. You + can go back to the previous version with

root# make revert +

if you find this version a disaster!

Step 2: The all important step

At this stage you must fetch yourself a + coffee or other drink you find stimulating. Getting the rest + of the install right can sometimes be tricky, so you will + probably need it.

If you have installed samba before then you can skip + this step.

Step 3: Create the smb configuration file.

There are sample configuration files in the examples + subdirectory in the distribution. I suggest you read them + carefully so you can see how the options go together in + practice. See the man page for all the options.

The simplest useful configuration file would be + something like this:

	[global]
+	   workgroup = MYGROUP
+
+	   [homes]
+	      guest ok = no
+	      read only = no
+

which would allow connections by anyone with an + account on the server, using either their login name or + "homes" as the service name. (Note that I also set the + workgroup that Samba is part of. See BROWSING.txt for details)

Note that make install will not install + a smb.conf file. You need to create it + yourself.

Make sure you put the smb.conf file in the same place + you specified in theMakefile (the default is to + look for it in /usr/local/samba/lib/).

For more information about security settings for the + [homes] share please refer to the document UNIX_SECURITY.txt.

Step 4: Test your config file with + testparm

It's important that you test the validity of your + smb.conf file using the testparm program. + If testparm runs OK then it will list the loaded services. If + not it will give an error message.

Make sure it runs OK and that the services look + reasonable before proceeding.

Step 5: Starting the smbd and nmbd

You must choose to start smbd and nmbd either + as daemons or from inetd. Don't try + to do both! Either you can put them in inetd.conf and have them started on demand + by inetd, or you can start them as + daemons either from the command line or in /etc/rc.local. See the man pages for details + on the command line options. Take particular care to read + the bit about what user you need to be in order to start + Samba. In many cases you must be root.

The main advantage of starting smbd + and nmbd using the recommended daemon method + is that they will respond slightly more quickly to an initial connection + request.

Step 5a: Starting from inetd.conf

NOTE; The following will be different if + you use NIS or NIS+ to distributed services maps.

Look at your /etc/services. + What is defined at port 139/tcp. If nothing is defined + then add a line like this:

netbios-ssn 139/tcp

similarly for 137/udp you should have an entry like:

netbios-ns 137/udp

Next edit your /etc/inetd.conf + and add two lines something like this:

		netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+		netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd 
+

The exact syntax of /etc/inetd.conf + varies between unixes. Look at the other entries in inetd.conf + for a guide.

NOTE: Some unixes already have entries like netbios_ns + (note the underscore) in /etc/services. + You must either edit /etc/services or + /etc/inetd.conf to make them consistent.

NOTE: On many systems you may need to use the + "interfaces" option in smb.conf to specify the IP address + and netmask of your interfaces. Run ifconfig + as root if you don't know what the broadcast is for your + net. nmbd tries to determine it at run + time, but fails on some unixes. See the section on "testing nmbd" + for a method of finding if you need to do this.

!!!WARNING!!! Many unixes only accept around 5 + parameters on the command line in inetd.conf. + This means you shouldn't use spaces between the options and + arguments, or you should use a script, and start the script + from inetd.

Restart inetd, perhaps just send + it a HUP. If you have installed an earlier version of nmbd then you may need to kill nmbd as well.

Step 5b. Alternative: starting it as a daemon

To start the server as a daemon you should create + a script something like this one, perhaps calling + it startsmb.

		#!/bin/sh
+		/usr/local/samba/bin/smbd -D 
+		/usr/local/samba/bin/nmbd -D 
+

then make it executable with chmod + +x startsmb

You can then run startsmb by + hand or execute it from /etc/rc.local +

To kill it send a kill signal to the processes + nmbd and smbd.

NOTE: If you use the SVR4 style init system then + you may like to look at the examples/svr4-startup + script to make Samba fit into that system.

Step 6: Try listing the shares available on your + server

$ smbclient -L + yourhostname

Your should get back a list of shares available on + your server. If you don't then something is incorrectly setup. + Note that this method can also be used to see what shares + are available on other LanManager clients (such as WfWg).

If you choose user level security then you may find + that Samba requests a password before it will list the shares. + See the smbclient man page for details. (you + can force it to list the shares without a password by + adding the option -U% to the command line. This will not work + with non-Samba servers)

Step 7: Try connecting with the unix client

$ smbclient //yourhostname/aservice

Typically the yourhostname + would be the name of the host where you installed smbd. The aservice is + any service you have defined in the smb.conf + file. Try your user name if you just have a [homes] section + in smb.conf.

For example if your unix host is bambi and your login + name is fred you would type:

$ smbclient //bambi/fred +

Step 8: Try connecting from a DOS, WfWg, Win9x, WinNT, + Win2k, OS/2, etc... client

Try mounting disks. eg:

C:\WINDOWS\> net use d: \\servername\service +

Try printing. eg:

C:\WINDOWS\> net use lpt1: + \\servername\spoolservice

C:\WINDOWS\> print filename +

Celebrate, or send me a bug report!

What If Things Don't Work?

If nothing works and you start to think "who wrote + this pile of trash" then I suggest you do step 2 again (and + again) till you calm down.

Then you might read the file DIAGNOSIS.txt and the + FAQ. If you are still stuck then try the mailing list or + newsgroup (look in the README for details). Samba has been + successfully installed at thousands of sites worldwide, so maybe + someone else has hit your problem and has overcome it. You could + also use the WWW site to scan back issues of the samba-digest.

When you fix the problem PLEASE send me some updates to the + documentation (or source code) so that the next person will find it + easier.

Diagnosing Problems

If you have installation problems then go to + DIAGNOSIS.txt to try to find the + problem.

Scope IDs

By default Samba uses a blank scope ID. This means + all your windows boxes must also have a blank scope ID. + If you really want to use a non-blank scope ID then you will + need to use the -i <scope> option to nmbd, smbd, and + smbclient. All your PCs will need to have the same setting for + this to work. I do not recommend scope IDs.

Choosing the Protocol Level

The SMB protocol has many dialects. Currently + Samba supports 5, called CORE, COREPLUS, LANMAN1, + LANMAN2 and NT1.

You can choose what maximum protocol to support + in the smb.conf file. The default is + NT1 and that is the best for the vast majority of sites.

In older versions of Samba you may have found it + necessary to use COREPLUS. The limitations that led to + this have mostly been fixed. It is now less likely that you + will want to use less than LANMAN1. The only remaining advantage + of COREPLUS is that for some obscure reason WfWg preserves + the case of passwords in this protocol, whereas under LANMAN1, + LANMAN2 or NT1 it uppercases all passwords before sending them, + forcing you to use the "password level=" option in some cases.

The main advantage of LANMAN2 and NT1 is support for + long filenames with some clients (eg: smbclient, Windows NT + or Win95).

See the smb.conf(5) manual page for more details.

Note: To support print queue reporting you may find + that you have to use TCP/IP as the default protocol under + WfWg. For some reason if you leave Netbeui as the default + it may break the print queue reporting on some systems. + It is presumably a WfWg bug.

Printing from UNIX to a Client PC

To use a printer that is available via a smb-based + server from a unix host you will need to compile the + smbclient program. You then need to install the script + "smbprint". Read the instruction in smbprint for more details. +

There is also a SYSV style script that does much + the same thing called smbprint.sysv. It contains instructions.

Locking

One area which sometimes causes trouble is locking.

There are two types of locking which need to be + performed by a SMB server. The first is "record locking" + which allows a client to lock a range of bytes in a open file. + The second is the "deny modes" that are specified when a file + is open.

Record locking semantics under Unix is very + different from record locking under Windows. Versions + of Samba before 2.2 have tried to use the native + fcntl() unix system call to implement proper record + locking between different Samba clients. This can not + be fully correct due to several reasons. The simplest + is the fact that a Windows client is allowed to lock a + byte range up to 2^32 or 2^64, depending on the client + OS. The unix locking only supports byte ranges up to + 2^31. So it is not possible to correctly satisfy a + lock request above 2^31. There are many more + differences, too many to be listed here.

Samba 2.2 and above implements record locking + completely independent of the underlying unix + system. If a byte range lock that the client requests + happens to fall into the range 0-2^31, Samba hands + this request down to the Unix system. All other locks + can not be seen by unix anyway.

Strictly a SMB server should check for locks before + every read and write call on a file. Unfortunately with the + way fcntl() works this can be slow and may overstress the + rpc.lockd. It is also almost always unnecessary as clients + are supposed to independently make locking calls before reads + and writes anyway if locking is important to them. By default + Samba only makes locking calls when explicitly asked + to by a client, but if you set "strict locking = yes" then it will + make lock checking calls on every read and write.

You can also disable by range locking completely + using "locking = no". This is useful for those shares that + don't support locking or don't need it (such as cdroms). In + this case Samba fakes the return codes of locking calls to + tell clients that everything is OK.

The second class of locking is the "deny modes". These + are set by an application when it opens a file to determine + what types of access should be allowed simultaneously with + its open. A client may ask for DENY_NONE, DENY_READ, DENY_WRITE + or DENY_ALL. There are also special compatibility modes called + DENY_FCB and DENY_DOS.

You can disable share modes using "share modes = no". + This may be useful on a heavily loaded server as the share + modes code is very slow. See also the FAST_SHARE_MODES + option in the Makefile for a way to do full share modes + very fast using shared memory (if your OS supports it).

Mapping Usernames

If you have different usernames on the PCs and + the unix server then take a look at the "username map" option. + See the smb.conf man page for details.

Other Character Sets

If you have problems using filenames with accented + characters in them (like the German, French or Scandinavian + character sets) then I recommend you look at the "valid chars" + option in smb.conf and also take a look at the validchars + package in the examples directory.

\ No newline at end of file diff --git a/docs/htmldocs/findsmb.1.html b/docs/htmldocs/findsmb.1.html new file mode 100644 index 00000000000..2f246d666d8 --- /dev/null +++ b/docs/htmldocs/findsmb.1.html @@ -0,0 +1,267 @@ +findsmb

findsmb

Name

findsmb -- list info about machines that respond to SMB + name queries on a subnet

Synopsis

findsmb [subnet broadcast address]

DESCRIPTION

This perl script is part of the Samba suite.

findsmb is a perl script that + prints out several pieces of information about machines + on a subnet that respond to SMB name query requests. + It uses nmblookup(1) and smbclient(1) to obtain this information. +

OPTIONS

subnet broadcast address

Without this option, findsmb + will probe the subnet of the machine where + findsmb is run. This value is passed + to nmblookup as part of the + -B option

EXAMPLES

The output of findsmb lists the following + information for all machines that respond to the initial + nmblookup for any name: IP address, NetBIOS name, + Workgroup name, operating system, and SMB server version.

There will be a '+' in front of the workgroup name for + machines that are local master browsers for that workgroup. There + will be an '*' in front of the workgroup name for + machines that are the domain master browser for that workgroup. + Machines that are running Windows, Windows 95 or Windows 98 will + not show any information about the operating system or server + version.

The command must be run on a system without nmbd running. + If nmbd is running on the system, you will + only get the IP address and the DNS name of the machine. To + get proper responses from Windows 95 and Windows 98 machines, + the command must be run as root.

For example running findsmb on a machine + without nmbd running would yield output similar + to the following

IP ADDR         NETBIOS NAME   WORKGROUP/OS/VERSION 
+--------------------------------------------------------------------- 
+192.168.35.10   MINESET-TEST1  [DMVENGR]
+192.168.35.55   LINUXBOX      *[MYGROUP] [Unix] [Samba 2.0.6]
+192.168.35.56   HERBNT2        [HERB-NT]
+192.168.35.63   GANDALF        [MVENGR] [Unix] [Samba 2.0.5a for IRIX]
+192.168.35.65   SAUNA          [WORKGROUP] [Unix] [Samba 1.9.18p10]
+192.168.35.71   FROGSTAR       [ENGR] [Unix] [Samba 2.0.0 for IRIX]
+192.168.35.78   HERBDHCP1     +[HERB]
+192.168.35.88   SCNT2         +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0]
+192.168.35.93   FROGSTAR-PC    [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager]
+192.168.35.97   HERBNT1       *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0]
+

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/lmhosts.5.html b/docs/htmldocs/lmhosts.5.html new file mode 100644 index 00000000000..13b162ce44f --- /dev/null +++ b/docs/htmldocs/lmhosts.5.html @@ -0,0 +1,214 @@ +lmhosts

lmhosts

Name

lmhosts -- The Samba NetBIOS hosts file

Synopsis

lmhosts is the Samba NetBIOS name to IP address mapping file.

DESCRIPTION

This file is part of the Samba suite.

lmhosts is the Samba + NetBIOS name to IP address mapping file. It + is very similar to the /etc/hosts file + format, except that the hostname component must correspond + to the NetBIOS naming format.

FILE FORMAT

It is an ASCII file containing one line for NetBIOS name. + The two fields on each line are separated from each other by + white space. Any entry beginning with '#' is ignored. Each line + in the lmhosts file contains the following information :

  • IP Address - in dotted decimal format.

  • NetBIOS Name - This name format is a + maximum fifteen character host name, with an optional + trailing '#' character followed by the NetBIOS name type + as two hexadecimal digits.

    If the trailing '#' is omitted then the given IP + address will be returned for all names that match the given + name, whatever the NetBIOS name type in the lookup.

An example follows :

#
+# Sample Samba lmhosts file.
+#
+192.9.200.1	TESTPC
+192.9.200.20	NTSERVER#20
+192.9.200.21	SAMBASERVER
+

Contains three IP to NetBIOS name mappings. The first + and third will be returned for any queries for the names "TESTPC" + and "SAMBASERVER" respectively, whatever the type component of + the NetBIOS name requested.

The second mapping will be returned only when the "0x20" name + type for a name "NTSERVER" is queried. Any other name type will not + be resolved.

The default location of the lmhosts file + is in the same directory as the + smb.conf(5)> file.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/make_smbcodepage.1.html b/docs/htmldocs/make_smbcodepage.1.html new file mode 100644 index 00000000000..8e792e31221 --- /dev/null +++ b/docs/htmldocs/make_smbcodepage.1.html @@ -0,0 +1,354 @@ +make_smbcodepage

make_smbcodepage

Name

make_smbcodepage -- construct a codepage file for Samba

Synopsis

make_smbcodepage {c|d} {codepage} {inputfile} {outputfile}

DESCRIPTION

This tool is part of the Samba suite.

make_smbcodepage compiles or de-compiles + codepage files for use with the internationalization features + of Samba 2.2

OPTIONS

c|d

This tells make_smbcodepage + if it is compiling (c) a text format code + page file to binary, or (d) de-compiling + a binary codepage file to text.

codepage

This is the codepage we are processing (a + number, e.g. 850).

inputfile

This is the input file to process. In + the c case this will be a text + codepage definition file such as the ones found in the Samba + source/codepages directory. In + the d case this will be the + binary format codepage definition file normally found in + the lib/codepages directory in the + Samba install directory path.

outputfile

This is the output file to produce.

Samba Codepage Files

A text Samba codepage definition file is a description + that tells Samba how to map from upper to lower case for + characters greater than ascii 127 in the specified DOS code page. + Note that for certain DOS codepages (437 for example) mapping + from lower to upper case may be non-symmetrical. For example, in + code page 437 lower case a acute maps to a plain upper case A + when going from lower to upper case, but plain upper case A maps + to plain lower case a when lower casing a character.

A binary Samba codepage definition file is a binary + representation of the same information, including a value that + specifies what codepage this file is describing.

As Samba does not yet use UNICODE (current for Samba version 2.2) + you must specify the client code page that your DOS and Windows + clients are using if you wish to have case insensitivity done + correctly for your particular language. The default codepage Samba + uses is 850 (Western European). Text codepage definition sample files + are provided in the Samba distribution for codepages 437 (USA), 737 (Greek), + 850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic), + 932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional + Chinese). Users are encouraged to write text codepage definition files for + their own code pages and donate them to samba@samba.org. All codepage files + in the Samba source/codepages directory are + compiled and installed when a 'make install' + command is issued there.

The client codepage used by the smbd server + is configured using the client code page parameter + in the smb.conf file.

Files

codepage_def.<codepage>

These are the input (text) codepage files provided in the + Samba source/codepages directory.

A text codepage definition file consists of multiple lines + containing four fields. These fields are:

  • lower: which is the + (hex) lower case character mapped on this line.

  • upper: which is the (hex) + upper case character that the lower case character will map to. +

  • map upper to lower which + is a boolean value (put either True or False here) which tells + Samba if it is to map the given upper case character to the + given lower case character when lower casing a filename. +

  • map lower to upper which + is a boolean value (put either True or False here) which tells + Samba if it is to map the given lower case character to the + given upper case character when upper casing a filename. +

codepage.<codepage> - These are the + output (binary) codepage files produced and placed in the Samba + destination lib/codepage directory.

Installation

The location of the server and its support files is a + matter for individual system administrators. The following are + thus suggestions only.

It is recommended that the make_smbcodepage + program be installed under the /usr/local/samba + hierarchy, in a directory readable by all, writeable + only by root. The program itself should be executable by all. The + program should NOT be setuid or setgid!

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbd(8), + smb.conf(5) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/make_unicodemap.1.html b/docs/htmldocs/make_unicodemap.1.html new file mode 100644 index 00000000000..b8b768ce40d --- /dev/null +++ b/docs/htmldocs/make_unicodemap.1.html @@ -0,0 +1,276 @@ +make_unicodemap

make_unicodemap

Name

make_unicodemap -- construct a unicode map file for Samba

Synopsis

make_unicodemap {codepage} {inputfile} {outputfile}

DESCRIPTION

This tool is part of the Samba + suite. +

make_unicodemap compiles text unicode map + files into binary unicode map files for use with the + internationalization features of Samba 2.2. +

OPTIONS

codepage

This is the codepage or UNIX character + set we are processing (a number, e.g. 850). +

inputfile

This is the input file to process. This is a + text unicode map file such as the ones found in the Samba + source/codepages directory. +

outputfile

This is the binary output file to produce. +

Samba Unicode Map Files

A text Samba unicode map file is a description that tells Samba + how to map characters from a specified DOS code page or UNIX character + set to 16 bit unicode. +

A binary Samba unicode map file is a binary representation + of the same information, including a value that specifies what + codepage or UNIX character set this file is describing. +

Files

CP<codepage>.TXT

These are the input (text) unicode map files provided + in the Samba source/codepages + directory. +

A text unicode map file consists of multiple lines + containing two fields. These fields are : +

  • character - which is + the (hex) character mapped on this line. +

  • unicode - which + is the (hex) 16 bit unicode character that the character + will map to. +

unicode_map.<codepage> - These are + the output (binary) unicode map files produced and placed in + the Samba destination lib/codepage + directory. +

Installation

The location of the server and its support files is a matter + for individual system administrators. The following are thus + suggestions only. +

It is recommended that the make_unicodemap + program be installed under the + $prefix/samba hierarchy, + in a directory readable by all, writeable only by root. The + program itself should be executable by all. The program + should NOT be setuid or setgid! +

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbd(8), + smb.conf(5) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/msdfs_setup.html b/docs/htmldocs/msdfs_setup.html new file mode 100644 index 00000000000..36b9911baec --- /dev/null +++ b/docs/htmldocs/msdfs_setup.html @@ -0,0 +1,210 @@ +Hosting a Microsoft Distributed File System tree on Samba

Instructions

The Distributed File System (or Dfs) provides a means of + separating the logical view of files and directories that users + see from the actual physical locations of these resources on the + network. It allows for higher availability, smoother storage expansion, + load balancing etc. For more information about Dfs, refer to Microsoft documentation.

This document explains how to host a Dfs tree on a Unix + machine (for Dfs-aware clients to browse) using Samba.

To enable SMB-based DFS for Samba, configure it with the + --with-msdfs option. Once built, a + Samba server can be made a Dfs server by setting the global + boolean host msdfs parameter in the smb.conf + file. You designate a share as a Dfs root using the share + level boolean msdfs root parameter. A Dfs root directory on + Samba hosts Dfs links in the form of symbolic links that point + to other servers. For example, a symbolic link + junction->msdfs:storage1\share1 in + the share directory acts as the Dfs junction. When Dfs-aware + clients attempt to access the junction link, they are redirected + to the storage location (in this case, \\storage1\share1).

Dfs trees on Samba work with all Dfs-aware clients ranging + from Windows 95 to 2000.

Here's an example of setting up a Dfs tree on a Samba + server.

# The smb.conf file:
+[global]
+	netbios name = SAMBA
+	host msdfs   = yes
+
+[dfs]
+	path = /export/dfsroot
+	msdfs root = yes
+

In the /export/dfsroot directory we set up our dfs links to + other servers on the network.

root# cd /export/dfsroot

root# chown root /export/dfsroot

root# chmod 755 /export/dfsroot

root# ln -s msdfs:storageA\\shareA linka

root# ln -s msdfs:serverB\\share,serverC\\share linkb

You should set up the permissions and ownership of + the directory acting as the Dfs root such that only designated + users can create, delete or modify the msdfs links. Also note + that symlink names should be all lowercase. This limitation exists + to have Samba avoid trying all the case combinations to get at + the link name. Finally set up the symbolic links to point to the + network shares you want, and start Samba.

Users on Dfs-aware clients can now browse the Dfs tree + on the Samba server at \\samba\dfs. Accessing + links linka or linkb (which appear as directories to the client) + takes users directly to the appropriate shares on the network.

Notes

  • Windows clients need to be rebooted + if a previously mounted non-dfs share is made a dfs + root or vice versa. A better way is to introduce a + new share and make it the dfs root.

  • Currently there's a restriction that msdfs + symlink names should all be lowercase.

  • For security purposes, the directory + acting as the root of the Dfs tree should have ownership + and permissions set so that only designated users can + modify the symbolic links in the directory.

\ No newline at end of file diff --git a/docs/htmldocs/net.8.html b/docs/htmldocs/net.8.html new file mode 100644 index 00000000000..77cb2b2b380 --- /dev/null +++ b/docs/htmldocs/net.8.html @@ -0,0 +1,106 @@ +net

net

Name

net -- Tool for administration of Samba and remote + CIFS servers.

Synopsis

net {<ads|rap|rpc>}

DESCRIPTION

This tool is part of the Samba suite.

OPTIONS

COMMANDS

VERSION

This man page is incomplete for version 3.0 of the Samba + suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The current set of manpages and documentation is maintained + by the Samba Team in the same fashion as the Samba source code.

\ No newline at end of file diff --git a/docs/htmldocs/nmbd.8.html b/docs/htmldocs/nmbd.8.html new file mode 100644 index 00000000000..4e5993f3bc4 --- /dev/null +++ b/docs/htmldocs/nmbd.8.html @@ -0,0 +1,695 @@ +nmbd

nmbd

Name

nmbd -- NetBIOS name server to provide NetBIOS + over IP naming services to clients

Synopsis

nmbd [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-d <debug level>] [-H <lmhosts file>] [-l <log directory>] [-n <primary netbios name>] [-p <port number>] [-s <configuration file>]

DESCRIPTION

This program is part of the Samba suite.

nmbd is a server that understands + and can reply to NetBIOS over IP name service requests, like + those produced by SMB/CIFS clients such as Windows 95/98/ME, + Windows NT, Windows 2000, and LanManager clients. It also + participates in the browsing protocols which make up the + Windows "Network Neighborhood" view.

SMB/CIFS clients, when they start up, may wish to + locate an SMB/CIFS server. That is, they wish to know what + IP number a specified host is using.

Amongst other services, nmbd will + listen for such requests, and if its own NetBIOS name is + specified it will respond with the IP number of the host it + is running on. Its "own NetBIOS name" is by + default the primary DNS name of the host it is running on, + but this can be overridden with the -n + option (see OPTIONS below). Thus nmbd will + reply to broadcast queries for its own name(s). Additional + names for nmbd to respond on can be set + via parameters in the smb.conf(5) configuration file.

nmbd can also be used as a WINS + (Windows Internet Name Server) server. What this basically means + is that it will act as a WINS database server, creating a + database from name registration requests that it receives and + replying to queries from clients for these names.

In addition, nmbd can act as a WINS + proxy, relaying broadcast queries from clients that do + not understand how to talk the WINS protocol to a WIN + server.

OPTIONS

-D

If specified, this parameter causes + nmbd to operate as a daemon. That is, + it detaches itself and runs in the background, fielding + requests on the appropriate port. By default, nmbd + will operate as a daemon if launched from a command shell. + nmbd can also be operated from the inetd + meta-daemon, although this is not recommended. +

-a

If this parameter is specified, each new + connection will append log messages to the log file. + This is the default.

-i

If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. +

-o

If this parameter is specified, the + log files will be overwritten when opened. By default, + smbd will append entries to the log + files.

-h

Prints the help information (usage) + for nmbd.

-H <filename>

NetBIOS lmhosts file. The lmhosts + file is a list of NetBIOS names to IP addresses that + is loaded by the nmbd server and used via the name + resolution mechanism name resolve order described in smb.conf(5) + to resolve any NetBIOS name queries needed by the server. Note + that the contents of this file are NOT + used by nmbd to answer any name queries. + Adding a line to this file affects name NetBIOS resolution + from this host ONLY.

The default path to this file is compiled into + Samba as part of the build process. Common defaults + are /usr/local/samba/lib/lmhosts, + /usr/samba/lib/lmhosts or + /etc/lmhosts. See the lmhosts(5) man page for details on the + contents of this file.

-V

Prints the version number for + nmbd.

-d <debug level>

debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.

The higher this value, the more detail will + be logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.

Levels above 1 will generate considerable amounts + of log data, and should only be used when investigating + a problem. Levels above 3 are designed for use only by developers + and generate HUGE amounts of log data, most of which is extremely + cryptic.

Note that specifying this parameter here will override + the log level + parameter in the smb.conf file.

-l <log directory>

The -l parameter specifies a directory + into which the "log.nmbd" log file will be created + for operational data from the running + nmbd server.

The default log directory is compiled into Samba + as part of the build process. Common defaults are /usr/local/samba/var/log.nmb, /usr/samba/var/log.nmb or + /var/log/log.nmb.

-n <primary NetBIOS name>

This option allows you to override + the NetBIOS name that Samba uses for itself. This is identical + to setting the NetBIOS name parameter in the + smb.conf file. However, a command + line setting will take precedence over settings in + smb.conf.

-p <UDP port number>

UDP port number is a positive integer value. + This option changes the default UDP port number (normally 137) + that nmbd responds to name queries on. Don't + use this option unless you are an expert, in which case you + won't need help!

-s <configuration file>

The default configuration file name + is set at build time, typically as /usr/local/samba/lib/smb.conf, but + this may be changed when Samba is autoconfigured.

The file specified contains the configuration details + required by the server. See + smb.conf(5) for more information. +

FILES

/etc/inetd.conf

If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. See the UNIX_INSTALL.html document + for details. +

/etc/rc

or whatever initialization script your + system uses).

If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. See the UNIX_INSTALL.html document + for details.

/etc/services

If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + See the UNIX_INSTALL.html + document for details.

/usr/local/samba/lib/smb.conf

This is the default location of the + smb.conf + server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/smb.conf.

When run as a WINS server (see the + wins support + parameter in the smb.conf(5) man page), + nmbd + will store the WINS database in the file wins.dat + in the var/locks directory configured under + wherever Samba was configured to install itself.

If nmbd is acting as a browse master (see the local master + parameter in the smb.conf(5) man page, + nmbd + will store the browsing database in the file browse.dat + in the var/locks directory + configured under wherever Samba was configured to install itself. +

SIGNALS

To shut down an nmbd process it is recommended + that SIGKILL (-9) NOT be used, except as a last + resort, as this may leave the name database in an inconsistent state. + The correct way to terminate nmbd is to send it + a SIGTERM (-15) signal and wait for it to die on its own.

nmbd will accept SIGHUP, which will cause + it to dump out its namelists into the file namelist.debug + in the /usr/local/samba/var/locks + directory (or the var/locks directory configured + under wherever Samba was configured to install itself). This will also + cause nmbd to dump out its server database in + the log.nmb file.

The debug log level of nmbd may be raised or lowered using + smbcontrol(1) + (SIGUSR[1|2] signals are no longer used in Samba 2.2). This is + to allow transient problems to be diagnosed, whilst still running + at a normally low log level.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

inetd(8), smbd(8), + smb.conf(5) + , smbclient(1) + , testparm(1), testprns(1), and the Internet RFC's + rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/nmblookup.1.html b/docs/htmldocs/nmblookup.1.html new file mode 100644 index 00000000000..c87d7d35db9 --- /dev/null +++ b/docs/htmldocs/nmblookup.1.html @@ -0,0 +1,394 @@ +nmblookup

nmblookup

Name

nmblookup -- NetBIOS over TCP/IP client used to lookup NetBIOS + names

Synopsis

nmblookup [-M] [-R] [-S] [-r] [-A] [-h] [-B <broadcast address>] [-U <unicast address>] [-d <debug level>] [-s <smb config file>] [-i <NetBIOS scope>] [-T] {name}

DESCRIPTION

This tool is part of the Samba suite.

nmblookup is used to query NetBIOS names + and map them to IP addresses in a network using NetBIOS over TCP/IP + queries. The options allow the name queries to be directed at a + particular IP broadcast area or to a particular machine. All queries + are done over UDP.

OPTIONS

-M

Searches for a master browser by looking + up the NetBIOS name name with a + type of 0x1d. If name is "-" then it does a lookup on the special name + __MSBROWSE__.

-R

Set the recursion desired bit in the packet + to do a recursive lookup. This is used when sending a name + query to a machine running a WINS server and the user wishes + to query the names in the WINS server. If this bit is unset + the normal (broadcast responding) NetBIOS processing code + on a machine is used instead. See rfc1001, rfc1002 for details. +

-S

Once the name query has returned an IP + address then do a node status query as well. A node status + query returns the NetBIOS names registered by a host. +

-r

Try and bind to UDP port 137 to send and receive UDP + datagrams. The reason for this option is a bug in Windows 95 + where it ignores the source port of the requesting packet + and only replies to UDP port 137. Unfortunately, on most UNIX + systems root privilege is needed to bind to this port, and + in addition, if the nmbd(8) + daemon is running on this machine it also binds to this port. +

-A

Interpret name as + an IP Address and do a node status query on this address.

-h

Print a help (usage) message.

-B <broadcast address>

Send the query to the given broadcast address. Without + this option the default behavior of nmblookup is to send the + query to the broadcast address of the network interfaces as + either auto-detected or defined in the interfaces + parameter of the smb.conf (5) file. +

-U <unicast address>

Do a unicast query to the specified address or + host unicast address. This option + (along with the -R option) is needed to + query a WINS server.

-d <debuglevel>

debuglevel is an integer from 0 to 10.

The default value if this parameter is not specified + is zero.

The higher this value, the more detail will be logged + about the activities of nmblookup. At level + 0, only critical errors and serious warnings will be logged.

Levels above 1 will generate considerable amounts of + log data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of data, most of which is extremely cryptic.

Note that specifying this parameter here will override + the log level parameter in the smb.conf(5) file.

-s <smb.conf>

This parameter specifies the pathname to + the Samba configuration file, smb.conf(5). This file controls all aspects of + the Samba setup on the machine.

-i <scope>

This specifies a NetBIOS scope that + nmblookup will use to communicate with when + generating NetBIOS names. For details on the use of NetBIOS + scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are + very rarely used, only set this parameter + if you are the system administrator in charge of all the + NetBIOS systems you communicate with.

-T

This causes any IP addresses found in the + lookup to be looked up via a reverse DNS lookup into a + DNS name, and printed out before each

IP address .... NetBIOS name

pair that is the normal output.

name

This is the NetBIOS name being queried. Depending + upon the previous options this may be a NetBIOS name or IP address. + If a NetBIOS name then the different name types may be specified + by appending '#<type>' to the name. This name may also be + '*', which will return all registered names within a broadcast + area.

EXAMPLES

nmblookup can be used to query + a WINS server (in the same way nslookup is + used to query DNS servers). To query a WINS server, + nmblookup must be called like this:

nmblookup -U server -R 'name'

For example, running :

nmblookup -U samba.org -R 'IRIX#1B'

would query the WINS server samba.org for the domain + master browser (1B name type) for the IRIX workgroup.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

nmbd(8), + samba(7), and smb.conf(5) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/pdbedit.8.html b/docs/htmldocs/pdbedit.8.html new file mode 100644 index 00000000000..9609664af05 --- /dev/null +++ b/docs/htmldocs/pdbedit.8.html @@ -0,0 +1,426 @@ +pdbedit

pdbedit

Name

pdbedit -- manage the SAM database

Synopsis

pdbedit [-l] [-v] [-w] [-u username] [-f fullname] [-h homedir] [-d drive] [-s script] [-p profile] [-a] [-m] [-x] [-i file]

DESCRIPTION

This tool is part of the Samba suite.

The pdbedit program is used to manage the users accounts + stored in the sam database and can be run only by root.

The pdbedit tool use the passdb modular interface and is + independent from the kind of users database used (currently there + are smbpasswd, ldap, nis+ and tdb based and more can be addedd + without changing the tool).

There are five main ways to use pdbedit: adding a user account, + removing a user account, modifing a user account, listing user + accounts, importing users accounts.

OPTIONS

-l

This option list all the user accounts + present in the users database. + This option prints a list of user/uid pairs separated by + the ':' character.

Example: pdbedit -l

		sorce:500:Simo Sorce
+		samba:45:Test User
+

-v

This option sets the verbose listing format. + It will make pdbedit list the users in the database printing + out the account fields in a descriptive format.

Example: pdbedit -l -v

		---------------
+		username:       sorce
+		user ID/Group:  500/500
+		user RID/GRID:  2000/2001
+		Full Name:      Simo Sorce
+		Home Directory: \\BERSERKER\sorce
+		HomeDir Drive:  H:
+		Logon Script:   \\BERSERKER\netlogon\sorce.bat
+		Profile Path:   \\BERSERKER\profile
+		---------------
+		username:       samba
+		user ID/Group:  45/45
+		user RID/GRID:  1090/1091
+		Full Name:      Test User
+		Home Directory: \\BERSERKER\samba
+		HomeDir Drive:  
+		Logon Script:   
+		Profile Path:   \\BERSERKER\profile
+

-w

This option sets the "smbpasswd" listing format. + It will make pdbedit list the users in the database printing + out the account fields in a format compatible with the + smbpasswd file format. (see the smbpasswd(5) for details)

Example: pdbedit -l -w

		sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX         ]:LCT-00000000:
+		samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX         ]:LCT-3BFA1E8D:
+

-u username

This option specifies that the username to be + used for the operation requested (listing, adding, removing) + It is required in add, remove and modify + operations and optional in list + operations.

-f fullname

This option can be used while adding or + modifing a user account. It will specify the user's full + name.

Example: -f "Simo Sorce"

-h homedir

This option can be used while adding or + modifing a user account. It will specify the user's home + directory network path.

Example: -h "\\\\BERSERKER\\sorce" +

-d drive

This option can be used while adding or + modifing a user account. It will specify the windows drive + letter to be used to map the home directory.

Example: -d "H:" +

-s script

This option can be used while adding or + modifing a user account. It will specify the user's logon + script path.

Example: -s "\\\\BERSERKER\\netlogon\\sorce.bat" +

-p profile

This option can be used while adding or + modifing a user account. It will specify the user's profile + directory.

Example: -p "\\\\BERSERKER\\netlogon" +

-a

This option is used to add a user into the + database. This command need the user name be specified with + the -u switch. When adding a new user pdbedit will also + ask for the password to be used

Example: pdbedit -a -u sorce + 
new password:
+		retype new password
+

-m

This option may only be used in conjunction + with the -a option. It will make + pdbedit to add a machine trust account instead of a user + account (-u username will provide the machine name).

Example: pdbedit -a -m -u w2k-wks +

-x

This option causes pdbedit to delete an account + from the database. It need the username be specified with the + -u switch.

Example: pdbedit -x -u bob

-i file

This command is used to import a smbpasswd + file into the database.

This option will ease migration from the plain smbpasswd + file database to more powerful backend databases like tdb and + ldap.

Example: pdbedit -i /etc/smbpasswd.old +

NOTES

This command may be used only by root.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbpasswd(8), + samba(7) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/printer_driver2.html b/docs/htmldocs/printer_driver2.html new file mode 100644 index 00000000000..b3dbc9f9fcb --- /dev/null +++ b/docs/htmldocs/printer_driver2.html @@ -0,0 +1,987 @@ +Printing Support in Samba 2.2.x

Introduction

Beginning with the 2.2.0 release, Samba supports +the native Windows NT printing mechanisms implemented via +MS-RPC (i.e. the SPOOLSS named pipe). Previous versions of +Samba only supported LanMan printing calls.

The additional functionality provided by the new +SPOOLSS support includes:

  • Support for downloading printer driver + files to Windows 95/98/NT/2000 clients upon demand. +

  • Uploading of printer drivers via the + Windows NT Add Printer Wizard (APW) or the + Imprints tool set (refer to http://imprints.sourceforge.net). +

  • Support for the native MS-RPC printing + calls such as StartDocPrinter, EnumJobs(), etc... (See + the MSDN documentation at http://msdn.microsoft.com/ + for more information on the Win32 printing API) +

  • Support for NT Access Control Lists (ACL) + on printer objects

  • Improved support for printer queue manipulation + through the use of an internal databases for spooled job + information

There has been some initial confusion about what all this means +and whether or not it is a requirement for printer drivers to be +installed on a Samba host in order to support printing from Windows +clients. A bug existed in Samba 2.2.0 which made Windows NT/2000 clients +require that the Samba server possess a valid driver for the printer. +This is fixed in Samba 2.2.1 and once again, Windows NT/2000 clients +can use the local APW for installing drivers to be used with a Samba +served printer. This is the same behavior exhibited by Windows 9x clients. +As a side note, Samba does not use these drivers in any way to process +spooled files. They are utilized entirely by the clients.

The following MS KB article, may be of some help if you are dealing with +Windows 2000 clients: How to Add Printers with No User +Interaction in Windows 2000

http://support.microsoft.com/support/kb/articles/Q189/1/05.ASP

Configuration

[print$] vs. [printer$]

Previous versions of Samba recommended using a share named [printer$]. +This name was taken from the printer$ service created by Windows 9x +clients when a printer was shared. Windows 9x printer servers always have +a printer$ service which provides read-only access via no +password in order to support printer driver downloads.

However, the initial implementation allowed for a +parameter named printer driver location +to be used on a per share basis to specify the location of +the driver files associated with that printer. Another +parameter named printer driver provided +a means of defining the printer driver name to be sent to +the client.

These parameters, including printer driver +file parameter, are being depreciated and should not +be used in new installations. For more information on this change, +you should refer to the Migration section +of this document.

Creating [print$]

In order to support the uploading of printer driver +files, you must first configure a file share named [print$]. +The name of this share is hard coded in Samba's internals so +the name is very important (print$ is the service used by +Windows NT print servers to provide support for printer driver +download).

You should modify the server's smb.conf file to add the global +parameters and to create the +following file share (of course, some of the parameter values, +such as 'path' are arbitrary and should be replaced with +appropriate values for your site):

[global]
+    ; members of the ntadmin group should be able
+    ; to add drivers and set printer properties
+    ; root is implicitly a 'printer admin'
+    printer admin = @ntadmin
+
+[print$]
+    path = /usr/local/samba/printers
+    guest ok = yes
+    browseable = yes
+    read only = yes
+    ; since this share is configured as read only, then we need
+    ; a 'write list'.  Check the file system permissions to make
+    ; sure this account can copy files to the share.  If this
+    ; is setup to a non-root account, then it should also exist
+    ; as a 'printer admin'
+    write list = @ntadmin,root

The write list is used to allow administrative +level user accounts to have write access in order to update files +on the share. See the smb.conf(5) +man page for more information on configuring file shares.

The requirement for guest +ok = yes depends upon how your +site is configured. If users will be guaranteed to have +an account on the Samba host, then this is a non-issue.

Author's Note: The non-issue is that if all your Windows NT users are guaranteed to be +authenticated by the Samba server (such as a domain member server and the NT +user has already been validated by the Domain Controller in +order to logon to the Windows NT console), then guest access +is not necessary. Of course, in a workgroup environment where +you just want to be able to print without worrying about +silly accounts and security, then configure the share for +guest access. You'll probably want to add map to guest = Bad User in the [global] section as well. Make sure +you understand what this parameter does before using it +though. --jerry

In order for a Windows NT print server to support +the downloading of driver files by multiple client architectures, +it must create subdirectories within the [print$] service +which correspond to each of the supported client architectures. +Samba follows this model as well.

Next create the directory tree below the [print$] share +for each architecture you wish to support.

[print$]-----
+        |-W32X86           ; "Windows NT x86"
+        |-WIN40            ; "Windows 95/98"
+        |-W32ALPHA         ; "Windows NT Alpha_AXP"
+        |-W32MIPS          ; "Windows NT R4000"
+        |-W32PPC           ; "Windows NT PowerPC"

ATTENTION! REQUIRED PERMISSIONS

In order to currently add a new driver to you Samba host, +one of two conditions must hold true:

  • The account used to connect to the Samba host + must have a uid of 0 (i.e. a root account)

  • The account used to connect to the Samba host + must be a member of the printer + admin list.

Of course, the connected account must still possess access +to add files to the subdirectories beneath [print$]. Remember +that all file shares are set to 'read only' by default.

Once you have created the required [print$] service and +associated subdirectories, simply log onto the Samba server using +a root (or printer admin) account +from a Windows NT 4.0/2k client. Open "Network Neighbourhood" or +"My Network Places" and browse for the Samba host. Once you have located +the server, navigate to the "Printers..." folder. +You should see an initial listing of printers +that matches the printer shares defined on your Samba host.

Setting Drivers for Existing Printers

The initial listing of printers in the Samba host's +Printers folder will have no real printer driver assigned +to them. By default, in Samba 2.2.0 this driver name was set to +NO PRINTER DRIVER AVAILABLE FOR THIS PRINTER. +Later versions changed this to a NULL string to allow the use +tof the local Add Printer Wizard on NT/2000 clients. +Attempting to view the printer properties for a printer +which has this default driver assigned will result in +the error message:

Device settings cannot be displayed. The driver +for the specified printer is not installed, only spooler +properties will be displayed. Do you want to install the +driver now?

Click "No" in the error dialog and you will be presented with +the printer properties window. The way assign a driver to a +printer is to either

  • Use the "New Driver..." button to install + a new printer driver, or

  • Select a driver from the popup list of + installed drivers. Initially this list will be empty.

If you wish to install printer drivers for client +operating systems other than "Windows NT x86", you will need +to use the "Sharing" tab of the printer properties dialog.

Assuming you have connected with a root account, you +will also be able modify other printer properties such as +ACLs and device settings using this dialog box.

A few closing comments for this section, it is possible +on a Windows NT print server to have printers +listed in the Printers folder which are not shared. Samba does +not make this distinction. By definition, the only printers of +which Samba is aware are those which are specified as shares in +smb.conf.

Another interesting side note is that Windows NT clients do +not use the SMB printer share, but rather can print directly +to any printer on another Windows NT host using MS-RPC. This +of course assumes that the printing client has the necessary +privileges on the remote host serving the printer. The default +permissions assigned by Windows NT to a printer gives the "Print" +permissions to the "Everyone" well-known group.

Support a large number of printers

One issue that has arisen during the development +phase of Samba 2.2 is the need to support driver downloads for +100's of printers. Using the Windows NT APW is somewhat +awkward to say the list. If more than one printer are using the +same driver, the rpcclient's +setdriver command can be used to set the driver +associated with an installed driver. The following is example +of how this could be accomplished:

 
+$ rpcclient pogo -U root%secret -c "enumdrivers"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+ 
+[Windows NT x86]
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4000 Series PS]
+ 
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 2100 Series PS]
+ 
+Printer Driver Info 1:
+     Driver Name: [HP LaserJet 4Si/4SiMX PS]
+				  
+$ rpcclient pogo -U root%secret -c "enumprinters"
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+     flags:[0x800000]
+     name:[\\POGO\hp-print]
+     description:[POGO\\POGO\hp-print,NO DRIVER AVAILABLE FOR THIS PRINTER,]
+     comment:[]
+				  
+$ rpcclient pogo -U root%secret \
+>  -c "setdriver hp-print \"HP LaserJet 4000 Series PS\""
+Domain=[NARNIA] OS=[Unix] Server=[Samba 2.2.0-alpha3]
+Successfully set hp-print to driver HP LaserJet 4000 Series PS.

Adding New Printers via the Windows NT APW

By default, Samba offers all printer shares defined in smb.conf +in the "Printers..." folder. Also existing in this folder is the Windows NT +Add Printer Wizard icon. The APW will be show only if

  • The connected user is able to successfully + execute an OpenPrinterEx(\\server) with administrative + privileges (i.e. root or printer admin). +

  • show + add printer wizard = yes (the default). +

In order to be able to use the APW to successfully add a printer to a Samba +server, the add +printer command must have a defined value. The program +hook must successfully add the printer to the system (i.e. +/etc/printcap or appropriate files) and +smb.conf if necessary.

When using the APW from a client, if the named printer share does +not exist, smbd will execute the add printer +command and reparse to the smb.conf +to attempt to locate the new printer share. If the share is still not defined, +an error of "Access Denied" is returned to the client. Note that the +add printer program is executed under the context +of the connected user, not necessarily a root account.

There is a complementing delete +printer command for removing entries from the "Printers..." +folder.

Samba and Printer Ports

Windows NT/2000 print servers associate a port with each printer. These normally +take the form of LPT1:, COM1:, FILE:, etc... Samba must also support the +concept of ports associated with a printer. By default, only one printer port, +named "Samba Printer Port", exists on a system. Samba does not really a port in +order to print, rather it is a requirement of Windows clients.

Note that Samba does not support the concept of "Printer Pooling" internally +either. This is when a logical printer is assigned to multiple ports as +a form of load balancing or fail over.

If you require that multiple ports be defined for some reason, +smb.conf possesses a enumports +command which can be used to define an external program +that generates a listing of ports on a system.

The Imprints Toolset

The Imprints tool set provides a UNIX equivalent of the + Windows NT Add Printer Wizard. For complete information, please + refer to the Imprints web site at http://imprints.sourceforge.net/ as well as the documentation + included with the imprints source distribution. This section will + only provide a brief introduction to the features of Imprints.

What is Imprints?

Imprints is a collection of tools for supporting the goals + of

  • Providing a central repository information + regarding Windows NT and 95/98 printer driver packages

  • Providing the tools necessary for creating + the Imprints printer driver packages.

  • Providing an installation client which + will obtain and install printer drivers on remote Samba + and Windows NT 4 print servers.

Creating Printer Driver Packages

The process of creating printer driver packages is beyond + the scope of this document (refer to Imprints.txt also included + with the Samba distribution for more information). In short, + an Imprints driver package is a gzipped tarball containing the + driver files, related INF files, and a control file needed by the + installation client.

The Imprints server

The Imprints server is really a database server that + may be queried via standard HTTP mechanisms. Each printer + entry in the database has an associated URL for the actual + downloading of the package. Each package is digitally signed + via GnuPG which can be used to verify that package downloaded + is actually the one referred in the Imprints database. It is + not recommended that this security check + be disabled.

The Installation Client

More information regarding the Imprints installation client + is available in the Imprints-Client-HOWTO.ps + file included with the imprints source package.

The Imprints installation client comes in two forms.

  • a set of command line Perl scripts

  • a GTK+ based graphical interface to + the command line perl scripts

The installation client (in both forms) provides a means + of querying the Imprints database server for a matching + list of known printer model names as well as a means to + download and install the drivers on remote Samba and Windows + NT print servers.

The basic installation process is in four steps and + perl code is wrapped around smbclient + and rpcclient.

	
+foreach (supported architecture for a given driver)
+{
+     1.  rpcclient: Get the appropriate upload directory 
+         on the remote server
+     2.  smbclient: Upload the driver files
+     3.  rpcclient: Issues an AddPrinterDriver() MS-RPC
+}
+	
+4.  rpcclient: Issue an AddPrinterEx() MS-RPC to actually
+    create the printer

One of the problems encountered when implementing + the Imprints tool set was the name space issues between + various supported client architectures. For example, Windows + NT includes a driver named "Apple LaserWriter II NTX v51.8" + and Windows 95 calls its version of this driver "Apple + LaserWriter II NTX"

The problem is how to know what client drivers have + been uploaded for a printer. As astute reader will remember + that the Windows NT Printer Properties dialog only includes + space for one printer driver name. A quick look in the + Windows NT 4.0 system registry at

HKLM\System\CurrentControlSet\Control\Print\Environment +

will reveal that Windows NT always uses the NT driver + name. This is ok as Windows NT always requires that at least + the Windows NT version of the printer driver is present. + However, Samba does not have the requirement internally. + Therefore, how can you use the NT driver name if is has not + already been installed?

The way of sidestepping this limitation is to require + that all Imprints printer driver packages include both the Intel + Windows NT and 95/98 printer drivers and that NT driver is + installed first.

Migration to from Samba 2.0.x to 2.2.x

Given that printer driver management has changed (we hope improved) in +2.2 over prior releases, migration from an existing setup to 2.2 can +follow several paths. Here are the possible scenarios for +migration:

  • If you do not desire the new Windows NT + print driver support, nothing needs to be done. + All existing parameters work the same.

  • If you want to take advantage of NT printer + driver support but do not want to migrate the + 9x drivers to the new setup, the leave the existing + printers.def file. When smbd attempts + to locate a + 9x driver for the printer in the TDB and fails it + will drop down to using the printers.def (and all + associated parameters). The make_printerdef + tool will also remain for backwards compatibility but will + be removed in the next major release.

  • If you install a Windows 9x driver for a printer + on your Samba host (in the printing TDB), this information will + take precedence and the three old printing parameters + will be ignored (including print driver location).

  • If you want to migrate an existing printers.def + file into the new setup, the current only solution is to use the Windows + NT APW to install the NT drivers and the 9x drivers. This can be scripted + using smbclient and rpcclient. See the + Imprints installation client at http://imprints.sourceforge.net/ + for an example. +

Achtung!

The following smb.conf parameters are considered to +be deprecated and will be removed soon. Do not use them in new +installations

  • printer driver file (G) +

  • printer driver (S) +

  • printer driver location (S) +

The have been two new parameters add in Samba 2.2.2 to for +better support of Samba 2.0.x backwards capability (disable +spoolss) and for using local printers drivers on Windows +NT/2000 clients (use client driver). Both of +these options are described in the smb.coinf(5) man page and are +disabled by default.

\ No newline at end of file diff --git a/docs/htmldocs/rpcclient.1.html b/docs/htmldocs/rpcclient.1.html new file mode 100644 index 00000000000..98a19c6ea2d --- /dev/null +++ b/docs/htmldocs/rpcclient.1.html @@ -0,0 +1,719 @@ +rpcclient

rpcclient

Name

rpcclient -- tool for executing client side + MS-RPC functions

Synopsis

rpcclient {server} [-A authfile] [-c <command string>] [-d debuglevel] [-h] [-l logfile] [-N] [-s <smb config file>] [-U username[%password]] [-W workgroup] [-N]

DESCRIPTION

This tool is part of the Samba suite.

rpcclient is a utility initially developed + to test MS-RPC functionality in Samba itself. It has undergone + several stages of development and stability. Many system administrators + have now written scripts around it to manage Windows NT clients from + their UNIX workstation.

OPTIONS

server

NetBIOS name of Server to which to connect. + The server can be any SMB/CIFS server. The name is + resolved using the name resolve order line from + smb.conf(5).

-A filename

This option allows + you to specify a file from which to read the username and + password used in the connection. The format of the file is + 

		username = <value> 
+		password = <value>
+		domain   = <value>
+

Make certain that the permissions on the file restrict + access from unwanted users.

-c 'command string'

execute semicolon separated commands (listed + below))

-d debuglevel

set the debuglevel. Debug level 0 is the lowest + and 100 being the highest. This should be set to 100 if you are + planning on submitting a bug report to the Samba team (see BUGS.txt). +

-h

Print a summary of command line options. +

-l logbasename

File name for log/debug files. The extension + '.client' will be appended. The log file is never removed + by the client. +

-N

instruct rpcclient not to ask + for a password. By default, rpcclient will prompt + for a password. See also the -U option.

-s smb.conf

Specifies the location of the all important + smb.conf file.

-U username[%password]

Sets the SMB username or username and password.

If %password is not specified, the user will be prompted. The + client will first check the USER environment variable, then the + LOGNAME variable and if either exists, the + string is uppercased. If these environmental variables are not + found, the username GUEST is used.

A third option is to use a credentials file which + contains the plaintext of the username and password. This + option is mainly provided for scripts where the admin doesn't + desire to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + -A for more details.

Be cautious about including passwords in scripts. Also, on + many systems the command line of a running process may be seen + via the ps command. To be safe always allow + rpcclient to prompt for a password and type + it in directly.

-W domain

Set the SMB domain of the username. This + overrides the default domain which is the domain defined in + smb.conf. If the domain specified is the same as the server's NetBIOS name, + it causes the client to log on using the server's local SAM (as + opposed to the Domain SAM).

COMMANDS

LSARPC

  • lsaquery

  • lookupsids - Resolve a list + of SIDs to usernames. +

  • lookupnames - Resolve s list + of usernames to SIDs. +

  • enumtrusts

SAMR

  • queryuser

  • querygroup

  • queryusergroups

  • querygroupmem

  • queryaliasmem

  • querydispinfo

  • querydominfo

  • enumdomgroups

SPOOLSS

  • adddriver <arch> <config> + - Execute an AddPrinterDriver() RPC to install the printer driver + information on the server. Note that the driver files should + already exist in the directory returned by + getdriverdir. Possible values for + arch are the same as those for + the getdriverdir command. + The config parameter is defined as + follows: 

    		Long Printer Name:\
+		Driver File Name:\
+		Data File Name:\
+		Config File Name:\
+		Help File Name:\
+		Language Monitor Name:\
+		Default Data Type:\
+		Comma Separated list of Files
+

    Any empty fields should be enter as the string "NULL".

    Samba does not need to support the concept of Print Monitors + since these only apply to local printers whose driver can make + use of a bi-directional link for communication. This field should + be "NULL". On a remote NT print server, the Print Monitor for a + driver must already be installed prior to adding the driver or + else the RPC will fail.

  • addprinter <printername> + <sharename> <drivername> <port> + - Add a printer on the remote server. This printer + will be automatically shared. Be aware that the printer driver + must already be installed on the server (see adddriver) + and the portmust be a valid port name (see + enumports.

  • deldriver - Delete the + specified printer driver for all architectures. This + does not delete the actual driver files from the server, + only the entry from the server's list of drivers. +

  • enumdata - Enumerate all + printer setting data stored on the server. On Windows NT clients, + these values are stored in the registry, while Samba servers + store them in the printers TDB. This command corresponds + to the MS Platform SDK GetPrinterData() function (* This + command is currently unimplemented).

  • enumjobs <printer> + - List the jobs and status of a given printer. + This command corresponds to the MS Platform SDK EnumJobs() + function (* This command is currently unimplemented).

  • enumports [level] + - Executes an EnumPorts() call using the specified + info level. Currently only info levels 1 and 2 are supported. +

  • enumdrivers [level] + - Execute an EnumPrinterDrivers() call. This lists the various installed + printer drivers for all architectures. Refer to the MS Platform SDK + documentation for more details of the various flags and calling + options. Currently supported info levels are 1, 2, and 3.

  • enumprinters [level] + - Execute an EnumPrinters() call. This lists the various installed + and share printers. Refer to the MS Platform SDK documentation for + more details of the various flags and calling options. Currently + supported info levels are 0, 1, and 2.

  • getdata <printername> + - Retrieve the data for a given printer setting. See + the enumdata command for more information. + This command corresponds to the GetPrinterData() MS Platform + SDK function (* This command is currently unimplemented).

  • getdriver <printername> + - Retrieve the printer driver information (such as driver file, + config file, dependent files, etc...) for + the given printer. This command corresponds to the GetPrinterDriver() + MS Platform SDK function. Currently info level 1, 2, and 3 are supported. +

  • getdriverdir <arch> + - Execute a GetPrinterDriverDirectory() + RPC to retreive the SMB share name and subdirectory for + storing printer driver files for a given architecture. Possible + values for arch are "Windows 4.0" + (for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows + Alpha_AXP", and "Windows NT R4000".

  • getprinter <printername> + - Retrieve the current printer information. This command + corresponds to the GetPrinter() MS Platform SDK function. +

  • openprinter <printername> + - Execute an OpenPrinterEx() and ClosePrinter() RPC + against a given printer.

  • setdriver <printername> <drivername> + - Execute a SetPrinter() command to update the printer driver associated + with an installed printer. The printer driver must already be correctly + installed on the print server.

    See also the enumprinters and + enumdrivers commands for obtaining a list of + of installed printers and drivers.

GENERAL OPTIONS

  • debuglevel - Set the current debug level + used to log information.

  • help (?) - Print a listing of all + known commands or extended help on a particular command. +

  • quit (exit) - Exit rpcclient + .

BUGS

rpcclient is designed as a developer testing tool + and may not be robust in certain areas (such as command line parsing). + It has been known to generate a core dump upon failures when invalid + parameters where passed to the interpreter.

From Luke Leighton's original rpcclient man page:

"WARNING! The MSRPC over SMB code has + been developed from examining Network traces. No documentation is + available from the original creators (Microsoft) on how MSRPC over + SMB works, or how the individual MSRPC services work. Microsoft's + implementation of these services has been demonstrated (and reported) + to be... a bit flaky in places.

The development of Samba's implementation is also a bit rough, + and as more of the services are understood, it can even result in + versions of smbd(8) and rpcclient(1) + that are incompatible for some commands or services. Additionally, + the developers are sending reports to Microsoft, and problems found + or reported to Microsoft are fixed in Service Packs, which may + result in incompatibilities."

VERSION

This man page is correct for version 2.2 of the Samba + suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original rpcclient man page was written by Matthew + Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. + The conversion to DocBook for Samba 2.2 was done by Gerald + Carter.

\ No newline at end of file diff --git a/docs/htmldocs/samba.7.html b/docs/htmldocs/samba.7.html new file mode 100644 index 00000000000..6fb9eac5784 --- /dev/null +++ b/docs/htmldocs/samba.7.html @@ -0,0 +1,365 @@ +samba

samba

Name

SAMBA -- A Windows SMB/CIFS fileserver for UNIX

Synopsis

Samba

DESCRIPTION

The Samba software suite is a collection of programs + that implements the Server Message Block (commonly abbreviated + as SMB) protocol for UNIX systems. This protocol is sometimes + also referred to as the Common Internet File System (CIFS), + LanManager or NetBIOS protocol.

smbd

The smbd + daemon provides the file and print services to + SMB clients, such as Windows 95/98, Windows NT, Windows + for Workgroups or LanManager. The configuration file + for this daemon is described in smb.conf +

nmbd

The nmbd + daemon provides NetBIOS nameserving and browsing + support. The configuration file for this daemon + is described in smb.conf

smbclient

The smbclient + program implements a simple ftp-like client. This + is useful for accessing SMB shares on other compatible + servers (such as Windows NT), and can also be used + to allow a UNIX box to print to a printer attached to + any SMB server (such as a PC running Windows NT).

testparm

The testparm + utility is a simple syntax checker for Samba's + smb.confconfiguration file.

testprns

The testprns + utility supports testing printer names defined + in your printcap> file used + by Samba.

smbstatus

The smbstatus + tool provides access to information about the + current connections to smbd.

nmblookup

The nmblookup + tools allows NetBIOS name queries to be made + from a UNIX host.

make_smbcodepage

The make_smbcodepage + utility provides a means of creating SMB code page + definition files for your smbd server.

smbpasswd

The smbpasswd + command is a tool for changing LanMan and Windows NT + password hashes on Samba and Windows NT servers.

COMPONENTS

The Samba suite is made up of several components. Each + component is described in a separate manual page. It is strongly + recommended that you read the documentation that comes with Samba + and the manual pages of those components that you use. If the + manual pages aren't clear enough then please send a patch or + bug report to samba@samba.org

AVAILABILITY

The Samba software suite is licensed under the + GNU Public License(GPL). A copy of that license should + have come with the package in the file COPYING. You are + encouraged to distribute copies of the Samba suite, but + please obey the terms of this license.

The latest version of the Samba suite can be + obtained via anonymous ftp from samba.org in the + directory pub/samba/. It is also available on several + mirror sites worldwide.

You may also find useful information about Samba + on the newsgroup comp.protocol.smb and the Samba mailing + list. Details on how to join the mailing list are given in + the README file that comes with Samba.

If you have access to a WWW viewer (such as Netscape + or Mosaic) then you will also find lots of useful information, + including back issues of the Samba mailing list, at + http://lists.samba.org.

VERSION

This man page is correct for version 2.2 of the + Samba suite.

CONTRIBUTIONS

If you wish to contribute to the Samba project, + then I suggest you join the Samba mailing list at + http://lists.samba.org. +

If you have patches to submit or bugs to report + then you may mail them directly to samba-patches@samba.org. + Note, however, that due to the enormous popularity of this + package the Samba Team may take some time to respond to mail. We + prefer patches in diff -u format.

CONTRIBUTORS

Contributors to the project are now too numerous + to mention here but all deserve the thanks of all Samba + users. To see a full list, look at ftp://samba.org/pub/samba/alpha/change-log + for the pre-CVS changes and at ftp://samba.org/pub/samba/alpha/cvs.log + for the contributors to Samba post-CVS. CVS is the Open Source + source code control system used by the Samba Team to develop + Samba. The project would have been unmanageable without it.

In addition, several commercial organizations now help + fund the Samba Team with money and equipment. For details see + the Samba Web pages at http://samba.org/samba/samba-thanks.html.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smb.conf.5.html b/docs/htmldocs/smb.conf.5.html new file mode 100644 index 00000000000..183cefbd3be --- /dev/null +++ b/docs/htmldocs/smb.conf.5.html @@ -0,0 +1,19015 @@ +smb.conf

smb.conf

Name

smb.conf -- The configuration file for the Samba suite

SYNOPSIS

The smb.conf file is a configuration + file for the Samba suite. smb.conf contains + runtime configuration information for the Samba programs. The + smb.conf file is designed to be configured and + administered by the swat(8) + program. The complete description of the file format and + possible parameters held within are here for reference purposes.

FILE FORMAT

The file consists of sections and parameters. A section + begins with the name of the section in square brackets and continues + until the next section begins. Sections contain parameters of the + form

name = value +

The file is line-based - that is, each newline-terminated + line represents either a comment, a section name or a parameter.

Section and parameter names are not case sensitive.

Only the first equals sign in a parameter is significant. + Whitespace before or after the first equals sign is discarded. + Leading, trailing and internal whitespace in section and parameter + names is irrelevant. Leading and trailing whitespace in a parameter + value is discarded. Internal whitespace within a parameter value + is retained verbatim.

Any line beginning with a semicolon (';') or a hash ('#') + character is ignored, as are lines containing only whitespace.

Any line ending in a '\' is continued + on the next line in the customary UNIX fashion.

The values following the equals sign in parameters are all + either a string (no quotes needed) or a boolean, which may be given + as yes/no, 0/1 or true/false. Case is not significant in boolean + values, but is preserved in string values. Some items such as + create modes are numeric.

SECTION DESCRIPTIONS

Each section in the configuration file (except for the + [global] section) describes a shared resource (known + as a "share"). The section name is the name of the + shared resource and the parameters within the section define + the shares attributes.

There are three special sections, [global], + [homes] and [printers], which are + described under special sections. The + following notes apply to ordinary section descriptions.

A share consists of a directory to which access is being + given plus a description of the access rights which are granted + to the user of the service. Some housekeeping options are + also specifiable.

Sections are either file share services (used by the + client as an extension of their native file systems) or + printable services (used by the client to access print services + on the host running the server).

Sections may be designated guest services, + in which case no password is required to access them. A specified + UNIX guest account is used to define access + privileges in this case.

Sections other than guest services will require a password + to access them. The client provides the username. As older clients + only provide passwords and not usernames, you may specify a list + of usernames to check against the password using the "user =" + option in the share definition. For modern clients such as + Windows 95/98/ME/NT/2000, this should not be necessary.

Note that the access rights granted by the server are + masked by the access rights granted to the specified or guest + UNIX user by the host system. The server does not grant more + access than the host system grants.

The following sample section defines a file space share. + The user has write access to the path /home/bar. + The share is accessed via the share name "foo":

	 	[foo]
+ 		path = /home/bar
+ 		writeable = true
+	
+

The following sample section defines a printable share. + The share is readonly, but printable. That is, the only write + access permitted is via calls to open, write to and close a + spool file. The guest ok parameter means + access will be permitted as the default guest user (specified + elsewhere):

	 	[aprinter]
+ 		path = /usr/spool/public
+ 		writeable = false
+ 		printable = true
+ 		guest ok = true
+	
+

SPECIAL SECTIONS

The [global] section

parameters in this section apply to the server + as a whole, or are defaults for sections which do not + specifically define certain items. See the notes + under PARAMETERS for more information.

The [homes] section

If a section called homes is included in the + configuration file, services connecting clients to their + home directories can be created on the fly by the server.

When the connection request is made, the existing + sections are scanned. If a match is found, it is used. If no + match is found, the requested section name is treated as a + user name and looked up in the local password file. If the + name exists and the correct password has been given, a share is + created by cloning the [homes] section.

Some modifications are then made to the newly + created share:

  • The share name is changed from homes to + the located username.

  • If no path was given, the path is set to + the user's home directory.

If you decide to use a path = line + in your [homes] section then you may find it useful + to use the %S macro. For example :

path = /data/pchome/%S

would be useful if you have different home directories + for your PCs than for UNIX access.

This is a fast and simple way to give a large number + of clients access to their home directories with a minimum + of fuss.

A similar process occurs if the requested section + name is "homes", except that the share name is not + changed to that of the requesting user. This method of using + the [homes] section works well if different users share + a client PC.

The [homes] section can specify all the parameters + a normal service section can specify, though some make more sense + than others. The following is a typical and suitable [homes] + section:

			 	[homes]
+ 			writeable = yes
+		
+

An important point is that if guest access is specified + in the [homes] section, all home directories will be + visible to all clients without a password. + In the very unlikely event that this is actually desirable, it + would be wise to also specify read only + access.

Note that the browseable flag for + auto home directories will be inherited from the global browseable + flag, not the [homes] browseable flag. This is useful as + it means setting browseable = no in + the [homes] section will hide the [homes] share but make + any auto home directories visible.

The [printers] section

This section works like [homes], + but for printers.

If a [printers] section occurs in the + configuration file, users are able to connect to any printer + specified in the local host's printcap file.

When a connection request is made, the existing sections + are scanned. If a match is found, it is used. If no match is found, + but a [homes] section exists, it is used as described + above. Otherwise, the requested section name is treated as a + printer name and the appropriate printcap file is scanned to see + if the requested section name is a valid printer share name. If + a match is found, a new printer share is created by cloning + the [printers] section.

A few modifications are then made to the newly created + share:

  • The share name is set to the located printer + name

  • If no printer name was given, the printer name + is set to the located printer name

  • If the share does not permit guest access and + no username was given, the username is set to the located + printer name.

Note that the [printers] service MUST be + printable - if you specify otherwise, the server will refuse + to load the configuration file.

Typically the path specified would be that of a + world-writeable spool directory with the sticky bit set on + it. A typical [printers] entry would look like + this:

	 	[printers]
+ 			path = /usr/spool/public
+ 			guest ok = yes
+ 			printable = yes 
+

All aliases given for a printer in the printcap file + are legitimate printer names as far as the server is concerned. + If your printing subsystem doesn't work like that, you will have + to set up a pseudo-printcap. This is a file consisting of one or + more lines like this:

			        alias|alias|alias|alias...    
+		
+

Each alias should be an acceptable printer name for + your printing subsystem. In the [global] section, specify + the new file as your printcap. The server will then only recognize + names found in your pseudo-printcap, which of course can contain + whatever aliases you like. The same technique could be used + simply to limit access to a subset of your local printers.

An alias, by the way, is defined as any component of the + first entry of a printcap record. Records are separated by newlines, + components (if there are more than one) are separated by vertical + bar symbols ('|').

NOTE: On SYSV systems which use lpstat to determine what + printers are defined on the system you may be able to use + "printcap name = lpstat" to automatically obtain a list + of printers. See the "printcap name" option + for more details.

PARAMETERS

parameters define the specific attributes of sections.

Some parameters are specific to the [global] section + (e.g., security). Some parameters are usable + in all sections (e.g., create mode). All others + are permissible only in normal sections. For the purposes of the + following descriptions the [homes] and [printers] + sections will be considered normal. The letter G + in parentheses indicates that a parameter is specific to the + [global] section. The letter S + indicates that a parameter can be specified in a service specific + section. Note that all S parameters can also be specified in + the [global] section - in which case they will define + the default behavior for all services.

parameters are arranged here in alphabetical order - this may + not create best bedfellows, but at least you can find them! Where + there are synonyms, the preferred synonym is described, others refer + to the preferred synonym.

VARIABLE SUBSTITUTIONS

Many of the strings that are settable in the config file + can take substitutions. For example the option "path = + /tmp/%u" would be interpreted as "path = + /tmp/john" if the user connected with the username john.

These substitutions are mostly noted in the descriptions below, + but there are some general substitutions which apply whenever they + might be relevant. These are:

%S

the name of the current service, if any.

%P

the root directory of the current service, + if any.

%u

user name of the current service, if any.

%g

primary group name of %u.

%U

session user name (the user name that the client + wanted, not necessarily the same as the one they got).

%G

primary group name of %U.

%H

the home directory of the user given + by %u.

%v

the Samba version.

%h

the Internet hostname that Samba is running + on.

%m

the NetBIOS name of the client machine + (very useful).

%L

the NetBIOS name of the server. This allows you + to change your config based on what the client calls you. Your + server can have a "dual personality".

Note that this paramater is not available when Samba listens + on port 445, as clients no longer send this information

%M

the Internet name of the client machine. +

%N

the name of your NIS home directory server. + This is obtained from your NIS auto.map entry. If you have + not compiled Samba with the --with-automount + option then this value will be the same as %L.

%p

the path of the service's home directory, + obtained from your NIS auto.map entry. The NIS auto.map entry + is split up as "%N:%p".

%R

the selected protocol level after + protocol negotiation. It can be one of CORE, COREPLUS, + LANMAN1, LANMAN2 or NT1.

%d

The process id of the current server + process.

%a

the architecture of the remote + machine. Only some are recognized, and those may not be + 100% reliable. It currently recognizes Samba, WfWg, Win95, + WinNT and Win2k. Anything else will be known as + "UNKNOWN". If it gets it wrong then sending a level + 3 log to samba@samba.org + should allow it to be fixed.

%I

The IP address of the client machine.

%T

the current date and time.

%$(envvar)

The value of the environment variable + envar.

There are some quite creative things that can be done + with these substitutions and other smb.conf options.

NAME MANGLING

Samba supports "name mangling" so that DOS and + Windows clients can use files that don't conform to the 8.3 format. + It can also be set to adjust the case of 8.3 format filenames.

There are several options that control the way mangling is + performed, and they are grouped here rather than listed separately. + For the defaults look at the output of the testparm program.

All of these options can be set separately for each service + (or globally, of course).

The options are:

mangle case = yes/no

controls if names that have characters that + aren't of the "default" case are mangled. For example, + if this is yes then a name like "Mail" would be mangled. + Default no.

case sensitive = yes/no

controls whether filenames are case sensitive. If + they aren't then Samba must do a filename search and match on passed + names. Default no.

default case = upper/lower

controls what the default case is for new + filenames. Default lower.

preserve case = yes/no

controls if new files are created with the + case that the client passes, or if they are forced to be the + "default" case. Default yes. +

short preserve case = yes/no

controls if new files which conform to 8.3 syntax, + that is all in upper case and of suitable length, are created + upper case, or if they are forced to be the "default" + case. This option can be use with "preserve case = yes" + to permit long filenames to retain their case, while short names + are lowercased. Default yes.

By default, Samba 2.2 has the same semantics as a Windows + NT server, in that it is case insensitive but case preserving.

NOTE ABOUT USERNAME/PASSWORD VALIDATION

There are a number of ways in which a user can connect + to a service. The server uses the following steps in determining + if it will allow a connection to a specified service. If all the + steps fail, then the connection request is rejected. However, if one of the + steps succeeds, then the following steps are not checked.

If the service is marked "guest only = yes" then + steps 1 to 5 are skipped.

  1. If the client has passed a username/password + pair and that username/password pair is validated by the UNIX + system's password programs then the connection is made as that + username. Note that this includes the + \\server\service%username method of passing + a username.

  2. If the client has previously registered a username + with the system and now supplies a correct password for that + username then the connection is allowed.

  3. The client's NetBIOS name and any previously + used user names are checked against the supplied password, if + they match then the connection is allowed as the corresponding + user.

  4. If the client has previously validated a + username/password pair with the server and the client has passed + the validation token then that username is used.

  5. If a "user = " field is given in the + smb.conf file for the service and the client + has supplied a password, and that password matches (according to + the UNIX system's password checking) with one of the usernames + from the "user =" field then the connection is made as + the username in the "user =" line. If one + of the username in the "user =" list begins with a + '@' then that name expands to a list of names in + the group of the same name.

  6. If the service is a guest service then a + connection is made as the username given in the "guest + account =" for the service, irrespective of the + supplied password.

COMPLETE LIST OF GLOBAL PARAMETERS

Here is a list of all global parameters. See the section of + each parameter for details. Note that some are synonyms.

COMPLETE LIST OF SERVICE PARAMETERS

Here is a list of all service parameters. See the section on + each parameter for details. Note that some are synonyms.

EXPLANATION OF EACH PARAMETER

abort shutdown script (G)

This parameter only exists in the HEAD cvs branch + This a full path name to a script called by + smbd(8) that + should stop a shutdown procedure issued by the shutdown script.

This command will be run as user.

Default: None.

Example: abort shutdown script = /sbin/shutdown -c

add printer command (G)

With the introduction of MS-RPC based printing + support for Windows NT/2000 clients in Samba 2.2, The MS Add + Printer Wizard (APW) icon is now also available in the + "Printers..." folder displayed a share listing. The APW + allows for printers to be add remotely to a Samba or Windows + NT/2000 print server.

For a Samba host this means that the printer must be + physically added to the underlying printing system. The add + printer command defines a script to be run which + will perform the necessary operations for adding the printer + to the print system and to add the appropriate service definition + to the smb.conf file in order that it can be + shared by smbd(8) + .

The add printer command is + automatically invoked with the following parameter (in + order:

  • printer name

  • share name

  • port name

  • driver name

  • location

  • Windows 9x driver location +

All parameters are filled in from the PRINTER_INFO_2 structure sent + by the Windows NT/2000 client with one exception. The "Windows 9x + driver location" parameter is included for backwards compatibility + only. The remaining fields in the structure are generated from answers + to the APW questions.

Once the add printer command has + been executed, smbd will reparse the smb.conf to determine if the share defined by the APW + exists. If the sharename is still invalid, then smbd + will return an ACCESS_DENIED error to the client.

See also delete printer command, printing, + show add + printer wizard

Default: none

Example: addprinter command = /usr/bin/addprinter +

add share command (G)

Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + add share command is used to define an + external program or script which will add a new service definition + to smb.conf. In order to successfully + execute the add share command, smbd + requires that the administrator be connected using a root account (i.e. + uid == 0). +

When executed, smbd will automatically invoke the + add share command with four parameters. +

  • configFile - the location + of the global smb.conf file. +

  • shareName - the name of the new + share. +

  • pathName - path to an **existing** + directory on disk. +

  • comment - comment string to associate + with the new share. +

This parameter is only used for add file shares. To add printer shares, + see the add printer + command. +

See also change share + command, delete share + command. +

Default: none

Example: add share command = /usr/local/bin/addshare

add machine script (G)

This is the full pathname to a script that will + be run by smbd(8) when a machine is added + to it's domain using the administrator username and password method.

This option is only required when using sam back-ends tied to the + Unix uid method of RID calculation such as smbpasswd. This option is only + available in Samba 3.0.

Default: add machine script = <empty string> +

Example: add machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u +

add user script (G)

This is the full pathname to a script that will + be run AS ROOT by smbd(8) + under special circumstances described below.

Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows smbd to create the required UNIX users + ON DEMAND when a user accesses the Samba server.

In order to use this option, smbd + must NOT be set to security = share + and add user script + must be set to a full pathname for a script that will create a UNIX + user given one argument of %u, which expands into + the UNIX user name to create.

When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) time, smbd contacts the password server and + attempts to authenticate the given user with the given password. If the + authentication succeeds then smbd + attempts to find a UNIX user in the UNIX password database to map the + Windows user into. If this lookup fails, and add user script + is set then smbd will + call the specified script AS ROOT, expanding + any %u argument to be the user name to create.

If this script successfully creates the user then smbd + will continue on as though the UNIX user + already existed. In this way, UNIX users are dynamically created to + match existing Windows NT accounts.

See also security, password server, + delete user + script.

Default: add user script = <empty string> +

Example: add user script = /usr/local/samba/bin/add_user + %u

admin users (S)

This is a list of users who will be granted + administrative privileges on the share. This means that they + will do all file operations as the super-user (root).

You should use this option very carefully, as any user in + this list will be able to do anything they like on the share, + irrespective of file permissions.

Default: no admin users

Example: admin users = jason

allow hosts (S)

Synonym for hosts allow.

allow trusted domains (G)

This option only takes effect when the security option is set to + server or domain. + If it is set to no, then attempts to connect to a resource from + a domain or workgroup other than the one which smbd is running + in will fail, even if that domain is trusted by the remote server + doing the authentication.

This is useful if you only want your Samba server to + serve resources to users in the domain it is a member of. As + an example, suppose that there are two domains DOMA and DOMB. DOMB + is trusted by DOMA, which contains the Samba server. Under normal + circumstances, a user with an account in DOMB can then access the + resources of a UNIX account with the same account name on the + Samba server even if they do not have an account in DOMA. This + can make implementing a security boundary difficult.

Default: allow trusted domains = yes

announce as (G)

This specifies what type of server + nmbd + will announce itself as, to a network neighborhood browse + list. By default this is set to Windows NT. The valid options + are : "NT Server" (which can also be written as "NT"), + "NT Workstation", "Win95" or "WfW" meaning Windows NT Server, + Windows NT Workstation, Windows 95 and Windows for Workgroups + respectively. Do not change this parameter unless you have a + specific need to stop Samba appearing as an NT server as this + may prevent Samba servers from participating as browser servers + correctly.

Default: announce as = NT Server

Example: announce as = Win95

announce version (G)

This specifies the major and minor version numbers + that nmbd will use when announcing itself as a server. The default + is 4.2. Do not change this parameter unless you have a specific + need to set a Samba server to be a downlevel server.

Default: announce version = 4.5

Example: announce version = 2.0

auto services (G)

This is a synonym for the preload.

auth methods (G)

This option allows the administrator to chose what + authentication methods smbd will use when authenticating + a user. This option defaults to sensible values based on security. + + Each entry in the list attempts to authenticate the user in turn, until + the user authenticates. In practice only one method will ever actually + be able to complete the authentication. +

Default: auth methods = <empty string>

Example: auth methods = guest sam ntdomain

available (S)

This parameter lets you "turn off" a service. If + available = no, then ALL + attempts to connect to the service will fail. Such failures are + logged.

Default: available = yes

bind interfaces only (G)

This global parameter allows the Samba admin + to limit what interfaces on a machine will serve SMB requests. If + affects file service smbd(8) and + name service nmbd(8) in slightly + different ways.

For name service it causes nmbd to bind + to ports 137 and 138 on the interfaces listed in the interfaces parameter. nmbd + also binds to the "all addresses" interface (0.0.0.0) + on ports 137 and 138 for the purposes of reading broadcast messages. + If this option is not set then nmbd will service + name requests on all of these sockets. If bind interfaces + only is set then nmbd will check the + source address of any packets coming in on the broadcast sockets + and discard any that don't match the broadcast addresses of the + interfaces in the interfaces parameter list. + As unicast packets are received on the other sockets it allows + nmbd to refuse to serve names to machines that + send packets that arrive through any interfaces not listed in the + interfaces list. IP Source address spoofing + does defeat this simple check, however so it must not be used + seriously as a security feature for nmbd.

For file service it causes smbd(8) + to bind only to the interface list given in the interfaces parameter. This restricts the networks that + smbd will serve to packets coming in those + interfaces. Note that you should not use this parameter for machines + that are serving PPP or other intermittent or non-broadcast network + interfaces as it will not cope with non-permanent interfaces.

If bind interfaces only is set then + unless the network address 127.0.0.1 is added + to the interfaces parameter list smbpasswd(8) + and swat(8) may + not work as expected due to the reasons covered below.

To change a users SMB password, the smbpasswd + by default connects to the localhost - 127.0.0.1 + address as an SMB client to issue the password change request. If + bind interfaces only is set then unless the + network address 127.0.0.1 is added to the + interfaces parameter list then smbpasswd will fail to connect in it's default mode. + smbpasswd can be forced to use the primary IP interface + of the local host by using its -r remote machine + parameter, with remote machine set + to the IP name of the primary interface of the local host.

The swat status page tries to connect with + smbd and nmbd at the address + 127.0.0.1 to determine if they are running. + Not adding 127.0.0.1 will cause smbd and nmbd to always show + "not running" even if they really are. This can prevent swat from starting/stopping/restarting smbd + and nmbd.

Default: bind interfaces only = no

blocking locks (S)

This parameter controls the behavior of smbd(8) when given a request by a client + to obtain a byte range lock on a region of an open file, and the + request has a time limit associated with it.

If this parameter is set and the lock range requested + cannot be immediately satisfied, Samba 2.2 will internally + queue the lock request, and periodically attempt to obtain + the lock until the timeout period expires.

If this parameter is set to false, then + Samba 2.2 will behave as previous versions of Samba would and + will fail the lock request immediately if the lock range + cannot be obtained.

Default: blocking locks = yes

browsable (S)

See the browseable.

browse list (G)

This controls whether smbd(8) will serve a browse list to + a client doing a NetServerEnum call. Normally + set to true. You should never need to change + this.

Default: browse list = yes

browseable (S)

This controls whether this share is seen in + the list of available shares in a net view and in the browse list.

Default: browseable = yes

case sensitive (S)

See the discussion in the section NAME MANGLING.

Default: case sensitive = no

casesignames (S)

Synonym for case + sensitive.

change notify timeout (G)

This SMB allows a client to tell a server to + "watch" a particular directory for any changes and only reply to + the SMB request when a change has occurred. Such constant scanning of + a directory is expensive under UNIX, hence an smbd(8) daemon only performs such a scan + on each requested directory once every change notify + timeout seconds.

Default: change notify timeout = 60

Example: change notify timeout = 300

Would change the scan time to every 5 minutes.

change share command (G)

Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + change share command is used to define an + external program or script which will modify an existing service definition + in smb.conf. In order to successfully + execute the change share command, smbd + requires that the administrator be connected using a root account (i.e. + uid == 0). +

When executed, smbd will automatically invoke the + change share command with four parameters. +

  • configFile - the location + of the global smb.conf file. +

  • shareName - the name of the new + share. +

  • pathName - path to an **existing** + directory on disk. +

  • comment - comment string to associate + with the new share. +

This parameter is only used modify existing file shares definitions. To modify + printer shares, use the "Printers..." folder as seen when browsing the Samba host. +

See also add share + command, delete + share command. +

Default: none

Example: change share command = /usr/local/bin/addshare

comment (S)

This is a text field that is seen next to a share + when a client does a queries the server, either via the network + neighborhood or via net view to list what shares + are available.

If you want to set the string that is displayed next to the + machine name then see the server string parameter.

Default: No comment string

Example: comment = Fred's Files

config file (G)

This allows you to override the config file + to use, instead of the default (usually smb.conf). + There is a chicken and egg problem here as this option is set + in the config file!

For this reason, if the name of the config file has changed + when the parameters are loaded then it will reload them from + the new config file.

This option takes the usual substitutions, which can + be very useful.

If the config file doesn't exist then it won't be loaded + (allowing you to special case the config files of just a few + clients).

Example: config file = /usr/local/samba/lib/smb.conf.%m +

copy (S)

This parameter allows you to "clone" service + entries. The specified service is simply duplicated under the + current service's name. Any parameters specified in the current + section will override those in the section being copied.

This feature lets you set up a 'template' service and + create similar services easily. Note that the service being + copied must occur earlier in the configuration file than the + service doing the copying.

Default: no value

Example: copy = otherservice

create mask (S)

A synonym for this parameter is + create mode + .

When a file is created, the necessary permissions are + calculated according to the mapping from DOS modes to UNIX + permissions, and the resulting UNIX mode is then bit-wise 'AND'ed + with this parameter. This parameter may be thought of as a bit-wise + MASK for the UNIX modes of a file. Any bit not + set here will be removed from the modes set on a file when it is + created.

The default value of this parameter removes the + 'group' and 'other' write and execute bits from the UNIX modes.

Following this Samba will bit-wise 'OR' the UNIX mode created + from this parameter with the value of the force create mode + parameter which is set to 000 by default.

This parameter does not affect directory modes. See the + parameter directory mode + for details.

See also the force + create mode parameter for forcing particular mode + bits to be set on created files. See also the directory mode parameter for masking + mode bits on created directories. See also the inherit permissions parameter.

Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the security mask.

Default: create mask = 0744

Example: create mask = 0775

create mode (S)

This is a synonym for create mask.

deadtime (G)

The value of the parameter (a decimal integer) + represents the number of minutes of inactivity before a connection + is considered dead, and it is disconnected. The deadtime only takes + effect if the number of open files is zero.

This is useful to stop a server's resources being + exhausted by a large number of inactive connections.

Most clients have an auto-reconnect feature when a + connection is broken so in most cases this parameter should be + transparent to users.

Using this parameter with a timeout of a few minutes + is recommended for most systems.

A deadtime of zero indicates that no auto-disconnection + should be performed.

Default: deadtime = 0

Example: deadtime = 15

debug hires timestamp (G)

Sometimes the timestamps in the log messages + are needed with a resolution of higher that seconds, this + boolean parameter adds microsecond resolution to the timestamp + message header when turned on.

Note that the parameter debug timestamp must be on for this to have an + effect.

Default: debug hires timestamp = no

debug pid (G)

When using only one log file for more then one + forked smbd-process there may be hard to follow which process + outputs which message. This boolean parameter is adds the process-id + to the timestamp message headers in the logfile when turned on.

Note that the parameter debug timestamp must be on for this to have an + effect.

Default: debug pid = no

debug timestamp (G)

Samba 2.2 debug log messages are timestamped + by default. If you are running at a high debug level these timestamps + can be distracting. This boolean parameter allows timestamping + to be turned off.

Default: debug timestamp = yes

debug uid (G)

Samba is sometimes run as root and sometime + run as the connected user, this boolean parameter inserts the + current euid, egid, uid and gid to the timestamp message headers + in the log file if turned on.

Note that the parameter debug timestamp must be on for this to have an + effect.

Default: debug uid = no

debuglevel (G)

Synonym for log level.

default (G)

A synonym for default service.

default case (S)

See the section on NAME MANGLING. Also note the short preserve case parameter.

Default: default case = lower

default devmode (S)

This parameter is only applicable to printable services. When smbd is serving + Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba + server has a Device Mode which defines things such as paper size and + orientation and duplex settings. The device mode can only correctly be + generated by the printer driver itself (which can only be executed on a + Win32 platform). Because smbd is unable to execute the driver code + to generate the device mode, the default behavior is to set this field + to NULL. +

Most problems with serving printer drivers to Windows NT/2k/XP clients + can be traced to a problem with the generated device mode. Certain drivers + will do things such as crashing the client's Explorer.exe with a NULL devmode. + However, other printer drivers can cause the client's spooler service + (spoolsv.exe) to die if the devmode was not created by the driver itself + (i.e. smbd generates a default devmode). +

This parameter should be used with care and tested with the printer + driver in question. It is better to leave the device mode to NULL + and let the Windows client set the correct values. Because drivers do not + do this all the time, setting default devmode = yes + will instruct smbd to generate a default one. +

For more information on Windows NT/2k printing and Device Modes, + see the MSDN documentation. +

Default: default devmode = no

default service (G)

This parameter specifies the name of a service + which will be connected to if the service actually requested cannot + be found. Note that the square brackets are NOT + given in the parameter value (see example below).

There is no default value for this parameter. If this + parameter is not given, attempting to connect to a nonexistent + service results in an error.

Typically the default service would be a guest ok, read-only service.

Also note that the apparent service name will be changed + to equal that of the requested service, this is very useful as it + allows you to use macros like %S to make + a wildcard service.

Note also that any "_" characters in the name of the service + used in the default service will get mapped to a "/". This allows for + interesting things.

Example:

[global]
+	default service = pub
+        
+[pub]
+	path = /%S
+

delete printer command (G)

With the introduction of MS-RPC based printer + support for Windows NT/2000 clients in Samba 2.2, it is now + possible to delete printer at run time by issuing the + DeletePrinter() RPC call.

For a Samba host this means that the printer must be + physically deleted from underlying printing system. The deleteprinter command defines a script to be run which + will perform the necessary operations for removing the printer + from the print system and from smb.conf. +

The delete printer command is + automatically called with only one parameter: "printer name".

Once the delete printer command has + been executed, smbd will reparse the smb.conf to associated printer no longer exists. + If the sharename is still valid, then smbd + will return an ACCESS_DENIED error to the client.

See also add printer command, printing, + show add + printer wizard

Default: none

Example: deleteprinter command = /usr/bin/removeprinter +

delete readonly (S)

This parameter allows readonly files to be deleted. + This is not normal DOS semantics, but is allowed by UNIX.

This option may be useful for running applications such + as rcs, where UNIX file ownership prevents changing file + permissions, and DOS semantics prevent deletion of a read only file.

Default: delete readonly = no

delete share command (G)

Samba 2.2.0 introduced the ability to dynamically + add and delete shares via the Windows NT 4.0 Server Manager. The + delete share command is used to define an + external program or script which will remove an existing service + definition from smb.conf. In order to successfully + execute the delete share command, smbd + requires that the administrator be connected using a root account (i.e. + uid == 0). +

When executed, smbd will automatically invoke the + delete share command with two parameters. +

  • configFile - the location + of the global smb.conf file. +

  • shareName - the name of + the existing service. +

This parameter is only used to remove file shares. To delete printer shares, + see the delete printer + command. +

See also add share + command, change + share command. +

Default: none

Example: delete share command = /usr/local/bin/delshare

delete user script (G)

This is the full pathname to a script that will + be run AS ROOT by smbd(8) under special circumstances + described below.

Normally, a Samba server requires that UNIX users are + created for all users accessing files on this server. For sites + that use Windows NT account databases as their primary user database + creating these users and keeping the user list in sync with the + Windows NT PDC is an onerous task. This option allows smbd to delete the required UNIX users ON + DEMAND when a user accesses the Samba server and the + Windows NT user no longer exists.

In order to use this option, smbd must be + set to security = domain or security = + user and delete user script + must be set to a full pathname for a script + that will delete a UNIX user given one argument of %u, + which expands into the UNIX user name to delete.

When the Windows user attempts to access the Samba server, + at login (session setup in the SMB protocol) + time, smbd contacts the password server and attempts to authenticate + the given user with the given password. If the authentication fails + with the specific Domain error code meaning that the user no longer + exists then smbd attempts to find a UNIX user in + the UNIX password database that matches the Windows user account. If + this lookup succeeds, and delete user script is + set then smbd will all the specified script + AS ROOT, expanding any %u + argument to be the user name to delete.

This script should delete the given UNIX username. In this way, + UNIX users are dynamically deleted to match existing Windows NT + accounts.

See also security = domain, + password server + , add user script + .

Default: delete user script = <empty string> +

Example: delete user script = /usr/local/samba/bin/del_user + %u

delete veto files (S)

This option is used when Samba is attempting to + delete a directory that contains one or more vetoed directories + (see the veto files + option). If this option is set to false (the default) then if a vetoed + directory contains any non-vetoed files or directories then the + directory delete will fail. This is usually what you want.

If this option is set to true, then Samba + will attempt to recursively delete any files and directories within + the vetoed directory. This can be useful for integration with file + serving systems such as NetAtalk which create meta-files within + directories you might normally veto DOS/Windows users from seeing + (e.g. .AppleDouble)

Setting delete veto files = yes allows these + directories to be transparently deleted when the parent directory + is deleted (so long as the user has permissions to do so).

See also the veto + files parameter.

Default: delete veto files = no

deny hosts (S)

Synonym for hosts + deny.

dfree command (G)

The dfree command setting should + only be used on systems where a problem occurs with the internal + disk space calculations. This has been known to happen with Ultrix, + but may occur with other operating systems. The symptom that was + seen was an error of "Abort Retry Ignore" at the end of each + directory listing.

This setting allows the replacement of the internal routines to + calculate the total disk space and amount available with an external + routine. The example below gives a possible script that might fulfill + this function.

The external program will be passed a single parameter indicating + a directory in the filesystem being queried. This will typically consist + of the string ./. The script should return two + integers in ASCII. The first should be the total disk space in blocks, + and the second should be the number of available blocks. An optional + third return value can give the block size in bytes. The default + blocksize is 1024 bytes.

Note: Your script should NOT be setuid or + setgid and should be owned by (and writeable only by) root!

Default: By default internal routines for + determining the disk capacity and remaining space will be used. +

Example: dfree command = /usr/local/samba/bin/dfree +

Where the script dfree (which must be made executable) could be:

 
+		#!/bin/sh
+		df $1 | tail -1 | awk '{print $2" "$4}'
+

or perhaps (on Sys V based systems):

 
+		#!/bin/sh
+		/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+

Note that you may have to replace the command names + with full path names on some systems.

directory (S)

Synonym for path + .

directory mask (S)

This parameter is the octal modes which are + used when converting DOS modes to UNIX modes when creating UNIX + directories.

When a directory is created, the necessary permissions are + calculated according to the mapping from DOS modes to UNIX permissions, + and the resulting UNIX mode is then bit-wise 'AND'ed with this + parameter. This parameter may be thought of as a bit-wise MASK for + the UNIX modes of a directory. Any bit not set + here will be removed from the modes set on a directory when it is + created.

The default value of this parameter removes the 'group' + and 'other' write bits from the UNIX mode, allowing only the + user who owns the directory to modify it.

Following this Samba will bit-wise 'OR' the UNIX mode + created from this parameter with the value of the force directory mode + parameter. This parameter is set to 000 by + default (i.e. no extra mode bits are added).

Note that this parameter does not apply to permissions + set by Windows NT/2000 ACL editors. If the administrator wishes to enforce + a mask on access control lists also, they need to set the directory security mask.

See the force + directory mode parameter to cause particular mode + bits to always be set on created directories.

See also the create mode + parameter for masking mode bits on created files, + and the directory + security mask parameter.

Also refer to the inherit permissions parameter.

Default: directory mask = 0755

Example: directory mask = 0775

directory mode (S)

Synonym for directory mask

directory security mask (S)

This parameter controls what UNIX permission bits + can be modified when a Windows NT client is manipulating the UNIX + permission on a directory using the native NT security dialog + box.

This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change.

If not set explicitly this parameter is set to 0777 + meaning a user is allowed to modify all the user/group/world + permissions on a directory.

Note that users who can access the + Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + it as the default of 0777.

See also the force directory security mode, security mask, + force security mode + parameters.

Default: directory security mask = 0777

Example: directory security mask = 0700

disable spoolss (G)

Enabling this parameter will disables Samba's support + for the SPOOLSS set of MS-RPC's and will yield identical behavior + as Samba 2.0.x. Windows NT/2000 clients will downgrade to using + Lanman style printing commands. Windows 9x/ME will be uneffected by + the parameter. However, this will also disable the ability to upload + printer drivers to a Samba server via the Windows NT Add Printer + Wizard or by using the NT printer properties dialog window. It will + also disable the capability of Windows NT/2000 clients to download + print drivers from the Samba host upon demand. + Be very careful about enabling this parameter. +

See also use client driver +

Default : disable spoolss = no

dns proxy (G)

Specifies that nmbd(8) + when acting as a WINS server and finding that a NetBIOS name has not + been registered, should treat the NetBIOS name word-for-word as a DNS + name and do a lookup with the DNS server for that name on behalf of + the name-querying client.

Note that the maximum length for a NetBIOS name is 15 + characters, so the DNS name (or DNS alias) can likewise only be + 15 characters, maximum.

nmbd spawns a second copy of itself to do the + DNS name lookup requests, as doing a name lookup is a blocking + action.

See also the parameter wins support.

Default: dns proxy = yes

domain admin group (G)

This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Admins" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + smb.conf notation. +

See also domain + guest group, domain + logons +

Default: no domain administrators

Example: domain admin group = root @wheel

domain guest group (G)

This parameter is intended as a temporary solution + to enable users to be a member of the "Domain Guests" group when + a Samba host is acting as a PDC. A complete solution will be provided + by a system for mapping Windows NT/2000 groups onto UNIX groups. + Please note that this parameter has a somewhat confusing name. It + accepts a list of usernames and of group names in standard + smb.conf notation. +

See also domain + admin group, domain + logons +

Default: no domain guests

Example: domain guest group = nobody @guest

domain logons (G)

If set to true, the Samba server will serve + Windows 95/98 Domain logons for the workgroup it is in. Samba 2.2 also + has limited capability to act as a domain controller for Windows + NT 4 Domains. For more details on setting up this feature see + the Samba-PDC-HOWTO included in the htmldocs/ + directory shipped with the source code.

Default: domain logons = no

domain master (G)

Tell nmbd(8) to enable WAN-wide browse list + collation. Setting this option causes nmbd to + claim a special domain specific NetBIOS name that identifies + it as a domain master browser for its given workgroup. Local master browsers + in the same workgroup on broadcast-isolated + subnets will give this nmbd their local browse lists, + and then ask smbd(8) + for a complete copy of the browse list for the whole wide area + network. Browser clients will then contact their local master browser, + and will receive the domain-wide browse list, instead of just the list + for their broadcast-isolated subnet.

Note that Windows NT Primary Domain Controllers expect to be + able to claim this workgroup specific special + NetBIOS name that identifies them as domain master browsers for + that workgroup by default (i.e. there is no + way to prevent a Windows NT PDC from attempting to do this). This + means that if this parameter is set and nmbd claims + the special name for a workgroup before a Windows + NT PDC is able to do so then cross subnet browsing will behave + strangely and may fail.

If domain logons = yes + , then the default behavior is to enable the domain + master parameter. If domain logons is + not enabled (the default setting), then neither will domain + master be enabled by default.

Default: domain master = auto

dont descend (S)

There are certain directories on some systems + (e.g., the /proc tree under Linux) that are either not + of interest to clients or are infinitely deep (recursive). This + parameter allows you to specify a comma-delimited list of directories + that the server should always show as empty.

Note that Samba can be very fussy about the exact format + of the "dont descend" entries. For example you may need ./proc instead of just /proc. + Experimentation is the best policy :-)

Default: none (i.e., all directories are OK + to descend)

Example: dont descend = /proc,/dev

dos filemode (S)

The default behavior in Samba is to provide + UNIX-like behavior where only the owner of a file/directory is + able to change the permissions on it. However, this behavior + is often confusing to DOS/Windows users. Enabling this parameter + allows a user who has write access to the file (by whatever + means) to modify the permissions on it. Note that a user + belonging to the group owning the file will not be allowed to + change permissions if the group is only granted read access. + Ownership of the file/directory is not changed, only the permissions + are modified.

Default: dos filemode = no

dos filetime resolution (S)

Under the DOS and Windows FAT filesystem, the finest + granularity on time resolution is two seconds. Setting this parameter + for a share causes Samba to round the reported time down to the + nearest two second boundary when a query call that requires one second + resolution is made to smbd(8) + .

This option is mainly used as a compatibility option for Visual + C++ when used against Samba shares. If oplocks are enabled on a + share, Visual C++ uses two different time reading calls to check if a + file has changed since it was last read. One of these calls uses a + one-second granularity, the other uses a two second granularity. As + the two second call rounds any odd second down, then if the file has a + timestamp of an odd number of seconds then the two timestamps will not + match and Visual C++ will keep reporting the file has changed. Setting + this option causes the two timestamps to match, and Visual C++ is + happy.

Default: dos filetime resolution = no

dos filetimes (S)

Under DOS and Windows, if a user can write to a + file they can change the timestamp on it. Under POSIX semantics, + only the owner of the file or root may change the timestamp. By + default, Samba runs with POSIX semantics and refuses to change the + timestamp on a file if the user smbd is acting + on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbd will change the file + timestamp as DOS requires.

Default: dos filetimes = no

encrypt passwords (G)

This boolean controls whether encrypted passwords + will be negotiated with the client. Note that Windows NT 4.0 SP3 and + above and also Windows 98 will by default expect encrypted passwords + unless a registry entry is changed. To use encrypted passwords in + Samba see the file ENCRYPTION.txt in the Samba documentation + directory docs/ shipped with the source code.

In order for encrypted passwords to work correctly + smbd(8) must either + have access to a local smbpasswd(5) + file (see the smbpasswd(8) program for information on how to set up + and maintain this file), or set the security = [server|domain|ads] parameter which + causes smbd to authenticate against another + server.

Default: encrypt passwords = yes

enhanced browsing (G)

This option enables a couple of enhancements to + cross-subnet browse propagation that have been added in Samba + but which are not standard in Microsoft implementations. +

The first enhancement to browse propagation consists of a regular + wildcard query to a Samba WINS server for all Domain Master Browsers, + followed by a browse synchronization with each of the returned + DMBs. The second enhancement consists of a regular randomised browse + synchronization with all currently known DMBs.

You may wish to disable this option if you have a problem with empty + workgroups not disappearing from browse lists. Due to the restrictions + of the browse protocols these enhancements can cause a empty workgroup + to stay around forever which can be annoying.

In general you should leave this option enabled as it makes + cross-subnet browse propagation much more reliable.

Default: enhanced browsing = yes

enumports command (G)

The concept of a "port" is fairly foreign + to UNIX hosts. Under Windows NT/2000 print servers, a port + is associated with a port monitor and generally takes the form of + a local port (i.e. LPT1:, COM1:, FILE:) or a remote port + (i.e. LPD Port Monitor, etc...). By default, Samba has only one + port defined--"Samba Printer Port". Under + Windows NT/2000, all printers must have a valid port name. + If you wish to have a list of ports displayed (smbd + does not use a port name for anything) other than + the default "Samba Printer Port", you + can define enumports command to point to + a program which should generate a list of ports, one per line, + to standard output. This listing will then be used in response + to the level 1 and 2 EnumPorts() RPC.

Default: no enumports command

Example: enumports command = /usr/bin/listports +

exec (S)

This is a synonym for preexec.

fake directory create times (S)

NTFS and Windows VFAT file systems keep a create + time for all files and directories. This is not the same as the + ctime - status change time - that Unix keeps, so Samba by default + reports the earliest of the various times Unix does keep. Setting + this parameter for a share causes Samba to always report midnight + 1-1-1980 as the create time for directories.

This option is mainly used as a compatibility option for + Visual C++ when used against Samba shares. Visual C++ generated + makefiles have the object directory as a dependency for each object + file, and a make rule to create the directory. Also, when NMAKE + compares timestamps it uses the creation time when examining a + directory. Thus the object directory will be created if it does not + exist, but once it does exist it will always have an earlier + timestamp than the object files it contains.

However, Unix time semantics mean that the create time + reported by Samba will be updated whenever a file is created or + or deleted in the directory. NMAKE finds all object files in + the object directory. The timestamp of the last one built is then + compared to the timestamp of the object directory. If the + directory's timestamp if newer, then all object files + will be rebuilt. Enabling this option + ensures directories always predate their contents and an NMAKE build + will proceed as expected.

Default: fake directory create times = no

fake oplocks (S)

Oplocks are the way that SMB clients get permission + from a server to locally cache file operations. If a server grants + an oplock (opportunistic lock) then the client is free to assume + that it is the only one accessing the file and it will aggressively + cache file data. With some oplock types the client may even cache + file open/close operations. This can give enormous performance benefits. +

When you set fake oplocks = yes, smbd(8) will + always grant oplock requests no matter how many clients are using + the file.

It is generally much better to use the real oplocks support rather + than this parameter.

If you enable this option on all read-only shares or + shares that you know will only be accessed from one client at a + time such as physically read-only media like CDROMs, you will see + a big performance improvement on many operations. If you enable + this option on shares where multiple clients may be accessing the + files read-write at the same time you can get data corruption. Use + this option carefully!

Default: fake oplocks = no

follow symlinks (S)

This parameter allows the Samba administrator + to stop smbd(8) + from following symbolic links in a particular share. Setting this + parameter to no prevents any file or directory + that is a symbolic link from being followed (the user will get an + error). This option is very useful to stop users from adding a + symbolic link to /etc/passwd in their home + directory for instance. However it will slow filename lookups + down slightly.

This option is enabled (i.e. smbd will + follow symbolic links) by default.

Default: follow symlinks = yes

force create mode (S)

This parameter specifies a set of UNIX mode bit + permissions that will always be set on a + file created by Samba. This is done by bitwise 'OR'ing these bits onto + the mode bits of a file that is being created or having its + permissions changed. The default for this parameter is (in octal) + 000. The modes in this parameter are bitwise 'OR'ed onto the file + mode after the mask set in the create mask + parameter is applied.

See also the parameter create + mask for details on masking mode bits on files.

See also the inherit + permissions parameter.

Default: force create mode = 000

Example: force create mode = 0755

would force all created files to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'.

force directory mode (S)

This parameter specifies a set of UNIX mode bit + permissions that will always be set on a directory + created by Samba. This is done by bitwise 'OR'ing these bits onto the + mode bits of a directory that is being created. The default for this + parameter is (in octal) 0000 which will not add any extra permission + bits to a created directory. This operation is done after the mode + mask in the parameter directory mask is + applied.

See also the parameter directory mask for details on masking mode bits + on created directories.

See also the inherit permissions parameter.

Default: force directory mode = 000

Example: force directory mode = 0755

would force all created directories to have read and execute + permissions set for 'group' and 'other' as well as the + read/write/execute bits set for the 'user'.

force directory + security mode (S)

This parameter controls what UNIX permission bits + can be modified when a Windows NT client is manipulating the UNIX + permission on a directory using the native NT security dialog box.

This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a directory, the user has always set to be 'on'.

If not set explicitly this parameter is 000, which + allows a user to modify all the user/group/world permissions on a + directory without restrictions.

Note that users who can access the + Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + it set as 0000.

See also the directory security mask, security mask, + force security mode + parameters.

Default: force directory security mode = 0

Example: force directory security mode = 700

force group (S)

This specifies a UNIX group name that will be + assigned as the default primary group for all users connecting + to this service. This is useful for sharing files by ensuring + that all access to files on service will use the named group for + their permissions checking. Thus, by assigning permissions for this + group to the files and directories within this service the Samba + administrator can restrict or allow sharing of these files.

In Samba 2.0.5 and above this parameter has extended + functionality in the following way. If the group name listed here + has a '+' character prepended to it then the current user accessing + the share only has the primary group default assigned to this group + if they are already assigned as a member of that group. This allows + an administrator to decide that only users who are already in a + particular group will create files with group ownership set to that + group. This gives a finer granularity of ownership assignment. For + example, the setting force group = +sys means + that only users who are already in group sys will have their default + primary group assigned to sys when accessing this Samba share. All + other users will retain their ordinary primary group.

If the force user + parameter is also set the group specified in + force group will override the primary group + set in force user.

See also force + user.

Default: no forced group

Example: force group = agroup

force security mode (S)

This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security dialog + box.

This parameter is applied as a mask (OR'ed with) to the + changed permission bits, thus forcing any bits in this mask that + the user may have modified to be on. Essentially, one bits in this + mask may be treated as a set of bits that, when modifying security + on a file, the user has always set to be 'on'.

If not set explicitly this parameter is set to 0, + and allows a user to modify all the user/group/world permissions on a file, + with no restrictions.

Note that users who can access + the Samba server through other means can easily bypass this restriction, + so it is primarily useful for standalone "appliance" systems. + Administrators of most normal systems will probably want to leave + this set to 0000.

See also the force directory security mode, + directory security + mask, security mask parameters.

Default: force security mode = 0

Example: force security mode = 700

force user (S)

This specifies a UNIX user name that will be + assigned as the default user for all users connecting to this service. + This is useful for sharing files. You should also use it carefully + as using it incorrectly can cause security problems.

This user name only gets used once a connection is established. + Thus clients still need to connect as a valid user and supply a + valid password. Once connected, all file operations will be performed + as the "forced user", no matter what username the client connected + as. This can be very useful.

In Samba 2.0.5 and above this parameter also causes the + primary group of the forced user to be used as the primary group + for all file activity. Prior to 2.0.5 the primary group was left + as the primary group of the connecting user (this was a bug).

See also force group +

Default: no forced user

Example: force user = auser

fstype (S)

This parameter allows the administrator to + configure the string that specifies the type of filesystem a share + is using that is reported by smbd(8) + when a client queries the filesystem type + for a share. The default type is NTFS for + compatibility with Windows NT but this can be changed to other + strings such as Samba or FAT + if required.

Default: fstype = NTFS

Example: fstype = Samba

getwd cache (G)

This is a tuning option. When this is enabled a + caching algorithm will be used to reduce the time taken for getwd() + calls. This can have a significant impact on performance, especially + when the wide links + parameter is set to false.

Default: getwd cache = yes

group (S)

Synonym for force + group.

guest account (S)

This is a username which will be used for access + to services which are specified as guest ok (see below). Whatever privileges this + user has will be available to any client connecting to the guest service. + Typically this user will exist in the password file, but will not + have a valid login. The user account "ftp" is often a good choice + for this parameter. If a username is specified in a given service, + the specified username overrides this one.

One some systems the default guest account "nobody" may not + be able to print. Use another account in this case. You should test + this by trying to log in as your guest user (perhaps by using the + su - command) and trying to print using the + system print command such as lpr(1) or lp(1).

Default: specified at compile time, usually + "nobody"

Example: guest account = ftp

guest ok (S)

If this parameter is yes for + a service, then no password is required to connect to the service. + Privileges will be those of the guest account.

See the section below on security for more information about this option. +

Default: guest ok = no

guest only (S)

If this parameter is yes for + a service, then only guest connections to the service are permitted. + This parameter will have no effect if guest ok is not set for the service.

See the section below on security for more information about this option. +

Default: guest only = no

hide dot files (S)

This is a boolean parameter that controls whether + files starting with a dot appear as hidden files.

Default: hide dot files = yes

hide files(S)

This is a list of files or directories that are not + visible but are accessible. The DOS 'hidden' attribute is applied + to any files or directories that match.

Each entry in the list must be separated by a '/', + which allows spaces to be included in the entry. '*' + and '?' can be used to specify multiple files or directories + as in DOS wildcards.

Each entry must be a Unix path, not a DOS path and must + not include the Unix directory separator '/'.

Note that the case sensitivity option is applicable + in hiding files.

Setting this parameter will affect the performance of Samba, + as it will be forced to check all files and directories for a match + as they are scanned.

See also hide + dot files, veto files and case sensitive.

Default: no file are hidden

Example: hide files = + /.*/DesktopFolderDB/TrashFor%m/resource.frk/

The above example is based on files that the Macintosh + SMB client (DAVE) available from + Thursby creates for internal use, and also still hides + all files beginning with a dot.

hide local users(G)

This parameter toggles the hiding of local UNIX + users (root, wheel, floppy, etc) from remote clients.

Default: hide local users = no

hide unreadable (S)

This parameter prevents clients from seeing the + existance of files that cannot be read. Defaults to off.

Default: hide unreadable = no

homedir map (G)

Ifnis homedir + is true, and smbd(8) is also acting + as a Win95/98 logon server then this parameter + specifies the NIS (or YP) map from which the server for the user's + home directory should be extracted. At present, only the Sun + auto.home map format is understood. The form of the map is:

username server:/some/file/system

and the program will extract the servername from before + the first ':'. There should probably be a better parsing system + that copes with different map formats and also Amd (another + automounter) maps.

NOTE :A working NIS client is required on + the system for this option to work.

See also nis homedir + , domain logons + .

Default: homedir map = <empty string>

Example: homedir map = amd.homedir

host msdfs (G)

This boolean parameter is only available + if Samba has been configured and compiled with the --with-msdfs option. If set to yes, + Samba will act as a Dfs server, and allow Dfs-aware clients + to browse Dfs trees hosted on the server.

See also the msdfs root share level parameter. For + more information on setting up a Dfs tree on Samba, + refer to msdfs_setup.html. +

Default: host msdfs = no

hosts allow (S)

A synonym for this parameter is allow + hosts.

This parameter is a comma, space, or tab delimited + set of hosts which are permitted to access a service.

If specified in the [global] section then it will + apply to all services, regardless of whether the individual + service has a different setting.

You can specify the hosts by name or IP number. For + example, you could restrict access to only the hosts on a + Class C subnet with something like allow hosts = 150.203.5. + . The full syntax of the list is described in the man + page hosts_access(5). Note that this man + page may not be present on your system, so a brief description will + be given here also.

Note that the localhost address 127.0.0.1 will always + be allowed access unless specifically denied by a hosts deny option.

You can also specify hosts by network/netmask pairs and + by netgroup names if your system supports netgroups. The + EXCEPT keyword can also be used to limit a + wildcard list. The following examples may provide some help:

Example 1: allow all IPs in 150.203.*.*; except one

hosts allow = 150.203. EXCEPT 150.203.6.66

Example 2: allow hosts that match the given network/netmask

hosts allow = 150.203.15.0/255.255.255.0

Example 3: allow a couple of hosts

hosts allow = lapland, arvidsjaur

Example 4: allow only hosts in NIS netgroup "foonet", but + deny access from one particular host

hosts allow = @foonet

hosts deny = pirate

Note that access still requires suitable user-level passwords.

See testparm(1) + for a way of testing your host access to see if it does + what you expect.

Default: none (i.e., all hosts permitted access) +

Example: allow hosts = 150.203.5. myhost.mynet.edu.au +

hosts deny (S)

The opposite of hosts allow + - hosts listed here are NOT permitted access to + services unless the specific services have their own lists to override + this one. Where the lists conflict, the allow + list takes precedence.

Default: none (i.e., no hosts specifically excluded) +

Example: hosts deny = 150.203.4. badhost.mynet.edu.au +

hosts equiv (G)

If this global parameter is a non-null string, + it specifies the name of a file to read for the names of hosts + and users who will be allowed access without specifying a password. +

This is not be confused with hosts allow which is about hosts + access to services and is more useful for guest services. hosts equiv may be useful for NT clients which will + not supply passwords to Samba.

NOTE : The use of hosts equiv + can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the + hosts equiv option be only used if you really + know what you are doing, or perhaps on a home network where you trust + your spouse and kids. And only if you really trust + them :-).

Default: no host equivalences

Example: hosts equiv = /etc/hosts.equiv

include (G)

This allows you to include one config file + inside another. The file is included literally, as though typed + in place.

It takes the standard substitutions, except %u + , %P and %S. +

Default: no file included

Example: include = /usr/local/samba/lib/admin_smb.conf +

inherit permissions (S)

The permissions on new files and directories + are normally governed by create mask, directory mask, force create mode + and force + directory mode but the boolean inherit + permissions parameter overrides this.

New directories inherit the mode of the parent directory, + including bits such as setgid.

New files inherit their read/write bits from the parent + directory. Their execute bits continue to be determined by + map archive + , map hidden + and map system + as usual.

Note that the setuid bit is never set via + inheritance (the code explicitly prohibits this).

This can be particularly useful on large systems with + many users, perhaps several thousand, to allow a single [homes] + share to be used flexibly by each user.

See also create mask + , directory mask, force create mode and force directory mode + .

Default: inherit permissions = no

interfaces (G)

This option allows you to override the default + network interfaces list that Samba will use for browsing, name + registration and other NBT traffic. By default Samba will query + the kernel for the list of all active interfaces and use any + interfaces except 127.0.0.1 that are broadcast capable.

The option takes a list of interface strings. Each string + can be in any of the following forms:

  • a network interface name (such as eth0). + This may include shell-like wildcards so eth* will match + any interface starting with the substring "eth"

  • an IP address. In this case the netmask is + determined from the list of interfaces obtained from the + kernel

  • an IP/mask pair.

  • a broadcast/mask pair.

The "mask" parameters can either be a bit length (such + as 24 for a C class network) or a full netmask in dotted + decimal form.

The "IP" parameters above can either be a full dotted + decimal IP address or a hostname which will be looked up via + the OS's normal hostname resolution mechanisms.

For example, the following line:

interfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 +

would configure three network interfaces corresponding + to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. + The netmasks of the latter two interfaces would be set to 255.255.255.0.

See also bind + interfaces only.

Default: all active interfaces except 127.0.0.1 + that are broadcast capable

invalid users (S)

This is a list of users that should not be allowed + to login to this service. This is really a paranoid + check to absolutely ensure an improper setting does not breach + your security.

A name starting with a '@' is interpreted as an NIS + netgroup first (if your system supports NIS), and then as a UNIX + group if the name was not found in the NIS netgroup database.

A name starting with '+' is interpreted only + by looking in the UNIX group database. A name starting with + '&' is interpreted only by looking in the NIS netgroup database + (this requires NIS to be working on your system). The characters + '+' and '&' may be used at the start of the name in either order + so the value +&group means check the + UNIX group database, followed by the NIS netgroup database, and + the value &+group means check the NIS + netgroup database, followed by the UNIX group database (the + same as the '@' prefix).

The current servicename is substituted for %S. + This is useful in the [homes] section.

See also valid users + .

Default: no invalid users

Example: invalid users = root fred admin @wheel +

keepalive (G)

The value of the parameter (an integer) represents + the number of seconds between keepalive + packets. If this parameter is zero, no keepalive packets will be + sent. Keepalive packets, if sent, allow the server to tell whether + a client is still present and responding.

Keepalives should, in general, not be needed if the socket + being used has the SO_KEEPALIVE attribute set on it (see socket options). + Basically you should only use this option if you strike difficulties.

Default: keepalive = 300

Example: keepalive = 600

kernel oplocks (G)

For UNIXes that support kernel based oplocks + (currently only IRIX and the Linux 2.4 kernel), this parameter + allows the use of them to be turned on or off.

Kernel oplocks support allows Samba oplocks + to be broken whenever a local UNIX process or NFS operation + accesses a file that smbd(8) + has oplocked. This allows complete data consistency between + SMB/CIFS, NFS and local file access (and is a very + cool feature :-).

This parameter defaults to on, but is translated + to a no-op on systems that no not have the necessary kernel support. + You should never need to touch this parameter.

See also the oplocks + and level2 oplocks + parameters.

Default: kernel oplocks = yes

lanman auth (G)

This parameter determines whether or not smbd will + attempt to authenticate users using the LANMAN password hash. + If disabled, only clients which support NT password hashes (e.g. Windows + NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS + network client) will be able to connect to the Samba host.

Default : lanman auth = yes

large readwrite (G)

This parameter determines whether or not smbd + supports the new 64k streaming read and write varient SMB requests introduced + with Windows 2000. Note that due to Windows 2000 client redirector bugs + this requires Samba to be running on a 64-bit capable operating system such + as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with + Windows 2000 clients. Defaults to on. Not as tested as some other Samba + code paths. +

Default : large readwrite = yes

ldap admin dn (G)

This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. +

The ldap admin dn defines the Distinguished + Name (DN) name used by Samba to contact the ldap + server when retreiving user account information. The ldap + admin dn is used in conjunction with the admin dn password + stored in the private/secrets.tdb file. See the + smbpasswd(8) man + page for more information on how to accmplish this. +

Default : none

ldap filter (G)

This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. +

This parameter specifies the RFC 2254 compliant LDAP search filter. + The default is to match the login name with the uid + attribute for all entries matching the sambaAccount + objectclass. Note that this filter should only return one entry. +

Default : ldap filter = (&(uid=%u)(objectclass=sambaAccount))

ldap port (G)

This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. +

This option is used to control the tcp port number used to contact + the ldap server. + The default is to use the stand LDAPS port 636. +

See Also: ldap ssl +

Default : ldap port = 636

ldap server (G)

This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. +

This parameter should contains the FQDN of the ldap directory + server which should be queried to locate user account information. +

Default : ldap server = localhost

ldap ssl (G)

This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. +

This option is used to define whether or not Samba should + use SSL when connecting to the ldap + server. This is NOT related to + Samba SSL support which is enabled by specifying the + --with-ssl option to the configure + script (see ssl). +

The ldap ssl can be set to one of three values: + (a) on - Always use SSL when contacting the + ldap server, (b) off - + Never use SSL when querying the directory, or (c) start_tls + - Use the LDAPv3 StartTLS extended operation + (RFC2830) for communicating with the directory server. +

Default : ldap ssl = on

ldap suffix (G)

This parameter is only available if Samba has been + configure to include the --with-ldapsam option + at compile time. This option should be considered experimental and + under active development. +

Default : none

level2 oplocks (S)

This parameter controls whether Samba supports + level2 (read-only) oplocks on a share.

Level2, or read-only oplocks allow Windows NT clients + that have an oplock on a file to downgrade from a read-write oplock + to a read-only oplock once a second client opens the file (instead + of releasing all oplocks on a second open, as in traditional, + exclusive oplocks). This allows all openers of the file that + support level2 oplocks to cache the file for read-ahead only (ie. + they may not cache writes or lock requests) and increases performance + for many accesses of files that are not commonly written (such as + application .EXE files).

Once one of the clients which have a read-only oplock + writes to the file all clients are notified (no reply is needed + or waited for) and told to break their oplocks to "none" and + delete any read-ahead caches.

It is recommended that this parameter be turned on + to speed access to shared executables.

For more discussions on level2 oplocks see the CIFS spec.

Currently, if kernel + oplocks are supported then level2 oplocks are + not granted (even if this parameter is set to yes). + Note also, the oplocks + parameter must be set to true on this share in order for + this parameter to have any effect.

See also the oplocks + and kernel oplocks + parameters.

Default: level2 oplocks = yes

lm announce (G)

This parameter determines if nmbd(8) will produce Lanman announce + broadcasts that are needed by OS/2 clients in order for them to see + the Samba server in their browse list. This parameter can have three + values, true, false, or + auto. The default is auto. + If set to false Samba will never produce these + broadcasts. If set to true Samba will produce + Lanman announce broadcasts at a frequency set by the parameter + lm interval. If set to auto + Samba will not send Lanman announce broadcasts by default but will + listen for them. If it hears such a broadcast on the wire it will + then start sending them at a frequency set by the parameter + lm interval.

See also lm interval + .

Default: lm announce = auto

Example: lm announce = yes

lm interval (G)

If Samba is set to produce Lanman announce + broadcasts needed by OS/2 clients (see the lm announce parameter) then this + parameter defines the frequency in seconds with which they will be + made. If this is set to zero then no Lanman announcements will be + made despite the setting of the lm announce + parameter.

See also lm + announce.

Default: lm interval = 60

Example: lm interval = 120

load printers (G)

A boolean variable that controls whether all + printers in the printcap will be loaded for browsing by default. + See the printers section for + more details.

Default: load printers = yes

local master (G)

This option allows nmbd(8) to try and become a local master browser + on a subnet. If set to false then nmbd will not attempt to become a local master browser + on a subnet and will also lose in all browsing elections. By + default this value is set to true. Setting this value to true doesn't + mean that Samba will become the local master + browser on a subnet, just that nmbd will participate in elections for local master browser.

Setting this value to false will cause nmbd + never to become a local master browser.

Default: local master = yes

lock dir (G)

Synonym for lock directory.

lock directory (G)

This option specifies the directory where lock + files will be placed. The lock files are used to implement the + max connections + option.

Default: lock directory = ${prefix}/var/locks

Example: lock directory = /var/run/samba/locks +

locking (S)

This controls whether or not locking will be + performed by the server in response to lock requests from the + client.

If locking = no, all lock and unlock + requests will appear to succeed and all lock queries will report + that the file in question is available for locking.

If locking = yes, real locking will be performed + by the server.

This option may be useful for read-only + filesystems which may not need locking (such as + CDROM drives), although setting this parameter of no + is not really recommended even in this case.

Be careful about disabling locking either globally or in a + specific service, as lack of locking may result in data corruption. + You should never need to set this parameter.

Default: locking = yes

log file (G)

This option allows you to override the name + of the Samba log file (also known as the debug file).

This option takes the standard substitutions, allowing + you to have separate log files for each user or machine.

Example: log file = /usr/local/samba/var/log.%m +

log level (G)

The value of the parameter (an integer) allows + the debug level (logging level) to be specified in the + smb.conf file. This is to give greater + flexibility in the configuration of the system.

The default will be the log level specified on + the command line or level zero if none was specified.

Example: log level = 3

logon drive (G)

This parameter specifies the local path to + which the home directory will be connected (see logon home) + and is only used by NT Workstations.

Note that this option is only useful if Samba is set up as a + logon server.

Default: logon drive = z:

Example: logon drive = h:

logon home (G)

This parameter specifies the home directory + location when a Win95/98 or NT Workstation logs into a Samba PDC. + It allows you to do

C:\> NET USE H: /HOME +

from a command prompt, for example.

This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.

This parameter can be used with Win9X workstations to ensure + that roaming profiles are stored in a subdirectory of the user's + home directory. This is done in the following way:

logon home = \\%N\%U\profile

This tells Samba to return the above string, with + substitutions made when a client requests the info, generally + in a NetUserGetInfo request. Win9X clients truncate the info to + \\server\share when a user does net use /home + but use the whole string when dealing with profiles.

Note that in prior versions of Samba, the logon path was returned rather than + logon home. This broke net use + /home but allowed profiles outside the home directory. + The current implementation is correct, and can be used for + profiles if you use the above trick.

This option is only useful if Samba is set up as a logon + server.

Default: logon home = "\\%N\%U"

Example: logon home = "\\remote_smb_server\%U" +

logon path (G)

This parameter specifies the home directory + where roaming profiles (NTuser.dat etc files for Windows NT) are + stored. Contrary to previous versions of these manual pages, it has + nothing to do with Win 9X roaming profiles. To find out how to + handle roaming profiles for Win 9X system, see the logon home parameter.

This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine. It also + specifies the directory from which the "Application Data", + (desktop, start menu, + network neighborhood, programs + and other folders, and their contents, are loaded and displayed on + your Windows NT client.

The share and the path must be readable by the user for + the preferences and directories to be loaded onto the Windows NT + client. The share must be writeable when the user logs in for the first + time, in order that the Windows NT client can create the NTuser.dat + and other directories.

Thereafter, the directories and any of the contents can, + if required, be made read-only. It is not advisable that the + NTuser.dat file be made read-only - rename it to NTuser.man to + achieve the desired effect (a MANdatory + profile).

Windows clients can sometimes maintain a connection to + the [homes] share, even though there is no user logged in. + Therefore, it is vital that the logon path does not include a + reference to the homes share (i.e. setting this parameter to + \%N\%U\profile_path will cause problems).

This option takes the standard substitutions, allowing + you to have separate logon scripts for each user or machine.

Note that this option is only useful if Samba is set up + as a logon server.

Default: logon path = \\%N\%U\profile

Example: logon path = \\PROFILESERVER\PROFILE\%U

logon script (G)

This parameter specifies the batch file (.bat) or + NT command file (.cmd) to be downloaded and run on a machine when + a user successfully logs in. The file must contain the DOS + style CR/LF line endings. Using a DOS-style editor to create the + file is recommended.

The script must be a relative path to the [netlogon] + service. If the [netlogon] service specifies a path of /usr/local/samba/netlogon + , and logon script = STARTUP.BAT, then + the file that will be downloaded is:

/usr/local/samba/netlogon/STARTUP.BAT

The contents of the batch file are entirely your choice. A + suggested command would be to add NET TIME \\SERVER /SET + /YES, to force every machine to synchronize clocks with + the same time server. Another use would be to add NET USE + U: \\SERVER\UTILS for commonly used utilities, or NET USE Q: \\SERVER\ISO9001_QA for example.

Note that it is particularly important not to allow write + access to the [netlogon] share, or to grant users write permission + on the batch files in a secure environment, as this would allow + the batch files to be arbitrarily modified and security to be + breached.

This option takes the standard substitutions, allowing you + to have separate logon scripts for each user or machine.

This option is only useful if Samba is set up as a logon + server.

Default: no logon script defined

Example: logon script = scripts\%U.bat

lppause command (S)

This parameter specifies the command to be + executed on the server host in order to stop printing or spooling + a specific print job.

This command should be a program or script which takes + a printer name and job number to pause the print job. One way + of implementing this is by using job priorities, where jobs + having a too low priority won't be sent to the printer.

If a %p is given then the printer name + is put in its place. A %j is replaced with + the job number (an integer). On HPUX (see printing=hpux + ), if the -p%p option is added + to the lpq command, the job will show up with the correct status, i.e. + if the job priority is lower than the set fence priority it will + have the PAUSED status, whereas if the priority is equal or higher it + will have the SPOOLED or PRINTING status.

Note that it is good practice to include the absolute path + in the lppause command as the PATH may not be available to the server.

See also the printing + parameter.

Default: Currently no default value is given to + this string, unless the value of the printing + parameter is SYSV, in which case the default is :

lp -i %p-%j -H hold

or if the value of the printing parameter + is SOFTQ, then the default is:

qstat -s -j%j -h

Example for HPUX: lppause command = /usr/bin/lpalt + %p-%j -p0

lpq cache time (G)

This controls how long lpq info will be cached + for to prevent the lpq command being called too + often. A separate cache is kept for each variation of the lpq command used by the system, so if you use different + lpq commands for different users then they won't + share cache information.

The cache files are stored in /tmp/lpq.xxxx + where xxxx is a hash of the lpq command in use.

The default is 10 seconds, meaning that the cached results + of a previous identical lpq command will be used + if the cached data is less than 10 seconds old. A large value may + be advisable if your lpq command is very slow.

A value of 0 will disable caching completely.

See also the printing + parameter.

Default: lpq cache time = 10

Example: lpq cache time = 30

lpq command (S)

This parameter specifies the command to be + executed on the server host in order to obtain lpq + -style printer status information.

This command should be a program or script which + takes a printer name as its only parameter and outputs printer + status information.

Currently eight styles of printer status information + are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. + This covers most UNIX systems. You control which type is expected + using the printing = option.

Some clients (notably Windows for Workgroups) may not + correctly send the connection number for the printer they are + requesting status information about. To get around this, the + server reports on the first printer service connected to by the + client. This only happens if the connection number sent is invalid.

If a %p is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command.

Note that it is good practice to include the absolute path + in the lpq command as the $PATH + may not be available to the server.

See also the printing + parameter.

Default: depends on the setting of printing

Example: lpq command = /usr/bin/lpq -P%p

lpresume command (S)

This parameter specifies the command to be + executed on the server host in order to restart or continue + printing or spooling a specific print job.

This command should be a program or script which takes + a printer name and job number to resume the print job. See + also the lppause command + parameter.

If a %p is given then the printer name + is put in its place. A %j is replaced with + the job number (an integer).

Note that it is good practice to include the absolute path + in the lpresume command as the PATH may not + be available to the server.

See also the printing + parameter.

Default: Currently no default value is given + to this string, unless the value of the printing + parameter is SYSV, in which case the default is :

lp -i %p-%j -H resume

or if the value of the printing parameter + is SOFTQ, then the default is:

qstat -s -j%j -r

Example for HPUX: lpresume command = /usr/bin/lpalt + %p-%j -p2

lprm command (S)

This parameter specifies the command to be + executed on the server host in order to delete a print job.

This command should be a program or script which takes + a printer name and job number, and deletes the print job.

If a %p is given then the printer name + is put in its place. A %j is replaced with + the job number (an integer).

Note that it is good practice to include the absolute + path in the lprm command as the PATH may not be + available to the server.

See also the printing + parameter.

Default: depends on the setting of printing +

Example 1: lprm command = /usr/bin/lprm -P%p %j +

Example 2: lprm command = /usr/bin/cancel %p-%j +

machine password timeout (G)

If a Samba server is a member of a Windows + NT Domain (see the security = domain) + parameter) then periodically a running smbd(8) process will try and change the MACHINE ACCOUNT + PASSWORD stored in the TDB called private/secrets.tdb + . This parameter specifies how often this password + will be changed, in seconds. The default is one week (expressed in + seconds), the same as a Windows NT Domain member server.

See also smbpasswd(8) + , and the security = domain) parameter.

Default: machine password timeout = 604800

magic output (S)

This parameter specifies the name of a file + which will contain output created by a magic script (see the + magic script + parameter below).

Warning: If two clients use the same magic script + in the same directory the output file content + is undefined.

Default: magic output = <magic script name>.out +

Example: magic output = myfile.txt

magic script (S)

This parameter specifies the name of a file which, + if opened, will be executed by the server when the file is closed. + This allows a UNIX script to be sent to the Samba host and + executed on behalf of the connected user.

Scripts executed in this way will be deleted upon + completion assuming that the user has the appropriate level + of privilege and the file permissions allow the deletion.

If the script generates output, output will be sent to + the file specified by the magic output parameter (see above).

Note that some shells are unable to interpret scripts + containing CR/LF instead of CR as + the end-of-line marker. Magic scripts must be executable + as is on the host, which for some hosts and + some shells will require filtering at the DOS end.

Magic scripts are EXPERIMENTAL and + should NOT be relied upon.

Default: None. Magic scripts disabled.

Example: magic script = user.csh

mangle case (S)

See the section on NAME MANGLING

Default: mangle case = no

mangled map (S)

This is for those who want to directly map UNIX + file names which cannot be represented on Windows/DOS. The mangling + of names is not always what is needed. In particular you may have + documents with file extensions that differ between DOS and UNIX. + For example, under UNIX it is common to use .html + for HTML files, whereas under Windows/DOS .htm + is more commonly used.

So to map html to htm + you would use:

mangled map = (*.html *.htm)

One very useful case is to remove the annoying ;1 + off the ends of filenames on some CDROMs (only visible + under some UNIXes). To do this use a map of (*;1 *;).

Default: no mangled map

Example: mangled map = (*;1 *;)

mangled names (S)

This controls whether non-DOS names under UNIX + should be mapped to DOS-compatible names ("mangled") and made visible, + or whether non-DOS names should simply be ignored.

See the section on NAME MANGLING for details on how to control the mangling process.

If mangling is used then the mangling algorithm is as follows:

  • The first (up to) five alphanumeric characters + before the rightmost dot of the filename are preserved, forced + to upper case, and appear as the first (up to) five characters + of the mangled name.

  • A tilde "~" is appended to the first part of the mangled + name, followed by a two-character unique sequence, based on the + original root name (i.e., the original filename minus its final + extension). The final extension is included in the hash calculation + only if it contains any upper case characters or is longer than three + characters.

    Note that the character to use may be specified using + the mangling char + option, if you don't like '~'.

  • The first three alphanumeric characters of the final + extension are preserved, forced to upper case and appear as the + extension of the mangled name. The final extension is defined as that + part of the original filename after the rightmost dot. If there are no + dots in the filename, the mangled name will have no extension (except + in the case of "hidden files" - see below).

  • Files whose UNIX name begins with a dot will be + presented as DOS hidden files. The mangled name will be created as + for other filenames, but with the leading dot removed and "___" as + its extension regardless of actual original extension (that's three + underscores).

The two-digit hash value consists of upper case + alphanumeric characters.

This algorithm can cause name collisions only if files + in a directory share the same first five alphanumeric characters. + The probability of such a clash is 1/1300.

The name mangling (if enabled) allows a file to be + copied between UNIX directories from Windows/DOS while retaining + the long UNIX filename. UNIX files can be renamed to a new extension + from Windows/DOS and will retain the same basename. Mangled names + do not change between sessions.

Default: mangled names = yes

mangled stack (G)

This parameter controls the number of mangled names + that should be cached in the Samba server smbd(8).

This stack is a list of recently mangled base names + (extensions are only maintained if they are longer than 3 characters + or contains upper case characters).

The larger this value, the more likely it is that mangled + names can be successfully converted to correct long UNIX names. + However, large stack sizes will slow most directory accesses. Smaller + stacks save memory in the server (each stack element costs 256 bytes). +

It is not possible to absolutely guarantee correct long + filenames, so be prepared for some surprises!

Default: mangled stack = 50

Example: mangled stack = 100

mangling char (S)

This controls what character is used as + the magic character in name mangling. The default is a '~' + but this may interfere with some software. Use this option to set + it to whatever you prefer.

Default: mangling char = ~

Example: mangling char = ^

map archive (S)

This controls whether the DOS archive attribute + should be mapped to the UNIX owner execute bit. The DOS archive bit + is set when a file has been modified since its last backup. One + motivation for this option it to keep Samba/your PC from making + any file it touches from becoming executable under UNIX. This can + be quite annoying for shared source code, documents, etc...

Note that this requires the create mask + parameter to be set such that owner execute bit is not masked out + (i.e. it must include 100). See the parameter create mask for details.

Default: map archive = yes

map hidden (S)

This controls whether DOS style hidden files + should be mapped to the UNIX world execute bit.

Note that this requires the create mask + to be set such that the world execute bit is not masked out (i.e. + it must include 001). See the parameter create mask for details.

Default: map hidden = no

map system (S)

This controls whether DOS style system files + should be mapped to the UNIX group execute bit.

Note that this requires the create mask + to be set such that the group execute bit is not masked out (i.e. + it must include 010). See the parameter create mask for details.

Default: map system = no

map to guest (G)

This parameter is only useful in security modes other than security = share + - i.e. user, server, + and domain.

This parameter can take three different values, which tell + smbd(8) what to do with user + login requests that don't match a valid UNIX user in some way.

The three settings are :

  • Never - Means user login + requests with an invalid password are rejected. This is the + default.

  • Bad User - Means user + logins with an invalid password are rejected, unless the username + does not exist, in which case it is treated as a guest login and + mapped into the guest account.

  • Bad Password - Means user logins + with an invalid password are treated as a guest login and mapped + into the guest account. Note that + this can cause problems as it means that any user incorrectly typing + their password will be silently logged on as "guest" - and + will not know the reason they cannot access files they think + they should - there will have been no message given to them + that they got their password wrong. Helpdesk services will + hate you if you set the map to + guest parameter this way :-).

Note that this parameter is needed to set up "Guest" + share services when using security modes other than + share. This is because in these modes the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client so the server + cannot make authentication decisions at the correct time (connection + to the share) for "Guest" shares.

For people familiar with the older Samba releases, this + parameter maps to the old compile-time setting of the GUEST_SESSSETUP value in local.h.

Default: map to guest = Never

Example: map to guest = Bad User

max connections (S)

This option allows the number of simultaneous + connections to a service to be limited. If max connections + is greater than 0 then connections will be refused if + this number of connections to the service are already open. A value + of zero mean an unlimited number of connections may be made.

Record lock files are used to implement this feature. The + lock files will be stored in the directory specified by the lock directory + option.

Default: max connections = 0

Example: max connections = 10

max disk size (G)

This option allows you to put an upper limit + on the apparent size of disks. If you set this option to 100 + then all shares will appear to be not larger than 100 MB in + size.

Note that this option does not limit the amount of + data you can put on the disk. In the above case you could still + store much more than 100 MB on the disk, but if a client ever asks + for the amount of free disk space or the total disk size then the + result will be bounded by the amount specified in max + disk size.

This option is primarily useful to work around bugs + in some pieces of software that can't handle very large disks, + particularly disks over 1GB in size.

A max disk size of 0 means no limit.

Default: max disk size = 0

Example: max disk size = 1000

max log size (G)

This option (an integer in kilobytes) specifies + the max size the log file should grow to. Samba periodically checks + the size and if it is exceeded it will rename the file, adding + a .old extension.

A size of 0 means no limit.

Default: max log size = 5000

Example: max log size = 1000

max mux (G)

This option controls the maximum number of + outstanding simultaneous SMB operations that Samba tells the client + it will allow. You should never need to set this parameter.

Default: max mux = 50

max open files (G)

This parameter limits the maximum number of + open files that one smbd(8) file + serving process may have open for a client at any one time. The + default for this parameter is set very high (10,000) as Samba uses + only one bit per unopened file.

The limit of the number of open files is usually set + by the UNIX per-process file descriptor limit rather than + this parameter so you should never need to touch this parameter.

Default: max open files = 10000

max print jobs (S)

This parameter limits the maximum number of + jobs allowable in a Samba printer queue at any given moment. + If this number is exceeded, smbd(8) will remote "Out of Space" to the client. + See all total + print jobs. +

Default: max print jobs = 1000

Example: max print jobs = 5000

max protocol (G)

The value of the parameter (a string) is the highest + protocol level that will be supported by the server.

Possible values are :

  • CORE: Earliest version. No + concept of user names.

  • COREPLUS: Slight improvements on + CORE for efficiency.

  • LANMAN1: First modern version of the protocol. Long filename + support.

  • LANMAN2: Updates to Lanman1 protocol. +

  • NT1: Current up to date version of + the protocol. Used by Windows NT. Known as CIFS.

Normally this option should not be set as the automatic + negotiation phase in the SMB protocol takes care of choosing + the appropriate protocol.

See also min + protocol

Default: max protocol = NT1

Example: max protocol = LANMAN1

max smbd processes (G)

This parameter limits the maximum number of + smbd(8) + processes concurrently running on a system and is intended + as a stopgap to prevent degrading service to clients in the event + that the server has insufficient resources to handle more than this + number of connections. Remember that under normal operating + conditions, each user will have an smbd associated with him or her + to handle connections to all shares from a given host. +

Default: max smbd processes = 0 ## no limit

Example: max smbd processes = 1000

max ttl (G)

This option tells nmbd(8) + what the default 'time to live' of NetBIOS names should be (in seconds) + when nmbd is requesting a name using either a + broadcast packet or from a WINS server. You should never need to + change this parameter. The default is 3 days.

Default: max ttl = 259200

max wins ttl (G)

This option tells nmbd(8) + when acting as a WINS server ( wins support = yes) what the maximum + 'time to live' of NetBIOS names that nmbd + will grant will be (in seconds). You should never need to change this + parameter. The default is 6 days (518400 seconds).

See also the min + wins ttl parameter.

Default: max wins ttl = 518400

max xmit (G)

This option controls the maximum packet size + that will be negotiated by Samba. The default is 65535, which + is the maximum. In some cases you may find you get better performance + with a smaller value. A value below 2048 is likely to cause problems. +

Default: max xmit = 65535

Example: max xmit = 8192

message command (G)

This specifies what command to run when the + server receives a WinPopup style message.

This would normally be a command that would + deliver the message somehow. How this is to be done is + up to your imagination.

An example is:

message command = csh -c 'xedit %s;rm %s' & +

This delivers the message using xedit, then + removes it afterwards. NOTE THAT IT IS VERY IMPORTANT + THAT THIS COMMAND RETURN IMMEDIATELY. That's why I + have the '&' on the end. If it doesn't return immediately then + your PCs may freeze when sending messages (they should recover + after 30 seconds, hopefully).

All messages are delivered as the global guest user. + The command takes the standard substitutions, although %u won't work (%U may be better + in this case).

Apart from the standard substitutions, some additional + ones apply. In particular:

  • %s = the filename containing + the message.

  • %t = the destination that + the message was sent to (probably the server name).

  • %f = who the message + is from.

You could make this command send mail, or whatever else + takes your fancy. Please let us know of any really interesting + ideas you have.

Here's a way of sending the messages as mail to root:

message command = /bin/mail -s 'message from %f on + %m' root < %s; rm %s

If you don't have a message command then the message + won't be delivered and Samba will tell the sender there was + an error. Unfortunately WfWg totally ignores the error code + and carries on regardless, saying that the message was delivered. +

If you want to silently delete it then try:

message command = rm %s

Default: no message command

Example: message command = csh -c 'xedit %s; + rm %s' &

min passwd length (G)

Synonym for min password length.

min password length (G)

This option sets the minimum length in characters + of a plaintext password that smbd will accept when performing + UNIX password changing.

See also unix + password sync, passwd program and passwd chat debug + .

Default: min password length = 5

min print space (S)

This sets the minimum amount of free disk + space that must be available before a user will be able to spool + a print job. It is specified in kilobytes. The default is 0, which + means a user can always spool a print job.

See also the printing + parameter.

Default: min print space = 0

Example: min print space = 2000

min protocol (G)

The value of the parameter (a string) is the + lowest SMB protocol dialect than Samba will support. Please refer + to the max protocol + parameter for a list of valid protocol names and a brief description + of each. You may also wish to refer to the C source code in + source/smbd/negprot.c for a listing of known protocol + dialects supported by clients.

If you are viewing this parameter as a security measure, you should + also refer to the lanman + auth parameter. Otherwise, you should never need + to change this parameter.

Default : min protocol = CORE

Example : min protocol = NT1 # disable DOS + clients

min wins ttl (G)

This option tells nmbd(8) + when acting as a WINS server ( wins support = yes) what the minimum 'time to live' + of NetBIOS names that nmbd will grant will be (in + seconds). You should never need to change this parameter. The default + is 6 hours (21600 seconds).

Default: min wins ttl = 21600

msdfs root (S)

This boolean parameter is only available if + Samba is configured and compiled with the --with-msdfs option. If set to yes, + Samba treats the share as a Dfs root and allows clients to browse + the distributed file system tree rooted at the share directory. + Dfs links are specified in the share directory by symbolic + links of the form msdfs:serverA\shareA,serverB\shareB + and so on. For more information on setting up a Dfs tree + on Samba, refer to msdfs_setup.html + .

See also host msdfs +

Default: msdfs root = no

name resolve order (G)

This option is used by the programs in the Samba + suite to determine what naming services to use and in what order + to resolve host names to IP addresses. The option takes a space + separated string of name resolution options.

The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows :

  • lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup.

  • host : Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file. Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.

  • wins : Query a name with + the IP address listed in the wins server parameter. If no WINS server has + been specified this method will be ignored.

  • bcast : Do a broadcast on + each of the known local interfaces listed in the interfaces + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.

Default: name resolve order = lmhosts host wins bcast +

Example: name resolve order = lmhosts bcast host +

This will cause the local lmhosts file to be examined + first, followed by a broadcast attempt, followed by a normal + system hostname lookup.

netbios aliases (G)

This is a list of NetBIOS names that nmbd(8) will advertise as additional + names by which the Samba server is known. This allows one machine + to appear in browse lists under multiple names. If a machine is + acting as a browse server or logon server none + of these names will be advertised as either browse server or logon + servers, only the primary name of the machine will be advertised + with these capabilities.

See also netbios + name.

Default: empty string (no additional names)

Example: netbios aliases = TEST TEST1 TEST2

netbios name (G)

This sets the NetBIOS name by which a Samba + server is known. By default it is the same as the first component + of the host's DNS name. If a machine is a browse server or + logon server this name (or the first component + of the hosts DNS name) will be the name that these services are + advertised under.

See also netbios + aliases.

Default: machine DNS name

Example: netbios name = MYNAME

netbios scope (G)

This sets the NetBIOS scope that Samba will + operate under. This should not be set unless every machine + on your LAN also sets this value.

nis homedir (G)

Get the home share server from a NIS map. For + UNIX systems that use an automounter, the user's home directory + will often be mounted on a workstation on demand from a remote + server.

When the Samba logon server is not the actual home directory + server, but is mounting the home directories via NFS then two + network hops would be required to access the users home directory + if the logon server told the client to use itself as the SMB server + for home directories (one over SMB and one over NFS). This can + be very slow.

This option allows Samba to return the home share as + being on a different server to the logon server and as + long as a Samba daemon is running on the home directory server, + it will be mounted on the Samba client directly from the directory + server. When Samba is returning the home share to the client, it + will consult the NIS map specified in homedir map and return the server + listed there.

Note that for this option to work there must be a working + NIS system and the Samba server with this option must also + be a logon server.

Default: nis homedir = no

non unix account range (G)

The non unix account range parameter specifies + the range of 'user ids' that are allocated by the various 'non unix + account' passdb backends. These backends allow + the storage of passwords for users who don't exist in /etc/passwd. + This is most often used for machine account creation. + This range of ids should have no existing local or NIS users within + it as strange conflicts can occur otherwise.

NOTE: These userids never appear on the system and Samba will never + 'become' these users. They are used only to ensure that the algorithmic + RID mapping does not conflict with normal users. +

Default: non unix account range = <empty string> +

Example: non unix account range = 10000-20000

nt acl support (S)

This boolean parameter controls whether + smbd(8) will attempt to map + UNIX permissions into Windows NT access control lists. + This parameter was formally a global parameter in releases + prior to 2.2.2.

Default: nt acl support = yes

nt pipe support (G)

This boolean parameter controls whether + smbd(8) will allow Windows NT + clients to connect to the NT SMB specific IPC$ + pipes. This is a developer debugging option and can be left + alone.

Default: nt pipe support = yes

null passwords (G)

Allow or disallow client access to accounts + that have null passwords.

See also smbpasswd (5).

Default: null passwords = no

obey pam restrictions (G)

When Samba 2.2 is configured to enable PAM support + (i.e. --with-pam), this parameter will control whether or not Samba + should obey PAM's account and session management directives. The + default behavior is to use PAM for clear text authentication only + and to ignore any account or session management. Note that Samba + always ignores PAM for authentication in the case of encrypt passwords = yes + . The reason is that PAM modules cannot support the challenge/response + authentication mechanism needed in the presence of SMB password encryption. +

Default: obey pam restrictions = no

only user (S)

This is a boolean option that controls whether + connections with usernames not in the user + list will be allowed. By default this option is disabled so that a + client can supply a username to be used by the server. Enabling + this parameter will force the server to only user the login + names from the user list and is only really + useful in shave level + security.

Note that this also means Samba won't try to deduce + usernames from the service name. This can be annoying for + the [homes] section. To get around this you could use user = + %S which means your user list + will be just the service name, which for home directories is the + name of the user.

See also the user + parameter.

Default: only user = no

only guest (S)

A synonym for guest only.

oplock break wait time (G)

This is a tuning parameter added due to bugs in + both Windows 9x and WinNT. If Samba responds to a client too + quickly when that client issues an SMB that can cause an oplock + break request, then the network client can fail and not respond + to the break request. This tuning parameter (which is set in milliseconds) + is the amount of time Samba will wait before sending an oplock break + request to such (broken) clients.

DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE.

Default: oplock break wait time = 0

oplock contention limit (S)

This is a very advanced + smbd(8) tuning option to + improve the efficiency of the granting of oplocks under multiple + client contention for the same file.

In brief it specifies a number, which causes smbd not to + grant an oplock even when requested if the approximate number of + clients contending for an oplock on the same file goes over this + limit. This causes smbd to behave in a similar + way to Windows NT.

DO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ + AND UNDERSTOOD THE SAMBA OPLOCK CODE.

Default: oplock contention limit = 2

oplocks (S)

This boolean option tells smbd whether to + issue oplocks (opportunistic locks) to file open requests on this + share. The oplock code can dramatically (approx. 30% or more) improve + the speed of access to files on Samba servers. It allows the clients + to aggressively cache files locally and you may want to disable this + option for unreliable network environments (it is turned on by + default in Windows NT Servers). For more information see the file + Speed.txt in the Samba docs/ + directory.

Oplocks may be selectively turned off on certain files with a + share. See the veto oplock files parameter. On some systems + oplocks are recognized by the underlying operating system. This + allows data synchronization between all access to oplocked files, + whether it be via Samba or NFS or a local UNIX process. See the + kernel oplocks parameter for details.

See also the kernel + oplocks and level2 oplocks parameters.

Default: oplocks = yes

os level (G)

This integer value controls what level Samba + advertises itself as for browse elections. The value of this + parameter determines whether nmbd(8) + has a chance of becoming a local master browser for the WORKGROUP in the local broadcast area.

Note :By default, Samba will win + a local master browsing election over all Microsoft operating + systems except a Windows NT 4.0/2000 Domain Controller. This + means that a misconfigured Samba host can effectively isolate + a subnet for browsing purposes. See BROWSING.txt + in the Samba docs/ directory + for details.

Default: os level = 20

Example: os level = 65

os2 driver map (G)

The parameter is used to define the absolute + path to a file containing a mapping of Windows NT printer driver + names to OS/2 printer driver names. The format is:

<nt driver name> = <os2 driver + name>.<device name>

For example, a valid entry using the HP LaserJet 5 + printer driver would appear as HP LaserJet 5L = LASERJET.HP + LaserJet 5L.

The need for the file is due to the printer driver namespace + problem described in the Samba + Printing HOWTO. For more details on OS/2 clients, please + refer to the OS2-Client-HOWTO + containing in the Samba documentation.

Default: os2 driver map = <empty string> +

pam password change (G)

With the addition of better PAM support in Samba 2.2, + this parameter, it is possible to use PAM's password change control + flag for Samba. If enabled, then PAM will be used for password + changes when requested by an SMB client instead of the program listed in + passwd program. + It should be possible to enable this without changing your + passwd chat + parameter for most setups. +

Default: pam password change = no

panic action (G)

This is a Samba developer option that allows a + system command to be called when either smbd(8) or nmbd(8) + crashes. This is usually used to draw attention to the fact that + a problem occurred.

Default: panic action = <empty string>

Example: panic action = "/bin/sleep 90000"

passdb backend (G)

This option allows the administrator to chose what + backend in which to store passwords. This allows (for example) both + smbpasswd and tdbsam to be used without a recompile. Only one can + be used at a time however, and experimental backends must still be selected + (eg --with-tdbsam) at configure time. +

This paramater is in two parts, the backend's name, and a 'location' + string that has meaning only to that particular backed. These are separated + by a : character.

Available backends can include: +

  • smbpasswd - The default smbpasswd + backend. Takes a path to the smbpasswd file as an optional argument.

  • smbpasswd_nua - The smbpasswd + backend, but with support for 'not unix accounts'. + Takes a path to the smbpasswd file as an optional argument.

    See also non unix account range

  • tdbsam - The TDB based password storage + backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb + in the private dir directory.

  • tdbsam_nua - The TDB based password storage + backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb + in the private dir directory.

    See also non unix account range

  • ldapsam - The LDAP based passdb + backend. Takes an LDAP URL as an optional argument (defaults to + ldap://localhost)

  • ldapsam_nua - The LDAP based passdb + backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to + ldap://localhost)

    See also non unix account range

  • plugin - Allows Samba to load an + arbitary passdb backend from the .so specified as a compulsary argument. +

    Any characters after the (optional) second : are passed to the plugin + for its own processing

+

Default: passdb backend = smbpasswd

Example: passdb backend = tdbsam:/etc/samba/private/passdb.tdb

Example: passdb backend = ldapsam_nua:ldaps://ldap.example.com

Example: passdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args

passwd chat (G)

This string controls the "chat" + conversation that takes places between smbd and the local password changing + program to change the user's password. The string describes a + sequence of response-receive pairs that smbd(8) uses to determine what to send to the + passwd program + and what to expect back. If the expected output is not + received then the password is not changed.

This chat sequence is often quite site specific, depending + on what local methods are used for password control (such as NIS + etc).

Note that this parameter only is only used if the unix + password sync parameter is set to yes. This + sequence is then called AS ROOT when the SMB password + in the smbpasswd file is being changed, without access to the old + password cleartext. This means that root must be able to reset the user's password + without knowing the text of the previous password. In the presence of NIS/YP, + this means that the passwd program must be + executed on the NIS master. +

The string can contain the macro %n which is substituted + for the new password. The chat sequence can also contain the standard + macros \n, \r, \t and \s to give line-feed, + carriage-return, tab and space. The chat sequence string can also contain + a '*' which matches any sequence of characters. + Double quotes can be used to collect strings with spaces + in them into a single string.

If the send string in any part of the chat sequence + is a full stop ".", then no string is sent. Similarly, + if the expect string is a full stop then no string is expected.

If the pam + password change parameter is set to true, the chat pairs + may be matched in any order, and success is determined by the PAM result, + not any particular output. The \n macro is ignored for PAM conversions. +

See also unix password + sync, passwd program , passwd chat debug and pam password change.

Default: passwd chat = *new*password* %n\n + *new*password* %n\n *changed*

Example: passwd chat = "*Enter OLD password*" %o\n + "*Enter NEW password*" %n\n "*Reenter NEW password*" %n\n "*Password + changed*"

passwd chat debug (G)

This boolean specifies if the passwd chat script + parameter is run in debug mode. In this mode the + strings passed to and received from the passwd chat are printed + in the smbd(8) log with a + debug level + of 100. This is a dangerous option as it will allow plaintext passwords + to be seen in the smbd log. It is available to help + Samba admins debug their passwd chat scripts + when calling the passwd program and should + be turned off after this has been done. This option has no effect if the + pam password change + paramter is set. This parameter is off by default.

See also passwd chat + , pam password change + , passwd program + .

Default: passwd chat debug = no

passwd program (G)

The name of a program that can be used to set + UNIX user passwords. Any occurrences of %u + will be replaced with the user name. The user name is checked for + existence before calling the password changing program.

Also note that many passwd programs insist in reasonable + passwords, such as a minimum length, or the inclusion + of mixed case chars and digits. This can pose a problem as some clients + (such as Windows for Workgroups) uppercase the password before sending + it.

Note that if the unix + password sync parameter is set to true + then this program is called AS ROOT + before the SMB password in the smbpasswd(5) + file is changed. If this UNIX password change fails, then + smbd will fail to change the SMB password also + (this is by design).

If the unix password sync parameter + is set this parameter MUST USE ABSOLUTE PATHS + for ALL programs called, and must be examined + for security implications. Note that by default unix + password sync is set to false.

See also unix + password sync.

Default: passwd program = /bin/passwd

Example: passwd program = /sbin/npasswd %u +

password level (G)

Some client/server combinations have difficulty + with mixed-case passwords. One offending client is Windows for + Workgroups, which for some reason forces passwords to upper + case when using the LANMAN1 protocol, but leaves them alone when + using COREPLUS! Another problem child is the Windows 95/98 + family of operating systems. These clients upper case clear + text passwords even when NT LM 0.12 selected by the protocol + negotiation request/response.

This parameter defines the maximum number of characters + that may be upper case in passwords.

For example, say the password given was "FRED". If password level is set to 1, the following combinations + would be tried if "FRED" failed:

"Fred", "fred", "fRed", "frEd","freD"

If password level was set to 2, + the following combinations would also be tried:

"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", ..

And so on.

The higher value this parameter is set to the more likely + it is that a mixed case password will be matched against a single + case password. However, you should be aware that use of this + parameter reduces security and increases the time taken to + process a new connection.

A value of zero will cause only two attempts to be + made - the password as is and the password in all-lower case.

Default: password level = 0

Example: password level = 4

password server (G)

By specifying the name of another SMB server (such + as a WinNT box) with this option, and using security = domain + or security = server you can get Samba + to do all its username/password validation via a remote server.

This option sets the name of the password server to use. + It must be a NetBIOS name, so if the machine's NetBIOS name is + different from its Internet name then you may have to add its NetBIOS + name to the lmhosts file which is stored in the same directory + as the smb.conf file.

The name of the password server is looked up using the + parameter name + resolve order and so may resolved + by any method and order described in that parameter.

The password server much be a machine capable of using + the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in + user level security mode.

NOTE: Using a password server + means your UNIX box (running Samba) is only as secure as your + password server. DO NOT CHOOSE A PASSWORD SERVER THAT + YOU DON'T COMPLETELY TRUST.

Never point a Samba server at itself for password + serving. This will cause a loop and could lock up your Samba + server!

The name of the password server takes the standard + substitutions, but probably the only useful one is %m + , which means the Samba server will use the incoming + client as the password server. If you use this then you better + trust your clients, and you had better restrict them with hosts allow!

If the security parameter is set to + domain, then the list of machines in this + option must be a list of Primary or Backup Domain controllers for the + Domain or the character '*', as the Samba server is effectively + in that domain, and will use cryptographically authenticated RPC calls + to authenticate the user logging on. The advantage of using security = domain is that if you list several hosts in the + password server option then smbd + will try each in turn till it finds one that responds. This + is useful in case your primary server goes down.

If the password server option is set + to the character '*', then Samba will attempt to auto-locate the + Primary or Backup Domain controllers to authenticate against by + doing a query for the name WORKGROUP<1C> + and then contacting each server returned in the list of IP + addresses from the name resolution source.

If the security parameter is + set to server, then there are different + restrictions that security = domain doesn't + suffer from:

  • You may list several password servers in + the password server parameter, however if an + smbd makes a connection to a password server, + and then the password server fails, no more users will be able + to be authenticated from this smbd. This is a + restriction of the SMB/CIFS protocol when in security = server + mode and cannot be fixed in Samba.

  • If you are using a Windows NT server as your + password server then you will have to ensure that your users + are able to login from the Samba server, as when in security = server mode the network logon will appear to + come from there rather than from the users workstation.

See also the security + parameter.

Default: password server = <empty string> +

Example: password server = NT-PDC, NT-BDC1, NT-BDC2 +

Example: password server = *

path (S)

This parameter specifies a directory to which + the user of the service is to be given access. In the case of + printable services, this is where print data will spool prior to + being submitted to the host for printing.

For a printable service offering guest access, the service + should be readonly and the path should be world-writeable and + have the sticky bit set. This is not mandatory of course, but + you probably won't get the results you expect if you do + otherwise.

Any occurrences of %u in the path + will be replaced with the UNIX username that the client is using + on this connection. Any occurrences of %m + will be replaced by the NetBIOS name of the machine they are + connecting from. These replacements are very useful for setting + up pseudo home directories for users.

Note that this path will be based on root dir if one was specified.

Default: none

Example: path = /home/fred

posix locking (S)

The smbd(8) + daemon maintains an database of file locks obtained by SMB clients. + The default behavior is to map this internal database to POSIX + locks. This means that file locks obtained by SMB clients are + consistent with those seen by POSIX compliant applications accessing + the files via a non-SMB method (e.g. NFS or local file access). + You should never need to disable this parameter.

Default: posix locking = yes

postexec (S)

This option specifies a command to be run + whenever the service is disconnected. It takes the usual + substitutions. The command may be run as the root on some + systems.

An interesting example may be to unmount server + resources:

postexec = /etc/umount /cdrom

See also preexec + .

Default: none (no command executed) +

Example: postexec = echo \"%u disconnected from %S + from %m (%I)\" >> /tmp/log

postscript (S)

This parameter forces a printer to interpret + the print files as PostScript. This is done by adding a %! + to the start of print output.

This is most useful when you have lots of PCs that persist + in putting a control-D at the start of print jobs, which then + confuses your printer.

Default: postscript = no

preexec (S)

This option specifies a command to be run whenever + the service is connected to. It takes the usual substitutions.

An interesting example is to send the users a welcome + message every time they log in. Maybe a message of the day? Here + is an example:

preexec = csh -c 'echo \"Welcome to %S!\" | + /usr/local/samba/bin/smbclient -M %m -I %I' &

Of course, this could get annoying after a while :-)

See also preexec close + and postexec + .

Default: none (no command executed)

Example: preexec = echo \"%u connected to %S from %m + (%I)\" >> /tmp/log

preexec close (S)

This boolean option controls whether a non-zero + return code from preexec + should close the service being connected to.

Default: preexec close = no

preferred master (G)

This boolean parameter controls if nmbd(8) is a preferred master browser + for its workgroup.

If this is set to true, on startup, nmbd + will force an election, and it will have a slight advantage in + winning the election. It is recommended that this parameter is + used in conjunction with domain master = yes, so that nmbd can guarantee becoming a domain master.

Use this option with caution, because if there are several + hosts (whether Samba servers, Windows 95 or NT) that are preferred + master browsers on the same subnet, they will each periodically + and continuously attempt to become the local master browser. + This will result in unnecessary broadcast traffic and reduced browsing + capabilities.

See also os level + .

Default: preferred master = auto

prefered master (G)

Synonym for preferred master for people who cannot spell :-).

preload

This is a list of services that you want to be + automatically added to the browse lists. This is most useful + for homes and printers services that would otherwise not be + visible.

Note that if you just want all printers in your + printcap file loaded then the load printers option is easier.

Default: no preloaded services

Example: preload = fred lp colorlp

preserve case (S)

This controls if new filenames are created + with the case that the client passes, or if they are forced to + be the default case + .

Default: preserve case = yes

See the section on NAME + MANGLING for a fuller discussion.

print command (S)

After a print job has finished spooling to + a service, this command will be used via a system() + call to process the spool file. Typically the command specified will + submit the spool file to the host's printing subsystem, but there + is no requirement that this be the case. The server will not remove + the spool file, so whatever command you specify should remove the + spool file when it has been processed, otherwise you will need to + manually remove old spool files.

The print command is simply a text string. It will be used + verbatim, with two exceptions: All occurrences of %s + and %f will be replaced by the + appropriate spool file name, and all occurrences of %p + will be replaced by the appropriate printer name. The + spool file name is generated automatically by the server. The + %J macro can be used to access the job + name as transmitted by the client.

The print command MUST contain at least + one occurrence of %s or %f + - the %p is optional. At the time + a job is submitted, if no printer name is supplied the %p + will be silently removed from the printer command.

If specified in the [global] section, the print command given + will be used for any printable service that does not have its own + print command specified.

If there is neither a specified print command for a + printable service nor a global print command, spool files will + be created but not processed and (most importantly) not removed.

Note that printing may fail on some UNIXes from the + nobody account. If this happens then create + an alternative guest account that can print and set the guest account + in the [global] section.

You can form quite complex print commands by realizing + that they are just passed to a shell. For example the following + will log a print job, print the file, then remove it. Note that + ';' is the usual separator for command in shell scripts.

print command = echo Printing %s >> + /tmp/print.log; lpr -P %p %s; rm %s

You may have to vary this command considerably depending + on how you normally print files on your system. The default for + the parameter varies depending on the setting of the printing parameter.

Default: For printing = BSD, AIX, QNX, LPRNG + or PLP :

print command = lpr -r -P%p %s

For printing = SYSV or HPUX :

print command = lp -c -d%p %s; rm %s

For printing = SOFTQ :

print command = lp -d%p -s %s; rm %s

Example: print command = /usr/local/samba/bin/myprintscript + %p %s

print ok (S)

Synonym for printable.

printable (S)

If this parameter is yes, then + clients may open, write to and submit spool files on the directory + specified for the service.

Note that a printable service will ALWAYS allow writing + to the service path (user privileges permitting) via the spooling + of print data. The writeable + parameter controls only non-printing access to + the resource.

Default: printable = no

printcap (G)

Synonym for printcap name.

printcap name (G)

This parameter may be used to override the + compiled-in default printcap name used by the server (usually /etc/printcap). See the discussion of the [printers] section above for reasons + why you might want to do this.

On System V systems that use lpstat to + list available printers you can use printcap name = lpstat + to automatically obtain lists of available printers. This + is the default for systems that define SYSV at configure time in + Samba (this includes most System V based systems). If printcap name is set to lpstat on + these systems then Samba will launch lpstat -v and + attempt to parse the output to obtain a printer list.

A minimal printcap file would look something like this:

		print1|My Printer 1
+		print2|My Printer 2
+		print3|My Printer 3
+		print4|My Printer 4
+		print5|My Printer 5
+

where the '|' separates aliases of a printer. The fact + that the second alias has a space in it gives a hint to Samba + that it's a comment.

NOTE: Under AIX the default printcap + name is /etc/qconfig. Samba will assume the + file is in AIX qconfig format if the string + qconfig appears in the printcap filename.

Default: printcap name = /etc/printcap

Example: printcap name = /etc/myprintcap

printer admin (S)

This is a list of users that can do anything to + printers via the remote administration interfaces offered by MS-RPC + (usually using a NT workstation). Note that the root user always + has admin rights.

Default: printer admin = <empty string> +

Example: printer admin = admin, @staff

printer driver (S)

Note :This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the Samba 2.2. Printing + HOWTO for more information + on the new method of loading printer drivers onto a Samba server. +

This option allows you to control the string + that clients receive when they ask the server for the printer driver + associated with a printer. If you are using Windows95 or Windows NT + then you can use this to automate the setup of printers on your + system.

You need to set this parameter to the exact string (case + sensitive) that describes the appropriate printer driver for your + system. If you don't know the exact string to use then you should + first try with no printer driver option set and the client will + give you a list of printer drivers. The appropriate strings are + shown in a scroll box after you have chosen the printer manufacturer.

See also printer + driver file.

Example: printer driver = HP LaserJet 4L

printer driver file (G)

Note :This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the Samba 2.2. Printing + HOWTO for more information + on the new method of loading printer drivers onto a Samba server. +

This parameter tells Samba where the printer driver + definition file, used when serving drivers to Windows 95 clients, is + to be found. If this is not set, the default is :

SAMBA_INSTALL_DIRECTORY + /lib/printers.def

This file is created from Windows 95 msprint.inf + files found on the Windows 95 client system. For more + details on setting up serving of printer drivers to Windows 95 + clients, see the outdated documentation file in the docs/ + directory, PRINTER_DRIVER.txt.

See also printer driver location.

Default: None (set in compile).

Example: printer driver file = + /usr/local/samba/printers/drivers.def

printer driver location (S)

Note :This is a deprecated + parameter and will be removed in the next major release + following version 2.2. Please see the instructions in + the Samba 2.2. Printing + HOWTO for more information + on the new method of loading printer drivers onto a Samba server. +

This parameter tells clients of a particular printer + share where to find the printer driver files for the automatic + installation of drivers for Windows 95 machines. If Samba is set up + to serve printer drivers to Windows 95 machines, this should be set to

\\MACHINE\PRINTER$

Where MACHINE is the NetBIOS name of your Samba server, + and PRINTER$ is a share you set up for serving printer driver + files. For more details on setting this up see the outdated documentation + file in the docs/ directory, PRINTER_DRIVER.txt.

See also printer driver file.

Default: none

Example: printer driver location = \\MACHINE\PRINTER$ +

printer name (S)

This parameter specifies the name of the printer + to which print jobs spooled through a printable service will be sent.

If specified in the [global] section, the printer + name given will be used for any printable service that does + not have its own printer name specified.

Default: none (but may be lp + on many systems)

Example: printer name = laserwriter

printer (S)

Synonym for printer name.

printing (S)

This parameters controls how printer status + information is interpreted on your system. It also affects the + default values for the print command, + lpq command, lppause command + , lpresume command, and + lprm command if specified in the + [global] section.

Currently nine printing styles are supported. They are + BSD, AIX, + LPRNG, PLP, + SYSV, HPUX, + QNX, SOFTQ, + and CUPS.

To see what the defaults are for the other print + commands when using the various options use the testparm(1) program.

This option can be set on a per printer basis

See also the discussion in the [printers] section.

private dir (G)

This parameters defines the directory + smbd will use for storing such files as smbpasswd + and secrets.tdb. +

Default :private dir = ${prefix}/private

protocol (G)

Synonym for max protocol.

public (S)

Synonym for guest + ok.

queuepause command (S)

This parameter specifies the command to be + executed on the server host in order to pause the printer queue.

This command should be a program or script which takes + a printer name as its only parameter and stops the printer queue, + such that no longer jobs are submitted to the printer.

This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.

If a %p is given then the printer name + is put in its place. Otherwise it is placed at the end of the command. +

Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.

Default: depends on the setting of printing +

Example: queuepause command = disable %p

queueresume command (S)

This parameter specifies the command to be + executed on the server host in order to resume the printer queue. It + is the command to undo the behavior that is caused by the + previous parameter ( queuepause command).

This command should be a program or script which takes + a printer name as its only parameter and resumes the printer queue, + such that queued jobs are resubmitted to the printer.

This command is not supported by Windows for Workgroups, + but can be issued from the Printers window under Windows 95 + and NT.

If a %p is given then the printer name + is put in its place. Otherwise it is placed at the end of the + command.

Note that it is good practice to include the absolute + path in the command as the PATH may not be available to the + server.

Default: depends on the setting of printing +

Example: queuepause command = enable %p +

read bmpx (G)

This boolean parameter controls whether smbd(8) will support the "Read + Block Multiplex" SMB. This is now rarely used and defaults to + no. You should never need to set this + parameter.

Default: read bmpx = no

read list (S)

This is a list of users that are given read-only + access to a service. If the connecting user is in this list then + they will not be given write access, no matter what the writeable + option is set to. The list can include group names using the + syntax described in the invalid users parameter.

See also the write list parameter and the invalid users + parameter.

Default: read list = <empty string>

Example: read list = mary, @students

read only (S)

Note that this is an inverted synonym for writeable.

read raw (G)

This parameter controls whether or not the server + will support the raw read SMB requests when transferring data + to clients.

If enabled, raw reads allow reads of 65535 bytes in + one packet. This typically provides a major performance benefit. +

However, some clients either negotiate the allowable + block size incorrectly or are incapable of supporting larger block + sizes, and for these clients you may need to disable raw reads.

In general this parameter should be viewed as a system tuning + tool and left severely alone. See also write raw.

Default: read raw = yes

read size (G)

The option read size + affects the overlap of disk reads/writes with network reads/writes. + If the amount of data being transferred in several of the SMB + commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger + than this value then the server begins writing the data before it + has received the whole packet from the network, or in the case of + SMBreadbraw, it begins writing to the network before all the data + has been read from disk.

This overlapping works best when the speeds of disk and + network access are similar, having very little effect when the + speed of one is much greater than the other.

The default value is 16384, but very little experimentation + has been done yet to determine the optimal value, and it is likely + that the best value will vary greatly between systems anyway. + A value over 65536 is pointless and will cause you to allocate + memory unnecessarily.

Default: read size = 16384

Example: read size = 8192

remote announce (G)

This option allows you to setup nmbd(8) to periodically announce itself + to arbitrary IP addresses with an arbitrary workgroup name.

This is useful if you want your Samba server to appear + in a remote workgroup for which the normal browse propagation + rules don't work. The remote workgroup can be anywhere that you + can send IP packets to.

For example:

remote announce = 192.168.2.255/SERVERS + 192.168.4.255/STAFF

the above line would cause nmbd to announce itself + to the two given IP addresses using the given workgroup names. + If you leave out the workgroup name then the one given in + the workgroup + parameter is used instead.

The IP addresses you choose would normally be the broadcast + addresses of the remote networks, but can also be the IP addresses + of known browse masters if your network config is that stable.

See the documentation file BROWSING.txt + in the docs/ directory.

Default: remote announce = <empty string> +

remote browse sync (G)

This option allows you to setup nmbd(8) to periodically request + synchronization of browse lists with the master browser of a Samba + server that is on a remote segment. This option will allow you to + gain browse lists for multiple workgroups across routed networks. This + is done in a manner that does not work with any non-Samba servers.

This is useful if you want your Samba server and all local + clients to appear in a remote workgroup for which the normal browse + propagation rules don't work. The remote workgroup can be anywhere + that you can send IP packets to.

For example:

remote browse sync = 192.168.2.255 192.168.4.255 +

the above line would cause nmbd to request + the master browser on the specified subnets or addresses to + synchronize their browse lists with the local server.

The IP addresses you choose would normally be the broadcast + addresses of the remote networks, but can also be the IP addresses + of known browse masters if your network config is that stable. If + a machine IP address is given Samba makes NO attempt to validate + that the remote machine is available, is listening, nor that it + is in fact the browse master on its segment.

Default: remote browse sync = <empty string> +

restrict anonymous (G)

This is a boolean parameter. If it is true, then + anonymous access to the server will be restricted, namely in the + case where the server is expecting the client to send a username, + but it doesn't. Setting it to true will force these anonymous + connections to be denied, and the client will be required to always + supply a username and password when connecting. Use of this parameter + is only recommended for homogeneous NT client environments.

This parameter makes the use of macro expansions that rely + on the username (%U, %G, etc) consistent. NT 4.0 + likes to use anonymous connections when refreshing the share list, + and this is a way to work around that.

When restrict anonymous is true, all anonymous connections + are denied no matter what they are for. This can effect the ability + of a machine to access the Samba Primary Domain Controller to revalidate + its machine account after someone else has logged on the client + interactively. The NT client will display a message saying that + the machine's account in the domain doesn't exist or the password is + bad. The best way to deal with this is to reboot NT client machines + between interactive logons, using "Shutdown and Restart", rather + than "Close all programs and logon as a different user".

Default: restrict anonymous = no

root (G)

Synonym for root directory".

root dir (G)

Synonym for root directory".

root directory (G)

The server will chroot() (i.e. + Change its root directory) to this directory on startup. This is + not strictly necessary for secure operation. Even without it the + server will deny access to files not in one of the service entries. + It may also check for, and deny access to, soft links to other + parts of the filesystem, or attempts to use ".." in file names + to access other directories (depending on the setting of the wide links + parameter).

Adding a root directory entry other + than "/" adds an extra level of security, but at a price. It + absolutely ensures that no access is given to files not in the + sub-tree specified in the root directory + option, including some files needed for + complete operation of the server. To maintain full operability + of the server you will need to mirror some system files + into the root directory tree. In particular + you will need to mirror /etc/passwd (or a + subset of it), and any binaries or configuration files needed for + printing (if required). The set of files that must be mirrored is + operating system dependent.

Default: root directory = /

Example: root directory = /homes/smb

root postexec (S)

This is the same as the postexec + parameter except that the command is run as root. This + is useful for unmounting filesystems + (such as CDROMs) after a connection is closed.

See also postexec.

Default: root postexec = <empty string> +

root preexec (S)

This is the same as the preexec + parameter except that the command is run as root. This + is useful for mounting filesystems (such as CDROMs) when a + connection is opened.

See also preexec and preexec close.

Default: root preexec = <empty string> +

root preexec close (S)

This is the same as the preexec close + parameter except that the command is run as root.

See also preexec and preexec close.

Default: root preexec close = no

security (G)

This option affects how clients respond to + Samba and is one of the most important settings in the smb.conf file.

The option sets the "security mode bit" in replies to + protocol negotiations with smbd(8) + to turn share level security on or off. Clients decide + based on this bit whether (and how) to transfer user and password + information to the server.

The default is security = user, as this is + the most common setting needed when talking to Windows 98 and + Windows NT.

The alternatives are security = share, + security = server or security = domain + .

In versions of Samba prior to 2.0.0, the default was + security = share mainly because that was + the only option at one stage.

There is a bug in WfWg that has relevance to this + setting. When in user or server level security a WfWg client + will totally ignore the password you type in the "connect + drive" dialog box. This makes it very difficult (if not impossible) + to connect to a Samba service as anyone except the user that + you are logged into WfWg as.

If your PCs use usernames that are the same as their + usernames on the UNIX machine then you will want to use + security = user. If you mostly use usernames + that don't exist on the UNIX box then use security = + share.

You should also use security = share if you + want to mainly setup shares without a password (guest shares). This + is commonly used for a shared printer server. It is more difficult + to setup guest shares with security = user, see + the map to guest + parameter for details.

It is possible to use smbd in a hybrid mode where it is offers both user and share + level security under different NetBIOS aliases.

The different settings will now be explained.

SECURITY = SHARE +

When clients connect to a share level security server they + need not log onto the server with a valid username and password before + attempting to connect to a shared resource (although modern clients + such as Windows 95/98 and Windows NT will send a logon request with + a username but no password when talking to a security = share + server). Instead, the clients send authentication information + (passwords) on a per-share basis, at the time they attempt to connect + to that share.

Note that smbd ALWAYS + uses a valid UNIX user to act on behalf of the client, even in + security = share level security.

As clients are not required to send a username to the server + in share level security, smbd uses several + techniques to determine the correct UNIX user to use on behalf + of the client.

A list of possible UNIX usernames to match with the given + client password is constructed using the following methods :

  • If the guest + only parameter is set, then all the other + stages are missed and only the guest account username is checked. +

  • Is a username is sent with the share connection + request, then this username (after mapping - see username map), + is added as a potential username.

  • If the client did a previous logon + request (the SessionSetup SMB call) then the + username sent in this SMB will be added as a potential username. +

  • The name of the service the client requested is + added as a potential username.

  • The NetBIOS name of the client is added to + the list as a potential username.

  • Any users on the user list are added as potential usernames. +

If the guest only parameter is + not set, then this list is then tried with the supplied password. + The first user for whom the password matches will be used as the + UNIX user.

If the guest only parameter is + set, or no username can be determined then if the share is marked + as available to the guest account, then this + guest user will be used, otherwise access is denied.

Note that it can be very confusing + in share-level security as to which UNIX username will eventually + be used in granting access.

See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

SECURITY = USER +

This is the default security setting in Samba 2.2. + With user-level security a client must first "log-on" with a + valid username and password (which can be mapped using the username map + parameter). Encrypted passwords (see the encrypted passwords parameter) can also + be used in this security mode. Parameters such as user and guest only if set are then applied and + may change the UNIX user to use on this connection, but only after + the user has been successfully authenticated.

Note that the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the guest account. + See the map to guest + parameter for details on doing this.

See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

SECURITY = SERVER +

In this mode Samba will try to validate the username/password + by passing it to another SMB server, such as an NT box. If this + fails it will revert to security = user, but note + that if encrypted passwords have been negotiated then Samba cannot + revert back to checking the UNIX password file, it must have a valid + smbpasswd file to check users against. See the + documentation file in the docs/ directory + ENCRYPTION.txt for details on how to set this + up.

Note that from the client's point of + view security = server is the same as security = user. It only affects how the server deals + with the authentication, it does not in any way affect what the + client sees.

Note that the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the guest account. + See the map to guest + parameter for details on doing this.

See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

See also the password + server parameter and the encrypted passwords + parameter.

SECURITY = DOMAIN +

This mode will only work correctly if smbpasswd(8) has been used to add this + machine into a Windows NT Domain. It expects the encrypted passwords + parameter to be set to true. In this + mode Samba will try to validate the username/password by passing + it to a Windows NT Primary or Backup Domain Controller, in exactly + the same way that a Windows NT Server would do.

Note that a valid UNIX user must still + exist as well as the account on the Domain Controller to allow + Samba to have a valid UNIX account to map file access to.

Note that from the client's point + of view security = domain is the same as security = user + . It only affects how the server deals with the authentication, + it does not in any way affect what the client sees.

Note that the name of the resource being + requested is not sent to the server until after + the server has successfully authenticated the client. This is why + guest shares don't work in user level security without allowing + the server to automatically map unknown users into the guest account. + See the map to guest + parameter for details on doing this.

BUG: There is currently a bug in the + implementation of security = domain with respect + to multi-byte character set usernames. The communication with a + Domain Controller must be done in UNICODE and Samba currently + does not widen multi-byte user names to UNICODE correctly, thus + a multi-byte username will not be recognized correctly at the + Domain Controller. This issue will be addressed in a future release.

See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION.

See also the password + server parameter and the encrypted passwords + parameter.

Default: security = USER

Example: security = DOMAIN

security mask (S)

This parameter controls what UNIX permission + bits can be modified when a Windows NT client is manipulating + the UNIX permission on a file using the native NT security + dialog box.

This parameter is applied as a mask (AND'ed with) to + the changed permission bits, thus preventing any bits not in + this mask from being modified. Essentially, zero bits in this + mask may be treated as a set of bits the user is not allowed + to change.

If not set explicitly this parameter is 0777, allowing + a user to modify all the user/group/world permissions on a file. +

Note that users who can access the + Samba server through other means can easily bypass this + restriction, so it is primarily useful for standalone + "appliance" systems. Administrators of most normal systems will + probably want to leave it set to 0777.

See also the force directory security mode, + directory + security mask, force security mode parameters.

Default: security mask = 0777

Example: security mask = 0770

server string (G)

This controls what string will show up in the + printer comment box in print manager and next to the IPC connection + in net view. It can be any string that you wish + to show to your users.

It also sets what will appear in browse lists next + to the machine name.

A %v will be replaced with the Samba + version number.

A %h will be replaced with the + hostname.

Default: server string = Samba %v

Example: server string = University of GNUs Samba + Server

set directory (S)

If set directory = no, then + users of the service may not use the setdir command to change + directory.

The setdir command is only implemented + in the Digital Pathworks client. See the Pathworks documentation + for details.

Default: set directory = no

short preserve case (S)

This boolean parameter controls if new files + which conform to 8.3 syntax, that is all in upper case and of + suitable length, are created upper case, or if they are forced + to be the default case + . This option can be use with preserve case = yes + to permit long filenames to retain their case, while short + names are lowered.

See the section on NAME MANGLING.

Default: short preserve case = yes

show add printer wizard (G)

With the introduction of MS-RPC based printing support + for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will + appear on Samba hosts in the share listing. Normally this folder will + contain an icon for the MS Add Printer Wizard (APW). However, it is + possible to disable this feature regardless of the level of privilege + of the connected user.

Under normal circumstances, the Windows NT/2000 client will + open a handle on the printer server with OpenPrinterEx() asking for + Administrator privileges. If the user does not have administrative + access on the print server (i.e is not root or a member of the + printer admin group), the OpenPrinterEx() + call fails and the client makes another open call with a request for + a lower privilege level. This should succeed, however the APW + icon will not be displayed.

Disabling the show add printer wizard + parameter will always cause the OpenPrinterEx() on the server + to fail. Thus the APW icon will never be displayed. Note :This does not prevent the same user from having + administrative privilege on an individual printer.

See also addprinter + command, deleteprinter command, printer admin

Default :show add printer wizard = yes

shutdown script (G)

This parameter only exists in the HEAD cvs branch + This a full path name to a script called by + smbd(8) that + should start a shutdown procedure.

This command will be run as the user connected to the + server.

%m %t %r %f parameters are expanded

%m will be substituted with the + shutdown message sent to the server.

%t will be substituted with the + number of seconds to wait before effectively starting the + shutdown procedure.

%r will be substituted with the + switch -r. It means reboot after shutdown + for NT. +

%f will be substituted with the + switch -f. It means force the shutdown + even if applications do not respond for NT.

Default: None.

Example: abort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f

Shutdown script example: + 
		#!/bin/bash
+		
+		$time=0
+		let "time/60"
+		let "time++"
+
+		/sbin/shutdown $3 $4 +$time $1 &
+
+ Shutdown does not return so we need to launch it in background. +

See also abort shutdown script.

smb passwd file (G)

This option sets the path to the encrypted + smbpasswd file. By default the path to the smbpasswd file + is compiled into Samba.

Default: smb passwd file = ${prefix}/private/smbpasswd +

Example: smb passwd file = /etc/samba/smbpasswd +

socket address (G)

This option allows you to control what + address Samba will listen for connections on. This is used to + support multiple virtual interfaces on the one server, each + with a different configuration.

By default Samba will accept connections on any + address.

Example: socket address = 192.168.2.20 +

socket options (G)

This option allows you to set socket options + to be used when talking with the client.

Socket options are controls on the networking layer + of the operating systems which allow the connection to be + tuned.

This option will typically be used to tune your Samba + server for optimal performance for your local network. There is + no way that Samba can know what the optimal parameters are for + your net, so you must experiment and choose them yourself. We + strongly suggest you read the appropriate documentation for your + operating system first (perhaps man setsockopt + will help).

You may find that on some systems Samba will say + "Unknown socket option" when you supply an option. This means you + either incorrectly typed it or you need to add an include file + to includes.h for your OS. If the latter is the case please + send the patch to samba@samba.org.

Any of the supported socket options may be combined + in any way you like, as long as your OS allows it.

This is the list of socket options currently settable + using this option:

  • SO_KEEPALIVE

  • SO_REUSEADDR

  • SO_BROADCAST

  • TCP_NODELAY

  • IPTOS_LOWDELAY

  • IPTOS_THROUGHPUT

  • SO_SNDBUF *

  • SO_RCVBUF *

  • SO_SNDLOWAT *

  • SO_RCVLOWAT *

Those marked with a '*' take an integer + argument. The others can optionally take a 1 or 0 argument to enable + or disable the option, by default they will be enabled if you + don't specify 1 or 0.

To specify an argument use the syntax SOME_OPTION = VALUE + for example SO_SNDBUF = 8192. Note that you must + not have any spaces before or after the = sign.

If you are on a local network then a sensible option + might be

socket options = IPTOS_LOWDELAY

If you have a local network then you could try:

socket options = IPTOS_LOWDELAY TCP_NODELAY

If you are on a wide area network then perhaps try + setting IPTOS_THROUGHPUT.

Note that several of the options may cause your Samba + server to fail completely. Use these options with caution!

Default: socket options = TCP_NODELAY

Example: socket options = IPTOS_LOWDELAY

source environment (G)

This parameter causes Samba to set environment + variables as per the content of the file named.

If the value of this parameter starts with a "|" character + then Samba will treat that value as a pipe command to open and + will set the environment variables from the output of the pipe.

The contents of the file or the output of the pipe should + be formatted as the output of the standard Unix env(1) + command. This is of the form :

Example environment entry:

SAMBA_NETBIOS_NAME = myhostname

Default: No default value

Examples: source environment = |/etc/smb.conf.sh +

Example: source environment = + /usr/local/smb_env_vars

ssl (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This variable enables or disables the entire SSL mode. If + it is set to no, the SSL-enabled Samba behaves + exactly like the non-SSL Samba. If set to yes, + it depends on the variables ssl hosts and ssl hosts resign whether an SSL + connection will be required.

Default: ssl = no

ssl CA certDir (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This variable defines where to look up the Certification + Authorities. The given directory should contain one file for + each CA that Samba will trust. The file name must be the hash + value over the "Distinguished Name" of the CA. How this directory + is set up is explained later in this document. All files within the + directory that don't fit into this naming scheme are ignored. You + don't need this variable if you don't verify client certificates.

Default: ssl CA certDir = /usr/local/ssl/certs +

ssl CA certFile (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This variable is a second way to define the trusted CAs. + The certificates of the trusted CAs are collected in one big + file and this variable points to the file. You will probably + only use one of the two ways to define your CAs. The first choice is + preferable if you have many CAs or want to be flexible, the second + is preferable if you only have one CA and want to keep things + simple (you won't need to create the hashed file names). You + don't need this variable if you don't verify client certificates.

Default: ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem +

ssl ciphers (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This variable defines the ciphers that should be offered + during SSL negotiation. You should not set this variable unless + you know what you are doing.

ssl client cert (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

The certificate in this file is used by smbclient(1) if it exists. It's needed + if the server requires a client certificate.

Default: ssl client cert = /usr/local/ssl/certs/smbclient.pem +

ssl client key (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This is the private key for smbclient(1). It's only needed if the + client should have a certificate.

Default: ssl client key = /usr/local/ssl/private/smbclient.pem +

ssl compatibility (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This variable defines whether OpenSSL should be configured + for bug compatibility with other SSL implementations. This is + probably not desirable because currently no clients with SSL + implementations other than OpenSSL exist.

Default: ssl compatibility = no

ssl egd socket (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This option is used to define the location of the communiation socket of + an EGD or PRNGD daemon, from which entropy can be retrieved. This option + can be used instead of or together with the ssl entropy file + directive. 255 bytes of entropy will be retrieved from the daemon. +

Default: none

ssl entropy bytes (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This parameter is used to define the number of bytes which should + be read from the ssl entropy + file If a -1 is specified, the entire file will + be read. +

Default: ssl entropy bytes = 255

ssl entropy file (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This parameter is used to specify a file from which processes will + read "random bytes" on startup. In order to seed the internal pseudo + random number generator, entropy must be provided. On system with a + /dev/urandom device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. +

Default: none

ssl hosts (G)

See ssl hosts resign.

ssl hosts resign (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

These two variables define whether Samba will go + into SSL mode or not. If none of them is defined, Samba will + allow only SSL connections. If the ssl hosts variable lists + hosts (by IP-address, IP-address range, net group or name), + only these hosts will be forced into SSL mode. If the ssl hosts resign variable lists hosts, only these + hosts will NOT be forced into SSL mode. The syntax for these two + variables is the same as for the hosts allow and hosts deny pair of variables, only + that the subject of the decision is different: It's not the access + right but whether SSL is used or not.

The example below requires SSL connections from all hosts + outside the local net (which is 192.168.*.*).

Default: ssl hosts = <empty string>

ssl hosts resign = <empty string>

Example: ssl hosts resign = 192.168.

ssl require clientcert (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

If this variable is set to yes, the + server will not tolerate connections from clients that don't + have a valid certificate. The directory/file given in ssl CA certDir + and ssl CA certFile + will be used to look up the CAs that issued + the client's certificate. If the certificate can't be verified + positively, the connection will be terminated. If this variable + is set to no, clients don't need certificates. + Contrary to web applications you really should + require client certificates. In the web environment the client's + data is sensitive (credit card numbers) and the server must prove + to be trustworthy. In a file server environment the server's data + will be sensitive and the clients must prove to be trustworthy.

Default: ssl require clientcert = no

ssl require servercert (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

If this variable is set to yes, the + smbclient(1) + will request a certificate from the server. Same as + ssl require + clientcert for the server.

Default: ssl require servercert = no +

ssl server cert (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This is the file containing the server's certificate. + The server must have a certificate. The + file may also contain the server's private key. See later for + how certificates and private keys are created.

Default: ssl server cert = <empty string> +

ssl server key (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This file contains the private key of the server. If + this variable is not defined, the key is looked up in the + certificate file (it may be appended to the certificate). + The server must have a private key + and the certificate must + match this private key.

Default: ssl server key = <empty string> +

ssl version (G)

This variable is part of SSL-enabled Samba. This + is only available if the SSL libraries have been compiled on your + system and the configure option --with-ssl was + given at configure time.

This enumeration variable defines the versions of the + SSL protocol that will be used. ssl2or3 allows + dynamic negotiation of SSL v2 or v3, ssl2 results + in SSL v2, ssl3 results in SSL v3 and + tls1 results in TLS v1. TLS (Transport Layer + Security) is the new standard for SSL.

Default: ssl version = "ssl2or3"

stat cache (G)

This parameter determines if smbd(8) will use a cache in order to + speed up case insensitive name mappings. You should never need + to change this parameter.

Default: stat cache = yes

stat cache size (G)

This parameter determines the number of + entries in the stat cache. You should + never need to change this parameter.

Default: stat cache size = 50

status (G)

This enables or disables logging of connections + to a status file that smbstatus(1) + can read.

With this disabled smbstatus won't be able + to tell you what connections are active. You should never need to + change this parameter.

Default: status = yes

strict allocate (S)

This is a boolean that controls the handling of + disk space allocation in the server. When this is set to yes + the server will change from UNIX behaviour of not committing real + disk storage blocks when a file is extended to the Windows behaviour + of actually forcing the disk system to allocate real storage blocks + when a file is created or extended to be a given size. In UNIX + terminology this means that Samba will stop creating sparse files. + This can be slow on some systems.

When strict allocate is no the server does sparse + disk block allocation when a file is extended.

Setting this to yes can help Samba return + out of quota messages on systems that are restricting the disk quota + of users.

Default: strict allocate = no

strict locking (S)

This is a boolean that controls the handling of + file locking in the server. When this is set to yes + the server will check every read and write access for file locks, and + deny access if locks exist. This can be slow on some systems.

When strict locking is no the server does file + lock checks only when the client explicitly asks for them.

Well-behaved clients always ask for lock checks when it + is important, so in the vast majority of cases strict + locking = no is preferable.

Default: strict locking = no

strict sync (S)

Many Windows applications (including the Windows + 98 explorer shell) seem to confuse flushing buffer contents to + disk with doing a sync to disk. Under UNIX, a sync call forces + the process to be suspended until the kernel has ensured that + all outstanding data in kernel disk buffers has been safely stored + onto stable storage. This is very slow and should only be done + rarely. Setting this parameter to no (the + default) means that smbd ignores the Windows applications requests for + a sync call. There is only a possibility of losing data if the + operating system itself that Samba is running on crashes, so there is + little danger in this default setting. In addition, this fixes many + performance problems that people have reported with the new Windows98 + explorer shell file copies.

See also the sync + always> parameter.

Default: strict sync = no

strip dot (G)

This is a boolean that controls whether to + strip trailing dots off UNIX filenames. This helps with some + CDROMs that have filenames ending in a single dot.

Default: strip dot = no

sync always (S)

This is a boolean parameter that controls + whether writes will always be written to stable storage before + the write call returns. If this is false then the server will be + guided by the client's request in each write call (clients can + set a bit indicating that a particular write should be synchronous). + If this is true then every write will be followed by a fsync() + call to ensure the data is written to disk. Note that + the strict sync parameter must be set to + yes in order for this parameter to have + any affect.

See also the strict + sync parameter.

Default: sync always = no

syslog (G)

This parameter maps how Samba debug messages + are logged onto the system syslog logging levels. Samba debug + level zero maps onto syslog LOG_ERR, debug + level one maps onto LOG_WARNING, debug level + two maps onto LOG_NOTICE, debug level three + maps onto LOG_INFO. All higher levels are mapped to LOG_DEBUG.

This parameter sets the threshold for sending messages + to syslog. Only messages with debug level less than this value + will be sent to syslog.

Default: syslog = 1

syslog only (G)

If this parameter is set then Samba debug + messages are logged into the system syslog only, and not to + the debug log files.

Default: syslog only = no

template homedir (G)

When filling out the user information for a Windows NT + user, the winbindd(8) daemon + uses this parameter to fill in the home directory for that user. + If the string %D is present it is substituted + with the user's Windows NT domain name. If the string %U + is present it is substituted with the user's Windows + NT user name.

Default: template homedir = /home/%D/%U

template shell (G)

When filling out the user information for a Windows NT + user, the winbindd(8) daemon + uses this parameter to fill in the login shell for that user.

Default: template shell = /bin/false

time offset (G)

This parameter is a setting in minutes to add + to the normal GMT to local time conversion. This is useful if + you are serving a lot of PCs that have incorrect daylight + saving time handling.

Default: time offset = 0

Example: time offset = 60

time server (G)

This parameter determines if + nmbd(8) advertises itself as a time server to Windows + clients.

Default: time server = no

timestamp logs (G)

Synonym for debug timestamp.

total print jobs (G)

This parameter accepts an integer value which defines + a limit on the maximum number of print jobs that will be accepted + system wide at any given time. If a print job is submitted + by a client which will exceed this number, then smbd will return an + error indicating that no space is available on the server. The + default value of 0 means that no such limit exists. This parameter + can be used to prevent a server from exceeding its capacity and is + designed as a printing throttle. See also + max print jobs. +

Default: total print jobs = 0

Example: total print jobs = 5000

unix extensions(G)

This boolean parameter controls whether Samba + implments the CIFS UNIX extensions, as defined by HP. These + extensions enable CIFS to server UNIX clients to UNIX servers + better, and allow such things as symbolic links, hard links etc. + These extensions require a similarly enabled client, and are of + no current use to Windows clients.

Default: unix extensions = no

unix password sync (G)

This boolean parameter controls whether Samba + attempts to synchronize the UNIX password with the SMB password + when the encrypted SMB password in the smbpasswd file is changed. + If this is set to true the program specified in the passwd + programparameter is called AS ROOT - + to allow the new UNIX password to be set without access to the + old UNIX password (as the SMB password change code has no + access to the old password cleartext, only the new).

See also passwd + program, passwd chat.

Default: unix password sync = no

update encrypted (G)

This boolean parameter allows a user logging + on with a plaintext password to have their encrypted (hashed) + password in the smbpasswd file to be updated automatically as + they log on. This option allows a site to migrate from plaintext + password authentication (users authenticate with plaintext + password over the wire, and are checked against a UNIX account + database) to encrypted password authentication (the SMB + challenge/response authentication mechanism) without forcing + all users to re-enter their passwords via smbpasswd at the time the + change is made. This is a convenience option to allow the change over + to encrypted passwords to be made over a longer period. Once all users + have encrypted representations of their passwords in the smbpasswd + file this parameter should be set to no.

In order for this parameter to work correctly the encrypt passwords + parameter must be set to no when + this parameter is set to yes.

Note that even when this parameter is set a user + authenticating to smbd must still enter a valid + password in order to connect correctly, and to update their hashed + (smbpasswd) passwords.

Default: update encrypted = no

use client driver (S)

This parameter applies only to Windows NT/2000 + clients. It has no affect on Windows 95/98/ME clients. When + serving a printer to Windows NT/2000 clients without first installing + a valid printer driver on the Samba host, the client will be required + to install a local printer driver. From this point on, the client + will treat the print as a local printer and not a network printer + connection. This is much the same behavior that will occur + when disable spoolss = yes.

The differentiating + factor is that under normal circumstances, the NT/2000 client will + attempt to open the network printer using MS-RPC. The problem is that + because the client considers the printer to be local, it will attempt + to issue the OpenPrinterEx() call requesting access rights associated + with the logged on user. If the user possesses local administator rights + but not root privilegde on the Samba host (often the case), the OpenPrinterEx() + call will fail. The result is that the client will now display an "Access + Denied; Unable to connect" message in the printer queue window (even though + jobs may successfully be printed).

If this parameter is enabled for a printer, then any attempt + to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped + to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() + call to succeed. This parameter MUST not be able enabled + on a print share which has valid print driver installed on the Samba + server.

See also disable spoolss +

Default: use client driver = no

use mmap (G)

This global parameter determines if the tdb internals of Samba can + depend on mmap working correctly on the running system. Samba requires a coherent + mmap/read-write system memory cache. Currently only HPUX does not have such a + coherent cache, and so this parameter is set to false by + default on HPUX. On all other systems this parameter should be left alone. This + parameter is provided to help the Samba developers track down problems with + the tdb internal code. +

Default: use mmap = yes

use rhosts (G)

If this global parameter is true, it specifies + that the UNIX user's .rhosts file in their home directory + will be read to find the names of hosts and users who will be allowed + access without specifying a password.

NOTE: The use of use rhosts + can be a major security hole. This is because you are + trusting the PC to supply the correct username. It is very easy to + get a PC to supply a false username. I recommend that the use rhosts option be only used if you really know what + you are doing.

Default: use rhosts = no

user (S)

Synonym for username.

users (S)

Synonym for username.

username (S)

Multiple users may be specified in a comma-delimited + list, in which case the supplied password will be tested against + each username in turn (left to right).

The username line is needed only when + the PC is unable to supply its own username. This is the case + for the COREPLUS protocol or where your users have different WfWg + usernames to UNIX usernames. In both these cases you may also be + better using the \\server\share%user syntax instead.

The username line is not a great + solution in many cases as it means Samba will try to validate + the supplied password against each of the usernames in the + username line in turn. This is slow and + a bad idea for lots of users in case of duplicate passwords. + You may get timeouts or security breaches using this parameter + unwisely.

Samba relies on the underlying UNIX security. This + parameter does not restrict who can login, it just offers hints + to the Samba server as to what usernames might correspond to the + supplied password. Users can login as whoever they please and + they will be able to do no more damage than if they started a + telnet session. The daemon runs as the user that they log in as, + so they cannot do anything that user cannot do.

To restrict a service to a particular set of users you + can use the valid users + parameter.

If any of the usernames begin with a '@' then the name + will be looked up first in the NIS netgroups list (if Samba + is compiled with netgroup support), followed by a lookup in + the UNIX groups database and will expand to a list of all users + in the group of that name.

If any of the usernames begin with a '+' then the name + will be looked up only in the UNIX groups database and will + expand to a list of all users in the group of that name.

If any of the usernames begin with a '&'then the name + will be looked up only in the NIS netgroups database (if Samba + is compiled with netgroup support) and will expand to a list + of all users in the netgroup group of that name.

Note that searching though a groups database can take + quite some time, and some clients may time out during the + search.

See the section NOTE ABOUT + USERNAME/PASSWORD VALIDATION for more information on how + this parameter determines access to the services.

Default: The guest account if a guest service, + else <empty string>.

Examples:username = fred, mary, jack, jane, + @users, @pcgroup

username level (G)

This option helps Samba to try and 'guess' at + the real UNIX username, as many DOS clients send an all-uppercase + username. By default Samba tries all lowercase, followed by the + username with the first letter capitalized, and fails if the + username is not found on the UNIX machine.

If this parameter is set to non-zero the behavior changes. + This parameter is a number that specifies the number of uppercase + combinations to try while trying to determine the UNIX user name. The + higher the number the more combinations will be tried, but the slower + the discovery of usernames will be. Use this parameter when you have + strange usernames on your UNIX machine, such as AstrangeUser + .

Default: username level = 0

Example: username level = 5

username map (G)

This option allows you to specify a file containing + a mapping of usernames from the clients to the server. This can be + used for several purposes. The most common is to map usernames + that users use on DOS or Windows machines to those that the UNIX + box uses. The other is to map multiple users to a single username + so that they can more easily share files.

The map file is parsed line by line. Each line should + contain a single UNIX username on the left then a '=' followed + by a list of usernames on the right. The list of usernames on the + right may contain names of the form @group in which case they + will match any UNIX username in that group. The special client + name '*' is a wildcard and matches any name. Each line of the + map file may be up to 1023 characters long.

The file is processed on each line by taking the + supplied username and comparing it with each username on the right + hand side of the '=' signs. If the supplied name matches any of + the names on the right hand side then it is replaced with the name + on the left. Processing then continues with the next line.

If any line begins with a '#' or a ';' then it is + ignored

If any line begins with an '!' then the processing + will stop after that line if a mapping was done by the line. + Otherwise mapping continues with every line being processed. + Using '!' is most useful when you have a wildcard mapping line + later in the file.

For example to map from the name admin + or administrator to the UNIX name root you would use:

root = admin administrator

Or to map anyone in the UNIX group system + to the UNIX name sys you would use:

sys = @system

You can have as many mappings as you like in a username + map file.

If your system supports the NIS NETGROUP option then + the netgroup database is checked before the /etc/group + database for matching groups.

You can map Windows usernames that have spaces in them + by using double quotes around the name. For example:

tridge = "Andrew Tridgell"

would map the windows username "Andrew Tridgell" to the + unix username "tridge".

The following example would map mary and fred to the + unix user sys, and map the rest to guest. Note the use of the + '!' to tell Samba to stop processing if it gets a match on + that line.

		!sys = mary fred
+		guest = *
+

Note that the remapping is applied to all occurrences + of usernames. Thus if you connect to \\server\fred and fred is remapped to mary then you + will actually be connecting to \\server\mary and will need to + supply a password suitable for mary not + fred. The only exception to this is the + username passed to the password server (if you have one). The password + server will receive whatever username the client supplies without + modification.

Also note that no reverse mapping is done. The main effect + this has is with printing. Users who have been mapped may have + trouble deleting print jobs as PrintManager under WfWg will think + they don't own the print job.

Default: no username map

Example: username map = /usr/local/samba/lib/users.map +

utmp (G)

This boolean parameter is only available if + Samba has been configured and compiled with the option --with-utmp. If set to true then Samba will attempt + to add utmp or utmpx records (depending on the UNIX system) whenever a + connection is made to a Samba server. Sites may use this to record the + user connecting to a Samba share.

See also the utmp directory parameter.

Default: utmp = no

utmp directory(G)

This parameter is only available if Samba has + been configured and compiled with the option --with-utmp. It specifies a directory pathname that is + used to store the utmp or utmpx files (depending on the UNIX system) that + record user connections to a Samba server. See also the utmp parameter. By default this is + not set, meaning the system will use whatever utmp file the + native system is set to use (usually + /var/run/utmp on Linux).

Default: no utmp directory

valid users (S)

This is a list of users that should be allowed + to login to this service. Names starting with '@', '+' and '&' + are interpreted using the same rules as described in the + invalid users parameter.

If this is empty (the default) then any user can login. + If a username is in both this list and the invalid + users list then access is denied for that user.

The current servicename is substituted for %S + . This is useful in the [homes] section.

See also invalid users +

Default: No valid users list (anyone can login) +

Example: valid users = greg, @pcusers

veto files(S)

This is a list of files and directories that + are neither visible nor accessible. Each entry in the list must + be separated by a '/', which allows spaces to be included + in the entry. '*' and '?' can be used to specify multiple files + or directories as in DOS wildcards.

Each entry must be a unix path, not a DOS path and + must not include the unix directory + separator '/'.

Note that the case sensitive option + is applicable in vetoing files.

One feature of the veto files parameter that it + is important to be aware of is Samba's behaviour when + trying to delete a directory. If a directory that is + to be deleted contains nothing but veto files this + deletion will fail unless you also set + the delete veto files parameter to + yes.

Setting this parameter will affect the performance + of Samba, as it will be forced to check all files and directories + for a match as they are scanned.

See also hide files + and case sensitive.

Default: No files or directories are vetoed. +

Examples:
; Veto any files containing the word Security, 
+; any ending in .tmp, and any directory containing the
+; word root.
+veto files = /*Security*/*.tmp/*root*/
+
+; Veto the Apple specific files that a NetAtalk server
+; creates.
+veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/

veto oplock files (S)

This parameter is only valid when the oplocks + parameter is turned on for a share. It allows the Samba administrator + to selectively turn off the granting of oplocks on selected files that + match a wildcarded list, similar to the wildcarded list used in the + veto files + parameter.

Default: No files are vetoed for oplock + grants

You might want to do this on files that you know will + be heavily contended for by clients. A good example of this + is in the NetBench SMB benchmark program, which causes heavy + client contention for files ending in .SEM. + To cause Samba not to grant oplocks on these files you would use + the line (either in the [global] section or in the section for + the particular NetBench share :

Example: veto oplock files = /*.SEM/ +

vfs object (S)

This parameter specifies a shared object file that + is used for Samba VFS I/O operations. By default, normal + disk I/O operations are used but these can be overloaded + with a VFS object. The Samba VFS layer is new to Samba 2.2 and + must be enabled at compile time with --with-vfs.

Default : no value

vfs options (S)

This parameter allows parameters to be passed + to the vfs layer at initialization time. The Samba VFS layer + is new to Samba 2.2 and must be enabled at compile time + with --with-vfs. See also vfs object.

Default : no value

volume (S)

This allows you to override the volume label + returned for a share. Useful for CDROMs with installation programs + that insist on a particular volume label.

Default: the name of the share

wide links (S)

This parameter controls whether or not links + in the UNIX file system may be followed by the server. Links + that point to areas within the directory tree exported by the + server are always allowed; this parameter controls access only + to areas that are outside the directory tree being exported.

Note that setting this parameter can have a negative + effect on your server performance due to the extra system calls + that Samba has to do in order to perform the link checks.

Default: wide links = yes

winbind cache time

This parameter specifies the number of seconds the + winbindd(8) daemon will cache + user and group information before querying a Windows NT server + again.

Default: winbind cache type = 15

winbind enum + users

On large installations using + winbindd(8) it may be + necessary to suppress the enumeration of users through the + setpwent(), + getpwent() and + endpwent() group of system calls. If + the winbind enum users parameter is + false, calls to the getpwent system call + will not return any data.

Warning: Turning off user + enumeration may cause some programs to behave oddly. For + example, the finger program relies on having access to the + full user list when searching for matching + usernames.

Default: winbind enum users = yes

winbind enum + groups

On large installations using + winbindd(8) it may be + necessary to suppress the enumeration of groups through the + setgrent(), + getgrent() and + endgrent() group of system calls. If + the winbind enum groups parameter is + false, calls to the getgrent() system + call will not return any data.

Warning: Turning off group + enumeration may cause some programs to behave oddly. +

Default: winbind enum groups = yes +

winbind gid

The winbind gid parameter specifies the range of group + ids that are allocated by the winbindd(8) daemon. This range of group ids should have no + existing local or NIS groups within it as strange conflicts can + occur otherwise.

Default: winbind gid = <empty string> +

Example: winbind gid = 10000-20000

winbind separator

This parameter allows an admin to define the character + used when listing a username of the form of DOMAIN + \user. This parameter + is only applicable when using the pam_winbind.so + and nss_winbind.so modules for UNIX services. +

Example: winbind separator = \

Example: winbind separator = +

winbind uid

The winbind gid parameter specifies the range of group + ids that are allocated by the winbindd(8) daemon. This range of ids should have no + existing local or NIS users within it as strange conflicts can + occur otherwise.

Default: winbind uid = <empty string> +

Example: winbind uid = 10000-20000

winbind use default domain, winbind use default domain

This parameter specifies whether the winbindd(8) + daemon should operate on users without domain component in their username. + Users without a domain component are treated as is part of the winbindd server's + own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail + function in a way much closer to the way they would in a native unix system.

Default: winbind use default domain = <falseg> +

Example: winbind use default domain = true

wins hook (G)

When Samba is running as a WINS server this + allows you to call an external program for all changes to the + WINS database. The primary use for this option is to allow the + dynamic update of external name resolution databases such as + dynamic DNS.

The wins hook parameter specifies the name of a script + or executable that will be called as follows:

wins_hook operation name nametype ttl IP_list +

  • The first argument is the operation and is one + of "add", "delete", or "refresh". In most cases the operation can + be ignored as the rest of the parameters provide sufficient + information. Note that "refresh" may sometimes be called when the + name has not previously been added, in that case it should be treated + as an add.

  • The second argument is the NetBIOS name. If the + name is not a legal name then the wins hook is not called. + Legal names contain only letters, digits, hyphens, underscores + and periods.

  • The third argument is the NetBIOS name + type as a 2 digit hexadecimal number.

  • The fourth argument is the TTL (time to live) + for the name in seconds.

  • The fifth and subsequent arguments are the IP + addresses currently registered for that name. If this list is + empty then the name should be deleted.

An example script that calls the BIND dynamic DNS update + program nsupdate is provided in the examples + directory of the Samba source code.

wins proxy (G)

This is a boolean that controls if nmbd(8) will respond to broadcast name + queries on behalf of other hosts. You may need to set this + to yes for some older clients.

Default: wins proxy = no

wins server (G)

This specifies the IP address (or DNS name: IP + address for preference) of the WINS server that nmbd(8) should register with. If you have a WINS server on + your network then you should set this to the WINS server's IP.

You should point this at your WINS server if you have a + multi-subnetted network.

NOTE. You need to set up Samba to point + to a WINS server if you have multiple subnets and wish cross-subnet + browsing to work correctly.

See the documentation file BROWSING.txt + in the docs/ directory of your Samba source distribution.

Default: not enabled

Example: wins server = 192.9.200.1

wins support (G)

This boolean controls if the + nmbd(8) process in Samba will act as a WINS server. You should + not set this to true unless you have a multi-subnetted network and + you wish a particular nmbd to be your WINS server. + Note that you should NEVER set this to true + on more than one machine in your network.

Default: wins support = no

workgroup (G)

This controls what workgroup your server will + appear to be in when queried by clients. Note that this parameter + also controls the Domain name used with the security = domain + setting.

Default: set at compile time to WORKGROUP

Example: workgroup = MYGROUP

writable (S)

Synonym for writeable for people who can't spell :-).

write cache size (S)

If this integer parameter is set to non-zero value, + Samba will create an in-memory cache for each oplocked file + (it does not do this for + non-oplocked files). All writes that the client does not request + to be flushed directly to disk will be stored in this cache if possible. + The cache is flushed onto disk when a write comes in whose offset + would not fit into the cache or when the file is closed by the client. + Reads for the file are also served from this cache if the data is stored + within it.

This cache allows Samba to batch client writes into a more + efficient write size for RAID disks (i.e. writes may be tuned to + be the RAID stripe size) and can improve performance on systems + where the disk subsystem is a bottleneck but there is free + memory for userspace programs.

The integer parameter specifies the size of this cache + (per oplocked file) in bytes.

Default: write cache size = 0

Example: write cache size = 262144

for a 256k cache size per file.

write list (S)

This is a list of users that are given read-write + access to a service. If the connecting user is in this list then + they will be given write access, no matter what the writeable + option is set to. The list can include group names using the + @group syntax.

Note that if a user is in both the read list and the + write list then they will be given write access.

See also the read list + option.

Default: write list = <empty string> +

Example: write list = admin, root, @staff +

write ok (S)

Synonym for writeable.

write raw (G)

This parameter controls whether or not the server + will support raw write SMB's when transferring data from clients. + You should never need to change this parameter.

Default: write raw = yes

writeable (S)

An inverted synonym is read only.

If this parameter is no, then users + of a service may not create or modify files in the service's + directory.

Note that a printable service (printable = yes) + will ALWAYS allow writing to the directory + (user privileges permitting), but only via spooling operations.

Default: writeable = no

WARNINGS

Although the configuration file permits service names + to contain spaces, your client software may not. Spaces will + be ignored in comparisons anyway, so it shouldn't be a + problem - but be aware of the possibility.

On a similar note, many clients - especially DOS clients - + limit service names to eight characters. smbd(8) + has no such limitation, but attempts to connect from such + clients will fail if they truncate the service names. For this reason + you should probably keep your service names down to eight characters + in length.

Use of the [homes] and [printers] special sections make life + for an administrator easy, but the various combinations of default + attributes can be tricky. Take extreme care when designing these + sections. In particular, ensure that the permissions on spool + directories are correct.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbcacls.1.html b/docs/htmldocs/smbcacls.1.html new file mode 100644 index 00000000000..637720fa6ba --- /dev/null +++ b/docs/htmldocs/smbcacls.1.html @@ -0,0 +1,387 @@ +smbcacls

smbcacls

Name

smbcacls -- Set or get ACLs on an NT file or directory names

Synopsis

smbcacls {//server/share} {filename} [-U username] [-A acls] [-M acls] [-D acls] [-S acls] [-C name] [-G name] [-n] [-h]

DESCRIPTION

This tool is part of the Samba suite.

The smbcacls program manipulates NT Access Control Lists + (ACLs) on SMB file shares.

OPTIONS

The following options are available to the smbcacls program. + The format of ACLs is described in the section ACL FORMAT

-A acls

Add the ACLs specified to the ACL list. Existing + access control entries are unchanged.

-M acls

Modify the mask value (permissions) for the ACLs + specified on the command line. An error will be printed for each + ACL specified that was not already present in the ACL list +

-D acls

Delete any ACLs specified on the command line. + An error will be printed for each ACL specified that was not + already present in the ACL list.

-S acls

This command sets the ACLs on the file with + only the ones specified on the command line. All other ACLs are + erased. Note that the ACL specified must contain at least a revision, + type, owner and group for the call to succeed.

-U username

Specifies a username used to connect to the + specified service. The username may be of the form "username" in + which case the user is prompted to enter in a password and the + workgroup specified in the smb.conf file is + used, or "username%password" or "DOMAIN\username%password" and the + password and workgroup names are used as provided.

-C name

The owner of a file or directory can be changed + to the name given using the -C option. + The name can be a sid in the form S-1-x-y-z or a name resolved + against the server specified in the first argument.

This command is a shortcut for -M OWNER:name. +

-G name

The group owner of a file or directory can + be changed to the name given using the -G + option. The name can be a sid in the form S-1-x-y-z or a name + resolved against the server specified n the first argument. +

This command is a shortcut for -M GROUP:name.

-n

This option displays all ACL information in numeric + format. The default is to convert SIDs to names and ACE types + and masks to a readable string format.

-h

Print usage information on the smbcacls + program.

ACL FORMAT

The format of an ACL is one or more ACL entries separated by + either commas or newlines. An ACL entry is one of the following: 

 
+REVISION:<revision number>
+OWNER:<sid or name>
+GROUP:<sid or name>
+ACL:<sid or name>:<type>/<flags>/<mask>
+

The revision of the ACL specifies the internal Windows + NT ACL revision for the security descriptor. + If not specified it defaults to 1. Using values other than 1 may + cause strange behaviour.

The owner and group specify the owner and group sids for the + object. If a SID in the format CWS-1-x-y-z is specified this is used, + otherwise the name specified is resolved using the server on which + the file or directory resides.

ACLs specify permissions granted to the SID. This SID again + can be specified in CWS-1-x-y-z format or as a name in which case + it is resolved against the server on which the file or directory + resides. The type, flags and mask values determine the type of + access granted to the SID.

The type can be either 0 or 1 corresponding to ALLOWED or + DENIED access to the SID. The flags values are generally + zero for file ACLs and either 9 or 2 for directory ACLs. Some + common flags are:

  • #define SEC_ACE_FLAG_OBJECT_INHERIT 0x1

  • #define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2

  • #define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 +

  • #define SEC_ACE_FLAG_INHERIT_ONLY 0x8

At present flags can only be specified as decimal or + hexadecimal values.

The mask is a value which expresses the access right + granted to the SID. It can be given as a decimal or hexadecimal value, + or by using one of the following text strings which map to the NT + file permissions of the same name.

  • R - Allow read access

  • W - Allow write access

  • X - Execute permission on the object

  • D - Delete the object

  • P - Change permissions

  • O - Take ownership

The following combined permissions can be specified:

  • READ - Equivalent to 'RX' + permissions

  • CHANGE - Equivalent to 'RXWD' permissions +

  • FULL - Equivalent to 'RWXDPO' + permissions

EXIT STATUS

The smbcacls program sets the exit status + depending on the success or otherwise of the operations performed. + The exit status may be one of the following values.

If the operation succeeded, smbcacls returns and exit + status of 0. If smbcacls couldn't connect to the specified server, + or there was an error getting or setting the ACLs, an exit status + of 1 is returned. If there was an error parsing any command line + arguments, an exit status of 2 is returned.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

smbcacls was written by Andrew Tridgell + and Tim Potter.

The conversion to DocBook for Samba 2.2 was done + by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbclient.1.html b/docs/htmldocs/smbclient.1.html new file mode 100644 index 00000000000..6c15873787d --- /dev/null +++ b/docs/htmldocs/smbclient.1.html @@ -0,0 +1,1556 @@ +smbclient

smbclient

Name

smbclient -- ftp-like client to access SMB/CIFS resources + on servers

Synopsis

smbclient {servicename} [password] [-b <buffer size>] [-d debuglevel] [-D Directory] [-U username] [-W workgroup] [-M <netbios name>] [-m maxprotocol] [-A authfile] [-N] [-l logfile] [-L <netbios name>] [-I destinationIP] [-E <terminal code>] [-c <command string>] [-i scope] [-O <socket options>] [-p port] [-R <name resolve order>] [-s <smb config file>] [-T<c|x>IXFqgbNan]

DESCRIPTION

This tool is part of the Samba suite.

smbclient is a client that can + 'talk' to an SMB/CIFS server. It offers an interface + similar to that of the ftp program (see ftp(1)). + Operations include things like getting files from the server + to the local machine, putting files from the local machine to + the server, retrieving directory information from the server + and so on.

OPTIONS

servicename

servicename is the name of the service + you want to use on the server. A service name takes the form + //server/service where server + is the NetBIOS name of the SMB/CIFS server + offering the desired service and service + is the name of the service offered. Thus to connect to + the service "printer" on the SMB/CIFS server "smbserver", + you would use the servicename //smbserver/printer +

Note that the server name required is NOT necessarily + the IP (DNS) host name of the server ! The name required is + a NetBIOS server name, which may or may not be the + same as the IP hostname of the machine running the server. +

The server name is looked up according to either + the -R parameter to smbclient or + using the name resolve order parameter in the smb.conf file, + allowing an administrator to change the order and methods + by which server names are looked up.

password

The password required to access the specified + service on the specified server. If this parameter is + supplied, the -N option (suppress + password prompt) is assumed.

There is no default password. If no password is supplied + on the command line (either by using this parameter or adding + a password to the -U option (see + below)) and the -N option is not + specified, the client will prompt for a password, even if + the desired service does not require one. (If no password is + required, simply press ENTER to provide a null password.) +

Note: Some servers (including OS/2 and Windows for + Workgroups) insist on an uppercase password. Lowercase + or mixed case passwords may be rejected by these servers. +

Be cautious about including passwords in scripts. +

-s smb.conf

Specifies the location of the all important + smb.conf file.

-O socket options

TCP socket options to set on the client + socket. See the socket options parameter in the smb.conf (5) manpage for the list of valid + options.

-R <name resolve order>

This option is used by the programs in the Samba + suite to determine what naming services and in what order to resolve + host names to IP addresses. The option takes a space-separated + string of different name resolution options.

The options are :"lmhosts", "host", "wins" and "bcast". They + cause names to be resolved as follows :

  • lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup.

  • host : Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system dependent, for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.

  • wins : Query a name with + the IP address listed in the wins server + parameter. If no WINS server has + been specified this method will be ignored.

  • bcast : Do a broadcast on + each of the known local interfaces listed in the + interfaces + parameter. This is the least reliable of the name resolution + methods as it depends on the target host being on a locally + connected subnet.

If this parameter is not set then the name resolve order + defined in the smb.conf file parameter + (name resolve order) will be used.

The default order is lmhosts, host, wins, bcast and without + this parameter or any entry in the name resolve order + parameter of the smb.conf file the name resolution + methods will be attempted in this order.

-M NetBIOS name

This options allows you to send messages, using + the "WinPopup" protocol, to another computer. Once a connection is + established you then type your message, pressing ^D (control-D) to + end.

If the receiving computer is running WinPopup the user will + receive the message and probably a beep. If they are not running + WinPopup the message will be lost, and no error message will + occur.

The message is also automatically truncated if the message + is over 1600 bytes, as this is the limit of the protocol. +

One useful trick is to cat the message through + smbclient. For example: cat mymessage.txt | smbclient -M FRED will + send the message in the file mymessage.txt + to the machine FRED.

You may also find the -U and + -I options useful, as they allow you to + control the FROM and TO parts of the message.

See the message command parameter in the smb.conf(5) for a description of how to handle incoming + WinPopup messages in Samba.

Note: Copy WinPopup into the startup group + on your WfWg PCs if you want them to always be able to receive + messages.

-i scope

This specifies a NetBIOS scope that smbclient will + use to communicate with when generating NetBIOS names. For details + on the use of NetBIOS scopes, see rfc1001.txt + and rfc1002.txt. + NetBIOS scopes are very rarely used, only set + this parameter if you are the system administrator in charge of all + the NetBIOS systems you communicate with.

-N

If specified, this parameter suppresses the normal + password prompt from the client to the user. This is useful when + accessing a service that does not require a password.

Unless a password is specified on the command line or + this parameter is specified, the client will request a + password.

-n NetBIOS name

By default, the client will use the local + machine's hostname (in uppercase) as its NetBIOS name. This parameter + allows you to override the host name and use whatever NetBIOS + name you wish.

-d debuglevel

debuglevel is an integer from 0 to 10, or + the letter 'A'.

The default value if this parameter is not specified + is zero.

The higher this value, the more detail will be logged to + the log files about the activities of the + client. At level 0, only critical errors and serious warnings will + be logged. Level 1 is a reasonable level for day to day running - + it generates a small amount of information about operations + carried out.

Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. + Levels above 3 are designed for use only by developers and + generate HUGE amounts of log data, most of which is extremely + cryptic. If debuglevel is set to the letter 'A', then all + debug messages will be printed. This setting + is for developers only (and people who really want + to know how the code works internally).

Note that specifying this parameter here will override + the log level parameter in the smb.conf (5) + file.

-p port

This number is the TCP port number that will be used + when making connections to the server. The standard (well-known) + TCP port number for an SMB/CIFS server is 139, which is the + default.

-l logfilename

If specified, logfilename specifies a base filename + into which operational data from the running client will be + logged.

The default base name is specified at compile time.

The base name is used to generate actual log file names. + For example, if the name specified was "log", the debug file + would be log.client.

The log file generated is never removed by the client. +

-h

Print the usage message for the client.

-I IP-address

IP address is the address of the server to connect to. + It should be specified in standard "a.b.c.d" notation.

Normally the client would attempt to locate a named + SMB/CIFS server by looking it up via the NetBIOS name resolution + mechanism described above in the name resolve order + parameter above. Using this parameter will force the client + to assume that the server is on the machine with the specified IP + address and the NetBIOS name component of the resource being + connected to will be ignored.

There is no default for this parameter. If not supplied, + it will be determined automatically by the client as described + above.

-E

This parameter causes the client to write messages + to the standard error stream (stderr) rather than to the standard + output stream.

By default, the client writes messages to standard output + - typically the user's tty.

-U username[%pass]

Sets the SMB username or username and password. + If %pass is not specified, The user will be prompted. The client + will first check the USER environment variable, then the + LOGNAME variable and if either exists, the + string is uppercased. Anything in these variables following a '%' + sign will be treated as the password. If these environment + variables are not found, the username GUEST + is used.

If the password is not included in these environment + variables (using the %pass syntax), smbclient will look for + a PASSWD environment variable from which + to read the password.

A third option is to use a credentials file which + contains the plaintext of the domain name, username and password. This + option is mainly provided for scripts where the admin doesn't + wish to pass the credentials on the command line or via environment + variables. If this method is used, make certain that the permissions + on the file restrict access from unwanted users. See the + -A for more details.

Be cautious about including passwords in scripts or in + the PASSWD environment variable. Also, on + many systems the command line of a running process may be seen + via the ps command to be safe always allow + smbclient to prompt for a password and type + it in directly.

-A filename

This option allows + you to specify a file from which to read the username, domain name, and + password used in the connection. The format of the file is + 

username = <value> 
+password = <value>
+domain = <value>
+

If the domain parameter is missing the current workgroup name + is used instead. Make certain that the permissions on the file restrict + access from unwanted users.

-L

This option allows you to look at what services + are available on a server. You use it as smbclient -L + host and a list should appear. The -I + option may be useful if your NetBIOS names don't + match your TCP/IP DNS host names or if you are trying to reach a + host on another network.

-t terminal code

This option tells smbclient how to interpret + filenames coming from the remote server. Usually Asian language + multibyte UNIX implementations use different character sets than + SMB/CIFS servers (EUC instead of SJIS for example). Setting this parameter will let + smbclient convert between the UNIX filenames and + the SMB filenames correctly. This option has not been seriously tested + and may have some problems.

The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, + CWjunet, CWhex, CWcap. This is not a complete list, check the Samba + source code for the complete list.

-b buffersize

This option changes the transmit/send buffer + size when getting or putting a file from/to the server. The default + is 65520 bytes. Setting this value smaller (to 1200 bytes) has been + observed to speed up file transfers to and from a Win9x server. +

-W WORKGROUP

Override the default workgroup specified in the + workgroup parameter of the smb.conf file + for this connection. This may be needed to connect to some + servers.

-T tar options

smbclient may be used to create tar(1) + compatible backups of all the files on an SMB/CIFS + share. The secondary tar flags that can be given to this option + are :

  • c - Create a tar file on UNIX. + Must be followed by the name of a tar file, tape device + or "-" for standard output. If using standard output you must + turn the log level to its lowest value -d0 to avoid corrupting + your tar file. This flag is mutually exclusive with the + x flag.

  • x - Extract (restore) a local + tar file back to a share. Unless the -D option is given, the tar + files will be restored from the top level of the share. Must be + followed by the name of the tar file, device or "-" for standard + input. Mutually exclusive with the c flag. + Restored files have their creation times (mtime) set to the + date saved in the tar file. Directories currently do not get + their creation dates restored properly.

  • I - Include files and directories. + Is the default behavior when filenames are specified above. Causes + tar files to be included in an extract or create (and therefore + everything else to be excluded). See example below. Filename globbing + works in one of two ways. See r below.

  • X - Exclude files and directories. + Causes tar files to be excluded from an extract or create. See + example below. Filename globbing works in one of two ways now. + See r below.

  • b - Blocksize. Must be followed + by a valid (greater than zero) blocksize. Causes tar file to be + written out in blocksize*TBLOCK (usually 512 byte) blocks. +

  • g - Incremental. Only back up + files that have the archive bit set. Useful only with the + c flag.

  • q - Quiet. Keeps tar from printing + diagnostics as it works. This is the same as tarmode quiet. +

  • r - Regular expression include + or exclude. Uses regular expression matching for + excluding or excluding files if compiled with HAVE_REGEX_H. + However this mode can be very slow. If not compiled with + HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. +

  • N - Newer than. Must be followed + by the name of a file whose date is compared against files found + on the share during a create. Only files newer than the file + specified are backed up to the tar file. Useful only with the + c flag.

  • a - Set archive bit. Causes the + archive bit to be reset when a file is backed up. Useful with the + g and c flags. +

Tar Long File Names

smbclient's tar option now supports long + file names both on backup and restore. However, the full path + name of the file must be less than 1024 bytes. Also, when + a tar archive is created, smbclient's tar option places all + files in the archive with relative names, not absolute names. +

Tar Filenames

All file names can be given as DOS path names (with '\' + as the component separator) or as UNIX path names (with '/' as + the component separator).

Examples

Restore from tar file backup.tar into myshare on mypc + (no password on share).

smbclient //mypc/yshare "" -N -Tx backup.tar +

Restore everything except users/docs +

smbclient //mypc/myshare "" -N -TXx backup.tar + users/docs

Create a tar file of the files beneath users/docs.

smbclient //mypc/myshare "" -N -Tc + backup.tar users/docs

Create the same tar file as above, but now use + a DOS path name.

smbclient //mypc/myshare "" -N -tc backup.tar + users\edocs

Create a tar file of all the files and directories in + the share.

smbclient //mypc/myshare "" -N -Tc backup.tar * +

-D initial directory

Change to initial directory before starting. Probably + only of any use with the tar -T option.

-c command string

command string is a semicolon-separated list of + commands to be executed instead of prompting from stdin. -N is implied by -c.

This is particularly useful in scripts and for printing stdin + to the server, e.g. -c 'print -'.

OPERATIONS

Once the client is running, the user is presented with + a prompt :

smb:\>

The backslash ("\") indicates the current working directory + on the server, and will change if the current working directory + is changed.

The prompt indicates that the client is ready and waiting to + carry out a user command. Each command is a single word, optionally + followed by parameters specific to that command. Command and parameters + are space-delimited unless these notes specifically + state otherwise. All commands are case-insensitive. Parameters to + commands may or may not be case sensitive, depending on the command. +

You can specify file names which have spaces in them by quoting + the name with double quotes, for example "a long file name".

Parameters shown in square brackets (e.g., "[parameter]") are + optional. If not given, the command will use suitable defaults. Parameters + shown in angle brackets (e.g., "<parameter>") are required. +

Note that all commands operating on the server are actually + performed by issuing a request to the server. Thus the behavior may + vary from server to server, depending on how the server was implemented. +

The commands available are given here in alphabetical order.

? [command]

If command is specified, the ? command will display + a brief informative message about the specified command. If no + command is specified, a list of available commands will + be displayed.

! [shell command]

If shell command is specified, the ! + command will execute a shell locally and run the specified shell + command. If no command is specified, a local shell will be run. +

cd [directory name]

If "directory name" is specified, the current + working directory on the server will be changed to the directory + specified. This operation will fail if for any reason the specified + directory is inaccessible.

If no directory name is specified, the current working + directory on the server will be reported.

del <mask>

The client will request that the server attempt + to delete all files matching mask from the current working + directory on the server.

dir <mask>

A list of the files matching mask in the current + working directory on the server will be retrieved from the server + and displayed.

exit

Terminate the connection with the server and exit + from the program.

get <remote file name> [local file name]

Copy the file called remote file name from + the server to the machine running the client. If specified, name + the local copy local file name. Note that all transfers in + smbclient are binary. See also the + lowercase command.

help [command]

See the ? command above.

lcd [directory name]

If directory name is specified, the current + working directory on the local machine will be changed to + the directory specified. This operation will fail if for any + reason the specified directory is inaccessible.

If no directory name is specified, the name of the + current working directory on the local machine will be reported. +

lowercase

Toggle lowercasing of filenames for the get and + mget commands.

When lowercasing is toggled ON, local filenames are converted + to lowercase when using the get and mget commands. This is + often useful when copying (say) MSDOS files from a server, because + lowercase filenames are the norm on UNIX systems.

ls <mask>

See the dir command above.

mask <mask>

This command allows the user to set up a mask + which will be used during recursive operation of the mget and + mput commands.

The masks specified to the mget and mput commands act as + filters for directories rather than files when recursion is + toggled ON.

The mask specified with the mask command is necessary + to filter files within those directories. For example, if the + mask specified in an mget command is "source*" and the mask + specified with the mask command is "*.c" and recursion is + toggled ON, the mget command will retrieve all files matching + "*.c" in all directories below and including all directories + matching "source*" in the current working directory.

Note that the value for mask defaults to blank (equivalent + to "*") and remains so until the mask command is used to change it. + It retains the most recently specified value indefinitely. To + avoid unexpected results it would be wise to change the value of + mask back to "*" after using the mget or mput commands.

md <directory name>

See the mkdir command.

mget <mask>

Copy all files matching mask from the server to + the machine running the client.

Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and + mask commands for more information. Note that all transfers in + smbclient are binary. See also the lowercase command.

mkdir <directory name>

Create a new directory on the server (user access + privileges permitting) with the specified name.

mput <mask>

Copy all files matching mask in the current working + directory on the local machine to the current working directory on + the server.

Note that mask is interpreted differently during recursive + operation and non-recursive operation - refer to the recurse and mask + commands for more information. Note that all transfers in smbclient + are binary.

print <file name>

Print the specified file from the local machine + through a printable service on the server.

See also the printmode command.

printmode <graphics or text>

Set the print mode to suit either binary data + (such as graphical information) or text. Subsequent print + commands will use the currently set print mode.

prompt

Toggle prompting for filenames during operation + of the mget and mput commands.

When toggled ON, the user will be prompted to confirm + the transfer of each file during these commands. When toggled + OFF, all specified files will be transferred without prompting. +

put <local file name> [remote file name]

Copy the file called local file name from the + machine running the client to the server. If specified, + name the remote copy remote file name. Note that all transfers + in smbclient are binary. See also the lowercase command. +

queue

Displays the print queue, showing the job id, + name, size and current status.

quit

See the exit command.

rd <directory name>

See the rmdir command.

recurse

Toggle directory recursion for the commands mget + and mput.

When toggled ON, these commands will process all directories + in the source directory (i.e., the directory they are copying + from ) and will recurse into any that match the mask specified + to the command. Only files that match the mask specified using + the mask command will be retrieved. See also the mask command. +

When recursion is toggled OFF, only files from the current + working directory on the source machine that match the mask specified + to the mget or mput commands will be copied, and any mask specified + using the mask command will be ignored.

rm <mask>

Remove all files matching mask from the current + working directory on the server.

rmdir <directory name>

Remove the specified directory (user access + privileges permitting) from the server.

tar <c|x>[IXbgNa]

Performs a tar operation - see the -T + command line option above. Behavior may be affected + by the tarmode command (see below). Using g (incremental) and N + (newer) will affect tarmode settings. Note that using the "-" option + with tar x may not work - use the command line option instead. +

blocksize <blocksize>

Blocksize. Must be followed by a valid (greater + than zero) blocksize. Causes tar file to be written out in + blocksize*TBLOCK (usually 512 byte) blocks.

tarmode <full|inc|reset|noreset>

Changes tar's behavior with regard to archive + bits. In full mode, tar will back up everything regardless of the + archive bit setting (this is the default mode). In incremental mode, + tar will only back up files with the archive bit set. In reset mode, + tar will reset the archive bit on all files it backs up (implies + read/write share).

setmode <filename> <perm=[+|\-]rsha>

A version of the DOS attrib command to set + file permissions. For example:

setmode myfile +r

would make myfile read only.

NOTES

Some servers are fussy about the case of supplied usernames, + passwords, share names (AKA service names) and machine names. + If you fail to connect try giving all parameters in uppercase. +

It is often necessary to use the -n option when connecting + to some types of servers. For example OS/2 LanManager insists + on a valid NetBIOS name being used, so you need to supply a valid + name that would be known to the server.

smbclient supports long file names where the server + supports the LANMAN2 protocol or above.

ENVIRONMENT VARIABLES

The variable USER may contain the + username of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords.

The variable PASSWD may contain + the password of the person using the client. This information is + used only if the protocol level is high enough to support + session-level passwords.

The variable LIBSMB_PROG may contain + the path, executed with system(), which the client should connect + to instead of connecting to a server. This functionality is primarily + intended as a development aid, and works best when using a LMHOSTS + file

INSTALLATION

The location of the client program is a matter for + individual system administrators. The following are thus + suggestions only.

It is recommended that the smbclient software be installed + in the /usr/local/samba/bin/ or /usr/samba/bin/ directory, this directory readable + by all, writeable only by root. The client program itself should + be executable by all. The client should NOT be + setuid or setgid!

The client log files should be put in a directory readable + and writeable only by the user.

To test the client, you will need to know the name of a + running SMB/CIFS server. It is possible to run smbd(8) + as an ordinary user - running that server as a daemon + on a user-accessible port (typically any port number over 1024) + would provide a suitable test server.

DIAGNOSTICS

Most diagnostics issued by the client are logged in a + specified log file. The log file name is specified at compile time, + but may be overridden on the command line.

The number and nature of diagnostics available depends + on the debug level used by the client. If you have problems, + set the debug level to 3 and peruse the log files.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbcontrol.1.html b/docs/htmldocs/smbcontrol.1.html new file mode 100644 index 00000000000..c824a7cd093 --- /dev/null +++ b/docs/htmldocs/smbcontrol.1.html @@ -0,0 +1,333 @@ +smbcontrol

smbcontrol

Name

smbcontrol -- send messages to smbd or nmbd processes

Synopsis

smbcontrol [-i]

smbcontrol [destination] [message-type] [parameter]

DESCRIPTION

This tool is part of the Samba suite.

smbcontrol is a very small program, which + sends messages to an smbd(8) or + an nmbd(8) daemon running on the + system.

OPTIONS

-i

Run interactively. Individual commands + of the form destination message-type parameters can be entered + on STDIN. An empty command line or a "q" will quit the + program.

destination

One of nmbd + smbd or a process ID.

The smbd destination causes the + message to "broadcast" to all smbd daemons.

The nmbd destination causes the + message to be sent to the nmbd daemon specified in the + nmbd.pid file.

If a single process ID is given, the message is sent + to only that process.

message-type

One of: close-share, + debug, + force-election, ping + , profile, debuglevel, profilelevel, + or printer-notify.

The close-share message-type sends a + message to smbd which will then close the client connections to + the named share. Note that this doesn't affect client connections + to any other shares. This message-type takes an argument of the + share name for which client connections will be close, or the + "*" character which will close all currently open shares. + This message can only be sent to smbd.

The debug message-type allows + the debug level to be set to the value specified by the + parameter. This can be sent to any of the destinations.

The force-election message-type can only be + sent to the nmbd destination. This message + causes the nmbd daemon to force a new browse + master election.

The ping message-type sends the + number of "ping" messages specified by the parameter and waits + for the same number of reply "pong" messages. This can be sent to + any of the destinations.

The profile message-type sends a + message to an smbd to change the profile settings based on the + parameter. The parameter can be "on" to turn on profile stats + collection, "off" to turn off profile stats collection, "count" + to enable only collection of count stats (time stats are + disabled), and "flush" to zero the current profile stats. This can + be sent to any of the destinations.

The debuglevel message-type sends + a "request debug level" message. The current debug level setting + is returned by a "debuglevel" message. This can be + sent to any of the destinations.

The profilelevel message-type sends + a "request profile level" message. The current profile level + setting is returned by a "profilelevel" message. This can be sent + to any of the destinations.

The printer-notify message-type sends a + message to smbd which in turn sends a printer notify message to + any Windows NT clients connected to a printer. This message-type + takes an argument of the printer name to send notify messages to. + This message can only be sent to smbd.

The close-share message-type sends a + message to smbd which forces smbd to close the share that was + specified as an argument. This may be useful if you made changes + to the access controls on the share.

parameters

any parameters required for the message-type

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

nmbd(8), + and smbd(8). +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbd.8.html b/docs/htmldocs/smbd.8.html new file mode 100644 index 00000000000..72fc10e2e42 --- /dev/null +++ b/docs/htmldocs/smbd.8.html @@ -0,0 +1,752 @@ +smbd

smbd

Name

smbd -- server to provide SMB/CIFS services to clients

Synopsis

smbd [-D] [-a] [-i] [-o] [-P] [-h] [-V] [-b] [-d <debug level>] [-l <log directory>] [-p <port number>] [-O <socket option>] [-s <configuration file>]

DESCRIPTION

This program is part of the Samba suite.

smbd is the server daemon that + provides filesharing and printing services to Windows clients. + The server provides filespace and printer services to + clients using the SMB (or CIFS) protocol. This is compatible + with the LanManager protocol, and can service LanManager + clients. These include MSCLIENT 3.0 for DOS, Windows for + Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, + OS/2, DAVE for Macintosh, and smbfs for Linux.

An extensive description of the services that the + server can provide is given in the man page for the + configuration file controlling the attributes of those + services (see smb.conf(5) + . This man page will not describe the + services, but will concentrate on the administrative aspects + of running the server.

Please note that there are significant security + implications to running this server, and the smb.conf(5) + manpage should be regarded as mandatory reading before + proceeding with installation.

A session is created whenever a client requests one. + Each client gets a copy of the server for each session. This + copy then services all connections made by the client during + that session. When all connections from its client are closed, + the copy of the server for that client terminates.

The configuration file, and any files that it includes, + are automatically reloaded every minute, if they change. You + can force a reload by sending a SIGHUP to the server. Reloading + the configuration file will not affect connections to any service + that is already established. Either the user will have to + disconnect from the service, or smbd killed and restarted.

OPTIONS

-D

If specified, this parameter causes + the server to operate as a daemon. That is, it detaches + itself and runs in the background, fielding requests + on the appropriate port. Operating the server as a + daemon is the recommended way of running smbd for + servers that provide more than casual use file and + print services. This switch is assumed if smbd + is executed on the command line of a shell. +

-a

If this parameter is specified, each new + connection will append log messages to the log file. + This is the default.

-i

If this parameter is specified it causes the + server to run "interactively", not as a daemon, even if the + server is executed on the command line of a shell. Setting this + parameter negates the implicit deamon mode when run from the + command line. +

-o

If this parameter is specified, the + log files will be overwritten when opened. By default, + smbd will append entries to the log + files.

-P

Passive option. Causes smbd not to + send any network traffic out. Used for debugging by + the developers only.

-h

Prints the help information (usage) + for smbd.

-v

Prints the version number for + smbd.

-b

Prints information about how + Samba was built.

-d <debug level>

debuglevel is an integer + from 0 to 10. The default value if this parameter is + not specified is zero.

The higher this value, the more detail will be + logged to the log files about the activities of the + server. At level 0, only critical errors and serious + warnings will be logged. Level 1 is a reasonable level for + day to day running - it generates a small amount of + information about operations carried out.

Levels above 1 will generate considerable + amounts of log data, and should only be used when + investigating a problem. Levels above 3 are designed for + use only by developers and generate HUGE amounts of log + data, most of which is extremely cryptic.

Note that specifying this parameter here will + override the log + level parameter in the smb.conf(5) file.

-l <log directory>

If specified, + log directory + specifies a log directory into which the "log.smbd" log + file will be created for informational and debug + messages from the running server. The log + file generated is never removed by the server although + its size may be controlled by the max log size + option in the smb.conf(5) file. +

The default log directory is specified at + compile time.

-O <socket options>

See the socket options + parameter in the smb.conf(5) + file for details.

-p <port number>

port number is a positive integer + value. The default value if this parameter is not + specified is 139.

This number is the port number that will be + used when making connections to the server from client + software. The standard (well-known) port number for the + SMB over TCP is 139, hence the default. If you wish to + run the server as an ordinary user rather than + as root, most systems will require you to use a port + number greater than 1024 - ask your system administrator + for help if you are in this situation.

In order for the server to be useful by most + clients, should you configure it on a port other + than 139, you will require port redirection services + on port 139, details of which are outlined in rfc1002.txt + section 4.3.5.

This parameter is not normally specified except + in the above situation.

-s <configuration file>

The file specified contains the + configuration details required by the server. The + information in this file includes server-specific + information such as what printcap file to use, as well + as descriptions of all the services that the server is + to provide. See smb.conf(5) for more information. + The default configuration file name is determined at + compile time.

FILES

/etc/inetd.conf

If the server is to be run by the + inetd meta-daemon, this file + must contain suitable startup information for the + meta-daemon. See the UNIX_INSTALL.html + document for details. +

/etc/rc

or whatever initialization script your + system uses).

If running the server as a daemon at startup, + this file will need to contain an appropriate startup + sequence for the server. See the UNIX_INSTALL.html + document for details.

/etc/services

If running the server via the + meta-daemon inetd, this file + must contain a mapping of service name (e.g., netbios-ssn) + to service port (e.g., 139) and protocol type (e.g., tcp). + See the UNIX_INSTALL.html + document for details.

/usr/local/samba/lib/smb.conf

This is the default location of the + smb.conf + server configuration file. Other common places that systems + install this file are /usr/samba/lib/smb.conf + and /etc/smb.conf.

This file describes all the services the server + is to make available to clients. See smb.conf(5) for more information.

LIMITATIONS

On some systems smbd cannot change uid back + to root after a setuid() call. Such systems are called + trapdoor uid systems. If you have such a system, + you will be unable to connect from a client (such as a PC) as + two different users at once. Attempts to connect the + second user will result in access denied or + similar.

ENVIRONMENT VARIABLES

PRINTER

If no printer name is specified to + printable services, most systems will use the value of + this variable (or lp if this variable is + not defined) as the name of the printer to use. This + is not specific to the server, however.

PAM INTERACTION

Samba uses PAM for authentication (when presented with a plaintext + password), for account checking (is this account disabled?) and for + session management. The degree too which samba supports PAM is restricted + by the limitations of the SMB protocol and the + obey pam restricions + smb.conf paramater. When this is set, the following restrictions apply: +

  • Account Validation: All acccesses to a + samba server are checked + against PAM to see if the account is vaild, not disabled and is permitted to + login at this time. This also applies to encrypted logins. +

  • Session Management: When not using share + level secuirty, users must pass PAM's session checks before access + is granted. Note however, that this is bypassed in share level secuirty. + Note also that some older pam configuration files may need a line + added for session support. +

VERSION

This man page is correct for version 2.2 of + the Samba suite.

DIAGNOSTICS

Most diagnostics issued by the server are logged + in a specified log file. The log file name is specified + at compile time, but may be overridden on the command line.

The number and nature of diagnostics available depends + on the debug level used by the server. If you have problems, set + the debug level to 3 and peruse the log files.

Most messages are reasonably self-explanatory. Unfortunately, + at the time this man page was created, there are too many diagnostics + available in the source code to warrant describing each and every + diagnostic. At this stage your best bet is still to grep the + source code and inspect the conditions that gave rise to the + diagnostics you are seeing.

SIGNALS

Sending the smbd a SIGHUP will cause it to + reload its smb.conf configuration + file within a short period of time.

To shut down a user's smbd process it is recommended + that SIGKILL (-9) NOT + be used, except as a last resort, as this may leave the shared + memory area in an inconsistent state. The safe way to terminate + an smbd is to send it a SIGTERM (-15) signal and wait for + it to die on its own.

The debug log level of smbd may be raised + or lowered using smbcontrol(1) + program (SIGUSR[1|2] signals are no longer used in + Samba 2.2). This is to allow transient problems to be diagnosed, + whilst still running at a normally low log level.

Note that as the signal handlers send a debug write, + they are not re-entrant in smbd. This you should wait until + smbd is in a state of waiting for an incoming SMB before + issuing them. It is possible to make the signal handlers safe + by un-blocking the signals before the select call and re-blocking + them after, however this would affect performance.

SEE ALSO

hosts_access(5), inetd(8), + nmbd(8), + smb.conf(5) + , smbclient(1) + , testparm(1), testprns(1), and the Internet RFC's + rfc1001.txt, rfc1002.txt. + In addition the CIFS (formerly SMB) specification is available + as a link from the Web page + http://samba.org/cifs/.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbgroupedit.8.html b/docs/htmldocs/smbgroupedit.8.html new file mode 100644 index 00000000000..4af49672caf --- /dev/null +++ b/docs/htmldocs/smbgroupedit.8.html @@ -0,0 +1,402 @@ +smbgroupedit

smbgroupedit

Name

smbgroupedit -- Query/set/change UNIX - Windows NT group mapping

Synopsis

smbroupedit [-v [l|s]] [-a UNIX-groupname [-d NT-groupname|-p prividge|]

DESCRIPTION

This program is part of the Samba +suite.

The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc.

OPTIONS

-v[l|s]

This option will list all groups available + in the Windows NT domain in which samba is operating. +

-l

give a long listing, of the format:

"NT Group Name"
+    SID            :
+    Unix group     :
+    Group type     :
+    Comment        :
+    Privilege      :

For examples,

Users
+    SID : S-1-5-32-545
+    Unix group: -1
+    Group type: Local group
+    Comment :
+    Privilege : No privilege

-s

display a short listing of the format:

NTGroupName(SID) -> UnixGroupName

For example,

Users (S-1-5-32-545) -> -1

FILES

EXIT STATUS

smbgroupedit returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure.

EXAMPLES

To make a subset of your samba PDC users members of +the 'Domain Admins' Global group:

  1. create a unix group (usually in + /etc/group), let's call it domadm. +

  2. add to this group the users that you want to be + domain administrators. For example if you want joe, john and mary, + your entry in /etc/group will look like: +

    domadm:x:502:joe,john,mary

  3. map this domadm group to the 'domain admins' group: +

    1. Get the SID for the Windows NT "Domain Admins" + group:

      root# smbgroupedit -vs | grep "Domain Admins"
+Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1

    2. map the unix domadm group to the Windows NT + "Domain Admins" group, by running the command: + 

      root# smbgroupedit \
+-c S-1-5-21-1108995562-3116817432-1375597819-512 \
+-u domadm

      warning: don't copy and paste this sample, the + Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. +

To verify that you mapping has taken effect:

root# smbgroupedit -vs|grep "Domain Admins"
+Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm

To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group:

root# smbgroupedit -a unixgroup -td

VERSION

This man page is correct for the 3.0alpha releases of +the Samba suite.

SEE ALSO

smb.conf(5)

AUTHOR

The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed.

smbgroupedit was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code.

\ No newline at end of file diff --git a/docs/htmldocs/smbmnt.8.html b/docs/htmldocs/smbmnt.8.html new file mode 100644 index 00000000000..a7d10b6e191 --- /dev/null +++ b/docs/htmldocs/smbmnt.8.html @@ -0,0 +1,178 @@ +smbmnt

smbmnt

Name

smbmnt -- helper utility for mounting SMB filesystems

Synopsis

smbmnt {mount-point} [-s <share>] [-r] [-u <uid>] [-g <gid>] [-f <mask>] [-d <mask>] [-o <options>]

DESCRIPTION

smbmnt is a helper application used + by the smbmount program to do the actual mounting of SMB shares. + smbmnt can be installed setuid root if you want + normal users to be able to mount their SMB shares.

A setuid smbmnt will only allow mounts on directories owned + by the user, and that the user has write permission on.

The smbmnt program is normally invoked + by smbmount(8) + . It should not be invoked directly by users.

smbmount searches the normal PATH for smbmnt. You must ensure + that the smbmnt version in your path matches the smbmount used.

OPTIONS

-r

mount the filesystem read-only +

-u uid

specify the uid that the files will + be owned by

-g gid

specify the gid that the files will be + owned by

-f mask

specify the octal file mask applied +

-d mask

specify the octal directory mask + applied

-o options

list of options that are passed as-is to smbfs, if this + command is run on a 2.4 or higher Linux kernel. +

AUTHOR

Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.

The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. +

The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbmount.8.html b/docs/htmldocs/smbmount.8.html new file mode 100644 index 00000000000..b7263ebf83d --- /dev/null +++ b/docs/htmldocs/smbmount.8.html @@ -0,0 +1,468 @@ +smbmount

smbmount

Name

smbmount -- mount an smbfs filesystem

Synopsis

smbumount {service} {mount-point} [-o options]

DESCRIPTION

smbmount mounts a Linux SMB filesystem. It + is usually invoked as mount.smbfs by + the mount(8) command when using the + "-t smbfs" option. This command only works in Linux, and the kernel must + support the smbfs filesystem.

Options to smbmount are specified as a comma-separated + list of key=value pairs. It is possible to send options other + than those listed here, assuming that smbfs supports them. If + you get mount failures, check your kernel log for errors on + unknown options.

smbmount is a daemon. After mounting it keeps running until + the mounted smbfs is umounted. It will log things that happen + when in daemon mode using the "machine name" smbmount, so + typically this output will end up in log.smbmount. The + smbmount process may also be called mount.smbfs.

NOTE: smbmount + calls smbmnt(8) to do the actual mount. You + must make sure that smbmnt is in the path so + that it can be found.

OPTIONS

username=<arg>

specifies the username to connect as. If + this is not given, then the environment variable USER is used. This option can also take the + form "user%password" or "user/workgroup" or + "user/workgroup%password" to allow the password and workgroup + to be specified as part of the username.

password=<arg>

specifies the SMB password. If this + option is not given then the environment variable + PASSWD is used. If it can find + no password smbmount will prompt + for a passeword, unless the guest option is + given.

Note that password which contain the arguement delimiter + character (i.e. a comma ',') will failed to be parsed correctly + on the command line. However, the same password defined + in the PASSWD environment variable or a credentials file (see + below) will be read correctly. +

credentials=<filename>

specifies a file that contains a username + and/or password. The format of the file is:

		username = <value>
+		password = <value>
+
+

This is preferred over having passwords in plaintext in a + shared file, such as /etc/fstab. Be sure to protect any + credentials file properly. +

netbiosname=<arg>

sets the source NetBIOS name. It defaults + to the local hostname.

uid=<arg>

sets the uid that will own all files on + the mounted filesystem. + It may be specified as either a username or a numeric uid. +

gid=<arg>

sets the gid that will own all files on + the mounted filesystem. + It may be specified as either a groupname or a numeric + gid.

port=<arg>

sets the remote SMB port number. The default + is 139.

fmask=<arg>

sets the file mask. This determines the + permissions that remote files have in the local filesystem. + The default is based on the current umask.

dmask=<arg>

sets the directory mask. This determines the + permissions that remote directories have in the local filesystem. + The default is based on the current umask.

debug=<arg>

sets the debug level. This is useful for + tracking down SMB connection problems. A suggested value to + start with is 4. If set too high there will be a lot of + output, possibly hiding the useful output.

ip=<arg>

sets the destination host or IP address. +

workgroup=<arg>

sets the workgroup on the destination

sockopt=<arg>

sets the TCP socket options. See the smb.conf + socket options option. +

scope=<arg>

sets the NetBIOS scope

guest

don't prompt for a password

ro

mount read-only

rw

mount read-write

iocharset=<arg>

sets the charset used by the Linux side for codepage + to charset translations (NLS). Argument should be the + name of a charset, like iso8859-1. (Note: only kernel + 2.4.0 or later) +

codepage=<arg>

sets the codepage the server uses. See the iocharset + option. Example value cp850. (Note: only kernel 2.4.0 + or later) +

ttl=<arg>

how long a directory listing is cached in milliseconds + (also affects visibility of file size and date + changes). A higher value means that changes on the + server take longer to be noticed but it can give + better performance on large directories, especially + over long distances. Default is 1000ms but something + like 10000ms (10 seconds) is probably more reasonable + in many cases. + (Note: only kernel 2.4.2 or later) +

ENVIRONMENT VARIABLES

The variable USER may contain the username of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords. The variable can be used to set both username and + password by using the format username%password.

The variable PASSWD may contain the password of the + person using the client. This information is used only if the + protocol level is high enough to support session-level + passwords.

The variable PASSWD_FILE may contain the pathname + of a file to read the password from. A single line of input is + read and used as the password.

BUGS

Passwords and other options containing , can not be handled. + For passwords an alternative way of passing them is in a credentials + file or in the PASSWD environment.

The credentials file does not handle usernames or passwords with + leading space.

One smbfs bug is important enough to mention here, even if it + is a bit misplaced:

  • Mounts sometimes stop working. This is usually + caused by smbmount terminating. Since smbfs needs smbmount to + reconnect when the server disconnects, the mount will eventually go + dead. An umount/mount normally fixes this. At least 2 ways to + trigger this bug are known.

Note that the typical response to a bug report is suggestion + to try the latest version first. So please try doing that first, + and always include which versions you use of relevant software + when reporting bugs (minimum: samba, kernel, distribution)

SEE ALSO

Documentation/filesystems/smbfs.txt in the linux kernel + source tree may contain additional options and information.

FreeBSD also has a smbfs, but it is not related to smbmount

For Solaris, HP-UX and others you may want to look at + smbsh(1) or at other + solutions, such as sharity or perhaps replacing the SMB server with + a NFS server.

AUTHOR

Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.

The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. +

The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbpasswd.5.html b/docs/htmldocs/smbpasswd.5.html new file mode 100644 index 00000000000..1f862b66114 --- /dev/null +++ b/docs/htmldocs/smbpasswd.5.html @@ -0,0 +1,316 @@ +smbpasswd

smbpasswd

Name

smbpasswd -- The Samba encrypted password file

Synopsis

smbpasswd

DESCRIPTION

This tool is part of the Samba suite.

smbpasswd is the Samba encrypted password file. It contains + the username, Unix user id and the SMB hashed passwords of the + user, as well as account flag information and the time the + password was last changed. This file format has been evolving with + Samba and has had several different formats in the past.

FILE FORMAT

The format of the smbpasswd file used by Samba 2.2 + is very similar to the familiar Unix passwd(5) + file. It is an ASCII file containing one line for each user. Each field + ithin each line is separated from the next by a colon. Any entry + beginning with '#' is ignored. The smbpasswd file contains the + following information for each user:

name

This is the user name. It must be a name that + already exists in the standard UNIX passwd file.

uid

This is the UNIX uid. It must match the uid + field for the same user entry in the standard UNIX passwd file. + If this does not match then Samba will refuse to recognize + this smbpasswd file entry as being valid for a user. +

Lanman Password Hash

This is the LANMAN hash of the user's password, + encoded as 32 hex digits. The LANMAN hash is created by DES + encrypting a well known string with the user's password as the + DES key. This is the same password used by Windows 95/98 machines. + Note that this password hash is regarded as weak as it is + vulnerable to dictionary attacks and if two users choose the + same password this entry will be identical (i.e. the password + is not "salted" as the UNIX password is). If the user has a + null password this field will contain the characters "NO PASSWORD" + as the start of the hex string. If the hex string is equal to + 32 'X' characters then the user's account is marked as + disabled and the user will not be able to + log onto the Samba server.

WARNING !! Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access.

NT Password Hash

This is the Windows NT hash of the user's + password, encoded as 32 hex digits. The Windows NT hash is + created by taking the user's password as represented in + 16-bit, little-endian UNICODE and then applying the MD4 + (internet rfc1321) hashing algorithm to it.

This password hash is considered more secure than + the LANMAN Password Hash as it preserves the case of the + password and uses a much higher quality hashing algorithm. + However, it is still the case that if two users choose the same + password this entry will be identical (i.e. the password is + not "salted" as the UNIX password is).

WARNING !!. Note that, due to + the challenge-response nature of the SMB/CIFS authentication + protocol, anyone with a knowledge of this password hash will + be able to impersonate the user on the network. For this + reason these hashes are known as plain text + equivalents and must NOT be made + available to anyone but the root user. To protect these passwords + the smbpasswd file is placed in a directory with read and + traverse access only to the root user and the smbpasswd file + itself must be set to be read/write only by root, with no + other access.

Account Flags

This section contains flags that describe + the attributes of the users account. In the Samba 2.2 release + this field is bracketed by '[' and ']' characters and is always + 13 characters in length (including the '[' and ']' characters). + The contents of this field may be any of the characters. +

  • U - This means + this is a "User" account, i.e. an ordinary user. Only User + and Workstation Trust accounts are currently supported + in the smbpasswd file.

  • N - This means the + account has no password (the passwords in the fields LANMAN + Password Hash and NT Password Hash are ignored). Note that this + will only allow users to log on with no password if the null passwords parameter is set in the smb.conf(5) + config file.

  • D - This means the account + is disabled and no SMB/CIFS logins will be allowed for + this user.

  • W - This means this account + is a "Workstation Trust" account. This kind of account is used + in the Samba PDC code stream to allow Windows NT Workstations + and Servers to join a Domain hosted by a Samba PDC.

Other flags may be added as the code is extended in future. + The rest of this field space is filled in with spaces.

Last Change Time

This field consists of the time the account was + last modified. It consists of the characters 'LCT-' (standing for + "Last Change Time") followed by a numeric encoding of the UNIX time + in seconds since the epoch (1970) that the last change was made. +

All other colon separated fields are ignored at this time.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbpasswd(8), + samba(7), and + the Internet RFC1321 for details on the MD4 algorithm. +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbpasswd.8.html b/docs/htmldocs/smbpasswd.8.html new file mode 100644 index 00000000000..a8b39b37e57 --- /dev/null +++ b/docs/htmldocs/smbpasswd.8.html @@ -0,0 +1,606 @@ +smbpasswd

smbpasswd

Name

smbpasswd -- change a user's SMB password

Synopsis

smbpasswd [-a] [-x] [-d] [-e] [-D debuglevel] [-n] [-r <remote machine>] [-R <name resolve order>] [-m] [-j DOMAIN] [-U username[%password]] [-h] [-s] [-w pass] [username]

DESCRIPTION

This tool is part of the Samba suite.

The smbpasswd program has several different + functions, depending on whether it is run by the root + user or not. When run as a normal user it allows the user to change + the password used for their SMB sessions on any machines that store + SMB passwords.

By default (when run with no arguments) it will attempt to + change the current user's SMB password on the local machine. This is + similar to the way the passwd(1) program works. + smbpasswd differs from how the passwd program works + however in that it is not setuid root but works in + a client-server mode and communicates with a locally running + smbd(8). As a consequence in order for this to + succeed the smbd daemon must be running on the local machine. On a + UNIX machine the encrypted SMB passwords are usually stored in + the smbpasswd(5) file.

When run by an ordinary user with no options. smbpasswd + will prompt them for their old SMB password and then ask them + for their new password twice, to ensure that the new password + was typed correctly. No passwords will be echoed on the screen + whilst being typed. If you have a blank SMB password (specified by + the string "NO PASSWORD" in the smbpasswd file) then just press + the <Enter> key when asked for your old password.

smbpasswd can also be used by a normal user to change their + SMB password on remote machines, such as Windows NT Primary Domain + Controllers. See the (-r) and -U options below.

When run by root, smbpasswd allows new users to be added + and deleted in the smbpasswd file, as well as allows changes to + the attributes of the user in this file to be made. When run by root, + smbpasswd accesses the local smbpasswd file + directly, thus enabling changes to be made even if smbd is not + running.

OPTIONS

-a

This option specifies that the username + following should be added to the local smbpasswd file, with the + new password typed (type <Enter> for the old password). This + option is ignored if the username following already exists in + the smbpasswd file and it is treated like a regular change + password command. Note that the default passdb backends require + the user to already exist in the system password file (usually + /etc/passwd), else the request to add the + user will fail.

This option is only available when running smbpasswd + as root.

-x

This option specifies that the username + following should be deleted from the local smbpasswd file. +

This option is only available when running smbpasswd as + root.

-d

This option specifies that the username following + should be disabled in the local smbpasswd + file. This is done by writing a 'D' flag + into the account control space in the smbpasswd file. Once this + is done all attempts to authenticate via SMB using this username + will fail.

If the smbpasswd file is in the 'old' format (pre-Samba 2.0 + format) there is no space in the user's password entry to write + this information and the command will FAIL. See smbpasswd(5) + for details on the 'old' and new password file formats. +

This option is only available when running smbpasswd as + root.

-e

This option specifies that the username following + should be enabled in the local smbpasswd file, + if the account was previously disabled. If the account was not + disabled this option has no effect. Once the account is enabled then + the user will be able to authenticate via SMB once again.

If the smbpasswd file is in the 'old' format, then smbpasswd will FAIL to enable the account. + See smbpasswd (5) for + details on the 'old' and new password file formats.

This option is only available when running smbpasswd as root. +

-D debuglevel

debuglevel is an integer + from 0 to 10. The default value if this parameter is not specified + is zero.

The higher this value, the more detail will be logged to the + log files about the activities of smbpasswd. At level 0, only + critical errors and serious warnings will be logged.

Levels above 1 will generate considerable amounts of log + data, and should only be used when investigating a problem. Levels + above 3 are designed for use only by developers and generate + HUGE amounts of log data, most of which is extremely cryptic. +

-n

This option specifies that the username following + should have their password set to null (i.e. a blank password) in + the local smbpasswd file. This is done by writing the string "NO + PASSWORD" as the first part of the first password stored in the + smbpasswd file.

Note that to allow users to logon to a Samba server once + the password has been set to "NO PASSWORD" in the smbpasswd + file the administrator must set the following parameter in the [global] + section of the smb.conf file :

null passwords = yes

This option is only available when running smbpasswd as + root.

-r remote machine name

This option allows a user to specify what machine + they wish to change their password on. Without this parameter + smbpasswd defaults to the local host. The remote + machine name is the NetBIOS name of the SMB/CIFS + server to contact to attempt the password change. This name is + resolved into an IP address using the standard name resolution + mechanism in all programs of the Samba suite. See the -R + name resolve order parameter for details on changing + this resolving mechanism.

The username whose password is changed is that of the + current UNIX logged on user. See the -U username + parameter for details on changing the password for a different + username.

Note that if changing a Windows NT Domain password the + remote machine specified must be the Primary Domain Controller for + the domain (Backup Domain Controllers only have a read-only + copy of the user account database and will not allow the password + change).

Note that Windows 95/98 do not have + a real password database so it is not possible to change passwords + specifying a Win95/98 machine as remote machine target.

-R name resolve order

This option allows the user of smbpasswd to determine + what name resolution services to use when looking up the NetBIOS + name of the host being connected to.

The options are :"lmhosts", "host", "wins" and "bcast". They cause + names to be resolved as follows :

  • lmhosts : Lookup an IP + address in the Samba lmhosts file. If the line in lmhosts has + no name type attached to the NetBIOS name (see the lmhosts(5) for details) then + any name type matches for lookup.

  • host : Do a standard host + name to IP address resolution, using the system /etc/hosts + , NIS, or DNS lookups. This method of name resolution + is operating system depended for instance on IRIX or Solaris this + may be controlled by the /etc/nsswitch.conf + file). Note that this method is only used if the NetBIOS name + type being queried is the 0x20 (server) name type, otherwise + it is ignored.

  • wins : Query a name with + the IP address listed in the wins server + parameter. If no WINS server has been specified this method + will be ignored.

  • bcast : Do a broadcast on + each of the known local interfaces listed in the + interfaces parameter. This is the least + reliable of the name resolution methods as it depends on the + target host being on a locally connected subnet.

The default order is lmhosts, host, wins, bcast + and without this parameter or any entry in the + smb.conf file the name resolution methods will + be attempted in this order.

-m

This option tells smbpasswd that the account + being changed is a MACHINE account. Currently this is used + when Samba is being used as an NT Primary Domain Controller.

This option is only available when running smbpasswd as root. +

-U username

This option may only be used in conjunction + with the -r option. When changing + a password on a remote machine it allows the user to specify + the user name on that machine whose password will be changed. It + is present to allow users who have different user names on + different systems to change these passwords.

-h

This option prints the help string for smbpasswd, selecting the correct one for running as root + or as an ordinary user.

-s

This option causes smbpasswd to be silent (i.e. + not issue prompts) and to read its old and new passwords from + standard input, rather than from /dev/tty + (like the passwd(1) program does). This option + is to aid people writing scripts to drive smbpasswd

-w password

This parameter is only available is Samba + has been configured to use the experiemental + --with-ldapsam option. The -w + switch is used to specify the password to be used with the + ldap admin + dn. Note that the password is stored in + the private/secrets.tdb and is keyed off + of the admin's DN. This means that if the value of ldap + admin dn ever changes, the password will beed to be + manually updated as well. +

username

This specifies the username for all of the + root only options to operate on. Only root + can specify this parameter as only root has the permission needed + to modify attributes directly in the local smbpasswd file. +

NOTES

Since smbpasswd works in client-server + mode communicating with a local smbd for a non-root user then + the smbd daemon must be running for this to work. A common problem + is to add a restriction to the hosts that may access the smbd running on the local machine by specifying a + allow hosts or deny hosts + entry in the smb.conf file and neglecting to + allow "localhost" access to the smbd.

In addition, the smbpasswd command is only useful if Samba + has been set up to use encrypted passwords. See the file + ENCRYPTION.txt in the docs directory for details + on how to do this.

VERSION

This man page is correct for version 3.0 of + the Samba suite.

SEE ALSO

smbpasswd(5), + samba(7) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbsh.1.html b/docs/htmldocs/smbsh.1.html new file mode 100644 index 00000000000..66081bbe22c --- /dev/null +++ b/docs/htmldocs/smbsh.1.html @@ -0,0 +1,251 @@ +smbsh

smbsh

Name

smbsh -- Allows access to Windows NT filesystem + using UNIX commands

Synopsis

smbsh

DESCRIPTION

This tool is part of the Samba suite.

smbsh allows you to access an NT filesystem + using UNIX commands such as ls, egrep, and rcp. You must use a + shell that is dynamically linked in order for smbsh + to work correctly.

To use the smbsh command, execute smbsh from the prompt and enter the username and password + that authenticates you to the machine running the Windows NT + operating system.

	system% smbsh
+	Username: user
+	Password: XXXXXXX
+

Any dynamically linked command you execute from + this shell will access the /smb directory + using the smb protocol. For example, the command ls /smb + will show a list of workgroups. The command + ls /smb/MYGROUP will show all the machines in + the workgroup MYGROUP. The command + ls /smb/MYGROUP/<machine-name> will show the share + names for that machine. You could then, for example, use the cd command to change directories, vi to + edit files, and rcp to copy files.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

BUGS

smbsh works by intercepting the standard + libc calls with the dynamically loaded versions in smbwrapper.o. Not all calls have been "wrapped", so + some programs may not function correctly under smbsh + .

Programs which are not dynamically linked cannot make + use of smbsh's functionality. Most versions + of UNIX have a file command that will + describe how a program was linked.

SEE ALSO

smbd(8), + smb.conf(5) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbspool.8.html b/docs/htmldocs/smbspool.8.html new file mode 100644 index 00000000000..254abe9a9de --- /dev/null +++ b/docs/htmldocs/smbspool.8.html @@ -0,0 +1,222 @@ +smbspool

smbspool

Name

smbspool -- send print file to an SMB printer

Synopsis

smbspool [job] [user] [title] [copies] [options] [filename]

DESCRIPTION

This tool is part of the Samba suite.

smbspool is a very small print spooling program that + sends a print file to an SMB printer. The command-line arguments + are position-dependent for compatibility with the Common UNIX + Printing System, but you can use smbspool with any printing system + or from a program or script.

DEVICE URI

smbspool specifies the destination using a Uniform Resource + Identifier ("URI") with a method of "smb". This string can take + a number of forms:

  • smb://server/printer

  • smb://workgroup/server/printer

  • smb://username:password@server/printer

  • smb://username:password@workgroup/server/printer +

smbspool tries to get the URI from argv[0]. If argv[0] + contains the name of the program then it looks in the DEVICE_URI environment variable.

Programs using the exec(2) functions can + pass the URI in argv[0], while shell scripts must set the + DEVICE_URI environment variable prior to + running smbspool.

OPTIONS

  • The job argument (argv[1]) contains the + job ID number and is presently not used by smbspool. +

  • The user argument (argv[2]) contains the + print user's name and is presently not used by smbspool. +

  • The title argument (argv[3]) contains the + job title string and is passed as the remote file name + when sending the print job.

  • The copies argument (argv[4]) contains + the number of copies to be printed of the named file. If + no filename is provided than this argument is not used by + smbspool.

  • The options argument (argv[5]) contains + the print options in a single string and is presently + not used by smbspool.

  • The filename argument (argv[6]) contains the + name of the file to print. If this argument is not specified + then the print file is read from the standard input.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbd(8), + and samba(7). +

AUTHOR

smbspool was written by Michael Sweet + at Easy Software Products.

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbstatus.1.html b/docs/htmldocs/smbstatus.1.html new file mode 100644 index 00000000000..1d3dc9f952a --- /dev/null +++ b/docs/htmldocs/smbstatus.1.html @@ -0,0 +1,209 @@ +smbstatus

smbstatus

Name

smbstatus -- report on current Samba connections

Synopsis

smbstatus [-P] [-b] [-d] [-L] [-p] [-S] [-s <configuration file>] [-u <username>]

DESCRIPTION

This tool is part of the Samba suite.

smbstatus is a very simple program to + list the current Samba connections.

OPTIONS

-P

If samba has been compiled with the + profiling option, print only the contents of the profiling + shared memory area.

-b

gives brief output.

-d

gives verbose output.

-L

causes smbstatus to only list locks.

-p

print a list of smbd(8) processes and exit. + Useful for scripting.

-S

causes smbstatus to only list shares.

-s <configuration file>

The default configuration file name is + determined at compile time. The file specified contains the + configuration details required by the server. See smb.conf(5) + for more information.

-u <username>

selects information relevant to + username only.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbd(8) and + smb.conf(5).

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/smbtar.1.html b/docs/htmldocs/smbtar.1.html new file mode 100644 index 00000000000..47c41a015a9 --- /dev/null +++ b/docs/htmldocs/smbtar.1.html @@ -0,0 +1,351 @@ +smbtar

smbtar

Name

smbtar -- shell script for backing up SMB/CIFS shares + directly to UNIX tape drives

Synopsis

smbtar {-s server} [-p password] [-x services] [-X] [-d directory] [-u user] [-t tape] [-t tape] [-b blocksize] [-N filename] [-i] [-r] [-l loglevel] [-v] {filenames}

DESCRIPTION

This tool is part of the Samba suite.

smbtar is a very small shell script on top + of smbclient(1) + which dumps SMB shares directly to tape.

OPTIONS

-s server

The SMB/CIFS server that the share resides + upon.

-x service

The share name on the server to connect to. + The default is "backup".

-X

Exclude mode. Exclude filenames... from tar + create or restore.

-d directory

Change to initial directory + before restoring / backing up files.

-v

Verbose mode.

-p password

The password to use to access a share. + Default: none

-u user

The user id to connect as. Default: + UNIX login name.

-t tape

Tape device. May be regular file or tape + device. Default: $TAPE environmental + variable; if not set, a file called tar.out + .

-b blocksize

Blocking factor. Defaults to 20. See + tar(1) for a fuller explanation.

-N filename

Backup only files newer than filename. Could + be used (for example) on a log file to implement incremental + backups.

-i

Incremental mode; tar files are only backed + up if they have the archive bit set. The archive bit is reset + after each file is read.

-r

Restore. Files are restored to the share + from the tar file.

-l log level

Log (debug) level. Corresponds to the + -d flag of smbclient(1) + .

ENVIRONMENT VARIABLES

The $TAPE variable specifies the + default tape device to write to. May be overridden + with the -t option.

BUGS

The smbtar script has different + options from ordinary tar and tar called from smbclient.

CAVEATS

Sites that are more careful about security may not like + the way the script handles PC passwords. Backup and restore work + on entire shares, should work on file lists. smbtar works best + with GNU tar and may not work well with other versions.

DIAGNOSTICS

See the DIAGNOSTICS section for the + smbclient(1) + command.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smbd(8), + smbclient(1), + smb.conf(5), +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

Ricky Poulten + wrote the tar extension and this man page. The smbtar + script was heavily rewritten and improved by Martin Kraemer. Many + thanks to everyone who suggested extensions, improvements, bug + fixes, etc. The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter.

\ No newline at end of file diff --git a/docs/htmldocs/smbumount.8.html b/docs/htmldocs/smbumount.8.html new file mode 100644 index 00000000000..68929fd5f91 --- /dev/null +++ b/docs/htmldocs/smbumount.8.html @@ -0,0 +1,140 @@ +smbumount

smbumount

Name

smbumount -- smbfs umount for normal users

Synopsis

smbumount {mount-point}

DESCRIPTION

With this program, normal users can unmount smb-filesystems, + provided that it is suid root. smbumount has + been written to give normal Linux users more control over their + resources. It is safe to install this program suid root, because only + the user who has mounted a filesystem is allowed to unmount it again. + For root it is not necessary to use smbumount. The normal umount + program works perfectly well, but it would certainly be problematic + to make umount setuid root.

OPTIONS

mount-point

The directory to unmount.

AUTHOR

Volker Lendecke, Andrew Tridgell, Michael H. Warfield + and others.

The current maintainer of smbfs and the userspace + tools smbmount, smbumount, + and smbmnt is Urban Widmark. + The SAMBA Mailing list + is the preferred place to ask questions regarding these programs. +

The conversion of this manpage for Samba 2.2 was performed + by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/swat.8.html b/docs/htmldocs/swat.8.html new file mode 100644 index 00000000000..386fe5bc7af --- /dev/null +++ b/docs/htmldocs/swat.8.html @@ -0,0 +1,420 @@ +swat

swat

Name

swat -- Samba Web Administration Tool

Synopsis

swat [-s <smb config file>] [-a]

DESCRIPTION

This tool is part of the Samba suite.

swat allows a Samba administrator to + configure the complex smb.conf(5) file via a Web browser. In addition, + a swat configuration page has help links + to all the configurable options in the smb.conf file allowing an + administrator to easily look up the effects of any change.

swat is run from inetd

OPTIONS

-s smb configuration file

The default configuration file path is + determined at compile time. The file specified contains + the configuration details required by the smbd + server. This is the file that swat will modify. + The information in this file includes server-specific + information such as what printcap file to use, as well as + descriptions of all the services that the server is to provide. + See smb.conf for more information. +

-a

This option disables authentication and puts + swat in demo mode. In that mode anyone will be able to modify + the smb.conf file.

Do NOT enable this option on a production + server.

INSTALLATION

After you compile SWAT you need to run make install + to install the swat binary + and the various help files and images. A default install would put + these in:

  • /usr/local/samba/bin/swat

  • /usr/local/samba/swat/images/*

  • /usr/local/samba/swat/help/*

Inetd Installation

You need to edit your /etc/inetd.conf + and /etc/services + to enable SWAT to be launched via inetd.

In /etc/services you need to + add a line like this:

swat 901/tcp

Note for NIS/YP users - you may need to rebuild the + NIS service maps rather than alter your local /etc/services file.

the choice of port number isn't really important + except that it should be less than 1024 and not currently + used (using a number above 1024 presents an obscure security + hole depending on the implementation details of your + inetd daemon).

In /etc/inetd.conf you should + add a line like this:

swat stream tcp nowait.400 root + /usr/local/samba/bin/swat swat

One you have edited /etc/services + and /etc/inetd.conf you need to send a + HUP signal to inetd. To do this use kill -1 PID + where PID is the process ID of the inetd daemon.

Launching

To launch SWAT just run your favorite web browser and + point it at "http://localhost:901/".

Note that you can attach to SWAT from any IP connected + machine but connecting from a remote machine leaves your + connection open to password sniffing as passwords will be sent + in the clear over the wire.

FILES

/etc/inetd.conf

This file must contain suitable startup + information for the meta-daemon.

/etc/services

This file must contain a mapping of service name + (e.g., swat) to service port (e.g., 901) and protocol type + (e.g., tcp).

/usr/local/samba/lib/smb.conf

This is the default location of the smb.conf(5) + server configuration file that swat edits. Other + common places that systems install this file are /usr/samba/lib/smb.conf and /etc/smb.conf + . This file describes all the services the server + is to make available to clients.

WARNINGS

swat will rewrite your smb.conf + file. It will rearrange the entries and delete all + comments, include= and copy=" + options. If you have a carefully crafted smb.conf then back it up or don't use swat!

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

inetd(5), + smbd(8), + smb.conf(5) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/testparm.1.html b/docs/htmldocs/testparm.1.html new file mode 100644 index 00000000000..bae907c687a --- /dev/null +++ b/docs/htmldocs/testparm.1.html @@ -0,0 +1,298 @@ +testparm

testparm

Name

testparm -- check an smb.conf configuration file for + internal correctness

Synopsis

testparm [-s] [-h] [-L <servername>] {config filename} [hostname hostIP]

DESCRIPTION

This tool is part of the Samba suite.

testparm is a very simple test program + to check an smbd configuration file for + internal correctness. If this program reports no problems, you + can use the configuration file with confidence that smbd + will successfully load the configuration file.

Note that this is NOT a guarantee that + the services specified in the configuration file will be + available or will operate as expected.

If the optional host name and host IP address are + specified on the command line, this test program will run through + the service entries reporting whether the specified host + has access to each service.

If testparm finds an error in the smb.conf file it returns an exit code of 1 to the calling + program, else it returns an exit code of 0. This allows shell scripts + to test the output from testparm.

OPTIONS

-s

Without this option, testparm + will prompt for a carriage return after printing the service + names and before dumping the service definitions.

-h

Print usage message

-L servername

Sets the value of the %L macro to servername. + This is useful for testing include files specified with the + %L macro.

configfilename

This is the name of the configuration file + to check. If this parameter is not present then the + default smb.conf file will be checked. +

hostname

If this parameter and the following are + specified, then testparm will examine the hosts + allow and hosts deny + parameters in the smb.conf file to + determine if the hostname with this IP address would be + allowed access to the smbd server. If + this parameter is supplied, the hostIP parameter must also + be supplied.

hostIP

This is the IP address of the host specified + in the previous parameter. This address must be supplied + if the hostname parameter is supplied.

FILES

smb.conf

This is usually the name of the configuration + file used by smbd. +

DIAGNOSTICS

The program will issue a message saying whether the + configuration file loaded OK or not. This message may be preceded by + errors and warnings if the file did not load. If the file was + loaded OK, the program then dumps all known service details + to stdout.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

smb.conf(5), + smbd(8) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/testprns.1.html b/docs/htmldocs/testprns.1.html new file mode 100644 index 00000000000..4929415da02 --- /dev/null +++ b/docs/htmldocs/testprns.1.html @@ -0,0 +1,252 @@ +testprns

testprns

Name

testprns -- check printer name for validity with smbd

Synopsis

testprns {printername} [printcapname]

DESCRIPTION

This tool is part of the Samba suite.

testprns is a very simple test program + to determine whether a given printer name is valid for use in + a service to be provided by smbd(8).

"Valid" in this context means "can be found in the + printcap specified". This program is very stupid - so stupid in + fact that it would be wisest to always specify the printcap file + to use.

OPTIONS

printername

The printer name to validate.

Printer names are taken from the first field in each + record in the printcap file, single printer names and sets + of aliases separated by vertical bars ("|") are recognized. + Note that no validation or checking of the printcap syntax is + done beyond that required to extract the printer name. It may + be that the print spooling system is more forgiving or less + forgiving than testprns. However, if + testprns finds the printer then + smbd should do so as well.

printcapname

This is the name of the printcap file within + which to search for the given printer name.

If no printcap name is specified testprns + will attempt to scan the printcap file name + specified at compile time.

FILES

/etc/printcap

This is usually the default printcap + file to scan. See printcap (5). +

DIAGNOSTICS

If a printer is found to be valid, the message + "Printer name <printername> is valid" will be + displayed.

If a printer is found to be invalid, the message + "Printer name <printername> is not valid" will be + displayed.

All messages that would normally be logged during + operation of the Samba daemons are logged by this program to the + file test.log in the current directory. The + program runs at debuglevel 3, so quite extensive logging + information is written. The log should be checked carefully + for errors and warnings.

Other messages are self-explanatory.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

printcap(5), + smbd(8), + smbclient(1) +

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

The original Samba man pages were written by Karl Auer. + The man page sources were converted to YODL format (another + excellent piece of Open Source software, available at + ftp://ftp.icce.rug.nl/pub/unix/) and updated for the Samba 2.0 + release by Jeremy Allison. The conversion to DocBook for + Samba 2.2 was done by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/using_samba/appa_01.html b/docs/htmldocs/using_samba/appa_01.html new file mode 100644 index 00000000000..30080dffbf6 --- /dev/null +++ b/docs/htmldocs/using_samba/appa_01.html @@ -0,0 +1,153 @@ + + + +[Appendix A] Configuring Samba with SSL + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 9.3 Extra Resources + + +Appendix A + +Next: A.2 Requirements
 
+ +
+
+

+ +A. Configuring Samba with SSL

+

+ +Contents:
+ +About Certificates
+ +Requirements
+ +Installing SSLeay
+ +Setting Up SSL Proxy
+ +SSL Configuration Options

+

This appendix describes how to set up Samba to use secure connections between the Samba server and its clients. The protocol used here is Netscape's Secure Sockets Layer (SSL). For this example, we will establish a secure connection between a Samba server and a Windows NT workstation.

+Before we begin, we will assume that you are familiar with the fundamentals of public-key cryptography and X.509 certificates. If not, we highly recommend Bruce Schneier's +Applied Cryptography, 2nd Edition (Wiley) as the premiere source for learning the many secret faces of cryptography.

+If you would like more information on Samba and SSL, be sure to look at the document +SSLeay.txt in the +docs/textdocs directory of the Samba distribution, which is the basis for this appendix.

+

+ +A.1 About Certificates

+Here are a few quick questions and answers from the +SSLeay.txt file in the Samba documentation, regarding the benefits of SSL and certificates. This text was written by Christian Starkjohann for the Samba projects.

+

+ +A.1.1 What is a Certificate?

+A certifcate is issued by an issuer, usually a +Certification Authority (CA), who confirms something by issuing the certificate. The subject of this confirmation depends on the CA's policy. CAs for secure web servers (used for shopping malls, etc.) usually attest only that the given public key belongs the given domain name. Company-wide CAs might attest that you are an employee of the company, that you have permissions to use a server, and so on.

+

+ +A.1.2 What is an X.509 certificate, technically?

+Technically, the certificate is a block of data signed by the certificate issuer (the CA). The relevant fields are:

    +
  • +

    + +Unique identifier (name) of the certificate issuer

  • +

    + +Time range during which the certificate is valid

  • +

    + +Unique identifier (name) of the certified object

  • +

    + +Public key of the certified object

  • +

    + +The issuer's signature over all the above

+If this certificate is to be verified, the verifier must have a table of the names and public keys of trusted CAs. For simplicity, these tables should list certificates issued by the respective CAs for themselves (self-signed certificates).

+

+ +A.1.3 What are the implications of this certificate structure?

+Four implications follow:

    +
  • +

    + +Because the certificate contains the subjects's public key, the certificate and the private key together are all that is needed to encrypt and decrypt.

  • +

    + +To verify certificates, you need the certificates of all CAs you trust.

  • +

    + +The simplest form of a dummy-certificate is one that is signed by the subject.

  • +

    + +A CA is needed. The client can't simply issue local certificates for servers it trusts because the server determines which certificate it presents.

+
+
+
+ + +
+ +Previous: 9.3 Extra Resources + + + +Next: A.2 Requirements
+9.3 Extra Resources + +Book Index +A.2 Requirements
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appa_02.html b/docs/htmldocs/using_samba/appa_02.html new file mode 100644 index 00000000000..e69b2fd9128 --- /dev/null +++ b/docs/htmldocs/using_samba/appa_02.html @@ -0,0 +1,100 @@ + + + +[Appendix A] A.2 Requirements + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: A.1 About Certificates + + + +Appendix A
+Configuring Samba with SSL		 + +Next: A.3 Installing SSLeay
 
+ +
+
+

+ +A.2 Requirements

To set up SSL connections, you will need to download two programs in addition to Samba:

+
SSLeay
+

+Eric Young's implementation of the Secure Socket's Layer (SSL) protocol as a series of Unix programming libraries

SSL Proxy
+

+A freeware SSL application from Objective Development, which can be used to proxy a secure link on Unix or Windows NT platforms

+These two products assist with the server and client side of the encrypted SSL connection. The SSLeay libraries are compiled and installed directly on the Unix system. SSL Proxy, on the other hand, can be downloaded and compiled (or downloaded in binary format) and located on the client side. If you intend to have a Windows NT client or a Samba client on the other end of the SSL connection, you will not require a special setup.

+SSL Proxy, however, does not work on Windows 95/98 machines. Therefore, if you want to have a secure connection between a Samba server and Windows 95/98 client, you will need to place either a Unix server or a Windows NT machine on the same subnet with the Windows 9 +x clients and route all network connections through the SSL-Proxy-enabled machine. See +Figure A.1.

+ +Figure A.1: Two possible ways of proxying Windows 95/98 clients

Figure A.1

+For the purposes of this chapter, we will create a simple SSL connection between the Samba server and a Windows NT client. This configuration can be used to set up more complex networks at the administrator's discretion.

+
+
+
+ + +
+ +Previous: A.1 About Certificates + + + +Next: A.3 Installing SSLeay
+A.1 About Certificates + +Book Index +A.3 Installing SSLeay
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appa_03.html b/docs/htmldocs/using_samba/appa_03.html new file mode 100644 index 00000000000..f8cdb139315 --- /dev/null +++ b/docs/htmldocs/using_samba/appa_03.html @@ -0,0 +1,325 @@ + + + +[Appendix A] A.3 Installing SSLeay + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: A.2 Requirements + + + +Appendix A
+Configuring Samba with SSL		 + +Next: A.4 Setting Up SSL Proxy
 
+ +
+
+

+ +A.3 Installing SSLeay

+Samba uses the SSLeay package, written by Eric Young, to provide Secure Sockets Layer support on the server side. Because of U.S. export law, however, the SSLeay package cannot be shipped with Samba distributions that are based in the United States. For that reason, the Samba creators decided to leave it as a separate package entirely. You can download the SSLeay distribution from any of the following sites:

+The latest version as of this printing is 0.9.0b. Download it to the same server as the Samba distribution, then uncompress and untar it. You should be left with a directory entitled +SSLeay-0.9.0b. After changing to that directory, you will need to configure and build the SSL encryption package in the same way that you did with Samba.

+SSLeay uses a Perl-based +configure script. This script modifies the Makefile that constructs the utilities and libraries of the SSLeay package. However, the default script is hardcoded to find Perl at +/usr/local/bin/perl. You may need to change the +configure script to point to the location of the Perl executable file on your Unix system. For example, you can type the following to locate the Perl executable:

# which perl
+/usr/bin/perl

+Then modify the first line of the +configure script to force it to use the correct Perl executable. For example, on our Red Hat Linux system:

+#!/usr/bin/perl
+#
+# see PROBLEMS for instructions on what sort of things to do
+# when tracking a bug -tjh
+...

+After that, you need to run the +configure script by specifying a target platform for the distribution. This target platform can be any of the following:

+BC-16              BC-32              FreeBSD            NetBSD-m86
+NetBSD-sparc       NetBSD-x86         SINIX-N            VC-MSDOS
+VC-NT              VC-W31-16          VC-W31-32          VC-WIN16
+VC-WIN32           aix-cc             aix-gcc            alpha-cc
+alpha-gcc          alpha400-cc        cc                 cray-t90-cc
+debug              debug-irix-cc      debug-linux-elf    dgux-R3-gcc
+dgux-R4-gcc        dgux-R4-x86-gcc    dist               gcc
+hpux-cc            hpux-gcc           hpux-kr-cc         irix-cc
+irix-gcc           linux-aout         linux-elf          ncr-scde
+nextstep           purify             sco5-cc            solaris-sparc-cc
+solaris-sparc-gcc  solaris-sparc-sc4  solaris-usparc-sc4 solaris-x86-gcc
+sunos-cc           sunos-gcc          unixware-2.0       unixware

+For our system, we would enter the following:

+# ./Configure linux-elf
+CC            =gcc
+CFLAG         =-DL_ENDIAN -DTERMIO -DBN_ASM -O3 -fomit-frame-pointer 
+EX_LIBS       =
+BN_MULW       =asm/bn86-elf.o
+DES_ENC       =asm/dx86-elf.o asm/yx86-elf.o
+BF_ENC        =asm/bx86-elf.o
+CAST_ENC      =asm/cx86-elf.o
+RC4_ENC       =asm/rx86-elf.o
+RC5_ENC       =asm/r586-elf.o
+MD5_OBJ_ASM   =asm/mx86-elf.o
+SHA1_OBJ_ASM  =asm/sx86-elf.o
+RMD160_OBJ_ASM=asm/rm86-elf.o
+THIRTY_TWO_BIT mode
+DES_PTR used
+DES_RISC1 used
+DES_UNROLL used
+BN_LLONG mode
+RC4_INDEX mode

+After the package has been configured, you can build it by typing +make. If the build did not successfully complete, consult the documentation that comes with the distribution or the FAQ at http://www.cryptsoft.com/ssleay/ for more information on what may have happened. If the build did complete, type +make +install to install the libraries on the system. Note that the makefile installs the package in +/usr/local/ssl by default. If you decide to install it in another directory, remember the directory when configuring Samba to use SSL.

+

+ +A.3.1 Configuring SSLeay for Your System

+The first thing you need to do is to set the +PATH environment variable on your system to include the +/bin directory of the SSL distribution. This can be done with the following statement:

+PATH=$PATH:/usr/local/ssl/bin

+That's the easy part. Following that, you will need to create a random series of characters that will be used to prime SSLeay's random number generator. The random number generator will be used to create key pairs for both the clients and the server. You can create this random series by filling a text file of a long series of random characters. For example, you can use your favorite editor to create a text file with random characters, or use this command and enter arbitrary characters at the standard input:

+cat >/tmp/private.txt

+The Samba documentation recommends that you type characters for longer than a minute before interrupting the input stream by hitting Control-D. Try not to type only the characters that are under your fingers on the keyboard; throw in some symbols and numbers as well. Once you've completed the random file, you can prime the random number generator with the following command:

+# ssleay genrsa -rand /tmp/private.txt >/dev/null
+2451 semi-random bytes loaded
+Generating RSA private key, 512 bit long modulus
+..+++++
+.................................+++++
+e is 65537 (0x10001)

+You can safely ignore the output of this command. After it has completed, remove the series of characters used to create the key because this could be used to recreate any private keys that were generated from this random number generator:

+rm -f /tmp/private.txt

+The result of this command is the hidden file . +rnd, which is stored in your home directory. SSLeay will use this file when creating key pairs in the future.

+

+ +A.3.2 Configuring Samba to use SSL

At this point, you can compile Samba to use SSL. Recall that in Chapter 2, Installing Samba on a Unix System, we said you have to first run the configure script, which initializes the makefile, before you compile Samba. In order to use SSL with Samba, you will need to reconfigure the makefile:

+./configure --with-ssl

+After that, you can compile Samba with the following commands:

# make clean
+# make all

+If you encounter an error that says the +smbd executable is missing the file +ssl.h, you probably didn't install SSLeay in the default directory. Use the configure option +--with-sslinc to point to the base directory of the SSL distribution - in this case, the directory that contains +include/ssl.h.

+On the other hand, if you have a clean compile, you're ready to move on to the next step: creating certificates.

+

+ +A.3.3 Becoming a Certificate Authority

+ +The SSL protocol requires the use of X.509 certificates in the protocol handshake to ensure that either one or both parties involved in the communication are indeed who they say they are. Certificates in real life, such as those use for SSL connections on public web sites, can cost in the arena of $300 a year. This is because the certificate must have a digital signature placed on it by a +certificate authority. A certificate authority is an entity that vouches for the authenticity of a digital certificate by signing it with its own private key. This way, anyone who wishes to check the authenticity of the certificate can simply use the certificate authority's public key to check the signature.

+You are allowed to use a public certificate authority with SSLeay. However, you don't have to. Instead, SSLeay will allow you to declare yourself a trusted certificate authority - specifying which clients you choose to trust and which clients you do not. In order to do this, you will need to perform several tasks with the SSLeay distribution.

+The first thing you need to do is specify a secure location where the certificates of the clients and potentially the server will be stored. We have chosen +/etc/certificates as our default. Execute the following commands as +root: 

# cd /etc
+# mkdir certificates
+# chmod 700 certificates

+Note that we shut out all access to users other than +root for this directory. This is very important.

+Next, you need to set up the SSLeay scripts and configuration files to use the certificates stored in this directory. In order to do this, first modify the +CA.sh script located at +/usr/local/ssl/bin/CA.sh to specify the location of the directory you just created. Find the line that contains the following entry:

+CATOP=./demoCA

+Then change it to:

+CATOP=/etc/certificates

+Next, you need to modify the +/usr/local/ssl/lib/ssleay.cnf file to specify the same directory. Find the entry:

+[ CA_default ]
+dir     = ./demoCA             # Where everything is kept

+Then change it to:

+[ CA_default ]
+dir     =  /etc/certificates   # Where everything is kept

+Next, run the certificate authority setup script, +CA.sh, in order to create the certificates. Be sure to do this as the same user that you used to prime the random number generator above:

+/usr/local/ssl/bin/CA.sh -newca
+mkdir: cannot make directory '/etc/certificates': File exists
+CA certificate filename (or enter to create)

+Press the Enter key to create a certificate for the CA. You should then see:

+Making CA certificate ...
+Using configuration from /usr/local/ssl/lib/ssleay.cnf
+Generating a 1024 bit RSA private key
+.............................+++++
+.....................+++++
+writing new private key to /etc/certificates/private/cakey.pem
+Enter PEM pass phrase:

+Enter a new pass phrase for your certificate. You will need to enter it twice correctly before SSLeay will accept it:

+Enter PEM pass phrase:
+Verifying password - Enter PEM pass phrase:

+Be sure to remember this pass phrase. You will need it to sign the client certificates in the future. Once SSLeay has accepted the pass phrase, it will continue on with a series of questions for each of the fields in the X509 certificate:

+You are about to be asked to enter information that will be
+incorporated into your certificate request.
+What you are about to enter is what is called a Distinguished
+Name or a DN.
+There are quite a few fields but you can leave some blank
+For some fields there will be a default value,
+If you enter '.', the field will be left blank.

+Fill out the remainder of the fields with information about your organization. For example, our certificate looks like this:

+Country Name (2 letter code) [AU]:
+
+US
+State or Province Name (full name) [Some-State]:
+
+California
+Locality Name (eg, city) []:
+
+Sebastopol
+Organization Name (eg, company) []:
+
+O'Reilly
+Organizational Unit Name (eg, section) []:
+
+Books
+Common Name (eg, YOUR name) []:
+
+John Doe
+Email Address []:
+
+doe@ora.com

+After that, SSLeay will be configured as a certificate authority and can be used to sign certificates for client machines that will be connecting to the Samba server.

+

+ +A.3.4 Creating Certificates for Clients

+It's simple to create a certificate for a client machine. First, you need to generate a public/private key pair for each entity, create a certificate request file, and then use +SSLeay to sign the file as a trusted authority.

+For our example client +phoenix, this boils down to three SSLeay commands. The first generates a key pair for the client and places it in the file +phoenix.key. The private key will be encrypted, in this case using triple DES. Enter a pass phrase when requested below - you'll need it for the next step:

+# ssleay genrsa -des3 1024 >phoenix.key
+1112 semi-random bytes loaded
+Generating RSA private key, 1024 bit long modulus
+........................................+++++
+.............+++++
+e is 65537 (0x10001)
+Enter PEM pass phrase:
+Verifying password - Enter PEM pass phrase:

+After that command has completed, type in the following command:

# ssleay req -new -key phoenix.key -out phoenix-csr
+Enter PEM pass phrase:

+Enter the pass phrase for the client certificate you just created (not the certificate authority). At this point, you will need to answer the questionnaire again, this time for the client machine. In addition, you must type in a challenge password and an optional company name - those do not matter here. When the command completes, you will have a certificate request in the file +phoenix-csr.

+Then, you must sign the certificate request as the trusted certificate authority. Type in the following command:

# ssleay ca -days 1000 -inflies phoenix-csr >phoenix.pem

+This command will prompt you to enter the PEM pass phrase of the +certificate authority. Be sure that you do not enter the PEM pass phrase of the client certificate that you just created. After entering the correct pass phrase, you should see the following:

+Check that the request matches the signature
+Signature ok
+The Subjects Distinguished Name is as follows:
+...

+This will be followed by the information that you just entered for the client certificate. If there is an error in the fields, the program will notify you. On the other hand, if everything is fine, SSLeay will confirm that it should sign the certificate and commit it to the database. This adds a record of the certificate to the +/etc/certificates/newcerts directory.

+The operative files at the end of this exercise are the +phoenix.key and +phoenix.pem files, which reside in the current directory. These files will be passed off to the client with whom the SSL-enabled Samba server will interact, and will be used by SSL Proxy. +

+

+A.3.5 Configuring the Samba Server

+The next step is to modify the Samba configuration file to include the following setup options. These options assume that you created the certificates directory for the certificate authority at +/etc/certificates :

+[global]
+	ssl = yes
+	ssl server cert = /etc/certificates/cacert.pem
+	ssl server key = /etc/certificates/private/cakey.pem
+	ssl CA certDir = /etc/certificates

+At this point, you will need to kill the Samba daemons and restart them manually:

+# nmbd -D
+# smbd -D
+Enter PEM pass phrase:

+You will need to enter the PEM pass phrase of the certificate authority to start up the Samba daemons. Note that this may present a problem in terms of starting the program using ordinary means. However, you can get around this using advanced scripting languages, such as Expect or Python.

+

+ +A.3.6 Testing with smbclient

+A good way to test whether Samba is working properly is to use the + smbclient program. On the Samba server, enter the following command, substituting the appropriate share and user for a connection:

+# smbclient //hydra/data -U tom

+You should see several debugging statements followed by a line indicating the negotiated cipher, such as:

+SSL: negotiated cipher: DES-CBC3-SHA

+After that, you can enter your password and connect to the share normally. If this works, you can be sure that Samba is correctly supporting SSL connections. Now, on to the client setup.

+
+
+
+ + +
+ +Previous: A.2 Requirements + + + +Next: A.4 Setting Up SSL Proxy
+A.2 Requirements + +Book Index +A.4 Setting Up SSL Proxy
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appa_04.html b/docs/htmldocs/using_samba/appa_04.html new file mode 100644 index 00000000000..d4f99e29511 --- /dev/null +++ b/docs/htmldocs/using_samba/appa_04.html @@ -0,0 +1,135 @@ + + + +[Appendix A] A.4 Setting Up SSL Proxy + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: A.3 Installing SSLeay + + + +Appendix A
+Configuring Samba with SSL		 + +Next: A.5 SSL Configuration Options
 
+ +
+
+

+ +A.4 Setting Up SSL Proxy

+The SSL Proxy program is available as a standalone binary or as source code. You can download it from +http://obdev.at/Products/sslproxy.html.

+Once it is downloaded, you can configure and compile it like Samba. We will configure it on a Windows NT system. However, setting it up for a Unix system involves a nearly identical series of steps. Be sure that you are the superuser (administrator) for the next series of steps.

+If you downloaded the binary for Windows NT, you should have the following files in a directory:

    +
  • +

    + + +cygwinb19.dll

  • +

    + + +README.TXT

  • +

    + + +sslproxy.exe

  • +

    + + +dummyCert.pem

+The only one that you will be interested in is the SSL Proxy executable. Copy over the +phoenix.pem and +phoenix.key files that you generated earlier for the client to the same directory as the SSL proxy executable. Make sure that the directory is secure from the prying eyes of other users.

+The next step is to ensure that the Windows NT machine can resolve the NetBIOS name of the Samba server. This means that you should either have a WINS server up and running (the Samba server can perform this task with the +wins +support += +yes option) or have it listed in the appropriate +hosts file of the system. See Chapter 7, Printing and Name Resolution, for more information on WINS server.[1]

+
+

+[1] If you are running SSL Proxy on a Unix server, you should ensure that the DNS name of the Samba server can be resolved.

+Finally, start up SSL Proxy with the following command. Here, we assume that +hydra is the name of the Samba server:

+# C:\SSLProxy>sslproxy -l 139 -R hydra -r 139 -n -c phoenix.pem -k phoenix.key

+This tells SSL Proxy to listen for connections to port 139 and relay those requests to port 139 on the NetBIOS machine +hydra. It also instructs SSL Proxy to use the +phoenix.pem and +phoenix.key files to generate the certificate and keys necessary to initiate the SSL connection. SSL Proxy responds with:

+Enter PEM pass phrase:

+Enter the PEM pass phrase of the client keypair that you generated, +not the certificate authority. You should then see the following output:

+SSL: No verify locations, trying default
+proxy ready, listening for connections

+That should take care of the client. You can place this command in a startup sequence on either Unix or Windows NT if you want this functionality available at all times. Be sure to set any clients you have connecting to the NT server (including the NT server itself) to point to this server instead of the Samba server.

+After you've completed setting this up, try to connect using clients that proxy through the NT server. You should find that it works almost transparently.

+
+
+
+ + +
+ +Previous: A.3 Installing SSLeay + + + +Next: A.5 SSL Configuration Options
+A.3 Installing SSLeay + +Book Index +A.5 SSL Configuration Options
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appa_05.html b/docs/htmldocs/using_samba/appa_05.html new file mode 100644 index 00000000000..2048040ec97 --- /dev/null +++ b/docs/htmldocs/using_samba/appa_05.html @@ -0,0 +1,460 @@ + + + +[Appendix A] A.5 SSL Configuration Options + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: A.4 Setting Up SSL Proxy + + + +Appendix A
+Configuring Samba with SSL		 + +Next: B. Samba Performance Tuning
 
+ +
+
+

+ +A.5 SSL Configuration Options

+Table A.1 summarizes the configuration options introduced in the previous section for using SSL. Note that all of these options are global in scope; in other words, they must appear in the +[global] section of the configuration file.


+ + + + + + + + + + + + + + + + + + +
+ +Table A.1: SSL Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +ssl

 +

+boolean

 +

+Indicates whether SSL mode is enabled with Samba.

 +

+ +no

 +

+Global

+

+ +ssl hosts

 +

+string (list of addresses)

 +

+Specifies a list of hosts that must always connect using SSL.

 +

+None

 +

+Global

+

+ +ssl hosts resign

 +

+string (list of addresses)

 +

+Specifies a list of hosts that never connect using SS.

 +

+None

 +

+Global

+

+ +ssl CA certDir

 +

+string (fully-qualified pathname)

 +

+Specifies the directory where the certificates are stored.

 +

+None

 +

+Global

+

+ +ssl CA certFile

 +

+string (fully-qualified pathname)

 +

+Specifies a file that contains all of the certificates for Samba.

 +

+None

 +

+Global

+

+ +ssl server cert

 +

+string (fully-qualified pathname)

 +

+Specifies the location of the server's certificate.

 +

+None

 +

+Global

+

+ +ssl server key

 +

+string (fully-qualified pathname)

 +

+Specifies the location of the server's private key.

 +

+None

 +

+Global

+

+ +ssl client cert

 +

+string (fully-qualified pathname)

 +

+Specifies the location of the client's certificate.

 +

+None

 +

+Global

+

+ +ssl client key

 +

+string (fully-qualified pathname)

 +

+Specifies the location of the client's private key.

 +

+None

 +

+Global

+

+ +ssl require clientcert

 +

+boolean

 +

+Indicates whether Samba should require each client to have a certificate.

 +

+ +no

 +

+Global

+

+ +ssl require servercert

 +

+boolean

 +

+Indicates whether the server itself should have a certificate.

 +

+ +no

 +

+Global

+

+ +ssl ciphers

 +

+String

+

+Specifies the cipher suite to use during protocol negotiation.

 +

+None

 +

+Global

+

+ +ssl version

 +

+ +ssl2or3, +ssl3, or +tls1

 +

+Specifies the version of SSL to use.

 +

+ +ssl2or3

 +

+Global

+

+ +ssl compatibility

 +

+boolean

 +

+Indicates whether compatibility with other implementations of SSL should be activated.

 +

+ +no

 +

+Global

+

+ +A.5.1 ssl

+This global option configures Samba to use SSL for communication between itself and clients. The default value of this option is +no. You can reset it as follows:

+[global]
+	ssl = yes

+Note that in order to use this option, you must have a proxy for Windows 95/98 clients, such as in the model presented earlier in this chapter.

+

+ +A.5.2 ssl hosts

+This option specifies the hosts that will be forced into using SSL. The syntax for specifying hosts and addresses is the same as the +hosts +allow and the +hosts +deny configuration options. For example:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.

+This example specifies that all hosts that fall into the 192.168.220 subnet must use SSL connections with the client. This type of structure is useful if you know that various connections will be made by a subnet that lies across an untrusted network, such as the Internet. If neither this option nor the +ssl +hosts +resign option has been specified, and +ssl is set to +yes, Samba will allow only SSL connections from all clients.

+

+ +A.5.3 ssl hosts resign

+This option specifies the hosts that will +not be forced into SSL mode. The syntax for specifying hosts and addresses is the same as the +hosts +allow and the +hosts +deny configuration options. For example:

+[global]
+	ssl = yes
+	ssl hosts resign = 160.2.310. 160.2.320.

+This example specifies that all hosts that fall into the 160.2.310 or 160.2.320 subnets will not use SSL connections with the client. If neither this option nor the +ssl +hosts option has been specified, and +ssl is set to +yes, Samba will allow only SSL connections from all clients.

+

+ +A.5.4 ssl CA certDir

+This option specifies the directory containing the certificate authority's certificates that Samba will use to authenticate clients. There must be one file in this directory for each certificate authority, named as specified earlier in this chapter. Any other files in this directory are ignored. For example:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certDir = /usr/local/samba/cert

+There is no default for this option. You can alternatively use the option +ssl +CA +certFile if you wish to place all the certificate authority information in the same file.

+

+ +A.5.5 ssl CA certFile

+This option specifies a file that contains the certificate authority's certificates that Samba will use to authenticate clients. This option differs from +ssl +CA +certDir in that there is only one file used for all the certificate authorities. An example of its usage follows:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile

+There is no default for this option. You can also use the option +ssl +CA +certDir if you wish to have a separate file for each certificate authority that Samba trusts.

+

+ +A.5.6 ssl server cert

+This option specifies the location of the server's certificate. This option is mandatory; the server must have a certificate in order to use SSL. For example: 

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl server cert = /usr/local/samba/private/server.pem

+There is no default for this option. Note that the certificate may contain the private key for the server.

+

+ +A.5.7 ssl server key

+This option specifies the location of the server's private key. You should ensure that the location of the file cannot be accessed by anyone other than +root. For example:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl server key = /usr/local/samba/private/samba.pem

+There is no default for this option. Note that the private key may be contained in the certificate for the server.

+

+ +A.5.8 ssl client cert

+This option specifies the location of the client's certificate. The certificate may be requested by the Samba server with the +ssl +require +clientcert option; the certificate is also used by +smbclient. For example: 

+[global]
+    ssl = yes
+    ssl hosts = 192.168.220.
+    ssl CA certFile = /usr/local/samba/cert/certFile
+    ssl server cert = /usr/local/ssl/private/server.pem
+    ssl client cert= /usr/local/ssl/private/clientcert.pem

+There is no default for this option.

+

+ +A.5.9 ssl client key

+This option specifies the location of the client's private key. You should ensure that the location of the file cannot be accessed by anyone other than +root. For example:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certDir = /usr/local/samba/cert/
+	ssl server key = /usr/local/ssl/private/samba.pem
+	ssl client key = /usr/local/ssl/private/clients.pem

+There is no default for this option. This option is only needed if the client has a certificate.

+

+ +A.5.10 ssl require clientcert

+This option specifies whether the client is required to have a certificate. The certificates listed with either the +ssl +CA +certDir or the +ssl +CA +certFile will be searched to confirm that the client has a valid certificate and is authorized to connect to the Samba server. The value of this option is a simple boolean. For example:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl require clientcert = yes

+We recommend that you require certificates from all clients that could be connecting to the Samba server. The default value for this option is +no.

+

+ +A.5.11 ssl require servercert

+This option specifies whether the server is required to have a certificate. Again, this will be used by the +smbclient program. The value of this option is a simple boolean. For example:

+[global]
+	ssl = yes
+	ssl hosts = 192.168.220.
+	ssl CA certFile = /usr/local/samba/cert/certFile
+	ssl require clientcert = yes
+	ssl require servercert = yes

+Although we recommend that you require certificates from all clients that could be connecting to the Samba server, a server certificate is not required. It is, however, recommended. The default value for this option is +no.

+

+ +A.5.12 ssl ciphers

+This option sets the ciphers on which SSL will decide during the negotiation phase of the SSL connection. Samba can use any of the following ciphers:

+DEFAULT
+DES-CFB-M1
+NULL-MD5
+RC4-MD5
+EXP-RC4-MD5
+RC2-CBC-MD5
+EXP-RC2-CBC-MD5
+IDEA-CBC-MD5
+DES-CBC-MD5
+DES-CBC-SHA
+DES-CBC3-MD5
+DES-CBC3-SHA
+RC4-64-MD5
+NULL

+It is best not to set this option unless you are familiar with the SSL protocol and want to mandate a specific cipher suite.

+

+ +A.5.13 ssl version

+This global option specifies the version of SSL that Samba will use when handling encrypted connections. The default value is +ssl2or3, which specifies that either version 2 or 3 of the SSL protocol can be used, depending on which version is negotiated in the handshake between the server and the client. However, if you want Samba to use only a specific version of the protocol, you can specify the following:

+[global]
+	ssl version = ssl3

+Again, it is best not to set this option unless you are familiar with the SSL protocol and want to mandate a specific version.

+

+ +A.5.14 ssl compatibility

+This global option specifies whether Samba should be configured to use other versions of SSL. However, because no other versions exist at this writing, the issue is moot and the variable should always be left at the default.

+
+
+
+ + +
+ +Previous: A.4 Setting Up SSL Proxy + + + +Next: B. Samba Performance Tuning
A.4 Setting Up SSL Proxy + +Book Index +B. Samba Performance Tuning
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appb_01.html b/docs/htmldocs/using_samba/appb_01.html new file mode 100644 index 00000000000..4e1ec529af7 --- /dev/null +++ b/docs/htmldocs/using_samba/appb_01.html @@ -0,0 +1,162 @@ + + + +[Appendix B] Samba Performance Tuning + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: A.5 SSL Configuration Options + + +Appendix B + +Next: B.2 Samba Tuning
 
+ +
+
+

+ +B. Samba Performance Tuning

+

+ +Contents:
+ +A Simple Benchmark
+ +Samba Tuning
+ +Sizing Samba Servers

+

This appendix discusses various ways of performance tuning and system sizing with Samba. +Performance tuning is the art of finding bottlenecks and adjusting to eliminate them. +Sizing is the practice of eliminating bottlenecks by spending money to avoid having them in the first place. Normally, you won't have to worry about either with Samba. On a completely untuned server, Samba will happily support a small community of users. However, on a properly tuned server, Samba will support at least twice as many users. This chapter is devoted to outlining various performance-tuning and sizing techniques that you can use if you want to stretch your Samba server to the limit.

+

+ +B.1 A Simple Benchmark

How do you know if you're getting reasonable performance? A simple benchmark is to compare Samba with FTP. +Table B.1 shows the throughput, in kilobytes per second, of a pair of servers: a medium-size Sun SPARC Ultra and a small Linux Pentium server. Numbers are reported in kilobytes per second (KB/s).


+ + + + + + + + +
+ +Table B.1: Sample Benchmark Benchmarks
+

+Command

 +

+FTP

 +

+Untuned Samba

 +

+Tuned Samba

+

+Sparc get

 +

+1014.5

 +

+645.3

 +

+866.7

+

+Sparc put

 +

+379.8

+

+386.1

 +

+329.5

+

+Pentium get

 +

+973.27

 +

+N/A

 +

+725

+

+Pentium put

 +

+1014.5

 +

+N/A

 +

+1100

+If you run the same tests on your server, you probably won't see the same numbers. However, you +should see similar ratios of Samba to FTP, probably in the range of 68 to 80 percent. It's not a good idea to base +all of Samba's throughput against FTP. The golden rule to remember is this: if Samba is much slower than FTP, it's time to tune it.

+You might think that an equivalent test would be to compare Samba to NFS. In reality, however, it's much less useful to compare their speeds. Depending entirely on whose version of NFS you have and how well it's tuned, Samba can be slower or faster than NFS. We usually find that Samba is faster, but watch out; NFS uses a different algorithm from Samba, so tuning options that are optimal for NFS may be detrimental for Samba. If you run Samba on a well-tuned NFS server, Samba may perform rather badly.

+A more popular benchmark is Ziff-Davis' +NetBench, a simulation of many users on client machines running word processors and accessing data on the SMB server. It's not a prefect measure (each NetBench client does about ten times the work of a normal user on our site), but it is a fair comparison of similar servers. In tests performed by Jeremy Allison in November 1998, Samba 2.0 on a SGI multiprocessor outperformed NT Server 4.0 (Patch Level 2) on an equivalent high-end Compaq. This was confirmed and strengthened by a Sm@rt Reseller test of NT and Linux on identical hardware in February 1999.

+In April 1999, the Mindcraft test lab released a report about a test showing that Samba on a four-processor Linux machine was significantly slower than native file serving on the same machine running Windows NT. While the original report was slammed by the Open Source community because it was commissioned by Microsoft and tuned the systems to favor Windows NT, a subsequent test was fairer and generally admitted to reveal some areas where Linux needed to improve its performance, especially on multiprocessors. Little was said about Samba itself. Samba is known to scale well on multiprocessors, and exceeds 440MB/s on a four-processor SGI O200, beating Mindcraft's 310MB/s.

+Relative performance will probably change as NT and PC hardware get faster, of course, but Samba is improving as well. For example, Samba 1.9.18 was faster only with more than 35 clients. Samba 2.0, however, is faster regardless of the number of clients. In short, Samba is very competitive with the best networking software in the industry, and is only getting better.

+As we went to press, Andrew Tridgell released the alpha-test version suite of benchmarking programs for Samba and SMB networks. Expect even more work on performance from the Samba team in the future.

+
+
+
+ + +
+ +Previous: A.5 SSL Configuration Options + + + +Next: B.2 Samba Tuning
+A.5 SSL Configuration Options + +Book Index +B.2 Samba Tuning
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appb_02.html b/docs/htmldocs/using_samba/appb_02.html new file mode 100644 index 00000000000..4d2ce9ae3aa --- /dev/null +++ b/docs/htmldocs/using_samba/appb_02.html @@ -0,0 +1,342 @@ + + + +[Appendix B] B.2 Samba Tuning + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: B.1 A Simple Benchmark + + + +Appendix B
+Samba Performance Tuning		 + +Next: B.3 Sizing Samba Servers
 
+ +
+
+

+ +B.2 Samba Tuning

That being said, let's discuss how you can take an already fast networking package and make it even faster.

+

+ +B.2.1 Benchmarking

Benchmarking is an arcane and somewhat black art, but the level of expertise needed for simple performance tuning is fairly low. Since the Samba server's goal in life is to transfer files, we will examine only throughput, not response time to particular events, under the benchmarking microscope. After all, it's relatively easy to measure file transfer speed, and Samba doesn't suffer too badly from response-time problems that would require more sophisticated techniques.

+Our basic strategy for this work will be:

    +
  • +

    + +Find a reasonably-sized file to copy and a program that reports on copy speeds, such as +smbclient.

  • +

    + +Find a quiet (or typical) time to do the test.

  • +

    + +Pre-run each test a few times to preload buffers.

  • +

    + +Run tests several times and watch for unusual results.

  • +

    + +Record each run in detail.

  • +

    + +Compare the average of the valid runs to expected values.

+After establishing a baseline using this method, we can adjust a single parameter and do the measurements all over again. An empty table for your tests is provided at the end of this chapter.

+

+ +B.2.2 Things to Tweak

+There are literally thousands of Samba setting combinations that you can use in search of that perfect server. Those of us with lives outside of system administration, however, can narrow down the number of options to those listed in this section, which are the most likely to affect overall throughput. They are presented roughly in order of impact.

+

+ +B.2.2.1 Log level

This is an obvious one. Increasing the logging level (log +level or +debug +level configuration options) is a good way to debug a problem, unless you happen to be searching for a performance problem! As mentioned in Chapter 4, Disk Shares, Samba produces a ton of debugging messages at level 3 and above, and writing them to disk or syslog is a slow operation. In our +smbclient/ftp tests, raising the log level from 0 to 3 cut the untuned +get +speed from 645.3 to 622.2KB/s, or roughly 5 percent. Higher log levels were even worse.

+

+ +B.2.2.2 Socket options

+The next thing to look at are the +socket +options configuration options. These are really host system tuning options, but they're set on a per-connection basis, and can be reset by Samba on the sockets it employs by adding +socket +options += +option to the +[global] section of your +smb.conf file. Not all of these options are supported by all vendors; check your vendor's manual pages on +setsockopt (1) or +socket (5) for details.

+The main options are:

+
+ +TCP_NODELAY
+

+Have the server send as many packets as necessary to keep delay low. This is used on telnet connections to give good response time, and is used - somewhat counter-intuitively - to get good speed even when doing small requests or when acknowledgments are delayed (as seems to occur with Microsoft TCP/IP). This is worth a 30-50 percent speedup by itself. Incidentally, in Samba 2.0.4, +socket +options += +TCP_NODELAY became the default value for that option.

+ +IPTOS_LOWDELAY
+

+This is another option that trades off throughput for lower delay, but which affects routers and other systems, not the server. All the IPTOS options are new; they're not supported by all operating systems and routers. If they are supported, set +IPTOS_LOWDELAY whenever you set +TCP_NODELAY.

+ +SO_SNDBUF +and +SO_RCVBUF
+

+The send and receive buffers can often be the reset to a value higher than that of the operating system. This yields a marginal increase of speed (until it reaches a point of diminishing returns).

+ +SO_KEEPALIVE
+

+This initiates a periodic (four-hour) check to see if the client has disappeared. Expired connections are addressed somewhat better with Samba's +keepalive and +dead +time options. All three eventually arrange to close dead connections, returning unused memory and process-table entries to the operating system.

+There are several other socket options you might look at, (e.g., +SO_SNDLOWAT), but they vary in availability from vendor to vendor. You probably want to look at +TCP/IP Illustrated if you're interested in exploring more of these options for performance tuning with Samba.

+

+ +B.2.2.3 read raw and write raw

These are important performance configuration options; they enable Samba to use large reads and writes to the network, of up to 64KB in a single SMB request. They also require the largest SMB packet structures, +SMBreadraw and +SMBwriteraw, from which the options take their names. Note that this is not the same as a Unix +raw read. This Unix term usually refers to reading disks without using the files system, quite a different sense from the one described here for Samba.

+In the past, some client programs failed if you tried to use +read +raw. As far as we know, no client suffers from this problem any more. Read and write raw default to +yes, and should be left on unless you find you have one of the buggy clients.

+

+ +B.2.2.4 Opportunistic locking

Opportunistic locks, or +oplocks, allow clients to cache files locally, improving performance on the order of 30 percent. This option is now enabled by default. For read-only files, the +fake +oplocks provides the same functionality without actually doing any caching. If you have files that cannot be cached, +oplocks can be turned off.

+Database files should never be cached, nor should any files that are updated both on the server and the client and whose changes must be immediately visible. For these files, the +veto +oplock +files option allows you to specify a list of individual files or a pattern containing wildcards to avoid caching. +oplocks can be turned off on a share-by-share basis if you have large groups of files you don't want cached on clients. See Chapter 5, Browsing and Advanced Disk Shares, for more information on opportunistic locks.

+

+ +B.2.2.5 IP packet size (MTU)

Networks generally set a limit to the size of an individual transmission or packet This is called the Maximum Segment Size, or if the packet header size is included, the Maximum Transport Unit (MTU). This MTU is not set by Samba, but Samba needs to use a +max +xmit (write size) bigger than the MTU, or throughput will be reduced. This is discussed in further detail in the following note. The MTU is normally preset to 1500 bytes on an Ethernet and 4098 bytes on FDDI. In general, having it too low cuts throughput, and having it too high causes a sudden performance dropoff due to fragmentation and retransmissions.

+If you are communicating over a router, some systems will assume the router is a serial link (e.g., a T1) and set the MTU to more or less 536 bytes. Windows 95 makes this mistake, which causes nearby clients to perform well, but clients on the other side of the router to be noticeably slower. If the client makes the opposite error and uses a large MTU on a link which demands a small one, the packets will be broken up into fragments. This slows transfers slightly, and any networking errors will cause multiple fragments to be retransmitted, which slows Samba significantly. Fortunately, you can modify the Windows MTU size to prevent either error. To understand this in more detail, see "The Windows 95 Networking Frequently Asked Questions (FAQ)" at +http://www.stanford.edu/~llurch/win95netbugs/faq.html, which explains how to override the Windows MTU and Window Size.

+

+ + +B.2.2.6 The TCP receive window

TCP/IP works by breaking down data into small packets that can be transmitted from one machine to another. When each packet is transmitted, it contains a checksum that allows the receiver to check the packet data for potential errors in transmission. Theoretically, when a packet is received and verified, an acknowledgment packet should be sent back to the sender that essentially says, "Everything arrived intact: please continue."

+In order to keep things moving, however, TCP accepts a range (window) of packets that allows a sender to keep transmitting without having to wait for an acknowledgment of every single packet. (It can then bundle a group of acknowledgments and transmit them back to the sender at the same time.) In other words, this receive window is the number of bytes that the sender can transmit before it has to stop and wait for a receiver's acknowledgment. Like the MTU, it is automatically set based on the type of connection. Having the window too small causes a lot of unnecessary waiting for acknowledgment messages. Various operating systems set moderate buffer sizes on a per-socket basis to keep one program from hogging all the memory.

+The buffer sizes are assigned in bytes, such as +SO_SNDBUF=8192 in the +socket +options line. Thus, an example +socket +options configuration option is: 

+socket options = SO_SNDBUF=8192

+Normally, one tries to set these socket options higher than the default: 4098 in SunOS 4.1.3 and SVR4, and 8192-16384 in AIX, Solaris, and BSD. 16384 has been suggested as a good starting point: in a non-Samba test mentioned in Stevens' book, it yielded a 40 percent improvement. You'll need to experiment, because performance will fall off again if you set the sizes too high. This is illustrated in +Figure B.1, a test done on a particular Linux system.

+ +Figure B.1: SO_SNDBUF size and performance

Figure B.1

+Setting the socket options +O_SNDBUF and +SO_RCVBUF to less than the default is inadvisable. Setting them higher improves performance, up to a network-specific limit. However, once you exceed that limit, performance will abruptly level off.

+

+ +B.2.2.7 max xmit

In Samba, the option that is directly related with the MTU and window size is +max +xmit. This option sets the largest block of data Samba will try to write at any one time. It's sometimes known as the +write size, although that is not the name of the Samba configuration option.

+Because the percentage of each block required for overhead falls as the blocks get larger, max xmit is conventionally set as large as possible. It defaults to the protocol's upper limit, which is 64 kilobytes. The smallest value that doesn't cause significant slowdowns is 2048. If it is set low enough, it will limit the largest packet size that Samba will be able to negotiate. This can be used to simulate a small MTU if you need to test an unreliable network connection. However, such a test should not be used in production for reducing the effective MTU.

+

+ +B.2.2.8 read size

If +max +xmit is commonly called the write size, you'd expect +read +size to be the maximum amount of data that Samba would want to read from the client via the network. Actually, it's not. In fact, it's an option to trigger +write ahead. This means that if Samba gets behind reading from the disk and writing to the network (or vice versa) by the specified amount, it will start overlapping network writes with disk reads (or vice versa).

+The read size doesn't have a big performance effect on Unix, unless you set its value quite small. At that point, it causes a detectable slowdown. For this reason, it defaults to 2048 and can't be set lower than 1024.

+ +

+ +B.2.2.9 read prediction

+ +

Besides being counterintuitive, this option is also +obsolete. It enables Samba to read ahead on files opened read only by the +clients. The option is disabled in Samba 2.0 (and late 1.9) because it +interferes with opportunistic locking.

+ +

+ +B.2.2.10 write cache size

+ +

+This parameter was introduced in Samba 2.0.7 to allow tuning the +write-size of RAID disks, as well as allowing general caching of +writes on machines with lots of memory but slow disks.

+ +

It specifies in bytes the size of a per-file write cache that +Samba will create for an oplocked file. This can improve performance +significantly by causing writes to be done in large +chunk sizes.

+ +

Up to 10 write caches can be active simultaneously per smbd, each of +the specified size, allocated to the first 10 oplocked files. As with +other filesystem caches, crashing before the data is written can corrupt +files.

+ +

Setting sync always will override the +write caching, and setting strict sync will +allow Windows clients to override it. Alas, Windows Explorer defaults +to setting the sync bit, so setting strict sync +can be a big performance hit.

+ +

As it's new, we haven't many reports on the performance increase, and +merely suspect it will be considerable.

+
+ + + +

+ +B.2.3 Other Samba Options

The following Samba options will affect performance if they're set incorrectly, much like the debug level. They're mentioned here so you will know what to look out for:

+
+hide files
+

+Providing a pattern to identify files hidden by the Windows client +hide +files will result in any file matching the pattern being passed to the client with the DOS hidden attribute set. It requires a pattern match per file when listing directories, and slows the server noticeably.

+ +lpq cache time
+

If your +lpq (printer queue contents) command takes a long time to complete, you should increase +lpq +cache +time to a value higher than the actual time required for +lpq to execute, so as to keep Samba from starting a new query when one's already running. The default is 10 seconds, which is reasonable.

+ +strict locking
+

Setting the +strict +locking option causes Samba to check for locks on every access, not just when asked to by the client. The option is primarily a bug-avoidance feature, and can prevent ill-behaved DOS and Windows applications from corrupting shared files. However, it is slow and should typically be avoided.

+ +strict sync
+

Setting +strict +sync will cause Samba to write each packet to disk and wait for the write to complete whenever the client sets the sync bit in a packet. Windows 98 Explorer sets the bit in all packets transmitted, so if you turn this on, anyone with Windows 98 will think Samba servers are horribly slow.

+ +sync always
+

Setting +sync +always causes Samba to flush every write to disk. This is good if your server crashes constantly, but the performance costs are immense. SMB servers normally use oplocks and automatic reconnection to avoid the ill effects of crashes, so setting this option is not normally necessary.

+wide links
+

+Turning off +wide +links prevents Samba from following symbolic links in one file share to files that are not in the share. It is turned on by default, since following links in Unix is not a security problem. Turning it off requires extra processing on every file open. If you do turn off wide links, be sure to turn on +getwd +cache to cache some of the required data.

+There is also a +follow +symlinks option that can be turned off to prevent following any symbolic links at all. However, this option does not pose a performance problem.

+getwd cache
+

+This option caches the path to the current directory, avoiding long tree-walks to discover it. It's a nice performance improvement on a printer server or if you've turned off +wide +links.

+

+ +B.2.4 Our Recommendations

Here's an +smb.conf file that incorporates the recommended performance enhancements so far. Comments have been added on the right side.

+[global] 
+	log level = 1                      # Default is 0 
+	socket options = TCP_NODELAY IPTOS_LOWDELAY 
+	read raw = yes                     # Default 
+	write raw = yes                    # Default 
+	oplocks = yes                      # Default 
+	max xmit = 65535                   # Default 
+	dead time = 15                     # Default is 0
+	getwd cache = yes
+	lpq cache = 30
+[okplace] 
+	veto oplock files = this/that/theotherfile
+[badplace] 
+	oplocks = no
+
+
+
+ + +
+ +Previous: B.1 A Simple Benchmark + + + +Next: B.3 Sizing Samba Servers
+B.1 A Simple Benchmark + +Book Index +B.3 Sizing Samba Servers
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appb_03.html b/docs/htmldocs/using_samba/appb_03.html new file mode 100644 index 00000000000..115be4daa37 --- /dev/null +++ b/docs/htmldocs/using_samba/appb_03.html @@ -0,0 +1,876 @@ + + + +[Appendix B] B.3 Sizing Samba Servers + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: B.2 Samba Tuning + + + +Appendix B
+Samba Performance Tuning		 + +Next: C. Samba Configuration Option Quick Reference
 
+ +
+
+

+ +B.3 Sizing Samba Servers

Sizing is a way to prevent bottlenecks before they occur. The preferred way to do this is to know how many requests per second or how many kilobytes per second the clients will need, and ensure that all the components of the server provide at least that many.

+

+ +B.3.1 The Bottlenecks

The three primary bottlenecks you should worry about are CPU, disk I/O, and the network. For most machines, CPUs are rarely a bottleneck. A single Sun SPARC 10 CPU can start (and complete) between 700 and 800 I/O operations a second, giving approximately 5,600 to 6,400KB/s of throughput when the data averages around 8KBs (a common buffer size). A single Intel Pentium 133 can do less only because of somewhat slower cache and bus interfaces, not due to lack of CPU power. Purpose-designed Pentium servers, like some Compaq servers, will be able to start 700 operations per CPUs, on up to four CPUs.

+Too little memory, on the other hand, can easily be a bottleneck; each Samba process will use between 600 and 800KB on Intel Linux, and more on RISC CPUs. Having less will cause an increase in virtual memory paging and therefore a performance hit. On Solaris, where it has been measured, +smbd will use 2.6 MB for program and shared libraries, plus 768KB for each connected client. +nmbd occupies 2.1 MB, plus 496KB extra for its (single) auxiliary process.

+Hard disks will always bottleneck at a specific number of I/O operations per second: for example, each 7200 RPM SCSI disk is capable of performing 70 operations per second, for a throughput of 560KB/s; a 4800 RPM disk will perform fewer than 50, for a throughput of 360KB/s. A single IDE disk will do still fewer. If the disks are independent, or striped together in a RAID 1 configuration, they will each peak out at 400 to 560KB/s and will scale linearly as you add more. Note that this is true only of RAID 1. RAID levels other than 1 (striping) add extra overhead.

+Ethernets (and other networks) are obvious bottleneck: a 10 Mb/s (mega +bits/second) Ethernet will handle around 1100KB/s (kilo +bytes/s) using 1500-byte packets A 100 Mb/s Fast Ethernet will bottleneck below 65,000KB/s with the same packet size. FDDI, at 155 Mb/s will top out at approximately 6,250KB/s, but gives good service at even 100 percent load and transmits much larger packets (4KB).

+ATM should be much better, but as of the writing of this book it was too new to live up to its potential; it seems to deliver around 7,125 Mb/s using 9KB packets.

+Of course, there can be other bottlenecks: more than one IDE disk per controller is not good, as are more than three 3600 SCSI-I disks per slow/narrow controller, or more than three 7200 SCSI-II disks per SCSI-II fast/wide controller. RAID 5 is also slow, as it requires twice as many writes as independent disks or RAID 1.

+After the second set of Ethernets and the second disk controller, start worrying about bus bandwidth, especially if you are using ISA/EISA buses.

+

+ +B.3.2 Reducing Bottlenecks

From the information above we can work out a model that will tell us the maximum capability of a given machine. The data is mostly taken from Brian Wong's +Configuration and Capacity Planning for Solaris Servers, +[1] so there is a slight Sun bias to our examples.

+A word of warning: this is not a complete model. Don't assume that this model will predict every bottleneck or even be within 10 percent in its estimates. A model to predict performance instead of one to warn you of bottlenecks would be much more complex and would contain rules like "not more than three disks per SCSI chain". (A good book on real models is Raj Jain's +The Art of Computer Systems Performance Analysis.[2]) With that warning, we present the system in +Figure B.2.

+
+

+[2] See Jain. Raj, +The Art of Computer Systems Performance Analysis, New York, NY (John Wiley and Sons), 1991, ISBN 0-47-150336-3.

+ +Figure B.2: Data flow through a Samba server, with possible bottlenecks

Figure B.2

+The flow of data should be obvious. For example, on a read, data flows from the disk, across the bus, through or past the CPU, and to the network interface card (NIC). It is then broken up into packets and sent across the network. Our strategy here is to follow the data through the system and see what bottlenecks will choke it off. Believe it or not, it's rather easy to make a set of tables that list the maximum performance of common disks, CPUs, and network cards on a system. So that's exactly what we're going to do.

+Let's take a concrete example: a Linux Pentium 133 MHz machine with a single 7200 RPM data disk, a PCI bus, and a 10-Mb/s Ethernet card. This is a perfectly reasonable server. We start with +Table B.2, which describes the hard drive - the first potential bottleneck in the system.


+ + + + + + + +
+ +Table B.2: Disk Throughput
+

+Disk RPM

 +

+I/O Operations/second

 +

+KB/second

+

+7200

 +

+70

 +

+560

+

+4800

 +

+60

 +

+480

+

+3600

 +

+40

 +

+320

+Disk throughput is the number of kilobytes of data that a disk can transfer per second. It is computed from the number of 8KB I/O operations per second a disk can perform, which in turn is strongly influenced by disk RPM and bit density. In effect, the question is: how much data can pass below the drive heads in one second? With a single 7200 RPM disk, the example server will give us 70 I/O operations per second at roughly 560KB/s.

+The second possible bottleneck is the CPU. The data doesn't actually flow through the CPU on any modern machines, so we have to compute throughput somewhat indirectly.

+The CPU has to issue I/O requests and handle the interrupts coming back, then transfer the data across the bus to the network card. From much past experimentation, we know that the overhead that dominates the processing is consistently in the filesystem code, so we can ignore the other software being run. We compute the throughput by just multiplying the (measured) number of file I/O operations per second that a CPU can process by the same 8K average request size. This gives us the results shown in +Table B.3.


+ + + + + + + + + +
+ +Table B.3: CPU Throughput
+

+CPU

 +

+I/O Operations/second

 +

+KB/second

+

+Intel Pentium 133

 +

+700

+		 +

+5,600

+
+

+Dual Pentium 133

 +

+1,200

+		 +

+9,600

+
+

+Sun SPARC II

 +

+660

+		 +

+5,280

+
+

+Sun SPARC 10

 +

+750

+		 +

+6,000

+
+

+Sun Ultra 200

 +

+2,650

+		 +

+21,200

+

+Now we put the disk and the CPU together: in the Linux example, we have a single 7200 RPM disk, which can give us 560KB/s, and a CPU capable of starting 700 I/O operations, which could give us 5600KB/s. So far, as you would expect, our bottleneck is clearly going to be the hard disk.

+The last potential bottleneck is the network. If the network speed is below 100 Mb/s, the bottleneck will be the network speed. After that, the design of the network card is more likely to slow us down. +Table B.4 shows us the average throughput of many types of data networks. Although network speed is conventionally measured in bits per second, +Table B.4 lists bytes per second to make comparison with the disk and CPU (Table B.2 and +Table B.3) easier.


+ + + + + + + + + + + +
+ +Table B.4: Network Throughput
+

+Network Type

 +

+KB/second

+

+ ISDN

+

+ 16

+

+ T1

+

+ 197

+

+ Ethernet 10m

+

+ 1,113

+

+ Token ring

+

+ 1,500

+

+ FDDI

+

+ 6,250

+

+ Ethernet 100m

+

+ 6,500[3]

+

+ ATM 155

+

+ 7,125a

+
+

+[3] These will increase. For example, Crays, Sun Ultras, and DEC/Compaq Alphas already have bettered these figures.

+In the running example, we have a bottleneck at 560KB/s due to the disk. +Table B.4 shows us that a standard 10 megabit per second Ethernet (1,113KB/s) is far faster than the disk. Therefore, the hard disk is still the limiting factor. (This scenario, by the way, is very common.) Just by looking at the tables, we can predict that small servers won't have CPU problems, and that large ones with multiple CPUs will support striping and multiple Ethernets long before they start running out of CPU power. This, in fact, is exactly what happens.

+

+ +B.3.3 Practical Examples

+An example from +Configuration and Capacity Planning for Solaris Servers (Wong) shows that a dual-processor SPARCstation 20/712 with four Ethernets and six 2.1 GB disks will spend all its time waiting for the disks to return some data. If it was loaded with disks (Brian Wong suggests as many as 34 of them), it would still be held below 1,200KB/s by the Ethernet cards. To get the performance the machine is capable of, we would need to configure multiple Ethernets, 100 Mbps Fast Ethernet, or 155 Mbps FDDI.

+The progression you'd work through to get that conclusion looks something like +Table B.5.


+ + + + + + + + + +
+ +Table B.5: Tuning a Medium-Sized Server
+

+Machine

 +

+Disk Throughput

 +

+CPU Throughput

 +

+Network Throughput

 +

+Actual Throughput

+

+Dual SPARC 10, 1 disk

+

+ +560

+		 +

+6000

+		 +

+1,113

+		 +

+560

+
+

+Add 5 more disks

+

+3,360

+		 +

+6000

+		 +

+ +1,113

+		 +

+1,113

+
+

+Add 3 more Ethernets

+

+ +3,360

+		 +

+16000

+		 +

+4,452

+		 +

+3,360

+
+

+Change to using a 20-disk array

+

+11,200

+		 +

+6000

+		 +

+ +4,452

+		 +

+4,452

+
+

+Use dual 100 Mbps ether

+

+ +11,200

+		 +

+6000

+		 +

+13,000

+		 +

+11,200

+

+Initially, the bottleneck is the disk with only 560 MB/s of throughput available. Our solution is to add five more disks. This gives us more throughput on the disks than on the Ethernet, so then the Ethernet becomes the problem. Consequently, as we continue to expand, we go back and forth several times between these two. As you add disks, CPUs, and network cards, the bottleneck moves. Essentially, the strategy is to add more equipment to try to avoid each bottleneck until you reach your target performance, or (unfortunately) you either can't add any more or run out of money.

+Our experience bears out this kind of calculation; a large SPARC 10 file server that one author maintained was quite capable of saturating an Ethernet plus about a third of an FDDI ring when using two processors. It did nearly as well with a single processor, albeit with a fast operating system and judicious over-optimization.

+The same process applies to other brands of purpose-designed servers. We found the same rules applied to DECstation 2100s as to the newest Alphas or Compaqs, old MIPS 3350s and new SGI O2s. In general, a machine offering multi-CPU server configurations will have enough bus bandwidth and CPU power to reliably bottleneck on hard disk I/O when doing file service. As one would hope, considering the cost!

+

+ +B.3.4 How Many Clients can Samba Handle?

+Well, that depends entirely on how much data each user consumes. A small server with three SCSI-1 disks, which can serve about 960KB/s of data, will support between 36 and 80 clients in an ordinary office environment where they are typically loading, and saving equal-sized spreadsheets or word processing documents (36 clients × 2.3 transfers/second × 12k file 1 MB/s).

+On the same server in a development environment with programmers running a fairly heavy edit-compile-test cycle, one can easily see requests for 1 MB/s, limiting the server to 25 or fewer clients. To take this a bit further, an imaging system whose clients each require 10 MB/s will perform poorly no matter how big a server is if they're all on a 10 MB/s Ethernet. And so on.

+If you don't know how much data an average user consumes, you can size your Samba servers by patterning them after existing NFS, Netware, or LAN Manager servers. You should be especially careful that the new servers have as many disks and disk controllers as the ones you've copied. This technique is appropriately called "punt and hope."

+If you know how many clients an existing server can support, you're in +much better shape. You can analyze the server to see what its maximum capacity is and use that to estimate how much data they must be demanding. For example, if serving home directories to 30 PCs from a PC server with two IDE disks is just too slow, and 25 clients is about right, then you can safely assume you're bottlenecked on Ethernet I/O (approximately 375KB) rather than disk I/O (up to 640KB). If so, you can then conclude that the clients are demanding 15 (that is, 375/25)KB/s on average.

+Supporting a new lab of 75 clients will mean you'll need 1,125KB/s, spread over multiple (preferably three) Ethernets, and a server with at least three 7200 RPM disks and a CPU capable of keeping up. These requirements can be met by a Pentium 133 or above with the bus architecture to drive them all at full speed (e.g., PCI).

+A custom-built PC server or a multiprocessor-capable workstation like a Sun Sparc, a DEC/Compaq Alpha, an SGI, or the like, would scale up easier, as would a machine with fast Ethernet, plus a switching hub to drive the client machines on individual 10 MB/s Ethernets.

+

+ +B.3.4.1 How to guess

+If you have no idea at all what you need, the best thing is to try to guess based on someone else's experience. Each individual client machine can average from less than 1 I/O per second (normal PC or Mac used for sales/accounting) to as much as 4 (fast workstation using large applications). A fast workstation running a compiler can happily average 3-4 MB/s in data transfer requests, and an imaging system can demand even more.

+Our recommendation? Spy on someone with a similar configuration and try to estimate their bandwidth requirements from their bottlenecks and the volume of the screams from their users. We also recommend Brian Wong's +Configuration and Capacity Planning for Solaris Servers. While he uses Sun Solaris foremost in his examples, his bottlenecks are disks and network cards, which are common among all the major vendors. His tables for FTP servers also come very close to what we calculated for Samba servers, and make a good starting point.

+

+B.3.5 Measurement Forms

+Table B.6 and +Table B.7 are empty tables that you can use for copying and recording data. The bottleneck calculation in the previous example can be done in a spreadsheet, or manually with Table B-8. If Samba is as good as or better than FTP, and if there aren't any individual test runs that are much different from the average, you have a well-configured system. If loopback isn't much faster than anything else, you have a problem with your TCP/IP software. If both FTP and Samba are slow, you probably have a problem with your networking: a faulty Ethernet card will produce this, as will accidentally setting an Ethernet card to half-duplex when it's not connected to a half-duplex hub. Remember that CPU and disk speeds are commonly measured in bytes, network speeds in bits.

+We've included columns for both bytes and bits in the tables. In the last column, we compare results to 10 Mb/s because that's the speed of a traditional Ethernet. +


+ + + + + + + + + + + +
+ +Table B.6: Ethernet Interface to Same Host: FTP
+

+Run No

 +

+Size in Bytes

 +

+Time (sec)

+

+Bytes/sec

 +

+Bits/sec

 +

+% of 10 Mb/s

+

+1

 +

+

 +

+

 +

+

 +

+

 +

+

+

+2

 +

+

 +

+

 +

+

 +

+

 +

+

+

+3

 +

+

 +

+

 +

+

 +

+

 +

+

+

+4

 +

+

 +

+

 +

+

 +

+

 +

+

+

+5

 +

+

 +

+

 +

+

 +

+

 +

+

+

+Average:

 +

+

 +

+

 +

+

 +

+

 +

+

+

+Deviation:

 +

+

 +

+

 +

+

 +

+

 +

+


+ + + + + + + + + + + +
+ +Table B.7: Ethernet Interface to Same Host: FTP
+

+Run No

 +

+Size in Bytes

 +

+Time, sec

+

+Bytes/sec

 +

+Bits/sec

 +

+% of 10 Mb/s

+

+1

 +

+

 +

+

 +

+

 +

+

 +

+

+

+2

 +

+

 +

+

 +

+

 +

+

 +

+

+

+3

 +

+

 +

+

 +

+

 +

+

 +

+

+

+4

 +

+

 +

+

 +

+

 +

+

 +

+

+

+5

 +

+

 +

+

 +

+

 +

+

 +

+

+

+Average:

 +

+

 +

+

 +

+

 +

+

 +

+

+

+Deviation:

 +

+

 +

+

 +

+

 +

+

 +

+


+ + + + + + + + + + + +
+ +Table B.8: Bottleneck Calculation Table
+

+CPU

 +

+CPUThroughput

 +

+Number of Disks

 +

+Disk Throughput

 +

+Number of Networks

 +

+Network Throughput

 +

+Total Throughput

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+

+

 +

+

 +

+

 +

+

 +

+

 +

+

 +

+

+In +Table B.8:

    +
  • +

    + +CPU throughput = (KB/second from Figure 6-5) × (number of CPUs)

  • +

    + +Disk throughput = (KB/second from Figure 6-4) × (number of disks)

  • +

    + +Network throughput = (KB/second from Figure 6-6) × (number of networks)

  • +

    + +Total throughput = min (Disk, CPU, and Network throughput)

+A typical test, in this case for an FTP +get, would be entered as in Table B-9: +


+ + + + + + + + + + + +
+ +Table B.9: Ethernet Interface to Same Host: FTP
+

+Run No

 +

+Size in Bytes

 +

+Time, sec

+

+Bytes/sec

 +

+Bits/sec

 +

+% of 10 Mb/s

+

+1

 +

+1812898

 +

+2.3

 +

+761580

 +

+

 +

+

+

+2

 +

+

 +

+2.3

 +

+767820

 +

+

 +

+

+

+3

 +

+

 +

+2.4

 +

+747420

 +

+

 +

+

+

+4

 +

+

 +

+2.3

 +

+760020

 +

+

 +

+

+

+5

 +

+

 +

+2.3

 +

+772700

 +

+

 +

+

+

+Average:

 +

+

 +

+2.32

 +

+777310

 +

+6218480

 +

+62

+

+Deviation:

 +

+

 +

+0.04

 +

+

 +

+

 +

+

+The Sparc example we used earlier would look like Table B-10. +

+

+
+
+
+ + +
+ +Previous: B.2 Samba Tuning + + + +Next: C. Samba Configuration Option Quick Reference
+B.2 Samba Tuning + +Book Index +C. Samba Configuration Option Quick Reference
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appc_01.html b/docs/htmldocs/using_samba/appc_01.html new file mode 100644 index 00000000000..cd9d1ede353 --- /dev/null +++ b/docs/htmldocs/using_samba/appc_01.html @@ -0,0 +1,3497 @@ + + +[Appendix C] Samba Configuration Option Quick Reference + + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: B.3 Sizing Samba Servers + + +Appendix C + +Next: D. Downloading Samba with CVS
 
+ +
+
+

+ +C. Samba Configuration Option Quick Reference

The following pages list each of the Samba configuration options. If an option is applicable only to the global section, "[global]" will appear before its name. Any lists mentioned are space separated, except where noted. A glossary of terms follows the options.

+ +
+
admin users = user list +

Default: NULL

+
+

Allowable values: user list

+ +

+List of users who will be granted root permissions on the share by Samba.

+
+
+
+

 

+ +
+
allow hosts = host list +

Default: NULL

+
+

Allowable values: any

+ +

+Synonym for +hosts allow. List of machines that may connect to a share.

+
+
+
+

 

+ +
+
alternate permissions = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Obsolete. Has no effect in Samba 2. Files will be shown as read-only if the owner can't write them. In Samba 1.9 and earlier, setting this option would set the DOS filesystem read-only attribute on any file the user couldn't read. This in turn required the +delete readonly option.

+
+
+
+

 

+ +
+
[global] announce as = system type +

Default: NT

+
+

Allowable values: NT, Win95, WfW

+ +

+Have Samba announce itself as something other than an NT server. Discouraged because it interferes with serving browse lists.

+
+
+
+

 

+ +
+
[global] announce version = number.number +

Default: 4.2

+
+

Allowable values: any

+ +

+Instructs Samba to announce itself as an older version SMB server. Discouraged.

+
+
+
+

 

+ +
+
[global] auto services = share list +

Default: NULL

+
+

Allowable values: any shares

+ +

+List of shares that will always appear in browse lists. A synonym is +preload.

+
+
+
+

 

+ +
+
available = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If set to NO, denies access to a share. Doesn't affect browsing.

+
+
+
+

 

+ +
+
[global] bind interfaces only = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, shares and browsing will be provided only on interfaces in an interfaces list (see +interfaces). New in Samba 1.9.18. If you set this option to YES, be sure to add 127.0.0.1 to the interfaces list to allow +smbpasswd to connect to the local machine to change passwords. This is a convienence option; it does not improve security.

+
+
+
+

 

+ +
+
browsable = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Allows a share to be announced in browse lists.

+
+
+
+

 

+ +
+
blocking locks = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, honors byte range lock requests with time limits for queuing the request and retrying it until the time period expires. New in Samba 2.0.

+
+
+
+

 

+ +
+
[global] browse list = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Turns on/off +browse +list from this server. Avoid changing.

+
+
+
+

 

+ +
+
[global] case sensitive = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, uses exactly the case the client supplied when trying to resolve a filename. If NO, matches either upper- or lowercase name. Avoid changing.

+
+
+
+

 

+ +
+
[global] case sig names = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Synonym for +case sensitive.

+
+
+
+

 

+ +
+
[global] change notify timeout = number +

Default: 60

+
+

Allowable values: positive number

+ +

+Sets the number of seconds between checks when a client asks for notification of changes in a directory. Introduced in Samba 2.0 to limit the performance cost of the checks. Avoid lowering.

+
+
+
+

 

+ +
+
character set = name +

Default: NULL

+
+

Allowable values: ISO8859-1, ISO8859-2, ISO8859-5, KOI8-R

+ +

+If set, translates from DOS code pages to the Western European (ISO8859-1), Eastern European (ISO8859-2), Russian Cyrillic (ISO8859-5), or Alternate Russian (KOI8-R) character set. The +client code page must be set to 850.

+
+
+
+

 

+ +
+
client code page = name +

Default: 437 (US MS-DOS)

+
+

Allowable values: See Table 8.4

+ +

+Sets the DOS code page explicitly, overriding any previous +valid chars settings. Examples of values are 850 for European, 437 is the US standard, and 932 for Japanese Shift-JIS. Introduced in Samba 1.9.19.

+
+
+
+

 

+ +
+
coding system = code +

Default: NULL

+
+

Allowable values: euc, cap, hex, hexN, sjis, j8bb, j8bj, jis8, j8bh, j8@b, j8@j, j8@h, j7bb, j7bj, jis7, j7bh, j7@b, j7@j, j7@h, jubb, jubj, junet, jubh, ju@b, ju@j, ju@h

+ +

+Sets the coding system used, notably for Kanji. This is employed for filenames and should correspond to the code page in use. The +client code page option must be set to 932 (Japanese Shift-JIS). Introduced in Samba 2.0.

+
+
+
+

 

+ +
+
comment = text +

Default: NULL

+
+

Allowable values: a text string or NULL

+ +

+Sets the comment that appears beside a share in a NET VIEW or the details list of a Microsoft directory window. See also the +server string configuration option.

+
+
+
+

 

+ +
+
[global] config file = pathname +

Default: NULL

+
+

Allowable values: Unix pathname

+ +

+Selects an additional Samba configuration file to read instead of the current one. Used to relocate the configuration file, or used with %-variables to select custom configuration files for some users or machines.

+
+
+
+

 

+ +
+
copy = section name +

Default: NULL

+
+

Allowable values: existing section's name

+ +

+Copies the configuration of a previously seen share into the share where it appears. Used with %-variables to select custom configurations for machines, architectures and users. The copied section must be earlier in the configuration file. Copied options are of lesser priority than those explicitly listed in the section.

+
+
+
+

 

+ +
+
create mask = octal value +

Default: 0744

+
+

Allowable values: octal permission bits, 0-0777

+ +

+Also called +create mode. Sets the maximum allowable permissions for new files (e.g., 0755). See also +directory mask. To require certain permissions to be set, see +force create mask/force directory mask. This option stopped affecting directories in Samba 1.9.17, and the default value changed in Samba 2.0.

+
+
+
+

 

+ +
+
create mode = octal permission bits +

Default: 0744

+
+

Allowable values: octal permission bits, 0-0777

+ +

+Synonym for +create mask.

+
+
+
+

 

+ +
+
[global] deadtime = minutes +

Default: 0

+
+

Allowable values: minutes

+ +

+The time in minutes before an unused connection will be terminated. Zero means forever. Used to keep clients from tying up server resources forever. If used, clients will have to auto-reconnect after minutes of inactivity. See also +keepalive.

+
+
+
+

 

+ +
+
[global] debug level = number +

Default: 0

+
+

Allowable values: number

+ +

+Sets the logging level used. Values of 3 or more slow Samba noticeably. A synonym is +log level. Recommended value: 1.

+
+
+
+

 

+ +
+
[global] debug timestamp = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Timestamps all log messages. Can be turned off when it's not useful (e.g., in debugging). New in Samba 2.0.

+
+
+
+

 

+ +
+
[global] default = name +

Default: NULL

+
+

Allowable values: share name

+ +

+Also called +default service. The name of a service (share) to provide if someone requests a service they don't have permission to use or which doesn't exist. As of Samba 1.9.14, the path will be set from the name the client specified, with any "_" characters changed to "/" characters, allowing access to any directory on the Samba server. Use is strongly discouraged.

+
+
+
+

 

+ +
+
default case = case +

Default: LOWER

+
+

Allowable values: LOWER, UPPER

+ +

+Sets the case in which to store new filenames. LOWER indicates mixed case, UPPER indicates uppercase letters.

+
+
+
+

 

+ +
+
[global] default service = share name +

Default: NULL

+
+

Allowable values: share name

+ +

+Synonym for +default.

+
+
+
+

 

+ +
+
delete readonly = boolean +

Default: NO

+
+

Allowable values: NO, YES

+ +

+Allow delete requests to remove read-only files. This is not allowed in DOS/Windows, but is normal in Unix, which has separate directory permissions. Used with programs like RCS, or with the older +alternate permissions option.

+
+
+
+

 

+ +
+
delete veto files = boolean +

Default: NO

+
+

Allowable values: NO, YES

+ +

+Allow delete requests for a directory containing files or subdirectories the user can't see due to the +veto files option. If set to NO, the directory will not be deleted and will still contain invisible files.

+
+
+
+

 

+ +
+
deny hosts = host list +

Default: NULL

+
+

Allowable values: host list

+ +

+A synonym is +hosts deny. Specifies a list of machines from which to refuse connections or shares.

+
+
+
+

 

+ +
+
[global] dfree command = command +

Default: varies

+
+

Allowable values: shell command

+ +

+A command to run on the server to return disk free space. Not needed unless the OS command does not work properly.

+
+
+
+

 

+ +
+
directory = pathname +

Default: NULL

+
+

Allowable values: pathname

+ +

+Synonym for +path. A directory provided by a file share, or used by a printer share. Set automatically in the +[homes] share to user's home directory, otherwise defaults to + /tmp.

+
+
+
+

 

+ +
+
directory mask = octal permission bits +

Default: 0755

+
+

Allowable values: octal value from 0 to 0777

+ +

+Also called +directory mode. Sets the maximum allowable permissions for newly created directories. To require certain permissions be set, see the +force create mask and +force directory mask options.

+
+
+
+

 

+ +
+
directory mode = octal permission bits +

Default: 0755

+
+

Allowable values: octal value from 0 to 0777

+ +

+Synonym for +directory mask.

+
+
+
+

 

+ +
+
[global] dns proxy = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If set to YES, and if +wins server = YES, look up hostnames in DNS if they are not found using WINS.

+
+
+
+

 

+ +
+
[global] domain logons = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Allow Windows 95/98 or NT clients to log on to an NT-like domain.

+
+
+
+

 

+ +
+
[global] domain master = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Become a domain master browser list collector if possible for the entire workgroup/domain.

+
+
+
+

 

+ +
+
dont descend = comma-list +

Default: NULL

+
+

Allowable values: comma-separated list of paths

+ +

+Does not allow a change directory or search in the directories specified. This is a browsing convenience option; it doesn't provide any extra security.

+
+
+
+

 

+ +
+
dos filetimes = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Allow non-owners to change file times if they can write to the file. See also +dos filetime resolution.

+
+
+
+

 

+ +
+
dos filetime resolution = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Set file times on Unix to match DOS standards (round to next even second). Recommended if using Visual C++ or a PC +make program to avoid remaking the programs unnecesarily. Use with the +dos filetimes option.

+
+
+
+

 

+ +
+
[global] encrypt passwords = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Uses Windows NT-style password encryption. Requires an +smbpasswd on the Samba server.

+
+
+
+

 

+ +
+
exec = command +

Default: NULL

+
+

Allowable values: shell command

+ +

+Synonym of +preexec, a command to run as the user just before connecting to the share.

+
+
+
+

 

+ +
+
fake directory create times = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Bug fix for users of Microsoft +nmake. If set, Samba will set directory create times such that +nmake won't remake all files every time.

+
+
+
+

 

+ +
+
fake oplocks = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Return YES whenever a client asks if it can lock a file and cache it locally, but does not enforce lock on the server. Use only for read-only disks, as Samba now supports real +oplocks and has per-file overrides. See also +oplocks and +veto oplock files.

+
+
+
+

 

+ +
+
follow symlinks = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, Samba will follow symlinks in a file share or shares. See the +wide links option if you want to restrict symlinks to just the current share.

+
+
+
+

 

+ +
+
force create mask = octal permission bits +

Default: 0

+
+

Allowable values: octal value from 0 to 0777

+ +

+Provides bits that will be +ORed into the permissions of newly created files. Used with the +create mode configuration option.

+
+
+
+

 

+ +
+
force create mode = octal permission bits +

Default: 0

+
+

Allowable values: octal value from 0 to 0777

+ +

+Synonym for +force create mask.

+
+
+
+

 

+ +
+
force directory mask = octal permission bits +

Default: 0

+
+

Allowable values: octal value from 0 to 0777

+ +

+Provides bits that will be +ORed into the permissions of newly created directories, forcing those bits to be set. Used with +directory mode.

+
+
+
+

 

+ +
+
force directory mode = octal permission bits +

Default: 0

+
+

Allowable values: octal value from 0 to 0777

+ +

+Synonym for +force +directory +mask.

+
+
+
+

 

+ +
+
force group = unix group +

Default: NULL

+
+

Allowable values: group

+ +

+Sets the effective group name assigned to all users accessing a share. Used to override user's normal groups.

+
+
+
+

 

+ +
+
force user = name +

Default: NULL

+
+

Allowable values: username

+ +

+Sets the effective username assigned to all users accessing a share. Discouraged.

+
+
+
+

 

+ +
+
fstype = string +

Default: NTFS

+
+

Allowable values: NTFS, FAT, Samba

+ +

+Sets the filesystem type reported to the client.

+
+
+
+

 

+ +
+
[global] getwd cache = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Cache current directory for performance. Recommended with the +wide links option.

+
+
+
+

 

+ +
+
group = group +

Default: NULL

+
+

Allowable values: unix group

+ +

+An obsolete form of +force group.

+
+
+
+

 

+ +
+
guest account = user +

Default: NULL

+
+

Allowable values: username

+ +

+Sets the name of the unprivileged Unix account to use for tasks like printing and for accessing shares marked with +guest ok.

+
+
+
+

 

+ +
+
guest ok = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, passwords are not needed for this share. Synonym of +public.

+
+
+
+

 

+ +
+
guest only = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Forces user of a share to do so as the guest account. Requires +guest +ok or +public to be +yes.

+
+
+
+

 

+ +
+
hide dot files = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Treats files beginning with a dot in a share as if they had the DOS/Windows hidden attribute set.

+
+
+
+

 

+ +
+
hide files = slash-separated list +

Default: NULL

+
+

Allowable values: list of patterns, separated by +/ characters

+ +

+List of file or directory names to set the DOS hidden attribute on. Names may contain +? or +* pattern-characters and +%-variables. See also +hide +dot +files and +veto +files.

+
+
+
+

 

+ +
+
[global] homedir map = NIS map name +

Default: auto.home

+
+

Allowable values: NIS map name

+ +

+Used with +nis homedir to locate user's Unix home directory from Sun NIS (not NIS+).

+
+
+
+

 

+ +
+
hosts allow = host list +

Default: NULL

+
+

Allowable values: list of hostnames

+ +

+Synonym of +allow hosts, a list of machines that can access a share or shares. If NULL (the default) any machine can access the share unless there is a +hosts deny option.

+
+
+
+

 

+ +
+
hosts deny = host list +

Default: NULL

+
+

Allowable values: list of hostnames

+ +

+Synonym of +deny hosts, a list of machines that cannot connect to a share or shares.

+
+
+
+

 

+ +
+
[global] hosts equiv = pathname +

Default: NULL

+
+

Allowable values: pathname

+ +

+Path to a file of trusted machines from which password-less logins are allowed. Strongly discouraged, because Windows/NT users can always override the user name, the only security in this scheme.

+
+
+
+

 

+ +
+
include = pathname +

Default: NULL

+
+

Allowable values: pathname

+ +

+Include the named file in +smb.conf at the line where it appears. This option does not understand the variables +%u (user), +%P (current share's root directory), or +%S (current share name), because they are not set at the time the file is read.

+
+
+
+

 

+ + + +
+
inherit permissions = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set, subdirectories will be created with the same permissions +as the directory they are in. This overrides +create mask, directory mask, force create mode + and force directory mode, but +not map archive, map hidden and +map system. Will never set the setuid + bit. New in 2.0.7, this is a means of ensuring Unix permissions +can be propagated to subdirectories, especially in [homes].

+ +

+
+
+

 

+ + +
+
[global] interfaces = interface list +

Default: NULL

+
+

Allowable values: IP addresses separated by spaces

+ +

+Sets the interfaces to which Samba will respond. The default is the machine's primary interface only. Recommended on multihomed machines or to override erroneous addresses and netmasks.

+
+
+
+

 

+ +
+
invalid users = user list +

Default: NULL

+
+

Allowable values: list of users

+ +

+List of users that will not be permitted access to a share or shares.

+
+
+
+

 

+ +
+
[global] keepalive = number +

Default: 0

+
+

Allowable values: number of seconds

+ +

+Number of seconds between checks for a crashed client. The default of 0 causes no checks to be performed. Recommended if you want checks more often than every four hours. 3600 (10 minutes) is reasonable. See also +socket options for another approach.

+
+
+
+

 

+ +
+
[global] kernel oplocks = boolean +

Default: automatic

+
+

Allowable values: YES, NO

+ +

+Break oplock when a Unix process accesses an +oplocked file, preventing corruption. Set to YES on operating systems supporting this, otherwise set to NO. New in Samba 2.0; supported on SGI, and hopefully soon on Linux and BSD. Avoid changing.

+
+
+
+

 

+ +
+
[global] ldap filter = various +

Default: varies

+
+

Allowable values: various

+ +

+Options beginning with +ldap are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.

+
+
+
+

 

+ +
+
[global] ldap port = various +

Default: various

+
+

Allowable values: various

+ +

+Options beginning with +ldap are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.

+
+
+
+

 

+ +
+
[global] ldap root = various +

Default: various

+
+

Allowable values: various

+ +

+Options beginning with +ldap are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.

+
+
+
+

 

+ +
+
[global] ldap server = various +

Default: various

+
+

Allowable values: various

+ +

+Options beginning with +ldap are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.

+
+
+
+

 

+ +
+
[global] ldap suffix = various +

Default: various

+
+

Allowable values: various

+ +

+Options beginning with +ldap are part of an experimental (circa Samba 2.0) use of the Lightweight Directory Access Protocol (LDAP) general directory/distributed database for user, name, and host information. This option is reserved for future use.

+
+
+
+

 

+ +
+
[global] load printers = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Load all printer names from the system printer capabilities into browse list. Uses configuration options from the +[printers] section.

+
+
+
+

 

+ +
+
[global] local master = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Stands for election as the local master browser. See also +domain master and +os level.

+
+
+
+

 

+ +
+
[global] lm announce = value +

Default: AUTO

+
+

Allowable values: AUTO, YES, NO

+ +

+Produce OS/2 SMB broadcasts at an interval specified by the +lm interval option. YES/NO turns them on/off unconditionally. AUTO causes the Samba server to wait for a LAN Manager announcement from another client before sending one out. Required for OS/2 client browsing.

+
+
+
+

 

+ +
+
[global] lm interval = seconds +

Default: 60

+
+

Allowable values: number

+ +

+Sets the time period, in seconds, between OS/2 SMB broadcast announcements.

+
+
+
+

 

+ +
+
[global] lock directory = pathname +

Default: +/usr/local/samba/var/locks

+
+

Allowable values: pathname

+ +

+Set a directory to keep lock files in. The directory must be writable by Samba, readable by everyone.

+
+
+
+

 

+ +
+
locking = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Perform file locking. If set to NO, Samba will accept lock requests but will not actually lock resources. Recommended only for read-only file systems.

+
+
+
+

 

+ +
+
[global] log file = pathname +

Default: varies

+
+

Allowable values: pathname

+ +

+Set name and location of the log file. Allows all %-variables.

+
+
+
+

 

+ +
+
[global] log level = number +

Default: 0

+
+

Allowable values: number

+ +

+A synonym of +debug level. Sets the logging level used. Values of 3 or more slow the system noticeably.

+
+
+
+

 

+ +
+
[global] logon drive = drive +

Default: None

+
+

Allowable values: DOS drive name

+ +

+Sets the drive on Windows NT (only) of the +logon path.

+
+
+
+

 

+ +
+
[global] logon home = path +

Default: +\\%

+
+

Allowable values: Unix pathname

+ +

+Sets the home directory of a Windows 95/98 or NT Workstation user. Allows +NET +USE +H:/HOME from the command prompt.

+
+
+
+

 

+ +
+
[global] logon path = pathname +

Default: +\\N\%U\profile

+
+

Allowable values: Windows pathname

+ +

+Sets path to Windows profile directory. This contains +USER.MAN and/or +USER.DAT profile files and the Windows 95 Desktop, Start Menu, Network Neighborhood, and programs folders.

+
+
+
+

 

+ +
+
[global] logon script = pathname +

Default: NULL

+
+

Allowable values: pathname

+ +

+Sets pathname relative to +[netlogin] share of a DOS/NT script to run on the client at login time. Allows all %-variables.

+
+
+
+

 

+ +
+
lppause command = /absolute_ path/command +

Default: varies

+
+

Allowable values: fully-qualfied Unix shell command

+ +

+Sets the command to pause a print job. Honors the +%p (printer name) and +%j (job number) variables.

+
+
+
+

 

+ +
+
lpresume command = /absolute_ path/command +

Default: varies

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets the command to resume a paused print job. Honors the +%p (printer name) and +%j (job number) variables.

+
+
+
+

 

+ +
+
[global] lpq cache time = seconds +

Default: 10

+
+

Allowable values: number of seconds

+ +

+Sets how long to keep print queue (lpq) status is cached, in seconds.

+
+
+
+

 

+ +
+
lpq command = /absolute_ path/command +

Default: varies

+
+

Allowable values: fully-qualfied Unix shell command

+ +

+Sets the command used to get printer status. Usually initialized to a default value by the +printing option. Honors the +%p (printer name) variable.

+
+
+
+

 

+ +
+
lprm command = /absolute_ path/command +

Default: varies

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets the command to delete a print job. Usually initialized to a default value by the +printing option. Honors the +%p (printer name) and +%j (job number) variables.

+
+
+
+

 

+ +
+
machine password timeout = seconds +

Default: 604,800

+
+

Allowable values: number of seconds

+ +

+Sets the period between (NT domain) machine password changes. Default is 1 week, or 604,800 seconds.

+
+
+
+

 

+ +
+
magic output = pathname +

Default: +script.out

+
+

Allowable values: Unix pathname

+ +

+Sets the output file for the discouraged +magic scripts option. Default is the script name, followed by the extension +.out.

+
+
+
+

 

+ +
+
magic script = pathname +

Default: NULL

+
+

Allowable values: Unix pathname

+ +

+Sets a filename for execution via a shell whenever the file is closed from the client, to allow clients to run commands on the server.

+
+
+
+

 

+ +
+
mangle case = boolean +

Default: NO

+
+

Allowable values: allowable values: YES, NO

+ +

+Mangle a name if it is in mixed case.

+
+
+
+

 

+ +
+
mangled map = map list +

Default: NULL

+
+

Allowable values: list of to-from pairs

+ +

+Set up a table of names to remap (e.g., +.html to +.htm).

+
+
+
+

 

+ +
+
mangled names = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Sets Samba to abbreviate names that are too long or have unsupported characters to the DOS 8.3 style.

+
+
+
+

 

+ +
+
mangling char = character +

Default: ~

+
+

Allowable values: character

+ +

+Sets the unique mangling character used in all mangled names.

+
+
+
+

 

+ +
+
[global] mangled stack = number +

Default: 50

+
+

Allowable values: number

+ +

+Sets the size of a cache of recently-mangled filenames.

+
+
+
+

 

+ +
+
map aliasname = pathname +

Default: NULL

+
+

Allowable values: Unix pathname

+ +

+Points to a file of Unix group/NT group pairs, one per line. This is used to map NT aliases to Unix group names. See also the configuration options +username +map and +map +groupname. Introduced in Samba 2.0.

+
+
+
+

 

+ +
+
map archive = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, Samba sets the executable-by-user (0100) bit on Unix files if the DOS archive attribute is set. Recommended: if used, the +create mask must contain the 0100 bit.

+
+
+
+

 

+ +
+
map hidden = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, sets executable-by-other (0001) bit on Unix files if the DOS hidden attribute is set. If used, the +create mask option must contain the 0001 bit.

+
+
+
+

 

+ +
+
map groupname = pathname +

Default: NULL

+
+

Allowable values: pathname

+ +

+Points to a file of Unix group/NT group, one per line. This is used to map NT group names to Unix group names. See also the configuration options +username +map and +map +aliasname. Introduced in Samba 2.0.

+
+
+
+

 

+ +
+
map system = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, Samba sets the executable-by-group (0010) bit on Unix files if the DOS system attribute is set. If used, the +create mask must contain the 0010 bit.

+
+
+
+

 

+ +
+
max connections = number +

Default: 0 (infinity)

+
+

Allowable values: number

+ +

+Set maximum number of connections allowed to a share from each individual client machine.

+
+
+
+

 

+ +
+
[global] max disk size = number +

Default: 0 (unchanged)

+
+

Allowable values: size in MB

+ +

+Sets maximum disk size/free-space size (in megabytes) to return to client. Some clients or applications can't understand large maximum disk sizes.

+
+
+
+

 

+ +
+
[global] max log size = number +

Default: 5000

+
+

Allowable values: size in KB

+ +

+Sets the size (in kilobytes) at which Samba will start a new log file. The current log file will be renamed with an +.old extension, replacing any previous file with that name.

+
+
+
+

 

+ +
+
[global] max mux = number +

Default: 50

+
+

Allowable values: number

+ +

+Sets the number of simultaneous operations that Samba clients may make. Avoid changing.

+
+
+
+

 

+ +
+
[global] max packet = number +

Default: N/A

+
+

Allowable values: number

+ +

+Synonym for +packet size. Obsolete as of Samba 1.7. Use +max xmit instead.

+
+
+
+

 

+ +
+
[global] max open files = number +

Default: 10,000

+
+

Allowable values: number

+ +

+Limits the number of files a Samba process will try to keep open at one time. Samba allows you to set this to less than the Unix maximum. This option is a workaround for a separate problem. Avoid changing. This option was introduced in Samba 2.0.

+
+
+
+

 

+ +
+
[global] max ttl = seconds +

Default: 14400 (4 hrs)

+
+

Allowable values: time in seconds

+ +

+Sets the time to keep NetBIOS names in +nmbd cache while trying to perform a lookup on it. Avoid changing.

+
+
+
+

 

+ +
+
[global] max wins ttl = seconds +

Default: 259200 (3 days)

+
+

Allowable values: time in seconds

+ +

+Limits time-to-live of a NetBIOS name in +nmbd WINS cache, in seconds. Avoid changing.

+
+
+
+

 

+ +
+
[global] max xmit = bytes +

Default: 65535

+
+

Allowable values: size in bytes

+ +

+Sets maximum packet size that will be negotiated by Samba. Tuning parameter for slow links and older client bugs. Values less than 2048 are discouraged.

+
+
+
+

 

+ +
+
[global] message command = /absolute_ path/command +

Default: NULL

+
+

Allowable values: shell command

+ +

+Sets the command on the server to run when a WinPopup message arrives from a client. The command must end in "&" to allow immediate return. Honors all %-variables except +%u (user), and supports the extra variables +%s (filename the message is in), +%t (destination machine), and +%f (from).

+
+
+
+

 

+ +
+
min print space = kilobytes +

Default: 0 (unlimited)

+
+

Allowable values: space in KB

+ +

+Sets minimum spool space required before accepting a print request.

+
+
+
+

 

+ + +
+
min password length = characters +

Default: 5

+
+

Allowable values: decimal number of characters

+ +

+Sets the shortest password Samba will pass to the Unix passwd command. +

+
+
+

 

+ + +
+
[global] min wins ttl = seconds +

Default: 21600 (6 hrs)

+
+

Allowable values: time in seconds

+ +

+Sets minimum time-to-live of a NetBIOS name in +nmbd WINS cache, in seconds. Avoid changing.

+
+
+
+

 

+ +
+
name resolve order = list +

Default: lmhosts wins hosts bcast

+
+

Allowable values: list of lmhosts, wins, hosts and bcast

+ +

+Sets order of lookup when trying to get IP address from names. The +hosts parameter carrries out a regular name look up using the server's normal sources: +/etc/hosts, DNS, NIS, or a combination of them. Introduced in Samba 1.9.18p4.

+
+
+
+

 

+ +
+
[global] netbios aliases = list +

Default: NULL

+
+

Allowable values: list of netbios names

+ +

+Adds additional NetBIOS names by which a Samba server will advertise itself.

+
+
+
+

 

+ +
+
netbios name = hostname +

Default: varies

+
+

Allowable values: host name

+ +

+Sets the NetBIOS name by which a Samba server is known, or primary name if NetBIOS aliases exist.

+
+
+
+

 

+ + + +
+
netbios scope = string +

Default: NULL

+
+

Allowable values: string

+ +

+Sets the NetBIOS scope string. Samba will not communicate with a machine +with a different scope. This was an early predecessor of workgroups: avoid +setting it. Added in 2.0.7. +

+
+
+

 

+ + +
+
[global] networkstation user login = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If set to NO, clients will not do a full login when +security = server. Avoid changing. Turning it off is a temporary workaround (introduced in Samba 1.9.18p3) for NT trusted domains bug. Automatic correction was introduced in Samba 1.9.18p10; the parameter may eventually be removed.

+
+
+
+

 

+ +
+
[global] nis homedir = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, the +homedir map will be used to look up the user's home-directory server name and return it to the client. The client will contact that machine to connect to the share. This avoids mounting from a machine that doesn't actually have the disk. The machine with the home directories must be an SMB server.

+
+
+
+

 

+ +
+
[global] nt pipe support = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Allows turning off NT-specific pipe calls. This is a developer/benchmarking option and may be removed in the future. Avoid changing.

+
+
+
+

 

+ +
+
[global] nt smb support = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, allow NT-specific SMBs to be used. This is a developer/benchmarking option and may be removed in the future. Avoid changing.

+
+
+
+

 

+ +
+
[global] null passwords = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, allows access to accounts that have null passwords. Strongly discouraged.

+
+
+
+

 

+ +
+
ole locking compatibility = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, locking ranges will be mapped to avoid Unix locks crashing when Windows uses locks above 32KB. You should avoid changing this option. Introduced in Samba 1.9.18p10.

+
+
+
+

 

+ +
+
only guest = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+A synonym for +guest only. Forces user of a share to login as the guest account.

+
+
+
+

 

+ +
+
only user = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Requires that users of the share be on a +username = list.

+
+
+
+

 

+ +
+
oplocks = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, support local caching of +opportunistic locked files on client. This option is recommended because it improves performance by about 30%. See also +fake +oplocks and +veto +oplock +files.

+
+
+
+

 

+ +
+
[global] os level = number +

Default: 0

+
+

Allowable values: number

+ +

+Sets the candidacy of the server when electing a browse master. Used with the +domain +master or +local +master options. You can set a higher value than a competing operating system if you want Samba to win. Windows for Workgroups and Windows 95 use 1, Windows NT client uses 17, and Windows NT Server uses 33.

+
+
+
+

 

+ +
+
[global] packet size = bytes +

Default: 65535

+
+

Allowable values: number in bytes

+ +

+Obsolete. Discouraged synonym of +max packet. See +max xmit.

+
+
+
+

 

+ +
+
[global] passwd chat debug = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Logs an entire password chat, including passwords passed, with a log level of 100. For debugging only. Introduced in Samba 1.9.18p5.

+
+
+
+

 

+ +
+
[global] passwd chat = command sequence +

Default: compiled-in value

+
+

Allowable values: Unix server commands

+ +

+Sets the command used to change passwords on the server. Supports the variables +%o (old password) and +%n (new password) and allows +\r +\n +\t and +\s (space) escapes in the sequence.

+
+
+
+

 

+ +
+
[global] passwd program = program +

Default: NULL

+
+

Allowable values: Unix server program

+ +

+Sets the command used to change user's password. Will be run as +root. Supports +%u (user).

+
+
+
+

 

+ +
+
[global] password level = number +

Default: 0

+
+

Allowable values: number

+ +

+Specifies the number of uppercase letter permutations used to match passwords. Workaround for clients that change passwords to a single case before sending them to the Samba server. Causes repeated login attempts with passwords in different cases, which can trigger account lockouts.

+
+
+
+

 

+ +
+
[global] password server = netbios names +

Default: NULL

+
+

Allowable values: list of NetBIOS names

+ +

+A list of SMB servers that will validate passwords for you. Used with an NT password server (PDC or BDC) and the +security += +server or +security += +domain configuration options. Caution: an NT password server must allow logins from the Samba server.

+
+
+
+

 

+ +
+
panic action = /absolute_ path/command +

Default: NULL

+
+

Allowable values: fully-qualfied Unix shell command

+ +

+Sets the command to run when Samba panics. For Samba developers and testers, +/usr/bin/X11/xterm -display :0 -e gdb /samba/bin/smbd %d is a possible value.

+
+
+
+

 

+ +
+
path = pathname +

Default: varies

+
+

Allowable values: pathname

+ +

+Sets the path to the directory provided by a file share or used by a printer share. Set automatically in +[homes] share to user's home directory, otherwise defaults to + /tmp. Honors the +%u (user) and +%m (machine) variables.

+
+
+
+

 

+ +
+
postexec = /absolute_ path/command +

Default: NULL

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets a command to run as the user after disconnecting from the share. See also the options +preexec, +root preexec, and +root postexec.

+
+
+
+

 

+ +
+
postscript = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Flags a printer as PostScript to avoid a Windows bug by inserting +%! as the first line. Works only if printer actually is PostScript compatible.

+
+
+
+

 

+ +
+
preexec = /absolute_ path/command +

Default: NULL

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets a command to run as the user before connecting to the share. See also the options +postexec, +root preexec, and +root postexec.

+
+
+
+

 

+ +
+
[global] preferred master = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, Samba is preferred to become the master browser. Causes Samba to call a browsing election when it comes online.

+
+
+
+

 

+ +
+
preload = share list +

Default: NULL

+
+

Allowable values: list of services

+ +

+Synonym of +auto +services. Specifies a list of shares that will always appear in browse lists.

+
+
+
+

 

+ +
+
preserve case = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, this option leaves filenames in the case sent by client. If no, it forces filenames to the case specified by the +default +case option. See also +short preserve case.

+
+
+
+

 

+ +
+
print command = /absolute_ path/command +

Default: varies

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets the command used to send a spooled file to the printer. Usually initialized to a default value by the +printing option. This option honors the +%p (printer name), +%s (spool file) and +%f (spool file as a relative path) variables. Note that the command in the value of the option must include file deletion of the spool file.

+
+
+
+

 

+ +
+
print ok = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Synonym of +printable.

+
+
+
+

 

+ +
+
printable = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Sets a share to be a print share. Required for all printers.

+
+
+
+

 

+ +
+
[global] printcap name = pathname +

Default: +/etc/printcap

+
+

Allowable values: pathname

+ +

+Sets the path to the printer capabilities file used by the +[printers] share. The default value changes to +/etc/qconfig under AIX and +lpstat on System V.

+
+
+
+

 

+ +
+
printer = name +

Default: +lp

+
+

Allowable values: printer name

+ +

+Sets the name of the Unix printer.

+
+
+
+

 

+ +
+
printer driver = printer driver name +

Default: NULL

+
+

Allowable values: exact printer driver string used by Windows

+ +

+Sets the string to pass to Windows when asked what driver to use to prepare files for a printer share. Note that the value is case sensitive.

+
+
+
+

 

+ +
+
[global] printer driver file = path +

Default: +samba-lib/printers.def

+
+

Allowable values: Unix pathname

+ +

+Sets the location of a + msprint.def file, usable by Windows 95/98.

+
+
+
+

 

+ +
+
printer driver location = path +

Default: +\\server\PRINTER$

+
+

Allowable values: Windows network path

+ +

+Sets the location of the driver for a particular printer. The value is a pathname for a share that stores the printer driver files.

+
+
+
+

 

+ +
+
printer name = name +

Default: NULL

+
+

Allowable values: name

+ +

+Synonym of +printer.

+
+
+
+

 

+ +
+
printing = style +

Default: bsd

+
+

Allowable values: bsd, sysv, hpux, aix, qnx, plp, lprng

+ +

+Sets printing style to one of the above, instead of the compiled-in value. This sets initial values of at least the +print +command, +print +command, +lpq +command, and +lprm +command.

+
+
+
+

 

+ +
+
[global] protocol = protocol +

Default: NT1

+
+

Allowable values: NT1, LANMAN2, LANMAN1, COREPLUS, CORE

+ +

+Sets SMB protocol version to one of the allowable values. Resetting is highly discouraged. Only for backwards compatibility with older-client bugs.

+
+
+
+

 

+ +
+
public = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, passwords are not needed for this share. A synonym is +guest ok.

+
+
+
+

 

+ +
+
queuepause command = /absolute_ path/command +

Default: varies

+
+

Allowable values: valid Unix command

+ +

+Sets the command used to pause a print queue. Usually initialized to a default value by the +printing option. Introduced in Samba 1.9.18p10.

+
+
+
+

 

+ +
+
queueresume command = /absolute_ path/command +

Default: varies

+
+

Allowable values: valid Unix command

+ +

+Sets the command used to resume a print queue. Usually initialized to a default value by the +printing option. Introduced in Samba 1.9.18p10.

+
+
+
+

 

+ +
+
read bmpx = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Obsolete. Do not change.

+
+
+
+

 

+ +
+
read list = comma-separated list +

Default: NULL

+
+

Allowable values: comma-separated list of users

+ +

+Specifies a list of users given read-only access to a writeable share.

+
+
+
+

 

+ +
+
read only = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Sets a share to read-only. Antonym of +writable and +write ok.

+
+
+
+

 

+ +
+
[global] read prediction = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Reads ahead data for read-only files. Obsolete; removed in Samba 2.0.

+
+
+
+

 

+ +
+
[global] read raw = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Allows fast streaming reads over TCP using 64K buffers. Recommended.

+
+
+
+

 

+ +
+
[global] read size = bytes +

Default: 2048

+
+

Allowable values: size in bytes

+ +

+Sets a buffering option for servers with mismatched disk and network speeds. Requires experimentation. Avoid changing. Should not exceed 65536.

+
+
+
+

 

+ +
+
[global] remote announce = remote list +

Default: NULL

+
+

Allowable values: list of remote addresses

+ +

+Adds workgroups to the list on which the Samba server will announce itself. Specified as IP address/workgroup (for instance, 192.168.220.215/SIMPLE) with multiple groups separated by spaces. Allows directed broadcasts. The server will appear on those workgroup's browse lists. Does not require WINS.

+
+
+
+

 

+ +
+
[global] remote browse sync = address list +

Default: NULL

+
+

Allowable values: IP-address list

+ +

+Enables Samba-only browse list synchronization with other Samba local master browsers. Addresses can be specific addresses or directed broadcasts (i.e., ###.###.###.255). The latter will cause Samba to hunt down the local master.

+
+
+
+

 

+ +
+
revalidate = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, requires users to re-enter passwords even after a successful initial logon to a share with a password.

+
+
+
+

 

+ +
+
[global] root = pathname +

Default: NULL

+
+

Allowable values: Unix pathname

+ +

+Synonym for +root directory.

+
+
+
+

 

+ +
+
[global] root dir = pathname +

Default: NULL

+
+

Allowable values: Unix pathname

+ +

+Synonym for +root directory.

+
+
+
+

 

+ +
+
[global] root directory = pathname +

Default: NULL

+
+

Allowable values: Unix pathname

+ +

+Specifies a directory to +chroot() to before starting daemons. Prevents any access below that directory tree. See also the +wide links configuration option.

+
+
+
+

 

+ +
+
root postexec = /absolute_ path/command +

Default: NULL

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets a command to run as root after disconnecting from the share. See also +preexec, +postexec, and +root +preexec configuration options. Runs after the user's +postexec command. Use with caution.

+
+
+
+

 

+ +
+
root preexec = /absolute_ path/command +

Default: NULL

+
+

Allowable values: fully-qualified Unix shell command

+ +

+Sets a command to run as root before connecting to the share. See also +preexec, +postexec, and +root +postexec configuration options. Runs before the user's +preexec command. Use with caution.

+
+
+
+

 

+ +
+
[global] security = value +

Default: share in Samba 1.0, user in 2.0

+
+

Allowable values: share, user, server, domain

+ +

+Sets password-security policy. If +security += +share, services have a shared password, available to everyone. If +security += +user, users have (Unix) accounts and passwords. If +security += +server, users have accounts and passwords and a separate machine authenticates them for Samba. If +security += +domain, full NT-domain authentication is done. See also the +password server and +encrypted passwords configuration options.

+
+
+
+

 

+ +
+
[global] server string = text +

Default: Samba +%v in 2.0

+
+

Allowable values: string

+ +

+Sets the name that appears beside a server in browse lists. Honors the +%v (Samba version number) and +%h (hostname) variables.

+
+
+
+

 

+ +
+
set directory = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Allows DEC Pathworks client to use the +set dir command.

+
+
+
+

 

+ +
+
[global] shared file entries = number +

Default: 113

+
+

Allowable values: number

+ +

+Obsolete; do not use.

+
+
+
+

 

+ +
+
shared mem size = bytes +

Default: 102400

+
+

Allowable values: size in bytes

+ +

+If compiled with FAST_SHARE_MODES (mmap), sets the shared memory size in bytes. Avoid changing.

+
+
+
+

 

+ +
+
[global] smb passwd file = path +

Default: +/usr/local/samba/private/smbpasswd

+
+

Allowable values: Unix pathname

+ +

+Overrides compiled-in path to password file if +encrypted passwords += +yes.

+
+
+
+

 

+ +
+
[global] smbrun = /absolute_ path/command +

Default: compiled-in value

+
+

Allowable values: smbrun command

+ +

+Overrides compiled-in path to +smbrun binary. Avoid changing.

+
+
+
+

 

+ +
+
share modes = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If set to YES, this option supports Windows-style whole-file (deny mode) locks.

+
+
+
+

 

+ +
+
short preserve case = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, leaves mangled 8.3-style filenames in the case sent by client. If no, it forces the case to that specified by the +default case option. See also +preserve case.

+
+
+
+

 

+ +
+
[global] socket address = IP address +

Default: NULL

+
+

Allowable values: IP address

+ +

+Sets address on which to listen for connections. Default is to listen to all addresses. Used to support multiple virtual interfaces on one server. Highly discouraged.

+
+
+
+

 

+ +
+
[global] socket options = socket option list +

Default: NULL

+
+

Allowable values: list

+ +

+Sets OS-specific socket options. +SO_KEEPALIVE has TCP check clients every 4 hours to see if they are still accessible. +TCP_NODELAY sends even tiny packets to keep delay low. Recommended wherever the operating system supports them. See Appendix B, Samba Performance Tuning, for more information.

+
+
+
+

 

+ + + +
+
[global] source environment = string +

Default: NULL

+
+

Allowable values: pathname

+ +

+This pathname parameter causes Samba to read a list of environment +variables from a named file on startup. This can be useful in setting +up Samba in a clustered environment. This is new in 2.0.7.

+ +

The file must be owned by root and not be world writable, +and if the filename begins with a "|" (pipe) character, it must point to +a command which is neither world writable nor resides +in a world writable directory.

+ +

The data should be in the form of lines such as +SAMBA_NETBIOS_NAME=myhostname. +This variable will then be available in the smb.conf files as $%SAMBA_NETBIOS_NAME.

+ +
+
+
+

 

+ + +
+
[global] status = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+If YES, logs connections to a file (or shared memory) accessible to +smbstatus.

+
+
+
+

 

+ +
+
strict sync = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, Samba will synchronize to disk whenever the client sets the sync bit in a packet. If set to NO, Samba flushes data to disk whenever buffers fill. Defaults to NO because Windows 98 Explorer sets the bit (incorrectly) in all packets. Introduced in Samba 1.9.18p10.

+
+
+
+

 

+ +
+
strict locking = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, Samba checks locks on every access, not just on demand and at open time. Not recommended.

+
+
+
+

 

+ +
+
[global] strip dot = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Removes trailing dots from filenames. Use +mangled map instead.

+
+
+
+

 

+ +
+
[global] syslog = number +

Default: 1

+
+

Allowable values: number

+ +

+Sets number of Samba log messages to send to +syslog. Higher is more verbose. The +syslog.conf file must have suitable logging enabled.

+
+
+
+

 

+ +
+
[global] syslog only = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, log only to +syslog, not standard Samba log files.

+
+
+
+

 

+ +
+
sync always = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set to YES, Samba calls + fsync(3) after every write. Avoid except for debugging crashing servers.

+
+
+
+

 

+ +
+
[global] time offset = minutes +

Default: 0

+
+

Allowable values: minutes

+ +

+Sets number of minutes to add to system time zone calculation. Provided to fix a client daylight-savings bug; not recommended.

+
+
+
+

 

+ +
+
[global] time server = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If YES, +nmbd will provide time service to its clients.

+
+
+
+

 

+ +
+
unix password sync = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set, will attempt to change the user's Unix password whenever the user changes his or her SMB password. Used to ease synchronization of Unix and Microsoft password databases. Added in Samba 1.9.18p4. See also +passwd chat.

+
+
+
+

 

+ +
+
unix realname = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+If set, will provide the GCOS field of +/etc/passwd to the client as the user's full name.

+
+
+
+

 

+ +
+
update encrypted = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+Updates the Microsoft-format password file when a user logs in with unencrypted passwords. Provided to ease conversion to encryped passwords for Windows 95/98 and NT. Added in Samba 1.9.18p5.

+
+
+
+

 

+ +
+
user = comma-separated list +

Default: NULL

+
+

Allowable values: comma-separated list of user names

+ +

+Synonym for +username.

+
+
+
+

 

+ +
+
username = comma-separated list +

Default: NULL

+
+

Allowable values: comma-separated list of user names

+ +

+Sets a list of users to try to log in as for a share or shares with share-level security. Synonyms are +user and +users. Discouraged. Use +NET USE \\server\share %user from the client instead.

+
+
+
+

 

+ +
+
username level = number +

Default: 0

+
+

Allowable values: number

+ +

+Number of uppercase letter permutations allowed to match Unix usernames. Workaround for Windows feature (single-case usernames). Use is discouraged.

+
+
+
+

 

+ +
+
[global] username map = pathname +

Default: NULL

+
+

Allowable values: pathname

+ +

+Names a file of Unix-to-Windows name pairs; used to map different spellings of account names and those Windows usernames longer than eight characters.

+
+
+
+

 

+ + +
+
[global] utmp = boolean +

Default: NO

+
+

Allowable values: YES, NO

+ +

+This is available if Samba has been configured with the option + --with-utmp. +If set, Samba will add utmp/utmpx records whenever a +connection is made to a Samba server. New in 2.0.7, sites may use this +to record the user connecting to a Samba share. +

+
+
+
+

 

+ + +
+
[global] utmp directory = string +

Default: NULL

+
+

Allowable values: pathname

+ +

+This is available if Samba has been configured with the option +--with-utmp. If it and +utmp are set, Samba will look in the specified directory +insteqad of the default system directory for utmp/utmpx files. +New in 2.0.7, also called utmp dir. +

+
+
+
+

 

+ +
+
write cache size = decimal number +

Default: 0 (Disabled)

+
+

Allowable values: decimal number of bytes

+ +

+Sets the size of a write buffer that Samba uses to pre-accumulate +write into, so as to write with a particular size that's optimal for +a given filesystem. Typically this is used with RAID drives, which +have a preferred write size, systems with large memory and slow disks, etc.

+ +

As of Samba 2.0.7, this applies to the first 10 oplocked files, +which are also found in shares where this option is set. +

+
+
+
+

 

+ + +
+
write ok = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Synonym of the +writable configuration option.

+
+
+
+

 

+ +
+
[global] write raw = boolean +

Default: YES

+
+

Allowable values: YES, NO

+ +

+Allows fast streaming writes over TCP, using 64KB buffers. Recommended.

+
+
+ +

Glossary of Configuration Values

+
+
Address list
+

+A space-separated list of IP addresses in ###.###.###.### format.

+Comma-separated list
+

+A list of items separated by commas.

+Command
+

+A Unix command, with full path and parameters.

+Host list
+

+A space-separated list of hosts. Allows IP addresses, address masks, domain names, ALL, and EXCEPT

+Interface list
+

+A space-separated list of interfaces, in either address/netmask or address/n-bits format. For example, 192.168.2.10/24 or 192.168.2.10/255.255.255.0

+Map list
+

+A space-separated list of file-remapping strings such as +(*.html +*.htm).

+Remote list
+

+A space-separated list of subnet-broadcast-address/workgroup pairs. For example, 192.168.2.255/SERVERS 192.168.4.255/STAFF.

+Service (share) list
+

+A space-separated list of share names, without the enclosing square brackets.

+Slash-list
+

+A list of filenames, separated by "/" characters to allow embedded spaces. For example, +/.*/fred +flintstone/*.frk/.

+Text
+

+One line of text.

+User list
+

+A space-separated list of usernames. In Samba 1.9, +@group-name will include everyone in Unix group +group-name. In Samba 2.0, +@group-name includes whomever is in the NIS netgroup +group_name if one exists, otherwise whomever is in the Unix group +group_name. In addition, + +group_name is a Unix group, & +group_name is an NIS netgroup, and &+ and +& cause an ordered search of both Unix and NIS groups.

+
+

Configuration File Variables

+

+ +Table C.1 lists of Samba configuration file variables.


+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Table C.1: Variables in Alphabetic Order
+

+Name

 +

+Meaning

+

+ +%a

 +

+Client's architecture (one of Samba, WfWg, WinNT, Win95, or UNKNOWN)

+

+ +%d

 +

+Current server process's processID

+

+ +%f

 +

+Print-spool file as a relative path (printing only)

+

+ +%f

 +

+User from which a message was sent (messages only)

+

+ +%G

 +

+Primary group name of +%U (requested username)

+

+ +%g

 +

+Primary group name of +%u (actual username)

+

+ +%H

 +

+Home directory of +%u (actual username)

+

+ +%h

 +

+Samba server's (Internet) hostname

+

+ +%I

 +

+Client's IP address

+

+ +%j

 +

+Print job number (printing only)

+

+ +%L

 +

+Samba server's NetBIOS name (virtual servers have multiple names)

+

+ +%M

 +

+Client's (Internet) hostname

+

+ +%m

 +

+Client's NetBIOS name

+

+ +%n

 +

+New password (password change only)

+

+ +%N

 +

+Name of the NIS home directory server (without NIS, same as +%L)

+

+ +%o

 +

+Old password (password change only)

+

+ +%P

 +

+Current share's root directory (actual)

+

+ +%p

 +

+Current share's root directory (in an NIS homedir map)

+

+ +%p

 +

+Print filename (printing only)

+

+ +%R

 +

+Protocol level in use (one of CORE, COREPLUS, LANMAN1, LANMAN2, or NT1)

+

+ +%S

 +

+Current share's name

+

+ +%s

 +

+Filename the message is in (messages only)

+

+ +%s

 +

+Print-spool file name (printing only)

+

+ +%T

 +

+Current date and time

+

+ +%t

 +

+Destination machine (messages only)

+

+ +%u

 +

+Current share's username

+

+ +%U

 +

+Requested username for current share

+

+ +%v

 +

+Samba version

+
+
+
+ + +
+ +Previous: B.3 Sizing Samba Servers + + + +Next: D. Summary of Samba Daemons and Commands
+B.3 Sizing Samba Servers + +Book Index +D. Summary of Samba Daemons and Commands
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appd_01.html b/docs/htmldocs/using_samba/appd_01.html new file mode 100644 index 00000000000..5e3bd16aa46 --- /dev/null +++ b/docs/htmldocs/using_samba/appd_01.html @@ -0,0 +1,1907 @@ + + +Appendix D + + + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: C. Samba Configuration Option Quick Reference + + +Appendix D + +Next: E. Downloading Samba with CVS
 
+ + +
+
+

Appendix D
+Summary of Samba Daemons and Commands

+ +

+This appendix is a reference listing of command-line options and other information to help you use the executables that come with Samba distribution. + +

+

Samba Distribution Programs

+

The following sections provide information about the command-line parameters for Samba programs.

+
+

smbd

+

The smbd + program provides Samba's file and printer services, using one TCP/IP stream and one daemon per client. It is controlled from the default configuration file, samba_dir/lib/smb.conf, and can be overridden by command-line options.

+

The configuration file is automatically re-evaluated every minute. If it has changed, most new options are immediately effective. You can force Samba to immediately reload the configuration file if you send a SIGHUP to smbd +. Reloading the configuration file, however, will not affect any clients that are already connected. To escape this "grandfather" configuration, a client would need to disconnect and reconnect, or the server itself would have to be restarted, forcing all clients to reconnect.

+
+

Other signals

+

To shut down a smbd + process, send it the termination signal SIGTERM (-15) which allows it to die gracefully instead of a SIGKILL (-9). To increment the debug logging level of smbd + at runtime, send the program a SIGUSR1 signal. To decrement it at runtime, send the program a SIGUSR2 signal.

+
+
+

Command-line options

+
+
+

-D +

+
    +
  • The smbd + program is run as a daemon. This is the recommended way to use smbd (it is also the default action). In addition, smbd can also be run from inetd.
    • +
+
+
+

-d + debuglevel +

+
    +
  • Sets the debug (sometimes called logging) level. The level can range from 0 all the way to 10. Specifying the value on the command line overrides the value specified in the smb.conf + file. Debug level 0 logs only the most important messages; level 1 is normal; levels 3 and above are primarily for debugging and slow smbd + considerably.
    • +
+
+

-h +

+
    +
  • Prints command-line usage information for the smbd + program.
    • +
+
+

Testing/debugging options

+
+
+
+

-a +

+
    +
  • If this is specified, each new connection to the Samba server will append all logging messages to the log file. This option is the opposite of -o, and is the default.
    • +
+
+
+

-i + scope +

+
    +
  •  
    • +
  • This sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backwards compatibility.
    • +
+
+
+
+

-l + log_file +

+
    +
  • Send the log messages to somewhere other than the location compiled in or specified in the smb.conf file. The default is often /usr/local/samba/var/log.smb, /usr/samba/var/log.smb, or /var/log/log.smb. The first two are strongly discouraged on Linux, where /usr + may be a read-only filesystem.
    • +
+
+
+

-O + socket_options +

+
    +
  • This sets the TCP/IP socket options, using the same parameters as the socket + options + configuration option. It is often used for performance tuning and testing.
    • +
+
+

-o +

+
    +
  • This option is the opposite of -a. It causes log files to be overwritten when opened. Using this option saves hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.
    • +
+
+
+

-P +

+
    +
  • This option forces smbd + not to send any network data out. This option is typically used only by Samba developers.
    • +
+
+
+

-P +

+
    +
  • This option forces smbd + not to send any network data out. This option is typically used only by Samba developers.
    • +
+
+
+
+

-p + port_number +

+
    +
  • This sets the TCP/IP port number that the server will accept requests from. Currently, all Microsoft clients send only to the default port: 139.
    • +
+
+
+

-s + configuration_file +

+
    +
  • Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command line, typically for debugging.
    • +
+
+
+
+

nmbd

+

The nmbd + program is Samba's NetBIOS name and browsing daemon. It replies to broadcast NetBIOS over TCP/IP (NBT) name-service requests from SMB clients and optionally to Microsoft's Windows Internet Name Service (WINS) requests. Both of these are versions of the name-to-address lookup required by SMB clients. The broadcast version uses UDP/IP broadcast on the local subnet only, while WINS uses TCP/IP, which may be routed. If running as a WINS server, nmbd + keeps a current name and address database in the file wins.dat in the samba_dir/var/locks directory.

+

An active nmbd + program can also respond to browsing protocol requests used by the Windows Network Neighborhood. Browsing is a combined advertising, service announcement, and active directory protocol. This protocol provides a dynamic directory of servers and the disks and printers that the servers are providing. As with WINS, this was initially done by making UDP/IP broadcasts on the local subnet. Now, with the concept of a local master browser, it is done by making TCP/IP connections to a server. If nmbd + is acting as a local master browser, it stores the browsing database in the file browse.dat in the samba_dir/var/locks directory.

+
+

Signals

+

Like smbd, the nmbd program responds to several Unix signals. Sending nmbd + a SIGHUP signal will cause it to dump the names it knows about to the file namelist.debug + in the samba_dir +/locks + directory and its browsing database to the browse.dat +file in the same directory. To shut down a nmbd + process send it a SIGTERM (-15) signal instead of a SIGKILL (-9) to allow it to die gracefully. You can increment the debug logging level of nmbd + by sending it a SIGUSR1 signal; you can decrement it by sending a SIGUSR2 signal.

+
+
+

Command-line options

+
+
+

-D +

+
    +
  • Instructs the nmbd + program to run as a daemon. This is the recommended way to use nmbd. In addition, nmbd can also be run from inetd.
    • +
+
+
+

-d + debuglevel +

+
    +
  • Sets the debug (sometimes called logging) level. The level can range from 0, all the way to 10. Specifying the value on the command line overrides the value specified in the smb.conf + file. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging, and slow nmbd + considerably.
    • +
+
+

-h +

+
    +
  • Prints command-line usage information for the nmbd program (also -?).
    • +
+
+

Testing/debugging options

+
+
+
+

-a +

+
    +
  • If this is specified, each new connection to the Samba server will append all logging messages to the log file. This option is the opposite of -o, and is the default.
    • +
+
+
+
+

-H + hosts_ file +

+
    +
  • This option loads a standard hosts + file for name resolution.
    • +
+
+
+

-i + scope +

+
    +
  • This sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.
    • +
+
+
+

-l + log_file +

+
    +
  • Sends the log messages to somewhere other than the location compiled-in or specified in the smb.conf file. The default is often /usr/local/samba/var/log.nmb, /usr/samba/var/log.nmb, or /var/log/log.nmb. The first two are strongly discouraged on Linux, where /usr + may be a read-only filesystem.
    • +
+
+
+

-n + NetBIOS_name +

+
    +
  • This option allows you to override the NetBIOS name by which the daemon will advertise itself. Specifying the option on the command line overrides the netbios + name + option in the Samba configuration file.
    • +
+
+
+

-O + socket_options +

+
    +
  • This sets the TCP/IP socket options, using the same parameters as the socket + options + configuration option. It is often used for performance tuning and testing.
    • +
+
+

-o +

+
    +
  • This option is the opposite of -a +. It causes log files to be overwritten when opened. Using this option saves hunting for the right log entries if you are performing a series of tests and inspecting the log file each time.
    • +
+
+
+
+

-p + port_number +

+
    +
  • This sets the UDP/IP port number from which the server will accept requests. Currently, all Microsoft clients send only to the default port: 137.
    • +
+
+
+

-s + configuration_file +

+
    +
  • Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command line, typically for debugging.
    • +
+
+
+

-v +

+
    +
  • This option prints the current version of Samba.
    • +
+
+
+
+

Samba Startup File

+

Samba is normally started by running it from your Unix system's rc + files at boot time. For systems with a System V-like set of /etc/rcN.d + directories, this can be done by placing a suitably named script in the /rc + directory. Usually, the script starting Samba is called S91samba +, while the script stopping or "killing" Samba is called K91samba. +On Linux, the usual subdirectory for the scripts is /etc/rc2.d. + On Solaris, the directory is /etc/rc3.d +. For machines with /etc/rc.local + files, you would normally add the following lines to that file:

+

/usr/local/samba/bin/smbd -D

+

/usr/local/samba/bin/nmbd -D

+

The following example script supports two extra commands, status + and restart, in addition to the normal start + and stop + for System V machines:

+ +
+#!/bin/sh
+#
+# /etc/rc2.d./S91Samba  --manage the SMB server in a System V manner
+#
+OPTS="-D"
+#DEBUG=-d3
+PS="ps  ax"
+SAMBA_DIR=/usr/local/samba
+case "$1" in
+'start')
+	echo "samba "
+	$SAMBA_DIR/bin/smbd $OPTS $DEBUG
+	$SAMBA_DIR/bin/nmbd $OPTS $DEBUG
+	;;
+'stop')
+	echo "Stopping samba"
+	$PS | awk '/usr.local.samba.bin/ { print $1}' |\
+	xargs kill
+	;;
+'status')
+	x=`$PS | grep -v grep | grep '$SAMBA_DIR/bin'`
+	if [ ! "$x" ]; then
+		echo "No samba processes running"
+	else
+		echo "  PID TT STAT  TIME COMMAND"
+		echo "$x"
+	fi
+	;;
+'restart')
+	/etc/rc2.d/S91samba stop
+	/etc/rc2.d/S91samba start
+	/etc/rc2.d/S91samba status
+	;;
+*)
+	echo "$0: Usage error -- you must say $0 start, stop, status or restart."
+	;;
+esac
+exit
+
+

You'll need to set the actual paths and ps + options to suit the machine you're using. In addition, you might want to add additional commands to tell Samba to reload its smb.conf + file or dump its nmbd + tables, depending on your actual needs.

+
+
+

smbsh

+

The smbsh + program lets you use a remote Windows share on your Samba server as if the share was a regular Unix directory. When it's run, it provides an extra directory tree under /smb. Subdirectories of /smb + are servers, and subdirectories of the servers are their individual disk and printer shares. Commands run by smbsh + treat the /smb + filesystem as if it were local to Unix. This means that you don't need smbmount + in your kernel to mount Windows filesystems the way you mount with NFS filesystems. However, you do need to configure Samba with the --with-smbwrappers + option to enable smbsh.

+
+

Options

+
+
+

-d + debuglevel

+
    +
  • Sets the debug (sometimes called logging) level. The level can range from 0, the default, all the way to 10. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging, and slow smbsh + considerably.
    • +
+
+
+

-l + logfile +

+
    +
  • Sets the name of the logfile to use.
    • +
+
+
+

-P + prefix +

+
    +
  • Sets the root directory to mount the SMB filesystem. The default is /smb.
    • +
+
+
+

-R + resolve order +

+
    +
  • Sets the resolve order of the name servers. This option is similar to the resolve order + configuration option, and can take any of the four parameters, lmhosts, host, wins, and bcast, in any order.
    • +
+
+
+

-U + user +

+
    +
  • Supports user%password. +
    • +
+
+
+

-W + workgroup +

+
    +
  • Sets the NetBIOS workgroup to which the client will connect.
    • +
+
+
+
+

smbclient

+

The smbclient + program is the maid-of-all-work of the Samba suite. Initially intended as a testing tool, it has become a full command-line Unix client, with an FTP-like interactive client. Some of its options are still used for testing and tuning, and it makes a simple tool for ensuring that Samba is running on a server.

+

It's convenient to look at smbclient + as a suite of programs:

+
    +
  • FTP-like interactive file transfer program
    • +
  • Interactive printing program
    • +
  • Interactive tar program
    • +
  • Command-line message program
    • +
  • Command-line tar + program (but see smbtar + later)
    • +
  • "What services do you have" query program
    • +
  • Command-line debugging program
    • +
+
+

General command-line options

+

The program has the usual set of smbd +-like options, which apply to all the interactive and command-line use. The syntax is:

+

smbclient //server_name +/share_name + [password +] [-options +]

+

Here is an explanation of each of the command-line options:

+
+
+

-d + debug_level +

+
    +
  • Sets the debug (logging) level, from 0 to 10, with A + for all. Overrides the value in smb.conf. Debug level 0 logs only the most important messages; level 1 is normal; debug level 3 and above are for debugging, and slow smbclient + considerably.
    • +
+
+

-h +

+
    +
  • Prints the command-line help information (usage) for smbclient.
    • +
+
+
+
+

-n + NetBIOS_name +

+

Allows you to override the NetBIOS name by which the program will advertise itself.

+
+

Smbclient operations

+

Running smbclient//server_name/share + will cause it to prompt you for a username and password. If the login is successful, it will connect to the share and give you a prompt much like an FTP prompt (the backslash in the prompt will be replaced by the current directory within the share as you move around the filesystem):

+

smb:\>

+

From this command line, you can use several FTP-like commands, as listed below. Arguments in square brackets are optional.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

 

+

smbclient Commands

+
+

Command

+		 +

Description

+
+

? + command +

+		 +

Provides list of commands or help on specified command.

+
+

help + [command]

+		 +

Provides list of commands or help on specified command.

+
+

! + [command]

+		 +

If a command is specified, it will be run in a local shell. If not, you will be placed into a local shell on the client.

+
+

dir + [filename]

+		 +

Displays any files matching filename + in the current directory on the server, or all files if filename + is omitted.

+
+

ls + [filename]

+		 +

Displays any files matching filename + in the current directory on the server, or all files if filename + is omitted.

+
+

cd + [directory]

+		 +

If directory + is specified, changes to the specified directory on the remote server. If not, reports the current directory on the remote machine.

+
+

lcd + [directory]

+		 +

If directory + is specified, the current directory on the local machine will be changed. If not, the name of the current directory on the local machine will be reported.

+
+

get + remotefile +[localfile]

+		 +

Copies the file remotefile to the local machine. If a localfile + is specified, uses that name to copy the file to. Treats the file as binary; does not + do LF to CR/LF conversions.

+
+

put + localfile +[remotefile]

+		 +

Copies localfile + to the remote machine. If a remotefile + is specified, uses that as the name to copy to on the remote server. Treats the file as binary; does not + do LF to CR/LF conversions.

+
+

mget + pattern +

+		 +

Gets all files matching pattern + from the remote machine.

+
+

mput + pattern +

+		 +

Places all local files matching pattern + on the remote machine.

+
+

prompt +

+		 +

Toggles interactive prompting on and off for mget and mput.

+
+

lowercase ON +
+ +(or OFF)

+		 +

If lowercase is on, smbclient + will convert filenames to lowercase during an mget + or get + (but not a mput or put).

+
+

del + filename +

+		 +

Delete a file on the remote machine.

+
+

md + directory +

+		 +

Create a directory on the remote machine.

+
+

mkdir + directory +

+		 +

Create a directory on the remote machine.

+
+

rd + directory +

+		 +

Remove the specified directory on the remote machine.

+
+

rmdir + directory +

+		 +

Remove the specified directory on the remote machine.

+
+

setmode + filename + [+|-]rsha +

+		 +

Set DOS filesystem attribute bits, using Unix-like modes. r + is read-only, s + is system, h + is hidden, and a + is archive.

+
+

exit +

+		 +

Exits smbclient.

+
+

quit +

+		 +

Exits smbclient.

+
+

There are also mask and recursive commands for large copies; see the smbclient + manual page for details on how to use these. With the exception of mask, recursive, and the lack of an ASCII transfer mode, smbclient + works exactly the same as FTP. Note that because it does binary transfers, Windows files copied to Unix will have lines ending in carriage-return and linefeed (\r\n), not Unix's linefeed (\n).

+
+
+

Printing commands

+

The smbclient + program can also be used for access to a printer by connecting to a print share. Once connected, the commands shown below can be used to print.

+ + + + + + + + + + + + + + + + + + +
+

 

+

smbclient Printing Commands

+
+

Command

+		 +

Description

+
+

print + filename +

+		 +

Prints the file by copying it from the local machine to the remote one and then submitting it as a print job there.

+
+

printmode + text +| graphics +

+		 +

Instructs the server that the following files will be plain text (ASCII) or the binary graphics format that the printer requires. It's up to the user to ensure that the file is indeed the right kind.

+
+

queue +

+		 +

Displays the queue for the print share you're connected to, showing job ID, name, size, and status.

+
+
+
+
+

Finally, to print from the smbclient, use the -c + option:

+

cat printfile + | smbclient //server +/printer_name + -c "print -"

+
+

Tar commands

+

smbclient + can tar up files from a file share. This is normally done from the command line using the smbtar + command, but the commands shown below are also available interactively.

+ + + + + + + + + + + + + + + + + + +
+

 

+

smbclient Tar Commands

+
+

Command

+		 +

Description

+
+

tar c|x[IXbgNa] + operands +

+		 +

Performs a creation or extraction tar similar to the command-line program.

+
+

blocksize + size +

+		 +

Sets the block size to be used by tar, in 512-byte blocks.

+
+

tarmode full|inc|reset|
+ +noreset +

+		 +

Makes tar + pay attention to DOS archive bit for all following commands. In full + mode (the default), tar + will back up everything. In inc + (incremental) mode, tar + will back up only those files with the archive bit set. In reset + mode, tar + will reset the archive bit on all files it backs up (this requires the share to be writable), and in noreset + mode the archive bit will not be reset even after the file has been backed up.

+
+
+
+

Command-line message program options

+
+
+
+

-M + NetBIOS_machine_name +

+
    +
  • This option allows you to send immediate messages using the WinPopup protocol to another computer. Once a connection is established, you can type your message, pressing control-D to end. If WinPopup is not running on the receiving machine, the program returns an error.
    • +
+
+
+

-U + user +

+
    +
  • This +option allows you to indirectly control the FROM part of the message.
    • +
+
+

Command-line tar program options

+

The -T + (tar), -D + (starting directory), and -c + (command) options are used together to tar up files interactively. This is better done with smbtar, which will be discussed shortly. We don't recommend using smbclient + directly as a tar + program.

+
+
+
+

-D + initial_directory +

+
    +
  • Changes to initial directory before starting.
    • +
+
+
+

-c + command_string +

+
    +
  • Passes a command string to the smbclient + command interpreter, which treats it as a semicolon-separated list of commands to be executed. This is handy to say things such as tarmode inc, for example, which forces smbclient + -T + to back up only files with the archive bit set.
    • +
+
+
+

-T + command filename +

+
    +
  • Runs the tar + driver, which is gtar + compatible. The two main commands are: c + (create) and x + (extract), which may be followed by any of:
    • +
+
+

a +

+

Resets archive bits once files are saved.

+
+
+
b + size +
+

Sets blocksize in 512-byte units.

+
+

g +

+

Backs up only files with the archive bit set.

+
+
+
+
I + file +
+

Includes files and directories (this is the default). Does not do pattern-matching.

+
+
+
N + filename +
+

Backs up only those files newer than filename. +

+
+

q +

+

Does not produce diagnostics.

+
+
+
+
X + file +
+

Excludes files.

+
+

Command-line query program

+

If smbclient + is run as:

+

smbclient -L server_name +

+

it will list the shares and other services that machine provides. This is handy if you don't have smbwrappers. It can also be helpful as a testing program in its own right.

+
+
+

Command-line debugging /diagnostic program options

+

Any of the various modes of operation of smbclient + can be used with the debugging and testing command-line options:

+
+
+
+
+

-B + IP_addr +

+
    +
  • Sets the broadcast address.
    • +
+
+
+

-d + debug_level +

+
    +
  • Sets the debug (sometimes called logging) level. The level can range from 0 all the way to 10. In addition, you can specify A + for all debugging options. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging and slow operations considerably.
    • +
+
+

-E +

+
    +
  • Sends all messages to stderr instead of stdout.
    • +
+
+
+
+

-I + IP_address +

+
    +
  • Sets the IP address of the server to which it connects.
    • +
+
+
+

-i + scope +

+
    +
  • This sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.
    • +
+
+
+

-l + log_file +

+
    +
  • Sends the log messages to the specified file.
    • +
+
+

-N +

+
    +
  • Suppresses the password prompt. Unless a password is specified on the command line or this parameter is specified, the client will prompt for a password.
    • +
+
+
+
+

-n + NetBIOS_name +

+

This option allows you to override the NetBIOS name by which the daemon will advertise itself.

+
+
+

-O + socket_options +

+
    +
  • Sets the TCP/IP socket options using the same parameters as the socket + options + configuration option. It is often used for performance tuning and testing.
    • +
+
+
+

-p + port_number +

+
    +
  • Sets the port number from which the client will accept requests.
    • +
+
+
+

-R + resolve_order +

+
    +
  • Sets the resolve order of the name servers. This option is similar to the resolve + order + configuration option, and can take any of the four parameters, lmhosts, host, wins, and bcast, in any order.
    • +
+
+
+

-s + configuration_file +

+
    +
  • Specifies the location of the Samba configuration file. Used for debugging.
    • +
+
+
+

-t + terminal_code +

+
    +
  • Sets the terminal code for Asian languages.
    • +
+
+
+

-U + username +

+
    +
  • Sets the username and optionally password (e.g., -U + fred%secret).
    • +
+
+
+

-W + workgroup +

+
    +
  • Specifies the workgroup that you want the client to connect as.
    • +
+

If you want to test a particular name service, run smbclient + with -R + and just the name of the service. This will force smbclient + to use only the service you gave. +

+
+
+
+

smbstatus

+

The smbstatus + program lists the current connections on a Samba server. There are three separate sections. The first section lists various shares that are in use by specific users. The second section lists the locked files that Samba currently has on all of its shares. Finally, the third section lists the amount of memory usage for each of the shares. For example:

+
+# smbstatus
+
+Samba version 2.0.3
+Service      uid      gid      pid     machine
+----------------------------------------------
+network      davecb   davecb   7470   phoenix  (192.168.220.101) Sun May 16 
+network      davecb   davecb   7589   chimaera (192.168.220.102) Sun May 16 
+ 
+Locked files:
+Pid    DenyMode   R/W        Oplock           Name
+--------------------------------------------------
+7589   DENY_NONE  RDONLY   EXCLUSIVE+BATCH  /home/samba/quicken/inet/common/system/help.bmp   Sun May 16 21:23:40 1999
+7470   DENY_WRITE RDONLY   NONE             /home/samba/word/office/findfast.exe              Sun May 16 20:51:08 1999
+7589   DENY_WRITE RDONLY   EXCLUSIVE+BATCH  /home/samba/quicken/lfbmp70n.dll                  Sun May 16 21:23:39 1999
+7589   DENY_WRITE RDWR     EXCLUSIVE+BATCH  /home/samba/quicken/inet/qdata/runtime.dat        Sun May 16 21:23:41 1999
+7470   DENY_WRITE RDONLY   EXCLUSIVE+BATCH  /home/samba/word/office/osa.exe                   Sun May 16 20:51:09 1999
+7589   DENY_WRITE RDONLY   NONE             /home/samba/quicken/qversion.dll                  Sun May 16 21:20:33 1999
+7470   DENY_WRITE RDONLY   NONE             /home/samba/quicken/qversion.dll                  Sun May 16 20:51:11 1999
+ 
+Share mode memory usage (bytes):
+   1043432(99%) free + 4312(0%) used + 832(0%) overhead = 1048576(100%) total
+
+
+

Options

+
+
+

-b +

+
    +
  • Forces smbstatus + to produce brief output. This includes the version of Samba and auditing information about the users that have logged into the server.
    • +
+
+
+

-d +

+
    +
  • Gives verbose output, including each of the three reporting sections listed in the previous example. This is the default.
    • +
+
+
+

-L +

+
    +
  • Forces smbstatus + to print only the current file locks it has. This corresponds to the second section in a verbose output.
    • +
+
+
+

-p +

+
    +
  • Prints a list of smbd + process IDs only. This is often used for scripts.
    • +
+
+
+

-S +

+
    +
  • Prints only a list of shares and their connections. This corresponds to the first section in a verbose output.
    • +
+
+
+

-s + configuration_file +

+
    +
  • Sets the Samba configuration file to use when processing this command.
    • +
+
+
+

-u + username +

+
    +
  • Limits the smbstatus + report to the activity of a single user.
    • +
+
+
+
+

smbtar

+

The smbtar + program is a shell script on top of smbclient + that gives the program more intelligible options when doing tar operations. Functionally, it is equivalent to the Unix tar + program.

+
+

Options

+
+
+

-a +

+
    +
  • Resets the archive bit mode
    • +
+
+
+

-b + blocksize +

+
    +
  • Blocking size. Defaults to 20.
    • +
+
+
+

-d + directory +

+
    +
  • Changes to initial directory before restoring or backing up files.
    • +
+
+

-i +

+
    +
  • Incremental mode; tar files are backed up only if they have the DOS archive bit set. The archive bit is reset after each file is read.
    • +
+
+
+
+

-l + log_level +

+
    +
  • Sets the logging level.
    • +
+
+
+

-N + filename +

+
    +
  • Backs up only the files newer than the last modification date of filename. For incremental backups.
    • +
+
+
+

-p + password +

+
    +
  • Specifies the password to use to access a share.
    • +
+
+

-r +

+
    +
  • Restores files to the share from the tar file.
    • +
+
+
+
+

-s + server +

+
    +
  • Specifies the SMB/CIFS server in which the share resides.
    • +
+
+
+

-t + tape +

+
    +
  • Tape device or file. Default is the value of the environment variable $TAPE, or tar.out + if $TAPE + isn't set.
    • +
+
+
+

-u + user +

+
    +
  • Specifies the user to connect to the share as. You can specify the password as well, in the format username%password.
    • +
+
+

-v +

+
    +
  • Specifies the use of verbose mode.
    • +
+
+
+
+

-X + file +

+
    +
  • Tells smbtar + to exclude the specified file from the tar + create or restore.
    • +
+
+
+

-x + share +

+
    +
  • States the share name on the server to connect to. The default is backup, which is a common share name to perform backups with.
    • +
+
+
+

For example, a trivial backup command to archive the data for user sue + is:

+

# smbtar -s pc_name -x sue -u sue -p secret -t sue.tar +

+
+
+
+

nmblookup

+

The nmblookup + program is a client program that exercises the NetBIOS-over-UDP/IP name service for resolving NBT machine names into IP addresses. The command works by broadcasting its queries on the local subnet until a machine with that name responds. You can think of it as a Windows nslookup(1) +or dig(1). +This is useful for looking up both normal NetBIOS names, and the odd ones like __MSBROWSE__ + that the Windows name services use to provide directory-like services. If you wish to query for a particular type of NetBIOS name, add the NetBIOS <type> + to the end of the name.

+

The command line is:

+

nmblookup [-options] name +

+

The options supported are:

+
+

-A +

+
    +
  • Interprets name + as an IP address and do a node-status query on this address.
    • +
+
+
+

-B + broadcast _address +

+
    +
  • Sends the query to the given broadcast address. The default is to send the query to the broadcast address of the primary network interface.
    • +
+
+
+

-d + debuglevel +

+
    +
  • Sets the debug (sometimes called logging) level. The level can range from 0 all the way to 10. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging and slow the program considerably.
    • +
+
+

-h +

+
    +
  • Prints command-line usage information for the program.
    • +
+
+
+
+

-i + scope +

+
    +
  • Sets a NetBIOS scope identifier. Only machines with the same identifier will communicate with the server. The scope identifier was a predecessor to workgroups, and this option is included only for backward compatibility.
    • +
+
+

-M +

+
    +
  • Searches for a local master browser. This is done with a broadcast searching for a machine that will respond to the special name __MSBROWSE__, and then asking that machine for information, instead of broadcasting the query itself.
    • +
+
+
+

-R +

+
    +
  • Sets the recursion desired bit in the packet. This will cause the machine that responds to try to do a WINS lookup and return the address and any other information the WINS server has saved.
    • +
+
+
+

-r +

+
    +
  • Use the root port of 137 for Windows 95 machines.
    • +
+
+
+

-S +

+
    +
  • Once the name query has returned an IP address, does a node status query as well. This returns all the resource types that the machine knows about, with their numeric attributes. For example:
    • +
+
+% nmblookup -d 4 -S elsbeth
+received 6 names
+      ELSBETH                <00> - <GROUP> B <ACTIVE>
+      ELSBETH                <03> -         B <ACTIVE>
+      ELSBETH                <1d> -         B <ACTIVE>
+      ELSBETH                <1e> - <GROUP> B <ACTIVE>
+      ELSBETH                <20> -         B <ACTIVE>
+      ..__MSBROWSE__..       <01> - <GROUP> B <ACTIVE>
+
+
+
+
+

-s + configuration_file +

+
    +
  • Specifies the location of the Samba configuration file. Although the file defaults to /usr/local/samba/lib/smb.conf, you can override it here on the command-line, normally for debugging.
    • +
+
+

-T +

+
    +
  • This option can be used to translate IP addresses into resolved names.
    • +
+
+
+
+

-U + unicast_address +

+
    +
  • Performs a unicast query to the specified address. Used with -R + to query WINS servers.
    • +
+

Note that there is no workgroup option for nmblookup; you can get around this by putting workgroup + = + workgroup_name +in a file and passing it to nmblookup + with the -s + smb.conf_file + option.

+
+
+
+

smbpasswd

+

The smbpasswd + password has two distinct sets of functions. When run by users, it changes their encrypted passwords. When run by root, it updates the encrypted password file. When run by an ordinary user with no options, it connects to the primary domain controller and changes his or her Windows password.

+

The program will fail if smbd + is not operating, if the hosts + allow + or hosts + deny + configuration options will not permit connections from localhost (IP address 127.0.0.1), or the encrypted + passwords + = + no + option is set.

+
+

Regular user options

+
+
+

-D + debug_level +

+
    +
  • Sets the debug (also called logging) level. The level can range from 0 to 10. Debug level 0 logs only the most important messages; level 1 is normal; level 3 and above are primarily for debugging and slow the program considerably.
    • +
+
+

-h +

+
    +
  • Prints command-line usage information for the program.
    • +
+
+
+
+

-r + remote_machine_name +

+
    +
  • Specifies on which machine the password should change. The remote machine must be a primary domain controller (PDC).
    • +
+
+
+

-R + resolve_order +

+
    +
  • Sets the resolve order of the name servers. This option is similar to the resolve + order + configuration option, and can take any of the four parameters, lmhosts, host, wins, and bcast, in any order.
    • +
+
+
+

-U + username +

+
    +
  • Used only with -r, to modify a username that is spelled differently on the remote machine.
    • +
+
+

Root-only options

+
+
+
+

-a + username +

+
    +
  • Adds a user to the encrypted password file.
    • +
+
+
+

-d + username +

+
    +
  • Disables a user in the encrypted password file.
    • +
+
+
+

-e + username +

+
    +
  • Enables a disabled user in the encrypted password file.
    • +
+
+
+

-m + machine_name +

+
    +
  • Changes a machine account's password. The machine accounts are used to authenticate machines when they connect to a primary or backup domain controller.
    • +
+
+
+

-j + domain_name +

+
    +
  • Adds a Samba server to a Windows NT Domain.
    • +
+
+

-n +

+
    +
  • Sets no password for the user.
    • +
+
+
+
+

-s + username +

+
    +
  • Causes smbpasswd + to be silent and to read its old and new passwords from standard input, rather than from /dev/tty. This is useful for writing scripts.
    • +
+
+
+
+

testparm

+

The testparm + program checks an smb.conf + file for obvious errors and self-consistency. Its command line is:

+

testparm [options] configfile_name [hostname IP_addr] +

+

If the configuration file is not specified, the file at samba_dir +/lib/smb.conf + is checked by default. If you specify a hostname and an IP address, an extra check will be made to ensure that the specified machine would be allowed to connect to Samba. If a hostname is specified, an IP address should be present as well.

+
+

Options

+
+
+

-h +

+
    +
  • Prints command-line information for the program.
    • +
+
+
+

-L + server_name

+
    +
  • Resets the %L + configuration variable to the specified server name.
    • +
+
+

-s +

+
    +
  • This option prevents the testparm + program from prompting the user to press the Enter key before printing a list of the configuration options for the server.
    • +
+
+
+
+
+

testprns

+

The testprns + program checks a specified printer name against the system printer capabilities (printcap) file. Its command line is:

+

testprns printername + [printcapname]

+

If the printcapname + isn't specified, Samba attempts to use one located in the smb.conf + file. If one isn't specified there, Samba will try /etc/printcap. If that fails, the program will generate an error.

+
+
+

rpcclient

+

This is a new client that exercises the RPC (remote procedure call) interfaces of an SMB server. Like smbclient, rpcclient + started its life as a test program for the Samba developers and will likely stay that way for a while. Its command line is:

+

rpcclient //server/share +

+

The command-line options are the same as the Samba 2.0 smbclient, and the operations you can try are listed below.

+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+

 

+

rpcclient commands

+
+

Command

+		 +

Description

+
+

regenum keyname +

+		 +

Registry Enumeration (keys, values)

+
+

regdeletekey keyname +

+		 +

Registry Key Delete

+
+

regcreatekey keyname [keyvalue] +

+		 +

Registry Key Create

+
+

regquerykey keyname +

+		 +

Registry Key Query

+
+

regdeleteval valname +

+		 +

Registry Value Delete

+
+

regcreateval valname valtype value +

+		 +

Registry Key Create

+
+

reggetsec keyname +

+		 +

Registry Key Security

+
+

regtestsec keyname +

+		 +

Test Registry Key Security

+
+

ntlogin [username] [password] +

+		 +

NT Domain Login Test

+
+

wksinfo +

+		 +

Workstation Query Info

+
+

srvinfo +

+		 +

Server Query Info

+
+

srvsessions +

+		 +

List Sessions on a Server

+
+

srvshares +

+		 +

List shares on a server

+
+

srvconnections +

+		 +

List connections on a server

+
+

srvfiles +

+		 +

List files on a server

+
+

lsaquery +

+		 +

Query Info Policy (domain member or server)

+
+

lookupsids +

+		 +

Resolve names from SIDs

+
+

ntpass +

+		 +

NT SAM Password Change

+
+
+
+

tcpdump

+

The tcpdump + utility, a classic system administration tool, dumps all the packet headers it sees on an interface that match an expression. The version included in the Samba distribution is enhanced to understand the SMB protocol. The expression + is a logical expression with "and," "or," and "not," although sometimes it's very simple. For example, host + escrime + would select every packet going to or from escrime. The expression is normally one or more of:

+
    +
  • host + name +
    • +
  • net network_number +
    • +
  • port + number +
    • +
  • src + name +
    • +
  • dst + name +
    • +
+

The most common options are src + (source), dst + (destination), and port. For example, in the book we used the command:

+

tcpdump port not telnet

+

This dumps all the packets except telnet; we were logged-in via telnet and wanted to see only the SMB packets.

+

Another tcpdump + example is selecting traffic between server and either sue + or joe:

+

tcpdump host server and \(sue or joe \)

+

We recommend using the -s + 1500 + option so that you capture all of the SMB messages sent, instead of just the header information.

+
+

Options

+

There are many options, and many other kinds of expressions that can be used with tcpdump. See the manual page for details on the advanced options. The most common options are as follows:

+
+
+

-c + count +

+
    +
  • Forces the program to exit after receiving the specified number of packets.
    • +
+
+
+

-F + file +

+
    +
  • Reads the expression from the specified file and ignores expressions on the command line.
    • +
+
+
+

-i + interface +

+
    +
  • Forces the program to listen on the specified interface.
    • +
+
+
+

-r + file +

+
    +
  • Reads packets from the specified file (captured with -w).
    • +
+
+
+

-s + length +

+
    +
  • Saves the specified number of bytes of data from each packet (rather than 68 bytes).
    • +
+
+
+

-w + file +

+
    +
  • Writes the packets to the specified file.
    • +
+
+
+
+
+
+ + +
+
+
+ + +
+ +Previous: Appendix C. + + + +Next: Appendix E.
+C. Samba Configuration Option Quick Reference + +Book Index +E. Downloading Samba with CVS
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + + diff --git a/docs/htmldocs/using_samba/appe_01.html b/docs/htmldocs/using_samba/appe_01.html new file mode 100644 index 00000000000..199fade6967 --- /dev/null +++ b/docs/htmldocs/using_samba/appe_01.html @@ -0,0 +1,96 @@ + + +[Appendix E] Downloading Samba with CVS + + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + + + +
+ +Previous: Appendix D. + + +Appendix E + +Next: Appendix F.
+ +
+
+

Appendix E. Downloading Samba with CVS

+

This appendix contains information on how to download the latest source version of Samba using the Concurrent Versions System (CVS). CVS is a freely available configuration management tool available from Cyclic Software and is distributed under the GNU General Public License. You can download the latest copy from +http://www.cyclic.com/.

CVS works on top of the GNU Revision Control System (RCS). Many Unix systems come preinstalled with RCS. However, if you want to download the latest version of RCS, you can find it at http://ftp.gnu.org/gnu/rcs/.

+One of the nicest things about CVS is its ability to handle remote logins. This means that people across the globe on the Internet can download and update various source files for any project that uses a CVS repository. Such is the case with Samba. Once you have RCS and CVS installed on your system, you must first log in to the Samba source server with the following command:

+cvs -d :pserver:cvs@cvs.samba.org:/cvsroot login

+This tells CVS to connect to the CVS server at +cvs.samba.org. Once you are connected, you can download the latest source tree with the following command:

+cvs -d :pserver:cvs@cvs.samba.org:/cvsroot co samba

+This will download the entire Samba distribution (file by file) into a directory entitled +/samba, which it will create on your hard drive. This directory will have the same structure as the Samba source distribution described in Chapter 2, Installing Samba on a Unix System. It includes source and header files, documentation, and sample configuration files to help get you started. After that is completed, you can follow the instructions in Chapter 2 to configure and compile Samba on your server.

+
+
+
+ + +
+ +Previous: Appendix D. + + + +Next: Appendix F.
+Appendix D: Summary of Samba Daemons and Commands + +Book Index +F. Sample Configuration File
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/appf_01.html b/docs/htmldocs/using_samba/appf_01.html new file mode 100644 index 00000000000..9b709472256 --- /dev/null +++ b/docs/htmldocs/using_samba/appf_01.html @@ -0,0 +1,315 @@ + + + +[Appendix F] Sample Configuration File + + + + + + + + + + + + + + + + + + + +
+ + + + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+ +
+ + +
+
+ + + +
+ +Previous: D. Downloading Samba with CVS + + +Appendix F
  + +
+ + +
+
+

+ +F. Sample Configuration File

This appendix gives an example of a production +smb.conf file and looks at how many of the options are used in practice. The following is a slightly disguised version of one we used at a corporation with five Linux servers, five Windows for Workgroups clients and three NT Workstation clients:

+# smb.conf -- File Server System for: 1 Example.COM  BSC & Management Office 
+[globals]
+	workgroup = 1EG_BSC
+	interfaces = 10.10.1.14/24

+We provide this service on only one of the machine's interfaces. The +interfaces option sets its address and netmask, where +/24 is the same as using the netmask 255.255.255.0:

+	comment = Samba ver. %v
+	preexec = csh -c `echo /usr/samba/bin/smbclient \
+                     -M %m -I %I` &

+We use the +preexec command to log information about all connections by machine name (%m) and IP address (%I):

+	# smbstatus will output various info on current status
+	status = yes
+	browseable = yes
+	printing = bsd
+
+	# the username that will be used for access to services
+	# specified with 'guest = ok'
+	guest account = samba

+The default guest account was +nobody, uid -1, which produced log messages on one of our machines saying "your server is being unfriendly," so we created a specific Samba guest account for browsing and printing:

+	# superuser account - admin privilages to shares, with no
+	# restrictions
+	# WARNING - use this with care: files can be modified,
+	# regardless of file permissions
+	admin users = root
+
+	# who is NOT allowed to connect to ANY service
+	invalid users = @wheel, mail, deamon, adt

+Daemons can't use Samba, only people. The +invalid +users option closes a security hole; it prevents intruders from breaking in by pretending to be a daemon process.

+	# hosts that are ALLOWED or DENIED from connecting to ANY service
+	hosts allow = 10.10.1.
+	hosts deny = 10.10.1.6
+	
+	# where the lock files will be located
+	lock directory = /var/lock/samba/locks
+		
+	# debug log files 
+	# %m = separate log for each NetBIOS name (each machine)
+	log file = /var/log/samba/log.%m
+
+	# We send priority 0, 1 and 2 messages to the system logs
+	syslog = 2
+		
+	# If a WinPopup message is sent to the server,
+	# redirect it to a user via e-mail
+	
+	message command = /bin/mail -s 'message from #% on %m' \
+						 pkelly < %s; rm %s
+
+# ---------------------------------------------------
+# [globals] Performance Tuning
+# ---------------------------------------------------
+	
+	# caching algorithm to reduce time doing getwd() calls.  
+	getwd cache = yes
+
+	socket options = TCP_NODELAY
+
+	# tell the server whether the client is present and
+	# responding in seconds
+	keep alive = 60
+
+	# num minutes of inactivity before a connection is
+	# considered dead
+	dead time = 30 
+
+	read prediction = yes
+	share modes = yes
+	max xmit = 17384 
+	read size = 512

+The +share +modes, +max, +xinit, and +read +size options are machine-specific (see Appendix B, Samba Performance Tuning): 

+	# locking is done by the server
+	locking = yes
+
+	# control whether dos style attributes should be mapped
+	# to unix execute bits
+	map hidden = yes
+	map archive = yes
+	map system = yes

+The three +map options will work only on shares with a create mode that includes the execute bits (0111). Our +homes and +printers shares won't honor them, but the [www] share will:

+# ---------------------------------------------------------
+# [globals] Security and Domain Logon Services
+# ---------------------------------------------------------	
+# connections are made with UID and GID, not as shares
+	security = user
+
+# boolean variable that controls whether passwords
+# will be encrypted
+	encrypt passwords = yes
+	passwd chat = "*New password:*" %n\r "*New password (again):*" %n\r \ "*Password changed*"
+	passwd program = /usr/bin/passwd %u
+	
+# Always become the local master browser
+	domain master = yes
+	preferred master = yes
+	os level = 34
+	
+# For domain logons to work correctly. Samba acts as a
+# primary domain controller.
+	domain logons = yes
+	
+# Logon script to run for user off the server each time
+# username (%U) logs in.  Set the time, connect to shares,
+# virus checks, etc.
+	logon script = scripts\%U.bat
+
+[netlogon]
+	comment = "Domain Logon Services"
+	path = /u/netlogon
+	writable = yes
+	create mode = 444
+	guest ok = no
+	volume = "Network"

+This share, discussed in Chapter 6, Users, Security, and Domains, is required for Samba to work smoothly in a Windows NT domain:

+# -----------------------------------------------------------
+# [homes] User Home Directories
+# -----------------------------------------------------------
+[homes]
+	comment = "Home Directory for : %u "
+	path = /u/users/%u

+The password file of the Samba server specifies each person's home directory as +/home/machine_name/person, which NFS converts to point to the actual physicl location under +/u/users. The +path option in the +[homes] share tells Samba the actual (non-NFS) location:

+	guest ok = no
+	read only = no
+	create mode = 644
+	writable = yes
+	browseable = no 
+
+# -----------------------------------------------------------
+# [printers] System Printers
+# -----------------------------------------------------------
+[printers]
+	comment = "Printers"
+	path = /var/spool/lpd/samba
+	printcap name = /etc/printcap
+	printable = yes
+	public = no 
+	writable = no
+
+	lpq command = /usr/bin/lpq -P%p
+	lprm command = /usr/bin/lprm -P%p %j
+	lppause command = /usr/sbin/lpc stop %p
+	lpresume command = /usr/sbin/lpc start %p
+
+	create mode = 0700
+
+	browseable = no 
+	load printers = yes  
+
+# -----------------------------------------------------------
+# Specific Descriptions: [programs] [data] [retail]
+# -----------------------------------------------------------
+[programs]
+	comment = "Shared Programs %T"
+	volume = "programs"

+Shared Programs shows up in the Network Neighborhood, and +programs is the volume name you specify when an installation program wants to know the label of the CD-ROM from which it thinks it's loading:

+	path = /u/programs
+	public = yes
+	writeable = yes
+	printable = no
+	create mode = 664
+[cdrom]
+	comment = "Unix CDROM"
+	path = /u/cdrom
+	public = no 
+	writeable = no 
+	printable = no
+	volume = "cdrom"
+
+[data]
+	comment =  "Data Directories %T"
+	path = /u/data
+	public = no
+	create mode = 770
+	writeable = yes
+	volume = "data"
+
+[nt4]
+	comment =  "NT4 Server"
+	path = /u/systems/nt4
+	public = yes 
+	create mode = 770
+	writeable = yes
+	volume = "nt4_server"
+
+[www]
+	comment =  "WWW System"
+	path = /usr/www/http
+	public = yes 
+	create mode = 775
+	writeable = yes
+	volume = "www_system"

+The +[www] share is the directory used on the Unix server to serve web pages. Samba makes the directory available to local PC users so the art department can update web pages.

+
+
+
+ + +
+ +Previous: D. Downloading Samba with CVS + + 
+D. Downloading Samba with CVS + +Book Index
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_01.html b/docs/htmldocs/using_samba/ch01_01.html new file mode 100644 index 00000000000..0651fa823c3 --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_01.html @@ -0,0 +1,167 @@ + + +[Chapter 1] 1.1 Learning Samba + + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + + + + + +
+ + + +Next: 1.2 What Can Samba Do For Me? +
  +
+
+ +
+
+

1. Learning the Samba

+

If you are a typical system administrator, then you know what it means to be swamped with work. Your daily routine is filled with endless hardware incompatibility issues, system outages, data backup problems, and a steady stream of angry users. So adding another program to the mix of tools that you have to maintain may sound a bit perplexing. However, if you're determined to reduce the complexity of your work environment, as well as the workload of keeping it running smoothly, Samba may be the tool you've been waiting for.

+ +

A case in point: one of the authors of this book used to look after 70 Unix developers sharing 5 Unix servers. His neighbor administered 20 Windows 3.1 users and 5 OS/2 and Windows NT servers. To put it mildly, the Windows 3.1 administrator was swamped. When he finally left - and the domain controller melted - Samba was brought to the rescue. Our author quickly replaced the Windows NT and OS/2 servers with Samba running on a Unix server, and eventually bought PCs for most of the company developers. However, he did the latter without hiring a new PC administrator; the administrator now manages one centralized Unix application instead of fifty distributed PCs.

+ +

If you know you're facing a problem with your network and you're sure there is a better way, we encourage you to start reading this book. Or, if you've heard about Samba and you want to see what it can do for you, this is also the place to start. We'll get you started on the path to understanding Samba and its potential. Before long, you can provide Unix services to all your Windows machines - all without spending tons of extra time or money. Sound enticing? Great, then let's get started.

+ + +

1.1 What is Samba?

+ +

Samba is a suite of Unix applications that speak the SMB (Server Message Block) protocol. Many operating systems, including Windows and OS/2, use SMB to perform client-server networking. By supporting this protocol, Samba allows Unix servers to get in on the action, communicating with the same networking protocol as Microsoft Windows products. Thus, a Samba-enabled Unix machine can masquerade as a server on your Microsoft network and offer the following services:

+ +
    +
  • + +

    Share one or more filesystems

    + +
    • +
  • + +

    Share printers installed on both the server and its clients

    + +
    • +
  • + +

    Assist clients with Network Neighborhood browsing

    + +
    • +
  • + +

    Authenticate clients logging onto a Windows domain

    + +
    • +
  • + +

    Provide or assist with WINS name server resolution

    + +
    • +
+ +

Samba is the brainchild of Andrew Tridgell, who currently heads the Samba development team from his home of Canberra, Australia. The project was born in 1991 when Andrew created a fileserver program for his local network that supported an odd DEC protocol from Digital Pathworks. Although he didn't know it at the time, that protocol later turned out to be SMB. A few years later, he expanded upon his custom-made SMB server and began distributing it as a product on the Internet under the name SMB Server. However, Andrew couldn't keep that name - it already belonged to another company's product - so he tried the following Unix renaming approach:

+ +
+grep -i 's.*m.*b' /usr/dict/words
+ +

And the response was:

+ +
+salmonberry samba sawtimber scramble
+ +

Thus, the name "Samba" was born. + +

Which is a good thing, because our marketing people highly doubt you would have picked up a book called "Using Salmonberry"!

+ +

+ +

Today, the Samba suite revolves around a pair of Unix daemons that provide shared resources - or shares - to SMB clients on the network. (Shares are sometimes called services as well.) These daemons are:

+ +
+
smbd
+
+ +

A daemon that allows file and printer sharing on an SMB network and provides authentication and authorization for SMB clients.

+ +
+ +
nmbd
+
+ +

A daemon that looks after the Windows Internet Name Service (WINS), and assists with browsing.

+ +
+
+ +

Samba is currently maintained and extended by a group of volunteers under the active supervision of Andrew Tridgell. Like the Linux operating system, Samba is considered Open Source software (OSS) by its authors, and is distributed under the GNU General Public License (GPL). Since its inception, development of Samba has been sponsored in part by the Australian National University, where Andrew Tridgell earned his Ph.D. [1] + In addition, some development has been sponsored by independent vendors such as Whistle and SGI. It is a true testament to Samba that both commercial and non-commercial entities are prepared to spend money to support an Open Source effort.

+
+

[1] At the time of this printing, Andrew had completed his Ph.D. work and had joined San Francisco-based LinuxCare.

+
+

Microsoft has also contributed materially by putting forward its definition of SMB and the Internet-savvy Common Internet File System (CIFS), as a public Request for Comments (RFC), a standards document. The CIFS protocol is Microsoft's renaming of future versions of the SMB protocol that will be used in Windows products - the two terms can be used interchangeably in this book. Hence, you will often see the protocol written as "SMB/CIFS."

+
+
+
+ + + +
+ + + + + +Next: 1.2 What Can Samba Do For Me?
+ +Book Index +1.1 Learning Samba
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_02.html b/docs/htmldocs/using_samba/ch01_02.html new file mode 100644 index 00000000000..9ccb2dfeee2 --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_02.html @@ -0,0 +1,212 @@ + + + +[Chapter 1] 1.2 What Can Samba Do For Me? + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.1 What is Samba? + + + +Chapter 1
+Learning the Samba		 + +Next: 1.3 Getting Familiar with a SMB/CIFS Network
 
+ +
+
+

+ +1.2 What Can Samba Do For Me?

+As explained earlier, Samba can help Windows and Unix machines coexist in the same network. However, there are some specific reasons why you might want to set up a Samba server on your network:

    +
  • +

    + +You don't want to pay for - or can't afford - a full-fledged Windows NT server, yet you still need the functionality that one provides.

  • +

    + +You want to provide a common area for data or user directories in order to transition from a Windows server to a Unix one, or vice versa.

  • +

    + +You want to be able to share printers across both Windows and Unix workstations.

  • +

    + +You want to be able to access NT files from a Unix server.

+Let's take a quick tour of Samba in action. Assume that we have the following basic network configuration: a Samba-enabled Unix machine, to which we will assign the name +hydra, and a pair of Windows clients, to which we will assign the names +phoenix and +chimaera, all connected via a local area network (LAN). Let's also assume that +hydra also has a local inkjet printer connected to it, +lp, and a disk share named +network - both of which it can offer to the other two machines. A graphic of this network is shown in +Figure 1.1.

+ +Figure 1.1: A simple network setup with a Samba server

Figure 1.1

+In this network, each of the computers listed share the same +workgroup. A workgroup is simply a group nametag that identifies an arbitrary collection of computers and their resources on an SMB network. There can be several workgroups on the network at any time, but for our basic network example, we'll have only one: the SIMPLE workgroup.

+

+ +1.2.1 Sharing a Disk Service

If everything is properly configured, we should be able to see the Samba server, +hydra, through the Network Neighborhood of the +phoenix Windows desktop. In fact, +Figure 1.2 shows the Network Neighborhood of the +phoenix computer, including +hydra and each of the computers that reside in the SIMPLE workgroup. Note the Entire Network icon at the top of the list. As we just mentioned, there can be more than one workgroup on an SMB network at any given time. If a user clicks on the Entire Network icon, he or she will see a list of all the workgroups that currently exist on the network.

+ +Figure 1.2: The Network Neighborhood directory

Figure 1.2

+We can take a closer look at the +hydra server by double-clicking on its icon. This contacts +hydra itself and requests a list of its +shares - the file and printer resources - that the machine provides. In this case, there is a printer entitled +lp and a disk share entitled +network on the server, as shown in +Figure 1.3. Note that the Windows display shows hostnames in mixed case (Hydra). Case is irrelevant in hostnames, so you may see hydra, Hydra, and HYDRA in various displays or command output, but they all refer to a single system. Thanks to Samba, Windows 98 sees the Unix server as a valid SMB server, and can access the +network folder as if it were just another system folder.

+ +Figure 1.3: Shares available on the hydra sever as viewed from phoenix

Figure 1.3

+One popular feature of Windows 95/98/NT is that you can map a letter-drive to a known network directory using the Map Network Drive option in the Windows Explorer.[3] Once you do so, your applications can access the folder across the network with a standard drive letter. Hence, you can store data on it, install and run programs from it, and even password-protect it against unwanted visitors. See +Figure 1.4 for an example of mapping a letter-drive to a network directory.

+
+

+[3] You can also right-click on the shared resource in the Network Neighborhood, and then select the Map Network Drive menu item.

+ +Figure 1.4: Mapping a network drive to a Windows letter-drive

Figure 1.4

+Take a look at the Path: entry in the dialog box of +Figure 1.4. An equivalent way to represent a directory on a network machine is by using two backslashes, followed by the name of the networked machine, another backslash, and the networked directory of the machine, as shown below:

+ +
\\network-machine\directory
+ +

+This is known as the +UNC (Universal Naming Convention) in the Windows world. For example, the dialog box in +Figure 1.4 represents the network directory on the +hydra server as:

+ +
\\HYDRA\network

+ +If this looks somewhat familiar to you, you're probably thinking of +uniform resource locators (URLs), which are addresses that web browsers such as Netscape Navigator and Internet Explorer use to resolve machines across the Internet. Be sure not to confuse the two: web browsers typically use forward slashes instead of back slashes, and they precede the initial slashes with the data transfer protocol (i.e., ftp, http) and a colon (:). In reality, URLs and UNCs are two completely separate things.

+Once the network drive is set up, Windows and its programs will behave as if the networked directory was a fixed disk. If you have any applications that support multiuser functionality on a network, you can install those programs on the network drive.[4] +Figure 1.5 shows the resulting network drive as it would appear with other storage devices in the Windows 98 client. Note the pipeline attachment in the icon for the G: drive; this indicates that it is a network drive instead of a fixed drive.

+
+

+[4] Be warned that many end-user license agreements forbid installing a program on a network such that multiple clients can access it. Check the legal agreements that accompany the product to be absolutely sure.

+ +Figure 1.5: The Network directory mapped to the client letter-drive G

Figure 1.5

+From our Windows NT Workstation machine, +chimaera, Samba looks almost identical to Windows 98. +Figure 1.6 shows the same view of the +hydra server from the Windows NT 4.0 Network Neighborhood. Setting up the network drive using the Map Network Drive option in Windows NT Workstation 4.0 would have identical results as well.

+ +Figure 1.6: Shares available on hydra (viewed from chimaera)

Figure 1.6
+

+ +1.2.2 Sharing a Printer

You probably noticed that the printer +lp appeared under the available shares for +hydra in +Figure 1.3. This indicates that the Unix server has a printer that can be shared by the various SMB clients in the workgroup. Data sent to the printer from any of the clients will be spooled on the Unix server and printed in the order it is received.

Setting up a Samba-enabled printer on the Windows side is even easier than setting up a disk share. By double-clicking on the printer and identifying the manufacturer and model, you can install a driver for this printer on the Windows client. Windows can then properly format any information sent to the network printer and access it as if it were a local printer (we show you how to do this later in the chapter). +Figure 1.7 shows the resulting network printer in the Printers window of Windows 98. Again, note the pipeline attachment below the printer, which identifies it as being on a network.

+ +Figure 1.7: A network printer available on hydra (viewed from chimaera)

Figure 1.7
+

+ +1.2.2.1 Seeing things from the Unix side

+As mentioned earlier, Samba appears in Unix as a set of daemon programs. You can view them with the Unix +ps and +netstat commands, you can read any messages they generate through custom debug files or the Unix +syslog (depending on how Samba is set up), and you can configure it from a single Samba properties file: smb.conf. In addition, if you want to get an idea of what each of the daemons are doing, Samba has a program called +smbstatus that will lay it all on the line. Here is how it works:

+ +
# smbstatus
+
+Samba version 2.0.4
+Service      uid      gid      pid     machine
+----------------------------------------------
+network      davecb   davecb   7470   phoenix  (192.168.220.101) Sun May 16 
+network      davecb   davecb   7589   chimaera (192.168.220.102) Sun May 16 
+
+Locked files:
+Pid    DenyMode   R/W        Oplock          Name
+--------------------------------------------------
+7589   DENY_NONE  RDONLY     EXCLUSIVE+BATCH /home/samba/quicken/inet/common/system/help.bmp  Sun May 16 21:23:40 1999
+7470   DENY_WRITE RDONLY     NONE            /home/samba/word/office/findfast.exe             Sun May 16 20:51:08 1999
+7589   DENY_WRITE RDONLY     EXCLUSIVE+BATCH /home/samba/quicken/lfbmp70n.dll                 Sun May 16 21:23:39 1999
+7589   DENY_WRITE RDWR       EXCLUSIVE+BATCH /home/samba/quicken/inet/qdata/runtime.dat       Sun May 16 21:23:41 1999
+7470   DENY_WRITE RDONLY     EXCLUSIVE+BATCH /home/samba/word/office/osa.exe                  Sun May 16 20:51:09 1999
+7589   DENY_WRITE RDONLY     NONE            /home/samba/quicken/qversion.dll                 Sun May 16 21:20:33 1999
+7470   DENY_WRITE RDONLY     NONE            /home/samba/quicken/qversion.dll                 Sun May 16 20:51:11 1999
+
+Share mode memory usage (bytes):
+   1043432(99%) free + 4312(0%) used + 832(0%) overhead = 1048576(100%) total

+The Samba status from this output provides three sets of data, each divided into separate sections. The first section tells which systems have connected to the Samba server, identifying each client by its machine name (phoenix and chimaera) and IP address. The second section reports the name and status of the files that are currently in use on a share on the server, including the read/write status and any locks on the files. Finally, Samba reports the amount of memory it has currently allocated to the shares that it administers, including the amount actively used by the shares plus additional overhead. (Note that this is not the same as the total amount of memory that the +smbd or +nmbd processes are using.)

+Don't worry if you don't understand these statistics; they will become easier to understand as you move through the book.

+
+
+
+ + +
+ +Previous: 1.1 What is Samba? + + + +Next: 1.3 Getting Familiar with a SMB/CIFS Network
+1.1 What is Samba? + +Book Index +1.3 Getting Familiar with a SMB/CIFS Network
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_03.html b/docs/htmldocs/using_samba/ch01_03.html new file mode 100644 index 00000000000..67a86775301 --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_03.html @@ -0,0 +1,444 @@ + + + +[Chapter 1] 1.3 Getting Familiar with a SMB/CIFS Network + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.2 What Can Samba Do For Me? + + + +Chapter 1
+Learning the Samba		 + +Next: 1.4 Microsoft Implementations
 
+ +
+
+

+ +1.3 Getting Familiar with a SMB/CIFS Network

Now that you have had a brief tour of Samba, let's take some time to get familiar with Samba's adopted environment: an SMB/CIFS network. Networking with SMB is significantly different from working with a Unix TCP/IP network, because there are several new concepts to learn and a lot of information to cover. First, we will discuss the basic concepts behind an SMB network, followed by some Microsoft implementations of it, and finally we will show you where a Samba server can and cannot fit into the picture.

+

+ +1.3.1 Understanding NetBIOS

+To begin, let's step back in time. In 1984, IBM authored a simple application programming interface (API) for networking its computers called the +Network Basic Input/Output System (NetBIOS). The NetBIOS API provided a rudimentary design for an application to connect and share data with other computers.

+It's helpful to think of the NetBIOS API as networking extensions to the standard BIOS API calls. With BIOS, each low-level call is confined to the hardware of the local machine and doesn't need any help traveling to its destination. NetBIOS, however, originally had to exchange instructions with computers across IBM PC or Token Ring networks. It therefore required a low-level transport protocol to carry its requests from one computer to the next.

+In late 1985, IBM released one such protocol, which it merged with the NetBIOS API to become the +NetBIOS Extended User Interface (NetBEUI). NetBEUI was designed for small local area networks (LANs), and it let each machine claim a name (up to 15 characters) that wasn't already in use on the network. By a "small LAN," we mean fewer than 255 nodes on the network - which was considered a practical restriction in 1985!

+The NetBEUI protocol was very popular with networking applications, including those running under Windows for Workgroups. Later, implementations of NetBIOS over Novell's IPX networking protocols also emerged, which competed with NetBEUI. However, the networking protocols of choice for the burgeoning Internet community were TCP/IP and UDP/IP, and implementing the NetBIOS APIs over those protocols soon became a necessity.

+Recall that TCP/IP uses numbers to represent computer addresses, such as 192.168.220.100, while NetBIOS uses only names. This was a major issue when trying to mesh the two protocols together. In 1987, the Internet Engineering Task Force (IETF) published a series of standardization documents, titled RFC 1001 and 1002, that outlined how NetBIOS would work over a TCP/UDP network. This set of documents still governs each of the implementations that exist today, including those provided by Microsoft with their Windows operating systems as well as the Samba suite.

+Since then, the standard this document governs has become known as +NetBIOS over TCP/IP, or NBT for short. The NBT standard (RFC 1001/1002) currently outlines a trio of services on a network:

    +
  • +

    + +A name service

  • +

    + +Two communication services:

      +
    • +

      + +Datagrams

    • +

      + +Sessions

+The name service solves the name-to-address problem mentioned earlier; it allows each computer to declare a specific name on the network that can be translated to a machine-readable IP address, much like today's DNS on the Internet. The datagram and session services are both secondary communication protocols used to transmit data back and forth from NetBIOS machines across the network.

+

+ +1.3.2 Getting a Name

For a human being, getting a name is easy. However, for a machine on a NetBIOS network, it can be a little more complicated. Let's look at a few of the issues.

+In the NetBIOS world, when each machine comes online, it wants to claim a name for itself; this is called +name registration. However, no two machines in the same workgroup should be able to claim the same name; this would cause endless confusion for any machine that wanted to communicate with either machine. There are two different approaches to ensuring that this doesn't happen:

    +
  • +

    + +Use a +NetBIOS Name Server (NBNS) to keep track of which hosts have registered a NetBIOS name.

  • +

    + +Allow each machine on the network to defend its name in the event that another machine attempts to use it.

+ +Figure 1.8 illustrates a (failed) name registration, with and without a NetBIOS Name Server.

+ +Figure 1.8: NBNS versus non-NBNS name registration

Figure 1.8

+In addition, there must be a way to resolve a NetBIOS name to a specific IP address as mentioned earlier; this is known as +name resolution. There are two different approaches with NBT here as well:

    +
  • +

    + +Have each machine report back its IP address when it "hears" a broadcast request for its NetBIOS name.

  • +

    + +Use the NBNS to help resolve NetBIOS names to IP addresses.

+ +Figure 1.9 illustrates the two types of name resolution.

+ +Figure 1.9: NBNS versus non-NBNS name resolution

Figure 1.9

+As you might expect, having an NBNS on your network can help out tremendously. To see exactly why, let's look at the non-NBNS method.

+Here, when a client machine boots, it will broadcast a message declaring that it wishes to register a specified NetBIOS name as its own. If nobody objects to the use of the name after multiple registration attempts, it keeps the name. On the other hand, if another machine on the local subnet is currently using the requested name, it will send a message back to the requesting client that the name is already taken. This is known as +defending the hostname. This type of system comes in handy when one client has unexpectedly dropped off the network - another can take its name unchallenged - but it does incur an inordinate amount of traffic on the network for something as simple as name registration.

+With an NBNS, the same thing occurs, except that the communication is confined to the requesting machine and the NBNS server. No broadcasting occurs when the machine wishes to register the name; the registration message is simply sent directly from the client to NBNS server and the NBNS server replies whether or not the name is already taken. This is known as +point-to-point communication, and is often beneficial on networks with more than one subnet. This is because routers are often preconfigured to block incoming packets that are broadcast to all machines in the subnet.

+The same principles apply to name resolution. Without an NBNS, NetBIOS name resolution would also be done with a broadcast mechanism. All request packets would be sent to each computer in the network, with the hope that one machine that might be affected will respond directly back to the machine that asked. At this point, it's clear that using an NBNS server and point-to-point communication for this purpose is far less taxing on the network than flooding the network with broadcasts for every name resolution request.

+

+ +1.3.3 Node Types

How can you tell what strategy each client on your network will use when performing name registration and resolution? Each machine on an NBT network earns one of the following designations, depending on how it handles name registration and resolution: b-node, p-node, m-node, and h-node. The behaviors of each type of node are summarized in +Table 1.1.


+ + + + + + + + +
+ +Table 1.1: NetBIOS Node Types
+

+Role

 +

+Value

+

+b-node

 +

+Uses broadcast registration and resolution only.

+

+p-node

 +

+Uses point-to-point registration and resolution only.

+

+m-node

 +

+Uses broadcast for registration. If successful, it notifies the NBNS server of the result. Uses broadcast for resolution; uses NBNS server if broadcast is unsuccessful.

+

+h-node (hybrid)

 +

+Uses NBNS server for registration and resolution; uses broadcast if the NBNS server is unresponsive or inoperative.

+In the case of Windows clients, you will usually find them listed as +h-nodes or +hybrid nodes. Incidentally, h-nodes were invented later by Microsoft, as a more fault-tolerant route, and do not appear in RFC 1001/1002.

+You can find out the node type of any Windows machine by typing the command +ipconfig +/all and searching for the line that says +Node Type.

+ +
C:\> ipconfig /all
+
+Windows 98 IP Configuration
+...
+  Node Type .  .  .  .  .  .  .  .  .  .  : Hybrid
+...
+

+ +1.3.4 What's in a Name?

+The names NetBIOS uses are quite different from the DNS hostnames you might be familiar with. First, NetBIOS names exist in a flat namespace. In other words, there are no qualifiers such as ora.com or samba.org to section off hostnames; there is only a single unique name to represent each computer. Second, NetBIOS names are allowed to be only 15 characters, may not begin with an asterisk (*), and can consist only of standard alphanumeric characters (a-z, A-Z, 0-9) and the following:

+! @ # $ % ^ & ( ) - ' { } . ~

+Although you are allowed to use a period (.) in a NetBIOS name, we recommend against it because those names are not guaranteed to work in future versions of NetBIOS over TCP/IP.

+It's not a coincidence that all valid DNS names are also valid NetBIOS names. In fact, the DNS name for a Samba server is often reused as its NetBIOS name. For example, if you had a machine +phoenix.ora.com, its NetBIOS name would likely be PHOENIX (followed by 8 blanks).

+

+ +1.3.4.1 Resource names and types

+With NetBIOS, a machine not only advertises its presence, but also tells others what types of services it offers. For example, +phoenix can indicate that it's not just a workstation, but is also a file server and can receive WinPopup messages. This is done by adding a 16th byte to the end of the machine (resource) name, called the resource type, and registering the name more than once. See +Figure 1.10.

+ +Figure 1.10: The structure of NetBIOS names

Figure 1.10

+The one-byte resource type indicates a unique service the named machine provides. In this book, you will often see the resource type shown in angled brackets (<>) after the NetBIOS name, such as:

PHOENIX<00>

+You can see which names are registered for a particular NBT machine using the Windows command-line NBTSTAT utility. Because these services are unique (i.e., there cannot be more than one registered), you will see them listed as type UNIQUE in the output. For example, the following partial output describes the +hydra server:

D:\> NBTSTAT -a hydra
+       NetBIOS Remote Machine Name Table
+   Name               Type         Status
+---------------------------------------------
+HYDRA          <00>  UNIQUE      Registered
+HYDRA          <03>  UNIQUE      Registered
+HYDRA          <20>  UNIQUE      Registered
+...

+This says the server has registered the NetBIOS name +hydra as a machine (workstation) name, a recipient of WinPopup messages, and a file server. Some possible attributes a name can have are listed in +Table 1.2.


+ + + + + + + + + + + + + + +
+ +Table 1.2: NetBIOS Unique Resource Types
+

Named Resource

 +

Hexidecimal Byte Value

+

+Standard Workstation Service

 +

+00

+

+Messenger Service (WinPopup)

 +

+03

+

+RAS Server Service

 +

+06

+

+Domain Master Browser Service (associated with primary domain controller)

 +

+1B

+

+Master Browser name

 +

+1D

+

+NetDDE Service

 +

+1F

+

+Fileserver (including printer server)

 +

+20

+

+RAS Client Service

 +

+21

+

+Network Monitor Agent

 +

+BE

+

+Network Monitor Utility

 +

+BF

+Note that because DNS names don't have resource types, the designers intentionally made hexidecimal value 20 (an ASCII space) default to the type for a file server.

+

+ +1.3.4.2 Group names and types

SMB also uses the concept of groups, with which machines can register themselves. Earlier, we mentioned that the machines in our example belonged to a +workgroup, which is a partition of machines on the same network. For example, a business might very easily have an ACCOUNTING and a SALES workgroup, each with different servers and printers. In the Windows world, a workgroup and an SMB group are the same thing.

+Continuing our NBTSTAT example, the +hydra Samba server is also a member of the SIMPLE workgroup (the GROUP attribute hex 00), and will stand for election as a browse master (GROUP attribute 1E). Here is the remainder of the NBTSTAT utility output:

+       NetBIOS Remote Machine Name Table, continued
+   Name               Type         Status
+---------------------------------------------
+SIMPLE           <00>  GROUP       Registered
+SIMPLE           <1E>  GROUP       Registered
+..__MSBROWSE__.  <01>  GROUP       Registered

+The possible group attributes a machine can have are illustrated in +Table 1.3. More information is available in Windows NT in a Nutshell by Eric Pearce, also published by O'Reilly.


+ + + + + + + + + + +
+ +Table 1.3: NetBIOS Group Resource Types
+

+Named Resource

+

Hexidecimal Byte Value

+

+Standard Workstation group

 +

+00

+

+Logon Server

+

+1C

+

+Master Browser name

+

+1D

+

+Normal Group name (used in browser elections)

 +

+1E

+

+Internet Group name (administrative)

 +

+20

+

+ +<01><02>__MSBROWSE__<02>

 +

+01

+The final entry, +__MSBROWSE__, is used to announce a group to other master browsers. The nonprinting characters in the name show up as dots in a NBTSTAT printout. Don't worry if you don't understand all of the resource or group types. Some of them you will not need with Samba, and others you will pick up as you move through the rest of the chapter. The important thing to remember here is the logistics of the naming mechanism.

+

+ +1.3.5 Datagrams and Sessions

+ +At this point, let's digress to introduce another responsibility of NBT: to provide connection services between two NetBIOS machines. There are actually two services offered by NetBIOS over TCP/IP: the +session service and the +datagram service. Understanding how these two services work is not essential to using Samba, but it does give you an idea of how NBT works and how to troubleshoot Samba when it doesn't work.

+The datagram service has no stable connection between one machine and another. Packets of data are simply sent or broadcast from one machine to another, without regard for the order that they arrive at the destination, or even if they arrive at all. The use of datagrams is not as network intensive as sessions, although they can bog down a network if used unwisely (remember broadcast name resolution earlier?) Datagrams, therefore, are used for quickly sending simple blocks of data to one or more machines. The datagram service communicates using the simple primitives shown in +Table 1.4.


+ + + + + + + + +
+ +Table 1.4: Datagram Primitives
+

+Primitive

 +

+Description

+

+Send Datagram

 +

+Send datagram packet to machine or groups of machines.

+

+Send Broadcast Datagram

 +

+Broadcast datagram to any machine waiting with a Receive Broadcast Datagram.

+

+Receive Datagram

 +

+Receive a datagram from a machine.

+

+Receive Broadcast Datagram

 +

+Wait for a broadcast datagram.

+The session service is more complex. Sessions are a communication method that, in theory, offers the ability to detect problematic or inoperable connections between two NetBIOS applications. It helps to think of an NBT session in terms of a telephone call.[5] A full-duplex connection is opened between a caller machine and a called machine, and it must remain open throughout the duration of their conversation. Each side knows who the caller and the called machine is, and can communicate with the simple primitives shown in +Table 1.5.

+
+

+[5] As you can see in RFC 1001, the telephone analogy was strongly evident in the creation of the NBT service.


+ + + + + + + + + + +
+ +Table 1.5: Session Primitives
+

+Primitive

 +

+Description

+

+Call

 +

+Initiate a session with a machine listening under a specified name.

+

+Listen

 +

+Wait for a call from a known caller or any caller.

+

+Hang-up

 +

+Exit a call.

+

+Send

 +

+Send data to the other machine.

+

+Receive

 +

+Receive data from the other machine.

+

+Session Status

 +

+Get information on requested sessions.

+Sessions are the backbone of resource sharing on an NBT network. They are typically used for establishing stable connections from client machines to disk or printer shares on a server. The client "calls" the server and starts trading information such as which files it wishes to open, which data it wishes to exchange, etc. These calls can last a long time - hours, even days - and all of this occurs within the context of a single connection. If there is an error, the session software (TCP) will retransmit until the data is received properly, unlike the "punt-and-pray" approach of the datagram service (UDP).

+In truth, while sessions are supposed to be able to handle problematic communications, they often don't. As you've probably already discovered when using Windows networks, this is a serious detriment to using NBT sessions. If the connection is interrupted for some reason, session information that is open between the two computers can easily become invalidated. If that happens, the only way to regain the session information is for the same two computers to call each other again and start over.

+If you want more information on each of these services, we recommend you look at RFC 1001. However, there are two important things to remember here:

    +
  • +

    + +Sessions always occur between +two NetBIOS machines - no more and no less. If a session service is interrupted, the client is supposed to store sufficient state information for it to re-establish the connection. However, in practice, this is rarely the case.

  • +

    + +Datagrams can be broadcast to multiple machines, but they are unreliable. In other words, there is no way for the source to know that the datagrams it sent have indeed arrived at their + destinations.

+
+
+
+ + +
+ +Previous: 1.2 What Can Samba Do For Me? + + + +Next: 1.4 Microsoft Implementations
+1.2 What Can Samba Do For Me? + +Book Index +1.4 Microsoft Implementations
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_04.html b/docs/htmldocs/using_samba/ch01_04.html new file mode 100644 index 00000000000..15a1943e6eb --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_04.html @@ -0,0 +1,277 @@ + + + +[Chapter 1] 1.4 Microsoft Implementations + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.3 Getting Familiar with a SMB/CIFS Network + + + +Chapter 1
+Learning the Samba		 + +Next: 1.5 An Overview of the Samba Distribution
 
+ +
+
+

+ +1.4 Microsoft Implementations

With that amount of background, we can now talk about some of Microsoft's implementations of the preceding concepts in the CIFS/SMB networking world. And, as you might expect, there are some complex extensions to introduce as well.

+

+ +1.4.1 Windows Domains

Recall that a workgroup is a collection of SMB computers that all reside on a subnet and subscribe to the same SMB group. A +Windows domain goes a step further. It is a workgroup of SMB machines that has one addition: a server acting as a +domain controller. You must have a domain controller in order to have a Windows domain.[6] Otherwise, it is only a workgroup. See +Figure 1.11.

+
+

+[6] Windows domains are called "Windows NT domains" by Microsoft because they assume that Windows NT machines will take the role of the domain controller. However, because Samba can perform this function as well, we'll simply call them "Windows domains" to avoid confusion.

+ +Figure 1.11: A simple Windows domain

Figure 1.11

There are currently two separate protocols used by a domain controller (logon server): one for communicating with Windows 95/98 machines and one for communicating with Windows NT machines. While Samba currently implements the domain controller protocol for Windows 95/98 (which allows it to act as a domain controller for Windows 9 +x machines), it still does not fully support the protocol for Windows NT computers. However, the Samba team promises that support for the Windows NT domain controller protocol is forthcoming in Samba 2.1.

+Why all the difficulty? The protocol that Windows domain controllers use to communicate with their clients and other domain controllers is proprietary and has not been released by Microsoft. This has forced the Samba development team to reverse-engineer the domain controller protocol to see which codes perform specific tasks.

+

+ +1.4.1.1 Domain controllers

+The domain controller is the nerve center of a Windows domain, much like an NIS server is the nerve center of the Unix network information service. Domain controllers have a variety of responsibilities. One responsibility that you need to be concerned with is +authentication. Authentication is the process of granting or denying a user access to a shared resource on another network machine, typically through the use of a password.

+Each domain controller uses a +security account manager (SAM) to maintain a list of username-password combinations. The domain controller then forms a central repository of passwords that are tied to usernames (one password per user), which is more efficient than each client machine maintaining hundreds of passwords for every network resource available.

+On a Windows domain, when a non-authenticated client requests access to a server's shares, the server will turn around and ask the domain controller whether that user is authenticated. If it is, the server will establish a session connection with the access rights it has for that service and user. If not, the connection is denied. Once a user is authenticated by the domain controller, a special authenticated token will be returned to the client so that the user will not need to relogin to other resources on that domain. At this point, the user is considered "logged in" to the domain itself. See +Figure 1.12.

+ +Figure 1.12: Using a domain controller for authentication

Figure 1.12
+

+ +1.4.1.2 Primary and backup domain controllers

Redundancy is a key idea behind a Windows domain. The domain controller that is currently active on a domain is called the +primary domain controller (PDC). There can be one or more +backup domain controllers (BDCs) in the domain as well, which will take over in the event that the primary domain controller fails or becomes inaccessible. BDCs frequently synchronize their SAM data with the primary domain controller so that, if the need arises, any one of them can perform DC services transparently without impacting its clients. Note that BDCs, however, have only read-only copies of the SAM; they can update their data only by synchronizing with a PDC. A server in a Windows domain can use the SAM of any primary or backup domain controller to authenticate a user who attempts to access its resources and logon to the domain.

+Note that in many aspects, the behaviors of a Windows workgroup and a Windows domain overlap. This is not accidental since the concept of Windows domains did not evolve until Windows NT 3.5 was introduced, and Windows domains were forced to remain backwards compatible with the workgroups present in Windows for Workgroups 3.1. The key thing to remember here is that a Windows domain is simply a Windows workgroup with one or more domain controllers added.

+Samba can function as a primary domain controller for Windows 95/98 machines without any problems. However, Samba 2.0 can act as a primary domain controller only for authentication purposes; it currently cannot assume any other PDC responsibilities. (By the time you read this, Samba 2.1 may be available so you can use Samba as a PDC for NT clients.) Also, because of the closed protocol used by Microsoft to synchronize SAM data, Samba currently cannot serve as a backup domain controller.

+

+ +1.4.2 Browsing

Browsing is a high-level answer to the user question: "What machines are out there on the Windows network?" Note that there is no connection with a World Wide Web browser, apart from the general idea of "discovering what's there." And, like the Web, what's out there can change without warning.

+Before browsing, users had to know the name of the specific computer they wanted to connect to on the network, and then manually enter a UNC such as the following into an application or file manager to access resources:

+\\HYDRA\network\

+With browsing, however, you can examine the contents of a machine using a standard point-and-click GUI - in this case, the Network Neighborhood window in a Windows client.

+

+ +1.4.2.1 Levels of browsing

+As we hinted at the beginning of the chapter, there are actually two types of browsing that you will encounter in an SMB/CIFS network:

    +
  • +

    + +Browsing a list of machines (with shared resources)

  • +

    + +Browsing the shared resources of a specific machine

Let's look at the first one. On each Windows workgroup (or domain) subnet, one computer has the responsibility of maintaining a list of the machines that are currently accessible through the network. This computer is called the +local master browser, and the list that it maintains is called the +browse list. Machines on a subnet use the browse list in order to cut down on the amount of network traffic generated while browsing. Instead of each computer dynamically polling to determine a list of the currently available machines, the computer can simply query the local master browser to obtain a complete, up-to-date list.

To browse the actual resources on a machine, a user must connect to the specific machine; this information cannot be obtained from the browse list. Browsing the list of resources on a machine can be done by clicking on the machine's icon when it is presented in the Network Neighborhood in Windows 95/98 or NT. As you saw at the opening of the chapter, the machine will respond with a list of shared resources that can be accessed if that user is successfully authenticated.

+Each of the servers on a Windows workgroup is required to announce its presence to the local master browser after it has registered a NetBIOS name, and (theoretically) announce that it is leaving the workgroup when it is shut down. It is the local master browser's responsibility to record what the servers have announced. Note that the local master browser is not necessarily the same machine as a NetBIOS name server (NBNS), which we discussed earlier.

+

+ +WARNING: The Windows Network Neighborhood can behave oddly: until you select a particular machine to browse, the Network Neighborhood window may contain data that is not up-to-date. That means that the Network Neighborhood window can be showing machines that have crashed, or can be missing machines that haven't been noticed yet. Put succinctly, once you've selected a server and connected to it, you can be a lot more confident that the shares and printers really exist on the network.

+Unlike the roles you've seen earlier, almost any Windows machine (NT Server, NT Workstation, 98, 95, or Windows 3.1 for Workgroups) can act as a local master browser. As with the domain controller, the local master browser can have one or more +backup browsers on the local subnet that will take over in the event that the local master browser fails or becomes inaccessible. To ensure fluid operation, the local backup browsers will frequently synchronize their browse list with the local master browser. Let's update our Windows domain diagram to include both a local master and local backup browser. The result is shown in +Figure 1.13.

+ +Figure 1.13: A Windows domain with a local master and local backup browser

Figure 1.13

+Here is how to calculate the minimum number of backup browsers that will be allocated on a workgroup:

    +
  • +

    + +If there are between 1 and 32 Windows NT workstations on the network, or between 1 and 16 Windows 95/98 machines on the network, the local master browser allocates one backup browser in addition to the local master browser.

  • +

    + +If the number of Windows NT workstations falls between 33 and 64, or the number of Windows 95/98 workstations falls between 17 and 32, the local master browser allocates two backup browsers.

  • +

    + +For each group of 32 NT workstations or 16 Windows 95/98 machines beyond this, the local master browser allocates another backup browser.

+There is currently no upper limit on the number of backup browsers that can be allocated by the local master browser.

+

+ +1.4.2.2 Browsing elections

+Browsing is a critical aspect of any Windows workgroup. However, not everything runs perfectly on any network. For example, let's say that the Windows NT Server on the desk of a small company's CEO is the local master browser - that is, until he switches it off while plugging in his massage chair. At this point the Windows NT Workstation in the spare parts department might agree to take over the job. However, that computer is currently running a large, poorly written program that has brought its processor to its knees. The moral: browsing has to be very tolerant of servers coming and going. Because nearly every Windows machine can serve as a browser, there has to be a way of deciding at any time who will take on the job. This decision-making process is called an +election.

+An election algorithm is built into nearly all Windows operating systems such that they can each agree who is going to be a local master browser and who will be local backup browsers. An election can be forced at any time. For example, let's assume that the CEO has finished his massage and reboots his server. As the server comes online, it will announce its presence and an election will take place to see if the PC in the spare parts department should still be the master browser.

+When an election is performed, each machine broadcasts via datagrams information about itself. This information includes the following:

    +
  • +

    + +The version of the election protocol used

  • +

    + +The operating system on the machine

  • +

    + +The amount of time the client has been on the network

  • +

    + +The hostname of the client

+These values determine which operating system has seniority and will fulfill the role of the local master browser. (Chapter 6, Users, Security, and Domains, describes the election process in more detail.) The architecture developed to achieve this is not elegant and has built-in security problems. While a browsing domain can be integrated with domain security, the election algorithm does not take into consideration which computers become browsers. Thus it is possible for any machine running a browser service to register itself as participating in the browsing election, and (after winning) being able to change the browse list. Nevertheless, browsing is a key feature of Windows networking and backwards compatibility requirements will ensure that it is in use for years to come.

+

+ +1.4.3 Can a Windows Workgroup Span Multiple Subnets?

Yes, but most people who have done it have had their share of headaches. Spanning multiple subnets was not part of the initial design of Windows NT 3.5 or Windows for Workgroups. As a result, a Windows domain that spans two or more subnets is, in reality, the "gluing" together of two or more workgroups that share an identical name. The good news is that you can still use a primary domain controller to control authentication across each of the subnets. The bad news is that things are not as simple with browsing.

+As mentioned previously, each subnet must have its own local master browser. When a Windows domain spans multiple subnets, a system administrator will have to assign one of the machines as the +domain master browser. The domain master browser will keep a browse list for the entire Windows domain. This browse list is created by periodically synchronizing the browse lists of each of the local master browsers with the browse list of the domain master browser. After the synchronization, the local master browser and the domain master browser should contain identical entries. See +Figure 1.14 for an illustration.

+ +Figure 1.14: A workgroup that spans more than one subnet

Figure 1.14

+Sound good? Well, it's not quite nirvana for the following reasons:

    +
  • +

    + +If it exists, a primary domain controller always plays the role of the domain master browser. By Microsoft design, the two always share the NetBIOS resource type <1B>, and (unfortunately) cannot be separated.

  • +

    + +Windows 95/98 machines cannot become +or +even contact a domain master browser. The Samba group feels that this is a marketing decision from Microsoft that forces customers to have at least one Windows NT workstation (or Samba server) on each subnet of a multi-subnet workgroup.

+Each subnet's local master browser continues to maintain the browse list for its subnet, for which it becomes authoritative. So if a computer wants to see a list of servers within its own subnet, the local master browser of that subnet will be queried. If a computer wants to see a list of servers outside the subnet, it can still go only as far as the local master browser. This works because, at appointed intervals, the authoritative browse list of a subnet's local master browser is synchronized with the domain master browser, which is synchronized with the local master browser of the other subnets in the domain. This is called +browse list propagation.

+Samba can act as a domain master browser on a Windows domain if required. In addition, it can also act as a local master browser for a Windows subnet, synchronizing its browse list with the domain master browser.

+

+ +1.4.4 The Windows Internet Name Service (WINS)

+The Windows Internet Name Service (WINS) is Microsoft's implementation of a NetBIOS name server (NBNS). As such, WINS inherits much of NetBIOS's characteristics. First, WINS is flat; you can only have machines named +fred or workgroups like CANADA or USA. In addition, WINS is dynamic: when a client first comes online, it is required to report its hostname, its address, and its workgroup to the local WINS server. This WINS server will retain the information so long as the client periodically refreshes its WINS registration, which indicates that it's still connected to the network. Note that WINS servers are not domain or workgroup specific; they can appear anywhere and serve anyone.

+Multiple WINS servers can be set to synchronize with each other after a specified amount of time. This allows entries for machines that come online and offline on the network to propagate from one WINS server to another. While in theory this seems efficient, it can quickly become cumbersome if there are several WINS servers covering a network. Because WINS services can cross multiple subnets (you'll either hardcode the address of a WINS server in each of your clients or obtain it via DHCP), it is often more efficient to have each Windows client, no matter how many Windows domains there are, point themselves to the same WINS server. That way, there will only be one authoritative WINS server with the correct information, instead of several WINS servers continually struggling to synchronize themselves with the most recent changes.

+The currently active WINS server is known as the +primary WINS server. You can also install a secondary WINS server, which will take over in the event that the primary WINS server fails or becomes inaccessible. Note that there is no election to determine which machine becomes a primary or backup WINS server - the choice of WINS servers is static and must be predetermined by the system administrator. Both the primary and any backup WINS servers will synchronize their address databases on a periodic basis.

+In the Windows family of operating systems, only an NT Workstation or an NT server can serve as a +WINS server. Samba can also function as a primary WINS server, but not a secondary WINS server.

+

+ +1.4.5 What Can Samba Do?

Whew! Bet you never thought Microsoft networks would be that complex, did you? Now, let's wrap up by showing where Samba can help out. +Table 1.6 summarizes which roles Samba can and cannot play in a Windows NT Domain or Windows workgroup. As you can see, because many of the NT domain protocols are proprietary and have not been documented by Microsoft, Samba cannot properly synchronize its data with a Microsoft server and cannot act as a backup in most roles. However, with version 2.0. +x, Samba does have limited support for the primary domain controller's authentication protocols and is gaining more functionality every day.


+ + + + + + + + + + + + + + +
+ +Table 1.6: Samba Roles (as of 2.0.4b)
+

+Role

 +

+Can Perform?

+

+File Server

 +

+Yes

+

+Printer Server

 +

+Yes

+

+Primary Domain Controller

 +

+Yes (Samba 2.1 or higher recommended)

+

+Backup Domain Controller

 +

+No

+

+Windows 95/98 Authentication

 +

+Yes

+

+Local Master Browser

 +

+Yes

+

+Local Backup Browser

 +

+No

+

+Domain Master Browser

 +

+Yes

+

+Primary WINS Server

 +

+Yes

+

+Secondary WINS Server

 +

+No

+
+
+
+ + +
+ +Previous: 1.3 Getting Familiar with a SMB/CIFS Network + + + +Next: 1.5 An Overview of the Samba Distribution
+1.3 Getting Familiar with a SMB/CIFS Network + +Book Index +1.5 An Overview of the Samba Distribution
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_05.html b/docs/htmldocs/using_samba/ch01_05.html new file mode 100644 index 00000000000..0989ddfb91b --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_05.html @@ -0,0 +1,130 @@ + + + +[Chapter 1] 1.5 An Overview of the Samba Distribution + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.4 Microsoft Implementations + + + +Chapter 1
+Learning the Samba		 + +Next: 1.6 How Can I Get Samba?
 
+ +
+
+

+ +1.5 An Overview of the Samba Distribution

+As mentioned earlier, Samba actually contains several programs that serve different but related purposes. Let's introduce each of them briefly, and show how they work together. The majority of the programs that come with the Samba distribution center on its two daemons. Let's take a refined look at the responsibilities of each daemon:

+
+ +smbd
+

+The +smbd daemon is responsible for managing the shared resources between the Samba server machine and its clients. It provides file, print, and browser services to +SMB clients across one or more networks. +smdb handles all notifications between the Samba server and the network clients. In addition, it is responsible for user authentication, resource locking, and data sharing through the +SMB protocol.

+ +nmbd
+

+The +nmbd daemon is a simple nameserver that mimics the WINS and NetBIOS name server functionality, as you might expect to encounter with the LAN Manager package. This daemon listens for nameserver requests and provides the appropriate information when called upon. It also provides browse lists for the Network Neighborhood and participates in browsing elections.

+The Samba distribution also comes with a small set of Unix command-line tools:

+
+smbclient
+

+An FTP-like Unix client that can be used to connect to Samba shares

+smbtar
+

+A program for backing up data in shares, similar to the Unix +tar command

+nmblookup
+

+A program that provides NetBIOS over TCP/IP name lookups

+smbpasswd
+

+A program that allows an administrator to change the encrypted passwords used by Samba

+smbstatus
+

+A program for reporting the current network connections to the shares on a Samba server

+testparm
+

+A simple program to validate the Samba configuration file

+testprns
+

+A program that tests whether various printers are recognized by the +smbd daemon

+Each significant release of Samba goes through a significant exposure test before it's announced. In addition, it is quickly updated afterward if problems or unwanted side-effects are found. The latest stable distribution as of this writing is Samba 2.0.5, the long-awaited production version of Samba 2.0. This book focuses on the functionality supported in Samba 2.0, as opposed to the older 1.9. +x versions of Samba, which are now obsolete.

+
+
+
+ + +
+ +Previous: 1.4 Microsoft Implementations + + + +Next: 1.6 How Can I Get Samba?
+1.4 Microsoft Implementations + +Book Index +1.6 How Can I Get Samba?
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_06.html b/docs/htmldocs/using_samba/ch01_06.html new file mode 100644 index 00000000000..f3b46b2313b --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_06.html @@ -0,0 +1,90 @@ + + + +[Chapter 1] 1.6 How Can I Get Samba? + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.5 An Overview of the Samba Distribution + + + +Chapter 1
+Learning the Samba		 + +Next: 1.7 What's New in Samba 2.0?
 
+ +
+
+

+ +1.6 How Can I Get Samba?

Samba is available in both binary and source format from a set of mirror sites across the Internet. The primary home site for Samba is located at http://www.samba.org/.

+However, if you don't want to wait for packets to arrive all the way from Australia, mirror sites for Samba can be found at any of several locations on the Internet. A list of mirrors is given at the primary Samba home page.

+In addition, a CD-ROM distribution is available in the back of this book. We strongly encourage you to start with the CD-ROM if this is your first time using Samba. We've included source and binaries up to Samba 2.0.5 with this book. In addition, several of the testing tools that we refer to through the book are conveniently packaged on the CD-ROM.

+
+
+
+ + +
+ +Previous: 1.5 An Overview of the Samba Distribution + + + +Next: 1.7 What's New in Samba 2.0?
+1.5 An Overview of the Samba Distribution + +Book Index +1.7 What's New in Samba 2.0?
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_07.html b/docs/htmldocs/using_samba/ch01_07.html new file mode 100644 index 00000000000..a5fd482b03b --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_07.html @@ -0,0 +1,138 @@ + + + +[Chapter 1] 1.7 What's New in Samba 2.0? + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.6 How Can I Get Samba? + + + +Chapter 1
+Learning the Samba		 + +Next: 1.8 And That's Not All...
 
+ +
+
+

+ +1.7 What's New in Samba 2.0?

Samba 2.0 was an eagerly-awaited package. The big additions to Samba 2.0 are more concrete support for NT Domains and the new Samba Web Administration Tool (SWAT), a browser-based utility for configuring Samba. However, there are dozens of other improvements that were introduced in the summer and fall of 1998.

+

+ +1.7.1 NT Domains

+Samba's support for NT Domains (starting with version 2.0. +x) produced a big improvement: it allows SMB servers to use its authentication mechanisms, which is essential for future NT compatibility, and to support +NT domain logons. Domain logons allow a user to log in to a Windows NT domain and use all the computers in the domain without logging into them individually. Previous to version 2.0.0, Samba supported Windows 95/98 logon services, but not NT domain logons. Although domain logons support is not complete is Samba 2.0, it is partially implemented.

+

+ +1.7.2 Ease of Administration

SWAT, the Samba Web Administration Tool, makes it easy to set up a server and change its configuration, without giving up the simple text-based configuration file. SWAT provides a graphical interface to the resources that Samba shares with its clients. In addition, SWAT saves considerable experimentation and memory work in setting up or changing configurations across the network. You can even create an initial setup with SWAT and then modify the file later by hand, or vice versa. Samba will not complain.

+On the compilation side, GNU +autoconf is now used to make the task of initial compilation and setup easier so you can get to SWAT quicker.

+

+ +1.7.3 Performance

+There are major performance and scalability increases in Samba: the code has been reorganized and +nmbd (the Samba name service daemon) heavily rewritten:

    +
  • +

    + +Name/browsing service now supports approximately 35,000 simultaneous clients.

  • +

    + +File and print services support 500 concurrent users from a single medium-sized server without noticeable performance degradation.

  • +

    + +Linux/Samba on identical hardware now consistently performs better than NT Server. And best of all, Samba is improving.

  • +

    + +Improved "opportunistic" locking allows client machines to cache entire files locally, greatly improving speed without running the risk of accidentally overwriting the cached files.

+

+ +1.7.4 More Features

+There are several additional features in Samba 2.0. You can now have multiple Samba aliases on the same machine, each pretending to be a different server, a feature similar to virtual hosts in modern web servers. This allows a host to serve multiple departments and groups, or provide disk shares with normal username/password security while also providing printers to everyone without any security. Printing has been changed to make it easier for Unix System V owners: Samba can now find the available printers automatically, just as it does with Berkeley-style printing. In addition, Samba now has the capability to use multiple code pages, so it can be used with non-European languages, and to use the Secure Sockets Layer protocol (SSL) to encrypt all the data it sends across the Internet, instead of just passwords.[7]

+
+

+[7] If you reside in the United States, there are some federal rules and regulations dealing with strong cryptography. We'll talk about his later when we set up Samba and SSL in Appendix A, +Configuring Samba with SSL.

+

+ +1.7.5 Compatibility Improvements

+At the same time as it's becoming more capable, Samba is also becoming more compatible with Windows NT. Samba has always supported Microsoft-style password encryption. It now provides tools and options for changing over to Microsoft encryption, and for keeping the Unix and Microsoft password files synchronized while doing so. Finally, a Samba master browser can be instructed to hunt down and synchronize itself with other SMB servers on different LANs, allowing SMB to work seamlessly across multiple networks. Samba uses a different method of accomplishing this from the Microsoft method, which is undocumented.

+

+ +1.7.6 Smbwrapper

+Finally, there is an entirely new version of the Unix client called +smbwrapper. Instead of a kernel module that allows Linux to act as a Samba client, there is now a command-line entry to load the library that provides a complete SMB filesystem on some brands of Unix. Once loaded, the command +ls +/smb will list all the machines in your workgroup, and +cd /smb/server_name/share_name will take you to a particular share (shared directory), similar to the Network File System (NFS). As of this writing, +smbwrapper currently runs on Linux, Solaris, SunOS 4, IRIX, and OSF/1, and is expected to run on several more operating systems in the near future.

+
+
+
+ + +
+ +Previous: 1.6 How Can I Get Samba? + + + +Next: 1.8 And That's Not All...
+1.6 How Can I Get Samba? + +Book Index +1.8 And That's Not All...
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch01_08.html b/docs/htmldocs/using_samba/ch01_08.html new file mode 100644 index 00000000000..0ea2d0331ce --- /dev/null +++ b/docs/htmldocs/using_samba/ch01_08.html @@ -0,0 +1,89 @@ + + + +[Chapter 1] 1.8 And That's Not All... + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.7 What's New in Samba 2.0? + + + +Chapter 1
+Learning the Samba		 + +Next: 2. Installing Samba on a Unix System
 
+ +
+
+

+ +1.8 And That's Not All...

+Samba is a wonderful tool with potential for even the smallest SMB/CIFS network. This chapter presented you with a thorough introduction to what Samba is, and more importantly, how it fits into a Windows network. The next series of chapters will help you set up Samba on both the Unix server side, where its two daemons reside, as well as configure the Windows 95, 98, and NT clients to work with Samba. Before long, the aches and pains of your heterogeneous network may seem like a thing of the past. Welcome to the wonderful world of Samba!

+
+
+
+ + +
+ +Previous: 1.7 What's New in Samba 2.0? + + + +Next: 2. Installing Samba on a Unix System
+1.7 What's New in Samba 2.0? + +Book Index +2. Installing Samba on a Unix System
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch02_01.html b/docs/htmldocs/using_samba/ch02_01.html new file mode 100644 index 00000000000..a90a52d8abe --- /dev/null +++ b/docs/htmldocs/using_samba/ch02_01.html @@ -0,0 +1,197 @@ + + + +[Chapter 2] Installing Samba on a Unix System + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 1.8 And That's Not All... + + +Chapter 2 + +Next: 2.2 Configuring Samba
 
+ +
+
+

+ +2. Installing Samba on a Unix System

+

+ +Contents:
+ +Downloading the Samba Distribution
+ +Configuring Samba
+ +Compiling and Installing Samba
+ +A Basic Samba Configuration File
+ +Starting the Samba Daemons
+ +Testing the Samba Daemons

+

Now that you know what Samba can do for you and your users, it's time to get your own network set up. Let's start with the installation of Samba itself on a Unix system. When dancing the samba, one learns by taking small steps. It's just the same when installing Samba; we need to teach it step by step. This chapter will help you to start off on the right foot.

+For illustrative purposes, we will be installing the 2.0.4 version of the Samba server on a Linux[1] system running version 2.0.31 of the kernel. However, the installation steps are the same for all of the platforms that Samba supports. A typical installation will take about an hour to complete, including downloading the source files and compiling them, setting up the configuration files, and testing the server.

+
+

+[1] If you haven't heard of Linux yet, then you're in for a treat. Linux is a freely distributed Unix-like operating system that runs on the Intel x86, Motorola PowerPC, and Sun Sparc platforms. The operating system is relatively easy to configure, extremely robust, and is gaining in popularity. You can get more information on the Linux operating system at http://www.linux.org/.

Here is an overview of the steps:

    +
  1. +

    + +Download the source or binary files.

  2. +

    + +Read the installation documentation.

  3. +

    + +Configure a makefile.

  4. +

    + +Compile the server code.

  5. +

    + +Install the server files.

  6. +

    + +Create a Samba configuration file.

  7. +

    + +Test the configuration file.

  8. +

    + +Start the Samba daemons.

  9. +

    + +Test the Samba daemons.

+

+ + +2.1 Downloading the Samba Distribution

If you want to get started quickly, the CD-ROM packaged with this book contains both the sources and binaries of Samba that were available as this book went to print. The CD is a mirror image of the files and directories on the Samba download server: +ftp.samba.org.

+On the other hand, if you want to download the latest version, the primary web site for the Samba software is http://www.samba.org. Once connected to this page, you'll see links to several Samba mirror sites across the world, both for the standard Samba web pages and sites devoted exclusively to downloading Samba. For the best performance, choose a site that is closest to your own geographic location.

+The standard Samba web sites have Samba documentation and tutorials, mailing list archives, and the latest Samba news, as well as source and binary distributions of Samba. The download sites (sometimes called +FTP sites) have only the source and binary distributions. Unless you specifically want an older version of the Samba server or are going to install a binary distribution, download the latest source distribution from the closest mirror site. This distribution is always named:

samba-latest.tar.gz

+If you choose to use the version of Samba that is located on the CD-ROM packaged with this book, you should find the latest Samba distribution in the base directory.

+

+ +2.1.1 Binary or Source?

Precompiled packages are also available for a large number of Unix platforms. These packages contain binaries for each of the Samba executables as well as the standard Samba documentation. Note that while installing a binary distribution can save you a fair amount of trouble and time, there are a couple of issues that you should keep in mind when deciding whether to use the binary or compile the source yourself:

    +
  • +

    + +The binary packages can lag behind the latest version of the software by one or two (maybe more) minor releases, especially after a series of small changes and for less popular platforms. Compare the release notes for the source and binary packages to make sure that there aren't any new features that you need on your platform. This is especially true of the sources and binaries on the CD-ROM: at the time this book went to print, they were from the latest production release of Samba. However, development is ongoing, so the beta-test versions on the Internet will be newer.

  • +

    + +If you use a precompiled binary, you will need to ensure that you have the correct libraries required by the executables. On some platforms the executables are statically linked so this isn't an issue, but on modern Unix operating systems (e.g., Linux, SGI Irix, Solaris, HP-UX, etc.), libraries are often dynamically linked. This means that the binary looks for the right version of each library on your system, so you may have to install a new version of a library. The +README file or +makefile that accompanies the binary distribution should list any special requirements.[2]

    +
    +

    +[2] This is especially true with programs that use +glibc-2.1 (which comes standard with Red Hat Linux 6). This library caused quite a consternation in the development community when it was released because it was incompatable with previous versions of glibc.

    Many machines with shared libraries come with a nifty tool called ldd. This tool will tell you which libraries a specific binary requires and which libraries on the system satisfy that requirement. For example, checking the +smbd program on our test machine gave us:

$ ldd smbd
+
+libreadline.so.3 => /usr/lib/libreadline.so.3
+libdl.so.2 => /lib/libdl.so.2
+libcrypt.so.1 => /lib/libcrypt.so.1
+libc.so.6 => /lib/libc.so.6
+libtermcap.so.2 => /lib/libtermcap.so.2
+/lib/ld-linux.so.2 => /lib/ld-linux.so.2
    +
  • +

    +If there are any incompatibilities between Samba and specific libraries on your machine, the distribution-specific documentation should highlight those.

  • +

    + +Keep in mind that each binary distribution carries preset values about the target platform, such as default directories and configuration option values. Again, check the documentation and the makefile included in the source directory to see which directives and variables were used when the binary was compiled. In some cases, these will not be appropriate for your situation.

    +A few configuration items can be reset with command-line options at runtime instead of at compile time. For example, if your binary tries to place any log, lock, or status files in the "wrong" place (for example, in +/usr/local), you can override this without recompiling.

+One point worth mentioning is that the Samba source requires an ANSI C compiler. If you are on a platform with a non-ANSI compiler, such as the +cc compiler on SunOS version 4, you'll have to install an ANSI-compliant compiler such as +gcc before you do anything else.[3] If installing a compiler isn't something you want to wrestle with, you can start off with a binary package. However, for the most flexibility and compatibility on your system, we always recommend compiling from the latest source.

+
+

+[3] +gcc binaries are available for almost every modern machine. See +http://www.gnu.org/ for a list of sites with +gcc and other GNU software.

+

+ +2.1.2 Read the Documentation

This sounds like an obvious thing to say, but there have probably been times where you have uncompressed a package, blindly typed +configure, +make, and +make +install, and walked away to get another cup of coffee. We'll be the first to admit that we do that, many more times than we should. It's a bad idea - especially when planning a network with Samba.

+Samba 2.0 automatically configures itself prior to compilation. This reduces the likelihood of a machine-specific problem, but there may be an option mentioned in the +README file that you end up wishing for after Samba's been installed. With both source and binary packages you'll find a large number of documents in the +docs directory, in a variety of formats. The most important files to look at in the distribution are:

+WHATSNEW.txt
+docs/textdocs/UNIX_INSTALL.txt

+These files tell you what features you can expect in your Samba distribution, and will highlight common installation problems that you're likely to face. Be sure to look over both of them before you start the compilation process.

+
+
+
+ + +
+ +Previous: 1.8 And That's Not All... + + + +Next: 2.2 Configuring Samba
+1.8 And That's Not All... + +Book Index +2.2 Configuring Samba
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch02_02.html b/docs/htmldocs/using_samba/ch02_02.html new file mode 100644 index 00000000000..3556314b438 --- /dev/null +++ b/docs/htmldocs/using_samba/ch02_02.html @@ -0,0 +1,338 @@ + + + +[Chapter 2] 2.2 Configuring Samba + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 2.1 Downloading the Samba Distribution + + + +Chapter 2
+Installing Samba on a Unix System		 + +Next: 2.3 Compiling and Installing Samba
 
+ +
+
+

+ +2.2 Configuring Samba

The source distribution of Samba 2.0 and above doesn't initially have a makefile. Instead, one is generated through a GNU +configure script, which is located in the +samba-2.0.x /source/ directory. The +configure script, which must be run as root, takes care of the machine-specific issues of building Samba. However, you still may want to decide on some global options. Global options can be set by passing options on the command-line:

+# ./configure --with-ssl

+For example, this will configure the Samba makefile with support for the Secure Sockets Layer (SSL) encryption protocol. If you would like a complete list of options, type the following:

+# ./configure --help

Each of these options enable or disable various features. You typically enable a feature by specifying the +--with- + +feature option, which will cause the feature to be compiled and installed. Likewise, if you specify a +--without- + +feature option, the feature will be disabled. As of Samba 2.0.5, each of the following features is disabled by default:

+
+ +--with-smbwrapper
+

+Include SMB wrapper support, which allows executables on the Unix side to access SMB/CIFS filesystems as if they were regular Unix filesystems. We recommend using this option. However, at this time this book went to press, there were several incompatibilities between the +smbwrapper package and the GNU +libc version 2.1, and it would not compile on Red Hat 6.0. Look for more information on these incompatibilities on the Samba home page.

+ +--with-afs
+

+Include support of the Andrew Filesystem from Carnegie Mellon University. If you're going to serve AFS files via Samba, we recommend compiling Samba once first without enabling this feature to ensure that everything runs smoothly. Once that version is working smoothly, recompile Samba with this feature enabled and compare any errors you might receive against the previous setup.

+ +--with-dfs
+

+Include support for DFS, a later version of AFS, used by OSF/1 (Digital Unix). Note that this is +not the same as Microsoft DFS, which is an entirely different filesystem. Again, we recommend compiling Samba once first without this feature to ensure that everything runs smoothly, then recompile with this feature to compare any errors against the previous setup.

+ +--with-krb4=base-directory
+

+Include support for Kerberos version 4.0, explicitly specifying the base directory of the distribution. Kerberos is a network security protocol from MIT that uses private key cryptography to provide strong security between nodes. Incidentally, Microsoft has announced that Kerberos 5.0 will be the standard authentication mechanism for Microsoft Windows 2000 (NT 5.0). However, the Kerberos 5.0 authentication mechanisms are quite different from the Kerberos 4.0 security mechanisms. If you have Kerberos version 4 on your system, the Samba team recommends that you upgrade and use the +--with-krb5 option (see the next item). You can find more information on Kerberos at http://web.mit.edu/kerberos/www.

+ +--with-krb5=base-directory
+

+Include support for Kerberos version 5.0, explicitly specifying the base directory of the distribution. Microsoft has announced that Kerberos 5.0 will be the standard authentication mechanism for Microsoft Windows 2000 (NT 5.0). However, there is no guarantee that Microsoft will not extend Kerberos for their own needs in the future. Currently, Samba's Kerberos support only uses a plaintext password interface and not an encrypted one. You can find more information on Kerberos at its home page: http://web.mit.edu/kerberos/www.

+ +--with-automount
+

+Include support for automounter, a feature often used on sites that offer NFS.

+ +--with-smbmount
+

+Include +smbmount support, which is for Linux only. This feature wasn't being maintained at the time the book was written, so the Samba team made it an optional feature and provided +smbwrapper instead. The +smbwrapper feature works on more Unix platforms than +smbmount, so you'll usually want to use +--with-smbwrapper instead of this option.

+ +--with-pam
+

+Include support for pluggable authentication modules (PAM), an authentication feature common in the Linux operating system.

+ +--with-ldap
+

+Include support for the Lightweight Directory Access Protocol (LDAP). A future version of LDAP will be used in the Windows 2000 (NT 5.0) operating system; this Samba support is experimental. LDAP is a flexible client-server directory protocol that can carry information such as certificates and group memberships.[4]

+
+

+[4] By +directory, we don't mean a directory in a file system, but instead an indexed directory (such as a phone directory). Information is stored and can be easily retrieved in a public LDAP system.

+ +--with-nis
+

+Include support for getting password-file information from NIS (network yellow pages).

+ +--with-nisplus
+

+Include support for obtaining password-file information from NIS+, the successor to NIS.

+ +--with-ssl
+

+Include experimental support for the Secure Sockets Layer (SSL), which is used to provide encrypted connections from client to server. Appendix A, Configuring Samba with SSL, describes setting up Samba with SSL support.

+ +--with-nisplus-home
+

+Include support for locating which server contains a particular user's home directory and telling the client to connect to it. Requires +--with-nis and, usually, +--with-automounter.

+ +--with-mmap
+

+Include experimental memory mapping code. This is not required for fast locking, which already uses mmap or System V shared memory.

+ +--with-syslog
+

+Include support for using the SYSLOG utility for logging information generated from the Samba server. There are a couple of Samba configuration options that you can use to enable SYSLOG support; Chapter 4, Disk Shares , discusses these options.

+ +--with-netatalk
+

+Include experimental support for interoperating with the (Macintosh) Netatalk file server.

+ +--with-quotas
+

+Include disk-quota support.

+Because each of these options is disabled by default, none of these features are essential to Samba. However, you may want to come back and build a modified version of Samba if you discover that you need one at a later time.

+In addition, +Table 2.1 shows some other parameters that you can give the +configure script if you wish to store parts of the Samba distribution in different places, perhaps to make use of multiple disks or partitions. Note that the defaults sometimes refer to a prefix specified earlier in the table.


+ + + + + + + + + + + + + + +
+ +Table 2.1: Additional Configure Options
+

+Option

 +

+Meaning

 +

+Default

+

+ +--prefix=directory

 +

+Install architecture-independent files at the base directory specified.

 +

+ +/usr/local/samba

+

+ +--eprefix=directory

 +

+Install architecture-dependent files at the base directory specified.

 +

+ +/usr/local/samba

+

+ +--bindir=directory

 +

+Install user executables in the directory specified.

 +

+ + +eprefix/bin

+

+ +--sbindir=directory

 +

+Install administrator executables in the directory specified.

 +

+ + +eprefix/bin

+

+ +--libexecdir=directory

 +

+Install program executables in the directory specified.

 +

+ + +eprefix/libexec

+

+ +--datadir=directory

 +

+Install read-only architecture independent data in the directory specified.

 +

+ + +prefix/share

+

+ +--libdir=directory

 +

+Install program libraries in the directory specified.

 +

+ + +eprefix/lib

+

+ +--includedir=directory

 +

+Install package include files in the directory specified.

 +

+ + +prefix/include

+

+ +--infodir=directory

 +

+Install additional information files in the directory specified.

 +

+ + +prefix/info

+

+ +--mandir=directory

 +

+Install manual pages in the directory specified.

+

+ + +prefix/man

+Again, before running the +configure script, it is important that you are the root user on the system. Otherwise, you may get a warning such as:

+configure: warning: running as non-root will disable some tests

+You don't want any test to be disabled when the Samba makefile is being created; this leaves the potential for errors down the road when compiling or running Samba on your system.

+Here is a sample execution of the +configure script, which creates a Samba 2.0.4 makefile for the Linux platform. Note that you must run the configure script in the +source directory, and that several lines from the middle of the excerpt have been omitted:

+# cd samba-2.0.4b/source/
+# ./configure | tee mylog
+
+loading cache ./config.cache
+checking for gcc... (cached) gcc
+checking whether the C compiler (gcc -O) works... yes
+checking whether the C compiler (gcc -O) is a cross-compiler... no
+checking whether we are using GNU C... (cached) yes
+checking whether gcc accepts -g... (cached) yes
+checking for a BSD compatible install... (cached) /usr/bin/install -c
+
+...(content omitted)...
+
+checking configure summary
+configure OK
+creating ./config.status
+creating include/stamp-h
+creating Makefile
+creating include/config.h

+In general, any message from +configure that doesn't begin with the words +checking or +creating is an error; it often helps to redirect the output of the configure script to a file so you can quickly search for errors, as we did with the +tee command above. If there was an error during configuration, more detailed information about it can be found in the +config.log file, which is written to the local directory by the +configure script.

+If the configuration works, you'll see a +checking +configure +summary message followed by a +configure +OK message and four or five file creation messages. So far, so good.... Next step: compiling.

+
+
+
+ + +
+ +Previous: 2.1 Downloading the Samba Distribution + + + +Next: 2.3 Compiling and Installing Samba
+2.1 Downloading the Samba Distribution + +Book Index +2.3 Compiling and Installing Samba
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch02_03.html b/docs/htmldocs/using_samba/ch02_03.html new file mode 100644 index 00000000000..c4313736d8b --- /dev/null +++ b/docs/htmldocs/using_samba/ch02_03.html @@ -0,0 +1,235 @@ + + + +[Chapter 2] 2.3 Compiling and Installing Samba + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 2.2 Configuring Samba + + + +Chapter 2
+Installing Samba on a Unix System		 + +Next: 2.4 A Basic Samba Configuration File
 
+ +
+
+

+ +2.3 Compiling and Installing Samba

At this point you should be ready to build the Samba executables. Compiling is also easy: in the +source directory, type +make on the command line. The +make utility will produce a stream of explanatory and success messages, beginning with:

+Using FLAGS = -O -Iinclude ...

+This build includes compiles for both +smbd and +nmbd, and ends in a linking command for +bin/make_ printerdef. For example, here is a sample make of Samba version 2.0.4 on a Linux server:

# make
+Using FLAGS =  -O -Iinclude -I./include -I./ubiqx -I./smbwrapper  -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts"   -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd"
+Using FLAGS32 =  -O -Iinclude -I./include -I./ubiqx -I./smbwrapper  -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -DLMHOSTSFILE="/usr/local/samba/lib/lmhosts"   -DSWATDIR="/usr/local/samba/swat" -DSBINDIR="/usr/local/samba/bin" -DLOCKDIR="/usr/local/samba/var/locks" -DSMBRUN="/usr/local/samba/bin/smbrun" -DCODEPAGEDIR="/usr/local/samba/lib/codepages" -DDRIVERFILE="/usr/local/samba/lib/printers.def" -DBINDIR="/usr/local/samba/bin" -DHAVE_INCLUDES_H -DPASSWD_PROGRAM="/bin/passwd" -DSMB_PASSWD_FILE="/usr/local/samba/private/smbpasswd"
+Using LIBS = -lreadline -ldl  -lcrypt -lpam
+Compiling smbd/server.c
+Compiling smbd/files.c
+Compiling smbd/chgpasswd.c
+
+...(content omitted)...
+
+Compiling rpcclient/cmd_samr.c
+Compiling rpcclient/cmd_reg.c
+Compiling rpcclient/cmd_srvsvc.c
+Compiling rpcclient/cmd_netlogon.c
+Linking bin/rpcclient
+Compiling utils/smbpasswd.c
+Linking bin/smbpasswd
+Compiling utils/make_smbcodepage.c
+Linking bin/make_smbcodepage
+Compiling utils/nmblookup.c
+Linking bin/nmblookup
+Compiling utils/make_printerdef.c
+Linking bin/make_printerdef

+If you encounter problems when compiling, check the Samba documentation to see if it is easily fixable. Another possibility is to search or post to the Samba mailing lists, which are given at the end of Chapter 9, and on the Samba home page. Most compilation issues are system specific and almost always easy to overcome.

+Now that the files have been compiled, you can install them into the directories you identified with the command:

# make install

+If you happen to be upgrading, your old Samba files will be saved with the extension + .old, and you can go back to that previous version with the command +make +revert. After doing a +make +install, you should copy the +.old files (if they exist) to a new location or name. Otherwise, the next time you install Samba, the original +.old will be overwritten without warning and you could lose your earlier version. If you configured Samba to use the default locations for files, the new files will be installed in the directories listed in +Table 2.2. Remember that you need to perform the installation from an account that has write privileges on these target directories; this is typically the root account.


+ + + + + + + + + + + +
+ +Table 2.2: Samba Installation Directories
+

+Directory

 +

+Description

+

+ +/usr/local/samba

 +

Main tree

+

+ +/usr/local/samba/bin

 +

+Binaries

+

+ +/usr/local/samba/lib

 +

+ +smb.conf, +lmhosts, configuration files, etc.

+

+ +/usr/local/samba/man

 +

+Samba documentation

+

+ +/usr/local/samba/private

 +

+Samba encrypted password file

+

+ +/usr/local/samba/swat

 +

+SWAT files

+

+ +/usr/local/samba/var

 +

+Samba log files, lock files, browse list info, shared memory files, process ID files

+Throughout the remainder of the book, we occasionally refer to the location of the main tree as + +samba_dir. In most configurations, this is the base directory of the installed Samba package: +/usr/local/samba.

+

+ +WARNING: Watch out if you've made +/usr a read-only partition. You will want to put the logs, locks, and password files somewhere else.

+Here is the installation that we performed on our machine. You can see that we used +/usr/local/samba as the base directory for the distribution (e.g., + +samba_dir):

+# make install
+Using FLAGS = -O -Iinclude -I./include -I./ubiqx -I./smbwrapper  -DSMBLOGFILE="/usr/local/samba/var/log.smb" -DNMBLOGFILE="/usr/local/samba/var/log.nmb" -DCONFIGFILE="/usr/local/samba/lib/smb.conf" -
+
+...(content omitted)...
+
+The binaries are installed. You may restore the old binaries
+(if there were any) using the command "make revert". You may
+uninstall the binaries using the command "make uninstallbin"
+or "make uninstall" to uninstall binaries, man pages and shell
+scripts.
+
+...(content omitted)...
+
+============================================================
+The SWAT files have been installed. Remember to read the 
+README for information on enabling and using SWAT.
+============================================================

+If the last message is about SWAT, you've successfully installed all the files. Congratulations! You now have Samba on your system!

+

+ +2.3.1 Final Installation Steps

There are a couple of final steps to perform. Specifically, add the Samba Web Administration Tool (SWAT) to the +/etc/services and +/etc/inetd.conf configuration files. SWAT runs as a daemon under +inetd and provides a forms-based editor in your web browser for creating and modifying SMB configuration files.

    +
  1. +

    + +To add SWAT, add the following line to the end of the +/etc/services file:

+swat   901/tcp
    +
  1. +

    + +Add these lines to +/etc/inetd.conf. (Check your +inetd.conf manual page to see the exact format of the + inetd.conf file if it differs from the following example.) Don't forget to change the path to the SWAT binary if you installed it in a different location from the default +/usr/local/samba.

+swat   stream  tcp  nowait.400  root  /usr/local/samba/bin/swat  swat

+And that's pretty much it for the installation. Before you can start up Samba, however, you need to create a configuration file for it.

+
+
+
+ + +
+ +Previous: 2.2 Configuring Samba + + + +Next: 2.4 A Basic Samba Configuration File
+2.2 Configuring Samba + +Book Index +2.4 A Basic Samba Configuration File
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch02_04.html b/docs/htmldocs/using_samba/ch02_04.html new file mode 100644 index 00000000000..608a1e2c40b --- /dev/null +++ b/docs/htmldocs/using_samba/ch02_04.html @@ -0,0 +1,186 @@ + + + +[Chapter 2] 2.4 A Basic Samba Configuration File + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 2.3 Compiling and Installing Samba + + + +Chapter 2
+Installing Samba on a Unix System		 + +Next: 2.5 Starting the Samba Daemons
 
+ +
+
+

+ +2.4 A Basic Samba Configuration File

+The key to configuring Samba is its lone configuration file: +smb.conf. This configuration file can be very simple or extremely complex, and the rest of this book is devoted to helping you get deeply personal with this file. For now, however, we'll show you how to set up a single file service, which will allow you to fire up the Samba daemons and see that everything is running as it should be. In later chapters, you will see how to configure Samba for more complicated and interesting tasks.

+The installation process does not automatically create an +smb.conf configuration file, although several example files are included in the Samba distribution. To test the server software, though, we'll use the following file. It should be named +smb.conf and placed in the +/usr/local/samba/lib directory.[5]

+
+

+[5] If you did not compile Samba, but instead downloaded a binary, check with the documentation for the package to find out where it expects the +smb.conf file. If Samba came preinstalled with your Unix system, there is probably already an +smb.conf file somewhere on your system.

+[global]
+	workgroup = SIMPLE 
+[test] 
+	comment = For testing only, please
+	path = /export/samba/test
+	read only = no
+	guest ok = yes

+This brief configuration file tells the Samba server to offer the directory +/export/samba/test on the server as an SMB/CIFS share called test. The server also becomes part of the named workgroup SIMPLE, which each of the clients must also be a part of. (Use your own workgroup here if you already know what it is.) We'll use the +[test] share in the next chapter to set up the Windows clients. For now, you can complete the setup by performing the following commands as root on your Unix server:

# mkdir /export/samba/test
+# chmod 777 /export/samba/test

+We should point out that in terms of system security, this is the worst setup possible. For the moment, however, we only wish to test Samba, so we'll leave security out of the picture. In addition, there are some encrypted password issues that we will encounter with Windows clients later on, so this setup will afford us the least amount of headaches.

+If you are using Windows 98 or Windows NT Service Pack 3 or above, you must add the following entry to the +[global] section of the Samba configuration file: +encrypt passwords = yes. In addition, you must use the +smbpassword program (typically located in +/usr/local/samba/bin/) to reenter the username/password combinations of those users on the Unix server who should be able to access shares into Samba's encrypted client database. For example, if you wanted to allow Unix user +steve to access shares from an SMB client, you could type: +smbpassword -a steve. The first time a user is added, the program will output an error saying that the encrypted password database does not exist. Don't worry, it will then create the database for you. Make sure that the username/password combinations that you add to the encrypted database match the usernames and passwords that you intend to use on the Windows client side.

+

+ +2.4.1 Using SWAT

With Samba 2.0, creating a configuration file is even easier than writing a configuration file by hand. You can use your browser to connect to http://localhost:901, and log on as the root account, as shown in +Figure 2.1.

+ +Figure 2.1: SWAT login

Figure 2.1

+After logging in, press the GLOBALS button at the top of the screen. You should see the Global Variables page shown in +Figure 2.2.

+ +Figure 2.2: SWAT Global Variables page

Figure 2.2

+In this example, set the workgroup field to SIMPLE and the security field to USER. The only other option you need to change from the menu is one determining which system on the LAN resolves NetBIOS addresses; this system is called the +WINS server. At the very bottom of the page, set the wins support field to Yes, unless you already have a WINS server on your network. If you do, put the WINS server's IP address in the wins server field instead. Then return to the top and press the Commit Changes button to write the changes out to the +smb.conf file.

+ +Figure 2.3: SWAT Share Creation screen

Figure 2.3

+Next, press the Shares icon. You should see a page similar to +Figure 2.3. Choose Test in the field beside the Choose Share button. You will see the Share Parameters screen, as shown in +Figure 2.4. We added a comment to remind us that this is a test share in the +smb.conf file. SWAT has copies of all that information here.

+ +Figure 2.4: SWAT Share Parameters screen

Figure 2.4

+If you press the View button, SWAT shows you the following +smb.conf file:

+# Samba config file created using SWAT
+# from localhost (127.0.0.1)
+# Date: 1998/11/27 15:42:40
+
+# Global parameters
+        workgroup = SIMPLE
+[test]
+        comment = For testing only, please
+        path = /export/samba/test
+        read only = no
+        guest ok = yes

+Once this configuration file is completed, you can skip the next step because the output of SWAT is guaranteed to be syntactically correct.

+

+ +2.4.2 Testing the Configuration File

If you didn't use SWAT to create your configuration file, you should probably test it to ensure that it is syntactically correct. It may seem silly to run a test program against an eight-line configuration file, but it's good practice for the real ones that we'll be writing later on.

+The test parser, +testparm, examines an +smb.conf file for syntax errors and reports any it finds along with a list of the services enabled on your machine. An example follows; you'll notice that in our haste to get the server running we mistyped +workgroup as +workgrp (the output is often lengthy, so we recommend capturing the last parts with the +tee command):

+Load smb config files from smb.conf
+Unknown parameter encountered: "workgrp"
+Ignoring unknown parameter "workgrp"
+Processing section "[test]"
+Loaded services file OK.
+Press enter to see a dump of your service definitions
+# Global parameters
+[global]
+        workgroup = WORKGROUP
+        netbios name = 
+        netbios aliases = 
+        server string = Samba 2.0.5a
+        interfaces = 
+        bind interfaces only = No
+
+...(content omitted)...
+
+[test]
+        comment = For testing only, please               
+	path = /export/samba/test
+        read only = No
+        guest ok = Yes

+The interesting parts are at the top and bottom. The top of the output will flag any syntax errors that you may have made, and the bottom lists the services that the server thinks it should offer. A word of advice: make sure that you and the server have the same expectations.

+If everything looks good, then you are ready to fire up the server daemons!

+
+
+
+ + +
+ +Previous: 2.3 Compiling and Installing Samba + + + +Next: 2.5 Starting the Samba Daemons
+2.3 Compiling and Installing Samba + +Book Index +2.5 Starting the Samba Daemons
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch02_05.html b/docs/htmldocs/using_samba/ch02_05.html new file mode 100644 index 00000000000..95d506e5e96 --- /dev/null +++ b/docs/htmldocs/using_samba/ch02_05.html @@ -0,0 +1,195 @@ + + + +[Chapter 2] 2.5 Starting the Samba Daemons + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 2.4 A Basic Samba Configuration File + + + +Chapter 2
+Installing Samba on a Unix System		 + +Next: 2.6 Testing the Samba Daemons
 
+ +
+
+

+ +2.5 Starting the Samba Daemons

+There are two Samba processes, +smbd and +nmbd, that need to be running for Samba to work correctly. There are three ways to start:

    +
  • +

    + +By hand

  • +

    + +As stand-alone daemons

  • +

    + +From +inetd

+

+ +2.5.1 Starting the Daemons by Hand

+If you're in a hurry, you can start the Samba daemons by hand. As root, simply enter the following commands:

+# /usr/local/samba/bin/smbd -D
+# /usr/local/samba/bin/nmbd -D

+At this point, Samba will be running on your system and will be ready to accept connections.

+

+ +2.5.2 Stand-alone Daemons

+To run the Samba processes as stand-alone daemons, you need to add the commands listed in the previous section to your standard Unix startup scripts. This varies depending on whether you have a BSD-style Unix system or a System V Unix.

+

+ +2.5.2.1 BSD Unix

+WIth a BSD-style Unix, you need to append the following code to the +rc.local file, which is typically found in the +/etc or +/etc/rc.d directories:

+if [ -x /usr/local/samba/bin/smbd]; then
+	echo "Starting smbd..."
+	/usr/local/samba/bin/smbd -D
+	echo "Starting nmbd..."
+	/usr/local/samba/bin/nmbd -D
+fi

+This code is very simple; it checks to see if the +smbd file has execute permissions on it, and if it does, it starts up each of the Samba daemons on system boot.

+

+ +2.5.2.2 System V Unix

+With System V, things can get a little more complex. System V typically uses scripts to start and stop daemons on the system. Hence, you need to instruct Samba how to operate when it starts and when it stops. You can modify the contents of the +/etc/rc.local directory and add something similar to the following program entitled +smb:

+#!/bin/sh
+
+# Contains the "killproc" function on Red Hat Linux
+./etc/rc.d/init.d/functions
+
+PATH="/usr/local/samba/bin:$PATH"
+
+case $1 in 
+	'start')
+		echo "Starting smbd..."
+		smbd -D
+		echo "Starting nmbd..."
+		nmbd -D
+		;;
+	'stop')
+		echo "Stopping smbd and nmbd..."
+		killproc smbd
+		killproc nmbd
+		rm -f /usr/local/samba/var/locks/smbd.pid
+		rm -f /usr/local/samba/var/locks/nmbd.pid
+		;;
+	*)
+		echo "usage: smb {start|stop}"
+		;;
+esac

+With this script, you can start and stop the SMB service with the following commands:

+# /etc/rc.local/smb start
+Starting smbd...
+Starting nmbd...
+# /etc/rc.local/smb stop
+Stopping smbd and nmbd...
+

+ +2.5.3 Starting From Inetd

+The +inetd daemon is a Unix system's Internet "super daemon." It listens on TCP ports defined in +/etc/services and executes the appropriate program for each port, which is defined in +/etc/inetd.conf. The advantage of this scheme is that you can have a large number of daemons ready to answer queries, but they don't all have to be running. Instead, the +inetd daemon listens in places of all the others. The penalty is a small overhead cost of creating a new daemon process, and the fact that you need to edit two files rather than one to set things up. This is handy if you have only one or two users or your machine has too many daemons already. It's also easier to perform an upgrade without disturbing an existing connection.

+If you wish to start from +inetd, first open +/etc/services in your text editor. If you don't already have them defined, add the following two lines:

+netbios-ssn     139/tcp
+netbios-ns      137/udp

+Next, edit +/etc/inetd.conf. Look for the following two lines and add them if they don't exist. If you already have +smbd and +nmbd lines in the file, edit them to point at the new +smbd and +nmbd you've installed. Your brand of Unix may use a slightly different syntax in this file; use the existing entries and the +inetd.conf manual page as a guide:

+netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd 
+netbios-ns  dgram  udp wait   root /usr/local/samba/bin/nmbd nmbd

+Finally, kill any +smbd or +nmbd processes and send the +inetd process a hangup (HUP) signal. (The +inetd daemon rereads its configuration file on a HUP signal.) To do this, use the +ps command to find its process ID, then signal it with the following command:

+# kill -HUP process_id

+After that, Samba should be up and running.

+
+
+
+ + +
+ +Previous: 2.4 A Basic Samba Configuration File + + + +Next: 2.6 Testing the Samba Daemons
+2.4 A Basic Samba Configuration File + +Book Index +2.6 Testing the Samba Daemons
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch02_06.html b/docs/htmldocs/using_samba/ch02_06.html new file mode 100644 index 00000000000..46adba5d3b6 --- /dev/null +++ b/docs/htmldocs/using_samba/ch02_06.html @@ -0,0 +1,108 @@ + + + +[Chapter 2] 2.6 Testing the Samba Daemons + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 2.5 Starting the Samba Daemons + + + +Chapter 2
+Installing Samba on a Unix System		 + +Next: 3. Configuring Windows Clients
 
+ +
+
+

+ +2.6 Testing the Samba Daemons

It's hard to believe, but we're nearly done with the Samba server setup. All that's left to do is to make sure that everything is working as we think it should. A convenient way to do this is to use the smbclient program to examine what the server is offering to the network. If everything is set up properly, you should be able to do the following:

+# smbclient -U% -L localhost
+
+Added interface ip=192.168.220.100 bcast=192.168.220.255 nmask=255.255.255.0
+Domain=[SIMPLE] OS=[Unix] Server=[Samba 2.0.5a]
+
+        Sharename      Type      Comment
+        ---------      ----      -------
+        test           Disk      For testing only, please
+        IPC$           IPC       IPC Service (Samba 2.0.5a)
+
+        Server               	    Comment
+        ---------            	    -------
+        HYDRA                	    Samba 2.0.5a
+
+        Workgroup            	    Master
+        ---------            	    -------
+        SIMPLE               	    HYDRA

+If there is a problem, don't panic! Try to start the daemons manually, and check the system output or the debug files at +/usr/local/samba/var/log.smb to see if you can determine what happened. If you think it may be a more serious problem, skip to Chapter 7, Printing and Name Resolution, for help on troubleshooting the Samba daemons.

+If it worked, congratulations! You now have successfully set up the Samba server with a disk share. It's a simple one, but we can use it to set up and test the Windows 95 and NT clients in the next chapter. Then we will start making it more interesting by adding services such as home directories, printers, and security, and seeing how to integrate the server into a larger Windows domain.

+
+
+
+ + +
+ +Previous: 2.5 Starting the Samba Daemons + + + +Next: 3. Configuring Windows Clients
+2.5 Starting the Samba Daemons + +Book Index +3. Configuring Windows Clients
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch03_01.html b/docs/htmldocs/using_samba/ch03_01.html new file mode 100644 index 00000000000..915befad0f4 --- /dev/null +++ b/docs/htmldocs/using_samba/ch03_01.html @@ -0,0 +1,277 @@ + + + +[Chapter 3] Configuring Windows Clients + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 2.6 Testing the Samba Daemons + + +Chapter 3 + +Next: 3.2 Setting Up Windows NT 4.0 Computers
 
+ +
+
+

+ +3. Configuring Windows Clients

+

+ +Contents:
+ +Setting Up Windows 95/98 Computers
+ +Setting Up Windows NT 4.0 Computers
+ +An Introduction to SMB/CIFS

+

You'll be glad to know that configuring Windows to use your new Samba server is quite simple. SMB is Microsoft's native language for resource sharing on a local area network, so much of the installation and setup on the Windows client side has been taken care of already. The primary issues that we will cover in this chapter involve communication and coordination between Windows and Unix, two completely different operating systems.

+Samba uses TCP/IP to talk to its clients on the network. If you aren't already using TCP/IP on your Windows computers, this chapter will show you how to install it. Then you'll need to configure your Windows machines to operate on a TCP/IP network. Once these two requirements have been taken care of, we can show how to access a shared disk on the Samba server.

+This chapter is divided into three sections. The first section covers setting up Windows 95/98 computers while the second covers Windows NT 4.0 machines. The final section provides some prerequisite information on how SMB connections are made from Windows clients and servers, which is useful as we move into the later chapters of the book.

+

+ + +3.1 Setting Up Windows 95/98 Computers

Unfortunately, Windows 95/98 wasn't designed for a PC to have more than one user; that concept is more inherent to a Unix operating system or Windows NT. However, Windows 95/98 does have +limited support for multiple users: if you tell it, the operating system will keep a separate profile (desktop layout) and password file for each user. This is a far cry from true multiuser security. In other words, Windows 95/98 won't try to keep one user from destroying the work of another on the local hard drive like Unix, but profiles are a place to start.

+

+ +3.1.1 Accounts and Passwords

The first thing we need to do is to tell Windows to keep user profiles separate, and to collect usernames and passwords to authenticate anyone trying to access a Samba share. We do so via the Password settings in the Control Panel. If you are not familiar with the Windows Control Panel, you can access it by choosing the Settings menu item from the pop-up menu of the Start button in the lower-left corner of the screen. Alternatively, you'll find it as a folder under the icon in the upper-left corner that represents your computer and is typically labeled My Computer.

+After selecting the Passwords icon in the Control Panel, click on the User Profiles tab on the far right. You should see the dialog box shown in +Figure 3.1. Then click the lower of the two radio buttons that starts "Users can customize their preferences...." This causes Windows to store a separate profile for each user, and saves the username and password you provide, which it will use later when it connects to an SMB/CIFS server. Finally, check +both the options under the User Profile Settings border, as shown in the figure.

+ +Figure 3.1: The Passwords Properties panel

Figure 3.1

+The next step is to select the Change Passwords tab on the left side of the dialog box. In order for Samba to allow you access to its shares, the username and password you give to Windows must match the account and password on the Samba server. If you don't have this tab in your dialog box, don't worry; it's probably because you haven't given yourself a Windows username and password yet. Simply click the OK button at the bottom and respond Yes when Windows asks to reboot. Then, skip down to the section entitled +Section 3.1.1.2, Logging in for the first time.

+

+ +3.1.1.1 Changing the Windows password

After selecting the Change Passwords tab, the dialog box in +Figure 3.2 will appear.

+ +Figure 3.2: The Change Passwords tab

Figure 3.2

+Select the Change Windows Password button. The Change Windows Password dialog box should appear, as shown in +Figure 3.3. From here, you can change your password to match the password of the account on the Samba server through which you intend to log in.

+ +Figure 3.3: The Change Windows Password dialog box

Figure 3.3
+

+ +3.1.1.2 Logging in for the first time

If you didn't have a Change Passwords tab in the Passwords Properties window, then after Windows has finished rebooting, it will ask you to log in with a username and a password. Give yourself the same username and password that you have on the Samba server. After confirming your new username and password, or if you already have one, Windows should ask you if you want to have a profile, using the dialog shown in +Figure 3.4.

+ +Figure 3.4: Windows Networking profiles

Figure 3.4

+Answer Yes, upon which Windows will create a separate profile and password file for you and save a copy of your password in the file. Now when you connect to Samba, Windows will send its password, which will be used to authenticate you for each share. We won't worry about profiles for the moment; we'll cover them in Chapter 6, Users, Security, and Domains. We should point out, however, that there is a small security risk: someone can steal the password file and decrypt the passwords because it's weakly encrypted. Unfortunately, there isn't a solution to this with Windows 95/98. In Windows 2000 (NT 5.0), the password encryption should be replaced with a much better algorithm.

+

+ +3.1.2 Setting Up the Network

The next thing we need to do is make sure we have the TCP/IP networking protocol set up correctly. To do this, double-click on the Network icon in the Control Panel. You should see the network configuration dialog box, as shown in +Figure 3.5.

+ +Figure 3.5: The Windows 95/98 Network panel

Figure 3.5

+Microsoft networking works by binding specific protocols, such as IPX or TCP/IP, to a specific hardware device, such as an Ethernet card or a dialup connection. By routing a protocol through a hardware device, the machine can act as a client or server for a particular type of network. For Samba, we are interested in binding the TCP/IP protocol through a networking device, making the machine a client for Microsoft networks. Thus, when the dialog box appears, you should see at least the Client for Microsoft Networks component installed on the machine, and hopefully a networking device (preferably an Ethernet card) bound to the TCP/IP protocol. If there is only one networking hardware device, you'll see the TCP/IP protocol listed below that device. If it appears similar to +Figure 3.5, the protocol is bound to the device.

+You may also see "File and printer sharing for Microsoft Networks," which is useful. In addition, you might see NetBEUI or Novell Networking, which are standard with Windows installations but undesirable when TCP/IP is running. Remove NetBEUI if you possibly can - it's unnecessary and makes debugging Windows browsing difficult. If you don't have any Novell servers on your network, you can remove Novell (IPX/SPX) as well.

+

+ +3.1.2.1 Adding TCP/IP

If you don't see TCP/IP listed at all, you'll need to install the protocol. If you already have TCP/IP, skip this section, and continue with the section +Section 3.1.3, Setting Your Name and Workgroup, later in this chapter.

+Installing TCP/IP isn't difficult since Microsoft distributes its own version of TCP/IP for free on their installation CD-ROM. You can add the protocol by clicking on the Add button below the component window. Indicate that you wish to add a specific protocol by selecting Protocol and clicking Add... on the following dialog box, which should look similar to +Figure 3.6.

+ +Figure 3.6: Selecting a protocol to install

Figure 3.6

+After that, select the protocol TCP/IP from manufacturer Microsoft, as shown in +Figure 3.7, then click OK. After doing so, you will be returned to the network dialog. Click OK there to close the dialog box, upon which Windows will install the necessary components from disk and reboot the machine.

+ +Figure 3.7: Selecting a protocol to install

Figure 3.7
+

+ +3.1.2.2 Configuring TCP/IP

If you have more than one networking device (for example, both an Ethernet card and a dialup networking modem), each appropriate hardware device should be "linked" to the TCP/IP protocol with an arrow, as shown in +Figure 3.8. Select the TCP/IP protocol linked to the networking device that will be accessing the Samba network. When it is highlighted, click the Properties button.

+ +Figure 3.8: Selecting the correct TCP/IP protocol

Figure 3.8

+After doing so, the TCP/IP Properties panel for that device is displayed, as shown in +Figure 3.9.

+ +Figure 3.9: STCP/IP Properties panel

Figure 3.9

+There are seven tabs near the top of this panel, and you will need to configure four of them:

    +
  • +

    + +IP address

  • +

    + +DNS configuration

  • +

    + +WINS configuration

  • +

    + +Bindings

+

+ +3.1.2.3 IP Address tab

+The IP Address tab is shown in +Figure 3.9. Press the "Specify an IP address" radio button and enter the client's address and subnet mask in the space provided. You or your network manager should have selected an address for the machine. The values should place the computer on the same subnet as the Samba server. For example, if the server's address is 192.168.236.86, and its network mask 255.255.255.0, you might use address 192.168.236.10 (if it is available) for the Windows 98 computer, along with the same netmask as the server. If you already use DHCP on your network to provide IP addresses to Windows machines, select the "Obtain an IP address automatically" button.

+

+ +3.1.2.4 DNS Configuration tab

Domain Name Service (DNS) is responsible for translating Internet computer names such as +hobbes.example.com into machine-readable IP addresses such as 192.168.236.10. There are two ways to accomplish this on a Windows 98 machine: you can specify a server to do the translation for you or you can keep a local list of name/address pairs to refer to.

+Networks that are connected to the Internet typically use a server, since the hosts files required would otherwise be huge. For an unconnected LAN, the list of possible hosts is small and well-known and might be kept on a Unix machine in the +/etc/hosts file. If you are in doubt as to whether a DNS server is being used, or what its address might be, look at the file +/etc/resolv.conf on your Unix servers. Any machine using DNS will have this file, which looks like:

+#resolv.conf
+domain example.com
+nameserver 127.0.0.1
+nameserver 192.168.236.20

+In the example shown, the second +nameserver line in the list contains the IP address of another machine on the local network: 192.168.236.20. It's a good candidate for a DNS server.[1]

+
+

+[1] We can disqualify the other address because every Unix machine has a localhost address of 127.0.0.1 whether it is connected to a network or not. This address is required for some system tools to operate correctly.

+You must type the correct IP address of one or more DNS servers (note that you +cannot use its Internet name, such as +dns.oreilly.com) into the appropriate field in +Figure 3.10. Be sure not to use 127.0.0.1 - that will never be the correct DNS server address!

+Try to select addresses on your own network. Any name servers listed in +/etc/resolv.conf should work, but you'll get better performance by using a server nearby. (If you don't find +/etc/resolv.conf files on your Unix machines, just disable DNS until you can find the address of at least one DNS server.) Let's assume you only have one DNS server, and its address is 192.168.236.20. Click the Enable DNS radio button, as shown in +Figure 3.10, and add the server's address to the top DNS Server Search Order field.

+ +Figure 3.10: The DNS Configuration tab

Figure 3.10

+Also, provide the name of the Windows 95/98 machine and the Internet domain you're in. You can safely ignore the Domain Suffix Search Order field for anything related to Samba.

+

+ +3.1.2.5 WINS Configuration tab

WINS is the Windows Internet Name Service, its version of a NetBIOS name server. If you've enabled WINS on Samba, you must tell Windows the Samba server's address. If you are using WINS servers that are entirely Windows NT, enter each of them here as well. The dialog box shown after selecting the WINS Configuration tab is shown in +Figure 3.11.

+ +Figure 3.11: The WINS Configuration tab

Figure 3.11
+

+ +WARNING: Do +not mix a Samba WINS server and a Windows NT server as a primary/backup combination in the WINS dialog. Because the two cannot replicate their databases, this will cause name resolution to perform incorrectly.

+From here, select Enable WINS Resolution and enter the WINS server's address in the space provided, then press Add. Do not enter anything in the Scope ID field.

+

+ +3.1.2.6 Hosts files

If you do not have either DNS or WINS, and you don't wish to use broadcast resolution, you'll need to provide a table of IP addresses and hostnames, in the standard Unix +/etc/hosts format. On a Windows machine, this goes in \WINDOWS\HOSTS under whichever drive you installed Windows on (typically C:\). A sample host file follows:

+# 127.0.0.1        localhost
+192.168.236.1      escrime.example.com 	escrime
+192.168.236.2      riposte.example.com 	riposte
+192.168.236.3      wizzin.example.com 	wizzin
+192.168.236.4      touche.example.com 	touche
+192.168.236.10     hobbes.example.com 	hobbes

+You can copy this file directly from any of your Unix machines' +/etc/hosts; the format is identical. However, +you should only use hosts files in Windows as a last resort for name resolution.

+

+ +3.1.2.7 Check the bindings

+The final tab to look at is Bindings, as shown in +Figure 3.12.

+ +Figure 3.12: The Bindings tab

Figure 3.12

+You should have a check beside Client for Microsoft Networks, indicating that it's using TCP/IP. If you have "File and printer sharing for Microsoft Networks" in the dialog, it should also be checked, as shown in the figure.

+

+ +3.1.3 Setting Your Name and Workgroup

Finally, press the OK button in the TCP/IP configuration panel, and you'll be taken back to the Network Configuration screen. Then select the Identification tab, which will take you to the dialog box shown in +Figure 3.13.

+ +Figure 3.13: The Identification tab

Figure 3.13

+Here, for the second time, set your machine's name. This time, instead of your DNS hostname and domain, you're setting your NetBIOS name. However, it is best to make this the +same as your hostname. Try not to make a spelling mistake: it can be very confusing to configure a machine if TCP thinks it's +fred and SMB thinks its +ferd !

+You also set your workgroup name here. In our case, it's SIMPLE, but if you used a different one in Chapter 2, Installing Samba on a Unix System, when creating the Samba configuration file, use that here as well. Try to avoid calling it WORKGROUP or you'll be in the same workgroup as every unconfigured (or ill-configured) machine in the world.

+

+ +3.1.4 Accessing the Samba Server

Click on the OK button to complete the configuration; you will need to reboot in order for your changes to take effect.

+Now for the big moment. Your Samba server is running, and you have set up your Windows 95/98 client to communicate with it. After rebooting, log in and double-click the Network Neighborhood icon on the desktop. You should see your Samba server listed as a member of the workgroup, as shown in +Figure 3.14.

+ +Figure 3.14: Windows Network Neighborhood

Figure 3.14

+Double-clicking the server name will show the resources that the server is offering to the network, as shown in +Figure 3.15 (in this case a printer and the +test directory).

+ +Figure 3.15: Shares on Server

Figure 3.15
+

+ +WARNING: If you are presented with a dialog requesting the password for a user +IPC$, then Samba did not accept the password that was sent from the client. In this case, the username and the password that were created on the client side +must match the username/password combination on the Samba server. If you are using Windows 98 or Windows NT Service Pack 3 or above, this is probably because the client is sending encrypted passwords instead of plaintext passwords. You can remedy this situation by performing two steps on the Samba server. First, add the following entry to the +[global] section of your Samba configuration file: +encrypt password=yes. Second, find the +smbpasswd program on the samba server (it is located in +/usr/local/samba/bin by default) and use it to add an entry to Samba's encrypted password database. For example, to add user +steve to Samba's encrypted password database, type + +smbpasswd -a steve. The first time you enter this password, the program will output an error message indicating that the password database does not exist; it will then create the database, which is typically stored in +/usr/local/samba/private/smbpasswd.

+If you don't see the server listed, start Windows Explorer (not Internet Explorer!) and select Map Network Drive from the Tools menu. This will give you a dialog box into which you can type the name of your server and the share +test in the Windows UNC format: \\server\test, like we did in the first chapter. This should attempt to contact the Samba server and its temporary share. If things still aren't right, go to Chapter 9, Troubleshooting Samba, for troubleshooting assistance.

+
+
+
+ + +
+ +Previous: 2.6 Testing the Samba Daemons + + + +Next: 3.2 Setting Up Windows NT 4.0 Computers
+2.6 Testing the Samba Daemons + +Book Index +3.2 Setting Up Windows NT 4.0 Computers
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch03_02.html b/docs/htmldocs/using_samba/ch03_02.html new file mode 100644 index 00000000000..fd87daac726 --- /dev/null +++ b/docs/htmldocs/using_samba/ch03_02.html @@ -0,0 +1,260 @@ + + + +[Chapter 3] 3.2 Setting Up Windows NT 4.0 Computers + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 3.1 Setting Up Windows 95/98 Computers + + + +Chapter 3
+Configuring Windows Clients		 + +Next: 3.3 An Introduction to SMB/CIFS
 
+ +
+
+

+ +3.2 Setting Up Windows NT 4.0 Computers

Configuring Windows NT is a little different than configuring Windows 95/98. In order to use Samba with Windows NT, you will need both the Workstation service and the TCP/IP protocol. Both come standard with NT, but we'll work through installing and configuring them because they may not be configured correctly.

+There are six basic steps:

    +
  1. +

    + +Assign the machine a name.

  2. +

    + +Install the Workstation service.

  3. +

    + +Install the TCP/IP protocol.

  4. +

    + +Set the machine's name and IP address.

  5. +

    + +Configure the DNS and WINS name services.

  6. +

    + +Bind the protocol and service together.

+

+ +3.2.1 Basic Configuration

This section presents an outline of the steps to follow for getting Windows NT to cooperate with Samba. If you need more details on Windows NT network administration, refer to Craig Hunt and Robert Bruce Thompsom's +Windows NT TCP/IP Network Administration (O'Reilly), an excellent guide. You should perform these steps as the "Administrator" user.

+

+ +3.2.1.1 Name the machine

The first thing you need to do is to give the machine a NetBIOS name. From the Control Panel, double click on the Network icon. This will take you to the Network dialog box for the machine. The first tab in this dialog box should be the Identification tab, as illustrated in +Figure 3.16.

+ +Figure 3.16: Network panel Identification tab

Figure 3.16

+Here, you need to identify your machine with a name (we use the name Artish here) and change the default workgroup to the one you specified in the +smb.conf file of your Samba server. In this case, the workgroup name is SIMPLE. However, you cannot edit either name here (as you could in Windows 95/98), but instead must use the Change button below the two text fields. Pressing this button raises an Identification Changes dialog box, where you can reset the workgroup and the machine name, as shown in +Figure 3.17.

+ +Figure 3.17: Changing the identification

Figure 3.17

A word of warning: you will have to set the machine name again later while configuring TCP/IP, so be sure that the two names match. The name you set here is the NetBIOS name. You're allowed to make it different from the TCP/IP hostname, but doing so is usually not a good thing. Don't worry that Windows NT forces the computer name and the workgroup to be all capital letters; it's smart enough to figure out what you mean when it connects to the network.

+

+ +3.2.1.2 Installing the TCP/IP protocol

Next, select the Protocols tab in the Network dialog box, and look to see if you have the TCP/IP protocol installed, as shown in +Figure 3.18.

+ +Figure 3.18: The Protocols tab

Figure 3.18

+If the protocol is not installed, you need to add it. Press the Add button, which will display the Select Network Protocol dialog box shown in +Figure 3.19. Unlike Windows 95/98, you should immediately see the TCP/IP protocol as one of the last protocols listed.

+ +Figure 3.19: Select Network Protocol dialog box

Figure 3.19

+Select TCP/IP + as the protocol and confirm it. If possible, install only the TCP/IP protocol. You usually do not want NetBEUI installed because this causes the machine to look for services under two different protocols, only one of which is likely in use.[2]

+
+

+[2] A common occurrence: after looking at the unused protocol for a while, the machine will time out and try the good one. This fruitless searching gives you terrible performance and mysterious delays.

+

+ +3.2.1.3 Installing the Workstation service

After installing TCP/IP, press the Services tab in the Network panel and check that you have a Workstation service, as shown at the end of the list in +Figure 3.20.

+ +Figure 3.20: Network Services panel dialog box

Figure 3.20

+This service is actually the Microsoft Networking Client, which allows the machine to access SMB services. The Workstation service is mandatory. The service is installed by default on both Windows NT Workstation 4.0 and Server 4.0. If it's not there, you can install it much like TCP/IP. In this case you need to press the Add button and then select Workstation Service, as shown in +Figure 3.21.

+ +Figure 3.21: Select Network Service dialog box

Figure 3.21
+

+ +3.2.2 Configuring TCP/IP

After you've installed the Workstation service, return to the Protocols tab and select the TCP/IP Protocol entry in the window. Then click the Properties button below the window. The Microsoft TCP/IP Protocol panel will be displayed. There are five tabs on the Windows NT panel, and (like Windows 95/98) you will need to work on three of them:

    +
  • +

    + +IP address

  • +

    + +DNS

  • +

    + +WINS address

+

+ +3.2.2.1 IP Address tab

The IP Address tab is shown in +Figure 3.22.

+ +Figure 3.22: Microsoft TCP/IP Properties for Windows NT

Figure 3.22

Select the "Specify an IP address" radio button and enter the computer's address and subnet mask in the space provided for the proper adapter (Ethernet card). You or your network manager should have selected an address for the client on the same subnet (LAN) as the Samba server. For example, if the server's address is 192.168.236.86 and its network mask 255.255.255.0, you might use the address 192.168.236.10, if it is available, for the NT workstation, along with the same netmask. If you use DHCP on your network, select the "Obtain an IP Address from a DHCP server" button.

+If you don't have an IP address to use, and you are on a network by yourself, steal ours, as the 192.168. +x.x subnet is specifically reserved by the Internic for LANs. If you're not by yourself, see your system administrator for some available addresses on your network.

+The gateway field refers to a machine typically known as a +router. If you have routers connecting multiple networks, you should put in the IP address of the one on your subnet.

+

+ +3.2.2.2 DNS tab

Next we go to the tab for DNS, as shown in +Figure 3.23. This brings up the DNS panel.

+ +Figure 3.23: The DNS panel

Figure 3.23

+The Domain Name System (DNS) is responsible for translating human-readable computer names such as +atrish.example.com into IP addresses such as 192.168.236.10. There are two ways to accomplish this on a NT machine. First, you can specify a DNS server to do the translation for you, or you can keep a local list of name/address pairs for your workstation to refer to.

+For a LAN that's not on the Internet, the list of possible hosts is typically small and well known, and may be kept in a file locally. Networks that are connected to the Internet typically use DNS service since it isn't possible to guess ahead of time what addresses you might be accessing out on the net. If you are in doubt as to whether a DNS server is being used, or what its address might be, look at the file +/etc/resolv.conf on your Samba server: any machine using DNS will have this file. It looks like the following:

+#resolv.conf 
+domain example.com 
+nameserver 127.0.0.1 
+nameserver 192.168.236.20

+In this example, the first nameserver in the list is 127.0.0.1, which indicates that the Samba server is also a DNS server for this LAN.[3] In that case, you would use its network IP address (not 127.0.0.1, its localhost address) when filling in the DNS Configuration dialog box. Otherwise, use the other addresses you find in the lines beginning with +nameserver. Try to select ones on your own network. Any name servers listed in +/etc/resolv.conf should work, but you'll get better performance by using a server nearby.

+
+

+[3] The address 127.0.0.1 is known as the +localhost address, and always refers to itself. For example, if you type +ping 127.0.0.1 on a Unix server, you should always get a response, as you're pinging the host itself.

+Finally, enter the machine name once more, making sure that it's the same one listed in the Identification tab of the Network dialog box (before the NetBIOS name). Also, enter the DNS domain on which this machine resides. For example, if your workstation has a domain name such as +example.com, enter it here. You can safely ignore the other options.

+

+ +3.2.2.3 WINS Address tab

If you are not using a DNS server, you still need a way of translating NetBIOS names to addresses and back again. We recommend that you configure both DNS and WINS; NT has a preference for WINS and WINS can use DNS as a fallback if it cannot resolve any machine address. The WINS Address tab is shown in +Figure 3.24.

+ +Figure 3.24: The WINS Address tab

Figure 3.24

+If you have a WINS server, enter its address in the space marked Primary WINS Server. If your Samba server is providing WINS service (in other words, you have the line +wins +service += +yes in the +smb.conf file of your Samba server), provide the Samba server's IP address here. Otherwise, provide the address of another WINS server on your network.

+You probably noticed that there is a field here for the adaptor; this field must specify the Ethernet adaptor that you're running TCP/IP on so that WINS will provide name service on the correct network. If you have both a LAN and a dialup adaptor, make sure you have the LAN's adaptor here.

+Finally, select the "Enable DNS for Windows Resolution" checkbox, so WINS will try DNS as a fallback if it can't find a name. You can safely ignore the other options.

+

+ +3.2.2.4 Hosts files

If you don't have either DNS or WINS, and you don't wish to use broadcast name resolution, you'll need to provide a table of IP addresses and hosts names, in standard Unix +/etc/hosts format. We recommend against this because maintenance of this file on any dynamic network is troublesome, but we will explain it just the same. The Windows host file should appear in the +\WINDOWS\HOSTS directory of whatever local drive Windows is installed on. A sample follows:

+127.0.0.1        localhost
+192.168.236.1    escrime    escrime.example.com 
+192.168.236.2    riposte    riposte.example.com 
+192.168.236.3    wizzin     wizzin.example.com 
+192.168.236.4    touche     touche.example.com 
+192.168.236.5    gurgi      gurgi.example.com 
+192.168.236.6    jessiac    jessiac.example.com 
+192.168.236.7    skyline    skyline.example.com

+If you wish, you can copy the contents directly from the Samba server's + /etc/hosts. The format is identical. This file will then serve the same purpose as the hosts file on the Unix server. Again, +hosts files on Windows should only be used as a last resort.

+

+ +3.2.2.5 Bindings

+The term +bindings is a way of saying "connected together at configuration time." It means that the TCP/IP protocol will channel through the Ethernet card (instead of, say, a dialup connection), and is actually connected properly. If you return to the Network dialog box and set the Show field to "all services" and click on all the + buttons in the tree, you should see a display similar to +Figure 3.25.

+ +Figure 3.25: Service bindings

Figure 3.25

+This means that the Workstation, Server, and NetBIOS interface services are connected to the WINS client. This is the correct binding for Microsoft TCP/IP.

+

+ +3.2.3 Connecting to the Samba Server

You can safely leave the default values for the remainder of the tabs in the Network dialog box. Click on the OK button to complete the configuration. Once the proper files are loaded (if any), you will need to reboot in order for your changes to take effect.

+Now for the big moment. Your Samba server is running and you have set up your NT client to communicate with it. After the machine reboots, login and double-click the Network Neighborhood icon on the desktop, and you should see your Samba server listed as a member of the workgroup, as shown in +Figure 3.26.

+ +Figure 3.26: Windows NT Network Neighborhood

Figure 3.26

Double-clicking the server name will show the resources that the server is offering to the network, as shown in +Figure 3.27. In this case, the test and the default printer are offered to the Window NT workstation. For more information, see the warning under the "Accessing the Samba Server" section, earlier in this chapter.

+ +Figure 3.27: Server's shares

Figure 3.27
+

+ +WARNING: If you are presented with a dialog requesting the password for a user +IPC$, then Samba did not accept the password that was sent from the client. In this case, the username and the password that were created on the client side +must match the username/password combination on the Samba server. If you are using Windows 98 or Windows NT Service Pack 3 or above, this is probably because the client is sending encrypted passwords instead of plaintext passwords. You can remedy this situation by performing two steps on the Samba server. First, add the following entry to the +[global] section of your Samba configuration file: +encrypt password=yes. Second, find the +smbpasswd program on the samba server (it is located in +/usr/local/samba/bin by default) and use it to add an entry to Samba's encrypted password database. For example, to add user +steve to Samba's encrypted password database, type + +smbpasswd -a steve. The first time you enter this password, the program will output an error message indicating that the password database does not exist; it will then create the database, which is typically stored in +/usr/local/samba/private/smbpasswd.

+If you don't see the server listed, don't panic. Start the Windows NT Explorer (not Internet Explorer!) and select Map Network Drive from the Tools menu. A dialog box appears that allows you to type the name of your server and its share directory in Windows format. For example, you would enter +\\server\temp if your server happened to be named "server." If things still aren't right, go directly to the section "The Fault Tree" in Chapter 9, to see if you can troubleshoot what is wrong with the network.

+If it works, congratulations! Try writing to the server and sending data to the network printer. You will be pleasantly surprised how seamlessly everything works! Now that you've finished setting up the Samba server and its clients, we can starting talking about how Samba works and how to configure it to your liking.

+
+
+
+ + +
+ +Previous: 3.1 Setting Up Windows 95/98 Computers + + + +Next: 3.3 An Introduction to SMB/CIFS
+3.1 Setting Up Windows 95/98 Computers + +Book Index +3.3 An Introduction to SMB/CIFS
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch03_03.html b/docs/htmldocs/using_samba/ch03_03.html new file mode 100644 index 00000000000..d3efd007aa6 --- /dev/null +++ b/docs/htmldocs/using_samba/ch03_03.html @@ -0,0 +1,579 @@ + + + +[Chapter 3] 3.3 An Introduction to SMB/CIFS + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 3.2 Setting Up Windows NT 4.0 Computers + + + +Chapter 3
+Configuring Windows Clients		 + +Next: 4. Disk Shares
 
+ +
+
+

+ +3.3 An Introduction to SMB/CIFS

We'll wrap up this chapter with a short tutorial on SMB/CIFS. SMB/CIFS is the protocol that Windows 95/98 and NT machines use to communicate with the Samba server and each other. At a high level, the SMB protocol suite is relatively simple. It includes commands for all of the file and print operations that you might do on a local disk or printer, such as:

    +
  • +

    + + Opening and closing a file

  • +

    + + Creating and deleting files and directories

  • +

    + + Reading and writing a file

  • +

    + + Searching for files

  • +

    + + Queueing and dequeueing files to a print spool

+Each of these operations can be encoded into an SMB message and transmitted to and from a server. The original name SMB comes from their data format: these are versions of the standard DOS system-call data structures, or +Server Message Blocks, redesigned for transmitting to another machine across a network.

+

+ +3.3.1 SMB Format

Richard Sharpe of the Samba team defines SMB as a "request-response" protocol.[4] In effect, this means that a client sends an SMB request to a server, and the server sends an SMB response back to the client. Rarely does a server send a message that is not in response to a client.

+
+

+[4] See +http://anu.samba.org/cifs/docs/what-is-smb.html for Richard's excellent summary of SMB.

+An SMB message is not as complex as you might think. Let's take a closer look at the internal structure of such a message. It can be broken down into two parts: the +header, which is a fixed size, and the +command string, whose size can vary dramatically based on the contents of the message.

+

+ +3.3.1.1 SMB header format

+ +Table 3.1 shows the format of an SMB header. SMB commands are not required to use all the fields in the SMB header. For example, when a client first attempts to connect to a server, it does not yet have a tree identifier (TID) value - one is assigned after it successfully connects - so a null TID (0xFFFF) is placed in its header field. Other fields may be padded with zeros when not used.

+The fields of the SMB header are listed in +Table 3.1.


+ + + + + + + + + + + + + + + +
+ +Table 3.1: SMB Header Fields
+

+Field

 +

+Size (bytes)

 +

+Description

+

+ +0xFF 'SMB'

 +

+ +1

 +

Protocol identifier

+

+ +COM

 +

+ +1

 +

+Command code, from 0x00 to 0xFF

+

+ +RCLS

 +

+ +1

 +

+Error class

+

+ +REH

 +

+ +1

 +

+Reserved

+

+ +ERR

 +

+ +2

 +

+Error code

+

+ +REB

 +

+ +1

 +

+Reserved

+

+ +RES

 +

+ +14

 +

+Reserved

+

+ +TID

 +

+ +2

 +

+Tree identifier; a unique ID for a resource in use by client

+

+ +PID

 +

+ +2

 +

+Caller process ID

+

+ +UID

 +

+ +2

 +

+User identifier

+

+ +MID

 +

+ +2

 +

+Multiplex identifier; used to route requests inside a process

+

+ +3.3.1.2 SMB command format

+ +Immediately after the header is a variable number of bytes that constitute an SMB command or reply. Each command, such as Open File (COM field identifier: SMBopen) or Get Print Queue (SMBsplretq), has its own set of parameters and data. Like the SMB header fields, not all of the command fields need to be filled, depending on the specific command. For example, the Get Server Attributes (SMBdskattr) command sets the WCT and BCC fields to zero. The fields of the command segment are shown in +Table 3.2.


+ + + + + + + + +
+ +Table 3.2: SMB Command Contents
+

+Field

 +

+Size in Bytes

 +

+Description

+

+ +WCT

 +

+ +1

 +

+ +Word count

+

+ +VWV

 +

+Variable

 +

+Parameter words (size given by WCT)

+

+ +BCC

 +

+ +2

 +

+Parameter byte count

+

+ +DATA

 +

+Variable

 +

+Data (size given by BCC)

+Don't worry if you don't understand each of these fields; they are not necessary for using Samba at an administrator level. However, they do come in handy when debugging system messages. We will show you some of the more common SMB messages that clients and servers send using a modified version of +tcpdump later in this section. (If you would like an SMB sniffer with a graphical interface, try "ethereal," which uses the GTK libraries; see the Samba homepage for more information on this tool.)

+If you would like more information on each of the commands for the SMB protocol, see the SMB/CIFS documentation at ftp://ftp.microsoft.com/developr/drg/CIFS/.

+

+ +3.3.1.3 SMB variations

+The SMB protocol has been extended with new commands several times since its inception. Each new version is backwards compatible with the previous versions. This makes it quite possible for a LAN to have various clients and servers running different versions of the SMB protocol at once.

+ +Table 3.3 outlines the major versions of the SMB protocol. Within each "dialect" of SMB are many sub-versions that include commands supporting particular releases of major operating systems. The ID string is used by clients and servers to determine what level of the protocol they will speak to each other.


+ + + + + + + + + + + + +
+ +Table 3.3: SMB Protocol Dialects
+

+Protocol Name

 +

+ID String

 +

+Used By

+

+Core

 +

+ +PC NETWORK PROGRAM 1.0

 +

+

+

+Core Plus

+

+ +MICROSOFT NETWORKS 1.03

+

+

+

+LAN Manager 1.0

+

+ +LANMAN1.0

 +

+

+

+LAN Manager 2.0

+

+ +LM1.2X002

 +

+

+

+LAN Manager 2.1

+

+ +LANMAN2.1

 +

+

+

+NT LAN Manager 1.0

 +

+ +NT LM 0.12

 +

+Windows NT 4.0

+

+Samba's NT LM 0.12

 +

+ +Samba

 +

+Samba

+

+Common Internet File System

 +

+ +CIFS 1.0

 +

+Windows 2000

+Samba implements the +NT +LM +0.12 specification for NT LAN Manager 1.0. It is backwards compatible with all of the other SMB variants. The CIFS specification is, in reality, LAN Manager 0.12 with a few specific additions.

+

+ +3.3.2 SMB Clients and Servers

+As mentioned earlier, SMB is a client/server protocol. In the purest sense, this means that a client sends a request to a server, which acts on the request and returns a reply. However, the client/server roles can often be reversed, sometimes within the context of a single SMB session. For example, consider the two Windows 95/98 computers in +Figure 3.28. The computer named WIZZIN shares a printer to the network, and the computer named ESCRIME shares a disk directory. WIZZIN is in the client role when accessing ESCRIME's network drive, and in the server role when printing a job for ESCRIME.

+ +Figure 3.28: Two computers that both have resources to share

Figure 3.28

+This brings out an important point in Samba terminology:

    +
  • +

    + +A +server is a machine with a resource to share.

  • +

    + +A +client is a machine that wishes to use that resource.

  • +

    + +A server can be a client (of another computer's resource) at any given time.

+Note that there are no implications as to the amount of resources that make up a server, or whether it has a large disk space or fast processor. A server could be an old 486 with a printer attached to it, or it could be an UltraSparc station with a 10 gigabyte disk service.

+Microsoft Windows products have both the SMB client and server built in to the operating system. Wndows NT 4.0 uses a newer SMB protocol than Windows for Workgroups, and it offers an enhanced form of network security which will be discussed in Chapter 6. In addition, there are a large number of commercial SMB server products available from companies such as Sun, Compaq, SCO, Hewlett-Packard, Syntax, and IBM. Unfortunately, on the client side there are far fewer offerings, limited mainly to Digital Equipment's Pathworks product, and of course, Samba.

+

+ +3.3.3 A Simple SMB Connection

Before we close this chapter, let's take a look at a simple SMB connection. This is some pretty technical data - which isn't really necessary to administer Samba - so you can skip over it if you like. We present this information largely as a way to help you get familiar with how the SMB protocol negotiates connections with other computers on the network.

+There are four steps that the client and server must complete in order to establish a connection to a resource:

    +
  1. +

    + + Establish a virtual connection.

  2. +

    + + Negotiate the protocol variant to speak.

  3. +

    + + Set session parameters.

  4. +

    + + Make a tree connection to a resource.

+We will examine each of these steps through the eyes of a useful tool that we mentioned earlier: the modified +tcpdump that is available from the Samba web site.

+You can download this program at +samba.org in the +samba/ftp/tcpdump-smb directory; the latest version as of this writing is 3.4-5. Use this program as you would use the standard +tcpdump application, but add the +-s 1500 switch to ensure that you get the whole packet and not just the first few bytes.

+

+ +3.3.3.1 Establishing a virtual connection

When a user first makes a request to access a network disk or send a print job to a remote printer, NetBIOS takes care of making a connection at the session layer. The result is a bidirectional virtual channel between the client and server. In reality, there are only two messages that the client and server need to establish this connection. This is shown in the following example session request and response, as captured by +tcpdump :

+>>> NBT Packet
+NBT Session Request
+Flags=0x81000044
+Destination=ESCRIME      NameType=0x20 (Server)
+Source=WIZZIN            NameType=0x00 (Workstation)
+
+>>> NBT Packet
+NBT Session Granted
+Flags=0x82000000
+

+ +3.3.4 Negotiating the Protocol Variant

At this point, there is an open channel between the client and server. Next, the client sends a message to the server to negotiate an SMB protocol. As mentioned earlier, the client sets its tree identifier (TID) field to zero, since it does not yet know what TID to use. A +tree identifier is a number that represents a connection to a share on a server.

+The command in the message is +SMBnegprot, a request to negotiate a protocol variant that will be used for the entire session. Note that the client sends to the server a list of all of the variants that it can speak, not vice versa.

+The server responds to the +SMBnegprot request with an index into the list of variants that the client offered, starting with index 0, or with the value 0xFF if none of the protocol variants are acceptable. Continuing this example, the server responds with the value 5, which indicates that the +NT +LM +0.12 dialect will be used for the remainder of the session:

+>>> NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=154
+
+SMB PACKET: SMBnegprot (REQUEST)
+SMB Command   =  0x72
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x0
+Flags2        =  0x0
+Tree ID       =  0
+Proc ID       =  5371
+UID           =  0
+MID           =  385
+Word Count    =  0
+Dialect=PC NETWORK PROGRAM 1.0
+Dialect=MICROSOFT NETWORKS 3.0
+Dialect=DOS LM1.2X002
+Dialect=DOS LANMAN2.1
+Dialect=Windows for Workgroups 3.1a
+Dialect=NT LM 0.12
+
+>>> NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=69
+
+SMB PACKET: SMBnegprot (REPLY)
+SMB Command   =  0x72
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x0
+Flags2        =  0x1
+Tree ID       =  0
+Proc ID       =  5371
+UID           =  0
+MID           =  385
+Word Count    =  02
+[000] 05 00
+

+ +3.3.5 Set Session and Login Parameters

The next step is to transmit session and login parameters for the session. This includes the account name and password (if there is one), the workgroup name, the maximum size of data that can be transferred, and the number of pending requests that may be in the queue at any one time.

+In the following example, the Session Setup command presented allows for an additional SMB command to be piggybacked onto it. The letter X at the end of the command name indicates this, and the hexadecimal code of the second command is given in the +Com2 field. In this case the command is +0x75, which is the Tree Connect and X command. The +SMBtconX message looks for the name of the resource in the +smb_buf buffer. (This is the last field listed in the following request.) In this example, +smb_buf contains the string +\\ESCRIME\PUBLIC, which is the full pathname to a shared directory on node ESCRIME. Using the "and X" commands like this speeds up each transaction, since the server doesn't have to wait on the client to make a second request.

+Note that the TID is still zero. The server will provide a TID to the client once the session has been established and a connection has been made to the requested resource. In addition, note that the password is sent in the open. We can change this later using encrypted passwords:

+>>> NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=139
+
+SMB PACKET: SMBsesssetupX (REQUEST)
+SMB Command   =  0x73
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x10
+Flags2        =  0x0
+Tree ID       =  0
+Proc ID       =  5371
+UID           =  1
+MID           =  385
+Word Count    =  13
+Com2=0x75
+Res1=0x0
+Off2=106
+MaxBuffer=2920
+MaxMpx=2
+VcNumber=0
+SessionKey=0x1FF2
+CaseInsensitivePasswordLength=1
+CaseSensitivePasswordLength=1
+Res=0x0
+Capabilities=0x1
+Pass1&Pass2&Account&Domain&OS&LanMan=  
+  KRISTIN PARKSTR Windows 4.0 Windows 4.0
+PassLen=2
+Passwd&Path&Device=
+smb_bcc=22
+smb_buf[]=\\ESCRIME\PUBLIC
+

+ +3.3.6 Making Connection to a Resource

For the final step, the server returns a TID to the client, indicating that the user has been authorized access and that the resource is ready to be used. It also sets the +ServiceType field to "A" to indicate that this is a file service. Available service types are:

    +
  • +

    + + "A" for a disk or file

  • +

    + + "LPT1" for a spooled output

  • +

    + + "COMM" for a direct-connect printer or modem

  • +

    + + "IPC" for a named pipe

+The output is:

+>>> NBT Packet
+NBT Session Packet
+Flags=0x0
+Length=78
+
+SMB PACKET: SMBsesssetupX (REPLY)
+SMB Command   =  0x73
+Error class   =  0x0
+Error code    =  0
+Flags1        =  0x80
+Flags2        =  0x1
+Tree ID       =  121
+Proc ID       =  5371
+UID           =  1
+MID           =  385
+Word Count    =  3
+Com2=0x75
+Off2=68
+Action=0x1
+[000] Unix Samba 1.9.1
+[010] PARKSTR
+
+SMB PACKET: SMBtconX (REPLY) (CHAINED)
+smbvwv[]=
+Com2=0xFF
+Off2=78
+smbbuf[]=
+ServiceType=A:

+Now that a TID has been assigned, the client may issue any sort of command that it would use on a local disk drive. It can open files, read and write to them, delete them, create new files, search for filenames, and so on.

+
+
+
+ + +
+ +Previous: 3.2 Setting Up Windows NT 4.0 Computers + + + +Next: 4. Disk Shares
+3.2 Setting Up Windows NT 4.0 Computers + +Book Index +4. Disk Shares
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_01.html b/docs/htmldocs/using_samba/ch04_01.html new file mode 100644 index 00000000000..1cc3494d290 --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_01.html @@ -0,0 +1,415 @@ + + + +[Chapter 4] Disk Shares + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 3.3 An Introduction to SMB/CIFS + + +Chapter 4 + +Next: 4.2 Special Sections
 
+ +
+
+

+ +4. Disk Shares

+

+ +Contents:
+ +Learning the Samba Configuration File
+ +Special Sections
+ +Configuration File Options
+ +Server Configuration
+ +Disk Share Configuration
+ +Networking Options with Samba
+ +Virtual Servers
+ +Logging Configuration Options

+

In the previous three chapters, we showed you how to install Samba on a Unix server and set up Windows clients to use a simple disk share. This chapter will show you how Samba can assume more productive roles on your network.

+Samba's daemons, +smbd and +nmbd, are controlled through a single ASCII file, +smb.conf, that can contain over 200 unique options. These options define how Samba reacts to the network around it, including everything from simple permissions to encrypted connections and NT domains. The next five chapters are designed to help you get familiar with this file and its options. Some of these options you will use and change frequently; others you may never use - it all depends on how much functionality you want Samba to offer its clients.

+This chapter introduces the structure of the Samba configuration file and shows you how to use these options to create and modify disk shares. Subsequent chapters will discuss browsing, how to configure users, security, domains, and printers, and a host of other myriad topics that you can implement with Samba on your network.

+

+ + +4.1 Learning the Samba Configuration File

+ +Here is an +example of a Samba configuration file. If you have worked with a Windows .INI file, the structure of the +smb.conf file should look very familiar: 

+[global] 
+	log level = 1 
+	max log size = 1000
+	socket options = TCP_NODELAY IPTOS_LOWDELAY 
+	guest ok = no
+[homes] 
+	browseable = no
+	map archive = yes
+[printers] 
+	path = /usr/tmp
+	guest ok = yes
+	printable = yes
+	min print space = 2000
+[test]
+	browseable = yes
+	read only = yes
+	guest ok = yes
+	path = /export/samba/test

+Although you may not understand the contents yet, this is a good configuration file to grab if you're in a hurry. (If you're not, we'll create a new one from scratch shortly.) In a nutshell, this configuration file sets up basic debug logging in a default log file not to exceed 1MB, optimizes TCP/IP socket connections between the Samba server and any SMB clients, and allows Samba to create a disk share for each user that has a standard Unix account on the server. In addition, each of the printers registered on the server will be publicly available, as will a single read-only share that maps to the +/export/samba/test directory. The last part of this file is similar to the disk share you used to test Samba in Chapter 2, Installing Samba on a Unix System.

+

+ +4.1.1 Configuration File Structure

+ +Let's take another look at this configuration file, this time from a higher level:

+[global] 
+	...
+[homes] 
+	...
+[printers] 
+	...
+[test] 
+	...

+The names inside the square brackets delineate unique sections of the +smb.conf file; each section names the +share (or service) that the section refers to. For example, the +[test] and +[homes] sections are each unique disk shares; they contain options that map to specific directories on the Samba server. The +[printers] share contains options that map to various printers on the server. All the sections defined in the +smb.conf file, with the exception of the +[global] section, will be available as a disk or printer share to clients connecting to the Samba server.

+The remaining lines are individual configuration options unique to that share. These options will continue until a new bracketed section is encountered, or until the end of the file is reached. Each configuration option follows a simple format:

option = value

+Options in the +smb.conf file are set by assigning a value to them. We should warn you up front that some of the option names in Samba are poorly chosen. For example, +read +only is self-explanatory, and is typical of many recent Samba options. +public is an older option, and is vague; it now has a less-confusing synonym +guest +ok (may be accessed by guests). We describe some of the more common historical names in this chapter in sections that highlight each major task. In addition, Appendix C, Samba Configuration Option Quick Reference, contains an alphabetical index of all the configuration options and their meanings.

+

+ +4.1.1.1 Whitespaces, quotes, and commas

+An important item to remember about configuration options is that all whitespaces in the + +value are significant. For example, consider the following option:

+volume = The Big Bad Hard Drive Number 3543

+Samba strips away the spaces between the final +e in +volume and the first +T in +The. These whitespaces are insignificant. The rest of the whitespaces are significant and will be recognized and preserved by Samba when reading in the file. Space is not significant in option names (such as +guest +ok), but we recommend you follow convention and keep spaces between the words of options.

+If you feel safer including quotation marks at the beginning and ending of a configuration option's value, you may do so. Samba will ignore these quotation marks when it encounters them. Never use quotation marks around an option itself; Samba will treat this as an error.

+Finally, you can use whitespaces to separate a series of values in a list, or you can use commas. These two options are equivalent:

+netbios aliases = sales, accounting, payroll
+netbios aliases = sales accounting payroll

+In some values, however, you must use one form of separation - spaces in some cases, commas in others.

+

+ +4.1.1.2 Capitalization

Capitalization is not important in the Samba configuration file except in locations where it would confuse the underlying operating system. For example, let's assume that you included the following option in a share that pointed to +/export/samba/simple :

+PATH = /EXPORT/SAMBA/SIMPLE

+Samba would have no problem with the +path configuration option appearing entirely in capital letters. However, when it tries to connect to the given directory, it would be unsuccessful because the Unix filesystem in the underlying operating system +is case sensitive. Consequently, the path listed would not be found and clients would be unable to connect to the share.

+

+ +4.1.1.3 Line continuation

+You can continue a line in the Samba configuration file using the backslash, as follows:

+comment = The first share that has the primary copies \
+          of the new Teamworks software product.

+Because of the backslash, these two lines will be treated as one line by Samba. The second line begins at the first non-whitespace character that Samba encounters; in this case, the +o in +of.

+

+ +4.1.1.4 Comments

+You can insert comments in the +smb.conf configuration file by preceding a line with either a hash mark (#) or a semicolon (;). Both characters are equivalent. For example, the first three lines in the following example would be considered comments:

+#  This is the printers section. We have given a minimum print 
+;  space of 2000 to prevent some errors that we've seen when
+;  the spooler runs out of space.
+
+[printers] 
+	public = yes
+	min print space = 2000

+Samba will ignore all comment lines in its configuration file; there are no limitations to what can be placed on a comment line after the initial hash mark or semicolon. Note that the line continuation character (\) will +not be honored on a commented line. Like the rest of the line, it is ignored.

+

+ +4.1.1.5 Changes at runtime

You can modify the +smb.conf configuration file and any of its options at any time while the Samba daemons are running. By default, Samba checks the configuration file every 60 seconds for changes. If it finds any, the changes are immediately put into effect. If you don't wish to wait that long, you can force a reload by either sending a SIGHUP signal to the +smbd and +nmbd processes, or simply restarting the daemons.

+For example, if the +smbd process was 893, you could force it to reread the configuration file with the following command:

+# kill -SIGHUP 893

+Not all changes will be immediately recognized by clients. For example, changes to a share that is currently in use will not be registered until the client disconnects and reconnects to that share. In addition, server-specific parameters such as the workgroup or NetBIOS name of the server will not register immediately either. This keeps active clients from being suddenly disconnected or encountering unexpected access problems while a session is open. +

+

+ +4.1.2 Variables

+ +Samba includes a complete set of variables for determining characteristics of the Samba server and the clients to which it connects. Each of these variables begins with a percent sign, followed by a single uppercase or lowercase letter, and can be used only on the right side of a configuration option (e.g., after the equal sign):

+[pub]
+    path = /home/ftp/pub/%a

+The +%a stands for the client machine's architecture (e.g., +WinNT for Windows NT, +Win95 for Windows 95 or 98, or +WfWg for Windows for Workgroups). Because of this, Samba will assign a unique path for the +[pub] share to client machines running Windows NT, a different path for client machines running Windows 95, and another path for Windows for Workgroups. In other words, the paths that each client would see as its share differ according to the client's architecture, as follows:

+/home/ftp/pub/WinNT
+/home/ftp/pub/Win95
+/home/ftp/pub/WfWg

+Using variables in this manner comes in handy if you wish to have different users run custom configurations based on their own unique characteristics or conditions. Samba has 19 variables, as shown in +Table 4.1.


+ + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Table 4.1: Samba Variables
+

+Variable

 +

+Definition

+

+Client variables

+

+ +%a

 +

+ +Client's architecture (e.g., Samba, WfWg, WinNT, Win95, or UNKNOWN)

+

+ +%I

 +

+Client's IP address (e.g., 192.168.220.100)

+

+%m

 +

+Client's NetBIOS name

+

+ +%M

 +

+Client's DNS name

+

+User variables

+

+ +%g

 +

+Primary group of +%u

+

+ +%G

 +

+Primary group of +%U

+

+ +%H

 +

+Home directory of +%u

+

+ +%u

 +

+Current Unix username

+

+ +%U

 +

+Requested client username (not always used by Samba)

+

+ +Share variables

+

+ +%p

 +

+Automounter's path to the share's root directory, if different from +%P

+

+ +%P

 +

+Current share's root directory

+

+ +%S

 +

+Current share's name

+

+ +Server variables

+

+ +%d

 +

+Current server process ID

+

+ +%h

 +

+Samba server's DNS hostname

+

+ +%L

 +

+Samba server's NetBIOS name

+

+ +%N

 +

+Home directory server, from the automount map

+

+ +%v

 +

+Samba version

+

+ +Miscellaneous variables

+

+ +%R

 +

+The SMB protocol level that was negotiated

+

+ +%T

 +

+The current date and time

Here's another example of using variables: let's say that there are five clients on your network, but one client, +fred, requires a slightly different +[homes] configuration loaded when it connects to the Samba server. With Samba, it's simple to attack such a problem: 

+[homes] 
+	...
+	include = /usr/local/samba/lib/smb.conf.%m
+	...

+The +include option here causes a separate configuration file for each particular NetBIOS machine (%m) to be read in addition to the current file. If the hostname of the client machine is +fred, and if a +smb.conf.fred file exists in the + +samba_dir +/lib/ directory (or whatever directory you've specified for your configuration files), Samba will insert that configuration file into the default one. If any configuration options are restated in +smb.conf.fred, those values will override any options previously encountered in that share. Note that we say "previously." If any options are restated in the main configuration file after the +include option, Samba will honor those restated values for the share in which they are defined.

+Here's the important part: if there is no such file, Samba will not generate an error. In fact, it won't do anything at all. This allows you to create only one extra configuration file for +fred when using this strategy, instead of one for each NetBIOS machine that is on the network.

+Machine-specific configuration files can be used both to customize particular clients and to make debugging Samba easier. Consider the latter; if we have one client with a problem, we can use this approach to give it a private log file with a more verbose logging level. This allows us to see what Samba is doing without slowing down all the other clients or overflowing the disk with useless logs. Remember, with large networks you may not always have the option to restart the Samba server to perform debugging!

+You can use each of the variables in +Table 4.1 to give custom values to a variety of Samba options. We will highlight several of these options as we move through the next few chapters. +

+
+
+
+ + +
+ +Previous: 3.3 An Introduction to SMB/CIFS + + + +Next: 4.2 Special Sections
+3.3 An Introduction to SMB/CIFS + +Book Index +4.2 Special Sections
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_02.html b/docs/htmldocs/using_samba/ch04_02.html new file mode 100644 index 00000000000..d0b554e941a --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_02.html @@ -0,0 +1,211 @@ + + + +[Chapter 4] 4.2 Special Sections + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.1 Learning the Samba Configuration File + + + +Chapter 4
+Disk Shares 		+ +Next: 4.3 Configuration File Options
 
+ +
+
+

+ +4.2 Special Sections

+ +Now that we've gotten our feet wet with variables, there are a few special sections of the Samba configuration file that we should talk about. Again, don't worry if you do not understand each and every configuration options listed below; we'll go over each of them over the course of the upcoming chapters.

+

+ +4.2.1 The [ globals] Section

+The +[globals] section appears in virtually every Samba configuration file, even though it is not mandatory to define one. Any option set in this section of the file will apply to all the other shares, as if the contents of the section were copied into the share itself. There is one catch: other sections can list the same option in their section with a new value; this has the effect of overriding the value specified in the +[globals] section.

+To illustrate this, let's again look at the opening example of the chapter:

+[global] 
+	log level = 1 
+	max log size = 1000
+	socket options = TCP_NODELAY IPTOS_LOWDELAY 
+	guest ok = no
+[homes] 
+	browseable = no
+	map archive = yes
+[printers] 
+	path = /usr/tmp
+	guest ok = yes
+	printable = yes
+	min print space = 2000
+[test] 
+	browseable = yes
+	read only = yes
+	guest ok = yes
+	path = /export/samba/test

+In the previous example, if we were going to connect a client to the +[test] share, Samba would first read in the +[globals] section. At that point, it would set the option +guest +ok += +no as the global default for each share it encounters throughout the configuration file. This includes the +[homes] and +[printers] shares. When it reads in the +[test] share, however, it would then find the configuration option +guest +ok += +yes, and override the default from the +[globals] section with the value +yes in the context of the +[pub] share.

+Any option that appears outside of a section (before the first marked section) is also assumed to be a global option.

+

+ +4.2.2 The [homes] Section

+If a client attempts to connect to a share that doesn't appear in the +smb.conf file, Samba will search for a +[homes] share in the configuration file. If one exists, the unidentified share name is assumed to be a Unix username, which is queried in the password database of the Samba server. If that username appears, Samba assumes the client is a Unix user trying to connect to his or her home directory on the server.

+For example, assume a client machine is connecting to the Samba server +hydra for the first time, and tries to connect to a share named [alice]. There is no +[alice] share defined in the +smb.conf file, but there is a +[homes], so Samba searches the password database file and finds an alice user account is present on the system. Samba then checks the password provided by the client against user alice's Unix password - either with the password database file if it's using non-encrypted passwords, or Samba's +smbpasswd file if encrypted passwords are in use. If the passwords match, then Samba knows it has guessed right: the user alice is trying to connect to her home directory. Samba will then create a share called [alice] for her.

+The process of using the +[homes] section to create users (and dealing with their passwords) is discussed in more detail in the Chapter 6, Users, Security, and Domains.

+

+ +4.2.3 The [printers] Section

+The third special section is called +[printers] and is similar to +[homes]. If a client attempts to connect to a share that isn't in the +smb.conf file, and its name can't be found in the password file, Samba will check to see if it is a printer share. Samba does this by reading the printer capabilities file (usually +/etc/printcap) to see if the share name appears there.[1] If it does, Samba creates a share named after the printer.

+
+

+[1] Depending on your system, this file may not be +/etc/printcap. You can use the +testparm command that comes with Samba to determine the value of the +printcap +name configuration option; this was the default value chosen when Samba was compiled.

+Like +[homes], this means you don't have to maintain a share for each of your system printers in the +smb.conf file. Instead, Samba honors the Unix printer registry if you request it to, and provides the registered printers to the client machines. There is, however, an obvious limitation: if you have an account named +fred and a printer named +fred, Samba will always find the user account first, even if the client really needed to connect to the printer.

+The process of setting up the +[printers] share is discussed in more detail in Chapter 7, Printing and Name Resolution. +

+

+ +4.2.4 Configuration Options

+ +Options in the Samba configuration files fall into one of two categories: +global or +share. Each category dictates where an option can appear in the configuration file.

+
+Global
+

Global options +must appear in the +[global] section and nowhere else. These are options that typically apply to the behavior of the Samba server itself, and not to any of its shares.

+Share
+

Share options can appear in specific shares, or they can appear in the +[global] section. If they appear in the +[global] section, they will define a default behavior for all shares, unless a share overrides the option with a value of its own.

+In addition, the values that a configuration option can take can be divided into four categories. They are as follows:

+
+Boolean
+

These are simply yes or no values, but can be represented by any of the following: +yes, +no, +true, +false, +0, +1. The values are case insensitive: +YES is the same as +yes.

+Numerical
+

An integer, hexidecimal, or octal number. The standard +0x +nn syntax is used for hexadecimal and +0 +nnn for octal.

+String
+

+A string of case-sensitive characters, such as a filename or a username.

+Enumerated list
+

+A finite list of known values. In effect, a boolean is an enumerated list with only two values. +

+
+
+
+ + +
+ +Previous: 4.1 Learning the Samba Configuration File + + + +Next: 4.3 Configuration File Options
+4.1 Learning the Samba Configuration File + +Book Index +4.3 Configuration File Options
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_03.html b/docs/htmldocs/using_samba/ch04_03.html new file mode 100644 index 00000000000..3e5ae738659 --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_03.html @@ -0,0 +1,190 @@ + + + +[Chapter 4] 4.3 Configuration File Options + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.2 Special Sections + + + +Chapter 4
+Disk Shares 		+ +Next: 4.4 Server Configuration
 
+ +
+
+

+ +4.3 Configuration File Options

+Samba has well over 200 configuration options at its disposal. So let's start off easy by introducing some of the options you can use to modify the configuration file itself.

+As we hinted earlier in the chapter, configuration files are by no means static. You can instruct Samba to include or even replace configuration options as it is processing them. The options to do this are summarized in +Table 4.2.


+ + + + + + + +
+ +Table 4.2: Configuration File Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +config file

 +

+string (fully-qualified name)

 +

+Sets the location of a configuration file to use instead of the current one.

 +

+None

 +

+Global

+

+ +include

 +

+string (fully-qualified name)

 +

+Specifies an additional segment of configuration options to be included at this point in the configuration file.

 +

+None

 +

+Global

+

+ +copy

 +

+string (name of share)

 +

+Allows you to clone the configuration options of another share in the current share.

 +

+None

 +

+Share

+

+ +4.3.1 config file

+The global +config +file option specifies a replacement configuration file that will be loaded when the option is encountered. If the target file exists, the remainder of the current configuration file, as well as the options encounter so far, will be discarded; Samba will configure itself entirely with the options in the new file. The +config +file option takes advantage of the variables above, which is useful in the event that you want load a special configuration file based on the machine name or user of the client that it connecting.

+For example, the following line instructs Samba to use a configuration file specified by the NetBIOS name of the client connecting, if such a file exists. If it does, options specified in the original configuration file are ignored. The following example attempts to lead a new configuration file based on the client's NetBIOS name: 

+[global]
+	config file = /usr/local/samba/lib/smb.conf.%m

+If the configuration file specified does not exist, the option is ignored and Samba will continue to configure itself based on the current file.

+

+ +4.3.2 include

+This option, discussed in greater detail earlier, copies the target file into the current configuration file at the point specified, as shown in +Figure 4.1. This option also takes advantage of the variables specified earlier in the chapter, which is useful in the event that you want load configuration options based on the machine name or user of the client that it connecting. You can use this option as follows:

+[global]
+	include = /usr/local/samba/lib/smb.conf.%m

+If the configuration file specified does not exist, the option is ignored. Remember that any option specified previously is overridden. In +Figure 4.1, all three options will override their previous values.

+ +Figure 4.1: The include option in a Samba configuration file

Figure 4.1

+The +include option cannot understand the variables +%u (user), +%p (current share's rout directory), or +%s (current share) because they are not set at the time the file is read.

+

+ +4.3.3 copy

+The +copy configuration option allows you to clone the configuration options of the share name that you specify in the current share. The target share must appear earlier in the configuration file than the share that is performing the copy. For example:

+[template]
+	writable = yes
+	browsable = yes
+	valid users = andy, dave, peter
+
+[data]
+	path = /usr/local/samba
+	copy = template

+Note that any options in the share that invoked the +copy directive will override those in the cloned share; it does not matter whether they appear before or after the +copy + directive. +

+
+
+
+ + +
+ +Previous: 4.2 Special Sections + + + +Next: 4.4 Server Configuration
+4.2 Special Sections + +Book Index +4.4 Server Configuration
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_04.html b/docs/htmldocs/using_samba/ch04_04.html new file mode 100644 index 00000000000..5eac6db9e5d --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_04.html @@ -0,0 +1,214 @@ + + + +[Chapter 4] 4.4 Server Configuration + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.3 Configuration File Options + + + +Chapter 4
+Disk Shares 		+ +Next: 4.5 Disk Share Configuration
 
+ +
+
+

+ +4.4 Server Configuration

Now it's time to begin configuring your Samba server. Let's introduce three basic configuration options that can appear in the +[global] section of your +smb.conf file:

+[global]
+	#  Server configuration parameters
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE

+This configuration file is pretty simple; it advertises the Samba server on a NBT network under the NetBIOS name +hydra. In addition, the machine belongs to the workgroup SIMPLE and displays a description to clients that includes the Samba version number as well as the NetBIOS name of the Samba server.

+If you had to enter +encrypt passwords=yes in your earlier configuration file, you should do so here as well.

+Go ahead and try this configuration file. Create a file named +smb.conf under the +/usr/local/samba/lib directory with the text listed above. Then reset the Samba server and use a Windows client to verify the results. Be sure that your Windows clients are in the SIMPLE workgroup as well. After clicking on the Network Neighborhood on a Windows client, you should see a window similar to +Figure 4.2. (In this figure, +phoenix and +chimaera are our Windows clients.)

+ +Figure 4.2: Network Neighborhood showing the Samba server

Figure 4.2

+You can verify the +server +string by listing the details of the Network Neighborhood window (select the Details menu item under the View menu), at which point you should see a window similar to +Figure 4.3.

+ +Figure 4.3: Network Neighborhood details listing

Figure 4.3

+If you were to click on the Hydra icon, a window should appear that shows the services that it provides. In this case, the window would be completely empty because there are no shares on the server yet.

+

+ +4.4.1 Server Configuration Options

+Table 4.3 summarizes the server configuration options introduced previously. Note that all three of these options are global in scope; in other words, they must appear in the +[global] section of the configuration file.


+ + + + + + + +
+ +Table 4.3: Server Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +netbios name

 +

+string

 +

+Sets the primary NetBIOS name of the Samba server.

 +

+Server DNS hostname

 +

+Global

+

+ +server string

 +

+string

 +

+Sets a descriptive string for the Samba server.

 +

+ +Samba %v

 +

+Global

+

+ +workgroup

 +

+string

 +

+Sets the NetBIOS group of machines that the server belongs to.

 +

+Defined at compile time

 +

+Global

+

+ +4.4.1.1 netbios name

+The +netbios +name option allows you to set the NetBIOS name of the server. For example:

+netbios name = YORKVM1

+The default value for this configuration option is the server's hostname; that is, the first part of its complete DNS machine name. For example, a machine with the DNS name +ruby.ora.com would be given the NetBIOS name +RUBY by default. While you can use this option to restate the machine's NetBIOS name in the configuration file (as we did previously), it is more commonly used to assign the Samba server a NetBIOS name other than its current DNS name. Remember that the name given must follow the rules for valid NetBIOS machine names as outlines in Chapter 1, Learning the Samba.

+Changing the NetBIOS name of the server is not recommended unless you have a good reason. One such reason might be if the hostname of the machine is not unique because the LAN is divided over two or more DNS domains. For example, YORKVM1 is a good NetBIOS candidate for vm1.york.example.com to differentiate it from +vm1.falkirk.example.com, which has the same hostname but resides in a different DNS domain.

+Another use of this option is for relocating SMB services from a dead or retired machine. For example, if +SALES is the SMB server for the department, and it suddenly dies, you could immediately reset +netbios +name += +SALES on a backup Samba machine that's taking over for it. Users won't have to change their drive mappings to a different machine; new connections to +SALES will simply go to the new machine.

+

+ +4.4.1.2 server string

+The +server +string parameter defines a comment string that will appear next to the server name in both the Network Neighborhood (when shown with the Details menu) and the comment entry of the Microsoft Windows print manager. You can use the standard variables to provide information in the description. For example, our entry earlier was:

+[global]
+	server string = Samba %v on (%h)

+The default for this option simply presents the current version of Samba and is equivalent to:

+server string = Samba %v
+

+ +4.4.1.3 workgroup

+The +workgroup parameter sets the current workgroup where the Samba server will advertise itself. Clients that wish to access shares on the Samba server should be on the same NetBIOS workgroup. Remember that workgroups are really just NetBIOS group names, and must follow the standard NetBIOS naming conventions outlined in Chapter 1. For example:

+[global]
+	workgroup = SIMPLE

+The default option for this parameter is set at compile time. If the entry is not changed in the makefile, it will be +WORKGROUP. Because this tends to be the workgroup name of every unconfigured NetBIOS network, we recommend that you always set your workgroup name in the Samba configuration file.[2]

+
+

+[2] We should also mention that it is an inherently bad idea to have a workgroup that shares the same name as a server.

+
+
+
+ + +
+ +Previous: 4.3 Configuration File Options + + + +Next: 4.5 Disk Share Configuration
+4.3 Configuration File Options + +Book Index +4.5 Disk Share Configuration
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_05.html b/docs/htmldocs/using_samba/ch04_05.html new file mode 100644 index 00000000000..ecb8acfebf4 --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_05.html @@ -0,0 +1,309 @@ + + + +[Chapter 4] 4.5 Disk Share Configuration + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.4 Server Configuration + + + +Chapter 4
+Disk Shares 		+ +Next: 4.6 Networking Options with Samba
 
+ +
+
+

+ +4.5 Disk Share Configuration

We mentioned in the previous section that there were no disk shares on the +hydra server. Let's continue with the configuration file and create an empty disk share called [data]. Here are the additions that will do it:

+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE
+
+[data]
+	path = /export/samba/data
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes
+	guest ok = yes

+The +[data] share is typical for a Samba disk share. The share maps to a directory on the Samba server: +/export/samba/data. We've also provided a comment that describes the share as a +Data +Drive, as well as a volume name for the share itself.

+The share is set to writeable so that users can write data to it; the default with Samba is to create a read-only share. As a result, this option needs to be explicitly set for each disk share you wish to make writeable.

+You may have noticed that we set the +guest +ok parameter to +yes. While this isn't very security-conscious, there are some password issues that we need to understand before setting up individual users and authentication. For the moment, this will sidestep those issues and let anyone connect to the share.

+Go ahead and make these additions to your configuration file. In addition, create the +/export/samba/data directory as root on your Samba machine with the following commands:

# mkdir /export/samba/data
+# chmod 777 /export/samba/data

+Now, if you connect to the +hydra server again (you can do this by clicking on its icon in the Windows Network Neighborhood), you should see a single share listed entitled +data, as shown in +Figure 4.4. This share should also have read/write access to it. Try creating or copying a file into the share. Or, if you're really feeling adventurous, you can even try mapping a network drive to it!

+ +Figure 4.4: The initial data share on the Samba server

Figure 4.4
+

+ +4.5.1 Disk Share Configuration Options

The basic Samba configuration options for disk shares previously introduced are listed in +Table 4.4.


+ + + + + + + + + + +
+ +Table 4.4: Basic Share Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +path (directory)

 +

+string (fully-qualified pathname)

 +

+Sets the Unix directory that will be provided for a disk share or used for spooling by a printer share

 +

+ +/tmp

 +

+Share

+

+ +guest ok (public)

 +

+boolean

 +

+If set to +yes, authentication is not needed to access this share

 +

+ +no

 +

+Share

+

+ +comment

 +

+string

 +

+Sets the comment that appears with the share

 +

+None

 +

+Share

+

+ +volume

 +

+string

 +

+Sets the volume name: the DOS name of the physical drive

 +

+Share name

 +

+Share

+

+ +read only

 +

+boolean

 +

+If +yes, allows read only access to a share.

 +

+ +yes

 +

+Share

+

+ +writeable (write ok)

 +

+boolean

 +

+If +no, allows read only access to a share.

 +

+ +no

 +

+Share

+

+ +4.5.1.1 path

This option, which has the synonym +directory, indicates the pathname at the root of the file or printing share. You can choose any path on the Samba server, so long as the owner of the Samba process that is connecting has read and write access to that directory. If the path is for a printing share, it should point to a temporary directory where files can be written on the server before being spooled to the target printer (/tmp and +/var/spool are popular choices). If this path is for a disk share, the contents of the folder representing the share name on the client will match the content of the directory on the Samba server. For example, if we have the following disk share listed in our configuration file:

+[network]
+	path = /export/samba/network
+	writable = yes
+
+	guest ok = yes

+And the contents of the directory +/usr/local/network on the Unix side are:

$ ls -al /export/samba/network
+
+drwxrwxrwx  9  root   nobody  1024  Feb 16 17:17  .
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  ..
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  quicken
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  tax98
+drwxr-xr-x  9  nobody nobody  1024  Feb 16 17:17  taxdocuments

+Then we should see the equivalent of +Figure 4.5 on the client side.

+ +Figure 4.5: Windows client view of a network filesystem specified by path

Figure 4.5
+

+ +4.5.1.2 guest ok

+This option (which has an older synonym +public) allows or prohibits guest access to a share. The default value is +no. If set to +yes, it means that no username or password will be needed to connect to the share. When a user connects, the access rights will be equivalent to the designated guest user. The default account to which Samba offers the share is +nobody. However, this can be reset with the +guest +account configuration option. For example, the following lines allow guest user access to the +[accounting] share with the permissions of the +ftp account:

+[global]
+	guest account = ftp
+[accounting]
+	path = /usr/local/account
+	guest ok = yes

+Note that users can still connect to the share using a valid username/password combination. If successful, they will hold the access rights granted by their own account and not the guest account. If a user attempts to log in and fails, however, he or she will default to the access rights of the guest account. You can mandate that every user who attaches to the share will be using the guest account (and will have the permissions of the guest) by setting the option +guest +only += +yes.

+

+ +4.5.1.3 comment

+The +comment option allows you to enter a comment that will be sent to the client when it attempts to browse the share. The user can see the comment by listing Details on the share folder under the appropriate computer in the Windows Network Neighborhood, or type the command +NET +VIEW at an MS-DOS prompt. For example, here is how you might insert a comment for a +[network] share:

+[network]
+	comment = Network Drive
+	path = /export/samba/network

+This yields a folder similar to +Figure 4.6 on the client side. Note that with the current configuration of Windows, this comment will not be shown once a share is mapped to a Windows network drive.

+ +Figure 4.6: Windows client view of a share comment

Figure 4.6

+Be sure not to confuse the +comment option, which documents a Samba server's shares, with the +server +string option, which documents the server itself.

+

+ +4.5.1.4 volume

+This option allows you to specify the volume name of the share as reported by SMB. This normally resolves to the name of the share given in the +smb.conf file. However, if you wish to name it something else (for whatever reason) you can do so with this option.

+For example, an installer program may check the volume name of a CD-ROM to make sure the right CD-ROM is in the drive before attempting to install it. If you copy the contents of the CD-ROM into a network share, and wish to install from there, you can use this option to get around the issue:

+[network]
+	comment = Network Drive
+	volume = ASVP-102-RTYUIKA
+	path = /home/samba/network
+

+ +4.5.1.5 read only and writeable

+The options +read +only and +writeable (or +write +ok) are really two ways of saying the same thing, but approached from opposite ends. For example, you can set either of the following options in the +[global] section or in an individual share:

+read only = yes
+writeable = no

+If either option is set as shown, data can be read from a share, but cannot be written to it. You might think you would need this option only if you were creating a read-only share. However, note that this read-only behavior is the +default action for shares; if you want to be able to write data to a share, you must explicitly specify one of the following options in the configuration file for each share:

+read only = no
+writeable = yes

+Note that if you specify more than one occurrence of either option, Samba will adhere to the last value it encounters for the share.

+
+
+
+ + +
+ +Previous: 4.4 Server Configuration + + + +Next: 4.6 Networking Options with Samba
+4.4 Server Configuration + +Book Index +4.6 Networking Options with Samba
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_06.html b/docs/htmldocs/using_samba/ch04_06.html new file mode 100644 index 00000000000..897523cc55c --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_06.html @@ -0,0 +1,414 @@ + + + +[Chapter 4] 4.6 Networking Options with Samba + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.5 Disk Share Configuration + + + +Chapter 4
+Disk Shares 		+ +Next: 4.7 Virtual Servers
 
+ +
+
+

+ +4.6 Networking Options with Samba

If you're running Samba on a multi-homed machine (that is, one on multiple subnets), or even if you want to implement a security policy on your own subnet, you should take a close look at the networking configuration options:

+For the purposes of this exercise, let's assume that our Samba server is connected to a network with more than one subnet. Specifically, the machine can access both the 192.168.220.* and 134.213.233.* subnets. Here are our additions to the ongoing configuration file for the networking configuration options:

+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE
+
+	#  Networking configuration options
+	hosts allow = 192.168.220. 134.213.233. localhost
+	hosts deny = 192.168.220.102
+	interfaces = 192.168.220.100/255.255.255.0 \
+					134.213.233.110/255.255.255.0
+	bind interfaces only = yes
+
+[data]
+	path = /home/samba/data
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes
+

Let's first talk about the +hosts +allow and +hosts +deny options. If these options sound familiar, you're probably thinking of the +hosts.allow and +hosts.deny files that are found in the +/etc directories of many Unix systems. The purpose of these options is identical to those files; they provide a means of security by allowing or denying the connections of other hosts based on their IP addresses. Why not just use the +hosts.allow and +hosts.deny files themselves? Because there may be services on the server that you want others to access without giving them access Samba's disk or printer shares

+With the +hosts +allow option above, we've specified a cropped IP address: 192.168.220. (Note that there is still a third period; it's just missing the fourth number.) This is equivalent to saying: "All hosts on the 192.168.220 subnet." However, we've explicitly specified in a hosts deny line that 192.168.220.102 is not to be allowed access.

+You might be wondering: why will 192.168.220.102 be denied even though it is still in the subnet matched by the +hosts +allow option? Here is how Samba sorts out the rules specified by +hosts +allow and +hosts +deny:

    +
  1. +

    + +If there are no +allow or +deny options defined anywhere in +smb.conf, Samba will allow connections from any machine allowed by the system itself.

  2. +

    + +If there are +hosts +allow or +hosts +deny options defined in the +[global] section of +smb.conf, they will apply to all shares, even if the shares have an overriding option defined.

  3. +

    + +If there is only a +hosts +allow option defined for a share, only the hosts listed will be allowed to use the share. All others will be denied.

  4. +

    + +If there is only a +hosts +deny option defined for a share, any machine which is not on the list will be able to use the share.

  5. +

    + +If both a +hosts +allow and +hosts +deny option are defined, a host must appear in the allow list and not appear in the deny list (in any form) in order to access the share. Otherwise, the host will not be allowed.

    +

    + +WARNING: Take care that you don't explicitly allow a host to access a share, but then deny access to the entire subnet of which the host is part.

+Let's look at another example of that final item. Consider the following options:

+hosts allow = 111.222.
+hosts deny = 111.222.333.

+In this case, only the hosts that belong to the subnet 111.222.*.* will be allowed access to the Samba shares. However, if a client belongs to the 111.222.333.* subnet, it will be denied access, even though it still matches the qualifications outlined by +hosts +allow. The client must appear on the +hosts +allow list and +must not appear on the +hosts +deny list in order to gain access to a Samba share. If a computer attempts to access a share to which it is not allowed access, it will receive an error message.

+The other two options that we've specified are the +interfaces and the +bind +interface +only address. Let's look at the +interfaces option first. Samba, by default, sends data only from the primary network interface, which in our example is the 192.168.220.100 subnet. If we would like it to send data to more than that one interface, we need to specify the complete list with the +interfaces option. In the previous example, we've bound Samba to interface with both subnets (192.168.220 and 134.213.233) on which the machine is operating by specifying the other network interface address: 134.213.233.100. If you have more than one interface on your computer, you should always set this option as there is no guarantee that the primary interface that Samba chooses will be the right one.

+Finally, the +bind +interfaces +only option instructs the +nmbd process not to accept any broadcast messages other than those subnets specified with the +interfaces option. Note that this is different from the +hosts +allow and +hosts +deny options, which prevent machines from making connections to services, but not from receiving broadcast messages. Using the +bind +interfaces +only option is a way to shut out even datagrams from foreign subnets from being received by the Samba server. In addition, it instructs the +smbd process to bind to only the interface list given by the +interfaces option. This restricts the networks that Samba will serve.

+

+ +4.6.1 Networking Options

The networking options we introduced above are summarized in +Table 4.5.


+ + + + + + + + + +
+ +Table 4.5: Networking Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +hosts allow (allow hosts)

 +

+string (list of hostnames)

 +

+Specifies the machines that can connect to Samba.

 +

+none

 +

+Share

+

+ +hosts deny (deny hosts)

 +

+string (list of hostnames)

 +

+Specifies the machines that cannot connect to Samba.

 +

+none

 +

+Share

+

+ +interfaces

 +

+string (list of IP/netmask combinations)

 +

+Sets the network interfaces Samba will respond to. Allows correcting defaults.

 +

+system-dependent

 +

+Global

+

+ +bind

+ +interfaces only

 +

+boolean

 +

+If set to +yes, Samba will bind only to those interfaces specified by the +interfaces option.

 +

+ +no

 +

+Global

+

+ +socket

+ +address

 +

+string (IP address)

 +

+Sets IP address to listen on, for use with multiple virtual interfaces on a server.

 +

+none

 +

+Global

+

+ +4.6.1.1 hosts allow

The +hosts +allow option (sometimes written as +allow +hosts) specifies the machines that have permission to access shares on the Samba server, written as a comma- or space-separated list of names of machines or their IP addresses. You can gain quite a bit of security by simply placing your LAN's subnet address in this option. For example, we specified the following in our example:

+hosts allow = 192.168.220. localhost

+Note that we placed +localhost after the subnet address. One of the most common mistakes when attempting to use the +hosts +allow option is to accidentally disallow the Samba server from communicating with itself. The +smbpasswd program will occasionally need to connect to the Samba server as a client in order to change a user's encrypted password. In addition, local browsing propagation requires local host access. If this option is enabled and the localhost address is not specified, the locally-generated packets requesting the change of the encrypted password will be discarded by Samba, and browsing propagation will not work properly. To avoid this, explicitly allow the loopback address (either +localhost or +127.0.0.1) to be used.[3]

+
+

+[3] Starting with Samba 2.0.5, +localhost will automatically be allowed unless it is explicitly denied.

+You can specify any of the following formats for this option:

    +
  • +

    + +Hostnames, such as +ftp.example.com.

  • +

    + +IP addresses, like +130.63.9.252.

  • +

    + +Domain names, which can be differentiated from individual hostnames because they start with a dot. For example, .ora.com represents all machines within the +ora.com domain.

  • +

    + +Netgroups, which start with an at-sign, such as +@printerhosts. Netgroups are available on systems running yellow pages/NIS or NIS+, but rarely otherwise. If netgroups are supported on your system, there should be a +netgroups manual page that describes them in more detail.

  • +

    + +Subnets, which end with a dot. For example, +130.63.9. means all the machines whose IP addresses begin with 130.63.9.

  • +

    + +The keyword +ALL, which allows any client access.

  • +

    + +The keyword +EXCEPT followed by more one or more names, IP addresses, domain names, netgroups, or subnets. For example, you could specify that Samba allow all hosts except those on the 192.168.110 subnet with +hosts +allow += +ALL +EXCEPT +192.168.110. (remember the trailing dot).

+Using the +ALL keyword is almost always a bad idea, since it means that anyone on any network can browse your files if they guess the name of your server.

+Note that there is no default value for the +hosts +allow configuration option, although the default course of action in the event that neither option is specified is to allow access from all sources. In addition, if you specify this option in the +[global] section of the configuration file, it will override any +hosts +allow options defined shares.

+

+ +4.6.1.2 hosts deny

+The +hosts +deny option (also +deny +hosts) specifies machines that do not have permission to access a share, written as a comma- or space-separated list of machine names or their IP addresses. Use the same format as specifying clients as the +hosts +allow option above. For example, to restrict access to the server from everywhere but +example.com, you could write:

+hosts deny = ALL EXCEPT .example.com

+Like +hosts +allow, there is no default value for the +hosts +deny configuration option, although the default course of action in the event that neither option is specified is to allow access from all sources. Also, if you specify this option in the +[global] section of the configuration file, it will override any +hosts +deny options defined in shares. If you wish to deny +hosts access to specific shares, omit both the +hosts +allow and +hosts +deny options in the +[global] section of the configuration file.

+

+ +4.6.1.3 interfaces

The +interfaces option outlines the network addresses to which you want the Samba server to recognize and respond. This option is handy if you have a computer that resides on more than one network subnet. If this option is not set, Samba searches for the primary network interface of the server (typically the first Ethernet card) upon startup and configures itself to operate on only that subnet. If the server is configured for more than one subnet and you do not specify this option, Samba will only work on the first subnet it encounters. You must use this option to force Samba to serve the other subnets on your network.

+The value of this option is one or more sets of IP address/netmask pairs, such as the following:

+interfaces = 192.168.220.100/255.255.255.0 192.168.210.30/255.255.255.0

+You can optionally specify a CIDR format bitmask, as follows:

+interfaces = 192.168.220.100/24 192.168.210.30/24

+The bitmask number specifies the first number of bits that will be turned on in the netmask. For example, the number 24 means that the first 24 (of 32) bits will be activated in the bit mask, which is the same as saying 255.255.255.0. Likewise, 16 would be equal to 255.255.0.0, and 8 would be equal to 255.0.0.0.

+This option may not work correctly if you are using DHCP.

+

+ +4.6.1.4 bind interfaces only

+The +bind +interfaces +only option can be used to force the +smbd and +nmbd processes to serve SMB requests to only those addresses specified by the +interfaces option. The +nmbd process normally binds to the all addresses interface (0.0.0.0.) on ports 137 and 138, allowing it to receive broadcasts from anywhere. However, you can override this behavior with the following:

+bind interfaces only = yes

+This will cause both Samba processes to ignore any packets whose origination address does not match the broadcast address(es) specified by the +interfaces option, including broadcast packets. With +smbd, this option will cause Samba to not serve file requests to subnets other than those listed in the +interfaces option. You should avoid using this option if you want to allow temporary network connections, such as those created through SLIP or PPP. It's very rare that this option is needed, and it should only be used by experts.

+If you set +bind interfaces only to +yes, you should add the localhost address (127.0.01) to the "interfaces" list. Otherwise, +smbpasswd will be unable to connect to the server using its default mode in order to change a password.

+

+ +4.6.1.5 socket address

The +socket +address option dictates which of the addresses specified with the +interfaces parameter Samba should listen on for connections. Samba accepts connections on all addresses specified by default. When used in an +smb.conf file, this option will force Samba to listen on only one IP address. For example:

+interfaces = 192.168.220.100/24 192.168.210.30/24
+socket address = 192.168.210.30

+This option is a programmer's tool and we recommend that you do not use it.

+
+
+
+ + +
+ +Previous: 4.5 Disk Share Configuration + + + +Next: 4.7 Virtual Servers
+4.5 Disk Share Configuration + +Book Index +4.7 Virtual Servers
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_07.html b/docs/htmldocs/using_samba/ch04_07.html new file mode 100644 index 00000000000..6f5d495a0b1 --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_07.html @@ -0,0 +1,151 @@ + + + +[Chapter 4] 4.7 Virtual Servers + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.6 Networking Options with Samba + + + +Chapter 4
+Disk Shares 		+ +Next: 4.8 Logging Configuration Options
 
+ +
+
+

+ +4.7 Virtual Servers

Virtual servers are a technique for creating the illusion of multiple NetBIOS servers on the network, when in reality there is only one. The technique is simple to implement: a machine simply registers more than one NetBIOS name in association with its IP address. There are tangible benefits to doing this.

+The accounting department, for example, might have an +accounting server, and clients of it would see just the accounting disks and printers. The marketing department could have their own server, +marketing, with their own reports, and so on. However, all the services would be provided by one medium-sized Unix workstation (and one relaxed administrator), instead of having one small server and one administrator per department.

+Samba will allow a Unix server to use more than one NetBIOS name with the +netbios +aliases option. See +Table 4.6.


+ + + + + +
+ +Table 4.6: Virtual Server Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +netbios aliases

 +

List of NetBIOS names

 +

+Additional NetBIOS names to respond to, for use with multiple "virtual" Samba servers.

 +

+None

 +

+Global

+

+ +4.7.1 netbios aliases

+The +netbios +aliases option can be used to give the Samba server more than one NetBIOS name. Each NetBIOS name listed as a value will be displayed in the Network Neighborhood of a browsing machine. When a connection is requested to any machine, however, it will connect to the same Samba server.

+This might come in handy, for example, if you're transferring three departments' data to a single Unix server with modern large disks, and are retiring or reallocating the old NT servers. If the three servers are called +sales, +accounting, and +admin, you can have Samba represent all three servers with the following options:

+[global]
+	netbios aliases = sales accounting admin
+	include = /usr/local/samba/lib/smb.conf.%L

+See +Figure 4.7 for what the Network Neighborhood would display from a client.When a client attempts to connect to Samba, it will specify the name of the server that it's trying to connect to, which you can access through the +%L variable. If the requested server is +sales, Samba will include the +/usr/local/samba/lib/smb.conf.sales file. This file might contain global and share declarations exclusively for the sales team, such as the following:

+[global]
+	workgroup = SALES
+	hosts allow = 192.168.10.255
+
+[sales1998]
+	path = /usr/local/samba/sales/sales1998/
+...

+This particular example would set the workgroup to SALES as well, and set the IP address to allow connections only from the SALES subnet (192.168.10). In addition, it would offer shares specific to the sales department.

+ +Figure 4.7: Using NetBIOS aliases for a Samba server

Figure 4.7
+
+
+
+ + +
+ +Previous: 4.6 Networking Options with Samba + + + +Next: 4.8 Logging Configuration Options
+4.6 Networking Options with Samba + +Book Index +4.8 Logging Configuration Options
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch04_08.html b/docs/htmldocs/using_samba/ch04_08.html new file mode 100644 index 00000000000..7336022e151 --- /dev/null +++ b/docs/htmldocs/using_samba/ch04_08.html @@ -0,0 +1,423 @@ + + + +[Chapter 4] 4.8 Logging Configuration Options + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.7 Virtual Servers + + + +Chapter 4
+Disk Shares 		+ +Next: 5. Browsing and Advanced Disk Shares
 
+ +
+
+

+ +4.8 Logging Configuration Options

Occasionally, we need to find out what Samba is up to. This is especially true when Samba is performing an unexpected action or is not performing at all. To find out this information, we need to check Samba's log files to see exactly why it did what it did.

+Samba log files can be as brief or verbose as you like. Here is an example of what a Samba log file looks like:

+[1999/07/21 13:23:25, 3] smbd/service.c:close_cnum(514)
+  phoenix (192.168.220.101) closed connection to service IPC$
+[1999/07/21 13:23:25, 3] smbd/connection.c:yield_connection(40)
+  Yielding connection to IPC$
+[1999/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+  Transaction 923 of length 49
+[1999/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+  switch message SMBread (pid 467)
+[1999/07/21 13:23:25, 3] lib/doscalls.c:dos_ChDir(336)
+  dos_ChDir to /home/samba
+[1999/07/21 13:23:25, 3] smbd/reply.c:reply_read(2199)
+  read fnum=4207 num=2820 nread=2820
+[1999/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+  Transaction 924 of length 55
+[1999/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+  switch message SMBreadbraw (pid 467)
+[1999/07/21 13:23:25, 3] smbd/reply.c:reply_readbraw(2053)
+  readbraw fnum=4207 start=130820 max=1276 min=0 nread=1276
+[1999/07/21 13:23:25, 3] smbd/process.c:process_smb(615)
+  Transaction 925 of length 55
+[1999/07/21 13:23:25, 3] smbd/process.c:switch_message(448)
+  switch message SMBreadbraw (pid 467)

+Many of these options are of use only to Samba programmers. However, we will go over the meaning of some of these entries in more detail in Chapter 9, Troubleshooting Samba.

+Samba contains six options that allow users to describe how and where logging information should be written. Each of these options are global options and cannot appear inside a share definition. Here is an up-to-date configuration file that covers each of the share and logging options that we've seen so far:

+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%I)
+	workgroup = SIMPLE
+
+	#  Networking configuration options
+	hosts allow = 192.168.220. 134.213.233. localhost
+	hosts deny = 192.168.220.102
+	interfaces = 192.168.220.100/255.255.255.0 \
+					134.213.233.110/255.255.255.0
+	bind interfaces only = yes
+
+	# Debug logging information
+	log level = 2
+	log file = /var/log/samba.log.%m
+	max log size = 50
+	debug timestamp = yes
+
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes
+

+ Here, we've added a custom log file that reports information up to debug level 2. This is a relatively light debugging level. The logging level ranges from 1 to 10, where level 1 provides only a small amount of information and level 10 provides a plethora of low-level information. Level 2 will provide us with useful debugging information without wasting disk space on our server. In practice, you should avoid using log levels greater than 3 unless you are programming Samba.

+This file is located in the +/var/log directory thanks to the +log +file configuration option. However, we can use variable substitution to create log files specifically for individual users or clients, such as with the +%m variable in the following line:

+log file = /usr/local/logs/samba.log.%m

+Isolating the log messages can be invaluable in tracking down a network error if you know the problem is coming from a specific machine or user.

+We've added another precaution to the log files: no one log file can exceed 50 kilobytes in size, as specified by the +max +log +size option. If a log file exceeds this size, the contents are moved to a file with the same name but with the suffix +.old appended. If the +.old file already exists, it is overwritten and its contents are lost. The original file is cleared, waiting to receive new logging information. This prevents the hard drive from being overwhelmed with Samba log files during the life of our daemons.

+For convenience, we have decided to leave the debug timestamp in the logs with the +debug +timestamp option, which is the default behavior. This will place a timestamp next to each message in the logging file. If we were not interested in this information, we could specify +no for this option instead.

+

+ +4.8.1 Using syslog

+If you wish to use the system logger (syslog) in addition to or in place of the standard Samba logging file, Samba provides options for this as well. However, to use +syslog, the first thing you will have to do is make sure that Samba was built with the +configure +--with-syslog option. See Chapter 2 for more information on configuring and compiling Samba.

+Once that is done, you will need to configure your +/etc/syslog.conf to accept logging information from Samba. If there is not already a +daemon.* entry in the + +/etc/syslog.conf file, add the following:

+daemon.*        /var/log/daemon.log

+This specifies that any logging information from system daemons will be stored in the +/var/log/daemon.log file. This is where the Samba information will be stored as well. From there, you can specify the following global option in your configuration file:

+syslog = 2

+This specifies that any logging messages with a level of 1 will be sent to both the +syslog and the Samba logging files. (The mappings to +syslog priorities are described in the upcoming section "syslog.") Let's assume that we set the regular +log +level option above to 4. Any logging messages with a level of 2, 3, or 4 will be sent to the Samba logging files, but not to the +syslog. Only level 1 logging messages will be sent to both. If the +syslog value exceeds the +log +level value, nothing will be written to the +syslog.

+If you want to specify that messages be sent only to +syslog - and not to the standard Samba logging files - you can place this option in the configuration file:

+syslog only = yes

+If this is the case, any logging information above the number specified in the +syslog option will be discarded, just like the +log +level option.

+

+ +4.8.2 Logging Configuration Options

+ +Table 4.7 lists each of the logging configuration options that Samba can use.


+ + + + + + + + + + +
+ +Table 4.7: Global Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +log file

 +

+string (fully-qualified filename)

 +

+Sets the name and location of the log file that Samba is to use. Uses standard variables.

 +

+Specified in Samba makefile

 +

+Global

+

+ +log level

+ +(debug level)

 +

+numerical (0-10)

 +

+Sets the amount of log/debug messages that are sent to the log file. 0 is none, 3 is considerable.

 +

+ +1

 +

+Global

+

+ +max log size

 +

+numerical (size in KB)

 +

+Sets the maximum size of log file. After the log exceeds this size, the file will be renamed to +.bak and a new log file started.

 +

+ +5000

 +

+Global

+

+ +debug

+ +timestamp (timestamp logs)

 +

+boolean

 +

+If no, doesn't timestamp logs, making them easier to read during heavy debugging.

 +

+ +yes

 +

+Global

+

+ +syslog

 +

+numerical (0-10)

 +

+Sets level of messages sent to +syslog. Those levels below +syslog level will be sent to the system logger.

 +

+ +1

 +

+Global

+

+ +syslog only

 +

+boolean

 +

+If yes, uses +syslog entirely and sends no output to the standard Samba log files.

 +

+ +no

 +

+Global

+

+ +4.8.2.1 log file

+On our server, Samba outputs log information to text files in the +var subdirectory of the Samba home directory, as set by the makefile during the build. The +log +file option can be used to reset the name of the log file to another location. For example, to reset the name and location of the Samba log file to +/usr/local/logs/samba.log, you could use the following:

+[global]
+	log file = /usr/local/logs/samba.log

+You may use variable substitution to create log files specifically for individual users or clients.

+You can override the default log file location using the +-l command-line switch when either daemon is started. However, this does not override the +log +file option. If you do specify this parameter, initial logging information will be sent to the file specified after +-l (or the default specified in the Samba makefile) until the daemons have processed the +smb.conf file and know to redirect it to a new log file.

+

+ +4.8.2.2 log level

+The +log +level option sets the amount of data to be logged. Normally this is left at 0 or 1. However, if you have a specific problem you may want to set it at 3, which provides the most useful debugging information you would need to track down a problem. Levels above 3 provide information that's primarily for the developers to use for chasing internal bugs, and slows down the server considerably. Therefore, we recommend that you avoid setting this option to anything above 3. 

+[global]
+log file = /usr/local/logs/samba.log.%m
+log level = 3
+

+ +4.8.2.3 max log size

+The +max +log +size option sets the maximum size, in kilobytes, of the debugging log file that Samba keeps. When the log file exceeds this size, the current log file is renamed to add an +.old extension (erasing any previous file with that name) and a new debugging log file is started with the original name. For example:

+[global]
+log file = /usr/local/logs/samba.log.%m
+max log size = 1000

+Here, if the size of any log file exceeds one megabyte in size, Samba renames the log file +samba.log. + +machine-name +.old and a new log file is generated. If there was a file there previously with the +.old extension, Samba deletes it. We highly recommend setting this option in your configuration files because debug logging (even at lower levels) can covertly eat away at your available disk space. Using this option protects unwary administrators from suddenly discovering that most of their disk space has been swallowed up by a single Samba log file.

+

+ +4.8.2.4 debug timestamp or timestamp logs

+If you happen to be debugging a network problem and you find that the date-stamp and timestamp information within the Samba log lines gets in the way, you can turn it off by giving either the +timestamp +logs or the +debug +timestamp option (they're synonymous) a value of +no. For example, a regular Samba log file presents its output in the following form:

+12/31/98 12:03:34 hydra (192.168.220.101) connect to server network as user davecb

+With a +no value for this option, the output would appear without the datestamp or the timestamp:

+hydra (192.168.220.101) connect to server network as user davecb
+

+ +4.8.2.5 syslog

The +syslog option causes Samba log messages to be sent to the Unix system logger. The type of log information to be sent is specified as the parameter for this argument. Like the +log +level option, it can be a number from 0 to 10. Logging information with a level less than the number specified will be sent to the system logger. However, debug logs equal to or above the +syslog level, but less than log level, will still be sent to the standard Samba log files. To get around this, use the +syslog +only option. For example:

+[global]
+	log level = 3
+	syslog = 1

+With this, all logging information with a level of 0 would be sent to the standard Samba logs and the system logger, while information with levels 1, 2, and 3 would be sent only to the standard Samba logs. Levels above 3 are not logged at all. Note that all messages sent to the system logger are mapped to a priority level that the +syslog process understands, as shown in +Table 4.8. The default level is 1.


+ + + + + + + + + +
+ +Table 4.8: Syslog Priority Conversion
+

+Log Level

 +

+Syslog Priority

+

+0

 +

+ +LOG_ERR

+

+1

 +

+ +LOG_WARNING

+

+2

 +

+ +LOG_NOTICE

+

+3

 +

+ +LOG_INFO

+

+4 and above

 +

+ +LOG_DEBUG

+If you wish to use +syslog, you will have to run +configure +--with-syslog when compiling Samba, and you will need to configure your +/etc/syslog.conf to suit. (See the section +Section 4.8.1, Using syslog, earlier in this chapter.)

+

+ +4.8.2.6 syslog only

+The +syslog +only option tells Samba not to use the regular logging files - the system logger only. To enable this, specify the following option in the global ection of the Samba configuration file:

+[global]
+	syslog only = yes
+
+
+
+ + +
+ +Previous: 4.7 Virtual Servers + + + +Next: 5. Browsing and Advanced Disk Shares
+4.7 Virtual Servers + +Book Index +5. Browsing and Advanced Disk Shares
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch05_01.html b/docs/htmldocs/using_samba/ch05_01.html new file mode 100644 index 00000000000..d45bd13f32d --- /dev/null +++ b/docs/htmldocs/using_samba/ch05_01.html @@ -0,0 +1,786 @@ + + + +[Chapter 5] Browsing and Advanced Disk Shares + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 4.8 Logging Configuration Options + + +Chapter 5 + +Next: 5.2 Filesystem Differences
 
+ +
+
+

+ +5. Browsing and Advanced Disk Shares

+

+ +Contents:
+ +Browsing
+ +Filesystem Differences
+ +File Permissions and Attributes on MS-DOS and Unix
+ +Name Mangling and Case
+ +Locks and Oplocks

+

This chapter continues our discussion of disk shares from the previous chapter. Here, we will discuss various differences between the Windows and Unix filesystems - and how Samba works to bridge the gap. There are a surprising number of inconsistencies between a DOS filesystem and a Unix filesystem. In addition, we will talk briefly about name mangling, file locking, and a relatively new feature for Samba: opportunistic locking, or oplocks. However, before we move into that territory, we should first discuss the somewhat arcane topic of browsing with Samba.

+

+ + +5.1 Browsing

+Browsing is the ability to examine the servers and shares that are currently available on your network. On a Windows NT 4.0 or 95/98 client, a user can browse network servers through the Network Neighborhood folder. By double-clicking the icon representing the server, the user should be able to see the printer and disk share resources available on that machine as well. (If you have Windows NT 3. +x, you can use the Disk-Connect Network Drive menu in the File Manager to display the available shares on a server.)

+From the Windows command line, you can also use the +net +view option to see which servers are currently on the network. Here is an example of the +net +view command in action:

C:\> net view
+Servers available in workgroup SIMPLE
+Server name            Remark
+----------------------------------------------------------
+\\CHIMAERA             Windows NT 4.0
+\\HYDRA                Samba 2.0.4 on (hydra)
+\\PHOENIX              Windows 98
+

+ +5.1.1 Preventing Browsing

You can restrict a share from being in a browse list by using the +browseable option. This boolean option prevents a share from being seen in the Network Neighborhood at all. For example, to prevent the +[data] share from the previous chapter from being visible, we could write:

+[data]
+	path = /home/samba/data
+	browseable = no
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writeable = yes

+Although you typically don't want to do this to an ordinary disk share, the browseable option is useful in the event that you need to create a share with contents that you do not want others to see, such as a +[netlogin] share for storing logon scripts for Windows domain control (see Chapter 6, Users, Security, and Domains for more information on logon scripts).

+Another example is the +[homes] share. This share is often marked non-browsable so that a share named +[homes] won't appear when its machine's resources are browsed. However, if a user +alice logs on and looks at the machine's shares, an +[alice] share will appear under the machine. What if we wanted to make sure +alice's share appeared to everyone before she logs in? This could be done with the global +auto +services option. This option preloads shares into the browse list to ensure that they are always visible: 

+[global]
+	...
+	auto services = alice
+	...
+

+ +5.1.2 Default Services

+In the event that a user cannot successfully connect to a share, you can specify a default share to which they can connect. Since you do not know who will default to this share at any time, you will probably want to set the +guest +ok option to +yes for this share. Specifying a +default +service can be useful when sending the utterly befuddled to a directory of help files. For example:

+[global]
+	...
+	default service = helpshare
+	...
+	
+[helpshare]
+	path = /home/samba/helpshare/%S
+	browseable = yes
+	guest ok = yes
+	comment = Default Share for Unsuccessful Connections
+	volume = Sample-Data-Drive
+	writeable = no

+Note that we used the +%S variable in the +path option. If you use the +%S variable, it will refer to the requested nonexistent share (the original share requested by the user), not the name of the resulting default share. This allows us to create different paths with the names of each server, which can provide more customized help files for users. In addition, any underscores (_) specified in the requested share will be converted to slashes (/) when the +%S variable is used.

+

+ +5.1.3 Browsing Elections

As mentioned in Chapter 1, Learning the Samba, one machine in each subnet always keeps a list of the currently active machines. This list is called the +browse list and the server that maintains it is called the local master browser. As machines come on and off the network, the local master browser continually updates the information in the browse list and provides it to any machine that requests it.

+A computer becomes a local master browser by holding a browsing election on the local subnet. Browsing elections can be called at any time. Samba can rig a browsing election for a variety of outcomes, including always becoming the local master browser of the subnet or never becoming it. For example, the following options, which we've added to the configuration file from Chapter 4, Disk Shares, will ensure that Samba always wins the election for local master browser no matter which machines are also present:

+[global]
+	netbios name = HYDRA
+	server string = Samba %v on (%L)
+	workgroup = SIMPLE
+
+	#  Browsing election options
+	os level = 34
+	local master = yes
+
+	#  Networking configuration options
+	hosts allow = 192.168.220. 134.213.233. localhost
+	hosts deny = 192.168.220.102
+	interfaces = 192.168.220.100/255.255.255.0 \
+					134.213.233.110/255.255.255.0
+
+	# Debug logging information
+	log level = 2
+	log file = /var/log/samba.log.%m
+	max log size = 50
+	debug timestamp = yes
+
+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	comment = Data Drive
+	volume = Sample-Data-Drive
+	writable = yes

+However, what if we didn't always want to win the election? What if we wanted to yield browsing to a Windows NT Server if present? In order to do that, we need to learn how browsing elections work. As you already know, each machine that takes place in the election must broadcast information about itself. This information includes the following:

    +
  • +

    + +The version of the election protocol used

  • +

    + +The operating system on the machine

  • +

    + +The amount of time the client has been on the network

  • +

    + +The hostname of the client

+Here is how the election is decided. Operating systems are assigned a binary value according to their version, as shown in +Table 5.1.


+ + + + + + + + + + + +
+ +Table 5.1: Operating System Values in an Election
+

+Operating System

 +

+Value

+

Windows NT Server 4.0

 +

+33

+

+Windows NT Server 3.51

 +

+32

+

+Windows NT Workstation 4.0

 +

+17

+

+Windows NT Workstation 3.51

 +

+16

+

+Windows 98

 +

+2

+

+Windows 95

 +

+1

+

+Windows 3.1 for Workgroups

 +

+1

+Following that, each computer on the network is assigned a separate value according to its role, as shown in +Table 5.2.


+ + + + + + + + + + +
+ +Table 5.2: Computer Role Settings in an Election
+

+Role

 +

+Value

+

Primary Domain Controller

 +

+128

+

+WINS Client

 +

+32

+

+Preferred Master Browser

 +

+8

+

+Active Master Browser

 +

+4

+

+Standby Browser

 +

+2

+

+Active Backup Browser

 +

+1

Elections are decided in the following order:

    +
  1. +

    + +The machine with the highest version of the election protocol will win. (So far, this is meaningless, as all Windows clients have version 1 of the election protocol.)

  2. +

    + +The machine with the highest operating system value wins the election.

  3. +

    + +If there is a tie, the machine with the setting of Preferred Master Browser (role 8) wins the election.

  4. +

    + +If there is still a tie, the client who has been online the longest wins the election.

  5. +

    + +And finally, if there is still a tie, the client name that comes first alphabetically wins.

  6. +

    + +The machine that is the "runner-up" can become a backup browser.

+As a result, if you want Samba to take the role of a local master browser, but only if there isn't a Windows NT Server (4.0 or 3.51) on the network, you could change the +os +level parameter in the previous example to:

+os level = 31

+This will cause Samba to immediately lose the election to a Windows NT 4.0 or Windows NT 3.5 Server, both of which have a higher operating systems level. On the other hand, if you wanted to decide the local master browser on the basis of the network role, such as which machine is the primary domain controller, you could set the +os +level to match the highest type of operating system on the network and let the election protocol fall down to the next level.

How can you can tell if a machine is a local master browser? By using the +nbtstat command. Place the NetBIOS name of the machine you wish to check after the +-a option:

C:\> nbtstat -a hydra
+
+       NetBIOS Remote Machine Name Table
+
+ Name                            Type         Status
+----------------------------------------------------------
+ HYDRA                     <00>  UNIQUE       Registered
+ HYDRA                     <03>  UNIQUE       Registered
+ HYDRA                     <20>  UNIQUE       Registered
+ ..__MSBROWSE__.           <01>  GROUP        Registered
+ SIMPLE                    <00>  GROUP        Registered
+ SIMPLE                    <1D>  UNIQUE       Registered
+ SIMPLE                    <1E>  GROUP        Registered
+
+ MAC Address = 00-00-00-00-00-00

+The resource entry that you're looking for is the +..__MSBROWSE__.<01>. This indicates that the server is currently acting as the local master browser for the current subnet. In addition, if the machine is a Samba server, you can check the Samba +nmbd log file for an entry such as:

+nmbd/nmbd_become_lmb.c:become_local_master_stage2(406)
+*****
+Samba name server HYDRA is now a local master browser for
+workgroup SIMPLE on subnet 192.168.220.100
+****

+Finally, Windows NT servers serving as primary domain controllers contain a sneak that allows them to assume the role of the local master browser in certain conditions; this is called the +preferred +master browser bit. Earlier, we mentioned that Samba could set this bit on itself as well. You can enable it with the +preferred +master option:

+#  Browsing election options
+os level = 33
+local master = yes
+preferred master = yes

+If the preferred master bit is set, the machine will force a browsing election at startup. Of course, this is needed only if you set the +os +level option to match the Windows NT machine. We recommend that you don't use this option if another machine also has the role of preferred master, such as an NT server.

+

+ +5.1.4 Domain Master Browser

In the opening chapter, we mentioned that in order for a Windows workgroup or domain to extend into multiple subnets, one machine would have to take the role of the +domain master browser. The domain master browser propagates browse lists across each of the subnets in the workgroup. This works because each local master browser periodically synchronizes its browse list with the domain master browser. During this synchronization, the local master browser passes on any server that the domain master browser does not have in its browse list, and vice versa. In a perfect world, each local master browser would eventually have the browse list for the entire domain.

+Unlike the local master browser, there is no election to determine which machine assumes the role of the domain master browser. Instead, the administrator has to set it manually. By Microsoft design, however, the domain master browser and the primary domain controller (PDC) both register a resource type of <1B>, so the roles - and the machines - are inseparable.

+If you have a Windows NT server on the network acting as a PDC, we recommend that you do not use Samba to become the domain master browser. The reverse is true as well: if Samba is taking on the responsibilities of a PDC, we recommend making it the domain master browser as well. Although it is possible to split the roles with Samba, this is not a good idea. Using two different machines to serve as the PDC and the domain master browser can cause random errors to occur on a Windows workgroup.

+Samba can assume the role of a domain master browser for all subnets in the workgroup with the following option:

+domain master = yes

+You can verify that a Samba machine is in fact the domain master browser by checking the +nmbd log file:

+nmbd/nmbd_become_dmb.c:become_domain_master_stage2(118)
+*****
+Samba name server HYDRA is now a domain master browser for
+workgroup SIMPLE on subnet 192.168.220.100
+*****

+Or you can use the nmblookup command that comes with the Samba distribution to query for a unique <1B> resource type in the workgroup:

# nmblookup SIMPLE#1B
+Sending queries to 192.168.220.255
+192.168.220.100 SIMPLE<1b>
+

+ +5.1.4.1 Multiple subnets

There are three rules that you must remember when creating a workgroup/domain that spans more than one subnet:

    +
  • +

    + +You must have either a Windows NT or Samba machine acting as a local master browser on each subnet in the workgroup/domain. (If you have a domain master browser in a subnet, a local master browser is not needed.)

  • +

    + +You must have a Windows NT Server or a Samba machine acting as a domain master browser somewhere in the workgroup.

  • +

    + +Each local master browser must be instructed to synchronize with the domain master browser.

+Samba has a few other features in this arena in the event that you don't have or want a domain master browser on your network. Consider the subnets shown in +Figure 5.1.

+ +Figure 5.1: Multiple subnets with Samba servers

Figure 5.1

+First, a Samba server that is a local master browser can use the +remote +announce configuration option to make sure that computers in different subnets are sent broadcast announcements about the server. This has the effect of ensuring that the Samba server appears in the browse lists of foreign subnets. To achieve this, however, the directed broadcasts must reach the local master browser on the other subnet. Be aware that many routers do not allow directed broadcasts by default; you may have to change this setting on the router for the directed broadcasts to get through to its subnet.

+With the +remote +announce option, list the subnets and the workgroup that should receive the broadcast. For example, to ensure that machines in the 192.168.221 and 192.168.222 subnets and SIMPLE workgroup are sent broadcast information from our Samba server, we could specify the following:

+#  Browsing election options
+os level = 34
+local master = yes
+remote announce = 192.168.221.255/SIMPLE \
+	192.168.222.255/SIMPLE

+In addition, you are allowed to specify the exact address to send broadcasts to if the local master browser on the foreign subnet is guaranteed to always have a fixed IP address.

+A Samba local master browser can synchronize its browse list directly with another Samba server acting as a local master browser on a different subnet. For example, let's assume that Samba is configured as a local master browser, and Samba local master browsers exist at 192.168.221.130 and 192.168.222.120. We can use the +remote +browse +sync option to sync directly with the Samba servers, as follows:

+#  Browsing election options
+os level = 34
+local master = yes
+remote browse sync = 192.168.221.130 192.168.222.120

+In order for this to work, the other Samba machines must also be local master browsers. You can also use directed broadcasts with this option if you do not know specific IP addresses of local master browsers.

+

+ +5.1.5 Browsing Options

+Table 5.3 shows 14 options that define how Samba handles browsing tasks. We recommend the defaults for a site that prefers to be easy on its users with respect to locating shares and printers.


+ + + + + + + + + + + + + + + + + + +
+ +Table 5.3: Browsing Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +announce as

 +

+ +NT or +Win95 or +WfW

 +

+Sets the operating system that Samba will announce itself as.

 +

+ +NT

 +

+Global

+

+ +announce version

 +

+numerical

 +

+Sets the version of the operating system that Samba will announce itself as.

 +

+ +4.2

 +

+Global

+

+ +browseable (browsable)

 +

+boolean

 +

+Allows share to be displayed in list of machine resources.

 +

+ +yes

 +

+Share

+

+ +browse list

 +

+boolean

 +

+If +yes, Samba will provide a browse list on this server.

 +

+ +yes

 +

+Global

+

+ +auto services (preload)

 +

+string (share list)

 +

+Sets a list of shares that will always appear in the browse list.

 +

+None

 +

+Global

+

+ +default service (default)

 +

+string (share name)

 +

+Names a share (service) that will be provided if the client requests a share not listed in +smb.conf.

 +

+None

 +

+Global

+

+ +local master

 +

+boolean

 +

+If +yes, Samba will try to become a master browser on the local subnet.

 +

+ +yes

 +

+Global

+

+ +lm announce

 +

+ +yes or +no or +auto

 +

+Enables or disables LAN Manager style host announcements.

 +

+ +auto

 +

+Global

+

+ +lm interval

 +

+numerical

 +

+Specifies the frequency in seconds that LAN Manager announcements will be made if activated.

 +

+ +60

 +

+Global

+

+ +preferred master (prefered master)

 +

+boolean

 +

+If +yes, Samba will use the preferred master browser bit to attempt to become the local master browser.

 +

+ +no

 +

+Global

+

+ +domain master

 +

+boolean

 +

+If +yes, Samba will try to become the main browser master for the workgroup.

 +

+ +no

 +

+Global

+

+ +os level

 +

+numerical

 +

+Sets the operating system level of Samba in an election for local master browser.

 +

+ +0

 +

+Global

+

+ +remote browse sync

 +

+string (list of IP addresses)

 +

+Lists Samba servers to synchronize browse lists with.

 +

+None

 +

+Global

+

+ +remote announce

 +

+string (IP address/ workgroup pairs)

 +

+Lists subnets and workgroups to send directed broadcast packets to, allowing Samba to appear to browse lists.

 +

+None

 +

+Global

+

+ +5.1.5.1 announce as

+This global configuration option specifies the type of operating system that Samba will announce to other machines on the network. The default value for this option is +NT, which represents a Windows NT operating system. Other possible values are +Win95, which represents a Windows 95 operating system, and +WfW for a Windows for Workgroup operating system. You can override the default value with the following:

+[global]
+	announce as = Win95

+We recommend against changing the default value of this configuration option.

+

+ +5.1.5.2 announce version

+This global option is frequently used with the +announce +as configuration option; it specifies the version of the operating system that Samba will announce to other machines on the network. The default value of this options is 4.2, which places itself above the current Windows NT version of 4.0. You can specify a new value with a global entry such as the following:

+[global]
+	announce version = 4.3

+We recommend against changing the default value of this configuration option.

+

+ +5.1.5.3 browseable

+The +browseable option (also spelled +browsable) indicates whether the share referenced should appear in the list of available resources of the machine on which it resides. This option is always set to +yes by default. If you wish to prevent the share from being seen in a client's browser, you can reset this option to +no.

+Note that this does not prevent someone from accessing the share using other means, such as specifying a UNC location (//server/accounting) in Windows Explorer. It only prevents the share from being listed under the machine's resources when being browsed.

+

+ +5.1.5.4 browse list

You should never need to change this parameter from its default value of +yes. If your Samba server is acting as a local master browser (i.e., it has won the browsing election), you can use the global +browse +list option to instruct Samba to provide or withhold its browse list to all clients. By default, Samba always provides a browse list. You can withhold this information by specifying the following:

+[global]
+	browse list = no

+If you disable the browse list, clients cannot browse the names of other machines, their services, and other domains currently available on the network. Note that this won't make any particular machine inaccessible; if someone knows a valid machine name/address and a share on that machine, they can still connect to it explicitly using NET USE or by mapping a drive letter to it using Windows Explorer. It simply prevents information in the browse list from being retrieved by any client that requests it.

+

+ +5.1.5.5 auto services

+The global +auto +services option, which is also called +preload, ensures that the specified shares are always visible in the browse list. One common use for this option is to advertise specific user or printer shares that are created by the +[homes] or +[printers] shares, but are not otherwise browsable.

+This option works best with disk shares. If you wish to force each of your system printers (i.e., those listed in the printer capabilities file) into the browse list using this option, we recommend using the +load +printers option instead. Any shares listed with the +auto +services option will not be displayed if the +browse +list option is set to +no.

+

+ +5.1.5.6 default service

+The global +default +service option (sometimes called +default) names a "last-ditch" share. If set to an existing share name, and a client requests a nonexistent disk or printer share, Samba will attempt to connect the user to the share specified by this option instead. The option is specified as follows:

+default service = helpshare

+Note that there are no braces surrounding the share name +helpshare, even though the definition of the share later in the Samba configuration file will have braces. Also, if you use the +%S variable in the share specified by this option, it will represent the requested, nonexistent share, not the default service. Any underscores (_) specified in the request share will be converted to slashes (/) when the variable is used.

+

+ +5.1.5.7 local master

This global option specifies whether Samba will attempt to become the local master browser for the subnet when it starts up. If this option is set to +yes, Samba will take place in elections. However, setting this option by itself does not guarantee victory. (Other parameters, such as +preferred +master and +os +level help Samba win browsing elections.) If this option is set to +no, Samba will lose all browsing elections, no matter which values are specified by the other configuration options. The default value is +yes.

+

+ +5.1.5.8 lm announce

+The global +lm +announce option tells Samba's +nmbd whether or not to send LAN Manager host announcements on behalf of the server. These host announcements may be required by older clients, such as IBM's OS/2 operating system. This announcement allows the server to be added to the browse lists of the client. If activated, Samba will announce itself repetitively at the number of seconds specified by the +lm +interval option.

+This configuration option takes the standard boolean values, +yes and +no, which engage or disengage LAN Manager announcements, respectively. In addition, there is a third option, +auto, which causes +nmbd to passively listen for LAN Manager announcements, but not send any of its own initially. If LAN Manager announcements are detected for another machine on the network, +nmbd will start sending its own LAN Manager announcements to ensure that it is visible. You can specify the option as follows:

+[global]
+	lm announce = yes

+The default value is +auto. You probably won't need to change this value from its default.

+

+ +5.1.5.9 lm interval

+This option, which is used in conjunction with +lm +announce, indicates the number of seconds +nmbd will wait before repeatedly broadcasting LAN Manager-style announcements. Remember that LAN Manager announcements must be activated in order for this option to be used. The default value is 60 seconds. If you set this value to 0, Samba will not send any LAN Manager host announcements, no matter what the value of the +lm +announce option. You can reset the value of this option as follows:

+[global]
+	lm interval = 90
+

+ +5.1.5.10 preferred master

+The +preferred +master option requests that Samba set the preferred master bit when participating in an election. This gives the server a higher preferred status in the workgroup than other machines at the same operating system level. If you are configuring your Samba machine to become the local master browser, it is wise to set the following value:

+[global]
+	preferred master = yes

+Otherwise, you should leave it set to its default, +no. If Samba is configured as a preferred master browser, it will force an election when it first comes online.

+

+ +5.1.5.11 os level

+The global +os +level option dictates the operating system level at which Samba will masquerade during a browser election. If you wish to have Samba win an election and become the master browser, you can set the level above that of the operating system on your network with the highest current value. The values are shown in Table 5-1. The default level is 0, which means that Samba will lose all elections. If you wish Samba to win all elections, you can reset its value as follows:

+os level = 34

+This means that the server will vote for itself 34 times each time an election is called, which ensures a victory.

+

+ +5.1.5.12 domain master

+If Samba is the primary domain controller for your workgroup or NT domain, it should also be the domain master browser. The domain master browser is a special machine that has the NetBIOS resource type <1B> and is used to propagate browse lists to and from each of the local master browsers in individual subnets across the domain. To force Samba to become the domain master browser, set the following in the +[global] section of the +smb.conf:

+[global]
+	domain master = yes

+If you have a Windows NT server on the network acting as a primary domain controller (PDC), we recommend that you do not use Samba to become the domain master browser. The reverse is true as well: if Samba is taking on the responsibilities of a PDC, we recommend making it the domain master browser. Splitting the PDC and the domain master browser will cause unpredictable errors to occur on the network.

+

+ +5.1.5.13 remote browse sync

+The global +remote +browse +sync option specifies that Samba should synchronize its browse lists with local master browsers in other subnets. However, the synchronization can occur only with other Samba servers, and not with Windows computers. For example, if your Samba server was a master browser on the subnet 192.168.235, and Samba local master browsers existed on other subnets at 192.168.234.92 and 192.168.236.2, you could specify the following:

+remote browse sync = 192.168.234.92 192.168.236.2

+The Samba server would then directly contact the other machines on the address list and synchronize browse lists. You can also say:

+remote browse sync = 192.168.234.255 192.168.236.255

+This forces Samba to broadcast queries to determine the IP addresses of the local master browser on each subnet, with which it will then synchronize browse lists. This only works, however, if your router doesn't block directed broadcast requests ending in 255.

+

+ +5.1.5.14 remote announce

+Samba servers are capable of providing browse lists to foreign subnets with the +remote +announce option. This is typically sent to the local master browser of the foreign subnet in question. However, if you do not know the address of the local master browser, you can do the following:

+[global]
+    remote announce = 192.168.234.255/ACCOUNTING \       
+						192.168.236.255/ACCOUNTING

+With this, Samba will broadcast host announcements to all machines on subnets 192.168.234 and 192.168.236, which will hopefully reach the local master browser of the subnet. You can also specify exact IP addresses, if they are known.

+
+
+
+ + +
+ +Previous: 4.8 Logging Configuration Options + + + +Next: 5.2 Filesystem Differences
+4.8 Logging Configuration Options + +Book Index +5.2 Filesystem Differences
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch05_02.html b/docs/htmldocs/using_samba/ch05_02.html new file mode 100644 index 00000000000..462e23f3c09 --- /dev/null +++ b/docs/htmldocs/using_samba/ch05_02.html @@ -0,0 +1,429 @@ + + + +[Chapter 5] 5.2 Filesystem Differences + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 5.1 Browsing + + + +Chapter 5
+Browsing and Advanced Disk Shares 		+ +Next: 5.3 File Permissions and Attributes on MS-DOS and Unix
 
+ +
+
+

+ +5.2 Filesystem Differences

One of the biggest issues for which Samba has to correct is the difference between Unix and non-Unix filesystems. This includes items such as handling symbolic links, hidden files, and dot files. In addition, file permissions can also be a headache if not accounted for properly. This section describes how to use Samba to make up for some of those annoying differences, and even how to add some new functionality of its own.

+

+ +5.2.1 Hiding and Vetoing Files

There are some cases when we need to ensure that a user cannot see or access a file at all. Other times, we don't want to keep a user from accessing a file - we just want to hide it when they view the contents of the directory. On Windows systems, an attribute of files allows them to be hidden from a folder listing. With Unix, the traditional way of hiding files in a directory is to precede them with a dot (.). This prevents items such as configuration files or defaults from being seen when performing an ordinary +ls command. Keeping a user from accessing a file at all, however, involves working with permissions on files and or directories.

+The first option we should discuss is the boolean +hide +dot +files. This option does exactly what it says. When set to +yes, the option treats files beginning with a period (.) as hidden. If set to +no, those files are always shown. The important thing to remember is that the files are only hidden. If the user has chosen to show all hidden files while browsing (e.g., using the Folder Options menu item under the View menu in Windows 98), they will still be able to see the files, as shown in +Figure 5.2.

+ +Figure 5.2: Hidden files in the [data] share

Figure 5.2

+Instead of simply hiding files beginning with a dot, you can also specify a string pattern to Samba for files to hide, using the +hide +files option. For example, let's assume that we specified the following in our example +[data] share:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	hide files = /*.java/*README*/

+Each entry for this option must begin, end, or be separated from another with a slash (/) character, even if there is only one pattern listed. This convention allows spaces to appear in filenames. In this example, the share directory would appear as shown in +Figure 5.3. Again, note that we have set the Windows 98 option to view hidden files for the window.

+ +Figure 5.3: Hiding files based on filename patterns

Figure 5.3

If we want to prevent users from seeing files at all, we can instead use the +veto +files option. This option, which takes the same syntax as the +hide +files option, specifies a list of files that should never be seen by the user. For example, let's change the +[data] share to the following:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	veto files = /*.java/*README*/

+The syntax of this option is identical to the +hide +files configuration option: each entry must begin, end, or be separated from another with a slash (/) character, even if there is only one pattern listed. By doing so, the files +hello.java and +README will simply disappear from the directory, and the user will not be able to access them through SMB.

+There is one other question that we need to address. What happens if the user tries to delete a directory that contains vetoed files? This is where the +delete +veto +files option comes in. If this boolean option is set to +yes, the user is allowed to delete both the regular files and the vetoed files in the directory, and the directory itself will be removed. If the option is set to +no, the user will not be able to delete the vetoed files, and consequently the directory will not be deleted either. From the user's perspective, the directory will appear to be empty, but cannot be removed.

+The +dont +descend directive specifies a list of directories whose contents Samba should not allow to be visible. Note that we say +contents, not the directory itself. Users will be able to enter a directory marked as such, but they are prohibited from descending the directory tree any farther - they will always see an empty folder. For example, let's use this option with a more basic form of the share that we defined earlier in the chapter:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	dont descend = config defaults

+In addition, let's assume that the +/home/samba/data directory has the following contents:

+drwxr-xr-x   6 tom      users     1024 Jun 13 09:24 .
+drwxr-xr-x   8 root     root      1024 Jun 10 17:53 ..
+-rw-r--r--   2 tom      users     1024 Jun  9 11:43 README
+drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 config
+drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 defaults
+drwxr-xr-x   3 tom      users     1024 Jun 13 09:28 market

+If the user then connects to the share, he or she would see the directories shown in +Figure 5.4. However, the contents of the +/config and +/defaults directories would appear empty to the user, even if other folders or files existed in them. In addition, users cannot write any data to the folder (which prevents them from creating a file or folder with the same name as one that is already there but invisible). If a user attempts to do so, he or she will receive an "Access Denied" message. +dont +descend is an administrative option, not a security option, and is not a substitute for good file permissions.

+ +Figure 5.4: Contents of the [data] share with dont descend

Figure 5.4
+

+ +5.2.2 Links

DOS and NT filesystems don't have symbolic links; Windows 95/98/NT systems approximate this with "shortcuts" instead. Therefore, when a client tries to open a symbolic link on a Samba server share, Samba attempts to follow the link to find the real file and let the client open it, as if he or she were on a Unix machine. If you don't want to allow this, set the +follow +symlinks option:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	follow symlinks = no

+You can test this by creating a directory on the Unix server inside the share as the user that you are logging in with. Enter the following commands:

+% mkdir hello; cd hello
+% cat "This is a test" >hello.txt
+% ln -s hello.txt "Link to hello"

+This results in the two files shown in the window in +Figure 5.5. Normally, if you click on either one, you will receive a file which has the text "This is a test" inside of it. However, with the +follow +symlinks option set to +no, you should receive an error similar to the dialog in +Figure 5.5 if you click on "Link to hello."

+ +Figure 5.5: An error dialog trying to follow symbolic links when forbidden by Samba

Figure 5.5

+Finally, let's discuss the +wide +links option. This option, if set to +yes, allows the client user to follow symbolic links that point outside the shared directory tree, including files or directories at the other end of the link. For example, let's assume that we modified the +[data] share as follows:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	case sensitive = no
+	follow symlinks = yes
+	wide links = yes

+As long as the +follow +symlinks option is enabled, this will cause Samba to follow all symbolic links outside the current share tree. If we create a file outside the share (for example, in someone's home directory) and then create a link to it in the share as follows:

+ln -s ~tom/datafile ./datafile

+then you will be able to open the file in Tom's directory as per the target file's permissions.

+

+ +5.2.3 Filesystem Options

+Table 5.4 shows a breakdown of the options we discussed earlier. We recommend the defaults for most, except those listed in the following descriptions.


+ + + + + + + + + + + + + +
+ +Table 5.4: Filesystem Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +unix realname

 +

+boolean

 +

+Provides Unix user's full name to client.

 +

+ +no

 +

+Global

+

+ +dont descend

 +

+string (list of directories)

 +

+Indicates a list of directories whose contents Samba should make invisible to clients.

 +

+None

 +

+Share

+

+ +follow symlinks

 +

+boolean

 +

+If set to +no, Samba will not honor symbolic links.

 +

+ +yes

 +

+Share

+

+ +getwd cache

 +

+boolean

 +

+If set to +yes, Samba will use a cache for +getwd() calls.

 +

+ +yes

 +

+Global

+

+ +wide links

 +

+boolean

 +

+If set to +yes, Samba will follow symbolic links outside the share.

 +

+ +yes

 +

+Share

+

+ +hide dot files

 +

+boolean

 +

+If set to +yes, treats Unix hidden files as hidden files in Windows.

 +

+ +yes

 +

+Share

+

+ +hide files

 +

+string (list of files)

 +

+List of file patterns to treat as hidden.

 +

+None

 +

+Share

+

+ +veto files

 +

+string (list of files)

 +

+List of file patterns to never show.

 +

+None

 +

+Share

+

+ +delete veto files

 +

+boolean

 +

+If set to +yes, will delete files matched by +veto files when the directory they reside in is deleted.

 +

+ +no

 +

+Share

+

+ +5.2.3.1 unix realname

+Some programs require a full username in order to operate. For example, a Windows email program often needs to associate a username with a given real name. If your system password file contains the real names of users in the GCOS field, the +unix +realname option instructs Samba to provide this information to clients. Without it, the name of the user will simply be his or her login ID. For example, if your Unix password file contains the following line:

+rcollins:/KaBfco47Rer5:500:500:Robert Collins:
+/home/rcollins:/bin/ksh

+And the option in the configuration file is:

+[global]
+	unix realname = yes

+then the name Robert Collins will be provided to any client that requests the real name of user +rcollins. You typically don't need to bother with this option.

+

+ +5.2.3.2 dont descend

+The +dont +descend option can be used to specify various directories that should appear empty to the client. Note that the directory itself will still appear. However, Samba will not show any of the contents of the directory to the client user. This is not a good option to use as a security feature (a user could probably find a way around it); it really is meant only as a convenience to keep client users from browsing into directories that might have sensitive files. See our example earlier in this section.

+

+ +5.2.3.3 follow symlinks

This option, which is discussed in greater detail earlier, controls whether Samba will follow a symbolic link in the Unix operating system to the target, or if it should return an error to the client user. If the option is set to +yes, the target of the link will be interpreted as the file.

+

+ +5.2.3.4 getwd cache

+This global option specifies whether Samba should use a local cache for the Unix +getwd() (get current working directory) system call. You can override the default value of +yes as follows:

+[global]
+	getwd cache = no

+Setting this option to +yes can significantly increase the time it takes to resolve the working directory, especially if the +wide +links option is set to +no. You should normally not need to alter this option.

+

+ +5.2.3.5 wide links

+This option specifies whether the client user can follow symbolic links that point outside the shared directory tree. This includes any files or directories at the other end of the link, as long as the permissions are correct for the user. The default value for this option is +yes. Note that this option will not be honored if the +follow +symlinks options is set to +no. Setting this option to +no slows +smbd considerably.

+

+ +5.2.3.6 hide files

The +hide +files option provides one or more directory or filename patterns to Samba. Any file matching this pattern will be treated as a hidden file from the perspective of the client. Note that this simply means that the DOS hidden attribute is set, which may or may not mean that the user can actually see it while browsing.

+Each entry in the list must begin, end, or be separated from another entry with a slash (/) character, even if there is only one pattern listed. This allows spaces to appear in the list. Asterisks can be used as a wildcard to represent zero or more characters. Questions marks can be used to represent exactly one character. For example:

+hide files = /.jav*/README.???/
+

+ +5.2.3.7 hide dot files

+The +hide +dot +files option hides any files on the server that begin with a dot (.) character, in order to mimic the functionality behind several shell commands that are present on Unix systems. Like +hide +files, those files that begin with a dot have the DOS hidden attribute set, which doesn't necessarily guarantee that a client cannot view them. The default value for this option is +yes.

+

+ +5.2.3.8 veto files

+More stringent than the hidden files state is the state provided by the +veto +files configuration option. Samba won't even admit these files exist. You cannot list or open them from the client. In reality, this isn't a trustworthy security option. It is actually a mechanism to keep PC programs from deleting special files, such as ones used to store the resource fork of a Macintosh file on a Unix filesystem. If both Windows and Macs are sharing the same files, this can prevent ill-advised power users from removing files the Mac users need.

+The syntax of this option is identical to that of the +hide +files configuration option: each entry must begin, end, or be separated from another with a slash (/) character, even if only one pattern is listed. Asterisks can be used as a wildcard to represent zero or more characters. Questions marks can be used to represent exactly one character. For example:

+veto files = /*config/*default?/

+This option is primarily administrative - not a substitute for good file permissions.

+

+ +5.2.3.9 delete veto files

This option tells Samba to delete vetoed files when a user attempts to delete the directory in which they reside. The default value is +no. This means if a user tries to delete a directory that contains a vetoed file, the file (and the directory) will not be deleted. Instead, the directory will remain and appear to be empty from the perspective of the user. If set to +yes, the directory and the vetoed files will be deleted.

+
+
+
+ + +
+ +Previous: 5.1 Browsing + + + +Next: 5.3 File Permissions and Attributes on MS-DOS and Unix
+5.1 Browsing + +Book Index +5.3 File Permissions and Attributes on MS-DOS and Unix
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch05_03.html b/docs/htmldocs/using_samba/ch05_03.html new file mode 100644 index 00000000000..aaa5648c6cb --- /dev/null +++ b/docs/htmldocs/using_samba/ch05_03.html @@ -0,0 +1,426 @@ + + + +[Chapter 5] 5.3 File Permissions and Attributes on MS-DOS and Unix + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 5.2 Filesystem Differences + + + +Chapter 5
+Browsing and Advanced Disk Shares 		+ +Next: 5.4 Name Mangling and Case
 
+ +
+
+

+ +5.3 File Permissions and Attributes on MS-DOS and Unix

DOS was never intended to be a multiuser, networked operating system. Unix, on the other hand, was designed that way from the start. Consequently, there are inconsistencies and gaps in coverage between the two filesystems that Samba must not only be aware of, but also provide solutions for. One of the biggest gaps is how Unix and DOS handle permissions with files.

+Let's take a look at how Unix assigns permissions. All Unix files have read, write, and execute bits for three classifications of users: owner, group, and world. These permissions can be seen at the extreme left-hand side when a +ls +-al command is issued in a Unix directory. For example:

+-rwxr--r--   1 tom     users   2014 Apr 13 14:11 access.conf

+Windows, on the other hand, has four principal bits that it uses with any file: read-only, system, hidden, and archive. You can view these bits by right-clicking on the file and choosing the Properties menu item. You should see a dialog similar to +Figure 5.6.[1]

+
+

+[1] The system checkbox will probably be greyed for your file. Don't worry about that - you should still be able to see when the box is checked and when it isn't.

+ +Figure 5.6: DOS and Windows file properties

Figure 5.6

+The definition of each of those bits follows:

+
Read-only
+

+The file's contents can be read by a user but cannot be written to.

System
+

+This file has a specific purpose required by the operating system.

Hidden
+

+This file has been marked to be invisible to the user, unless the operating systems is explicitly set to show it.

Archive
+

+This file has been touched since the last DOS backup was performed on it.

+Note that there is no bit to specify that a file is executable. DOS and Windows NT filesystems identify executable files by giving them the extensions .EXE, .COM, .CMD, or .BAT.

+Consequently, there is no use for any of the three Unix executable bits that are present on a file in a Samba disk share. DOS files, however, have their own attributes that need to be preserved when they are stored in a Unix environment: the archive, system, and hidden bits. Samba can preserve these bits by reusing the executable permission bits of the file on the Unix side - if it is instructed to do so. Mapping these bits, however, has an unfortunate side-effect: if a Windows user stores a file in a Samba share, and you view it on Unix with the +ls +-al command, some of the executable bits won't mean what you'd expect them to.

+Three Samba options decide whether the bits are mapped: +map +archive, +map +system, and +map +hidden. These options map the archive, system, and hidden attributes to the owner, group, and world execute bits of the file, respectively. You can add these options to the +[data] share, setting each of their values as follows:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	map archive = yes
+	map system = yes
+	map hidden = yes

+After that, try creating a file in the share under Unix - such as +hello.java - and change the permissions of the file to 755. With these Samba options set, you should be able to check the permissions on the Windows side and see that each of the three values has been checked in the Properties dialog box. What about the read-only attribute? By default, Samba 2.0 sets this whenever a file does not have the Unix owner write permission bit set. In other words, you can set this bit by changing the permissions of the file to 555.

+We should warn you that the default value of the +map +archive option is +yes, while the other two options have a default value of +no. This is because many programs do not work properly if the archive bit is not stored correctly for DOS and Windows files. The system and hidden attributes, however, are not critical for a program's operation and are left to the discretion of the administrator.

+ +Figure 5.7 summarizes the Unix permission bits and illustrates how Samba maps those bits to DOS attributes. Note that the group read/write and world read/write bits do not directly translate to a DOS attribute, but they still retain their original Unix definitions on the Samba server.

+ +Figure 5.7: How Samba and Unix view the permissions of a file

Figure 5.7
+

+ +5.3.1 Creation masks

+Samba has several options to help with file creation masks. File creation masks (or +umasks) help to define the permissions a file or directory will receive at the time it is created. In Unix, this means that you can control what permissions a file or directory does not have when it is created. For files accessed from Windows, this means you can disable the read-only, archive, system, and hidden attributes of a file as well.

+For example, the +create +mask option will force the permissions of a file created by a Windows client to be at most 744:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	create mask = 744

+while the +directory +mask option shown here will force the permissions of a newly created directory to be at most 755:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+	directory mask = 755

+Alternatively, you can also force various bits with the +force +create +mode and +force +directory +mode options. These options will perform a logical OR against the file and directory creation masks, ensuring that those bits that are specified will always be set. You would typically set these options globally in order to ensure that group and world read/write permissions have been set appropriately for new files or directories in each share.

+In the same spirit, if you wish to explicitly set the Unix user and group attributes of a file that is created on the Windows side, you can use the +force +user and +force +group options. For example:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+
+	create mask = 744
+	directory mask = 755
+	force user = joe
+	force group = accounting

+These options actually assign a static Unix user and group to each connection that is made to a share. However, this occurs +after the client authenticates; it does not allow free access to a share. These options are frequently used for their side effects of assigning a specific user and group to each new file or directory that is created in a share. Use these options with discretion.

+Finally, one of the capabilities of Unix that DOS lacks is the ability to delete a read-only file from a writable directory. In Unix, if a directory is writable, a read-only file in that directory can still be removed. This could permit you to delete files in any of your directories, even if the file was left by someone else.

+DOS filesystems are not designed for multiple users, and so its designers decided that read-only means "protected against accidental change, including deletion," rather than "protected against some other user on a single-user machine." So the designers of DOS prohibited removal of a read-only file. Even today, Windows file systems exhibit the same behavior.

+Normally, this is harmless. Windows programs don't try to remove read-only files because they know it's a bad idea. However, a number of source-code control programs - which were first written for Unix - run on Windows and require the ability to delete read-only files. Samba permits this behavior with the +delete +readonly option. In order to enable this functionality, set the option to +yes:

+[data]
+	path = /home/samba/data
+	browseable = yes
+	guest ok = yes
+	writeable = yes
+
+	create mask = 744
+	directory mask = 755
+	force user = joe
+	force group = accounting
+	delete readonly = yes
+

+ +5.3.2 File and Directory Permission Options

The options for file and directory permissions are summarized in +Table 5.5; each option is then described in detail.


+ + + + + + + + + + + + + + +
+ +Table 5.5: File and Directory Permission Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +map archive

 +

+boolean

 +

+Preserve DOS archive attribute in user execute bit (0100).

 +

+ +yes

 +

+Share

+

+ +map system

 +

+boolean

 +

+Preserve DOS system attribute in group execute bit (0010).

 +

+ +no

 +

+Share

+

+ +map hidden

 +

+boolean

 +

+Preserve DOS hidden attribute in world execute bit (0001).

 +

+ +no

 +

+Share

+

+ +create mask (create mode)

 +

+numeric

 +

+Sets the maximum permissions for files created by Samba.

 +

+ +0744

 +

+Share

+

+ +directory mask (directory mode)

 +

+numeric

 +

+Sets the maximum permissions for directories created by Samba.

 +

+ +0755

 +

+Share

+

+ +force create mode

 +

+numeric

 +

+Forces the specified permissions (bitwise or) for directories created by Samba.

 +

+ +0000

 +

+Share

+

+ +force directory mode

 +

+numeric

 +

+Forces the specified permissions (bitwise or) for directories created by Samba.

 +

+ +0000

 +

+Share

+

+ +force group (group)

 +

+string (group name)

 +

+Sets the effective group for a user accessing this share.

 +

+None

 +

+Share

+

+ +force user

 +

+string (username)

 +

+Sets the effective username for a user accessing this share.

 +

+None

 +

+Share

+

+ +delete readonly

 +

+boolean

 +

+Allows a user to delete a read-only file from a writable directory.

 +

+ +no

 +

+Share

+

+ +5.3.2.1 create mask

+The argument for this option is an octal number indicating which permission flags may be set at file creation by a client in a share. The default is 0755, which means the Unix owner can at most read, write, and optionally execute his or her own files, while members of the user's group and others can only read or execute them. If you need to change it for non-executable files, we recommend 0644, or +rw-r--r--. Keep in mind that the execute bits may be used by the server to map certain DOS file attributes, as described earlier. If you're altering the create mask, those bits have to be part of the create mask as well.

+

+ +5.3.2.2 directory mask

+The argument for this option is an octal number indicating which permission flags may be set at directory creation by a client in a share. The default is 0755, which allows everyone on the Unix side to at most read and traverse the directories, but allows only you to modify them. We recommend the mask 0750, removing access by world users.

+

+ +5.3.2.3 force create mode

+This option sets the permission bits that Samba will force to be set when a file permission change is made. It's often used to force group permissions, mentioned previously. It can also be used to preset any of the DOS attributes we mentioned: archive (0100), system (0010), or hidden (0001). This option always takes effect after the +map +archive, +map +system , +map +hidden, and +create +mask options.

+Many Windows applications rename their data files to +datafile.bak and create new ones, thus changing their ownership and permissions so that members of the same Unix group can't edit them. Setting +force create mask = 0660 will keep the new file editable by members of the group.

+

+ +5.3.2.4 force directory mode

+This option sets the permission bits which Samba will force when a directory permission change is made or a directory is created. It's often used to force group permissions, as mentioned previously. This option defaults to 0000, and can be used just like the +force +create +mode to add group or other permissions if needed. This option always takes effect after the +map +archive, +map +system, +map +hidden, and +directory +mask options.

+

+ +5.3.2.5 force group

+This option, sometimes called +group, assigns a static group ID that will be used on all connections to a service after the client has successfully authenticated. This assigns a specific group to each new file or directory created from an SMB client.

+

+ +5.3.2.6 force user

+The +force +user option assigns a static user ID that will be used on all connections to a service after the client has successfully authenticated. This assigns a specific user to each new file or directory created from an SMB client.

+

+ +5.3.2.7 delete readonly

This option allows a user to delete a directory containing a read-only file. By default, DOS and Windows will not allow such an operation. You probably will want to leave this option turned off unless a program needs this capability; many Windows users would be appalled to find that they'd accidentally deleted a file which they had set read-only. In fact, even the Unix +rm command will ask users if they really want to override the protection and delete read-only files. It's a good idea to have Samba be at least as cautious.

+

+ +5.3.2.8 map archive

+The DOS archive bit is used to flag a file that has been changed since it was last archived (e.g., backed up with the DOS archive program.) Setting the Samba option +map +archive += +yes causes the DOS archive flag to be mapped to the Unix execute-by-owner (0100) bit. It's best to leave this option on if your Windows users are doing their own backups, or are using programs that require the archive bit. Unix lacks the notion of an archive bit entirely. Backup programs typically keep a file that lists what files were backed up on what date, so comparing file modification dates serves the same purpose.

+Setting this option to +yes causes an occasional surprise on Unix when a user notices that a data file is marked as executable, but rarely causes harm. If a user tries to run it, he or she will normally get a string of error messages as the shell tries to execute the first few lines as commands. The reverse is also possible; an executable Unix program looks like it hasn't been backed up recently on Windows. But again, this is rare, and is usually harmless.

+

+ +5.3.2.9 map system

+The DOS system attribute is used to indicate files that are required by the operating system, and should not be deleted, renamed, or moved without special effort. Set this option only if you need to store Windows system files on the Unix file server. Executable Unix programs will appear to be non-removable special Windows files when viewed from Windows clients. This may prove mildly inconvenient if you want to move or remove one. For most sites, however, this is fairly harmless.

+

+ +5.3.2.10 map hidden

DOS uses the hidden attribute to indicate that a file should not ordinarily be visible in directory listings. Unix doesn't have such a facility; it's up to individual programs (notably the shell) to decide what to display and what not to display. Normally, you won't have any DOS files that need to be hidden, so the best thing to do is to leave this option turned off.

+Setting this option to +yes causes the server to map the hidden flag onto the executable-by-others bit (0001). This feature can produce a rather startling effect. Any Unix program that is executable by world seems to vanish when you look for it from a Windows client. If this option is not set, however, and a Windows user attempts to mark a file hidden on a Samba share, it will not work - Samba has no place to store the hidden attribute!

+
+
+
+ + +
+ +Previous: 5.2 Filesystem Differences + + + +Next: 5.4 Name Mangling and Case
+5.2 Filesystem Differences + +Book Index +5.4 Name Mangling and Case
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch05_04.html b/docs/htmldocs/using_samba/ch05_04.html new file mode 100644 index 00000000000..e506445c103 --- /dev/null +++ b/docs/htmldocs/using_samba/ch05_04.html @@ -0,0 +1,433 @@ + + + +[Chapter 5] 5.4 Name Mangling and Case + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 5.3 File Permissions and Attributes on MS-DOS and Unix + + + +Chapter 5
+Browsing and Advanced Disk Shares 		+ +Next: 5.5 Locks and Oplocks
 
+ +
+
+

+ +5.4 Name Mangling and Case

Back in the days of DOS and Windows 3.1, every filename was limited to eight upper-case characters, followed by a dot, and three more uppercase characters. This was known as the +8.3 format, and was a huge nuisance. Windows 95/98, Windows NT, and Unix have since relaxed this problem by allowing many more case-sensitive characters to make up a filename. +Table 5.6 shows the current naming state of several popular operating systems.


+ + + + + + + + + +
+ +Table 5.6: Operating System Filename Limitations
+

+Operating System

 +

+File Naming Rules

+

+DOS 6.22 or below

 +

Eight characters followed by a dot followed by a three-letter extension (8.3 format); case insensitive

+

+Windows 3.1 for Workgroups

 +

+Eight characters followed by a dot followed by a three-letter extension (8.3 format); case insensitive

+

+Windows 95/98

 +

+127 characters; case sensitive

+

+Windows NT

 +

+127 characters; case sensitive

+

+Unix

 +

+255 characters; case sensitive

Samba still has to remain backwards compatible with network clients who store files only in the 8.3 format, such as Windows for Workgroups. If a user creates a file on a share called +antidisestablishmentarianism.txt, a Windows for Workgroups client couldn't tell it apart from another file in the same directory called +antidisease.txt. Like Windows 95/98 and Windows NT, Samba has to employ a special methodology of translating a long filename to an 8.3 filename in such a way that similar filenames will not cause collisions. This is called +name mangling, and Samba deals with this in a manner that is similar, but not identical to, Windows 95 and its successors.

+

+ +5.4.1 The Samba Mangling Operation

Here is how Samba mangles a long filename into an 8.3 filename:

    +
  • +

    + +If the original filename does not begin with a dot, up to the first five alphanumeric characters that occur before the last dot (if there is one) are converted to uppercase. These characters are used as the first five characters of the 8.3 mangled filename.

  • +

    + +If the original filename begins with a dot, the dot is removed and up to the first five alphanumeric characters that occur before the last dot (if there is one) are converted to uppercase. These characters are used as the first five characters of the 8.3 mangled filename.

  • +

    + +These characters are immediately followed a special mangling character: by default, a tilde (~), although Samba allows you to change this character.

  • +

    + +The base of the long filename before the last period is hashed into a two-character code; parts of the name after the last dot may be used if necessary. This two character code is appended to the 8.3 filename after the mangling character.

  • +

    + +The first three characters after the last dot (if there is one) of the original filename are converted to uppercase and appended onto the mangled name as the extension. If the original filename began with a dot, three underscores (___) are used as the extension instead.

+Here are some examples:

+virtuosity.dat                       VIRTU~F1.DAT
+.htaccess                            HTACC~U0.___
+hello.java                           HELLO~1F.JAV
+team.config.txt                      TEAMC~04.TXT
+antidisestablishmentarianism.txt     ANTID~E3.TXT
+antidiseast.txt                      ANTID~9K.TXT

+Using these rules will allow Windows for Workgroups to differentiate the two files on behalf of the poor individual who is forced to see the network through the eyes of that operating system. Note that the same long filename should always hash to the same mangled name with Samba; this doesn't always happen with Windows. The downside of this approach is that there can still be collisions; however, the chances are greatly reduced.

+You generally want to use the mangling configuration options with only the oldest clients. We recommend doing this without disrupting other clients by adding an +include directive to the +smb.conf file:

+[global]
+	include = /ucsr/local/samba/lib/smb.conf.%m

+This resolves to +smb.conf.WfWg when a Window for Workgroups client attaches. Now you can create a file +/usr/local/samba/lib/smb.conf.WfWg which might contain these options:

+[global]
+	case sensitive = no
+	default case = upper
+	preserve case = no
+	short preserve case = no
+	mangle case = yes
+	mangled names= yes

+If you are not using Windows for Workgroups 3.1, then you probably do not need to change any of these options from their defaults.

+

+ +5.4.1.1 Representing and resolving filenames with Samba

Another item that we should point out is that there is a difference between how an operating system +represents a file and how it +resolves it. For example, if you've used Windows 95/98/NT, you have likely run across a file called +README.TXT. The file can be represented by the operating system entirely in uppercase letters. However, if you open an MS-DOS prompt and enter the command +edit +readme.txt, the all-caps file is loaded into the editing program, even though you typed the name in lowercase letters!

+This is because the Windows 95/98/NT family of operating systems resolves files in a case-insensitive manner, even though the files are represented it in a case-sensitive manner. Unix-based operating systems, on the other hand, always resolve files in a case-sensitive manner; if you try to edit +README.TXT with the command +vi +readme.txt, you will likely be editing the empty buffer of a new file.

+Here is how Samba handles case: if the +preserve +case is set to +yes, Samba will always use the case provided by the operating system for representing (not resolving) filenames. If it is set to +no, it will use the case specified by the +default +case option. The same is true for +short +preserve +case. If this option is set to +yes, Samba will use the default case of the operating system for representing 8.3 filenames; otherwise it will use the case specified by the +default +case option. Finally, Samba will always resolve filenames in its shares based on the value of the +case +sensitive option.

+

+ +5.4.2 Mangling Options

Samba allows you to give it more refined instructions on how it should perform name mangling, including those controlling the case sensitivity, the character inserted to form a mangled name, and the ability to manually map filenames from one format to another. These options are shown in +Table 5.7.


+ + + + + + + + + + + + + +
+ +Table 5.7: Name Mangling Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +case sensitive

+ +(casesignames)

 +

+boolean

 +

+If +yes, Samba will treat filenames as case-sensitive (Windows doesn't).

 +

+ +no

 +

+Share

+

+ +default case

 +

+(upper or +lower)

 +

+Case to assume as default (only used when preserve case is +no).

 +

+Lower

 +

+Share

+

+ +preserve case

 +

+boolean

 +

+If +yes, keep the case the client supplied (i.e., do not convert to +default case).

 +

+ +yes

 +

+Share

+

+ +short preserve case

 +

+boolean

 +

+If +yes, preserve case of 8.3-format names that the client provides.

 +

+ +yes

 +

+Share

+

+ +mangle case

 +

+boolean

 +

+Mangle a name if it is mixed case.

 +

+ +no

 +

+Share

+

+ +mangled names

 +

+boolean

 +

+Mangles long names into 8.3 DOS format.

 +

+ +yes

 +

+Share

+

+ +mangling char

 +

+string (single character)

 +

+Gives mangling character.

 +

+ +~

 +

+Share

+

+ +mangled stack

 +

+numerical

 +

+Number of mangled names to keep on the local mangling stack.

 +

+ +50

 +

+Global

+

+ +mangled map

 +

+string (list of patterns)

 +

+Allows mapping of filenames from one format into another.

 +

+None

 +

+Share

+

+ +5.4.2.1 case sensitive

This share-level option, which has the obtuse synonym +casesignames, specifies whether Samba should preserve case when resolving filenames in a specific share. The default value for this option is +no, which is how Windows handles file resolution. If clients are using an operating system that takes advantage of case-sensitive filenames, you can set this configuration option to +yes as shown here:

+[accounting]
+	case sensitive = yes

+Otherwise, we recommend that you leave this option set to its default.

+

+ +5.4.2.2 default case

+The +default +case option is used with +preserve +case. This specifies the default case (upper or lower) that Samba will use when it creates a file on one of its shares on behalf of a client. The default case is +lower, which means that newly created files will use the mixed-case names given to them by the client. If you need to, you can override this global option by specifying the following:

+[global]
+	default case = upper

+If you specify this value, the names of newly created files will be translated into uppercase, and cannot be overridden in a program. We recommend that you use the default value unless you are dealing with a Windows for Workgroups or other 8.3 client, in which case it should be +upper.

+

+ +5.4.2.3 preserve case

+This option specifies whether a file created by Samba on behalf of the client is created with the case provided by the client operating system, or the case specified by the +default +case configuration option above. The default value is +yes, which uses the case provided by the client operating system. If it is set to +no, the value of the +default +case option is used.

+Note that this option does not handle 8.3 file requests sent from the client - see the +short +preserve +case option below. You may want to set this option to +yes if applications that create files on the Samba server are sensitive to the case used when creating the file. If you want to force Samba, for example, to mimic the behavior of a Windows NT filesystem, you can leave this option to its default, +yes.

+

+ +5.4.2.4 short preserve case

+This option specifies whether an 8.3 filename created by Samba on behalf of the client is created with the default case of the client operating system, or the case specified by the +default +case configuration option. The default value is +yes, which uses the case provided by the client operating system. You can let Samba choose the case through the +default +case option by setting it as follows:

+[global]
+	short preserve case = no

+If you want to force Samba to mimic the behavior of a Windows NT filesystem, you can leave this option set to its default, +yes.

+

+ +5.4.2.5 mangled names

+This share-level option specifies whether Samba will mangle filenames for 8.3 clients in that share. If the option is set to +no, Samba will not mangle the names and (depending on the client), they will either be invisible or appear truncated to those using 8.3 operating systems. The default value is +yes. You can override it per share as follows:

+[data]
+	mangled names = no
+

+ +5.4.2.6 mangle case

+This option tells Samba whether it should mangle filenames that are not composed entirely of the case specified using the +default +case configuration option. The default for this option is +no. If you set it to +yes, you should be sure that all clients will be able to handle the mangled filenames that result. You can override it per share as follows:

+[data]
+	mangle case = yes

+We recommend that you leave this option alone unless you have a well-justified need to change it.

+

+ +5.4.2.7 mangling char

+This share-level option specifies the mangling character used when Samba mangles filenames into the 8.3 format. The default character used is a tilde (~). You can reset it to whatever character you wish, for instance:

+[data]
+	mangling char = #
+

+ +5.4.2.8 mangled stack

+Samba maintains a local stack of recently mangled 8.3 filenames; this stack can be used to reverse map mangled filenames back to their original state. This is often needed by applications that create and save a file, close it, and need to modify it later. The default number of long filename/mangled filename pairs stored on this stack is 50. However, if you want to cut down on the amount of processor time used to mangle filenames, you can increase the size of the stack to whatever you wish, at the expense of memory and slightly slower file access.

+[global]
+	mangled stack = 100
+

+ +5.4.2.9 mangled map

+If the default behavior of name mangling is not sufficient, you can give Samba further instructions on how to behave using the +mangled +map option. This option allows you to specify mapping patterns that can be used before or even in place of name mangling performed by Samba. For example:

+[data]
+	mangled map =(*.database *.db) (*.class *.cls)

+Here, Samba is instructed to search each file it encounters for characters that match the first pattern specified in the parenthesis and convert them to the modified second pattern in the parenthesis for display on an 8.3 client. This is useful in the event that name mangling converts the filename incorrectly or to a format that the client cannot understand readily. Patterns are separated by whitespaces.

+
+
+
+ + +
+ +Previous: 5.3 File Permissions and Attributes on MS-DOS and Unix + + + +Next: 5.5 Locks and Oplocks
+5.3 File Permissions and Attributes on MS-DOS and Unix + +Book Index +5.5 Locks and Oplocks
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch05_05.html b/docs/htmldocs/using_samba/ch05_05.html new file mode 100644 index 00000000000..b0298624f87 --- /dev/null +++ b/docs/htmldocs/using_samba/ch05_05.html @@ -0,0 +1,399 @@ + + + +[Chapter 5] 5.5 Locks and Oplocks + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 5.4 Name Mangling and Case + + + +Chapter 5
+Browsing and Advanced Disk Shares 		+ +Next: 6. Users, Security, and Domains
 
+ +
+
+

+ +5.5 Locks and Oplocks

Concurrent writes to a single file are not desirable in any operating system. To prevent this, most operating systems use +locks to guarantee that only one process can write to a file at a time. Operating systems traditionally lock entire files, although newer ones allow a range of bytes within a file to be locked. If another process attempts to write to a file (or section of one) that is already locked, it will receive an error from the operating system and will wait until the lock is released.

+Samba supports the standard DOS and NT filesystem (deny-mode) locking requests, which allow only one process to write to an entire file on a server at a give time, as well as byte-range locking. In addition, Samba supports a new locking mechanism known in the Windows NT world as +opportunistic locking - +oplock for short.

+

+ +5.5.1 Opportunistic Locking

+Opportunistic locking allows a client to notify the Samba server that it will not only be the exclusive writer of a file, but will also cache its changes to that file on its own machine (and not on the Samba server) in order to speed up file access for that client. When Samba knows that a file has been opportunistically locked by a client, it marks its version as having an opportunistic lock and waits for the client to complete work on the file, at which point it expects the client to send the final changes back to the Samba server for synchronization.

+If a second client requests access to that file before the first client has finished working on it, Samba can send an +oplock break request to the first client. This tells the client to stop caching its changes and return the current state of the file to the server so that the interrupting client can use it as it sees fit. An opportunistic lock, however, is not a replacement for a standard deny-mode lock. It is not unheard of for the interrupting process to be granted an oplock break only to discover that the original process also has a deny-mode lock on a file as well. +Figure 5.8 illustrates this opportunistic locking process.

+ +Figure 5.8: Opportunistic locking

Figure 5.8

+In terms of locks, we highly recommend using the defaults provided by Samba: standard DOS/Windows deny-mode locks for compatibility and oplocks for the extra performance that local caching allows. If your operating system can take advantage of oplocks, it should provide significant performance improvements. Unless you have a specific reason for changing any of these options, it's best to leave them as they are.

+

+ +5.5.2 Unix and Locking

Windows systems cooperate well to avoid overwriting each other's changes. But if a file stored on a Samba system is accessed by a Unix process, this process won't know a thing about Windows oplocks and could easily ride roughshod over a lock. Some Unix systems have been enhanced to understand the Windows oplocks maintained by Samba. Currently the support exists only in SGI Irix 6.5.2f and later; Linux and FreeBSD should soon follow.

+If you have a system that understands oplocks, set +kernel +oplocks += +yes in the Samba configuration file. That should eliminate conflicts between Unix processes and Windows users.

+If your system does not support kernel oplocks, you could end up with corrupted data when somebody runs a Unix process that reads or writes a file that Windows users also access. However, Samba provides a rough protection mechanism in the absence of kernel oplocks: the +veto +oplock +files option. If you can anticipate which Samba files are used by both Windows users and Unix users, set their names in a +veto +oplock +files option. This will suppress the use of oplocks on matching filenames, which will supress client caching, and let the Windows and Unix programs use system locking or update times to detect competition for the same file. A sample option is: 

+veto oplock files = /*.dbm/

+This option allows both Unix processes and Windows users to edit files ending in the suffix +.dbm. Note that the syntax of this option is similar to +veto +files.

+Samba's options for locks and oplocks are given in +Table 5.8.


+ + + + + + + + + + + + + +
+ +Table 5.8: Locks and Oplocks Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +share modes

 +

boolean

 +

+If set to +yes, turns on support for DOS-style whole-file locks.

 +

+ +yes

 +

+Share

+

+ +locking

 +

+boolean

 +

+If +yes, turns on byte-range locks.

 +

+ +yes

 +

+Share

+

+ +strict locking

 +

+boolean

 +

+If +yes, denies access to an entire file if a byte-range lock exists in it.

 +

+ +no

 +

+Share

+

+ +oplocks

 +

+boolean

 +

+If +yes, turn on local caching of files on the client for this share.

 +

+ +yes

 +

+Share

+

+ +kernel oplocks

 +

+boolean

 +

+If +yes, indicates that the kernel supports oplocks.

 +

+ +yes

 +

+Global

+

+ +fake oplocks

 +

+boolean

 +

+If +yes, tells client the lock was obtained, but doesn't actually lock it.

 +

+ +no

 +

+Share

+

+ +blocking locks

+

+boolean

 +

+Allows lock requestor to wait for the lock to be granted.

 +

+ +yes

 +

+Share

+

+ +veto oplock files

 +

+string (list of filenames)

 +

+Does not oplock specified files.

 +

+None

 +

+Share

+

+ +lock directory

 +

+string (fully-qualified pathname)

 +

+Sets the location where various Samba files, including locks, are stored.

 +

+As specified in Samba makefile

 +

+Global

+

+ +5.5.2.1 share modes

+The most primitive locks available to Samba are deny-mode locks, known as +share modes, which are employed by programs such as text editors to avoid accidental overwriting of files. For reference, the deny-mode locks are listed in +Table 5.9.


+ + + + + + + + + + +
+ +Table 5.9: SMB Deny-Mode Locks
+

+Lock

 +

+Description

+

+ +DENY_NONE

 +

+Do not deny any other file requests.

+

+ +DENY_ALL

 +

+Deny all open requests on the current file.

+

+ +DENY_READ

 +

+Deny any read-only open requests on the current file.

+

+ +DENY_WRITE

 +

+Deny any write-only open requests on the current file.

+

+ +DENY_DOS

 +

+If opened for reading, others can read but cannot write to the file. If opened for writing, others cannot open the file at all.

+

+ +DENY_FCB

 +

+Obsolete.

+The +share +modes parameter, which enforces the use of these locks, is enabled by default. To disable it, use the following command:

+[accounting]
+	share modes = no

+We highly recommend against disabling the default locking mechanism unless you have a justifiable reason for doing so. Most Windows and DOS applications rely on these locking mechanisms in order to work correctly, and will complain bitterly if this functionality is taken away.

+

+ +5.5.2.2 locking

+The +locking option can be used to tell Samba to engage or disengage server-side byte-range locks on behalf of the client. Samba implements byte-range locks on the server side with normal Unix advisory locks and will consequently prevent other properly-behaved Unix processes from overwriting a locked byte range.

+This option can be specified per share as follows:

+[accounting]
+	locking = yes

+If the +locking option is set to +yes, the requestor will be delayed until the holder of either type of lock releases it (or crashes). If, however, the option is set to +no, no byte-range locks will be kept for the files, although requests to lock and unlock files will appear to succeed. The option is set to +yes by default; however, you can turn this option off if you have read-only media.

+

+ +5.5.2.3 strict locking

+This option checks every file access for a byte-range lock on the range of bytes being accessed. This is typically not needed if a client adheres to all the locking mechanisms in place. This option is set to +no by default; however, you can reset it per share as follows:

+[accounting]
+	strict locking = yes

+If this option is set to +yes, mandatory locks are enforced on any file with byte-range locks.

+

+ +5.5.2.4 blocking locks

+Samba also supports +blocking locks, a minor variant of range locks. Here, if the range of bytes is not available, the client specifies an amount of time that it's willing to wait. The server then caches the lock request, periodically checking to see if the file is available. If it is, it notifies the client; however, if time expires, Samba will tell the client that the request has failed. This strategy prevents the client from continually polling to see if the lock is available.

+You can disable this option per share as follows:

+[accounting]
+	blocking locks = no

+When set to +yes, blocking locks will be enforced on the file. If this option is set to +no, Samba behaves as if normal locking mechanisms are in place on the file. The default is +yes.

+

+ +5.5.2.5 oplocks

+This option enables or disables support for oplocks on the client. The option is enabled by default. However, you can disable it with the following command:

+[data]
+	oplocks = no

+If you are in an extremely unstable network environment or have many clients that cannot take advantage of opportunistic locking, it may be better to shut this Samba feature off. Oplocks should be disabled if you are accessing the same files from both Unix applications (such as +vi) and SMB clients (unless you are lucky enough to have an operating system that supports kernel oplocks as discussed earlier).

+

+ +5.5.2.6 fake oplocks

+Before opportunistic locking was available on Samba, the Samba daemons pretended to allow oplocks via the +fake +oplocks option. If this option was enabled, all clients were told that the file is available for opportunistic locking, and never warned of simultaneous access. This option is deprecated now that real oplocks are available on Samba.

+

+ +5.5.2.7 kernel oplocks

+If a Unix application separate from Samba tries to update a file that Samba has oplocked to a Windows client, it will likely succeed (depending on the operating system) and both Samba and the client will never be aware of it. However, if the local Unix operating system supports it, Samba can warn it of oplocked files, which can suspend the Unix process, notify the client via Samba to write its copy back, and only then allow the open to complete. Essentially, this means that the operating system kernel on the Samba system has the ability to handle oplocks as well as Samba.

+You can enable this behavior with the +kernel +oplocks option, as follows:

+[global]
+	kernel oplocks = yes

+Samba can automatically detect kernel oplocks and use them if present. At the time of this writing, this feature is supported only by SGI Irix 6.5.2f and later. However, Linux and FreeBSD support are expected in the near future. A system without kernel oplocks will allow the Unix process to update the file, but the client programs will notice the change only at a later time, if at all.

+

+ +5.5.2.8 veto oplock files

+You can provide a list of filenames that are never granted opportunistic locks with the +veto +oplock +files option. This option can be set either globally or on a per-share basis. For example:

+veto oplock files = /*.bat/*.htm/

+The value of this option is a series of patterns. Each pattern entry must begin, end, or be separated from another with a slash (/) character, even if there is only one pattern listed. Asterisks can be used as a wildcard to represent zero or more characters. Questions marks can be used to represent exactly one character.

+We recommend that you disable oplocks on any files that are meant to be updated by Unix or are intended to be shared by several processes simultaneously.

+

+ +5.5.2.9 lock directory

+This option (sometimes called +lock +dir) specifies the location of a directory where Samba will store SMB deny-mode lock files. Samba stores other files in this directory as well, such as browse lists and its shared memory file. If WINS is enabled, the WINS database is written to this directory as well. The default for this option is specified in the Samba makefile; it is typically +/usr/local/samba/var/locks. You can override this location as follows:

+[global]
+	lock directory = /usr/local/samba/locks

+You typically would not need to override this option, unless you want to move the lock files to a more standardized location, such as +/var/spool/locks.

+
+
+
+ + +
+ +Previous: 5.4 Name Mangling and Case + + + +Next: 6. Users, Security, and Domains
+5.4 Name Mangling and Case + +Book Index +6. Users, Security, and Domains
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch06_01.html b/docs/htmldocs/using_samba/ch06_01.html new file mode 100644 index 00000000000..439e66f3944 --- /dev/null +++ b/docs/htmldocs/using_samba/ch06_01.html @@ -0,0 +1,221 @@ + + + +[Chapter 6] Users, Security, and Domains + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 5.5 Locks and Oplocks + + +Chapter 6 + +Next: 6.2 Controlling Access to Shares
 
+ +
+
+

+ +6. Users, Security, and Domains

+

+ +Contents:
+ +Users and Groups
+ +Controlling Access to Shares
+ +Authentication Security
+ +Passwords
+ +Windows Domains
+ +Logon Scripts

+

+This chapter discusses how to configure users with the Samba server. This topic may seem straightforward at first, but you'll soon discover that there are several ancillary problems that can crop up. One issue that Samba administrators have difficulty with is user authentication - password and security problems are by far the most common support questions on the Samba mailing lists. Learning why various authentication mechanisms work on certain architectures (and don't on others) can save you a tremendous amount of time testing and debugging Samba users in the future.

+

+ + +6.1 Users and Groups

Before we start, we need to warn you up front that if you are connecting to Samba with a Windows 98 or NT 4.0 Workstation SP3, you need to configure your server for encrypted passwords before you can make a connection; otherwise, the clients will refuse to connect to the Samba server. This is because each of those Windows clients sends encrypted passwords, and Samba needs to be configured to expect and decrypt them. We'll show you how to set up Samba for this task later in the chapter, assuming you haven't already tackled this problem in Chapter 2, Installing Samba on a Unix System.

Let's start with a single user. The easiest way to set up a client user is to create a Unix account (and home directory) for that individual on the server, and notify Samba of the user's existence. You can do the latter by creating a disk share that maps to the user's home directory in the Samba configuration file, and restricting access to that user with the +valid +users option. For example:

+[dave]
+		path = /home/dave
+		comment = Dave's home directory
+		writeable = yes
+		valid users = dave

+The +valid +users option lists the users that will be allowed to access the share. In this case, only the user +dave is allowed to access the share. In the previous chapters, we specified that any user could access a disk share using the +guest +ok parameter. Because we don't wish to allow guest access, that option is absent here. We could grant both authenticated users and guest users access to a specific share if we wanted to. The difference between the two typically involves access rights for each of the files.

+Remember that you can abbreviate the user's home directory by using the +%H variable. In addition, you can use the Unix username variable +%u and/or the client username variable +%U in your options as well. For example:

+[dave]
+	comment = %U home directory
+	writeable = yes
+	valid users = dave
+	path = %H

+Both of these examples work as long as the Unix user that Samba uses to represent the client has read/write access to the directory referenced by the +path option. In other words, a client must first pass Samba's security mechanisms (e.g., encrypted passwords, the +valid users option, etc.) as well as the normal Unix file and directory permissions of its Unix-side user +before it can gain read/write access to a share.

+With a single user accessing a home directory, access permissions are taken care of when the operating system creates the user account. However, if you're creating a shared directory for group access, there are a few more steps you need to perform. Let's take a stab at a group share for the accounting department in the +smb.conf file:

+[accounting]
+	comment = Accounting Department Directory
+	writeable = yes
+	valid users = @account
+	path = /home/samba/accounting
+	create mode = 0660
+	directory mode = 0770

+The first thing that you might notice we did differently is to specify +@account as the valid user instead of one or more individual usernames. This is shorthand for saying that the valid users are represented by the Unix group +account. These users will need to be added to the group entry +account in the system group file (/etc/group or equivalent) to be recognized as part of the group. Once they are, Samba will recognize those users as valid users for the share.

+In addition, you will need to create a shared directory that the members of the group can access, which is pointed to by the +path configuration option. Here are the Unix commands that create the shared directory for the accounting department (assuming +/home/samba already exists):

# mkdir /home/samba/accounting
+# chgrp account /home/samba/accounting
+# chmod 770 /home/samba/accounting

+There are two other options in this +smb.conf example, both of which we saw in the previous chapter. These options are +create +mode and +directory +mode. These options set the maximum file and directory permissions that a new file or directory can have. In this case, we have denied all world access to the contents of this share. (This is reinforced by the +chmod command, shown earlier.).

+

+ +6.1.1 The [homes] Share

+Let's return to user shares for a moment. If we have several users to set up home directory shares for, we probably want to use the special +[homes] share that we introduced in Chapter 5, Browsing and Advanced Disk Shares. With the +[homes] share, all we need to say is: 

+[homes]
+
+	browsable = no
+	writable = yes

+The +[homes] share is a special section of the Samba configuration file. If a user attempts to connect to an ordinary share that doesn't appear in the +smb.conf file (such as specifying it with a UNC in Windows Explorer), Samba will search for a +[homes] share. If one exists, the incoming share name is assumed to be a username and is queried as such in the password database (/etc/passwd or equivalent) file of the Samba server. If it appears, Samba assumes the client is a Unix user trying to connect to his or her home directory.

+As an illustration, let's assume that +sofia is attempting to connect to a share called [sofia] on the Samba server. There is no share by that name in the configuration file, but a +[homes] share exists and user +sofia is present in the password database, so Samba takes the following steps:

    +
  1. +

    + +Samba creates a new disk share called +[sofia] with the +path specified in the +[homes] section. If there is no +path option specified in +[homes], Samba initializes it to her home directory.

  2. +

    + +Samba initializes the new share's options from the defaults in +[globals], and any overriding options in +[homes] with the exception of +browseable.

  3. +

    + +Samba connects +sofia's client to that share.

+The +[homes] share is a fast, painless way to create shares for your user community without having to duplicate the information from the password database file in the +smb.conf file. It does have some peculiarities, however, that we need to point out:

    +
  • +

    + +The +[homes] section can represent any account on the machine, which isn't always desirable. For example, it can potentially create a share for +root, +bin, +sys, +uucp, and the like. (You can set a global +invalid +users option to protect against this.)

  • +

    + +The meaning of the +browseable configuration option is different from other shares; it indicates only that a +[homes] section won't show up in the local browse list, not that the +[alice] share won't. When the +[alice] section is created (after the initial connection), it will use the browsable value from the +[globals] section for that share, not the value from +[homes].

+As we mentioned, there is no need for a path statement in +[homes] if the users have Unix home directories in the server's +/etc/passwd file. You should ensure that a valid home directory does exist, however, as Samba will not automatically create a home directory for a user, and will refuse a tree connect if the user's directory does not exist or is not accessible.

+
+
+
+ + +
+ +Previous: 5.5 Locks and Oplocks + + + +Next: 6.2 Controlling Access to Shares
+5.5 Locks and Oplocks + +Book Index +6.2 Controlling Access to Shares
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch06_02.html b/docs/htmldocs/using_samba/ch06_02.html new file mode 100644 index 00000000000..a5b7bf4d520 --- /dev/null +++ b/docs/htmldocs/using_samba/ch06_02.html @@ -0,0 +1,423 @@ + + + +[Chapter 6] 6.2 Controlling Access to Shares + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 6.1 Users and Groups + + + +Chapter 6
+Users, Security, and Domains 		+ +Next: 6.3 Authentication Security
 
+ +
+
+

+ +6.2 Controlling Access to Shares

Often you will need to restrict the users who can access a specific share for security reasons. This is very easy to do with Samba since it contains a wealth of options for creating practically any security configuration. Let's introduce a few configurations that you might want to use in your own Samba setup.

+

+ +WARNING: Again, if you are connecting with Windows 98 or NT 4.0 with Service Pack 3 (or above), those clients will send encrypted passwords to the Samba server. If Samba is not configured for this, it will continually refuse the connection. This chapter describes how to set up Samba for encrypted passwords. See the +Section 6.4, Passwords section.

+We've seen what happens when you specify valid users. However, you are also allowed to specify a list of invalid users - users who should never be allowed access to Samba or its shares. This is done with the +invalid +users option. We hinted at one frequent use of this option earlier: a global default with the +[homes] section to ensure that various system users and superusers cannot be forged for access. For example:

+[global]
+	invalid users = root bin daemon adm sync shutdown \
+						halt mail news uucp operator gopher
+	auto services = dave peter bob
+
+[homes]
+	browsable = no
+	writeable = yes

+The +invalid +users option, like +valid +users, can take group names as well as usernames. In the event that a user or group appears in both lists, the +invalid +users option takes precedence and the user or group will be denied access to the share.

+At the other end of the spectrum, you can explicitly specify users who will be allowed superuser (root) access to a share with the +admin +users option. An example follows:

+[sales]
+		path = /home/sales
+		comment = Fiction Corp Sales Data
+		writeable = yes
+		valid users = tom dick harry
+		admin users = mike

+This option takes both group names and usernames. In addition, you can specify NIS netgroups by preceding them with an +@ as well; if the netgroup is not found, Samba will assume that you are referring to a standard Unix group.

+Be careful if you assign an entire group administrative privileges to a share. The Samba team highly recommends you avoid using this option, as it essentially gives root access to the specified users or groups for that share.

+If you wish to force read-only or read-write access to users who access a share, you can do so with the +read +list and +write +list options, respectively. These options can be used on a per-share basis to restrict a writable share or grant write access to specific users in a read-only share, respectively. For example:

+[sales]
+		path = /home/sales
+		comment = Fiction Corp Sales Data
+		read only = yes
+		write list = tom dick

+The +write +list option cannot override Unix permissions. If you've created the share without giving the write-list user write permission on the Unix system, he or she will be denied write access regardless of the setting of +write +list.

+

+ +6.2.1 Guest Access

As mentioned earlier, you can specify users who have guest access to a share. The options that control guest access are easy to work with. The first option, +guest +account, specifies the Unix account that guest users should be assigned when connecting to the Samba server. The default value for this is set during compilation, and is typically +nobody. However, you may want to reset the guest user to +ftp if you have trouble accessing various system services.

+If you wish to restrict access in a share only to guests - in other words, all clients connect as the guest account when accessing the share - you can use the +guest +only option in conjunction with the +guest ok option, as shown in the following example:

+[sales]
+		path = /home/sales
+		comment = Fiction Corp Sales Data
+		writeable = yes
+		guest ok = yes
+		guest account = ftp
+		guest only = yes

+Make sure you specify +yes for both +guest only and +guest ok in this scenario; otherwise, Samba will not use the guest acount that you specify.

+

+ +6.2.2 Access Control Options

+Table 6.1 summarizes the options that you can use to control access to shares.


+ + + + + + + + + + + + +
+ +Table 6.1: Share-level Access Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +admin users

 +

+string (list of usernames)

 +

+Specifies a list of users who can perform operations as root.

 +

+None

 +

+Share

+

+ +valid users

 +

+string (list of usernames)

 +

+Specifies a list of users that can connect to a share.

 +

+None

 +

+Share

+

+ +invalid users

 +

+string (list of usernames)

 +

+Specifies a list of users that will be denied access to a share.

 +

+None

 +

+Share

+

+ +read list

 +

+string (list of usernames)

 +

+Specifies a list of users that have read-only access to a writable share.

 +

+None

 +

+Share

+

+ +write list

 +

+string (list of usernames)

 +

+Specifies a list of users that have read-write access to a read-only share.

 +

+None

 +

+Share

+

+ +max connections

 +

+numerical

 +

+Indicates the maximum number of connections for a share at a given time.

 +

+ +0

 +

+Share

+

+ +guest only (only guest)

 +

+boolean

 +

+Specifies that this share allows only guest access.

 +

+ +no

 +

+Share

+

+ +guest account

 +

+string (name of account)

 +

+Names the Unix account that will be used for guest access.

 +

+ +nobody

 +

+Share

+

+ +6.2.2.1 admin users

+This option specifies a list of users that perform file operations as if they were +root. This means that they can modify or destroy any other user's work, no matter what the permissions. Any files that they create will have root ownership and will use the default group of the admin user. The +admin +users option is used to allow PC users to act as administrators for particular shares. We urge you to avoid this option.

+

+ +6.2.2.2 valid users and invalid users

+These two options let you enumerate the users and groups who are granted or denied access to a particular share. You can enter a list of comma-delimited users, or indicate an NIS or Unix group name by prefixing the name with an at-sign (@).

+The important rule to remember with these options is that any name or group in the +invalid +users list will +always be denied access, even if it is included (in any form) in the +valid +users list. By default, neither option has a value associated with it. If both options have no value, any user is allowed to access the share.

+

+ +6.2.2.3 read list and write list

+Like the +valid +users +and +invalid +users options, this pair of options specifies which users have read-only access to a writeable share and read-write access to a read-only share, respectively. The value of either options is a list of users. +read +list overrides any other Samba permissions granted - as well as Unix file permissions on the server system - to deny users write access. +write +list overrides other Samba permissions to grant write access, but cannot grant write access if the user lacks write permissions for the file on the Unix system. You can specify NIS or Unix group names by prefixing the name with an at sign (such as +@users). Neither configuration option has a default value associated with it.

+

+ +6.2.2.4 max connections

+This option specifies the maximum number of client connections that a share can have at any given time. Any connections that are attempted after the maximum is reached will be rejected. The default value is +0, which means that an unlimited number of connections are allowed. You can override it per share as follows:

+[accounting]
+	max connections = 30

+This option is useful in the event that you need to limit the number of users who are accessing a licensed program or piece of data concurrently.

+

+ +6.2.2.5 guest only

+This share-level option (sometimes called +only +guest) forces a connection to a share to be performed with the user specified by the +guest +account option. The share to which this is applied must explicitly specify +guest +ok += +yes in order for this option to be recognized by Samba. The default value for this option is +no.

+

+ +6.2.2.6 guest account

+This option specifies the name of account to be used for guest access to shares in Samba. The default for this option varies from system to system, but it is often set to +nobody. Some default user accounts have trouble connecting as guest users. If that occurs on your system, the Samba team recommends using the ftp account as the guest user.

+

+ +6.2.3 Username Options

+Table 6.2 shows two additional options that Samba can use to correct for incompatibilities in usernames between Windows and Unix.


+ + + + + + +
+ +Table 6.2: Username Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +username map

 +

+string (fully-qualified pathname)

 +

+Sets the name of the username mapping file.

 +

+None

 +

+Global

+

+ +username level

 +

+numerical

 +

+Indicates the number of capital letters to use when trying to match a username.

 +

+ +0

 +

+Global

+

+ +6.2.3.1 username map

Client usernames on an SMB network can be relatively large (up to 255 characters), while usernames on a Unix network often cannot be larger than eight characters. This means that an individual user may have one username on a client and another (shorter) one on the Samba server. You can get past this issue by + mapping a free-form client username to a Unix username of eight or fewer characters. It is placed in a standard text file, using a format that we'll describe shortly. You can then specify the pathname to Samba with the global +username +map option. Be sure to restrict access to this file; make the root user the file's owner and deny write access to others. Otherwise, an untrusted user who can access the file can easily map their client username to the root user of the Samba server.

+You can specify this option as follows:

+[global]
+	username map = /etc/samba/usermap.txt

+Each of the entries in the username map file should be listed as follows: the Unix username, followed by an equal sign (=), followed by one or more whitespace-separated SMB client usernames. Note that unless instructed otherwise, (i.e., a guest connection), Samba will expect both the client and the server user to have the same password. You can also map NT groups to one or more specific Unix groups using the +@ sign. Here are some examples:

+jarwin = JosephArwin
+manderso = MarkAnderson
+users = @account

+Also, you can use the asterisk to specify a wildcard that matches any free-form client username as an entry in the username map file:

+nobody = *

+Comments in the file can be specified as lines beginning with (#) and (;).

+Note that you can also use this file to redirect one Unix user to another user. Be careful if you do so because Samba and your client may not notify the user that the mapping has been made and Samba may be expecting a different password.

+

+ +6.2.3.2 username level

SMB clients (such as Windows) will often send usernames in SMB connection requests entirely in capital letters; in other words, client usernames are not necessarily case sensitive. On a Unix server, however, usernames +are case sensitive: the user +ANDY is different from the user +andy. By default, Samba attacks this problem by doing the following:

    +
  1. +

    + +Checking for a user account with the exact name sent by the client

  2. +

    + +Testing the username in all lowercase letters

  3. +

    + +Testing the username in lowercase letters with only the first letter capitalized

+If you wish to have Samba attempt more combinations of uppercase and lowercase letters, you can use the +username +level global configuration option. This option takes an integer value that specifies how many letters in the username should be capitalized when attempting to connect to a share. You can specify this options as follows:

+[global]
+	username level = 3

+In this case, Samba will then attempt all permutations of usernames it can compute having three capital letters. The larger the number, the more computations Samba will have to perform to match the username and the longer the authentication will take.

+
+
+
+ + +
+ +Previous: 6.1 Users and Groups + + + +Next: 6.3 Authentication Security
+6.1 Users and Groups + +Book Index +6.3 Authentication Security
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch06_03.html b/docs/htmldocs/using_samba/ch06_03.html new file mode 100644 index 00000000000..a9e1b7ace71 --- /dev/null +++ b/docs/htmldocs/using_samba/ch06_03.html @@ -0,0 +1,384 @@ + + + +[Chapter 6] 6.3 Authentication Security + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 6.2 Controlling Access to Shares + + + +Chapter 6
+Users, Security, and Domains 		+ +Next: 6.4 Passwords
 
+ +
+
+

+ +6.3 Authentication Security

At this point, we should discuss how Samba authenticates users. Each user who attempts to connect to a share that does not allow guest access must provide a password to make a successful connection. What Samba does with that password - and consequently the strategy Samba will use to handle user authentication - is the arena of the +security configuration option. There are currently four security levels that Samba supports on its network: +share, +user, +server, and +domain.

+
Share-level security
+

+Each share in the workgroup has one or more passwords associated with it. Anyone who knows a valid password for the share can access it.

User-level security
+

+Each share in the workgroup is configured to allow access from certain users. With each initial tree connection, the Samba server verifies users and their passwords to allow them access to the share.

+Server-level security
+

+This is the same as user-level security, except that the Samba server uses a separate SMB server to validate users and their passwords before granting access to the share.

Domain-level security
+

+Samba becomes a member of a Windows domain and uses the domain's primary domain controller (PDC) to perform authentication. Once authenticated, the user is given a special token that allows him or her access to any share with appropriate access rights. With this token, the PDC will not have to revalidate the user's password each time he or she attempts to access another share within the domain.

+Each of these security policies can be implemented with the global +security option, as shown in +Table 6.3.


+ + + + + +
+ +Table 6.3: Security Option
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +security

 +

+domain, +server, +share, or +user

 +

+Indicates the type of security that the Samba server will use.

 +

+ +user (Samba 2.0) or +share (Samba 1.9)

 +

+Global

+

+ +6.3.1 Share-level Security

With share-level security, each share has one or more passwords associated with it. This differs from the other modes of security in that there are no restrictions as to whom can access a share, as long as that individual knows the correct password. Shares often have multiple passwords. For example, one password may grant read-only access, while another may grant read-write access, and so on. Security is maintained as long as unauthorized users do not discover the password for a share to which they shouldn't have access.

OS/2 and Window 95/98 both support share-level security on their resources. You can set up share-level security with Windows 95/98 by first enabling share-level security using the Access Control tab of the Network Control Panel dialog. Then select the Share-level Access Control radio button (which deselects the user-level access control radio button), as shown in +Figure 6.1, and press the OK button.

+ +Figure 6.1: Selecting share-level security on a Windows machine

Figure 6.1

+Next, right click on a resource - such as a hard drive or a CD-ROM - and select the Properties menu item. This will bring up the Resource Properties dialog box. Select the Sharing tab at the top of the dialog box and enable the resource as Shared As. From here, you can configure how the shared resource will appear to individual users, as well as assigning whether the resource will appear as read-only, read-write, or a mix, depending on the password that is supplied.

+You might be thinking that this security model is not a good fit for Samba - and you would be right. In fact, if you set the +security += +share option in the Samba configuration file, Samba will still reuse the username/passwords combinations in the system password files to authenticate access. More precisely, Samba will take the following steps when a client requests a connection using share-level security:

    +
  1. +

    + +When a connection is requested, Samba will accept the password and (if sent) the username of the client.

  2. +

    + +If the share is +guest +only, the user is immediately granted access to the share with the rights of the user specified by the +guest +account parameter; no password checking is performed.

  3. +

    + +For other shares, Samba appends the username to a list of users who are allowed access to the share. It then attempts to validate the password given in association with that username. If successful, Samba grants the user access to the share with the rights assigned to that user. The user will not need to authenticate again unless a +revalidate += +yes option has been set inside the share.

  4. +

    + +If the authentication is unsuccessful, Samba will attempt to validate the password against the list of users it has previously compiled throughout the attempted connections, as well as any specified under the share in the configuration file. If the password does not match any usernames (as specified in the system password file, typically +/etc/passwd), the user is not granted access to the share under that username.

  5. +

    + +However, if the share has a +guest +ok or +public option set, the user will default to access with the rights of the user specified by the +guest +account option.

+You can indicate in the configuration file which users should be initially placed on the share-level security user list by using the +username configuration option, as shown below:

+[global]
+	security = share
+[accounting1]
+	path = /home/samba/accounting1
+	guest ok = no
+	writable = yes
+	username = davecb, pkelly, andyo

+Here, when a user attempts to connect to a share, Samba will verify the password that was sent against each of the users in its own list, in addition to the passwords of users +davecb, +pkelly, and +andyo. If any of the passwords match, the connection will be verified and the user will be allowed. Otherwise, connection to the specific share will fail.

+

+ +6.3.1.1 Share Level Security Options

+ +Table 6.4 shows the options typically associated with share-level security.


+ + + + + + +
+ +Table 6.4: Share-Level Access Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +only user

 +

+boolean

 +

+Indicates whether usernames specified by +username will be the only ones allowed.

 +

+ +no

 +

+Share

+

+ +username (user or users)

 +

+string (list of usernames)

 +

+Specifies a list of users against which a client's password will be tested.

+

+None

 +

+Share

+

+ +6.3.1.2 only user

+This boolean option indicates whether Samba will allow connections to a share using share-level security based solely on the individuals specified in the +username option, instead of those users compiled on Samba's internal list. The default value for this option is +no. You can override it per share as follows:

+[global]
+    security = share
+[data]
+    username = andy, peter, valerie
+    only user = yes
+

+ +6.3.1.3 username

+This option presents a list of users against which Samba will test a connection password to allow access. It is typically used with clients that have share-level security to allow connections to a particular service based solely on a qualifying password - in this case, one that matches a password set up for a specific user:

+[global]
+    security = share
+[data]
+     username = andy, peter, terry

+We recommend against using this option unless you are implementing a Samba server with share-level security.

+

+ +6.3.2 User-level Security

The preferred mode of security with Samba is +user-level security. With this method, each share is assigned specific users that can access it. When a user requests a connection to a share, Samba authenticates by validating the given username and password with the authorized users in the configuration file and the passwords in the password database of the Samba server. As mentioned earlier in the chapter, one way to isolate which users are allowed access to a specific share is by using the +valid +users option for each share:

+[global]
+	security = user
+[accounting1]
+	writable = yes
+	valid users = bob, joe, sandy

+Each of the users listed will be allowed to connect to the share if the password provided matches the password stored in the system password database on the server. Once the initial authentication succeeds, the user will not need to re-enter a password again to access that share unless the +revalidate += +yes option has been set.

Passwords can be sent to the Samba server in either an encrypted or a non-encrypted format. If you have both types of systems on your network, you should ensure that the passwords represented by each user are stored both in a traditional account database and Samba's encrypted password database. This way, authorized users can gain access to their shares from any type of client.[1] However, we recommend that you move your system to encrypted passwords and abandon non-encrypted passwords if security is an issue. The +Section 6.4 section of this chapter explains how to use encrypted as well as non-encrypted passwords.

+
+

+[1] Having both encrypted and non-encrypted password clients on your network is another reason why Samba allows you to include (or not include) various options in the Samba configuration file based on the client operating system or machine name variables.

+

+ +6.3.3 Server-level Security

Server-level security is similar to user-level security. However, with server-level security, Samba delegates password authentication to another SMB password server, typically another Samba server or a Windows NT Server acting as a PDC on the network. Note that Samba still maintains its list of shares and their configuration in its +smb.conf file. When a client attempts to make a connection to a particular share, Samba validates that the user is indeed authorized to connect to the share. Samba will then attempt to validate the password by contacting the SMB password server through a known protocol and presenting the username and password to the SMB password server. If the password is accepted, a session will be established with the client. See +Figure 6.2 for an illustration of this setup.

+ +Figure 6.2: A typical system setup using server level security

Figure 6.2

+You can configure Samba to use a separate password server under server-level security with the use of the +password +server global configuration option, as follows:

+[global]
+	security = server
+	password server = PHOENIX120 HYDRA134

+Note that you can specify more than one machine as the target of the +password +server; Samba will move down the list of servers in the event that its first choice is unreachable. The servers identified by the +password +server option are given as NetBIOS names, not their DNS names or equivalent IP addresses. Also, if any of the servers reject the given password, the connection will automatically fail - Samba will not attempt another server.

+One caveat: when using this option, you will still need an account representing that user on the regular Samba server. This is because the Unix operating system needs a username to perform various I/O operations. The preferable method of handling this is to give the user an account on the Samba server but disable the account's password by replacing it in the system password file (e.g., +/etc/passwd ) with an asterisk (*).

+

+ +6.3.4 Domain-level Security

Domain-level security is similar to server-level security. However, with domainlevel security, the Samba server is acting as a member of a Windows domain. Recall from Chapter 1 that each domain has a +domain controller, which is usually a Windows NT server offering password authentication. Including these controllers provides the workgroup with a definitive password server. The domain controllers keep track of users and passwords in their own security authentication module (SAM), and authenticates each user when he or she first logs on and wishes to access another machine's shares.

+As mentioned earlier in this chapter, Samba has a similar ability to offer user-level security, but this option is Unix-centric and assumes that the authentication occurs via Unix password files. If the Unix machine is part of a NIS or NIS+ domain, Samba will authenticate the users transparently against a shared password file, in typical Unix fashion. Samba then provides access to the NIS or NIS+ domain from Windows. There is, of course, no relationship between the NIS concept of a domain and the Windows concept of a domain.

With domain-level security, we now have the option of using the native NT mechanism. This has a number of advantages:

    +
  • +

    + +It provides far better integration with NT: there are fewer "kludges" in the +smb.conf options dealing with domains than with most Windows features. This allows more extensive use of NT management tools, such as the User Manager for Domains tool allowing PC support individuals to treat Samba servers as if they were large NT machines.

  • +

    + +With the better integration comes protocol and code cleanups, allowing the Samba team to track the evolving NT implementation. NT Service Pack 4 corrects several problems in the protocol, and Samba's better integration makes it easier to track and adapt to these changes.

  • +

    + +There is less overhead on the PDC because there is one less permanent network connection between it and the Samba server. Unlike the protocol used by the +security += +server option, the Samba server can make a Remote Procedure Call (RPC) call only when it needs authentication information. It can not keep a connection permanently up just for that.

  • +

    + +Finally, the NT domain authentication scheme returns the full set of user attributes, not just success or failure. The attributes include a longer, more network-oriented version of the Unix uid, NT groups, and other information. This includes:

      +
    • +

      + +Username

    • +

      + +Full name

    • +

      + +Description

    • +

      + +Security identifier (a domain-wide extension of the Unix uid)

    • +

      + +NT group memberships

    • +

      + +Logon hours, and whether to force the user to log out immediately

    • +

      + +Workstations the user is allowed to use

    • +

      + +Account expiration date

    • +

      + +Home directory

    • +

      + +Login script

    • +

      + +Profile

    • +

      + +Account type

  • +

    + +The Samba developers used domain-level security in Samba version 2.0.4 to add and delete domain users on Samba servers semi-automatically. In addition, it adds room for other NT-like additions, such as supporting access control lists and changing permissions of files from the client.

+The advantage to this approach is less administration; there is only one authentication database to keep synchronized. The only local administration required on the Samba server will be creating directories for users to work in and +/etc/passwd entries to keep their UIDs and groups in.

+

+ +6.3.4.1 Adding a Samba server to a Windows NT Domain

+If you already have an NT domain, you can easily add a Samba server to it. First, you will need to stop the Samba daemons. Then, add the Samba server to the NT domain on the PDC using the "Windows NT Server Manager for Domains" tool. When it asks for the computer type, choose "Windows NT Workstation or Server," and give it the NetBIOS name of the Samba server. This creates the machine account on the NT server.

+Next, generate a Microsoft-format machine password using the +smbpasswd tool, which is explained in further detail in the next section. For example, if our domain is SIMPLE and the Windows NT PDC is +beowulf, we could use the following command on the Samba server to accomplish this:

+
+smbpasswd -j SIMPLE -r beowulf

+Finally, add the following options to the +[global] section of your +smb.conf and restart the Samba daemons.

+[global]
+	security = domain
+	domain logins = yes
+	workgroup = SIMPLE
+	password server = beowulf

+Samba should now be configured for domain-level security. The +domain +logins option is explained in more detail later in this chapter.

+
+
+
+ + +
+ +Previous: 6.2 Controlling Access to Shares + + + +Next: 6.4 Passwords
+6.2 Controlling Access to Shares + +Book Index +6.4 Passwords
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch06_04.html b/docs/htmldocs/using_samba/ch06_04.html new file mode 100644 index 00000000000..646c6128f40 --- /dev/null +++ b/docs/htmldocs/using_samba/ch06_04.html @@ -0,0 +1,738 @@ + + + +[Chapter 6] 6.4 Passwords + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 6.3 Authentication Security + + + +Chapter 6
+Users, Security, and Domains 		+ +Next: 6.5 Windows Domains
 
+ +
+
+

+ +6.4 Passwords

Passwords are a thorny issue with Samba. So much so, in fact, that they are almost always the first major problem that users encounter when they install Samba, and generate by far the most questions sent to Samba support groups. In previous chapters, we've gotten around the need for passwords by placing the +guest +ok option in each of our configuration files, which allows connections without authenticating passwords. However, at this point, we need to delve deeper into Samba to discover what is happening on the network.

Passwords sent from individual clients can be either encrypted or non-encrypted. Encrypted passwords are, of course, more secure. A non-encrypted password can be easily read with a packet sniffing program, such as the modified +tcpdump program for Samba that we used in Chapter 3, Configuring Windows Clients. Whether passwords are encrypted depends on the operating system that the client is using to connect to the Samba server. +Table 6.5 lists which Windows operating systems encrypt their passwords before sending them to the primary domain controller for authentication. If your client is not Windows, check the system documentation to see if SMB passwords are encrypted.


+ + + + + + + + + + +
+ +Table 6.5: Windows Operating Systems with Encrypted Passwords
+

+Operating System

 +

+Encrypted or Non-encrypted

+

+ +Windows 95

 +

+Non-encrypted

+

+Windows 95 with SMB Update

 +

+Encrypted

+

+Windows 98

 +

+Encrypted

+

+Windows NT 3. +x

 +

+Non-encrypted

+

+Windows NT 4.0 before SP + 3

 +

+Non-encrypted

+

+Windows NT 4.0 after SP 3

 +

+Encrypted

+There are actually two different encryption methods used: one for Windows 95 and 98 clients that reuses Microsoft's LAN Manager encryption style, and a separate one for Windows NT clients and servers. Windows 95 and 98 use an older encryption system inherited from the LAN Manager network software, while Windows NT clients and servers use a newer encryption system.

+If encrypted passwords are supported, Samba stores the encrypted passwords in a file called +smbpasswd. By default, this file is located in the +private directory of the Samba distribution (/usr/local/samba/private). At the same time, the client stores an encrypted version of a user's password on its own system. The plaintext password is never stored on either system. Each system encrypts the password automatically using a known algorithm when the password is set or changed.

+When a client requests a connection to an SMB server that supports encrypted passwords (such as Samba or Windows NT), the two computers undergo the following negotiations:

    +
  1. +

    + +The client attempts to negotiate a protocol with the server.

  2. +

    + +The server responds with a protocol and indicates that it supports encrypted passwords. At this time, it sends back a randomly-generated 8-byte challenge string.

  3. +

    + +The client uses the challenge string as a key to encrypt its already encrypted password using an algorithm predefined by the negotiated protocol. It then sends the result to the server.

  4. +

    + +The server does the same thing with the encrypted password stored in its database. If the results match, the passwords are equivalent and the user is authenticated.

+Note that even though the original passwords are not involved in the authentication process, you need to be very careful that the encrypted passwords located inside of the +smbpasswd file are guarded from unauthorized users. If they are compromised, an unauthorized user can break into the system by replaying the steps of the previous algorithm. The encrypted passwords are just as sensitive as the plaintext passwords - this is known as +plaintext-equivalent data in the cryptography world. Of course, you should also ensure that the clients safeguard their plaintext-equivalent passwords as well.

+You can configure Samba to accept encrypted passwords with the following global additions to +smb.conf. Note that we explicitly name the location of the Samba password file:

+[global]
+	security = user
+	encrypt passwords = yes
+	smb passwd file = /usr/local/samba/private/smbpasswd

+Samba, however, will not accept any users until the +smbpasswd file has been initialized.

+

+ +6.4.1 Disabling encrypted passwords on the client

While Unix authentication has been in use for decades, including the use of +telnet and +rlogin access across the Internet, it embodies well-known security risks. Plaintext passwords are sent over the Internet and can be retrieved from TCP packets by malicious snoopers. However, if you feel that your network is secure and you wish to use standard Unix +/etc/passwd authentication for all clients, you can do so, but you must disable encrypted passwords on those Windows clients that default to using them.

+In order to do this, you must modify the Windows registry by installing two files on each system. Depending on the platform involved, the files are either +NT4_PlainPassword.reg or +Win95_PlainPassword.reg. You can perform this installation by copying the appropriate +.reg files from the Samba distribution's +/docs directory to a DOS floppy, and running it from the Run menu item on the client's Start Menu button. Incidentally, the Windows 95 +.reg file works fine on Windows 98 as well.

+After you reboot the machine, the client will not encrypt its hashed passwords before sending them to the server. This means that the plaintext-equivalent passwords can been seen in the TCP packets that are broadcast across the network. Again, we encourage you not to do this unless you are absolutely sure that your network is secure.

+If passwords are not encrypted, you can indicate as much in your Samba configuration file:

+[global]
+	security = user
+	encrypt passwords = no
+

+ +6.4.2 The smbpasswd File

+ +Samba stores its encrypted passwords in a file called +smbpasswd, which by default resides in the +/usr/local/samba/private directory. The +smbpasswd file should be guarded as closely as the +passwd file; it should be placed in a directory to which only the root user has read/write access. All other users should not be able to read from the directory at all. In addition, the file should have all access closed off to all users except for root.

+Before you can use encrypted passwords, you will need to create an entry for each Unix user in the +smbpasswd file. The structure of the file is somewhat similar to a Unix +passwd file, but has different fields. +Figure 6.3 illustrates the layout of the +smbpasswd file; the entry shown is actually one line in the file.

+ +Figure 6.3: Structure of the smbpasswd file entry (actually one line)

Figure 6.3

+Here is a breakdown of the individual fields:

+
+Username
+

+This is the username of the account. It is taken directly from the system password file.

+UID
+

+This is the user ID of the account. Like the username, it is taken directly from the system password file and must match the user it represents there.

+LAN Manager Password Hash
+

+This is a 32-bit hexadecimal sequence that represents the password Windows 95 and 98 clients will use. It is derived by encrypting the string +KGS!@#$% with a 56-bit DES algorithm using the user's password (forced to 14 bytes and converted to capital letters) twice repeated as the key. If there is currently no password for this user, the first 11 characters of the hash will consist of the sequence +NO +PASSWORD followed by +X characters for the remainder. Anyone can access the share with no password. On the other hand, if the password has been disabled, it will consist of 32 +X characters. Samba will not grant access to a user without a password unless the +null +passwords option has been set.

+NT Password Hash
+

+This is a 32-bit hexadecimal sequence that represents the password Windows NT clients will use. It is derived by hashing the user's password (represented as a 16-bit little-endian Unicode sequence) with an MD4 hash. The password is not converted to uppercase letters first.

+Account Flags
+

+This field consists of 11 characters between two braces ([]). Any of the following characters can appear in any order; the remaining characters should be spaces:

+U

+This account is a standard user account.

+D

+This account is currently disabled and Samba should not allow any logins.

+N

+This account has no password associated with it.

+W

+This is a workstation trust account that can be used to configure Samba as a primary domain controller (PDC) when allowing Windows NT machines to join its domain.

+
+Last Change Time
+

+This code consists of the characters +LCT- followed by a hexidecimal representation of the amount of seconds since the epoch (midnight on January 1, 1970) that the entry was last changed.

+

+ +6.4.2.1 Adding entries to smbpasswd

+ +There are a few ways you can add a new entry to the +smbpasswd file:

    +
  • +

    + +You can use the +smbpasswd program with the +-a option to automatically add any user that currently has a standard Unix system account on the server. This program resides in the +/usr/local/samba/bin directory.

  • +

    + +You can use the +addtosmbpass executable inside the +/usr/local/samba/bin directory. This is actually a simple +awk script that parses a system password file and extracts the username and UID of each entry you wish to add to the SMB password file. It then adds default fields for the remainder of the user's entry, which can be updated using the +smbpasswd program later. In order to use this program, you will probably need to edit the first line of the file to correctly point to +awk on your system.

  • +

    + +In the event that the neither of those options work for you, you can create a default entry by hand in the +smbpasswd file. The entry should be entirely on one line. Each field should be colon-separated and should look similar to the following:

+dave:500:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U          ]:LCT-00000000:

+This consists of the username and the UID as specified in the system password file, followed by two sets of exactly 32 +X characters, followed by the account flags and last change time as it appears above. After you've added this entry, you must use the +smbpasswd program to change the password for the user.

+

+ +6.4.2.2 Changing the encrypted password

If you need to change the encrypted password in the +smbpasswd file, you can also use the +smbpasswd program. Note that this program shares the same name as the encrypted password file itself, so be sure not to accidentally confuse the password file with the password-changing program.

+The +smbpasswd program is almost identical to the +passwd program that is used to change Unix account passwords. The program simply asks you to enter your old password (unless you're the root user), and duplicate entries of your new password. No password characters are shown on the screen. 

# smbpasswd dave
+
+Old SMB password:
+New SMB password:
+Retype new SMB password:
+Password changed for user dave

+You can look at the +smbpasswd file after this command completes to verify that both the LAN Manager and the NT hashes of the passwords have been stored in their respective positions. Once users have encrypted password entries in the database, they should be able to connect to shares using encrypted passwords! +

+

+ +6.4.3 Password Synchronization

Having a regular password and an encrypted version of the same password can be troublesome when you need to change both of them. Luckily, Samba affords you a limited ability to keep your passwords synchronized. Samba has a pair of configuration options that can be used to automatically update a user's regular Unix password when the encrypted password is changed on the system. The feature can be activated by specifying the +unix +password +sync global configuration option:

+[global]
+	encrypt passwords = yes
+	smb passwd file = /usr/local/samba/private/smbpasswd
+
+	unix password sync = yes

+With this option enabled, Samba will attempt to change the user's regular password (as +root) when the encrypted version is changed with +smbpasswd. However, there are two other options that have to be set correctly in order for this to work.

+The easier of the two is +passwd +program. This option simply specifies the Unix command used to change a user's standard system password. It is set to +/bin/passwd +%u by default. With some Unix systems, this is sufficient and you do not need to change anything. Others, such as Red Hat Linux, use +/usr/bin/passwd instead. In addition, you may want to change this to another program or script at some point in the future. For example, let's assume that you want to use a script called +changepass to change a user's password. Recall that you can use the variable +%u to represent the current Unix username. So the example becomes:

+[global]
+	encrypt passwords = yes
+	smb passwd file = /usr/local/samba/private/smbpasswd
+
+	unix password sync = yes
+	passwd program = changepass %u

+Note that this program will be called as the +root user when the +unix +password +sync option is set to +yes. This is because Samba does not necessarily have the plaintext old password of the user.

+The harder option to configure is +passwd +chat. The +passwd +chat option works like a Unix chat script. It specifies a series of strings to send as well as responses to expect from the program specified by the +passwd +program option. For example, this is what the default +passwd +chat looks like. The delimiters are the spaces between each groupings of characters:

+passwd chat = *old*password* %o\n *new*password* %n\n *new*password* %n\n *changed*

+The first grouping represents a response expected from the password-changing program. Note that it can contain wildcards (*), which help to generalize the chat programs to be able to handle a variety of similar outputs. Here, +*old*password* indicates that Samba is expecting any line from the password program containing the letters +old followed by the letters +password, without regard for what comes on either side or between them. Once instructed to, Samba will wait indefinitely for such a match. Is Samba does not receive the expected response, the password will fail.

+The second grouping indicates what Samba should send back once the data in the first grouping has been matched. In this case, you see +%o\n. This response is actually two items: the variable +%o represents the old password, while the +\n is a newline character. So, in effect, this will "type" the old password into the standard input of the password changing program, and then "press" Enter.

+Following that is another response grouping, followed by data that will be sent back to the password changing program. (In fact, this response/send pattern continues indefinitely in any standard Unix +chat script.) The script continues until the final pattern is matched.[2]

+
+

+[2] This may not work under Red Hat Linux, as the password program typically responds "All authentication tokens updated successfully," instead of "Password changed." We provide a fix for this later in this section.

+You can help match the response strings sent from the password program with the characters listed in +Table 6.6. In addition, you can use the characters listed in +Table 6.7 to help formulate your response.


+ + + + + + +
+ +Table 6.6: Password Chat Response Characters
+

+Character

 +

+Definition

+

+ +*

 +

Zero or more occurrences of any character.

+

+ +" "

 +

+Allows you to include matching strings that contain spaces. Asterisks are still considered wildcards even inside of quotes, and you can represent a null response with empty quotes.


+ + + + + + + + + + +
+ +Table 6.7: Password Chat Send Characters
+

+Character

 +

+Definition

+

+ +%o

 +

+The user's old password

+

+ +%n

 +

+The user's new password

+

+ +\n

 +

+The linefeed character

+

+ +\r

 +

+The carriage-return character

+

+ +\t

 +

+The tab character

+

+ +\s

 +

+A space

+For example, you may want to change your password chat to the following entry. This will handle scenarios in which you do not have to enter the old password. In addition, this will also handle the new +all +tokens +updated +successfully string that Red Hat Linux sends:

+passwd chat = *new password* %n\n *new password* %n\n *success*

+Again, the default chat should be sufficient for many Unix systems. If it isn't, you can use the +passwd +chat +debug global option to set up a new chat script for the password change program. The +passwd +chat +debug option logs everything during a password chat. This option is a simple boolean, as shown below:

+[global]
+    encrypted passwords = yes
+    smb passwd file = /usr/local/samba/private/smbpasswd
+
+    unix password sync = yes
+    passwd chat debug = yes
+    log level = 100

+After you activate the password chat debug feature, all I/O received by Samba through the password chat will be sent to the Samba logs with a debug level of 100, which is why we entered a new log level option as well. As this can often generate multitudes of error logs, it may be more efficient to use your own script, by setting the +passwd +program option, in place of +/bin/passwd to record what happens during the exchange. Also, make sure to protect your log files with strict file permissions and to delete them as soon as you've grabbed the information you need, because they contain the passwords in plaintext.

+The operating system on which Samba is running may have strict requirements for valid passwords in order to make them more impervious to dictionary attacks and the like. Users should be made aware of these restrictions when changing their passwords.

+Earlier we said that password synchronization is limited. This is because there is no reverse synchronization of the encrypted +smbpasswd file when a standard Unix password is updated by a user. There are various strategies to get around this, including NIS and freely available implementations of the pluggable authentication modules (PAM) standard, but none of them really solve all the problems yet. In the future, when Windows 2000 emerges, we will see more compliance with the Lightweight Directory Access Protocol (LDAP), which promises to make password synchronization a thing of the past.

+

+ +6.4.4 Password Configuration Options

+The options in +Table 6.8 will help you work with passwords in Samba.


+ + + + + + + + + + + + + + + +
+ +Table 6.8: Password Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +encrypt passwords

 +

+boolean

 +

Turns on encrypted passwords.

 +

+ +no

 +

+Global

+

+ +unix password sync

+

+boolean

 +

+If +yes, Samba updates the standard Unix password database when a user changes his or her encrypted password.

 +

+ +no

 +

+Global

+

+ +passwd chat

 +

+string (chat commands)

 +

+Sets a sequence of commands that will be sent to the password program.

 +

+See earlier section on this option

 +

+Global

+

+ +passwd chat debug

 +

+boolean

 +

+Sends debug logs of the password-change process to the log files with a level of 100.

 +

+ +no

 +

+Global

+

+ +passwd program

 +

+string (Unix command)

 +

+Sets the program to be used to change passwords.

 +

+ +/bin/passwd %u

 +

+Global

+

+ +password level

 +

+numeric

 +

+Sets the number of capital letter permutations to attempt when matching a client's password.

 +

+None

 +

+Global

+

+ +update encrypted

 +

+boolean

 +

+If +yes, Samba updates the encrypted password file when a client connects to a share with a plaintext password.

 +

+ +no

 +

+Global

+

+ +null passwords

 +

+boolean

 +

+If +yes, Samba allows access for users with null passwords.

 +

+ +no

 +

+Global

+

+ +smb passwd file

 +

+string (fully-qualified pathname)

 +

+Specifies the name of the encrypted password file.

 +

+ +/usr/local/samba/private/smbpasswd

 +

+Global

+

+ +hosts equiv

 +

+string (fully-qualified pathname)

 +

+Specifies the name of a file that contains hosts and users that can connect without using a password.

 +

+None

 +

+Global

+

+ +use rhosts

 +

+string (fully-qualified pathname)

 +

+Specifies the name of an . +rhosts file that allows users to connect without using a password.

 +

+None

 +

+Global

+

+ +6.4.4.1 unix password sync

+The +unix +password +sync global option allows Samba to update the standard Unix password file when a user changes his or her encrypted password. The encrypted password is stored on a Samba server in the +smbpasswd file, which is located in +/usr/local/samba/private by default. You can activate this feature as follows:

+[global]
+	unix password sync = yes

+If this option is enabled, Samba changes the encrypted password and, in addition, attempts to change the standard Unix password by passing the username and new password to the program specified by the +passwd +program option (described earlier). Note that Samba does not necessarily have access to the plaintext password for this user, so the password changing program must be invoked as +root.[3] If the Unix password change does not succeed, for whatever reason, the SMB password will not be changed either.

+
+

+[3] This is because the Unix +passwd program, which is the usual target for this operation, allows +root to change a user's password without the security restriction that requests the old password of that user.

+

+ +6.4.4.2 encrypt passwords

The +encrypt +passwords global option switches Samba from using plaintext passwords to encrypted passwords for authentication. Encrypted passwords will be expected from clients if the option is set to +yes:

+encrypt passwords = yes

+By default, Windows NT 4.0 with Service Pack 3 or above and Windows 98 transmit encrypted passwords over the network. If you are enabling encrypted passwords, you must have a valid +smbpasswd file in place and populated with usernames that will authenticate with encrypted passwords. (See the section +Section 6.4.2, The smbpasswd File, earlier in this chapter.) In addition, Samba must know the location of the +smbpasswd file; if it is not in the default location (typically +/usr/local/samba/private/smbpasswd), you can explicitly name it using the +smb +passwd +file option.

+If you wish, you can use the +update +encrypted to force Samba to update the +smbpasswd file with encrypted passwords each time a client connects to a non-encrypted password.

+A common strategy to ensure that hosts who need encrypted password authentication indeed receive it is with the +include option. With this, you can create individual configuration files that will be read in based on OS-type (%a) or client name (%m). These host-specific or OS-specific configuration files can contain an +encrypted +passwords += +yes option that will activate only when those clients are connecting to the server.

+

+ +6.4.4.3 passwd program

+The +passwd +program is used to specify a program on the Unix Samba server that Samba can use to update the standard system password file when the encrypted password file is updated. This option defaults to the standard + passwd program, usually located in the +/bin directory. The +%u variable is typically used here as the requesting user when the command is executed. The actual handling of input and output to this program during execution is handled through the +passwd +chat option. The "Password Synchronization" section, earlier in this chapter, covers this option in detail.

+

+ +6.4.4.4 passwd chat

+This option specifies a series of send/response strings similar to a Unix chat script, which are used to interface with the password-changing program on the Samba server. The "Password Synchronization" section, earlier in this chapter, covers this option in detail.

+

+ +6.4.4.5 passwd chat debug

+If set to +yes, the +passwd +chat +debug global option logs everything sent or received by Samba during a password chat. All the I/O received by Samba through the password chat is sent to the Samba logs with a debug level of 100; you will need to specify +log +level += +100 in order for the information to be recorded. The "Password Synchronization" section +, earlier in this chapter, describes this option in more detail. Be aware that if you do set this option, the plaintext passwords will be visible in the debugging logs, which could be a security hazard if they are not properly secured.

+

+ +6.4.4.6 password level

+With SMB, non-encrypted (or plaintext) passwords are sent with capital letters, just like the usernames mentioned previously. Many Unix users, however, choose passwords with both uppercase and lowercase letters. Samba, by default, only attempts to match the password entirely in lowercase letters, and not capitalizing the first letter.

+Like +username +level, there is a +password +level option that can be used to attempt various permutations of the password with capital letters. This option takes an integer value that specifies how many letters in the password should be capitalized when attempting to connect to a share. You can specify this options as follows:

+[global]
+	password level = 3

+In this case, Samba will then attempt all permutations of the password it can compute having three capital letters. The larger the number, the more computations Samba will have to perform to match the password, and the longer a connection to a specific share may take.

+

+ +6.4.4.7 update encrypted

+For sites switching over to the encrypted password format, Samba provides an option that should help with the transition. The +update +encrypted option allows a site to ease into using encrypted passwords from plaintext passwords. You can activate this option as follows:

+[global]
+    update encrypted = yes

+This instructs Samba to create an encrypted version of each user's Unix password in the +smbpasswd file each time he or she connects to a share. When this option is enabled, you must have the +encrypt +passwords option set to +no so that the client will pass plaintext passwords to Samba to use to update the files. Once each user has connected at least once, you can set +encrypted +passwords += +yes, allowing you to use only the encrypted passwords. The user must already have a valid entry in the +smbpasswd file for this option to work.

+

+ +6.4.4.8 null passwords

+This global option tells Samba whether or not to allow access from users that have null passwords (encrypted or non-encrypted) set in their accounts. The default value is +no. You can override it as follows:

+null passwords = yes

+We highly recommend against doing so unless you are familiar with the security risks this option can present to your system, including inadvertent access to system users (such as +bin) in the system password file who have null passwords set.

+

+ +6.4.4.9 smb passwd file

This global option identifies the location of the encrypted password database. By default, it is set to +/usr/local/samba/private/smbpasswd. You can override it as follows:

+[global]
+	smb passwd file = /etc/smbpasswd

+This location, for example, is common on many Red Hat distributions.

+

+ +6.4.4.10 hosts equiv

+This global option specifies the name of a standard Unix +hosts.equiv file that will allow hosts or users to access shares without specifying a password. You can specify the location of such a file as follows:

+[global]
+	hosts equiv = /etc/hosts.equiv

+The default value for this option does not specify any +hosts.equiv file. Because using such a file is essentially a huge security risk, we highly recommend that you do not use this option unless you are confident in the security of your network.

+

+ +6.4.4.11 use rhosts

+This global option specifies the name of a standard Unix user's +.rhosts file that will allow foreign hosts to access shares without specifying a password. You can specify the location of such a file as follows:

+[global]
+	use rhosts = /home/dave/.rhosts

+The default value for this option does not specify any +.rhosts file. Like the +hosts +equiv option above, using such a file is a security risk. We highly recommend that you do use this option unless you are confident in the security of your network.

+
+
+
+ + +
+ +Previous: 6.3 Authentication Security + + + +Next: 6.5 Windows Domains
+6.3 Authentication Security + +Book Index +6.5 Windows Domains
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch06_05.html b/docs/htmldocs/using_samba/ch06_05.html new file mode 100644 index 00000000000..fbf6d245a16 --- /dev/null +++ b/docs/htmldocs/using_samba/ch06_05.html @@ -0,0 +1,333 @@ + + + +[Chapter 6] 6.5 Windows Domains + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 6.4 Passwords + + + +Chapter 6
+Users, Security, and Domains 		+ +Next: 6.6 Logon Scripts
 
+ +
+
+

+ +6.5 Windows Domains

Now that you are comfortable with users and passwords on a Samba server, we can show you how to set up Samba to become a primary domain controller for Windows 95/98 and NT machines. Why use domains? The answer probably isn't obvious until you look behind the scenes, especially with Windows 95/98.

+Recall that with traditional workgroups, Windows 95/98 simply accepts each username and password that you enter when logging on to the system. There are no unauthorized users with Windows 95/98; if a new user logs on, the operating system simply asks for a new password and authenticates the user against that password from then on. The only time that Windows 95/98 attempts to use the password you entered is when connecting to another share.

Domain logons, on the other hand, are similar to Unix systems. In order to log on to the domain, a valid username and password must be presented at startup, which is then authenticated against the primary domain controller's password database. If the password is invalid, the user is immediately notified and they cannot log on to the domain.

+There's more good news: once you have successfully logged on to the domain, you can access any of the shares in the domain to which you have rights without having to reauthenticate yourself. More precisely, the primary domain controller returns a token to the client machine that allows it to access any share without consulting the PDC again. Although you probably won't notice the shift, this can be beneficial in cutting down network traffic. (You can disable this behavior if you wish by using the +revalidate option.)

+

+ +6.5.1 Configuring Samba for Windows Domain Logons

+If you wish to allow Samba to act as a domain controller, use the following sections to configure Samba and your clients to allow domain access.

+If you would like more information on how to set up domains, see the +DOMAINS.TXT file that comes with the Samba distribution.

+

+ +6.5.1.1 Windows 95/98 clients

Setting up Samba as a PDC for Windows 95/98 clients is somewhat anticlimactic. All you really need to do on the server side is ensure that:

    +
  • +

    + +Samba is the only primary domain controller for the current workgroup.

  • +

    + +There is a WINS server available on the network, either a Samba machine or a Windows NT server. (See Chapter 7, Printing and Name Resolution, for more information on WINS.)

  • +

    + +Samba is using user-level security (i.e., it doesn't hand off password authentication to anyone else). You do not want to use domain-level security if Samba itself is acting as the PDC.

+At that point, you can insert the following options into your Samba configuration file:

+[global]
+	workgroup = SIMPLE
+	domain logons = yes
+
+# Be sure to set user-level security!
+
+	security = user
+
+# Be sure to become the primary domain controller!
+
+	os level = 34
+	local master = yes
+	preferred master = yes
+	domain master = yes

+The +domain +logons option enables Samba to perform domain authentication on behalf of other clients that request it. The name of the domain will be the same as the workgroup listed in the Samba configuration file, in this case: SIMPLE.

+After that, you need to create a non-writable, non-public, non-browesable disk share called +[netlogon] (it does not matter where this share points to as long as each Windows client can connect to it): 

+[netlogon]
+	comment = The domain logon service
+	path = /export/samba/logon
+	public = no
+	writeable = no
+	browsable = no
+

+ +6.5.1.2 Windows NT clients

If you have Window NT clients on your system, there are a few more steps that need to be taken in order for Samba to act as their primary domain controller.

+

+ +WARNING: You will need to use at least Samba 2.1 to ensure that PDC functionality for Windows NT clients is present. Prior to Samba 2.1, only limited user authentication for NT clients was present. At the time this book went to press, Samba 2.0.5 was the latest version, but Samba 2.1 was available through CVS download. Instructions on downloading alpha versions of Samba are given in Appendix E, Downloading Samba with CVS.

+As before, you need to ensure that Samba is a primary domain controller for the current workgroup and is using user-level security. However, you must also ensure that Samba is using encrypted passwords. In other words, alter the +[global] options the previous example to include the +encrypted +passwords += +yes option, as shown here: 

+[global]
+	workgroup = SIMPLE
+	encrypted passwords = yes
+	domain logons = yes
+
+	security = user
+

+ +6.5.1.3 Creating trust accounts for NT clients

+This step is exclusively for Windows NT clients. All NT clients that connect to a primary domain controller make use of +trust accounts. These accounts allow a machine to log in to the PDC itself (not one of its shares), which means that the PDC can trust any further connections from users on that client. For all intents and purposes, a trust account is identical to a user account. In fact, we will be using standard Unix user accounts to emulate trust accounts for the Samba server.

+The login name of a machine's trust account is the name of the machine with a dollar sign appended to it. For example, if our Windows NT machine is named +chimaera, the login account would be +chimaera$. The initial password of the account is simply the name of the machine in lowercase letters. In order to forge the trust account on the Samba server, you need to create a Unix account with the appropriate machine name, as well as an encrypted password entry in the +smbpasswd database.

+Let's tackle the first part. Here, we only need to modify the +/etc/passwd file to support the trust account; there is no need to create a home directory or assign a shell to the "user" because the only part we are interested in is whether a login is permitted. Therefore, we can create a "dummy" account with the following entry:

+chimaera$:*:1000:900:Trust Account:/dev/null:/dev/null

+Note that we have also disabled the password field by placing a +* in it. This is because Samba will use the +smbpasswd file to contain the password instead, and we don't want anyone to telnet into the machine using that account. In fact, the only value other than the account name that is used here is the UID of the account for the encrypted password database (1000). This number must map to a unique resource ID on the NT server and cannot conflict with any other resource IDs. Hence, no NT user or group should map to this number or a networking error will occur.

+Next, add the encrypted password using the +smbpasswd command, as follows: 

# smbpasswd -a -m chimaera
+Added user chimaera$
+Password changed for user chimaera$

+The +-m option specifies that a machine trust account is being generated. The +smbpasswd program will automatically set the initial encrypted password as the NetBIOS name of the machine in lowercase letters; you don't need to enter it. When specifying this option on the command line, do not put a dollar sign after the machine name - it will be appended automatically. Once the encrypted password has been added, Samba is ready to handle domain logins from a NT client.

+

+ +6.5.2 Configuring Windows Clients for Domain Logons

+Once you have Samba configured for domain logons, you need to set up your Windows clients to log on to the domain at startup.

+

+ +6.5.2.1 Windows 95/98

With Windows 95/98, this can be done by raising the Network configuration dialog in the Windows Control Panel and selecting the Properties for "Client for Microsoft Networks." At this point, you should see a dialog box similar to +Figure 6.4. Select the "Logon to Windows Domain" checkbox at the top of the dialog box, and enter the workgroup that is listed in the Samba configuration file as the Windows NT domain. Then click on OK and reboot the machine when asked.

+ +Figure 6.4: Configuring a Windows 95/98 client for domain logons

Figure 6.4
+

+ +WARNING: If Windows complains that you are already logged into the domain, you probably have an active connection to a share in the workgroup (such as a mapped network drive). Simply disconnect the resource temporarily by right-clicking on its icon and choosing the Disconnect pop-up menu item.

+When Windows reboots, you should see the standard login dialog with an addition: a field for a domain. The domain name should already be filled in, so simply enter your password and click on the OK button. At this point, Windows should consult the primary domain controller (Samba) to see if the password is correct. (You can check the log files if you want to see this in action.) If it worked, congratulations! You have properly configured Samba to act as a domain controller for Windows 95/98 machines and your client is successfully connected.

+

+ +6.5.2.2 Windows NT 4.0

To configure Windows NT for domain logons, open the Network configuration dialog in the Windows NT Control Panel. The first tab that you see should list the identification of the machine.

+Press the Change button and you should see the dialog box shown in +Figure 6.5. In this dialog box, you can choose to have the Windows NT client become a member of the domain by selecting the radio button marked Domain in the "Member of" box. Then, type in the domain that you wish the client to login to; it should be the same as the workgroup that you specified in the Samba configuration file. Do not check the box marked "Create a Computer Account in the Domain" - Samba does not currently support this functionality.

+ +Figure 6.5: Configuring a Windows NT client for domain logons

Figure 6.5
+

+ +WARNING: Like Windows 95/98, if NT complains that you are already logged in, you probably have an active connection to a share in the workgroup (such as a mapped network drive). Disconnect the resource temporarily by right-clicking on its icon and choosing the Disconnect pop-up menu item.

+After you press the OK button, Windows should present you with a small dialog box welcoming you to the domain. At this point, you will need to reset the Windows NT machine. Once it comes up again, the machine will automatically present you with a log on screen similar to the one for Windows 95/98 clients. You can now log in using any account that you have already on the Samba server that is configured to accept logins.

+

+ +WARNING: Be sure to select the correct domain in the Windows NT logon dialog box. Once selected, it may take a moment for Windows NT to build the list of available domains.

+After you enter the password, Windows NT should consult the primary domain controller (Samba) to see if the password is correct. Again, you can check the log files if you want to see this in action. If it worked, you have successfully configured Samba to act as a domain controller for Windows NT machines.

+

+ +6.5.3 Domain Options

+ +Table 6.9 shows the options that are commonly used in association with domain logons.


+ + + + + + + + + +
+ +Table 6.9: Windows 95/98 Domain Logon Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +domain logons

 +

+boolean

 +

+Indicates whether Windows domain logons are to be used.

 +

+ +no

 +

+Global

+

+ +domain group map

 +

+string (fully-qualified pathname)

 +

+Name of the file used to map Unix to Windows NT domain groups.

 +

+None

 +

+Global

+

+ +domain user map

 +

+string (fully-qualified pathname)

 +

+Name of the file used to map Unix to Windows NT domain users.

 +

+None

 +

+Global

+

+ +local group map

 +

+string (fully-qualified pathname)

 +

+Name of the file used to map Unix to Windows NT local groups.

 +

+None

 +

+Global

+

+ +revalidate

 +

+boolean

 +

+If +yes, Samba forces users to authenticate themselves with each connection to a share.

 +

+ +no

 +

+Share

+

+ +6.5.3.1 domain logons

+This option configures Samba to accept domain logons as a primary domain controller. When a client successfully logs on to the domain, Samba will return a special token to the client that allows the client to access domain shares without consulting the PDC again for authentication. Note that the Samba machine must be in user-level security (security += +user) and must be the PDC in order for this option to function. In addition, Windows machines will expect a +[netlogon] share to exist on the Samba server (see the section +Section 6.5.1, Configuring Samba for Windows Domain Logons, earlier in this chapter).

+

+ +6.5.3.2 domain group map

+This option specifies the location of a mapping file designed to translate Windows NT domain group names to Unix group names. The file should reside on the Samba server. For example:

+/usr/local/samba/private/groups.mapping

+The file has a simple format:

UnixGroup = NTGroup

+An example is:

+admin = Administrative

+The specified Unix group should be a valid group in the +/etc/group file. The NT group should be the name to which you want the Unix group to map on an NT client. This option will work only with Windows NT clients.

+

+ +6.5.3.3 domain user map

+This option specifies the location of a mapping file designed to translate Unix usernames to Windows NT domain usernames. The file should reside on the Samba server. For example:

/usr/local/samba/private/domainuser.mapping

The file has a simple format:

UnixUsername = [\\Domain\\]NTUserName

+An example entry is:

+joe = Joseph Miller

+The Unix name specified should be a valid username in the +/etc/passwd file. The NT name should be the username to which you want to Unix username to map on an NT client. This option will work with Windows NT clients only.

+If you would like more information on how Windows NT uses domain usernames and local groups, we recommend Eric Pearce's +Windows NT in a Nutshell, published by O'Reilly.

+

+ +6.5.3.4 local group map

+This option specifies the location of a mapping file designed to translate Windows NT local group names to Unix group names. Local group names include those such as Administrator and Users. The file should reside on the Samba server. For example:

/usr/local/samba/private/localgroup.mapping

The file has a simple format:

UnixGroup = [BUILTIN\]NTGroup

+An example entry is:

+root = BUILTIN\Administrators

+This option will work with Windows NT clients only. For more information, see Eric Pearce's +Windows NT in a Nutshell (O'Reilly).

+

+ +6.5.3.5 revalidate

+This share-level option tells Samba to force users to authenticate with passwords each time they connect to a different share on a machine, no matter what level of security is in place on the Samba server. The default value is +no, which allows users to be trusted once they successfully authenticate themselves. You can override it as:

+revalidate = yes

+You can use this option to increase security on your system. However, you should weigh it against the inconvenience of having users revalidate themselves to every share.

+
+
+
+ + +
+ +Previous: 6.4 Passwords + + + +Next: 6.6 Logon Scripts
+6.4 Passwords + +Book Index +6.6 Logon Scripts
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch06_06.html b/docs/htmldocs/using_samba/ch06_06.html new file mode 100644 index 00000000000..f80e4d37464 --- /dev/null +++ b/docs/htmldocs/using_samba/ch06_06.html @@ -0,0 +1,537 @@ + + + +[Chapter 6] 6.6 Logon Scripts + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 6.5 Windows Domains + + + +Chapter 6
+Users, Security, and Domains 		+ +Next: 7. Printing and Name Resolution
 
+ +
+
+

+ +6.6 Logon Scripts

Samba supports the execution of Windows logon scripts, which are scripts (.BAT or .CMD) that are executed on the client when a user logs on to a Windows domain. Note that these scripts are stored on the Unix side, but are transported across the network to the client side and executed once a user logs on. These scripts are invaluable for dynamically setting up network configurations for users when they log on. The downside is that because they run on Windows, they must use the Windows network configuration commands.

+If you would like more information on NET commands, we recommend the following O'Reilly handbooks: +Windows NT in a Nutshell, +Windows 95 in a Nutshell, and +Windows 98 in a Nutshell.

+You can instruct Samba to use a logon script with the +logon +script option, as follows:

+[global]
+	domain logons = yes
+	security = user
+	workgroup = SIMPLE
+
+	os level = 34
+	local master = yes
+	preferred master = yes
+	domain master = yes
+	logon script = %U.bat
+
+[netlogon]
+	comment = The domain logon service
+	path = /export/samba/logon
+	public = no
+	writeable = no
+	browsable = no

+Note that this example uses the +%U variable, which will individualize the script based on the user that is logging in. It is common to customize logon scripts based on the user or machine name that is logging onto the domain. These scripts can then be used to configure individual settings for users or clients.

+Each logon script should be stored at the base of the +[netlogon] share. For example, if the base of the +[netlogon] share is +/export/samba/logon and the logon script is +jeff.bat, the file should be located at +/export/samba/logon/jeff.bat. When a user logs on to a domain that contains a startup script, he or she will see a small dialog that informs them that the script is executing, as well as any output the script generates in an MS-DOS-like box.

+One warning: because these scripts are loaded by Windows and executed on the Windows side, they must consist of DOS formatted carriage-return/linefeed characters instead of Unix carriage returns. It's best to use a DOS- or Windows-based editor to create them.

+Here is an example of a logon script that sets the current time to match that of the Samba server and maps two network drives, +h and +i, to individual shares on the server:

+#  Reset the current time to that shown by the server.
+#  We must have the "time server = yes" option in the
+#  smb.conf for this to work.
+
+echo Setting Current Time...
+net time \\hydra /set /yes
+
+#  Here we map network drives to shares on the Samba
+#  server
+echo Mapping Network Drives to Samba Server Hydra...
+net use h: \\hydra\data
+net use i: \\hydra\network
+

+ +6.6.1 Roaming profiles

+ +In Windows 95 and NT, each user can have his or her own +profile. A profile bundles information such as: the appearance of a user's desktop, the applications that appear on the start menus, the background, and other miscellaneous items. If the profile is stored on a local disk, it's called a +local profile, since it describes what a user's environment is like on one machine. If the profile is stored on a server, on the other hand, the user can download the same profile to any client machine that is connected to the server. The latter is called a +roaming profile because the user can roam around from machine to machine and still use the same profile. This makes it particularly convenient when someone might be logging in from his or her desk one day and from a portable in the field the next. +Figure 6.6 illustrates local and roaming profiles.

+ +Figure 6.6: Local profiles versus roaming profiles

Figure 6.6

+ + + +

Samba will provide roaming profiles if it is configured for domain logons +and you set logon path to the user's home +directory and logon home to a +subdirectory of the user's home directory used to store profiles. These +options are typically used with one of the user variables, as shown in this +example: +

+[global]
+        domain logons = yes
+        security = user
+	workgroup = SIMPLE
+	os level = 34
+	local master = yes
+	preferred master = yes
+	domain master = yes
+
+	logon home = \\%N\%U
+	logon path = \\%N\%U\profile 
+
+

Samba versions previous to 2.0.6 allowed Win9X machines to store +profiles in separate shares, but that prevented the clients from setting +their logon path so they could get their home +directory mounted by saying "net use /home". This was corrected in +2.0.6.

+ + + + + +Once a user initially logs on, the Windows client will create a +user.dat or +ntuser.dat file - depending on which operating system the client is running. The client then uploads the contents of the desktop, the Start Menu, the Network Neighborhood, and the programs folders in individual folders in the directory. When the user subsequently logs on, those contents will be downloaded from the server and activated for the client machine with which the user is logging on. When he or she logs off, those contents will be uploaded back on the server until the next time the user connects. If you look at the directory listing of a profile folder, you'll see the following:

+# ls -al 
+
+total 321
+drwxrwxr-x   9 root  simple    Jul 21 20:44 .
+drwxrwxr-x   4 root  simple    Jul 22 14:32 ..
+drwxrwx---   3 fred  develope  Jul 12 07:15 Application Data
+drwxrwx---   3 fred  develope  Jul 12 07:15 Start Menu
+drwxrwx---   2 fred  develope  Jul 12 07:15 cookies
+drwxrwx---   2 fred  develope  Jul 12 07:15 desktop
+drwxrwx---   7 fred  develope  Jul 12 07:15 history
+drwxrwx---   2 fred  develope  Jul 12 07:15 nethood
+drwxrwx---   2 fred  develope  Jul 19 21:05 recent
+-rw-------   1 fred  develope  Jul 21 21:59 user.dat

+The +user.dat files are binary configuration files, created automatically by Windows. They can be edited with the Profile Editor on a Windows client, but they can be somewhat tricky to get correct. Samba supports them correctly for all clients up to NT 5.0 beta, but they're still relatively new.

+Hints and HOWTOs for handling logon scripts are available in the Samba documentation tree, in both +docs/textdocs/DOMAIN.txt and +docs/textdocs/PROFILES.txt. +

+

+ +6.6.2 Mandatory profiles

Users can also have +mandatory profiles, which are roaming profiles that they cannot change. For example, with a mandatory profile, if a user adds a command to the Start Menu on Tuesday, it will be gone when he or she logs in again on Wednesday. The mandatory profile is simply a +user.dat file that has been renamed to +user.man and made read-only on the Unix server. It normally contains settings that the administrator wishes to ensure the user always executes. For example, if an administrator wants to create a fixed user configuration, he or she can do the following:

    +
  1. +

    + +Create the read-write directory on the Samba server.

  2. +

    + +Set the +logon +path option in the +smb.conf file to point to this directory.

  3. +

    + +Logon as the user from Windows 95/98 to have the client populate the directory.

  4. +

    + +Rename the resulting +user.dat to +user.man.

  5. +

    + +Make the directory and its contents read only.

+Mandatory profiles are fairly unusual. Roaming profiles, on the other hand, are one of the more desirable features of Windows that Samba can support.

+

+ +6.6.3 Logon Script Options

+Table 6.10 summarizes the options commonly used in association with Windows domain logon scripts.


+ + + + + + + + +
+ +Table 6.10: Logon Script Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +logon script

 +

+string (DOS path)

 +

+Name of DOS/NT batch file

 +

+None

 +

+Global

+

+ +logon path

 +

+string (UNC server and share name)

 +

+Location of roaming profile for user

 +

+ +\\%N\%U\profile

 +

+Global

+

+ +logon drive

 +

+string (drive letter)

 +

+Specifies the logon drive for a home directory (NT only)

 +

+ +Z:

 +

+Global

+

+ +logon home

 +

+string (UNC server and share name)

 +

+Specifies a location for home directories for clients logging on to the domain

 +

+ +\\%N\%U

 +

+Global

+

+ +6.6.3.1 logon script

+This option specifies a Windows .BAT or .CMD file with lines ending in carriage-return/line feed that will be executed on the client after a user has logged on to the domain. Each logon script should be stored at the base of a share entitled +[netlogin] (see the section +Section 6.5.1 for details.) This option frequently uses the +%U or +%m variables (user or NetBIOS name) to point to an individual script. For example:

+logon script = %U.bat

+will execute a script based on the username located at the base of the +[netlogin] share. If the user who is connecting is +fred and the path of the +[netlogin] share maps to the directory +/export/samba/netlogin, the script should be +/export/samba/netlogin/fred.bat. Because these scripts are downloaded to the client and executed on the Windows side, they must consist of DOS formatted carriage-return/linefeed characters instead of Unix carriage returns.

+

+ +6.6.3.2 logon path

+This option provides a location for roaming profiles. When the user logs on, a roaming profile will be downloaded from the server to the client and activated for the user who is logging on. When the user logs off, those contents will be uploaded back on the server until the next time the user connects.

+It is often more secure to create a separate share exclusively for storing user profiles:

+logon path = \\hydra\profile\%U

+For more informaiton on this option, see the section +Section 6.6, Logon Scripts, earlier in this chapter.

+

+ +6.6.3.3 logon drive

+This option specifies the drive letter on an NT client to which the home directory specified with the +logon +home option will be mapped. Note that this option will work with Windows NT clients only. For example:

+logon home = I:

+You should always use drive letters that will not conflict with fixed drives on the client machine. The default is Z:, which is a good choice because it is as far away from A:, C:, and D: as possible.

+

+ +6.6.3.4 logon home

+This option specifies the location of a user's home directory for use by the DOS NET commands. For example, to specify a home directory as a share on a Samba server, use the following:

+logon home = \\hydra\%U

+Note that this works nicely with the +[homes] service, although you can specify any directory you wish. Home directories can be mapped with a logon script using the following command:

+NET USE I: /HOME

+In addition, you can use the User Environment Profile under User Properties in the Windows NT User Manager to verify that the home directory has automatically been set.

+

+ +6.6.4 Other Connection Scripts

After a user successfully makes a connection to any Samba share, you may want the Samba server to execute a program on its side to prepare the share for use. Samba allows scripts to be executed before and after someone connects to a share. You do not need to be using Windows domains to take advantage of the options. +Table 6.11 introduces some of the configuration options provided for setting up users.


+ + + + + + + + +
+ +Table 6.11: Connection Script Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +root preexec

 +

+string (Unix command)

 +

+Sets a command to run as +root, before connecting to the share.

 +

+None

 +

+Share

+

+ +preexec (exec)

 +

+string (Unix command)

 +

+Sets a Unix command to run as the user before connecting to the share.

 +

+None

 +

+Share

+

+ +postexec

 +

+string (Unix command)

 +

+Sets a Unix command to run as the user after disconnecting from the share.

 +

+None

 +

+Share

+

+ +root postexec

 +

+string (Unix command)

 +

+Sets a Unix command to run as +root after disconnecting from the share.

 +

+None

 +

+Share

+

+ +6.6.4.1 root preexec

+The first form of the logon command is called +root +preexec. This option specifies a Unix command as its value that will be run +as the root user before any connection to a share is completed. You should use this option specifically for performing actions that require root privilege. For example, +root +preexec can be used to mount CD-ROMs for a share that makes them available to the clients, or to create necessary directories. If no +root +preexec option is specified, there is no default action. Here is an example of how you can use the command to mount a CD-ROM:

+[homes]
+	browseable = no
+	writeable = yes
+	root preexec = /etc/mount /dev/cdrom2

+Remember that these commands will be run as the root user. Therefore, in order to ensure security, users should never be able to modify the target of the +root +preexec command.

+

+ +6.6.4.2 preexec

+The next option run before logon is the +preexec option, sometimes just called +exec. This is an ordinary unprivileged command run by Samba as the user specified by the variable +%u. For example, a common use of this option is to perform logging, such as the following:

+[homes]
+preexec = echo "%u connected to %S from %m (%I)\" >>/tmp/.log

+Be warned that any information the command sends to standard output will not be seen by the user, but is instead thrown away. If you intend to use a +preexec script, you should ensure that it will run correctly before having Samba invoke it.

+

+ +6.6.4.3 postexec

+Once the user disconnects from the share, the command specified with +postexec is run as the user on the Samba server to do any necessary cleanup. This option is essentially the same as the +preexec option. Again, remember that the command is run as the user represented by +%u and any information sent to standard output will be ignored.

+

+ +6.6.4.4 root postexec

+Following the +postexec option, the +root +postexec command is run, if one has been specified. Again, this option specifies a Unix command as its value that will be run +as the root user before disconnecting from a share. You should use this option specifically for performing actions that require root privilege.

+

+ +6.6.5 Working with NIS and NFS

+Finally, Samba has the ability to work with NIS and NIS+. If there is more than one file server, and each runs Samba, it may be desirable to have the SMB client connect to the server whose disks actually house the user's home directory. It isn't normally a good idea to ship files across the network once via NFS to a Samba server, only to be sent across the network once again to the client via SMB. (For one thing, it's slow - about 30 percent of normal Samba speed). Therefore, there are a pair of options to tell Samba that NIS knows the name of the right server and indicate in which NIS map the information lives.

+ +Table 6.12 introduces some of the other configuration options specifically for setting up users.


+ + + + + + +
+ +Table 6.12: NIS Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +nis homedir

 +

+boolean

 +

+If +yes, use NIS instead of +/etc/passwd to look up the path of a user's home directory

 +

+ +no

 +

+Global

+

+ +homedir map

 +

+string (NIS map name)

 +

+Sets the NIS map to use to look up a user's home directory

 +

+None

 +

+Global

+

+ +6.6.5.1 nis homedir and homedir map

+The +nis +homedir and +homedir +map options are for Samba servers on network sites where Unix home directories are provided using NFS, the automounter, and NIS (Yellow Pages).

+The +nis +homedir option indicates that the home directory server for the user needs to be looked up in NIS. The +homedir +map option tells Samba what NIS map to look in for the server that has the user's home directory. The server needs to be a Samba server, so the client can do an SMB connect to it, and the other Samba servers need to have NIS installed so they can do the lookup.

+For example, if user +joe asks for a share called +[joe], and the +nis +homedir option is set to +yes, Samba will look in the file specified by +homedir +map for a home directory for +joe. If it finds one, Samba will return the associated machine name to the client. The client will then try to connect to +that machine and get the share from there. Enabling NIS lookups looks like the following:

+[globals]
+	nis homedir = yes
+	homedir map = amd.map
+
+
+
+ + +
+ +Previous: 6.5 Windows Domains + + + +Next: 7. Printing and Name Resolution
+6.5 Windows Domains + +Book Index +7. Printing and Name Resolution
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch07_01.html b/docs/htmldocs/using_samba/ch07_01.html new file mode 100644 index 00000000000..a061c6a94ee --- /dev/null +++ b/docs/htmldocs/using_samba/ch07_01.html @@ -0,0 +1,565 @@ + + + +[Chapter 7] Printing and Name Resolution + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 6.6 Logon Scripts + + +Chapter 7 + +Next: 7.2 Printing to Windows Client Printers
 
+ +
+
+

+ +7. Printing and Name Resolution

+

+ +Contents:
+ +Sending Print Jobs to Samba
+ +Printing to Windows Client Printers
+ +Name Resolution with Samba

+

This chapter tackles two Samba topics: setting up printers for use with a Samba server and configuring Samba to use or become a Windows Internet Name Service (WINS) server. Samba allows client machines to send documents to printers connected to the Samba server. In addition, Samba can also assist you with printing Unix documents to a printer on a Windows machine. In the first part of this chapter, we will discuss how to get printers configured to work on either side.

+In the second half of the chapter, we will introduce the Windows Internet Name Service, Microsoft's implementation of a NetBIOS Name Server (NBNS). As mentioned in Chapter 1, Learning the Samba, an NBNS allows machines to perform name resolution on a NetBIOS network without having to rely on broadcasts. Instead, each machine knows exactly where the WINS server is and can query it for the IP addresses of other machines on the network.

+

+ + +7.1 Sending Print Jobs to Samba

A printer attached to the Samba server shows up in the list of shares offered in the Network Neighborhood. If the printer is registered on the client machine and the client has the correct printer driver installed, the client can effortlessly send print jobs to a printer attached to a Samba server. +Figure 7.1 shows a Samba printer as it appears in the Network Neighborhood of a Windows client.

To administer printers with Samba, you should understand the basic process by which printing takes place on a network. Sending a print job to a printer on a Samba server involves four steps:

    +
  1. +

    + +Opening and authenticating a connection to the printer share

  2. +

    + +Copying the file over the network

  3. +

    + +Closing the connection

  4. +

    + +Printing and deleting the copy of the file

    + +Figure 7.1: A Samba printer in the Network Neighborhood

    Figure 7.1

+When a print job arrives at a Samba server, the print data is temporarily written to disk in the directory specified by the +path option of the printer share. Samba then executes a Unix print command to send that data file to the printer. The job is printed as the authenticated user of the share. Note that this may be the guest user, depending on how the share is configured.

+

+ +7.1.1 Print Commands

In order to print the document, you'll need to tell Samba what the command is to print and delete a file. On Linux, such a command is:

+lpr -r -Pprinter file

+This tells +lpr to copy the document to a spool area, usually +/var/spool, retrieve the name of the printer in the system configuration file (/etc/printcap), and interpret the rules it finds there to decide how to process the data and which physical device to send it to. Note that because the +-r option has been listed, the file specified on the command line will be deleted after it has been printed. Of course, the file removed is just a copy stored on the Samba server; the original file on the client is unaffected.

+Linux uses a Berkeley (BSD) style of printing. However, the process is similar on System V Unix. Here, printing and deleting becomes a compound command:

lp -dprinter -s file; rm  file

+With System V, the +/etc/printcap file is replaced with different set of configuration files hiding in +/usr/spool/lp, and there is no option to delete the file. You have to do it yourself, which is why we have added the +rm command afterward.

+

+ +7.1.2 Printing Variables

Samba provides four variables specifically for use with printing configuration options. They are shown in +Table 7.1.


+ + + + + + + + +
+ +Table 7.1: Printing Variables
+

+Variable

 +

+Definition

+

+ +%s

 +

+The full pathname of the file on the Samba server to be printed

+

+ +%f

 +

+The name of the file itself (without the preceding path) on the Samba server to be printed

+

+ +%p

 +

+The name of the Unix printer to use

+

+ +%j

 +

+The number of the print job (for use with +lprm, +lppause, and +lpresume)

+

+ +7.1.3 A Minimal Printing Setup

Let's start with a simple but illustrative printing share. Assuming that you're on a Linux system and you have a printer called +lp listed in the printer capabilities file, the following addition to your +smb.conf file will make the printer accessible through the network:

+[printer1]
+	printable = yes
+	print command = /usr/bin/lpr -r  %s
+	printer = lp
+	printing = BSD
+	read only = yes
+	guest ok = yes

+This configuration allows anyone to send data to the printer, something we may want to change later. For the moment, what's important to understand is that the variable +%s in the +print +command option will be replaced with the name of the file to be printed when Samba executes the command. Changing the +print command to reflect a different style of Unix machine typically involves only replacing the right side of the +print +command option with whatever command you need for your system and changing the target of the +printing option.

+Let's look at the commands for a System V Unix. With variable substitution, the System V Unix command becomes:

+print command = lp -d%p -s %s; rm %s

+As mentioned earlier, the +%p variable resolves to the name of the printer, while the +%s variable resolves to the name of the file. After that, you can change the +printing option to reflect that you're using a System V architecture:

+printing = SYSV

+If you are using share-level security, pay special attention to the guest account used by Samba. The typical setting, +nobody, may not be allowed to print by the operating system. If that's true for your operating system, you should place a +guest +account option under the printing share (or even perhaps the global share) specifying an account that can. A popular candidate with the Samba authors is the +ftp account, which is often preconfigured to be safe for untrusted guest users. You can set it with the following command:

+guest account = ftp

+Another common printing issue is that clients may need to request the status of a print job sent to the Samba server. Samba will not reject a document from being sent to an already busy printer share. Consequently, Samba needs the ability to communicate not only the status of the current printing job to the client, but also which documents are currently waiting to be printed on that printer. Samba also has to provide the client the ability to pause print jobs, resume print jobs, and remove print jobs from the printing queue. Samba provides options for each of these tasks. As you might expect, they borrow functionality from existing Unix commands. The options are:

    +
  • +

    + + +lpq command

  • +

    + + +lprm command

  • +

    + + +lppause command

  • +

    + + +lpresume command

+We will cover these options in more detail below. For the most part, however, the value of the +printing configuration option will determine their values, and you should not need to alter the default values of these options.

+Here are a few important items to remember about printing shares:

    +
  • +

    + +You must put +printable += +yes in all printer shares (even +[printers]), so that Samba will know that they are printer shares. If you forget, the shares will not be usable for printing and will instead be treated as disk shares.

  • +

    + +If you set the +path configuration option in the printer section, any files sent to the printer(s) will be copied to the directory you specify instead of to the default location of +/tmp. As the amount of disk space allocated to +/tmp can be relatively small in some Unix operating systems, many administrators opt to use +/var/spool or some other directory instead.

  • +

    + +The +read only option is ignored for printer shares.

  • +

    + +If you set +guest +ok += +yes in a printer share and Samba is configured for share-level security, it will allow anyone to send data to the printer as the +guest +account user.

+Using one or more Samba machines as a print server gives you a great deal of flexibility on your LAN. You can easily partition your available printers, restricting some to members of one department, or you can maintain a bank of printers available to all. In addition, you can restrict a printer to a selected few by adding the trusty +valid +users option to its share definition:

+[deskjet]
+	printable = yes
+	path = /var/spool/samba/print
+	valid users = gail sam

+All of the other share accessibility options defined in the previous chapter should work for printing shares as well. Since the printers themselves are accessed through Samba by name, it's also simple to delegate print services among several servers using familiar Unix commands for tasks such as load balancing or maintenance.

+

+ +7.1.4 The [printers] Share

+Chapter 4, Disk Shares , briefly introduced +[printers], a special share for automatically creating printing services. Let's review how it works: if you create a share named +[printers] in the configuration file, Samba will automatically read in your printer capabilities file and create a printing share for each printer that appears in the file. For example, if the Samba server had +lp, +pcl and +ps printers in its printer capabilities file, Samba would provide three printer shares with those names, each configured with the options in the +[printers] share.

Recall that Samba obeys following rules when a client requests a share that has not been created through the +smb.conf file:

    +
  • +

    + +If the share name matches a username in the system password file and a +[homes] share exists, a new share is created with the name of the user and is initialized using the values given in the +[homes] and +[global] sections.

  • +

    + +Otherwise, if the name matches a printer in the system printer capabilities file, and a +[printers] share exists, a new share is created with the name of the printer and initialized using the values given in the +[printers] section. (Variables in the +[global] section do not apply here.)

  • +

    + +If neither of those succeed, Samba looks for a +default +service share. If none is found, it returns an error.

+This brings to light an important point: be careful that you do not give a printer the same name as a user. Otherwise, you will end up connecting to a disk share when you may have wanted a printer share instead.

+Here is an example +[printers] share for a Linux (BSD) system. Some of these options are already defaults; however, we have listed them anyway for illustrative purposes:

+[global] 
+	printing = BSD
+	print command = /usr/bin/lpr -P%p -r %s 
+	printcap file = /etc/printcap 
+	min print space = 2000
+
+[printers] 
+	path = /usr/spool/public 
+	printable = true  
+	guest ok = true 
+	guest account = pcguest

+Here, we've given Samba global options that specify the printing type (BSD), a print command to send data to the printer and remove a temporary file, our default printer capabilities file, and a minimum printing space of 2 megabytes.

+In addition, we've created a +[printers] share for each of the system printers. Our temporary spooling directory is specified by the +path option: +/usr/spool/public. Each of the shares is marked as printable - this is necessary, even in the +[printers] section. The two +guest options are useful in the event that Samba is using share-level security: we allow guest access to the printer and we specify the guest user that Samba should use to execute print commands.

+

+ +7.1.5 Test Printing

Here is how you can test printing from the Samba server. Let's assume the most complex case and use a guest account. First, run the Samba +testparm command on your configuration file that contains the print shares, as we did in Chapter 2, Installing Samba on a Unix System. This will tell you if there are any syntactical problems with the configuration file. For example, here is what you would see if you left out the +path configuration option in the previous example:

+# testparm 
+Load smb config files from /usr/local/samba/lib/smb.conf 
+Processing configuration file "/usr/local/samba/lib/smb.conf" 
+Processing section "[global]" 
+Processing section "[homes]" 
+Processing section "[data]" 
+Processing section "[printers]" 
+No path in service printers - using /tmp 
+Loaded services file OK. 
+Press enter to see a dump of your service definitions
+Global parameters: 
+	load printers: Yes 
+	printcap name: /etc/printcap
+Default service parameters: 
+	guest account: ftp 
+	min print space: 0 
+	print command: lpr -r -P%p %s 
+	lpq command: lpq -P%p 
+	lprm command: lprm -P%p %j 
+lppause command: 
+	lpresume command: 
+ Service parameters [printers]: 
+	path: /tmp 	
+	print ok: Yes 
+	read only: true 
+	public: true

+Second, try the command +testprns + +printername. This is a simple program that verifies that the specified printer is available in your +printcap file. If your +printcap file is not in the usual place, you can specify its full pathname as the second argument to the +testprns command:

+# testprns lp /etc/printcap
+Looking for printer lp in printcap file /etc/printcap
+Printer name lp is valid.

+Next, log on as the guest user, go to the spooling directory, and ensure that you can print using the same command that +testparm says Samba will use. As mentioned before, this will tell you if you need to change the guest account, as the default account may not be allowed to print.

+Finally, print something to the Samba server via +smbclient, and see if the following actions occur:

    +
  • +

    + +The job appears (briefly) in the Samba spool directory specified by the path.

  • +

    + +The job shows up in your print systems spool directory.

  • +

    + +The job disappears from the spool directory that Samba used.

+If +smbclient cannot print, you can reset the +print +command option to collect debugging information:

+print command = /bin/cat %s >>/tmp/printlog; rm %s

+or:

+print command = echo "printed %s on %p" >>/tmp/printlog

+A common problem with Samba printer configuration is forgetting to use the full pathnames for commands; simple commands often don't work because the guest account's PATH doesn't include them. Another frequent problem is not having the correct permissions on the spooling directory.

There is more information on debugging printers in the Samba documentation (Printing.txt). In addition, the Unix print systems are covered in detail in AEleen Frisch's +Essential Systems Administration (published by O'Reilly).

+

+ +7.1.6 Setting Up and Testing a Windows Client

Now that Samba is offering a workable printer, you need to set it up on a Windows client. Look at the Samba server in the Network Neighborhood. It should now show each of the printers that are available. For example, in +Figure 7.1, we saw a printer called +lp.

+Next, you need to have the Windows client recognize the printer. Double-click on the printer icon to get started. If you try to select an uninstalled printer (as you just did), Windows will ask you if it should help configure it for the Windows system. Respond "Yes," which will open the Printer Wizard.

+The first thing the wizard will ask is whether you need to print from DOS. Let's assume you don't, so choose No and press the Next button to get to the manufacturer/model window as shown in +Figure 7.2.

+ +Figure 7.2: A printer in the Network Neighborhood

Figure 7.2

+In this dialog box, you should see a large list of manufacturers and models for almost every printer imaginable. If you don't see your printer on the list, but you know it's a PostScript printer, select Apple as the manufacturer and Apple LaserWriter as the model. This will give you the most basic Postscript printer setup, and arguably one of the most reliable. If you already have any Postscript printers attached, you will be asked about replacing or reusing the existing driver. Be aware that if you replace it with a new one, you may make your other printers fail. Therefore, we recommend you keep using your existing printer drivers as long as they're working properly.

+Following that, the Printer Wizard will ask you to name the printer. +Figure 7.3 shows this example, where the name has defaulted to our second laserwriter. Here, you rename it from Apple Laserwriter (Copy 2) to "ps on Samba server," so you know where to look for the printouts. In reality, you can name the printer anything you want.

+ +Figure 7.3: Printer manufacturers and models

Figure 7.3

+Finally, the Printing Wizard asks if it should print a test page. Click on Yes, and you should be presented with the dialog in +Figure 7.4.

+ +Figure 7.4: Printing successfully completed

Figure 7.4

+If the test printing was unsuccessful, press the No button in +Figure 7.4 and the Printing Wizard will walk you through some debugging steps for the client side of the process. If the test printing does work, congratulations! The remote printer will now be available to all your PC applications through the File and Print menu items.

+

+ +7.1.7 Automatically Setting Up Printer Drivers

The previous section described how to manually configure a printer driver for your Windows system. As a system administrator, however, you can't always guarantee that users can perform such a process without making mistakes. Luckily, however, you can ask Samba to automatically set up the printer drivers for a specific printer.

+Samba has three options that can be used to automatically set up printer drivers for clients who are connecting for the first time. These options are +printer +driver, +printer +driver +file, and +printer +driver +location. This section explains how to use these options to allow users to skip over the Manufacturer dialog in the Add Printer Wizard above.

+For more information on how to do this, see the +PRINTER_DRIVER.TXT file in the Samba distribution documentation.

+There are four major steps:

    +
  1. +

    + +Install the drivers for the printer on a Windows client (the printer need not be attached).

  2. +

    + +Create a printer definition file from the information on a Windows machine.

  3. +

    + +Create a +PRINTER$ share where the resulting driver files can be placed.

  4. +

    + +Modify the Samba configuration file accordingly.

+Let's go over each of the four steps in greater detail.

+

+ +7.1.7.1 Install the drivers on a windows client

+Use Windows 95/98 for this step. It doesn't matter which client you choose, as long as it has the ability to load the appropriate drivers for the printer. In fact, you don't even need to have the printer attached to the machine. All you're interested in here is getting the appropriate driver files into the Windows directory. First, go to the Printers window of My Computer and double-click on the Add Printer icon, as shown in +Figure 7.5.

+ +Figure 7.5: The Printers window

Figure 7.5

+At this point, you can follow the Add Printer Wizard dialogs through to select the manufacturer and model of the printer in question. If it asks you if you want to print from MS-DOS, answer No. Windows should load the appropriate driver resources from its CD-ROM and ask you if you want to print a test page. Again, respond No and close the Add Printer Wizard dialog.

+

+ +7.1.7.2 Create a printer definition file

+You can create a printer definition file by using the +make_ printerdef script in the +/usr/local/samba/bin directory. In order to use this script, you need to copy over the following four files from a Windows client:[1]

+
+

+[1] Older Windows 95 clients may have only the first two files.

+ + + + +
+ +C:\WINDOWS\INF\MSPRINT.INF
+ +C:\WINDOWS\INF\MSPRINT2.INF
+ +C:\WINDOWS\INF\MSPRINT3.INF
+ +C:\WINDOWS\INF\MSPRINT4.INF

+Once you have the four files, you can create a printer definition file using the appropriate printer driver and its .INF file. If the printer driver starts with the letters A-K, use either the +MSPRINT.INF file or the +MSPRINT3.INF file. If it begins with the letters L-Z, use the +MSPRINT2.INF file or the +MSPRINT4.INF file. You may need to +grep through each of the files to see where your specific driver is. For the following example, we have located our driver in +MSPRINT3.INF and created a printer definition file for a HP DeskJet 560C printer:

+$grep "HP DeskJet 560C Printer" MSPRINT.INF MSPRINT3.INF
+MSPRINT3.INF: "HP DeskJet 560C Printer"=DESKJETC.DRV,HP_DeskJet_ ...
+
+$make_printerdef MSPRINT3.INF "HP DeskJet 560C Printer" >printers.def
+FOUND:DESKJETC.DRV
+End of section found
+CopyFiles: DESKJETC,COLOR_DESKJETC
+Datasection: (null)
+Datafile: DESKJETC.DRV
+Driverfile: DESKJETC.DRV
+Helpfile: HPVDJC.HLP
+LanguageMonitor: (null)
+
+Copy the following files to your printer$ share location:
+DESKJETC.DRV
+HPVCM.HPM
+HPVIOL.DLL
+HPVMON.DLL
+HPVRES.DLL
+HPCOLOR.DLL
+HPVUI.DLL
+HPVDJCC.HLP
+color\HPDESK.ICM

+Note the files that the script asks you to copy. You'll need those for the next step.

+

+ +7.1.7.3 Create a PRINTER$ share

This part is relatively easy. Create a share called +[PRINTER$] in your +smb.conf that points to an empty directory on the Samba server. Once that is done, copy over the files that the +make_ printerdef script requested of you into the location of the +path configuration option for the +[PRINTER$] share. For example, you can put the following in your configuration file:

+[PRINTER$]
+	path = /usr/local/samba/print
+	read only = yes
+	browsable = no
+	guest ok = yes

+The files requested by the +make_ printerdef script are typically located in the +C:\WINDOWS\SYSTEM directory, although you can use the following commands to find out exactly where they are:

+cd C:\WINDOWS
+dir 
+
+filename /s

+In this case, each of the files needs to be copied to the +/usr/local/samba/print directory on the Samba server. In addition, copy the +printers.def file that you created over to that share as well. Once you've done that, you're almost ready to go.

+

+ +7.1.7.4 Modify the Samba configuration file

+ +The last step is to modify the Samba configuration file by adding the following three options:

    +
  • +

    + + +printer +driver

  • +

    + + +printer +driver +file

  • +

    + + +printer +driver +location

+The +printer +driver +file is a global option that points to the +printers.def file; place that option in your +[global] section. The other options should be set in the printer share for which you wish to automatically configure the drivers. The value for +printer +driver should match the string that shows up in the Printer Wizard on the Windows system. The value of the +printer +driver +location is the pathname of the PRINTER$ share you set up, not the Unix pathname on the server. Thus, you could use the following:

+[global]
+	printer driver file = /usr/local/samba/print/printers.def
+[hpdeskjet]
+	path = /var/spool/samba/printers
+	printable = yes
+
+	printer driver = HP DeskJet 560C Printer
+	printer driver location = \\%L\PRINTER$

+Now you're ready to test it out. At this point, remove the Windows printer that you "set up" in the first step from the list of printers in the Printers window of My Computer. If Samba asks you to delete unneeded files, do so. These files will be replaced shortly on the client, as they now exist on the Samba server.

+

+ +7.1.7.5 Testing the configuration

+Restart the Samba daemons and look for the +[hpdeskjet] share under the machine name in the Network Neighborhood. At this point, if you click on the printer icon, you should begin the printer setup process and come to the dialog shown in +Figure 7.6.

+This is different from the dialog you saw earlier when setting up a printer. Essentially, the dialog is asking if you wish to accept the driver that is "already installed" - in other words, offered by Samba. Go ahead and keep the existing driver, and press the Next button. At this point, you can give the printer a name and print out a test page. If it works, the setup should be complete. You should be able to repeat the process now from any Windows client.

+ +Figure 7.6: Automatically configuring the printer driver

Figure 7.6
+
+
+
+ + +
+ +Previous: 6.6 Logon Scripts + + + +Next: 7.2 Printing to Windows Client Printers
+6.6 Logon Scripts + +Book Index +7.2 Printing to Windows Client Printers
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch07_02.html b/docs/htmldocs/using_samba/ch07_02.html new file mode 100644 index 00000000000..c9a9010e976 --- /dev/null +++ b/docs/htmldocs/using_samba/ch07_02.html @@ -0,0 +1,757 @@ + + + +[Chapter 7] 7.2 Printing to Windows Client Printers + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 7.1 Sending Print Jobs to Samba + + + +Chapter 7
+Printing and Name Resolution		 + +Next: 7.3 Name Resolution with Samba
 
+ +
+
+

+ +7.2 Printing to Windows Client Printers

If you have printers connected to clients running Windows 95/98 or NT 4.0, those printers can also be accessed from Samba. Samba comes equipped with a tool called +smbprint that can be used to spool print jobs to Windows-based printers. In order to use this, however, you need to set up the printer as a shared resource on the client machine. If you haven't already done this, you can reset this from the Printers window, reached from the Start button, as shown in +Figure 7.7.

+ +Figure 7.7: The Printers window

Figure 7.7

+Select a printer that's locally connected (for example, ours is the Canon printer), press the right mouse button to bring up a menu, and select Sharing. This will give you the Sharing tab of the Printer Properties frame, as shown in +Figure 7.8. If you want it available to everybody on your LAN as the Windows guest user, enter a blank password.

+ +Figure 7.8: The Sharing tab of the printer

Figure 7.8

+Once you've got this working, you can add your printer to the list of standard printers and Samba can make it available to all the other PCs in the workgroup. To make installation on Unix easier, the Samba distribution provides two sample scripts: +smbprint and +smbprint.sysv. The first works with BSD-style printers; the second is designed for System V printers.

+

+ +7.2.1 BSD printers

There are two steps you need to have a BSD Unix recognize a remote printer:

    +
  1. +

    + +Place an entry for the printer in the +/etc/printcap file (or equivalent).

  2. +

    + +Place a configuration file in the +/var/spool directory for the printer.

+First, edit your +/etc/printcap file and add an entry for the remote printer. Note that the input filter (if) entry needs to point to the +smbprint program if the machine is on Windows 95/98. The following set of lines will accomplish on a Linux machine, for example:

+laserjet:\
+  :sd=/var/spool/lpd/laser:\         
+
+# spool directory
+  :mx#0:\                            
+
+# maximum file size (none)
+  :sh:\                              
+
+# surpress burst header (no)
+  :if=/usr/local/samba/bin/smbprint: 
+
+# text filter

+After that, you need to create a configuration file in the spool directory that you specified with the +sd parameter above. (You may need to create that directory.) The file must have the name +.config and should contain the following information:

    +
  • +

    + +The NetBIOS name of the Windows machine with the printer

  • +

    + +The service name that represents the printer

  • +

    + +The password used to access that service

+The last two parameters were set up in the Sharing dialog for the requested resource on the Windows machine. In this case, the +.config file would have three lines:

+server = phoenix
+service = CANON
+password = ""

+After you've done that, reset the Samba server machine and try printing to it using any standard Unix program.

+

+ +7.2.2 System V printers

Sending print jobs from a System V Unix system is a little easier. Here, you need to get obtain the +smbprint.sysv script in the +/usr/local/samba/examples/printing directory and do the following:

    +
  1. +

    + +Change the +server, +service, and +password parameters in the script to match the NetBIOS machine, its shared printer service, and its password, respectively. For example, the following entries would be correct for the service in the previous example:

+server = phoenix
+service = CANON
+password = ""
    +
  1. +

    + +Run the following commands, which create a reference for the printer in the printer capabilities file. Note that the new Unix printer entry canon_printer is named:

+# lpadmin -p canon_printer -v /dev/null -i ./smbprint.sysv
+# enable canon_printer
+# accept canon_printer

+After you've done that, restart the Samba daemons and try printing to it using any standard Unix program. You should now be able to send data to a printer on a Windows client across the network.

+

+ +7.2.3 Samba Printing Options

+Table 7.2 summarizes the Samba printing options.


+ + + + + + + + + + + + + + + + + + + + + + +
+ +Table 7.2: Printing Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +printing

 +

+ +bsd, +sysv, +hpux, +aix, +qnx, +plp, +softq, or +lprng

 +

+Sets the print system type for your Unix system.

 +

+System dependent

 +

+Share

+

+ +printable (print ok)

 +

+boolean

 +

+Marks a share as a printing share.

 +

+ +no

 +

+Share

+

+ +printer (printer name)

 +

+string (Unix printer name)

 +

+Sets the name of the printer to be shown to clients.

 +

+System dependent

 +

+Share

+

+ +printer driver

 +

+string (printer driver name)

 +

+Sets the driver name that should be used by the client to send data to the printer.

 +

+None

 +

+Share

+

+ +printer driver file

 +

+string (fully-qualified pathname)

 +

+Sets the name of the printer driver file.

 +

+None

 +

+Global

+

+ +printer driver location

 +

+string (network pathname)

 +

+Specifies the pathname of the share for the printer driver file.

 +

+None

 +

+Share

+

+ +lpq cache time

 +

+numeric (time in seconds)

 +

+Sets the amount of time in seconds that Samba will cache the lpq status.

 +

+ +10

 +

+Global

+

+ +postscript

 +

+boolean

 +

+Treats all print jobs sent as postscript by prepending +%! at the beginning of each file.

 +

+ +no

 +

+Share

+

+ +load printers

 +

+boolean

 +

+Automatically loads each of the printers in the +printcap file as printing shares.

 +

+ +no

 +

+Global

+

+ +print command

 +

+string (shell command)

 +

+Sets the Unix command to perform printing.

 +

+See below

 +

+Share

+

+ +lpq command

 +

+string (shell command)

 +

+Sets the Unix command to return the status of the printing queue.

 +

+See below

 +

+Share

+

+ +lprm command

 +

+string (shell command)

 +

+Sets the Unix command to remove a job from the printing queue.

 +

+See below

 +

+Share

+

+ +lppause command

 +

+string (shell command)

 +

+Sets the Unix command to pause a job on the printing queue.

 +

+See below

 +

+Share

+

+ +lpresume command

 +

+string (shell command)

 +

+Sets the Unix command to resume a paused job on the printing queue.

 +

+See below

 +

+Share

+

+ +printcap name

+ +(printcap)

 +

+string (fully-qualified pathname)

 +

+Specifies the location of the printer capabilities file.

 +

+System dependent

 +

+Global

+

+ +min print space

 +

+numeric (size in kilobytes)

 +

+Sets the minimum amount of disk free space that must be present to print.

 +

+ +0

 +

+Share

+

+ +queuepause command

 +

+string (shell command)

 +

+Sets the Unix command to pause a queue.

 +

+See below

 +

+Share

+

+ +queueresume command

 +

+string (shell command)

 +

+Sets the Unix command to resume a queue.

 +

+See below

 +

+Share

+

+ +7.2.3.1 printing

+The +printing configuration option tells Samba a little about your Unix printing system, in this case which printing parser to use. With Unix, there are several different families of commands to control printing and print statusing. Samba supports seven different types, as shown in +Table 7.3.


+ + + + + + + + + + + + +
+ +Table 7.3: Printing Types
+

+Variable

 +

+Definition

+

+BSD

 +

Berkeley Unix system

+

+SYSV

 +

+System V

+

+AIX

 +

+AIX Operating System (IBM)

+

+HPUX

 +

+Hewlett-Packard Unix

+

+QNX

 +

+QNX Realtime Operating System (QNX)

+

+LPRNG

 +

+LPR Next Generation (Powell)

+

+SOFTQ

 +

+SOFTQ system

+

+PLP

 +

+Portable Line Printer (Powell)

+The value for this optio.n will be one of these seven options. For example:

+printing = SYSV

+The default value of this option is system dependent and is configured when Samba is first compiled. For most systems, the +configure script will automatically detect the printing system to be used and configure it properly in the Samba makefile. However, if your system is a PLP, LPRNG, or QNX printing system, you will need to explicitly specify this in the makefile or the printing share.

+The most common system types are BSD and SYSV. Each of the printers on a BSD Unix server are described in the printer capabilities file - normally +/etc/printcap.

+Setting the +printing configuration option automatically sets at least three other printing options for the service in question: +print +command, +lpq +command, and +lprm +command. If you are running Samba on a system that doesn't support any of these printing styles, simply set the commands for each of these manually.

+

+ +7.2.3.2 printable

+The printable option must be set to +yes in order to flag a share as a printing service. If this option is not set, the share will be treated as a disk share instead. You can set the option as follows:

+[printer1]
+	printable = yes
+

+ +7.2.3.3 printer

The option, sometimes called +printer +name, specifies the name of the printer on the server to which the share points. This option has no default and should be set explicitly in the configuration file, even though Unix systems themselves often recognize a default name such as +lp for a printer. For example:

+[deskjet]
+	printer = hpdkjet1
+

+ +7.2.3.4 printer driver

+The +printer +driver option sets the string that Samba uses to tell Windows what the printer is. If this option is set correctly, the Windows Printer Wizard will already know what the printer is, making installation easier for end users by giving them one less dialog to worry about. The string given should match the string that shows up in the Printer Wizard, as shown in +Figure 7.9. For example, an Apple LaserWriter typically uses +Apple LaserWriter; a Hewlett Packard Deskjet 560C uses +HP +DeskJet +560C +Printer.

+ +Figure 7.9: The Add Printer Wizard dialog box in Windows 98

Figure 7.9

+Automatically configuring printer drivers with Samba is explained in greater detail in the section +Section 7.1.7, Automatically Setting Up Printer Drivers, earlier in this chapter.

+

+ +7.2.3.5 printer driver file

+This global option gives the location of the Windows 95/98 printer driver definition file, which is needed to give printer drivers to clients using a Samba printer. The default value of this option is +/usr/local/samba/lib/printers.def. You can override this default as shown below:

+[deskjet]
+	printer driver file = /var/printers/printers.def

+This option is explained in greater detail in the section +Section 7.1.7, earlier in this chapter.

+

+ +7.2.3.6 printer driver location

+This option specifies a specific share that contains Windows 95 and 98 printer driver and definition files. There is no default parameter for this value. You can specify the location as a network pathname. A frequent approach is to use a share on your own machine, as shown here:

+[deskjet]
+	printer driver location = \\%L\PRINTER$

+This option is also explained in greater detail in the section +Section 7.1.7, earlier in this chapter.

+

+ +7.2.3.7 lpq cache time

The global +lpq +cache +time option allows you to set the number of seconds that Samba will remember the current printer status. After this time elapses, Samba will issue an +lpq command (or whatever command you specify with the +lpq +command option) to get a more up-to-date status. This defaults to 10 seconds, but can be increased if your +lpq +command takes an unusually long time to run or you have lots of clients. The following example resets the time to 30 seconds:

+[deskjet]
+	lpq cache time = 30
+

+ +7.2.3.8 postscript

+The +postscript option forces the printer to treat all data sent to it as Postscript. It does this by prepending the characters +%! at the beginning of the first line of each job. It is normally used with PCs that insert a +^D (control-D or end-of-file mark) in front of the first line of a PostScript file. It will not, obviously, turn a non-PostScript printer into a PostScript one. The default value of this options is +no. You can override it as follows:

[deskjet]
+	postscript = yes
+

+ +7.2.3.9 print command, lpq command, lprm command, lppause command, lpresume command

These options tell Samba which Unix commands used to control and send data to the printer. The Unix commands involved are: +lpr (send to Line PRinter), +lpq (List Printer Queue), +lprm (Line printer ReMove), and optionally +lppause and +lpresume. Samba provides an option named after each of these commands, in case you need to override any of the system defaults. For example, consider:

+lpq command = /usr/ucb/lpq %p

+This would set the +lpq command to use +/usr/ucb/lpq. Similarly:

+lprm command = /usr/local/lprm -P%p %j

+would set the Samba printer remove command to +/usr/local/lprm, and provide it the print job number using the +%j variable.

+The default values for each of these options are dependent on the value of the +printing option. +Table 7.4 shows the default commands for each of the printing options. The most popular printing system is BSD.


+ + + + + + + + + +
+ +Table 7.4: Default Commands for Various Printing Commands
+

+Option

 +

+BSD, AIX, PLP, LPRNG

 +

+SYSV, HPUX

 +

+QNX

 +

+SOFTQ

+

+ +print command

 + +lpr -r -P%p %s +lp -c -d%p %s; rm %s + +lp -r -P%p %s + +lp -d%p -s %s; rm %s
+

+ +lpq command

 + +lpq -P%p + +lpstat -o%p + +lpq -P%p + +lpstat -o%p
+ +lprm command + +lprm -P%p %j + +cancel %p-%j + +cancel %p-%j + +cancel %p-%j
+ +lppause command + +lp -i %p-%j -H hold (SYSV only) +None +None +None
+ +lpresume command + +lp -i %p-%j -H resume(SYSV only) +None +None + +qstat -s -j%j -r +

+It is typically not necessary to reset these options in Samba, with the possible exception of +print +command. This option may need to be explicitly set if your printing system doesn't have a +-r (remove after printing) option on the printing command. For example: 

+/usr/local/lpr -P%p %s; /bin/rm %s

+With a bit of judicious programming, these +smb.conf options can also used for debugging:

+print command = cat %s >>/tmp/printlog; lpr -r -P%p %s

+For example, this configuration can verify that files are actually being delivered to the Samba server. If they are, their contents will show up in the +/tmp/printlog file.

+After BSD, the next most popular kind of printing system is SYSV (or System V) printing, plus some SYSV variants for IBM's AIX and Hewlett-Packard's HP-UX. These system do not have an +/etc/printcap file. Instead, the +printcap +file option can be set to an appropriate +lpstat command for the system. This tells Samba to get a list of printers from the +lpstat command. Alternatively, you can set the global configuration option +printcap +name to the name of a dummy +printcap file you provide. In the latter case, the file must contain a series of lines such as:

+lp|print1|My Printer 1
+print2|My Printer 2
+print3|My Printer 3

+Each line names a printer, and provides aliases for it. In this example, the first printer is called +lp, +print1, or +My +Printer +1, whichever the user prefers to use. The first name will be used in place of +%p in any command Samba executes for that printer.

+Two additional printer types are also supported by Samba: LPRNG (LPR New Generation) and PLP (Public Line Printer). These are public domain and Open Source printing systems, and are used by many sites to overcome problems with vendor-supplied software. In addition, the SOFTQ and QNX realtime operating systems are supported by Samba.

+

+ +7.2.3.10 load printers

The +load +printers option tells Samba to create shares for all known printer names and load those shares into the browse list. Samba will create and list a printer share for each printer name in +/etc/printcap (or system equivalent). For example, if your +printcap file looks like this:[2]

+
+

+[2] We have placed annotated comments off to the side in case you've never dealt with this file before.

+lp:\
+  :sd=/var/spool/lpd/lp:\            
+
+# spool directory
+  :mx#0:\                            
+
+# maximum file size (none)
+  :sh:\                              
+
+# surpress burst header (no)
+  :lp=/dev/lp1:\                     
+
+# device name for output
+  :if=/var/spool/lpd/lp/filter:      
+
+# text filter
+
+laser:\
+  :sd=/var/spool/lpd/laser:\         
+
+# spool directory
+  :mx#0:\                            
+
+# maximum file size (none)
+  :sh:\                              
+
+# surpress burst header (no)
+  :lp=/dev/laser:\                   
+
+# device name for output
+  :if=/var/spool/lpd/lp/filter:      
+
+# text filter

+and you specify:

+load printers = yes

+the shares +[lp] and +[laser] will automatically be created as valid print shares when Samba is started. Both shares will borrow the configuration options specified in the +[printers] section to configure themselves, and will be available in the browse list for the Samba server.

+

+ +7.2.3.11 printcap name

+If the +printcap +name option (also called +printcap) appears in a printing share, Samba will use the file specified as the system printer capabilities file. This is normally +/etc/printcap. However, you can reset it to a file consisting of only the printers you want to share over the network. The value must be a fully-qualified filename of a printer capabilities file on the server:

+[deskjet]
+	printcap name = /usr/local/printcap
+

+ +7.2.3.12 min print space

+The +min +print +space option sets the amount of spool space that must be available on the disk before printing is allowed. Setting it to zero (the default) turns the check off; setting it to any other number sets the amount of free space in kilobytes required. This option helps avoid having print jobs fill up the remaining disk space on the server, which may cause other processes to fail:

+[deskjet]
+	min print space = 4000
+

+ +7.2.3.13 queuepause command

+This configuration option specifies a command that tells Samba how to pause a print queue entirely, as opposed to a single job on the queue. The default value depends on the printing type chosen. You should not need to alter this option.

+

+ +7.2.3.14 queueresume command

+This configuration option specifies a command that tells Samba how to resume a paused print queue, as opposed to resuming a single job on the print queue. The default value depends on the printing type chosen. You should not need to alter this option.

+
+
+
+ + +
+ +Previous: 7.1 Sending Print Jobs to Samba + + + +Next: 7.3 Name Resolution with Samba
+7.1 Sending Print Jobs to Samba + +Book Index +7.3 Name Resolution with Samba
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch07_03.html b/docs/htmldocs/using_samba/ch07_03.html new file mode 100644 index 00000000000..56a531681ca --- /dev/null +++ b/docs/htmldocs/using_samba/ch07_03.html @@ -0,0 +1,404 @@ + + + +[Chapter 7] 7.3 Name Resolution with Samba + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 7.2 Printing to Windows Client Printers + + + +Chapter 7
+Printing and Name Resolution		 + +Next: 8. Additional Samba Information
 
+ +
+
+

+ +7.3 Name Resolution with Samba

Before NetBIOS Name Servers (NBNS) came about, name resolution worked entirely by broadcast. If you needed a machine's address, you simply broadcast its name across the network and, in theory, the machine itself would reply. This approach is still possible: anyone looking for a machine named +fred can still broadcast a query and find out if it exists and what its IP address is. (We use this capability to troubleshoot Samba name services with the +nmblookup command in Chapter 9, Troubleshooting Samba.)

+As you saw in the first chapter, however, broadcasting - whether it be browsing or name registration and resolution - does not pass easily across multiple subnets. In addition, many broadcasts tend to bog down networks. To solve this problem, Microsoft now provides the Windows Internet Naming Service (WINS), a cross-subnet NBNS, which Samba supports. With it, an administrator can designate a single machine to act as a WINS server, and can then provide each client that requires name resolution the address of the WINS server. Consequently, name registration and resolution requests can be directed to a single machine from any point on the network, instead of broadcast.

+WINS and broadcasting are not the only means of name resolution, however. There are actually four mechanisms that can be used with Samba:

    +
  • +

    + +WINS

  • +

    + +Broadcasting

  • +

    + +Unix +/etc/hosts or NIS/NIS+ matches

  • +

    + + +LMHOSTS file

+Samba can use any or all of these name resolution methods in the order that you specify in the Samba configuration file using the +name +resolve +order parameter. However, before delving into configuration options, let's discuss the one that you've probably not encountered before: the +LMHOSTS file.

+

+ +7.3.1 The LMHOSTS File

+ +LMHOSTS is the standard LAN Manager +hosts file used to resolve names into IP addresses on the system. It is the NBT equivalent of the +/etc/hosts file that is standard on all Unix systems. By default, the file is usually stored as +/usr/local/samba/lib/LMHOSTS and shares a format similar to +/etc/hosts. For example:

+192.168.220.100    hydra
+192.168.220.101    phoenix

+The only difference is that the names on the right side of the entries are NetBIOS names instead of DNS names. Because they are NetBIOS names, you can assign resource types to them as well:

+192.168.220.100    hydra#20
+192.168.220.100    simple#1b
+192.168.220.101    phoenix#20

+Here, we've assigned the +hydra machine to be the primary domain controller of the +SIMPLE domain, as indicated by the resource type <1B> assigned to the name after +hydra's IP address in the second line. The other two are standard workstations.

+If you wish to place an +LMHOSTS file somewhere other than the default location, you will need to notify the +nmbd process upon start up, as follows:

+nmbd -H /etc/samba/lmhosts -D
+

+ +7.3.2 Setting Up Samba to Use Another WINS Server

You can set up Samba to use a WINS server somewhere else on the network by simply pointing it to the IP address of the WINS server. This is done with the global +wins +server configuration option, as shown here:

+[global]
+	wins server = 192.168.200.122

+With this option enabled, Samba will direct all WINS requests to the server at 192.168.200.122. Note that because the request is directed at a single machine, we don't have to worry about any of the problems inherent to broadcasting. However, though you have specified an IP address for a WINS server in the configuration file, Samba will not necessarily use the WINS server before other forms of name resolution. The order in which Samba attempts various name-resolution techniques is given with the +name +resolve +order configuration option, which we will discuss shortly.

+If you have a Samba server on a subnet that still uses broadcasting and the Samba server knows the correct location of a WINS server on another subnet, you can configure the Samba server to forward any name resolution requests with the +wins +proxy option:

+[global]
+	wins server = 192.168.200.12
+	wins proxy = yes

+Use this only in situations where the WINS server resides on another subnet. Otherwise, the broadcast will reach the WINS server regardless of any proxying.

+

+ +7.3.3 Setting Up Samba as a WINS Server

You can set up Samba as a WINS server by setting two global options in the configuration file, as shown below:

+[global]
+	wins support = yes
+	name resolve order = wins lmhosts hosts bcast

+The +wins +support option turns Samba into a WINS server. Believe it or not, that's all you need to do! Samba handles the rest of the details behind the scenes, leaving you a relaxed administrator. The +wins +support=yes and the +wins +server option are mutually exclusive; you cannot simultaneously offer Samba as the WINS server and point to another system as the server.

+If Samba is acting as a WINS server, you should probably get familiar with the +name +resolve +order option mentioned earlier. This option tells Samba the order of methods in which it tries to resolve a NetBIOS name. It can take up to four values:

+
+lmhosts
+

+Uses a LAN Manager +LMHOSTS file

+hosts
+

+Uses the standard name resolution methods of the Unix system, +/etc/hosts, DNS, NIS, or a combination (as configured for the system)

+wins
+

+Uses the WINS server

+bcast
+

+Uses a broadcast method

+The order in which you specify them in the value is the order in which Samba will attempt name resolution when acting as a WINS server. For example, let's look at the value specified previously:

+name resolve order = wins lmhosts hosts bcast

+This means that Samba will attempt to use its WINS entries first for name resolution, followed by the LAN Manager +LMHOSTS file on its system. Next, the hosts value causes it to use Unix name resolution methods. The word +hosts may be misleading; it covers not only the +/etc/hosts file, but also the use of DNS or NIS (as configured on the Unix host). Finally, if those three do not work, it will use a broadcast to try to locate the correct machine.

+Finally, you can instruct a Samba server that is acting as a WINS server to check with the system's DNS server if a requested host cannot be found in its WINS database. With a typical Linux system, for example, you can find the IP address of the DNS server by searching the +/etc/resolv.conf file. In it, you might see an entry such as the following:

+nameserver 127.0.0.1
+nameserver 192.168.200.192

+This tells us that a DNS server is located at 192.168.220.192. (The 127.0.0.1 is the localhost address and is never a valid DNS server address.)

+Use the global +dns +proxy option to alert Samba to use the configured DNS server:

+[global]
+	wins support = yes
+	name resolve order = wins lmhosts hosts bcast
+	dns proxy = yes
+

+ +7.3.4 Name Resolution Configuration Options

Samba's WINS options are shown in +Table 7.5.


+ + + + + + + + + + + + +
+ +Table 7.5: WINS Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +wins support

 +

+boolean

 +

+If set to +yes, Samba will act as a WINS server.

 +

+ +no

 +

+Global

+

+ +wins server

 +

+string (IP address or DNS name)

 +

+Identifies a WINS server for Samba to use for name registration and resolution.

 +

+None

 +

+Global

+

+ +wins proxy

 +

+boolean

 +

+Allows Samba to act as a proxy to a WINS server on another subnet.

 +

+ +no

 +

+Global

+

+ +dns proxy

 +

+boolean

 +

+If set to +yes, a Samba WINS server will search DNS if it cannot find a name in WINS.

 +

+ +no

 +

+Global

+

+ +name resolve order

 +

+ +lmhosts, +hosts, +wins, or +bcast

 +

+Specifies an order of the methods used to resolve NetBIOS names.

 +

+ +lmhosts hosts wins bcast

 +

+Global

+

+ +max ttl

 +

+numerical

 +

+Specifies the maximum time-to-live in seconds for a requested NetBIOS names.

 +

+ +259200 (3 days)

 +

+Global

+

+ +max wins ttl

 +

+numerical

 +

+Specifies the maximum time-to-live in seconds for NetBIOS names given out by Samba as a WINS server.

 +

+ +518400 (6 days)

 +

+Global

+

+ +min wins ttl

 +

+numerical

 +

+Specifies the minimum time-to-live in seconds for NetBIOS names given out by Samba as a WINS server.

 +

+ +21600 (6 hours)

 +

+Global

+

+ +7.3.4.1 wins support

+Samba will provide WINS name service to all machines in the network if you set the following in the +[global] section of the +smb.conf file:

+[global]
+    wins support = yes

+The default value is +no, which is typically used to allow another Windows NT server to become a WINS server. If you do enable this option, remember that a Samba WINS server currently cannot exchange data with any backup WINS servers. If activated, this option is mutually exclusive with the +wins +server parameter; you cannot set both to +yes at the same time or Samba will flag an error.

+

+ +7.3.4.2 wins server

+Samba will use an existing WINS server on the network if you specify the +wins +server global option in your configuration file. The value of this option is either the IP address or DNS name (not NetBIOS name) of the WINS server. For example:

+[global]
+    wins server = 192.168.220.110

+or:

+[global]
+    wins server = wins.example.com

+In order for this option to work, the +wins +support option must be set to +no (the default). Otherwise, Samba will report an error. You can specify only one WINS server using this option.

+

+ +7.3.4.3 wins proxy

+This option allows Samba to act as a proxy to another WINS server, and thus relay name registration and resolution requests from itself to the real WINS server, often outside the current subnet. The WINS server can be indicated through the +wins +server option. The proxy will then return the WINS response back to the client. You can enable this option by specifying the following in the +[global] section:

+[global]
+    wins proxy = yes
+

+ +7.3.4.4 dns proxy

+If you want the domain name service (DNS) to be used if a name isn't found in WINS, you can set the following option:

+[global]
+    dns proxy = yes

+This will cause +nmbd to query for machine names using the server's standard domain name service. You may wish to deactivate this option if you do not have a permanent connection to your DNS server. Despite this option, we recommend using a WINS server. If you don't already have any WINS servers on your network, make one Samba machine a WINS server. Do not, however, make two Samba machines WINS servers (one primary and one backup) as they currently cannot exchange WINS databases.

+

+ +7.3.4.5 name resolve order

+The global +name +resolve +order option specifies the order of services that Samba will use in attempting name resolution. The default order is to use the +LMHOSTS file, followed by standard Unix name resolution methods (some combination of +/etc/hosts, DNS, and NIS), then query a WINS server, and finally use broadcasting to determine the address of a NetBIOS name. You can override this option by specifying something like the following:

+[global]
+    name resolve order = lmhosts wins hosts bcast

+This causes resolution to use the +LMHOSTS file first, followed by a query to a WINS server, the system password file, and finally broadcasting. You need not use all four options if you don't want to. This option is covered in more detail in the section +Section 7.3.3, Setting Up Samba as a WINS Server, earlier in this chapter.

+

+ +7.3.4.6 max ttl

+This option gives the maximum time to live (TTL) during which a NetBIOS name registered with the Samba server will remain active. You should never need to alter this value.

+

+ +7.3.4.7 max wins ttl

+This option give the maximum time to live (TTL) during which a NetBIOS name resolved from a WINS server will remain active. You should never need to change this value from its default.

+

+ +7.3.4.8 min wins ttl

+This option give the minimum time to live (TTL) during which a NetBIOS name resolved from a WINS server will remain active. You should never need to alter this value from its default.

+
+
+
+ + +
+ +Previous: 7.2 Printing to Windows Client Printers + + + +Next: 8. Additional Samba Information
+7.2 Printing to Windows Client Printers + +Book Index +8. Additional Samba Information
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_01.html b/docs/htmldocs/using_samba/ch08_01.html new file mode 100644 index 00000000000..a6767271b62 --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_01.html @@ -0,0 +1,267 @@ + + + +[Chapter 8] Additional Samba Information + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 7.3 Name Resolution with Samba + + +Chapter 8 + +Next: 8.2 Magic Scripts
 
+ +
+
+

+ +8. Additional Samba Information

+

+ +Contents:
+ +Supporting Programmers
+ +Magic Scripts
+ +Internationalization
+ +WinPopup Messages
+ +Recently Added Options
+ +Miscellaneous Options
+ +Backups with smbtar

+

+This chapter wraps up our coverage of the +smb.conf configuration file with some miscellaneous options that can perform a variety of tasks. We will talk briefly about options for supporting programmers, internationalization, messages, and common Windows bugs. For the most part, you will use these options only in isolated circumstances. We also cover performing automated backups with the +smbtar command at the end of this chapter. So without further ado, let's jump into our first subject: options to help programmers.

+

+ + +8.1 Supporting Programmers

If you have programmers accessing your Samba server, you'll want to be aware of the special options listed in +Table 8.1.


+ + + + + + + + + +
+ +Table 8.1: Programming Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +time server

 +

+boolean

 +

+If +yes, +nmbd announces itself as a SMB time service to Windows clients.

 +

+ +no

 +

+Global

+

+ +time offset

 +

+numerical (number of minutes)

 +

+Adds a specified number of minutes to the reported time.

 +

+ +0

 +

+Global

+

+ +dos filetimes

 +

+boolean

 +

+Allows non-owners of a file to change its time if they can write to it.

 +

+ +no

 +

+Share

+

+ +dos filetime

+ +resolution

 +

+boolean

 +

+Causes file times to be rounded to the next even second.

 +

+ +no

 +

+Share

+

+ +fake directory create times

 +

+boolean

 +

+Sets directory times to avoid a MS +nmake bug.

 +

+ +no

 +

+Share

+

+ +8.1.1 Time Synchronization

Time synchronization can be very important to programmers. Consider the following options:

+time service = yes
+dos filetimes = yes
+fake directory create times = yes
+dos filetime resolution = yes
+delete readonly = yes

+If you set these options, Samba shares will provide the kind of compatible file times that Visual C++, +nmake, and other Microsoft programming tools require. Otherwise, PC +make programs will tend to think that all the files in a directory need to be recompiled every time. Obviously, this is not the behavior you want.

+

+ +8.1.1.1 time server

+If your Samba server has an accurate clock, or if it's a client of one of the Unix network time servers, you can instruct it to advertise itself as an SMB time server by setting the +time +server option as follows:

+[global]
+	time service = yes

+The client will still have to request the correct time with the following DOS command, substituting the Samba server name in at the appropriate point:

+C:\NET TIME \\server /YES /SET

+This command can be placed in a Windows logon script (see Chapter 6, Users, Security, and Domains ).

+By default, the +time +server option is normally set to +no. If you turn this service on, you can use the command above to keep the client clocks from drifting. Time synchronization is important to clients using programs such as +make, which compile based on the last time the file was changed. Incorrectly synchronized times can cause such programs to either remake all files in a directory, which wastes time, or not recompile a source file that was just modified because of a slight clock drift.

+

+ +8.1.1.2 time offset

+To deal with clients that don't process daylight savings time properly, Samba provides the +time +offset option. If set, it adds the specified number of minutes to the current time. This is handy if you're in Newfoundland and Windows doesn't know about the 30-minute time difference there:

+[global]
+	time offset = 30
+

+ +8.1.1.3 dos filetimes

+Traditionally, only the root user and the owner of a file can change its last-modified date on a Unix system. The share-level +dos +filetimes option allows the Samba server to mimic the characteristics of a DOS/Windows machine: any user can change the last modified date on a file in that share if he or she has write permission to it. In order to do this, Samba uses its root privileges to modify the timestamp on the file.

+By default, this option is disabled. Setting this option to +yes is often necessary to allow PC +make programs to work properly. Without it, they cannot change the last-modified date themselves. This often results in the program thinking +all files need recompiling when they really don't.

+

+ +8.1.1.4 dos filetime resolution

+ +dos +filetime +resolution is share-level option. If set to +yes, Samba will arrange to have the file times rounded to the closest two-second boundary. This option exists primarily to satisfy a quirk in Windows that prevents Visual C++ from correctly recognizing that a file has not changed. You can enable it as follows:

+[data]
+	dos filetime resolution = yes

+We recommend using this option only if you are using Microsoft Visual C++ on a Samba share that supports opportunistic locking.

+

+ +8.1.1.5 fake directory create times

+The +fake +directory +create +times option exists to keep PC +make programs sane. VFAT and NTFS filesystems record the creation date of a specific directory while Unix does not. Without this option, Samba takes the earliest recorded date it has for the directory (often the last-modified date of a file) and returns it to the client. If this is not sufficient, set the following option under a share definition:

+[data]
+	fake directory create times = yes

+If set, Samba will adjust the directory create time it reports to the hardcoded value January 1st, 1980. This is primarily used to convince the Visual C++ +nmake program that any object files in its build directories are indeed younger than the creation date of the directory itself and need to be recompiled.

+
+
+
+ + +
+ +Previous: 7.3 Name Resolution with Samba + + + +Next: 8.2 Magic Scripts
7.3 Name Resolution with Samba + +Book Index +8.2 Magic Scripts
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_02.html b/docs/htmldocs/using_samba/ch08_02.html new file mode 100644 index 00000000000..54b24800711 --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_02.html @@ -0,0 +1,156 @@ + + + +[Chapter 8] 8.2 Magic Scripts + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.1 Supporting Programmers + + + +Chapter 8
+Additional Samba Information 		+ +Next: 8.3 Internationalization
 
+ +
+
+

+ +8.2 Magic Scripts

The following options deal with +magic scripts on the Samba server. Magic scripts are a method of running programs on Unix and redirecting the output back to the SMB client. These are essentially an experimental hack. However, some users and their programs still rely on these two options for their programs to function correctly. Magic scripts are not widely trusted and their use is highly discouraged by the Samba team. See +Table 8.2 for more information.


+ + + + + + +
+ +Table 8.2: Networking Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +magic script

 +

string (fully-qualified filename)

 +

+Sets the name of a file to be executed by Samba, as the logged-on user, when closed.

 +

+None

 +

+Share

+

+ +magic output

 +

+string (fully-qualified filename)

 +

+Sets a file to log output from the magic file.

 +

+ +scriptname.out

 +

+Share

+

+ +8.2.1 magic script

+If the +magic +script option is set to a filename and the client creates a file by that name in that share, Samba will run the file as soon as the user has opened and closed it. For example, let's assume that the following option was created in the share +[accounting]:

+[accounting]
+	magic script = tally.sh

+Samba continually monitors the files in that share. If one by the name of +tally.sh is closed (after being opened) by a user, Samba will execute the contents of that file locally. The file will be passed to the shell to execute; it must therefore be a legal Unix shell script. This means that it must have newline characters as line endings instead of Windows CR/LFs. In addition, it helps if you use the +#! directive at the beginning of the file to indicate under which shell the script should run.

+

+ +8.2.2 magic output

+This option specifies an output file that the script specified by the +magic +script option will send output to. You must specify a filename in a writable directory:

+[accounting]
+	magic script = tally.sh
+	magic output = /var/log/magicoutput

+If this option is omitted, the default output file is the name of the script (as stated in the +magic +script option) with the extension +.out appended onto it.

+
+
+
+ + +
+ +Previous: 8.1 Supporting Programmers + + + +Next: 8.3 Internationalization
+8.1 Supporting Programmers + +Book Index +8.3 Internationalization
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_03.html b/docs/htmldocs/using_samba/ch08_03.html new file mode 100644 index 00000000000..9e2f60c4328 --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_03.html @@ -0,0 +1,472 @@ + + + +[Chapter 8] 8.3 Internationalization + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.2 Magic Scripts + + + +Chapter 8
+Additional Samba Information 		+ +Next: 8.4 WinPopup Messages
 
+ +
+
+

+ +8.3 Internationalization

Samba has a limited ability to speak foreign tongues: if you need to deal with characters that aren't in standard ASCII, some options that can help you are shown in +Table 8.3. Otherwise, you can skip over this section.


+ + + + + + + + +
+ +Table 8.3: Networking Configuration Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +client code page

 +

+Described in this section

 +

+Sets a code page to expect from clients

 +

+850

 +

+Global

+

+ +character set

 +

+Described in this section

 +

+Translates code pages into alternate UNIX character sets

 +

+None

 +

+Global

+

+ +coding system

 +

+Described in this section

 +

+Translates code page 932 into an Asian character set

 +

+None

 +

+Global

+

+ +valid chars

 +

+string (set of characters)

 +

+Obsolete: formerly added individual characters to a code page, and had to be used after setting client code page

 +

+None

 +

+Global

+

+ +8.3.1 client code page

+The character sets on Windows platforms hark back to the original concept of a +code page. These code pages are used by DOS and Windows clients to determine rules for mapping lowercase letters to uppercase letters. Samba can be instructed to use a variety of code pages through the use of the global +client +code +page option in order to match the corresponding code page in use on the client. This option loads a code-page definition file, and can take the values specified in +Table 8.4.


+ + + + + + + + + + + + + + +
+ +Table 8.4: Valid Code Pages with Samba 2.0
+

+Code Page

 +

+Definition

+

+ +437

 +

MS-DOS Latin (United States)

+

+ +737

 +

+Windows 95 Greek

+

+ +850

 +

+MS-DOS Latin 1 (Western European)

+

+ +852

 +

+MS-DOS Latin 2 (Eastern European)

+

+ +861

 +

+MS-DOS Icelandic

+

+ +866

 +

+MS-DOS Cyrillic (Russian)

+

+ +932

 +

+MS-DOS Japanese Shift-JIS

+

+ +936

 +

+MS-DOS Simplified Chinese

+

+ +949

 +

+MS-DOS Korean Hangul

+

+ +950

 +

+MS-DOS Traditional Chinese

+You can set the client code page as follows:

+[global]
+	client code page = 852

+The default value of this option is 850. You can use the +make_smbcodepage tool that comes with Samba (by default in +/usr/local/samba/bin) to create your own SMB code pages, in the event that those listed earlier are not sufficient.

+

+ +8.3.2 character set

+The global +character +set option can be used to convert filenames offered through a DOS code page (see the previous section, +Section 8.3.1, client code page) to equivalents that can be represented by Unix character sets other than those in the United States. For example, if you want to convert the Western European MS-DOS character set on the client to a Western European Unix character set on the server, you can use the following in your configuration file:

+[global]
+	client code page = 850
+	character set = ISO8859-1

+Note that you must include a +client +code +page option to specify the character set from which you are converting. The valid character sets (and their matching code pages) that Samba 2.0 accepts are listed in +Table 8.5:


+ + + + + + + + +
+ +Table 8.5: Valid Character Sets with Samba 2.0
+

+Character Set

 +

+Matching Code Page

 +

+Definition

+

+ +ISO8859-1

 +

+ +850

 +

Western European Unix

+

+ +ISO8859-2

 +

+ +852

 +

+Eastern European Unix

+

+ +ISO8859-5

 +

+ +866

 +

+Russian Cyrillic Unix

+

+ +KOI8-R

 +

+ +866

 +

+Alternate Russian Cyrillic Unix

+Normally, the +character +set option is disabled completely.

+

+ +8.3.3 coding system

+The +coding +system option is similar to the +character +set option. However, its purpose is to determine how to convert a Japanese Shift JIS code page into an appropriate Unix character set. In order to use this option, the +client +code +page option described previously must be set to page 932. The valid coding systems that Samba 2.0 accepts are listed in +Table 8.6.


+ + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Table 8.6: Valid Coding System Parameters with Samba 2.0
+

+Character Set

 +

+Definition

+

+ +SJIS

 +

Standard Shift JIS

+

+ +JIS8

 +

+Eight-bit JIS codes

+

+ +J8BB

 +

+Eight-bit JIS codes

+

+ +J8BH

 +

+Eight-bit JIS codes

+

+ +J8@B

 +

+Eight-bit JIS codes

+

+ +J8@J

 +

+Eight-bit JIS codes

+

+ +J8@H

 +

+Eight-bit JIS codes

+

+ +JIS7

 +

+Seven-bit JIS codes

+

+ +J7BB

 +

+Seven-bit JIS codes

+

+ +J7BH

 +

+Seven-bit JIS codes

+

+ +J7@B

 +

+Seven-bit JIS codes

+

+ +J7@J

 +

+Seven-bit JIS codes

+

+ +J7@H

 +

+Seven-bit JIS codes

+

+ +JUNET

 +

+JUNET codes

+

+ +JUBB

 +

+JUNET codes

+

+ +JUBH

 +

+JUNET codes

+

+ +JU@B

 +

+JUNET codes

+

+ +JU@J

 +

+JUNET codes

+

+ +JU@H

 +

+JUNET codes

+

+ +EUC

 +

+EUC codes

+

+ +HEX

 +

+Three-byte hexidecimal code

+

+ +CAP

 +

+Three-byte hexidecimal code (Columbia Appletalk Program)

+

+ +8.3.4 valid chars

+The +valid +chars option is an older Samba feature that will add individual characters to a code page. However, this option is being phased out in favor of more modern coding systems. You can use this option as follows:

+valid chars = Î
+valid chars = 0450:0420 0x0A20:0x0A00
+valid chars = A:a

+Each of the characters in the list specified should be separated by spaces. If there is a colon between two characters or their numerical equivalents, the data to the left of the colon is considered an uppercase character, while the data to the right is considered the lowercase character. You can represent characters both by literals (if you can type them) and by octal, hexidecimal, or decimal Unicode equivalents.

+We recommend against using this option. Instead, go with one of the standard code pages listed earlier in this section. If you do use this option, however, it must be listed after the +client +code +page to which you wish to add the character. Otherwise, the characters will not be added.

+
+
+
+ + +
+ +Previous: 8.2 Magic Scripts + + + +Next: 8.4 WinPopup Messages
8.2 Magic Scripts + +Book Index +8.4 WinPopup Messages
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_04.html b/docs/htmldocs/using_samba/ch08_04.html new file mode 100644 index 00000000000..d45ce31474a --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_04.html @@ -0,0 +1,168 @@ + + + +[Chapter 8] 8.4 WinPopup Messages + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.3 Internationalization + + + +Chapter 8
+Additional Samba Information 		+ +Next: 8.5 Recently Added Options
 
+ +
+
+

+ +8.4 WinPopup Messages

You can use the WinPopup tool (WINPOPUP.EXE) in Windows to send messages to users, machines, or entire workgroups on the network. This tool is provided with Windows 95 OSR2 and comes standard with Windows 98. With either Windows 95 or 98, however, you need to be running WinPopup to receive and send WinPopup messages. With Windows NT, you can still receive messages without starting such a tool; they will automatically appear in a small dialog box on the screen when received. The WinPopup application is shown in +Figure 8.1.

+ +Figure 8.1: The WinPopup application

Figure 8.1

+Samba has a single WinPopup messaging option, +message +command, as shown in +Table 8.7.


+ + + + + +
+ +Table 8.7: WinPopup Configuration Option
+

+Option

 +

+Parameter

 +

+Function

 +

+Default

 +

+Scope

+

+ +message command

 +

string (fully-qualified pathname)

 +

+Sets a command to run on Unix when a WinPopup message is received.

 +

+None

 +

+Global

+

+ +8.4.1 message command

+Samba's +message +command option sets the path to a program that will run on the server when a Windows popup message arrives at the server. The command will be executed using the +guest +account user. What to do with one of these is questionable since it's probably for the Samba administrator, and Samba doesn't know his or her name. If you know there's a human using the console, the Samba team once suggested the following:

+[global]
+	message command = /bin/csh -c 'xedit %s; rm %s' &

+Note the use of variables here. The +%s variable will become the file that the message is in. This file should be deleted when the command is finished with it; otherwise, there will be a buildup of pop-up files collecting on the Samba server. In addition, the command must fork its own process (note the & after the command); otherwise the client may suspend and wait for notification that the command was sent successfully before continuing.

+In addition to the standard variables, +Table 8.8 shows the three unique variables that you can use in a +message +command.


+ + + + + + + +
+ +Table 8.8: Message Command Variables
+

+Variable

 +

+Definition

+

+ +%s

 +

+The name of the file in which the message resides

+

+ +%f

 +

+The name of the client that sent the message

+

+ +%t

 +

+The name of the machine that is the destination of the message

+
+
+
+ + +
+ +Previous: 8.3 Internationalization + + + +Next: 8.5 Recently Added Options
+8.3 Internationalization + +Book Index +8.5 Recently Added Options
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_05.html b/docs/htmldocs/using_samba/ch08_05.html new file mode 100644 index 00000000000..90fa20a8cda --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_05.html @@ -0,0 +1,396 @@ + + + +[Chapter 8] 8.5 Recently Added Options + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.4 WinPopup Messages + + + +Chapter 8
+Additional Samba Information 		+ +Next: 8.6 Miscellaneous Options
 
+ +
+
+

+ + + 8.5 Recently Added +Options

Samba has several options that appeared +around the time of Samba 2.0, but either were not entirely supported or were +in the process of being developed. With Samba 2.0.7, several more were +introduced. We will give you a brief overview of their workings in this +section. These options are shown in + + +Table 8.9.


+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
+ +Table 8.9: Recently Added Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +change notify timeout

 +

+numerical (number of seconds)

 +

+Sets the interval between checks when a client asks to wait for a change in a specified directory.

 +

+ +60

 +

+Global

+

+ +machine password timeout

 +

+numerical (number of seconds)

 +

+Sets the renewal interval for NT domain machine passwords.

 +

+ +604,800 (1 week)

 +

+Global

+

+ +stat cache

 +

+boolean

 +

+If +yes, Samba will cache recent name mappings.

 +

+ +yes

 +

+Global

+

+ +stat cache size

 +

+numerical

 +

+Sets the size of the stat cache.

 +

+ +50

 +

+Global

+

+ +utmp

 +

+boolean

 +

+Turns on logging of Samba users in the utmp file. Requires --with-utmp.

+

+ +no

 +

+Share

+

+ +utmp dir

 +

+string (pathname)

 +

+Sets the directory where Samba expects to find the utmp/utmpx file.

 +

+ +None

 +

+Share

+

+ +inherit permissions

 +

+boolean

 +

+Sets the permissions of newly created directories to the same as their parent.

 +

+ +no

 +

+Share

+

+ +write cache size

 +

+numerical (bytes)

 +

+Sets the size of a write cache (buffer) used for oplocked files.

 +

+ +0

 +

+Share

+

+ +source environment

 +

+string (pathname)

 +

+Sets a file to read environment variable from.

 +

+ +None

 +

+Global

+

+ +min password length

 +

+numerical (number of characters)

 +

+Sets the minimum length of a new password which Samba will try to update the password file with .

 +

+ +5

 +

+Global

+

+ +netbios scope

 +

+string

 +

+Sets the NetBIOS scope.

 +

+ +None

 +

+Global

+ +
+

+ +8.5.1 change notify timeout

+The +change +notify +timeout global option emulates a Windows NT SMB feature called +change notification. This allows a client to request that a Windows NT server periodically monitor a specific directory on a share for any changes. If any changes occur, the server will notify the client.

+As of version 2.0, Samba will perform this function for its clients. However, performing these checks too often can slow the server down considerably. This option sets the time period that Samba should wait between such checks. The default is one minute (60 seconds); however, you can use this option to specify an alternate time that Samba should wait between performing checks:

+[global]
+	change notify timeout = 30
+

+ +8.5.2 machine password timeout

+The +machine +password +timeout global option sets a retention period for NT domain machine passwords. The default is currently set to the same time period that Windows NT 4.0 uses: 604,800 seconds (one week). Samba will periodically attempt to change the +machine account password, which is a password used specifically by another server to report changes to it. This option specifies the number of seconds that Samba should wait before attempting to change that password. The following example changes it to a single day, by specifying the following:

+[global]
+	machine password timeout = 86400
+

+ +8.5.3 stat cache

+The +stat +cache global option turns on caching of recent case-insensitive name mappings. The default is +yes. The Samba team recommends that you never change this parameter.

+

+ +8.5.4 stat cache size

The +stat +cache +size global option sets the size of the cache entries to be used for the +stat +cache option. The default here is 50. Again, the Samba team recommends that you never change this parameter.

+ +=== + +

+8.5.5 utmp

+

If you specified +--with-utmp when configuring, this option will turn on utmp logging +of users: they will appear in the utmp file and you will be able to see if +they are on with last(1). It defaults to no.

+ +

+8.5.6 utmp dir

+

+If utmp is set, the utmp dir option will change the directory Samba +looks in for the utmp files. If it is not set, the default system +location will be used.

+ +

+8.5.7 inherit permissions

+

+This option causes new files and directories to be created with +the same permissions as the directory they're in. For example, +subdirectories will inherit setgid bits from their parents. +This option will override the create +mask, directory mask, force create mode and +force directory mode options, but not the +map archive, map hidden and map system +options. It will never set the setuid bit. +This option defaults to off.

+ +

+8.5.8 write cache size

+

The write cache size +share option sets the size of a cache used by Samba while +writing oplocked files. The files will be written in cachesize +blocks, so you can tune Samba's write size to the optimum size for +your filesystem or RAID disk array.

+ +

The caching applies to the first 10 files opened with oplocks if set, +and defaults to zero (off) initially.

+ +

As with all caching schemes, data that hasn't been written +will be lost if the system crashes.

+ +

+8.5.9 source environment

+

+This options specifies a file of environment variables that Samba +will read on startup. The variables set in this +files can then be used in smb.conf files as $%name. For example, +HOME=/home/sofia in the environment file could be used in a smb.conf +file as "path = "$HOME"

+ +

If the pathname begins with a "|" (pipe) symbol, Samba will attempt +to run it and read its standard output.

+ +

+8.5.10 min password length

+

This option sets the minimum length, in characters, +of a plain text password that Samba will accept when performing UNIX +password changing. This is used to tell Samba about system-defined +minimums, so it can return an appropriate error to the client.

+ + +

+8.5.11 netbios scope

+

+This sets the NetBIOS scope that Samba will operate under: Samba +will not communicate with any machine with a different scope. +This should not be set unless every machine on your LAN also sets +this value. It was a predecessor to workgroups, and the Samba +team recommends against using it.

+ + + +
+ +
+
+ + +
+ +Previous: 8.4 WinPopup Messages + + + +Next: 8.6 Miscellaneous Options
+8.4 WinPopup Messages + +Book Index +8.6 Miscellaneous Options
+ + + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_06.html b/docs/htmldocs/using_samba/ch08_06.html new file mode 100644 index 00000000000..97e4e3c9767 --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_06.html @@ -0,0 +1,509 @@ + + + +[Chapter 8] 8.6 Miscellaneous Options + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.5 Recently Added Options + + + +Chapter 8
+Additional Samba Information 		+ +Next: 8.7 Backups with smbtar
 
+ +
+
+

+ +8.6 Miscellaneous Options

Many Samba options are present to deal with operating system issues on either Unix or Windows. The options shown in +Table 8.10 deal specifically with some of these known problems. We usually don't change these and we recommend the same to you.


+ + + + + + + + + + + + + + + + + + + + + + +
+ +Table 8.10: Miscellaneous Options
+

+Option

 +

+Parameters

 +

+Function

 +

+Default

 +

+Scope

+

+ +deadtime

 +

numerical (number of minutes)

 +

+Specifies the number of minutes of inactivity before a connection should be terminated.

 +

+ +0

 +

+Global

+

+ +dfree command

 +

+string (command)

 +

+Used to provide a command that returns disk free space in a format recognized by Samba.

 +

+None

 +

+Global

+

+ +fstype

 +

+ +NTFS, +FAT, or +Samba

 +

+Sets the filesystem type reported by the server to the client.

 +

+ +NTFS

 +

+Global

+

+ +keep alive

 +

+seconds

 +

+Sets the number of seconds between checks for an inoperative client.

 +

+0 (none)

 +

+Global

+

+ +max disk size

 +

+numerical (size in MB)

 +

+Sets the largest disk size to return to a client, some of which have limits. Does not affect actual operations on the disk.

 +

+0 (infinity)

 +

+Global

+

+ +max mux

 +

+numerical

 +

+Sets the maximum number of simultaneous SMB operations that clients may make.

 +

+ +50

 +

+Global

+

+ +max open files

 +

+numerical

 +

+Limits number of open files to be below Unix limits.

 +

+ +10,000

 +

+Global

+

+ +max xmit

 +

+numerical

 +

+Specifies the maximum packet size that Samba will send.

 +

+ +65,535

 +

+Global

+

+ +nt pipe support

 +

+boolean

 +

+Turns off an experimental NT feature, for benchmarking or in case of an error.

 +

+ +yes

 +

+Global

+

+ +nt smb support

 +

+boolean

 +

+Turns off an experimental NT feature, for benchmarking or in case of an error.

 +

+ +yes

 +

+Global

+

+ +ole locking compatib-ility

 +

+boolean

 +

+Remaps out-of-range lock requests used on Windows to fit in allowable range on Unix. Turning it off causes Unix lock errors.

 +

+ +yes

 +

+Global

+

+ +panic action

 +

+command

 +

+Program to run if Samba server fails; for debugging.

 +

+None

 +

+Global

+

+ +set directory

 +

+boolean

 +

+If +yes, allows VMS clients to issue +set +dir commands.

 +

+ +no

 +

+Global

+

+ +smbrun

 +

+string (fully-qualified command)

 +

+Sets the command Samba uses as a wrapper for shell commands.

 +

+None

 +

+Global

+

+ +status

 +

+boolean

 +

+If +yes, allows Samba to monitor status for +smbstatus command.

 +

+ +yes

 +

+Global

+

+ +strict sync

 +

+boolean

 +

+If +no, ignores Windows applications requests to perform a sync-to-disk.

 +

+ +no

 +

+Global

+

+ +sync always

 +

+boolean

 +

+If +yes, forces all client writes to be committed to disk before returning from the call.

 +

+ +no

 +

+Global

+

+ +strip dot

 +

+boolean

 +

+If +yes, strips trailing dots from Unix filenames.

+

+ +no

 +

+Global

+

+ +8.6.1 deadtime

+This global option sets the number of minutes that Samba will wait for an inactive client before closing its session with the Samba server. A client is considered inactive when it has no open files and there is no data being sent from it. The default value for this option is 0, which means that Samba never closes any connections no matter how long they have been inactive. You can override it as follows:

+[global]
+	deadtime = 10

+This tells Samba to terminate any inactive client sessions after 10 minutes. For most networks, setting this option as such will work because reconnections from the client are generally performed transparently to the user.

+

+ +8.6.2 dfree command

This global option is used on systems that incorrectly determine the free space left on the disk. So far, the only confirmed system that needs this option set is Ultrix. There is no default value for this option, which means that Samba already knows how to compute the free disk space on its own and the results are considered reliable. You can override it as follows:

+[global]
+	dfree command = /usr/local/bin/dfree

+This option should point to a script that should return the total disk space in a block, and the number of available blocks. The Samba documentation recommends the following as a usable script:

+#!/bin/sh
+df $1 | tail -1 | awk '{print $2" "$4}'

+On System V machines, the following will work:

+#!/bin/sh
+/usr/bin/df $1 | tail -1 | awk '{print $3" "$5}'
+

+ +8.6.3 fstype

+This share-level option sets the type of filesystem that Samba reports when queried by the client. There are three strings that can be used as a value to this configuration option, as listed in +Table 8.11.


+ + + + + + + +
+ +Table 8.11: Filesystem Types
+

+Variable

 +

+Definition

+

+NTFS

 +

Microsoft Windows NT filesystem

+

+FAT

 +

+DOS FAT filesystem

+

+Samba

 +

+Samba filesystem

+The default value for this option is +NTFS, which represents a Windows NT filesystem. There probably isn't a need to specify any other type of filesystem. However, if you need to, you can override it per share as follows:

+[data]
+	fstype = FAT
+

+ +8.6.4 keep alive

This global option specifies the number of seconds that Samba waits between sending NetBIOS +keep-alive packets. These packets are used to ping a client to detect whether it is still alive and on the network. The default value for this option is +0, which means that Samba will not send any such packets at all. You can override it as follows:

+[global]
+	keep alive = 10
+

+ +8.6.5 max disk size

This global option specifies an illusory limit, in megabytes, for each of the shares that Samba is using. You would typically set this option to prevent clients with older operating systems from incorrectly processing large disk spaces, such as those over one gigabyte.

+The default value for this option is +0, which means there is no upper limit at all. You can override it as follows:

+[global]
+	max disk size = 1000
+

+ +8.6.6 max mux

This global option specifies the maximum number of concurrent SMB operations that Samba allows. The default value for this option is +50. You can override it as follows:

+[global]
+	max mux = 100
+

+ +8.6.7 max open files

This global option specifies the maximum number of open files that Samba should allow at any given time for all processes. This value must be equal to or less than the amount allowed by the operating system, which varies from system to system. The default value for this option is +10,000. You can override it as follows:

+[global]
+	max open files = 8000
+

+ +8.6.8 max xmit

This global option sets the maximum size of packets that Samba exchanges with a client. In some cases, setting a smaller maximum packet size can increase performance, especially with Windows for Workgroups. The default value for this option is +65535. You can override it as follows:

+[global]
+	max xmit = 4096

+ +The section Section B.2.2.6, The TCP receive window in Appendix B, +Samba Performance Tuning, + +shows some uses for this option.

+

+ +8.6.9 nt pipe support

This global option is used by developers to allow or disallow Windows NT clients the ability to make connections to the NT SMB-specific IPC$ pipes. As a user, you should never need to override the default:

+[global]
+	nt pipe support = yes
+

+ +8.6.10 nt smb support

This global option is used by developers to negotiate NT-specific SMB options with Windows NT clients. The Samba team has discovered that slightly better performance comes from setting this value to +no. However, as a user, you should probably not override the default:

+[global]
+	nt smb support = yes
+

+ +8.6.11 ole locking compatibility

+This global option turns off Samba's internal byte-range locking manipulation in files, which gives compatibility with Object Linking and Embedding (OLE) applications that use high byte-range locks as a method of interprocess communication. The default value for this option is +yes. If you trust your Unix locking mechanisms, you can override it as follows:

+[global]
+	ole locking compatibility = no
+

+ +8.6.12 panic action

This global option specifies a command to execute in the event that Samba itself encounters a fatal error when loading or running. There is no default value for this option. You can specify an action as follows:

+[global]
+	panic action = /bin/csh -c
+          'xedit < "Samba has shutdown unexpectedly!'
+

+ +8.6.13 set directory

+This boolean share-level option allows Digital Pathworks clients to use the +setdir command to change directories on the server. If you are not using the Digital Pathworks client, you should not need to alter this option. The default value for this option is +no. You can override it per share as follows:

+[data]
+	set directory = yes
+

+ +8.6.14 smbrun

+This option sets the location of the +smbrun executable, which Samba uses as a wrapper to run shell commands. The default value for this option is automatically configured by Samba when it is compiled. If you did not install Samba to the standard directory, you can specify where the binary is as follows:

+[global]
+	smbrun = /usr/local/bin/smbrun
+

+ +8.6.15 status

+This global option indicates whether Samba should log all active connections to a status file. This file is used only by the +smbstatus command. If you have no intentions of using this command, you can set this option to +no, which can result in a small increase of speed on the server. The default value for this option is +yes. You can override it as follows:

+[global]
+	status = no
+

+ +8.6.16 strict sync

+This share-level option determines whether Samba honors all requests to perform a disk sync when requested to do so by a client. Many clients request a disk sync when they are really just trying to flush data to their own open files. As a result, this can substantially slow a Samba server down. The default value for this option is +no. You can override it as follows:

+[data]
+	strict sync = yes
+

+ +8.6.17 sync always

+This share-level option decides whether every write to disk should be followed by a disk synchronization before the write call returns control to the client. Even if the value of this option is +no, clients can request a disk synchronization; see the +strict +sync option above. The default value for this option is +no. You can override it per share as follows:

+[data]
+	sync always = yes
+

+ +8.6.18 strip dot

+This global option determines whether to remove the trailing dot from Unix filenames that are formatted with a dot at the end. The default value for this option is +no. You can override it per share as follows:

+[global]
+	strip dot = yes

+This option is now considered obsolete; the user should use the +mangled +map option insead.

+
+
+
+ + +
+ +Previous: 8.5 Recently Added Options + + + +Next: 8.7 Backups with smbtar
+8.5 Recently Added Options + +Book Index +8.7 Backups with smbtar
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch08_07.html b/docs/htmldocs/using_samba/ch08_07.html new file mode 100644 index 00000000000..c0aa0837020 --- /dev/null +++ b/docs/htmldocs/using_samba/ch08_07.html @@ -0,0 +1,143 @@ + + + +[Chapter 8] 8.7 Backups with smbtar + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.6 Miscellaneous Options + + + +Chapter 8
+Additional Samba Information 		+ +Next: 9. Troubleshooting Samba
 
+ +
+
+

+ +8.7 Backups with smbtar

Our final topic in this chapter is the +smbtar tool. One common problem with modem PCs is that floppies and even CD-ROMs are often too small to use for backups. However, buying one tape drive per machine would also be silly. Consequently, many sites don't back up their PCs at all. Instead, they reinstall them using floppy disks and CD-ROMs when they fail.

+Thankfully, Samba provides us with another option: you can back up PCs' data using the +smbtar tool. This can be done on a regular basis if you keep user data on your Samba system, or only occasionally, to save the local applications and configuration files and thus make repairs and reinstallations quicker.

+To back up PCs from a Unix server, you need to do three things:

    +
  1. +

    + +Ensure that File and Printer Sharing is installed on the PC and is bound to the TCP/IP protocol.

  2. +

    + +Explicitly share a disk on the PC so it can be read from the server.

  3. +

    + +Set up the backup scripts on the server.

+We'll use Windows 95/98 to illustrate the first two steps. Go to the Networking icon in the Control Panel window, and check that File and Printer Sharing for Microsoft Networks is currently listed in the top window, as shown in +Figure 8.2.

+ +Figure 8.2: The Networking window

Figure 8.2

+If "File and printer sharing for Microsoft Networks" isn't installed, you can install it by clicking on the Add button on the Network panel. After pressing it, you will be asked what service to add. Select Service and move forward, and you will be asked for a vendor and a service to install. Finally, select "File and printer sharing for Microsoft Networks," and click on Done to install the service.

+Once you've installed "File and printer sharing for Microsoft Networks," return to the Network panel and select the TCP/IP protocol that is tied to your Samba network adapter. Then, click on the Properties button and choose the Bindings tab at the top. You should see a dialog box similar to +Figure 8.3. Here, you'll need to verify that the "File and Printer Sharing" checkbox is checked, giving it access to TCP/IP. At this point you can share disks with other machines on the net.

+ +Figure 8.3: TCP/IP Bindings

Figure 8.3

+The next step is to share the disk you want to back up with the tape server. Go to My Computer and select, for example, the My Documents directory. Then right-click on the icon and select its Properties. This should yield the dialog box in +Figure 8.4.

+ +Figure 8.4: My Documents Properties

Figure 8.4

+Select the Sharing tab and turn file sharing on. You now have the choice to share the disk as read-only, read-write (Full), or either, each with separate password. This is the Windows 95/98 version, so it provides only share-level security. In this example, we made it read/write and set a password, as shown in +Figure 8.5. When you enter the password and click on OK, you'll be prompted to re-enter it. After that, you have finished the second step.

+ +Figure 8.5: MyFiles Properties as shared

Figure 8.5

+Finally, the last step is to set up a backup script on the tape server, using the +smbtar program. The simplest script might contain only a single line and would be something like the following:

+smbtar -s client -t /dev/rst0 -x "My Documents" -p password

+This unconditionally backs up the +//client/My Documents share to the device +/dev/rst0. Of course, this is excessively simple and quite insecure. What you will want to do will depend on your existing backup scheme.

+However, to whet your appetite, here are some possibilities of what +smbtar can do:

    +
  • +

    + +Back up files incrementally using the DOS archive bit (the +-i option). This requires the client share to be accessed read-write so the bit can be cleared by +smbtar

  • +

    + +Back up only files that have changed since a specified date (using the +-N + +filename option)

  • +

    + +Back up entire PC drives, by sharing all of C: or D:, for example, and backing that up

+Except for the first example, each of these can be done with the PC sharing set to read-only, reducing the security risk of having passwords in scripts and passing them on the command line.

+
+
+
+ + +
+ +Previous: 8.6 Miscellaneous Options + + + +Next: 9. Troubleshooting Samba
+8.6 Miscellaneous Options + +Book Index +9. Troubleshooting Samba
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch09_01.html b/docs/htmldocs/using_samba/ch09_01.html new file mode 100644 index 00000000000..8dc0e80bc56 --- /dev/null +++ b/docs/htmldocs/using_samba/ch09_01.html @@ -0,0 +1,397 @@ + + + +[Chapter 9] Troubleshooting Samba + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 8.7 Backups with smbtar + + +Chapter 9 + +Next: 9.2 The Fault Tree
 
+ +
+
+

+ +9. Troubleshooting Samba

+

+ +Contents:
+ +The Tool Bag
+ +The Fault Tree
+ +Extra Resources

+

Samba is extremely robust. Once you've got everything set up the way you want, you'll probably forget that it is running. When trouble occurs, it's typically during installation or when you're trying to add something new to the server. Fortunately, there are a wide variety of resources that you can use to diagnose these troubles. While we can't describe in detail the solution to every problem that you might encounter, you should be able to get a good start at a resolution by following the advice given in this chapter.

+The first section of the chapter lists the tool bag, a collection of tools available for troubleshooting Samba; the second section is a detailed how-to, and the last section lists extra resources you may need to track down particularly stubborn problems.

+

+ + +9.1 The Tool Bag

Sometimes Unix seems to be made up of a handful of applications and tools. There are tools to troubleshoot tools. And of course, there are several ways to accomplish the same task. When you are trying to solve a problem related to Samba, a good plan of attack is to check the following:

    +
  1. +

    + +Samba logs

  2. +

    + +Fault tree

  3. +

    + +Unix utilities

  4. +

    + +Samba test utilities

  5. +

    + +Documentation and FAQs

  6. +

    + +Searchable archives

  7. +

    + +Samba newsgroups

+Let's go over each of these one by one in the following sections.

+

+ +9.1.1 Samba Logs

Your first line of attack should always be to check the log files. The Samba log files can help diagnose the vast majority of the problems that beginning to intermediate Samba administrators are likely to face. Samba is quite flexible when it comes to logging. You can set up the server to log as little or as much as you want. Substitution variables that allow you to isolate individual logs for each machine, share, or combination thereof.

+By default, logs are placed in + +samba_directory +/var/smbd.log and + +samba_directory +/var/nmbd.log, where +samba_directory is the location where Samba was installed (typically, +/usr/local/samba). As we mentioned in Chapter 4, Disk Shares, you can override the location and name using the +log +file configuration option in +smb.conf. This option accepts all of the substitution variables mentioned in Chapter 2, Installing Samba on a Unix System, so you could easily have the server keep a separate log for each connecting client by specifying the following in the +[global] section of +smb.conf:

+log file = %m.log

+Alternatively, you can specify a log directory to use with the +-l flag on the command line. For example:

+smbd -l /usr/local/var/samba

+Another useful trick is to have the server keep a log for each service (share) that is offered, especially if you suspect a particular share is causing trouble. Use the +%S variable to set this up in the +[global] section of the configuration file:

+log file = %S.log
+

+ +9.1.1.1 Log levels

The level of logging that Samba uses can be set in the +smb.conf file using the global +log +level or +debug +level option; they are equivalent. The logging level is an integer which ranges from 0 (no logging), and increases the logging to voluminous by +log +level += +3. For example, let's assume that we are going to use a Windows client to browse a directory on a Samba server. For a small amount of log information, you can use +log +level += +1, which instructs Samba to show only cursory information, in this case only the connection itself: 

+105/25/98 22:02:11 server (192.168.236.86) connect to service public as user pcguest (uid=503,gid=100) (pid 3377)

+Higher debug levels produce more detailed information. Usually you won't need any more than level 3; this is more than adequate for most Samba administrators. Levels above 3 are for use by the developers and dump enormous amounts of cryptic information.

+Here is example output at levels 2 and 3 for the same operation. Don't worry if you don't understand the intricacies of an SMB connection; the point is simply to show you what types of information are shown at the different logging levels: 

+ /* Level 2 */
+Got SIGHUP
+Processing section "[homes]"
+Processing section "[public]"
+Processing section "[temp]"
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC/
+
+
+/* Level 3 */
+05/25/98 22:15:09 Transaction 63 of length 67
+switch message SMBtconX (pid 3377)
+Allowed connection from 192.168.236.86 (192.168.236.86) to IPC$
+ACCEPTED: guest account and guest ok
+found free connection number 105
+Connect path is /tmp
+chdir to /tmp
+chdir to /
+05/25/98 22:15:09 server (192.168.236.86) connect to service IPC$ as user pcguest (uid=503,gid=100) (pid 3377)
+05/25/98 22:15:09 tconX service=ipc$ user=pcguest cnum=105
+05/25/98 22:15:09 Transaction 64 of length 99
+switch message SMBtrans (pid 3377)
+chdir to /tmp
+trans <\PIPE\LANMAN> data=0 params=19 setup=0
+Got API command 0 of form <WrLeh> <B13BWz> (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
+Doing RNetShareEnum
+RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
+05/25/98 22:15:11 Transaction 65 of length 99
+switch message SMBtrans (pid 3377)
+chdir to /
+chdir to /tmp
+trans <\PIPE\LANMAN> data=0 params=19 setup=0
+Got API command 0 of form <WrLeh> <B13BWz> (tdscnt=0,tpscnt=19,mdrcnt=4096,mprcnt=8)
+Doing RNetShareEnum
+RNetShareEnum gave 4 entries of 4 (1 4096 126 4096)
+05/25/98 22:15:11 Transaction 66 of length 95
+switch message SMBtrans2 (pid 3377)
+chdir to /
+chdir to /pcdisk/public
+call_trans2findfirst: dirtype = 0, maxentries = 6, close_after_first=0, close_if_end = 0 requires_resume_key = 0 level = 260, max_data_bytes = 2432
+unix_clean_name [./DESKTOP.INI]
+unix_clean_name [desktop.ini]
+unix_clean_name [./]
+creating new dirptr 1 for path ./, expect_close = 1
+05/25/98 22:15:11 Transaction 67 of length 53
+switch message SMBgetatr (pid 3377)
+chdir to /
+
+[...]

+We cut off this listing after the first packet because it runs on for many pages. However, you should be aware that log levels above 3 will quickly fill your disk with megabytes of excruciating detail concerning Samba internal operations. Log level 3 is extremely useful for following exactly what the server is doing, and most of the time it will be obvious where an error is occurring by glancing through the log file.

+A word of warning: using a high log level (3 or above) will +seriously slow down the Samba server. Remember that every log message generated causes a write to disk (an inherently slow operation) and log levels greater than 2 produce massive amounts of data. Essentially, you should turn on logging level 3 only when you're actively tracking a problem in the Samba server.

+

+9.1.1.2 Activating and deactivating logging

To turn logging on and off, set the appropriate level in the +[global] section of +smb.conf. Then, you can either restart Samba, or force the current daemon to reprocess the configuration file. You also can send the +smbd process a SIGUSR1 signal to increase its log level by one while it's running, and a SIGUSR2 signal to decrease it by one:

+# Increase the logging level by 1
+kill -SIGUSR1 1234
+
+# Decrease the logging level by 1
+kill -SIGUSR2 1234
+

+ +9.1.1.3 Logging by individual client machines or users

An effective way to diagnose problems without hampering other users is to assign different log levels for different machines in +[global] section of the +smb.conf file. We can do this by building on the strategy we presented earlier:

+[global]
+	log level = 0
+	log file = /usr/local/samba/lib/log.%m
+	include = /usr/local/samba/lib/smb.conf.%m

+These options instruct Samba to use unique configuration and log files for each client that connects. Now all you have to do is create an +smb.conf file for a specific client machine with a +log +level += +3 entry in it (the others will pick up the default log level of 0) and use that log file to track down the problem.

+Similarly, if only particular users are experiencing a problem, and it travels from machine to machine with them, you can isolate logging to a specific user by adding the following to the +smb.conf file:

+[global]
+	log level = 0
+	log file = /usr/local/samba/lib/log.%u
+	include = /usr/local/samba/lib/smb.conf.%u

+Then you can create a unique +smb.conf file for each user (e.g., +/usr/local/samba/lib/smb.conf.tim) files containing the configuration option +log +level += +3 and only those users will get more detailed logging.

+

+9.1.2 Samba Test Utilities

A rigorous set of tests that exercise the major parts of Samba are described in various files in the +/docs/textdocs directory of the Samba distribution kit, starting with +DIAGNOSIS.TXT. The fault tree in this chapter is a more detailed version of the basic tests suggested by the Samba team, but covers only installation and reconfiguration diagnosis, like +DIAGNOSIS.TXT. The other files in the +/docs subdirectoryies address specific problems (such as Windows NT clients) and instruct you how to troubleshoot items not included in this book. If the fault tree doesn't suffice, be sure to look at +DIAGNOSIS.TXT and its friends.

+

+ +9.1.3 Unix Utilities

Sometimes it's useful to use a tool outside of the Samba suite to examine what's happening inside the server. Unix has always been a "kitchen-sink" operating system. Two diagnostic tools can be of particular help in debugging Samba troubles: +trace and +tcpdump.

+

+ +9.1.3.1 Using trace

+The +trace command masquerades under several different names, depending on the operating system that you are using. On Linux it will be +strace, on Solaris you'll use +truss, and SGI will have +padc and +par. All have essentially the same function, which is to display each operating system function call as it is executed. This allows you to follow the execution of a program, such as the Samba server, and will often pinpoint the exact call that is causing the difficulty.

+One problem that +trace can highlight is the location of an incorrect version of a dynamically linked library. This can happen if you've downloaded prebuilt binaries of Samba. You'll typically see the offending call at the end of the +trace, just before the program terminates.

+A sample +strace output for the Linux operating system follows. This is a small section of a larger file created during the opening of a directory on the Samba server. Each line is a system-call name, and includes its parameters and the return value. If there was an error, the error value (e.g., +ENOENT) and its explanation are also shown. You can look up the parameter types and the errors that can occur in the appropriate +trace manual page for the operating system that you are using.

+chdir("/pcdisk/public")                 = 0
+stat("mini/desktop.ini", 0xbffff7ec)    = -1 ENOENT (No such file or directory)
+stat("mini", {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
+stat("mini/desktop.ini", 0xbffff7ec)    = -1 ENOENT (No such file or directory)
+open("mini", O_RDONLY)                  = 5
+fcntl(5, F_SETFD, FD_CLOEXEC)           = 0
+fstat(5, {st_mode=S_IFDIR|0755, st_size=1024, ...}) = 0
+lseek(5, 0, SEEK_CUR)                   = 0
+SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 196
+lseek(5, 0, SEEK_CUR)                   = 1024
+SYS_141(0x5, 0xbfffdbbc, 0xedc, 0xbfffdbbc, 0x80ba708) = 0
+close(5)                                = 0
+stat("mini/desktop.ini", 0xbffff86c)    = -1 ENOENT (No such file or directory)
+write(3, "\0\0\0#\377SMB\10\1\0\2\0\200\1\0"..., 39) = 39
+SYS_142(0xff, 0xbffffc3c, 0, 0, 0xbffffc08) = 1
+read(3, "\0\0\0?", 4)                   = 4
+read(3, "\377SMBu\0\0\0\0\0\0\0\0\0\0\0\0"..., 63) = 63
+time(NULL)                              = 896143871

+This example shows several +stat calls failing to find the files they were expecting. You don't have to be a expert to see that the file +desktop.ini is missing from that directory. In fact, many difficult problems can be identified by looking for obvious, repeatable errors with +trace. Often, you need not look farther than the last message before a crash.

+

+ +9.1.3.2 Using tcpdump

+The +tcpdump program, written by Van Jacobson, Craig Leres, and Steven McCanne, and extended by Andrew Tridgell, allows you to monitor network traffic in real time. A variety of output formats are available and you can filter the output to look at only a particular type of traffic. The +tcpdump program lets you examine all conversations between client and server, including SMB and NMB broadcast messages. While its troubleshooting capabilities lie mainly at the OSI network layer, you can still use its output to get a general idea of what the server and client are attempting to accomplish.

+A sample +tcpdump log follows. In this instance, the client has requested a directory listing and the server has responded appropriately, giving the directory names +homes, +public, +IPC$, and +temp (we've added a few explanations on the right):

$ tcpdump -v -s 255 -i eth0 port not telnet
+SMB PACKET: SMBtrans (REQUEST)	                        
+
+Request packet
+SMB Command   =  0x25                                 
+
+Request was ls or dir.
+
+[000] 01 00 00 10                                     ....
+
+
+>>> NBT Packet                                                                 
+
+Outer frame of SMB packet
+NBT Session Packet
+Flags=0x0
+Length=226
+[lines skipped]
+                         
+SMB PACKET: SMBtrans (REPLY)	                           
+
+Beginning of a reply to  request 
+SMB Command   =  0x25			                                  
+
+Command was an ls or dir
+Error class   =  0x0			 
+Error code    =  0                                                                    
+
+No errors
+Flags1        =  0x80
+Flags2        =  0x1
+Tree ID       =  105
+Proc ID       =  6075
+UID           =  100
+MID           =  30337
+Word Count    =  10
+TotParamCnt=8 
+TotDataCnt=163 
+Res1=0
+ParamCnt=8 
+ParamOff=55 
+Res2=0 
+DataCnt=163 
+DataOff=63 
+Res3=0
+Lsetup=0
+Param Data: (8 bytes)
+[000] 00 00 00 00 05 00 05 00                           ........ 
+
+Data Data: (135 bytes)                                                        
+
+			Actual directory contents:
+[000] 68 6F 6D 65 73 00 00 00  00 00 00 00 00 00 00 00  homes... ........
+[010] 64 00 00 00 70 75 62 6C  69 63 00 00 00 00 00 00  d...publ ic......
+[020] 00 00 00 00 75 00 00 00  74 65 6D 70 00 00 00 00  ....u... temp....
+[030] 00 00 00 00 00 00 00 00  76 00 00 00 49 50 43 24  ........ v...IPC$
+[040] 00 00 00 00 00 00 00 00  00 00 03 00 77 00 00 00  ........ ....w...
+[050] 64 6F 6E 68 61 6D 00 00  00 00 00 00 00 00 00 00  donham.. ........
+[060] 92 00 00 00 48 6F 6D 65  20 44 69 72 65 63 74 6F  ....Home  Directo
+[070] 72 69 65 73 00 00 00 49  50 43 20 53 65 72 76 69  ries...I PC Servi
+[080] 63 65 20 28 53 61 6D                              ce (Sam

+This is more of the same debugging session as with the +trace command; the listing of a directory. The options we used were +-v (verbose), +-i +eth0 to tell +tcpdump the interface to listen on (an Ethernet port), and +-s +255 to tell it to save the first 255 bytes of each packet instead of the default: the first 68. The option +port +not +telnet is used to avoid screens of telnet traffic, since we were logged in to the server remotely. The +tcpdump program actually has quite a number of options to filter just the traffic you want to look at. If you've used +snoop or +etherdump, they'll look vaguely familiar.

+You can download the modified +tcpdump from the Samba FTP server at +ftp://samba.anu.edu.au/pub/samba/tcpdump-smb. Other versions don't include support for the SMB protocol; if you don't see output such as that shown in the example, you'll need to + use the SMB-enabled version.

+
+
+
+ + +
+ +Previous: 8.7 Backups with smbtar + + + +Next: 9.2 The Fault Tree
8.7 Backups with smbtar + +Book Index +9.2 The Fault Tree
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch09_02.html b/docs/htmldocs/using_samba/ch09_02.html new file mode 100644 index 00000000000..e4c740fe278 --- /dev/null +++ b/docs/htmldocs/using_samba/ch09_02.html @@ -0,0 +1,1772 @@ + + + +[Chapter 9] 9.2 The Fault Tree + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 9.1 The Tool Bag + + + +Chapter 9
+Troubleshooting Samba		 + +Next: 9.3 Extra Resources
 
+ +
+
+

+ +9.2 The Fault Tree

The fault tree is for diagnosing and fixing problems that occur when you're installing and reconfiguring Samba. It's an expanded form of a trouble and diagnostic document that is part of the Samba distribution.

Before you set out to troubleshoot any part of the Samba suite, you should know the following information:

    +
  • +

    + + Your client IP address (we use 192.168.236.10)

  • +

    + + Your server IP address (we use 192.168.236.86)

  • +

    + + The netmask for your network (typically 255.255.255.0)

  • +

    + + Whether the machines are all on the same subnet (ours are)

+For clarity, we've renamed the server in the following examples to +server.example.com, and the client machine to +client.example.com.

+

+ +9.2.1 How to use the fault tree

Start the tests here, without skipping forward; it won't take long (about five minutes) and may actually save you time backtracking. Whenever a test succeeds, you will be given a section name and page number to which you can safely skip.

+

+ +9.2.2 Troubleshooting Low-level IP

The first series of tests is that of the low-level services that Samba needs in order to run. The tests in this section will verify that:

    +
  • +

    + + The IP software works

  • +

    + + The Ethernet hardware works

  • +

    + + Basic name service is in place

+Subsequent sections will add TCP software, the Samba daemons +smbd and +nmbd, host-based access control, authentication and per-user access control, file services, and browsing. The tests are described in considerable detail in order to make them understandable by both technically oriented end users and experienced systems and network administrators.

+

+ +9.2.2.1 Testing the networking software with ping

+The first command to enter on both the server and the client is +ping 127.0.0.1. This is the +loopback +address and testing it will indicate whether any networking support is functioning at all. On Unix, you can use +ping +127.0.0.1 with the statistics option and interrupt it after a few lines. On Sun workstations, the command is typically +/usr/etc/ping +-s +127.0.0.1; on Linux, just +ping +127.0.0.1. On Windows clients, run +ping +127.0.0.1 in an MS-DOS window and it will stop by itself after four lines.

+Here is an example on a Linux server:

server% ping 127.0.0.1 
+
+PING localhost: 56 data bytes 64 bytes from localhost (127.0.0.1): 
+icmp-seq=0. time=1. ms 64 bytes from localhost (127.0.0.1): 
+icmp-seq=1. time=0. ms 64 bytes from localhost (127.0.0.1): 
+icmp-seq=2. time=1. ms ^C 
+----127.0.0.1 PING Statistics---- 
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
+min/avg/max = 0/0/1

+If you get "ping: no answer from..." or "100% packet loss," you have no IP networking at all installed on the machine. The address +127.0.0.1 is the internal loopback address and doesn't depend on the computer being physically connected to a network. If this test fails, you have a serious local problem. TCP/IP either isn't installed or is seriously misconfigured. See your operating system documentation if it is a Unix server. If it is a Windows client, follow the instructions in Chapter 3, Configuring Windows Clients, to install networking support.

+If +you're the network manager, some good references are Craig Hunt's +TCP/IP Network Administration, Chapter 11, and Craig Hunt & Robert Bruce Thompson's new book, +Windows NT TCP/IP Network Administration, both published by O'Reilly.

+

+ +9.2.2.2 Testing local name services with ping

Next, try to ping +localhost on the Samba server. +localhost is the conventional hostname for the 127.0.0.1 loopback, and it should resolve to that address. After typing +ping +localhost, you should see output similar to the following:

server% ping localhost  
+
+PING localhost: 56 data bytes  64 bytes from localhost (127.0.0.1):
+icmp-seq=0. time=0. ms  64 bytes from localhost (127.0.0.1): 
+icmp-seq=1. time=0. ms  64 bytes from localhost (127.0.0.1): 
+icmp-seq=2. time=0. ms  ^C

+If this succeeds, try the same test on the client. Otherwise:

    +
  • +

    + +If you get "unknown host: localhost," there is a problem resolving the host name localhost into a valid IP address. (This may be as simple as a missing entry in a local +hosts file.) From here, skip down to the section +Section 9.2.8, Troubleshooting Name Services.

  • +

    + +If you get "ping: no answer," or "100% packet loss," but pinging 127.0.0.1 worked, then name services is resolving to an address, but it isn't the correct one. Check the file or database (typically +/etc/hosts on a Unix system) that the name service is using to resolve addresses to ensure that the entry is corrected.

+

+ +9.2.2.3 Testing the networking hardware with ping

Next, ping the server's network IP address from itself. This should get you exactly the same results as pinging 127.0.0.1:

server% ping 192.168.236.86 
+
+PING 192.168.236.86: 56 data bytes 64 bytes from 192.168.236.86 (192.168.236.86): 
+icmp-seq=0. time=1. ms 64 bytes from 192.168.236.86 (192.168.236.86): 
+icmp-seq=1. time=0. ms 64 bytes from 192.168.236.86 (192.168.236.86): 
+icmp-seq=2. time=1. ms ^C 
+----192.168.236.86 PING Statistics---- 
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
+min/avg/max = 0/0/1

+If this works on the server, repeat it for the client. Otherwise:

    +
  • +

    + +If +ping + +network_ip fails on either the server or client, but ping 127.0.0.1 works on that machine, you have a TCP/IP problem that is specific to the Ethernet network interface card on the computer. Check with the documentation for the network card or the host operating system to determine how to correctly configure it. However, be aware that on some operating systems, the +ping command appears to work even if the network is disconnected, so this test doesn't always diagnose all hardware problems.

+

+ +9.2.2.4 Testing connections with ping

Now, ping the server by name (instead of its IP address), once from the server and once from the client. This is the general test for working network hardware:

server% ping server 
+
+PING server.example.com: 56 data bytes 64 bytes from server.example.com (192.168.236.86): 
+icmp-seq=0. time=1. ms 64 bytes from server.example.com (192.168.236.86): 
+icmp-seq=1. time=0. ms 64 bytes from server.example.com (192.168.236.86): 
+icmp-seq=2. time=1. ms ^C 
+----server.example.com PING Statistics---- 
+3 packets transmitted, 3 packets received, 0% packet loss round-trip (ms)  
+min/avg/max = 0/0/1

+On Microsoft Windows, a ping of the server would look like +Figure 9.1.

+ +Figure 9.1: Pinging the Samba server from a Windows client

Figure 9.1

+If successful, this test tells us five things:

    +
  1. +

    + +The hostname (e.g., "server") is being found by your local nameserver.

  2. +

    + +The hostname has been expanded to the full name (e.g., ).

  3. +

    + +Its address is being returned (192.168.236.86).

  4. +

    + +The client has sent the Samba server four 56-byte UDP/IP packets.

  5. +

    + +The Samba server has replied to all four packets.

+If this test isn't successful, there can be one of several things wrong with the network:

    +
  • +

    + +First, if you get "ping: no answer," or "100% packet loss," you're not connecting to the network, the other machine isn't connecting, or one of the addresses is incorrect. Check the addresses that the +ping command reports on each machine, and ensure that they match the ones you set up initially.

    +If not, there is at least one mismatched address between the two machines. Try entering the command +arp +-a, and see if there is an entry for the other machine. The +arp command stands for the Address Resolution Protocol. The +arp +-a command lists all the addresses known on the local machine. Here are some things to try:

  • +

    + +If you receive a message like "192.168.236.86 at (incomplete)," the Ethernet address of 192.168.236.86 is unknown. This indicates a complete lack of connectivity, and you're likely having a problem at the very bottom of the TCP/IP Network Administration protocol stack, at the Ethernet-interface layer. This is discussed in Chapters 5 and 6 of +TCP/IP Network Administration (O'Reilly).

  • +

    + +If you receive a response similar to "server (192.168.236.86) at 8:0:20:12:7c:94," then the server has been reached at some time, or another machine is answering on its behalf. However, this means that +ping should have worked: you may have an intermittent networking or ARP problem.

  • +

    + +If the IP address from ARP doesn't match the addresses you expected, investigate and correct the addresses manually.

  • +

    + +If each machine can ping itself but not another, something is wrong on the network between them.

  • +

    + +If you get "ping: network unreachable" or "ICMP Host Unreachable," then you're not receiving an answer and there is likely more than one network involved.

    +In principle, you shouldn't try to troubleshoot SMB clients and servers on different networks. Try to test a server and client on the same network. The three tests that follow assume you might be testing between two networks:

  • +

    + +First, perform the tests for no answer described earlier in this section. If this doesn't identify the problem, the remaining possibilities are the following: an address is wrong, your netmask is wrong, a network is down, or just possibly you've been stopped by a firewall.

  • +

    + +Check both the address and the netmasks on source and destination machines to see if something is obviously wrong. Assuming both machines really are on the same network, they both should have the same netmasks and +ping should report the correct addresses. If the addresses are wrong, you'll need to correct them. If they're right, the programs may be confused by an incorrect netmask. See +Section 9.2.9.1, Netmasks, later in this chapter.

  • +

    + +If the commands are still reporting that the network is unreachable and neither of the previous two conditions is in error, one network really may be unreachable from the other. This, too, is a network manager issue.

  • +

    + +If you get "ICMP Administratively Prohibited," you've struck a firewall of some sort or a misconfigured router. You will need to speak to your network security officer.

  • +

    + +If you get "ICMP Host redirect," and +ping reports packets getting through, this is generally harmless: you're simply being rerouted over the network.

  • +

    + +If you get a host redirect and no +ping responses, you are being redirected, but no one is responding. Treat this just like the "Network unreachable" response and check your addresses and netmasks.

  • +

    + +If you get "ICMP Host Unreachable from gateway +gateway_name," ping packets are being routed to another network, but the other machine isn't responding and the router is reporting the problem on its behalf. Again, treat this like a "Network unreachable" response and start checking addresses and netmasks.

  • +

    + +If you get "ping: unknown host +hostname," your machine's name is not known. This tends to indicate a name-service problem, which didn't affect +localhost. Have a look at +Section 9.2.8, later in this chapter.

  • +

    + +If you get a partial success, with some pings failing but others succeeding, you either have an intermittent problem between the machines or an overloaded network. Ping for longer, and see if more than about 3 percent of the packets fail. If so, check it with your network manager: a problem may just be starting. However, if only a few fail, or if you happen to know some massive network program is running, don't worry unduly. Ping's ICMP (and UDP) are designed to drop occasional packets.

  • +

    + +If you get a response like "smtsvr.antares.net is alive" when you actually pinged +client.example.com, you're either using someone else's address or the machine has multiple names and addresses. If the address is wrong, name service is clearly the culprit; you'll need to change the address in the name service database to refer to the right machine. This is discussed in +Section 9.2.8, later in this chapter.

    +Server machines are often +multihomed : connected to more than one network, with different names on each net. If you are getting a response from an unexpected name on a multihomed server, look at the address and see if it's on your network (see the section +Section 9.2.9.1, later in this chapter). If so, you should use that address, rather than one on a different network, for both performance and reliability reasons.

    +Servers may also have multiple names for a single Ethernet address, especially if they are web servers. This is harmless, if otherwise startling. You probably will want to use the official (and permanent) name, rather than an alias which may change.

  • +

    + +If everything works, but the IP address reported is 127.0.0.1, you have a name service error. This typically occurs when a operating system installation program generates an +/etc/hosts line similar to +127.0.0.1 +localhost +hostnamedomainname. The localhost line should say +127.0.0.1 +localhost or +127.0.0.1 +localhost +loghost. Correct it, lest it cause failures to negotiate who is the master browse list holder and who is the master browser. It can, also cause (ambiguous) errors in later tests.

+If this worked from the server, repeat it from the client.

+

+9.2.3 Troubleshooting TCP

Now that you've tested IP, UDP, and a name service with +ping, it's time to test TCP. +ping and browsing use ICMP and UDP; file and print services (shares) use TCP. Both depend on IP as a lower layer and all four depend on name services. Testing TCP is most conveniently done using the FTP (file transfer protocol) program.

+

+ +9.2.3.1 Testing TCP with FTP

+Try connecting via FTP, once from the server to itself, and once from the client to the server: 

+server% ftp server
+Connected to server.example.com. 
+220 server.example.com FTP server (Version 6.2/OpenBSD/Linux-0.10) ready.
+ Name (server:davecb): 
+331 Password required for davecb. 
+Password: 
+230 User davecb logged in.
+ ftp> quit 
+221 Goodbye.

+If this worked, skip to the section +Section 9.2.4, Troubleshooting Server Daemons. Otherwise:

    +
  • +

    + +If you received the message "server: unknown host," then nameservice has failed. Go back to the corresponding +ping step, +Section 9.2.2.2, Testing local name services with ping , and rerun those tests to see why name lookup failed.

  • +

    + +If you received "ftp: connect: Connection refused," the machine isn't running an FTP daemon. This is mildly unusual on Unix servers. Optionally, you might try this test by connecting to the machine using telnet instead of FTP; the messages are very similar and telnet uses TCP as well.

  • +

    + +If there was a long pause, then "ftp: connect: Connection timed out," the machine isn't reachable. Return to the section +Section 9.2.2.4, Testing connections with ping.

  • +

    + +If you received "530 Logon Incorrect," you connected successfully, but you've just found a different problem. You likely provided an incorrect username or password. Try again, making sure you use your username from the Unix server and type your password correctly.

+

+ +9.2.4 Troubleshooting Server Daemons

Once you've confirmed that TCP networking is working properly, the next step is to make sure the daemons are running on the server. This takes three separate tests because no single one of the following will decisively prove that they're working correctly.

+To be sure they're running, you need to find out if:

    +
  1. +

    + +The daemon has started

  2. +

    + +The daemons are registered or bound to a TCP/IP port by the operating system

  3. +

    + +They're actually paying attention

+

+ +9.2.4.1 Before you start

+First, check the logs. If you've started the daemons, the message "smbd version +some_number started" should appear. If it doesn't, you will need to restart the Samba daemons.

+If the daemon reports that it has indeed started, look out for "bind failed on port 139 socket_addr=0 (Address already in use)". This means another daemon has been started on port 139 (smbd). Also, +nmbd will report a similar failure if it cannot bind to port 137. Either you've started them twice, or the +inetd server has tried to provide a daemon for you. If it's the latter, we'll diagnose that in a moment.

+

+ +9.2.4.2 Looking for daemon processes with ps

+Next, you need to see if the daemons have been started. Use the +ps command on the server with the +long option for your machine type (commonly +ps +ax or +ps +-ef), and see if you have either +smbd and +nmbd already running. This often looks like the following:

server% ps ax
+
+ PID TTY STAT TIME   COMMAND
+ 1   ?   S    0:03   init [2] 
+ 2   ?   SW   0:00   (kflushd)
+
+(...many lines of processes...) 
+ 234 ?   S    0:14   nmbd -D3
+ 237 ?   S    0:11   smbd -D3
+
+(...more lines, possibly including more smbd lines...)

+This example illustrates that +smbd and +nmbd have already started as stand-alone daemons (the +-D option) at log level 3.

+

+ +9.2.4.3 Looking for daemons bound to ports

+Next, the daemons have to be registered with the operating system so they can get access to TCP/IP ports. The +netstat command will tell you if this has been done. Run the command +netstat +-a on the server, and look for lines mentioning +netbios, +137 or +139:

server% netstat -a 
+
+Active Internet connections (including servers) 
+Proto Recv-Q Send-Q  Local Address          Foreign Address      (state) 
+udp   0      0       *.netbios-             *.* 
+tcp   0      0       *.netbios-             *.*                  LISTEN 
+tcp   8370   8760    server.netbios-        client.1439               
+ESTABLISHED

+or:

server% netstat -a 
+
+Active Internet connections (including servers) 
+Proto Recv-Q Send-Q  Local Address          Foreign Address        (state) 
+udp   0      0       *.137                  *.* 
+tcp   0      0       *.139                  *.*                    LISTEN 
+tcp   8370   8760    server.139             client.1439            ESTABLISHED

+Among many similar lines, there should be at least one UDP line for +*.netbios- or +*.137. This indicates that the +nmbd server is registered and (we hope) is waiting to answer requests. There should also be at least one TCP line mentioning +*.netbios- or +*.139, and it will probably be in the LISTENING state. This means that +smbd is up and listening for connections.

+There may be other TCP lines indicating connections from +smbd to clients, one for each client. These are usually in the ESTABLISHED state. If there are +smbd lines in the ESTABLISHED state, +smbd is definitely running. If there is only one line in the LISTENING state, we're not sure yet. If both of the lines is missing, a daemon has not succeeded in starting, so it's time to check the logs and then go back to Chapter 2.

+If there is a line for each client, it may be coming either from a Samba daemon or from the master IP daemon, +inetd. It's quite possible that your +inetd startup file contains lines that start Samba daemons without your realizing it; for instance, the lines may have been placed there if you installed Samba as part of a Linux distribution. The daemons started by +inetd prevent ours from running. This problem typically produces log messages such as "bind failed on port 139 socket_addr=0 (Address already in use)."

+Check your +/etc/inetd.conf ; unless you're intentionally starting the daemons from there, there +must not be any +netbios-ns (udp port 137) or +netbios-ssn (tcp port 139) servers mentioned there. +inetd is a daemon that provides numerous services, controlled by entries in +/etc/inetd.conf. If your system is providing an SMB daemon via +inetd, there will be lines like the following in the file:

+netbios-ssn stream tcp nowait root /usr/local/samba/bin/smbd smbd
+netbios-ns dgram udp wait root /usr/local/samba/bin/nmbd nmbd
+

+ +9.2.4.4 Checking smbd with telnet

+Ironically, the easiest way to test that the +smbd server is actually working is to send it a meaningless message and see if it rejects it. Try something like the following:

echo hello | telnet localhost 139

+This sends an erroneous but harmless message to +smbd. The +hello message is important. Don't try telneting to the port and typing just anything; you'll probably just hang your process. +hello, however, is generally a harmless message.

server% echo "hello" | telnet localhost 139 
+
+Trying
+Trying 192.168.236.86 ... 
+Connected to localhost. Escape character is '^]'. 
+Connection closed by foreign host.

+If you get a "Connected" message followed by a "Connection closed" message, the test was a success. You have an +smbd daemon listening on the port and rejecting improper connection messages. On the other hand, if you get "telnet: connect: Connection refused," there is probably no daemon present. Check the logs and go back to Chapter 2.

+Regrettably, there isn't an easy test for +nmbd. If the +telnet test and the +netstat test both say that there is an +smbd running, there is a good chance that +netstat will also be correct about +nmbd running.

+

+ +9.2.4.5 Testing daemons with testparm

Once you know there's a daemon, you should always run +testparm, in hopes of getting:

server% testparm 
+
+Load smb config files from /opt/samba/lib/smb.conf
+Processing section "[homes]" 
+Processing section "[printers]" ... 
+Processing section "[tmp]" 
+Loaded services file OK. ...

+The +testparm program normally reports processing a series of sections, and responds with "Loaded services file OK" if it succeeds. If not, it will report one or more of the following messages, which will also appear in the logs as noted:

+
+ +"Allow/Deny connection from account (n) to service"
+

+A +testparm-only message produced if you have valid/invalid user options set in your +smb.conf. You will want to make sure that you are on the valid user list, and that root, bin, etc., are on the invalid user list. If you don't, you will not be able to connect, or folks who shouldn't +will be able to.

+ +"Warning: You have some share names that are longer than eight chars"
+

+For anyone using Windows for Workgroups and older clients. They will fail to connect to shares with long names, producing an overflow message that sounds confusingly like a memory overflow.

+"Warning: [name] service MUST be printable!"
+

+A printer share lacks a +printable += +yes option.

+"No path in service name using [name]"
+

+A file share doesn't know which directory to provide to the user, or a print share doesn't know which directory to use for spooling. If no path is specified, the service will try to run with a path of +/tmp, which may not be what you want.

+"Note: Servicename is flagged unavailable"
+

+Just a reminder that you have used the +available += +no option in a share.

+"Can't find include file [name]"
+

+A configuration file referred to by an +include option did not exist. If you were including the file unconditionally, this is an error and probably a serious one: the share will not have the configuration you intended. If you were including it based one of the +% variables, such as +%a (architecture), you will need to decide if, for example, a missing Windows for Workgroups configuration file is a problem. It often isn't.

+"Can't copy service name, unable to copy to itself"
+

+You tried to copy a +smb.conf section into itself.

+"Unable to copy service - source not found: [name]"
+

+Indicates a missing or misspelled section in a +copy += option.

+"Ignoring unknown parameter name"
+

+Typically indicates an obsolete, misspelled or unsupported option.

+"Global parameter name found in service section"
+

+Indicates a global-only parameter has been used in an individual share. Samba will ignore the parameter.

+After the +testparm test, repeat it with (exactly) three parameters: the name of your +smb.conf file, the name of your client, and its IP address:

testparm samba_directory/lib/smb.conf client 192.168.236.10

+This will run one more test that checks the host name and address against +host +allow and +host +deny options and may produce the "Allow/Deny connection from account account_name" to service message for the client machine. This message indicates you have valid/invalid host options in your +smb.conf, and they prohibit access from the client machine. Entering +testparm +/usr/local/lib/experimental.conf is also an effective way to test an experimental +smb.conf file before putting it into production.

+

+9.2.5 Troubleshooting SMB Connections

Now that you know the servers are up, you need to make sure that they're running properly. We start with the +smb.conf file in the + +samba_directory +/lib directory.

+

+ +9.2.5.1 A minimal smb.conf file

+In the following tests, we assume you have a +[temp] share suitable for testing, plus at least one account. An +smb.conf file that includes just these is:

+[global] 
+    workgroup = 
+
+EXAMPLE 
+    security = user
+    browsable = yes 
+    local master = yes 
+[homes] 
+    guest ok = no 
+    browseble = no
+[temp] 
+    path = /tmp 
+    public = yes

+A word of warning: the +public += +yes option in the +[temp] share is just for testing. You probably don't want people without accounts to be able to store things on your Samba server, so you should comment it out when you're done.

+

+ +9.2.5.2 Testing locally with smbclient

The first test is to ensure the server can list its own services (shares). Run the command +smbclient with a +-L option of +localhost to connect to itself, and a +-U option of just +% to specify the guest user. You should see the following: 

server% smbclient -L localhost -U% 
+Server time is Wed May 27 17:57:40 1998 Timezone is UTC-4.0
+Server=[localhost] 
+User=[davecb] 
+Workgroup=[EXAMPLE] 
+Domain=[EXAMPLE]
+	Sharename      Type      Comment 
+	---------           -----       ----------
+	temp               Disk
+	IPC$               IPC       IPC Service (Samba 1.9.18) 
+	homes            Disk       Home directories
+This machine does not have a browse list

+If you received this output, move on to the next test, +Section 9.2.5.3, Testing connections with smbclient. On the other hand, if you receive an error, check the following:

    +
  • +

    + +If you get "Get_hostbyname: unknown host localhost," either you've spelled its name wrong or there actually is a problem (which should have been seen back in +Section 9.2.2.2) In the latter case, move on to "Troubleshooting Name Services."

  • +

    + +If you get "Connect error: Connection refused," the server machine was found, but it wasn't running an +nmbd daemon. Skip back to +Section 9.2.4, and retest the daemons.

  • +

    + +If you get the message "Your server software is being unfriendly," the initial session request packet got a garbage response from the server. The server may have crashed or started improperly. The common causes of this can be discovered by scanning the logs for:

      +
    • +

      + +Invalid command-line parameters to +smbd; see the +smbd manual page.

    • +

      + +A fatal problem with the +smb.conf file that prevents the startup of +smbd. Always check your changes, as was done in the section +Section 9.2.4.5, Testing daemons with testparm.

    • +

      + +The directories where Samba keeps its log and lock files are missing.

    • +

      + +There is already a server on the port (139 for +smbd, 137 for +nmbd ), preventing it from starting.

  • +

    + +If you're using +inetd instead of stand-alone daemons, check your +/etc/inetd.conf and +/etc/services entries against their manual pages for errors as well.

  • +

    + +If you get a +Password: prompt, your guest account is not set up properly. The +%U option tells +smbclient to do a "null login," which requires that the guest account be present but does not require it to have any privileges.

  • +

    + +If you get the message "SMBtconX failed. ERRSRV - ERRaccess," you aren't permitted access to the server. This normally means you have a +valid +hosts option that doesn't include the server, or an +invalid +hosts option that does. Recheck with the command +testparm +smb.conf + +your_hostname + +your_ip_address (see the section +Section 9.2.4.5) and correct any unintended prohibitions.

+

+ +9.2.5.3 Testing connections with smbclient

Run the command smbclient\\server\temp, which connects to your server's +/tmp share, to see if you can connect to a file service. You should get the following response:

server% smbclient '\\server\temp' 
+
+Server time is Tue May  5 09:49:32 1998 Timezone is UTC-4.0 Password:
+
+smb:\> quit
    +
  • +

    + +If you get "Get_Hostbyname: Unknown host name," "Connect error: Connection refused," or "Your server software is being unfriendly," see the section +Section 9.2.5.2, Testing locally with smbclient for the diagnoses.

  • +

    + +If you get the message "servertemp: Not enough `\' characters in service," you likely didn't quote the address, so Unix stripped off backslashes. You can also write the command:

smbclient \\\\server\\temp

+or: 

smbclient //server/temp

+Now, provide your Unix account password to the +Password prompt. If you then get an +smb\> prompt, it worked. Enter +quit, and continue on to +Section 9.2.5.4, Testing connections with NET USE. If you then get "SMBtconX failed. ERRSRV - ERRinvnetname," the problem can be any of the following:

    +
  • +

    + +A wrong share name: you may have spelled it wrong, it may be too long, it may be in mixed case, or it may not be available. Check that it's what you expect with testparm (see the section +Section 9.2.4.5.)

  • +

    + + +security += +share, in which you may have to add + +-U your_account to the +smbclient command, or know the password of a Unix account named temp.

  • +

    + +An erroneous username.

  • +

    + +An erroneous password.

  • +

    + +An +invalid +users or +valid +users option in your +smb.conf file that doesn't allow your account to connect. Recheck with +testparm +smb.conf + +your_hostname your_ip_address (see +Section 9.2.4.5).

  • +

    + +A +valid +hosts option that doesn't include the server, or an +invalid +hosts option that does. Also test this with +testparm.

  • +

    + +A problem in authentication, such as if shadow passwords or the PAM (Password Authentication Module) is used on the server, but Samba is not compiled to use it. This is rare, but occasionally happens when a SunOS 4 Samba binary (no shadow passwords) is run without recompilation on a Solaris system (with shadow passwords).

  • +

    + +The +encrypted +passwords += +yes option in the configuration file, but no password for your account in the +smbpasswd file.

  • +

    + +You have a null password entry, either in Unix +/etc/passwd or in the +smbpasswd file.

  • +

    + +You are connecting to +[temp], and you do not have the +guest +ok += +yes option in the +[temp] section of the +smb.conf file.

  • +

    + +You are connecting to +[temp] before connecting to your home directory, and your guest account isn't set up correctly. If you can connect to your home directory and then connect to +[temp], that's the problem. See Chapter 2 for more information on creating a basic Samba configuration file.

    +A bad guest account will also prevent you from printing or browsing until after you've logged in to your home directory.

+There is one more reason for this failure that has nothing at all to do with passwords: the +path += line in your +smb.conf file may point somewhere that doesn't exist. This will not be diagnosed by +testparm, and most SMB clients can't tell it from other types of bad user accounts. You will have to check it manually.

+Once you have connected to +[temp] successfully, repeat the test, this time logging in to your home directory (e.g., map network drive + +server +\davecb) looking for failures in doing that. If you have to change anything to get that to work, re-test +[temp] again afterwards.

+

+ +9.2.5.4 Testing connections with NET USE

Run the command +net use * \server\temp on the DOS or Windows client to see if it can connect to the server. You should be prompted for a password, then receive the response "The command was completed successfully," as shown in +Figure 9.2.

+ +Figure 9.2: Results of the NET USE command

Figure 9.2

+If that succeeded, continue with the steps in the section +Section 9.2.5.5, Testing connections with Windows Explorer. Otherwise:

    +
  • +

    + +If you get "The specified shared directory cannot be found," or "Cannot locate specified share name," the directory name is either misspelled or not in the +smb.conf file. This message can also warn of a name in mixed case, including spaces, or is longer than eight characters.

  • +

    + +If you get "The computer name specified in the network path cannot be located," or "Cannot locate specified computer," the directory name has been misspelled, the name service has failed, there is a networking problem, or the +hosts +deny += option includes your host.

      +
    • +

      + +If it is not a spelling mistake, you need to double back to at least the section +Section 9.2.5.3, to investigate why it doesn't connect.

    • +

      + +If +smbclient does work, it's a name service problem with the client name service, and you need to go forward to the section +Section 9.2.6.2, Testing the server with nmblookup, and see if you can look up both client and server with +nmblookup.

  • +

    + +If you get "The password is invalid for \server\username," your locally cached copy on the client doesn't match the one on the server. You will be prompted for a replacement.

+Windows 95 and 98 clients keep a local +password file, but it's really just a cached copy of the password it sends to Samba and NT servers to authenticate you. That's what is being prompted for here. You can still log on to a Windows machine without a password (but not to NT).

    +
  • +

    +If you provide your password, and it still fails, your password is not being matched on the server, you have a +valid +users or +invalid +users list denying you permission, NetBEUI is interfering, or the encrypted password problem described in the next paragraph exists.

  • +

    + +If your client is NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98 or any of these with Internet Explorer 4.0, these default to using Microsoft encryption for passwords (discussed in Chapter 6, Users, Security, and Domains's Section 6.4, Passwords in Chapter 6 section, along with the alternatives). In general, if you have installed a major Microsoft product recently, you may have applied an update and turned on encrypted passwords.

+Because of Internet Explorer's willingness to honor URLs such as +file://somehost/somefile by making SMB connections, clients up to and including Windows 95 Patch Level 2 would happily send your password, in plaintext, to SMB servers anywhere on the Internet. This was considered a bad idea, and Microsoft quite promptly switched to using only encrypted passwords in the SMB protocol. All subsequent releases of their products have included this correction. Encrypted passwords aren't actually needed unless you're using Internet Explorer 4.0 without a firewall, so it's reasonable to keep using unencrypted passwords on your own networks.

    +
  • +

    + +If you have a mixed-case password on Unix, the client is probably sending it in all one case. If changing your password to all one case works, this was the problem. Regrettably, all but the oldest clients support uppercase passwords, so Samba will try once with it in uppercase and once in lower case. If you wish to use mixed-case passwords, see the +password +level option in Chapter 6 for a workaround.

  • +

    + +You may have a +valid +users problem, as tested with +smbclient (see +Section 9.2.5.3).

  • +

    + +You may have the NetBEUI protocol bound to the Microsoft client. This often produces long timeouts and erratic failures, and is known to have caused failures to accept passwords in the past.

+The term "bind" is used to mean connecting a piece of software to another in this case. The Microsoft SMB client is "bound to" TCP/IP in the bindings section of the TCP/IP properties panel under the Windows 95/98 Network icon in the Control Panel. TCP/IP in turn is bound to an Ethernet card. This is not the same sense of the word as binding an SMB daemon to a TCP/IP port.

+

+9.2.5.5 Testing connections with Windows Explorer

Start Windows Explorer or NT Explorer (not Internet Explorer), select Tools→Map Network Drive and specify \\ + +server\ +temp to see if you can make Explorer connect to the +/tmp directory. You should see a screen similar to the one in +Figure 9.3. If so, you've succeeded and can skip to +Section 9.2.6, Troubleshooting Browsing .

+ +Figure 9.3: Accessing the /tmp directory with Windows Explorer

Figure 9.3

+A word of caution: Windows Explorer and NT Explorer are rather poor as diagnostic tools: they do tell you that something's wrong, but rarely what it is. If you get a failure, you'll need to track it down with the NET USE command, which has far superior error reporting:

    +
  • +

    + +If you get "The password for this connection that is in your password file is no longer correct," you may have any of the following:

      +
    • +

      + +Your locally cached copy on the client doesn't match the one on the server.

    • +

      + +You didn't provide a username and password when logging on to the client. Most Explorers will continue to send a username and password of null, even if you provide a password.

    • +

      + +You have misspelled the password.

    • +

      + +You have an +invalid +users or +valid +users list denying permission.

    • +

      + +Your client is NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98, or any of these with Internet Explorer 4. They will all want encrypted passwords.

    • +

      + +You have a mixed-case password, which the client is supplying in all one case.

  • +

    + +If you get "The network name is either incorrect, or a network to which you do not have full access," or "Cannot locate specified computer," you may have any of the following:

      +
    • +

      + + Misspelled name

    • +

      + + Malfunctioning service

    • +

      + + Failed share

    • +

      + + Networking problem

    • +

      + + Bad +path line

    • +

      + + +hosts +deny line that excludes you

  • +

    + +If you get "You must supply a password to make this connection," the password on the client is out of synchronization with the server, or this is the first time you've tried from this client machine and the client hasn't cached it locally yet.

  • +

    + +If you get "Cannot locate specified share name," you have a wrong share name or a syntax error in specifying it, a share name longer than eight characters, or one containing spaces or in mixed case.

+Once you can reliably connect to the +[temp] directory, try once again, this time using your home directory. If you have to change something to get home directories working, then retest with +[temp], and vice versa, as we showed in the section +Section 9.2.5.4. As always, if Explorer fails, drop back to that section and debug it there.

+

+9.2.6 Troubleshooting Browsing

Finally, we come to browsing. This was left to last, not because it is hardest, but because it's both optional and partially dependent on a protocol that doesn't guarantee delivery of a packet. Browsing is hard to diagnose if you don't already know all the other services are running.

+Browsing is purely optional: it's just a way to find the servers on your net and the shares that they provide. Unix has nothing of the sort and happily does without. Browsing also assumes all your machines are on a local area network (LAN) where broadcasts are allowable.

+First, the browsing mechanism identifies a machine using the unreliable UDP protocol; then it makes a normal (reliable) TCP/IP connection to list the shares the machine provides.

+

+ +9.2.6.1 Testing browsing with smbclient

We'll start with testing the reliable connection first. From the server, try listing its own shares via +smbclient with a +-L option of your server's name. You should get: 

server% smbclient -L server 
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Server time is Tue Apr 28 09:57:28 1998 Timezone is UTC-4.0 
+Password: 
+Domain=[EXAMPLE] 
+OS=[Unix] 
+Server=[Samba 1.9.18]
+Server=[server] 
+User=[davecb] 
+Workgroup=[EXAMPLE] 
+Domain=[EXAMPLE]
+   Sharename      Type      Comment    
+   ---------      ----      -------    
+    cdrom          Disk      CD-ROM    
+    cl             Printer   Color Printer 1    
+    davecb         Disk      Home Directories
+
+ This machine has a browse list:
+   Server         Comment    
+   ---------      -------    
+   SERVER          Samba 1.9.18
+
+ This machine has a workgroup list:
+   Workgroup      Master    
+    ---------      -------    
+    EXAMPLE        SERVER
    +
  • +

    + +If you didn't get a Sharename list, the server is not allowing you to browse any shares. This should not be the case if you've tested any of the shares with Windows Explorer or the NET USE command. If you haven't done the +smbclient +-L +localhost +-U% test yet (see +Section 9.2.5.2), do it now. An erroneous guest account can prevent the shares from being seen. Also, check the +smb.conf file to make sure you do not have the option +browsable += +no anywhere in it: we suggest a minimal +smb.conf file (see +Section 9.2.5.1, A minimal smb.conf file) for you to steal from. You need to have +browseable enabled in order to be able to see at least the +[temp] share.

  • +

    + +If you didn't get a browse list, the server is not providing information about the machines on the network. At least one machine on the net must support browse lists. Make sure you have +local +master += +yes in the +smb.conf file if you want Samba be the local master browser.

  • +

    + +If you got a browse list but didn't get +/tmp, you probably have a +smb.conf problem. Go back to +Section 9.2.4.5.

  • +

    + +If you didn't get a workgroup list with your workgroup name in it, it is possible that your workgroup is set incorrectly in the +smb.conf file.

  • +

    + +If you didn't get a workgroup list at all, ensure that +workgroup +=EXAMPLE is present in the +smb.conf file.

  • +

    + +If you get nothing, try once more with the options +-I + +ip_address +-n + +netbios_name +-W + +workgroup +-d3 with the NetBIOS and workgroup name in uppercase. (The +-d +3 option sets the log /debugging level to 3.)

+If you're still getting nothing, you shouldn't have gotten this far. Double back to at least +Section 9.2.3.1, Testing TCP with FTP , or perhaps +Section 9.2.2.4. On the other hand:

    +
  • +

    + +If you get "SMBtconX failed. ERRSRV - ERRaccess," you aren't permitted access to the server. This normally means you have a +valid +hosts option that doesn't include the server, or an invalid hosts option that does.

  • +

    + + If you get "Bad password," then you presumably have one of the following:

      +
    • +

      + + An incorrect +hosts +allow or +hosts +deny line

    • +

      + + An incorrect +invalid +users or +valid +users line

    • +

      + + A lowercase password and OS/2 or Windows for Workgroups clients

    • +

      + + A missing or invalid guest account

  • +

    +Check what your guest account is (see +Section 9.2.5.2) and verify your +smb.conf file with +testparm +smb.conf + +your_hostname your_ip_address (see +Section 9.2.4.5) and change or comment out any +hosts +allow, +hosts +deny, +valid +users or +invalid +users lines.

  • +

    + +If you get "Connection refused," the +smbd server is not running or has crashed. Check that it's up, running, and listening to the network with +netstat, see step +Section 9.2.4.5.

  • +

    + +If you get "Get_Hostbyname: Unknown host name," you've made a spelling error, there is a mismatch between Unix and NetBIOS hostname, or there is a name service problem. Start nameservice debugging with +Section 9.2.5.4. If this works, suspect a name mismatch and go to step +Section 9.2.10, Troubleshooting NetBIOS Names.

  • +

    + +If you get "Session request failed," the server refused the connection. This usually indicates an internal error, such as insufficient memory to fork a process.

  • +

    + +If you get "Your server software is being unfriendly," the initial session request packet received a garbage response from the server. The server may have crashed or started improperly. Go back to +Section 9.2.5.2, where the problem is first analyzed.

  • +

    + +If you suspect the server is not running, go back to +Section 9.2.4.2, Looking for daemon processes with ps to see why the server daemon isn't responding.

+

+9.2.6.2 Testing the server with nmblookup

+This will test the "advertising" system used for Windows name services and browsing. Advertising works by broadcasting one's presence or willingness to provide services. It is the part of browsing that uses an unreliable protocol (UDP), and works only on broadcast networks like Ethernets. The +nmblookup program broadcasts name queries for the hostname you provide, and returns its IP address and the name of the machine, much like +nslookup does with DNS. Here, the +-d (debug- or log-level) option, and the +-B (broadcast address) options direct queries to specific machines.

+First, we check the server from itself. Run +nmblookup with a +-B option of your server's name to tell it to send the query to the Samba server, and a parameter of +__SAMBA__ as the symbolic name to look up. You should get: 

server% nmblookup -B server __SAMBA__ 
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 
+Sending queries to 192.168.236.86 192.168.236.86 __SAMBA__

+You should get the IP address of the server, followed by the name +__SAMBA__ , which means that the server has successfully advertised that it has a service called +__SAMBA__ , and therefore at least part of NetBIOS nameservice works.

    +
  • +

    + +If you get "Name_query failed to find name __SAMBA__" you may have specified the wrong address to the +-B option, or +nmbd is not running. The +-B option actually takes a broadcast address: we're using a machine-name to get a unicast address, and to ask server if it has claimed +__SAMBA__.

  • +

    + +Try again with +-B + + ip_address, and if that fails too, +nmbd isn't claiming the name. Go back briefly to "Testing daemons with testparm" to see if +nmbd is running. If so, it may not claiming names; this means that Samba is not providing the browsing service - a configuratiuon problem. If that is the case, make sure that +smb.conf doesn't contain the option +browsing += +no.

+

+ +9.2.6.3 Testing the client with nmblookup

+Next, check the IP address of the client from the server with +nmblookup using +-B option for the client's name and a parameter of +'*' meaning "anything," as shown here: 

server% nmblookup -B client '*' 
+Sending queries to 192.168.236.10 192.168.236.10 *
+Got a positive name query response from 192.168.236.10 (192.168.236.10)
    +
  • +

    + +If you receive "Name-query failed to find name *," you have made a spelling mistake, or the client software on the PC isn't installed, started, or bound to TCP/IP. Double back to Chapter 2 or Chapter 3 and ensure you have a client installed and listening to the network.

+Repeat the command with the following options if you had any failures:

    +
  • +

    + +If +nmblookup +-B + +client_IP_address succeeds but +-B + +client_name fails, there is a name service problem with the client's name; go to +Section 9.2.8.

  • +

    + +If +nmblookup +-B +127.0.0.1'*' succeeds, but +-B + +client_IP_address fails, there is a hardware problem and ping should have failed. See your network manager.

+

+ +9.2.6.4 Testing the network with nmblookup

+Run the command +nmblookup again with a +-d option (debug level) of 2 and a parameter of +'*' again. This time we are testing the ability of programs (such as +nmbd ) to use broadcast. It's essentially a connectivity test, done via a broadcast to the default broadcast address.

+A number of NetBIOS/TCP-IP hosts on the network should respond with "got a positive name query response" messages. Samba may not catch all of the responses in the short time it listens, so you won't always see all the SMB clients on the network. However, you should see most of them:

server% nmblookup -d 2 '*' 
+Added interface ip=192.168.236.86 bcast=192.168.236.255 nmask=255.255.255.0 Sending queries to 192.168.236.255 
+Got a positive name query response from 192.168.236.191 (192.168.236.191) 
+Got a positive name query response from 192.168.236.228 (192.168.236.228) 
+Got a positive name query response from 192.168.236.75 (192.168.236.75) 
+Got a positive name query response from 192.168.236.79 (192.168.236.79) 
+Got a positive name query response from 192.168.236.206 (192.168.236.206) 
+Got a positive name query response from 192.168.236.207 (192.168.236.207) 
+Got a positive name query response from 192.168.236.217 (192.168.236.217) 
+Got a positive name query response from 192.168.236.72 (192.168.236.72) 192.168.236.86 *

+However:

    +
  • +

    + +If this doesn't give at least the client address you previously tested, the default broadcast address is wrong. Try +nmblookup +-B +255.255.255.255 +-d +2 +'*', which is a last-ditch variant (a broadcast address of all ones). If this draws responses, the broadcast address you've been using before is wrong. Troubleshooting these is discussed in the +Section 9.2.9.2, Broadcast addresses section, later in this chapter.

  • +

    + +If the address 255.255.255.255 fails too, check your notes to see if your PC and server are on different subnets, as discovered in +Section 9.2.2.4. You should try to diagnose this with a server and client on the same subnet, but if you can't, you can try specifying the remote subnet's broadcast address with +-B. Finding that address is discussed in the same place as troubleshooting broadcast addresses, in the section +Section 9.2.9.2, later in this chapter. The +-B option will work if your router supports directed broadcasts; if it doesn't, you may be forced to test with a client on the same network.

+

+ +9.2.6.5 Testing client browsing with net view

On the client, run the command net view \\server in a DOS window to see if you can connect to the client and ask what shares it provides. You should get back a list of available shares on the server, as shown in +Figure 9.4.

+ +Figure 9.4: Using the net view command

Figure 9.4

+If you received this, continue with the section +Section 9.2.7, Other Things that Fail.

    +
  • +

    + +If you get "Network name not found" for the name you just tested in the section +Section 9.2.6.3, Testing the client with nmblookup, there is a problem with the client software itself. Double-check this by running +nmblookup on the client; if it works and NET VIEW doesn't, the client is at fault.

  • +

    + +Of course, if +nmblookup fails, there is a NetBIOS nameservice problem, as discussed in the section +Section 9.2.10.

  • +

    + +If you get "You do not have the necessary access rights," or "This server is not configured to list shared resources," either your guest account is misconfigured (see +Section 9.2.5.2), or you have a +hosts +allow or +hosts +deny line that prohibits connections from your machine. These problems should have been detected by the +smbclient tests starting in the section +Section 9.2.6.1, Testing browsing with smbclient .

  • +

    + +If you get "The specified computer is not receiving requests," you have misspelled the name, the machine is unreachable by broadcast (tested in "Testing the network with nmblookup"), or it's not running +nmbd.

  • +

    + +If you get "Bad password error," you're probably encountering the Microsoft-encrypted password problem, as discussed in Chapter 6, with its corrections.

+

+ +9.2.6.6 Browsing the server from the client

From the Network Neighborhood (File Manager in older releases), try to browse the server. Your Samba server should appear in the browse list of your local workgroup. You should be able to double click on the name of the server and get a list of shares, as illustrated in +Figure 9.5.

+ +Figure 9.5: List of shares on a server

Figure 9.5
    +
  • +

    + +If you get an "Invalid password" error with NT 4.0, NT 3.5 with Patch 3, Windows 95 with Patch 3, Windows 98 or any of these with Internet Explorer 4.0, it's most likely the encryption problem again. All of these clients default to using Microsoft encryption for passwords (see Chapter 6).

  • +

    + +If you receive an "Unable to browse the network" error, one of the following has ocurred:

      +
    • +

      + +You have looked too soon, before the broadcasts and updates have completed; try waiting 30 seconds before re-attempting.

    • +

      + +There is a network problem you've not yet diagnosed.

    • +

      + +There is no browse master. Add the configuration option +local +master += +yes to your +smb.conf file.

    • +

      + +No shares are marked +browsable in the +smb.conf file.

  • +

    + +If you receive the message "\\server is not accessible," then:

      +
    • +

      + + You have the encrypted password problem

    • +

      + + The machine really isn't accessible

    • +

      + + The machine doesn't support browsing

+

+9.2.7 Other Things that Fail

+If you've made it here, either the problem is solved or it's not one we've seen. The next sections cover troubleshooting tasks that are required to have the infrastructure to run Samba, not Samba itself.

+

+ +9.2.7.1 Not logging on

An occasional problem is forgetting to log in to the client or logging in as a wrong (account-less) person. The former is not diagnosed at all: Windows tries to be friendly and lets you on. Locally! The only warning of the latter is that Windows welcomes you and asks about your new account. Either of these leads to repeated refusals to connect and endless requests for passwords. If nothing else seems to work, try logging out or shutting down and logging in again.

+

+ +9.2.8 Troubleshooting Name Services

This section looks at simple troubleshooting of all the name services that you will encounter, but only for the common problems that affect Samba.

+There are several good references for troubleshooting particular name services: Paul Albitz and Cricket Liu's +DNS and Bind covers the Domain Name Service (DNS), Hal Stern's +NFS and NIS (both from O'Reilly) covers NIS ("Yellow pages") while WINS (Windows Internet Name Service), +hosts/LMHOSTS files and NIS+ are best covered by their respective vendor's manuals.

+The problems addressed in this section are:

    +
  • +

    + +Identifying name services

  • +

    + +A hostname can't be looked up

  • +

    + +The long (FQDN) form of a hostname works but the short form doesn't

  • +

    + +The short form of the name works, but the long form doesn't

  • +

    + +A long delay ocurrs before the expected result

+

+ +9.2.8.1 Identifying what's in use

First, see if both the server and the client are using DNS, WINS, NIS, or +hosts files to look up IP addresses when you give them a name. Each kind of machine will have a different preference:

    +
  • +

    + +Windows 95 and 98 machines will look in WINS and +LMHOSTS files first, then broadcast, and finally try DNS and +hosts files.

  • +

    + +NT will look in WINS, then broadcast, LMHOSTS files, and finally +hosts and DNS.

  • +

    + +Windows programs using the WINSOCK standard (like PC-NFSs) will use hosts files, DNS, WINS, and then broadcast. Don't assume that if a different program's name service works, the SMB client program's name service will!

  • +

    + +Samba daemons will use +LMHOSTS, WINS, the Unix host's preference, and then broadcast.

  • +

    + +Unix hosts can be configured to use any combination of DNS, +hosts files, and NIS and NIS+, generally in any order.

+We recommend that the client machines be configured to use WINS and DNS, the Samba daemons to use WINS and DNS, and the Unix server to use DNS. You'll have to look at your notes and the actual machines to see which is in use.

+On the clients, the name services are all set in the TCP/IP Properties panel of the Networking Control Panel, as discussed in Chapter 3. You may need to check there to see what you've actually turned on. On the server, see if an +/etc/resolv.conf file exists. If it does, you're using DNS. You may be using the others as well, though. You'll need to check for NIS and combinations of services.

+Check for an +/etc/nsswitch.conf file on Solaris and other System V Unix operating systems. If you have one, look for a line that begins +host:, followed by one or more of +files, +bind, +nis or +nis+. These are the name services to use, in order, with optional extra material in square brackets. +files stands for using + hosts files, while +bind (the Berkeley Internet Name Daemon) stands for using DNS.

+If the client and server differ, the first thing to do is to get them in sync. Clients can only use only DNS, WINS, +hosts files and +lmhosts files, not NIS or NIS+. Servers can use +hosts files, DNS, and NIS or NIS+, but not WINS - even if your Samba server provides WINS services. If you can't get all the systems to use the same services, you'll have to carefully check the server and the client for the same data.

+Samba 2.0 (and late 1.9 versions) added a +-R + (resolve order) option to +smbclient. If you want to troubleshoot WINS, for example, you'd say:

 smbclient -L server -R wins

+The possible settings are +hosts (which means whatever the Unix machine is using, not just + /etc/hosts files), +lmhosts, +wins and +bcast (broadcast).

+In the following sections, we use the term +long name for a fully-qualified domain name (FQDN), like +server.example.com, and the term +short name for the host part of a FQDN, like +server.

+

+ +9.2.8.2 Cannot look up hostnames

+ Try the following:

    +
  • +

    + +In DNS:

    +Run +nslookup + +name. If this fails, look for a +resolv.conf error, a downed DNS server, or a short/long name problem (see the next section). Try the following:

  • +

    + +Your +/etc/resolv.conf should contain one or more name-server lines, each with an IP address. These are the addresses of your DNS servers.

  • +

    + +ping each of the server addresses you find. If this fails for one, suspect the machine. If it fails for each, suspect your network.

  • +

    + +Retry the lookup using the full domain name (e.g., +server.example.com) if you tried the short name first, or the short name if you tried the long name first. If results differ, skip to the next section.

    +
  • +

    + +In Broadcast/ WINS:

    +Broadcast/ WINS does only short names such as +server, (not long ones, such as +server.example.com). Run +nmblookup +-S + +server. + + This reports everything broadcast has registered for the name. In our example, it looks like this:

+Looking up status of 192.168.236.86
+received 10 names
+        SERVER           <00> -         M <ACTIVE> 
+        SERVER           <03> -         M <ACTIVE> 
+        SERVER           <1f> -         M <ACTIVE> 
+        SERVER           <20> -         M <ACTIVE> 
+        ..__MSBROWSE__.  <01> - <GROUP> M <ACTIVE> 
+        MYGROUP          <00> - <GROUP> M <ACTIVE> 
+        MYGROUP          <1b> -         M <ACTIVE> 
+        MYGROUP          <1c> - <GROUP> M <ACTIVE> 
+        MYGROUP          <1d> -         M <ACTIVE> 
+        MYGROUP          <1e> - <GROUP> M <ACTIVE>
    +
  • +

    +The required entry is +SERVER +<00>, which identifies + +server as being this machine's NetBIOS name. You should also see your workgroup mentioned one or more times. If these lines are missing, Broadcast/WINS cannot look up names and will need attention.

+The numbers in angle brackets in the previous output identify NetBIOS names as being workgroups, workstations, and file users of the messenger service, master browsers, domain master browsers, domain controllers and a plethora of others. We primarily use +<00> to identify machine and workgroup names and +<20> to identify machines as servers. The complete list is available at +http://support.microsoft.com/support/kb/articles/q163/4/09.asp.

    +
  • +

    + +In NIS:

    +Try +ypmatch +name +hosts. If this fails, NIS is down. Find out the NIS server's name by running + ypwhich, and ping the machine it to see if it's accessible.

  • +

    + +In NIS+:

    +If you're running NIS+, try +nismatch +name +hosts. If this fails, NIS is down. Find out the NIS server's name by running +niswhich, and ping that machine to see if it's accessible.

  • +

    + +In +hosts files:

    +Inspect +/etc/hosts on the client (C:\WINDOWS\HOSTS). Each line should have an IP number and one or more names, the primary name first, then any optional aliases. An example follows:

+        127.0.0.1         localhost
+        192.168.236.1     dns.svc.example.com 
+        192.168.236.10    client.example.com client 
+        192.168.236.11    backup.example.com loghost 
+        192.168.236.86    server.example.com server 
+        192.168.236.254   router.svc.example.com
    +
  • +

    +On Unix, +localhost should always be 127.0.0.1, although it may be just an alias for a hostname on the PC. On the client, check that there are no +#XXX directives at the ends of the lines; these are LAN Manager/NetBIOS directives, and should appear only in +LMHOSTS files (C:\WINDOWS\LMHOSTS).

  • +

    + +In +LMHOSTS files:

    +This file is a local source for LAN Manager (NetBIOS) names. It has a format very similar to +/etc/hosts files, but does not support long-form domain names (e.g., +server.example.com), and may have a number of optional +#XXX directives following the names. Note there usually is a +lmhosts.sam (for sample) file in +C:\WINDOWS, but it's not used unless renamed to +C:\WINDOWS\LMHOSTS.

+

+ +9.2.8.3 Long and short hostnames

Where the long (FQDN) form of a hostname works but the short name doesn't (for example, +client.example.com works but +client doesn't), consider the following:

    +
  • +

    + +DNS:

    +This usually indicates there is no default domain in which to look up the short names. Look for a +default line in +/etc/resolv.conf on the Samba server with your domain in it, or a +search line with one or more domains in it. One or the other may need to be present to make short names usable; which one depends on vendor and version of the DNS resolver. Try adding +domain + +your domain to +resolv.conf and ask your network or DNS administrator what should have been in the file.

  • +

    + +Broadcast/WINS:

    +Broadcast/WINS doesn't support long names; it won't suffer from this problem.

  • +

    + +NIS:

    +Try the command +ypmatch +hostname +hosts. If you don't get a match, your tables don't include short names. Speak to your network manager; short names may be missing by accident, or may be unsupported as a matter of policy. Some sites don't ever use (ambiguous) short names.

  • +

    + +NIS+ :

    +Try +nismatch + +hostname +hosts, and treat failure exactly as with NIS above.

  • +

    + + +hosts:

    +If the short name is not in +/etc/hosts, consider adding it as an alias. Avoid, if you can, short names as primary names (the first one on a line). Have them as aliases if your system permits.

  • +

    + + +LMHOSTS:

    +LAN Manager doesn't support long names, so it won't suffer from this problem.

+On the other hand, if the short form of the name works and the long doesn't, consider the following:

    +
  • +

    + +DNS:

    +This is bizarre; see your network or DNS administrator, as this is probably a DNS setup bug.

  • +

    + +Broadcast/WINS:

    +This is a normal bug; Broadcast/WINS can't use the long form. Optionally, consider DNS. Microsoft has stated that they will switch to DNS, though it's not providing name types like <00>.

  • +

    + +NIS:

    +If you can use +ypmatch to look up the short form but not the long, consider adding the long form to the table as at least an alias.

  • +

    + +NIS+:

    +Same as NIS, except you use +nismatch instead of +ypmatch to look up names.

  • +

    + + +hosts:

    +Add the long name as at least an alias, and preferably as the primary form. Also consider using DNS if it's practical.

  • +

    + + +LMHOSTS:

    +This is a normal bug. LAN Manager can't use the long form; consider switching to DNS or +hosts.

+

+ +9.2.8.4 Unusual delays

When there is a long delay before the expected result:

    +
  • +

    + +DNS:

    +Test the same name with the +nslookup command on the machine (client or server) that is slow. If +nslookup is also slow, you have a DNS problem. If it's slower on a client, you have too many protocols bound to the Ethernet card. Eliminate NetBEUI, which is infamously slow, and optionally, Novel, assuming you don't need them. This is especially important on Windows 95, which is particularly sensitive to excess protocols.

  • +

    + +Broadcast/ WINS:

    +Test the client using +nmblookup, and if it's faster, you probably have the protocols problem as mentioned in the previous item.

  • +

    + +NIS:

    +Try +ypmatch, and if it's slow, report the problem to your network manager.

  • +

    + +NIS+:

    +Try +nismatch, similarly.

  • +

    + + +hosts:

    + +hosts files, if of reasonable size, are always fast. You probably have the protocols problem mentioned under DNS, above.

  • +

    + + +LMHOSTS:

    +This is not a name lookup problem; +LMHOSTS files are as fast as +hosts files.

+

+ +9.2.8.5 Localhost issues

When a localhost isn't 127.0.0.1, try the following:

    +
  • +

    + +DNS:

    +There is probably no record for +localhost. +A +127.0.0.1. Arrange to add one, and a reverse entry, +1.0.0.127.IN-ADDR.ARPA +PTR +127.0.0.1.

  • +

    + +Broadcast/WINS:

    +Not applicable.

  • +

    + +NIS:

    +If +localhost isn't in the table, add it.

  • +

    + +NIS+:

    +If +localhost isn't in the table, add it.

  • +

    + + +hosts:

    +Add a line is the +hosts file that says +127.0.0.1 +localhost

  • +

    + + +LMHOSTS:

    +Not applicable.

+

+9.2.9 Troubleshooting Network Addresses

+A number of common problems are caused by incorrect Internet address routing or the incorrect assignment of addresses. This section helps you determine what your addresses are.

+

+ +9.2.9.1 Netmasks

The netmasks tell each machine which addresses can be reached directly (are on your local network) and which addresses require forwarding packets through a router. If the netmask is wrong, the machines will make one of two mistakes. One is to try to route local packets via a router, which is an expensive way to waste time - it may work reasonably fast, it may run slowly, or it may fail utterly. The second mistake is to fail to send packets for a remote machine to the router, which will prevent them from being forwarded to the remote machine.

+The netmask is a number like an IP address, with one-bits for the network part of an address and zero-bits for the host portion. The netmask is literally used to mask off parts of the address inside the TCP/IP code. If the mask is 255.255.0.0, the first 2 bytes are the network part and the last 2 are the host part. More common is 255.255.255.0, in which the first 3 bytes are the network part and the last one is the host part.

+For example, let's say your IP address is 192.168.0.10 and the Samba server is 192.168.236.86. If your netmask happens to be 255.255.255.0, the network part of the addresses is the first 3 bytes and the host part is the last byte. In this case, the network parts are different, and the machines are on different networks:

+ + + + + +
+

+Network Part

 +

+Host Part

+

+192 168 000

 +

+10

+

+192 168 235

 +

+86

+If your netmask happens to be 255.255.0.0, the network part is just the first two bytes. In this case, the network parts match and so the two machines are on the same network:

+ + + + + +
+

+Network Part

 +

+Host Part

+

+192 168

 +

+000 10

+

+192 168

 +

+236 86

+Of course, if your netmask says one thing and your network manager says another, the netmask is wrong.

+

+ +9.2.9.2 Broadcast addresses

+The broadcast address is a normal address, with the hosts part all one-bits. It means "all hosts on your network." You can compute it easily from your netmask and address: take the address and put one-bits in it for all the bits that are zero at the end of the netmask (the host part). The following table illustrates this:

+ + + + + + +
+

+

 +

+Network Part

 +

+Host Part

+

+ +IP address

 +

+192 168 236

 +

+86

+

+ +Netmask

 +

+255 255 255

 +

+000

+

+ +Broadcast

 +

+192 168 236

 +

+255

+In this example, the broadcast address on the 192.168.236 network is 192.168.236.255. There is also an old "universal" broadcast address, 255.255.255.255. Routers are prohibited from forwarding these, but most machines on your local network will respond to broadcasts to this address.

+

+ +9.2.9.3 Network address ranges

A number of address ranges have been reserved for testing and for non-connected networks; we use one of these for the book. If you don't have an address yet, feel free to use one of these to start with. They include one class A (large) network, 10.*.*.*, and 254 class C (smaller) networks, 192.168.1.* through to 192.168.254.*. In this book we use one of the latter, 192.168.236.*. The domain +example.com is also reserved for unconnected networks, explanatory examples, and books.

+If you're actually connecting to the Internet, you'll need to get a real network and a domain name, probably through the same company that provides your connection.

+

+ +9.2.9.4 Finding your network address

If you haven't recorded your IP address, it will be displayed by the +ifconfig command on Unix or by the IPCONFIG command on Windows 95 and NT. (Check your manual pages for any options required by your brand of Unix: Sun wants +ifconfig +-a). You should see output similar to the following:

+server% ifconfig -a 
+le0: flags=63<UP,BROADCAST,NOTRAILERS,RUNNING > 
+      inet 192.168.236.11 netmask ffffff00 broadcast 192.168.236.255 
+lo0: flags=49<&lt>UP,LOOPBACK,RUNNING<&gt> 		
+      inet 127.0.0.1 netmask ff000000

+One of the interfaces will be loopback (in our examples +lo0), and the other will be the regular IP interface. The flags should show that the interface is running, and Ethernet interfaces will also say they support broadcasts (PPP interfaces don't). The other places to look for IP addresses are +/etc/hosts files, Windows +HOSTS files, Windows +LMHOSTS files, NIS, NIS+ and DNS.

+

+9.2.10 Troubleshooting NetBIOS Names

Historically, SMB protocols have depended on the NetBIOS name system, also called the LAN Manager name system. This was a simple scheme where each machine had a unique 20-character name and broadcast it on the LAN for everyone to know. With TCP/IP, we tend to use names like +client.example.com stored in +/etc/hosts files, through DNS or WINS.

+The usual mapping to domain names such as +server.example.com simply uses the +server part as the NetBIOS name and converts it to uppercase. Alas, this doesn't always work, especially if you have a machine with a 21-character name; not everyone uses the same NetBIOS and DNS names. For example, +corpvm1 along with +vm1.corp.com is not unusual.

+A machine with a different NetBIOS name and domain name is confusing when you're troubleshooting; we recommend that you try to avoid this wherever possible. NetBIOS names are discoverable with +smbclient :

    +
  • +

    + +If you can list shares on your Samba server with +smbclient and a +-L option (list shares) of + +short_name_of_server, the short name is the NetBIOS name.

  • +

    + +If you get "Get_Hostbyname: Unknown host name," there is probably a mismatch. Check in the +smb.conf file to see if the NetBIOS name is explicitly set.

  • +

    + +Try again, specifying +-I and the IP address of the Samba server (e.g., +smbclient +-L +server +-I +192.168.236.86). This overrides the name lookup and forces the packets to go to the IP address. If this works, there was a mismatch.

  • +

    + +Try with +-I and the full domain name of the server (e.g., +smbclient +-L +server +-I +server.example.com). This tests the lookup of the domain name, using whatever scheme the Samba server uses (e.g., DNS). If it fails, you have a name service problem. You should reread the section +Section 9.2.8 after you finish troubleshooting the NetBIOS names.

  • +

    + +Try with +-n (NetBIOS name) and the name you expect to work (e.g., +smbclient +-n +server +-L +server-12) but without overriding the IP address through +-I. If this works, the name you specified with +-n is the actual NetBIOS name of the server. If you receive "Get-Hostbyname: Unknown host MARY," it's not the right server yet.

  • +

    + +If nothing is working so far, repeat the tests specifying +-U + +username and +-W + +workgroup, with the username and workgroup in uppercase, to make sure you're not being derailed by a user or workgroup mismatch.

  • +

    + +If nothing works still and you had evidence of a name service problem, troubleshoot name service in the section +Section 9.2.8, and then return to NetBIOS name service.

+
+
+
+ + +
+ +Previous: 9.1 The Tool Bag + + + +Next: 9.3 Extra Resources
9.1 The Tool Bag + +Book Index +9.3 Extra Resources
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/ch09_03.html b/docs/htmldocs/using_samba/ch09_03.html new file mode 100644 index 00000000000..ecaa53ed364 --- /dev/null +++ b/docs/htmldocs/using_samba/ch09_03.html @@ -0,0 +1,136 @@ + + + +[Chapter 9] 9.3 Extra Resources + + + + + + +
+ + +
+

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly +
1st Edition November 1999 +
1-56592-449-5, Order Number: 4495 +
416 pages, $34.95 + +

Buy the hardcopy +

Table of Contents +

+
+ + +
+
+ + +
+ +Previous: 9.2 The Fault Tree + + + +Chapter 9
+Troubleshooting Samba		 + +Next: A. Configuring Samba with SSL
 
+ +
+
+

+ +9.3 Extra Resources

At some point during your Samba career, you will want to turn to online or printed resources for news, updates, and aid.

+

+ +9.3.1 Documentation and FAQs

It's okay to read the documentation. Really. Nobody can see you, and we won't tell. In fact, Samba ships with a large set of documentation files, and it is well worth the effort to at least browse through them, either in the distribution directory on your computer under +/docs, or online at the Samba web site: http://samba.anu.edu.au/samba/. The most current FAQ list, bug information, and distribution locations are located at the web site, with links to all of the Samba manual pages and HOW-TOs.

+

+ +9.3.2 Samba Newsgroups

Usenet newsgroups have always been a great place to get advice on just about any topic. In the past few years, though, this vast pool of knowledge has developed something that has made it into an invaluable resource: a memory. Archival and search sites such as DejaNews (http://www.dejanews.com) have made sifting through years of valuable solutions on a topic as simple as a few mouse clicks.

+The primary newsgroup for Samba is +comp.protocols.smb. This should always be your first stop when there's a problem. More often than not, spending five minutes researching an error here will save hours of frustration while trying to debug something yourself.

+When searching a newsgroup, try to be as specific as possible, but not too wordy. Searching on actual error messages is best. If you don't find an answer immediately in the newsgroup, resist the temptation to post a request for help until you've done a bit more work on the problem. You may find that the answer is in a FAQ or one of the many documentation files that ships with Samba, or a solution might become evident when you run one of Samba's diagnostic tools. If nothing works, post a request in +comp.protocols.smb, and be as specific as possible about what you have tried and what you are seeing. Include any error messages that appear. It may be several days before you receive help, so be patient and keep trying things while you wait.

+Once you post a request for help, keep poking at the problem yourself. Most of us have had the experience of posting a Usenet article containing hundreds of lines of intricate detail, only to solve the problem an hour later after the article has blazed its way across several continents. The rule of thumb goes something like this: the more folks who have read your request, the simpler the solution. Usually this means that once everyone in the Unix community has seen your article, the solution will be something simple like, "Plug the computer into the wall socket."

+

+ +9.3.3 Samba Mailing Lists

The following are mailing lists for support with Samba. See the Samba homepage, http://www.samba.org/ for information on subscribing and unsubscribing to these mailing lists:

+
+samba-binaries@samba.org
+

+This mailing list has information on precompiled binaries for the Samba platform.

+samba@samba.org
+

+This mailing list is the place to report suspected bugs in Samba.

+samba-ntdom@samba.org
+

+This mailing list has information on support for domains (particularly Windows NT) with the Samba product.

+samba-technical@samba.org
+

+This mailing list maintains debate about where the future of Samba is headed.

+samba@samba.org
+

+This is the primary Samba mailing list that contains general questions and HOW-TO information on Samba.

+

+ +9.3.4 Samba Discussion Archives

There is a search service for the primary Samba mailing list. At the time this book was written, it was listed under "searchable" in the Sources paragraph on the first page of the Samba site and its mirrors, http://samba.anu.edu.au/listproc/ghindex.html.

+

+ +9.3.5 Further Reading

    +
  1. +

    Craig Hunt; +TCP/IP Network Administration, 2nd Edition. Sebastopol, CA: O'Reilly and Associates, 1997 (ISBN 1-56592-322-7).

  2. +

    +Hunt, Craig, and Robert Bruce Thompson; +Windows NT TCP/IP Network Administration. Sebastopol, CA: O'Reilly and Associates, 1998 ( +ISBN 1-56592-377-4).

  3. +

    Albitz, Paul, and Cricket Liu; +DNS and Bind, 3rd Edition. Sebastopol, CA: O'Reilly & Associates, 1998 (ISBN 1-56592-512-2).

  4. +

    +Stern, Hal; +Managing NFS and NIS. Sebastopol, CA: O'Reilly & Associates, 1991 (ISBN 0-937175-75-7).

+
+
+
+ + +
+ +Previous: 9.2 The Fault Tree + + + +Next: A. Configuring Samba with SSL
9.2 The Fault Tree + +Book Index +A. Configuring Samba with SSL
+
+ + +
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/figs/sam.0101.gif b/docs/htmldocs/using_samba/figs/sam.0101.gif new file mode 100644 index 00000000000..ce022dd3220 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0101.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0102.gif b/docs/htmldocs/using_samba/figs/sam.0102.gif new file mode 100644 index 00000000000..2c26743160e Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0102.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0103.gif b/docs/htmldocs/using_samba/figs/sam.0103.gif new file mode 100644 index 00000000000..480b51bdb24 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0103.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0104.gif b/docs/htmldocs/using_samba/figs/sam.0104.gif new file mode 100644 index 00000000000..a580bfd9da5 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0104.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0105.gif b/docs/htmldocs/using_samba/figs/sam.0105.gif new file mode 100644 index 00000000000..45782f6a54d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0105.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0106.gif b/docs/htmldocs/using_samba/figs/sam.0106.gif new file mode 100644 index 00000000000..7e43f6a8295 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0106.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0107.gif b/docs/htmldocs/using_samba/figs/sam.0107.gif new file mode 100644 index 00000000000..60f24ce060d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0107.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0108.gif b/docs/htmldocs/using_samba/figs/sam.0108.gif new file mode 100644 index 00000000000..93b036c7366 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0108.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0109.gif b/docs/htmldocs/using_samba/figs/sam.0109.gif new file mode 100644 index 00000000000..ec01228ef7c Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0109.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0110.gif b/docs/htmldocs/using_samba/figs/sam.0110.gif new file mode 100644 index 00000000000..9695cf7c61b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0110.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0111.gif b/docs/htmldocs/using_samba/figs/sam.0111.gif new file mode 100644 index 00000000000..4dbc2dba41b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0111.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0112.gif b/docs/htmldocs/using_samba/figs/sam.0112.gif new file mode 100644 index 00000000000..4f559e0d0f0 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0112.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0113.gif b/docs/htmldocs/using_samba/figs/sam.0113.gif new file mode 100644 index 00000000000..5d8cdaef6b5 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0113.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0114.gif b/docs/htmldocs/using_samba/figs/sam.0114.gif new file mode 100644 index 00000000000..291e6f0c824 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0114.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0201.gif b/docs/htmldocs/using_samba/figs/sam.0201.gif new file mode 100644 index 00000000000..e6f97f63015 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0201.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0202.gif b/docs/htmldocs/using_samba/figs/sam.0202.gif new file mode 100644 index 00000000000..0490c085717 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0202.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0203.gif b/docs/htmldocs/using_samba/figs/sam.0203.gif new file mode 100644 index 00000000000..a24c4818600 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0203.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0204.gif b/docs/htmldocs/using_samba/figs/sam.0204.gif new file mode 100644 index 00000000000..e446b1d4f11 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0204.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0301.gif b/docs/htmldocs/using_samba/figs/sam.0301.gif new file mode 100644 index 00000000000..82306d6cc9b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0301.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0302.gif b/docs/htmldocs/using_samba/figs/sam.0302.gif new file mode 100644 index 00000000000..0916db72aea Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0302.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0303.gif b/docs/htmldocs/using_samba/figs/sam.0303.gif new file mode 100644 index 00000000000..18d63dbbb73 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0303.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0304.gif b/docs/htmldocs/using_samba/figs/sam.0304.gif new file mode 100644 index 00000000000..a0c5eee0992 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0304.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0305.gif b/docs/htmldocs/using_samba/figs/sam.0305.gif new file mode 100644 index 00000000000..43be04655ab Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0305.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0306.gif b/docs/htmldocs/using_samba/figs/sam.0306.gif new file mode 100644 index 00000000000..be7609d9439 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0306.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0307.gif b/docs/htmldocs/using_samba/figs/sam.0307.gif new file mode 100644 index 00000000000..258d3390bc1 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0307.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0308.gif b/docs/htmldocs/using_samba/figs/sam.0308.gif new file mode 100644 index 00000000000..316643ccfbe Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0308.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0309.gif b/docs/htmldocs/using_samba/figs/sam.0309.gif new file mode 100644 index 00000000000..4a9d5d762b2 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0309.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0310.gif b/docs/htmldocs/using_samba/figs/sam.0310.gif new file mode 100644 index 00000000000..37262b91be0 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0310.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0311.gif b/docs/htmldocs/using_samba/figs/sam.0311.gif new file mode 100644 index 00000000000..c25e96f936f Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0311.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0312.gif b/docs/htmldocs/using_samba/figs/sam.0312.gif new file mode 100644 index 00000000000..8823f38eb1a Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0312.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0313.gif b/docs/htmldocs/using_samba/figs/sam.0313.gif new file mode 100644 index 00000000000..981a6849887 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0313.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0314.gif b/docs/htmldocs/using_samba/figs/sam.0314.gif new file mode 100644 index 00000000000..9a7ed5858e2 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0314.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0315.gif b/docs/htmldocs/using_samba/figs/sam.0315.gif new file mode 100644 index 00000000000..ed4bcc42209 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0315.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0316.gif b/docs/htmldocs/using_samba/figs/sam.0316.gif new file mode 100644 index 00000000000..99908ac7d3b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0316.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0317.gif b/docs/htmldocs/using_samba/figs/sam.0317.gif new file mode 100644 index 00000000000..14899010064 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0317.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0318.gif b/docs/htmldocs/using_samba/figs/sam.0318.gif new file mode 100644 index 00000000000..263650a2749 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0318.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0319.gif b/docs/htmldocs/using_samba/figs/sam.0319.gif new file mode 100644 index 00000000000..0d1c934a564 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0319.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0320.gif b/docs/htmldocs/using_samba/figs/sam.0320.gif new file mode 100644 index 00000000000..061ce27cb10 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0320.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0321.gif b/docs/htmldocs/using_samba/figs/sam.0321.gif new file mode 100644 index 00000000000..f40fbbedcad Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0321.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0322.gif b/docs/htmldocs/using_samba/figs/sam.0322.gif new file mode 100644 index 00000000000..f421311dfc2 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0322.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0323.gif b/docs/htmldocs/using_samba/figs/sam.0323.gif new file mode 100644 index 00000000000..578ffda5524 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0323.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0324.gif b/docs/htmldocs/using_samba/figs/sam.0324.gif new file mode 100644 index 00000000000..4ab9ceb598f Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0324.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0325.gif b/docs/htmldocs/using_samba/figs/sam.0325.gif new file mode 100644 index 00000000000..f6da1e74347 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0325.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0326.gif b/docs/htmldocs/using_samba/figs/sam.0326.gif new file mode 100644 index 00000000000..df6313794d0 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0326.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0327.gif b/docs/htmldocs/using_samba/figs/sam.0327.gif new file mode 100644 index 00000000000..1e774392154 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0327.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0328.gif b/docs/htmldocs/using_samba/figs/sam.0328.gif new file mode 100644 index 00000000000..7baa0ef4e6d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0328.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0401.gif b/docs/htmldocs/using_samba/figs/sam.0401.gif new file mode 100644 index 00000000000..a62d0d5675d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0401.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0402.gif b/docs/htmldocs/using_samba/figs/sam.0402.gif new file mode 100644 index 00000000000..ecf03ca8c8a Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0402.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0403.gif b/docs/htmldocs/using_samba/figs/sam.0403.gif new file mode 100644 index 00000000000..755522854a4 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0403.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0404.gif b/docs/htmldocs/using_samba/figs/sam.0404.gif new file mode 100644 index 00000000000..0d28182e521 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0404.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0405.gif b/docs/htmldocs/using_samba/figs/sam.0405.gif new file mode 100644 index 00000000000..c7cc9d681b1 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0405.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0406.gif b/docs/htmldocs/using_samba/figs/sam.0406.gif new file mode 100644 index 00000000000..a4f82804aa0 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0406.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0407.gif b/docs/htmldocs/using_samba/figs/sam.0407.gif new file mode 100644 index 00000000000..84ca4e87c75 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0407.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0501.gif b/docs/htmldocs/using_samba/figs/sam.0501.gif new file mode 100644 index 00000000000..dac53c673a1 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0501.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0502.gif b/docs/htmldocs/using_samba/figs/sam.0502.gif new file mode 100644 index 00000000000..46e282ce31b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0502.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0503.gif b/docs/htmldocs/using_samba/figs/sam.0503.gif new file mode 100644 index 00000000000..786de36e69f Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0503.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0504.gif b/docs/htmldocs/using_samba/figs/sam.0504.gif new file mode 100644 index 00000000000..bece7b9e0a5 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0504.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0505.gif b/docs/htmldocs/using_samba/figs/sam.0505.gif new file mode 100644 index 00000000000..6460e0436d5 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0505.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0506.gif b/docs/htmldocs/using_samba/figs/sam.0506.gif new file mode 100644 index 00000000000..e7282b02867 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0506.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0507.gif b/docs/htmldocs/using_samba/figs/sam.0507.gif new file mode 100644 index 00000000000..bc7f2fda9af Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0507.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0508.gif b/docs/htmldocs/using_samba/figs/sam.0508.gif new file mode 100644 index 00000000000..95b7ad98c4d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0508.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0601.gif b/docs/htmldocs/using_samba/figs/sam.0601.gif new file mode 100644 index 00000000000..e826dd51415 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0601.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0602.gif b/docs/htmldocs/using_samba/figs/sam.0602.gif new file mode 100644 index 00000000000..dce39b1c404 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0602.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0603.gif b/docs/htmldocs/using_samba/figs/sam.0603.gif new file mode 100644 index 00000000000..15ad6f05d7b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0603.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0604.gif b/docs/htmldocs/using_samba/figs/sam.0604.gif new file mode 100644 index 00000000000..cd9820d00e7 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0604.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0605.gif b/docs/htmldocs/using_samba/figs/sam.0605.gif new file mode 100644 index 00000000000..db8e9c5e9f6 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0605.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0606.gif b/docs/htmldocs/using_samba/figs/sam.0606.gif new file mode 100644 index 00000000000..a4c5e577e5a Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0606.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0701.gif b/docs/htmldocs/using_samba/figs/sam.0701.gif new file mode 100644 index 00000000000..5933bdabbd0 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0701.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0702.gif b/docs/htmldocs/using_samba/figs/sam.0702.gif new file mode 100644 index 00000000000..c1160e28383 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0702.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0703.gif b/docs/htmldocs/using_samba/figs/sam.0703.gif new file mode 100644 index 00000000000..653e9b97617 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0703.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0704.gif b/docs/htmldocs/using_samba/figs/sam.0704.gif new file mode 100644 index 00000000000..78d5a439eae Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0704.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0705.gif b/docs/htmldocs/using_samba/figs/sam.0705.gif new file mode 100644 index 00000000000..39cee4c8569 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0705.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0706.gif b/docs/htmldocs/using_samba/figs/sam.0706.gif new file mode 100644 index 00000000000..8725542429c Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0706.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0707.gif b/docs/htmldocs/using_samba/figs/sam.0707.gif new file mode 100644 index 00000000000..09abcd5e78f Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0707.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0708.gif b/docs/htmldocs/using_samba/figs/sam.0708.gif new file mode 100644 index 00000000000..bd5466b319b Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0708.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0709.gif b/docs/htmldocs/using_samba/figs/sam.0709.gif new file mode 100644 index 00000000000..28452fd2322 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0709.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0801.gif b/docs/htmldocs/using_samba/figs/sam.0801.gif new file mode 100644 index 00000000000..04e9210e54d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0801.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0802.gif b/docs/htmldocs/using_samba/figs/sam.0802.gif new file mode 100644 index 00000000000..bf1718c93bf Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0802.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0803.gif b/docs/htmldocs/using_samba/figs/sam.0803.gif new file mode 100644 index 00000000000..bb5739154a5 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0803.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0804.gif b/docs/htmldocs/using_samba/figs/sam.0804.gif new file mode 100644 index 00000000000..eceb287e629 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0804.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0805.gif b/docs/htmldocs/using_samba/figs/sam.0805.gif new file mode 100644 index 00000000000..5a599e13453 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0805.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0901.gif b/docs/htmldocs/using_samba/figs/sam.0901.gif new file mode 100644 index 00000000000..1965600ab92 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0901.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0902.gif b/docs/htmldocs/using_samba/figs/sam.0902.gif new file mode 100644 index 00000000000..f604d0ed09d Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0902.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0903.gif b/docs/htmldocs/using_samba/figs/sam.0903.gif new file mode 100644 index 00000000000..1013d453427 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0903.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0904.gif b/docs/htmldocs/using_samba/figs/sam.0904.gif new file mode 100644 index 00000000000..db13646f3dc Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0904.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.0905.gif b/docs/htmldocs/using_samba/figs/sam.0905.gif new file mode 100644 index 00000000000..ef8c89bebbb Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.0905.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.aa01.gif b/docs/htmldocs/using_samba/figs/sam.aa01.gif new file mode 100644 index 00000000000..495b649cd02 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.aa01.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.ab01.gif b/docs/htmldocs/using_samba/figs/sam.ab01.gif new file mode 100644 index 00000000000..f7379675056 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.ab01.gif differ diff --git a/docs/htmldocs/using_samba/figs/sam.ab02.gif b/docs/htmldocs/using_samba/figs/sam.ab02.gif new file mode 100644 index 00000000000..6090cfd51d2 Binary files /dev/null and b/docs/htmldocs/using_samba/figs/sam.ab02.gif differ diff --git a/docs/htmldocs/using_samba/gifs/index.gif b/docs/htmldocs/using_samba/gifs/index.gif new file mode 100644 index 00000000000..b45dcd58518 Binary files /dev/null and b/docs/htmldocs/using_samba/gifs/index.gif differ diff --git a/docs/htmldocs/using_samba/gifs/samba.s.gif b/docs/htmldocs/using_samba/gifs/samba.s.gif new file mode 100644 index 00000000000..4984d0f8f32 Binary files /dev/null and b/docs/htmldocs/using_samba/gifs/samba.s.gif differ diff --git a/docs/htmldocs/using_samba/gifs/txthome.gif b/docs/htmldocs/using_samba/gifs/txthome.gif new file mode 100644 index 00000000000..5598a0ff938 Binary files /dev/null and b/docs/htmldocs/using_samba/gifs/txthome.gif differ diff --git a/docs/htmldocs/using_samba/gifs/txtnexta.gif b/docs/htmldocs/using_samba/gifs/txtnexta.gif new file mode 100644 index 00000000000..b6d67311adc Binary files /dev/null and b/docs/htmldocs/using_samba/gifs/txtnexta.gif differ diff --git a/docs/htmldocs/using_samba/gifs/txtpreva.gif b/docs/htmldocs/using_samba/gifs/txtpreva.gif new file mode 100644 index 00000000000..2b040b9b518 Binary files /dev/null and b/docs/htmldocs/using_samba/gifs/txtpreva.gif differ diff --git a/docs/htmldocs/using_samba/index.html b/docs/htmldocs/using_samba/index.html new file mode 100644 index 00000000000..f1b4ccec6ec --- /dev/null +++ b/docs/htmldocs/using_samba/index.html @@ -0,0 +1,168 @@ + + + + + +
+ + + + + +
+ + + + +

Using Samba

+ +Robert Eckstein, David Collier-Brown, Peter Kelly
+1st Edition November 1999
+1-56592-449-5, Order Number: 4495
+416 pages, $34.95 + +

+Buy the hardcopy version + +

+
+ +
+ + +
+
+

+Table of Contents

+License Information

+This Edition

+Chapter 1: Learning the Samba
+

+ Chapter 1.1: What is Samba?
+ Chapter 1.2: What Can Samba Do For Me?
+ Chapter 1.3: Getting Familiar with a SMB/CIFS Network
+ Chapter 1.4: Microsoft Implementations
+ Chapter 1.5: An Overview of the Samba Distribution
+ Chapter 1.6: How Can I Get Samba?
+ Chapter 1.7: What's New in Samba 2.0?
+ Chapter 1.8: And That's Not All...
+
+Chapter 2: Installing Samba on a Unix System
+
+ Chapter 2.1: Downloading the Samba Distribution
+ Chapter 2.2: Configuring Samba
+ Chapter 2.3: Compiling and Installing Samba
+ Chapter 2.4: A Basic Samba Configuration File
+ Chapter 2.5: Starting the Samba Daemons
+ Chapter 2.6: Testing the Samba Daemons
+
+Chapter 3: Configuring Windows Clients
+
+Chapter 3.1: Setting Up Windows 95/98 Computers
+Chapter 3.2: Setting Up Windows NT 4.0 Computers
+Chapter 3.3: An Introduction to SMB/CIFS
+
+Chapter 4: Disk Shares
+
+Chapter 4.1: Learning the Samba Configuration File
+Chapter 4.2: Special Sections
+Chapter 4.3: Configuration File Options
+Chapter 4.4: Server Configuration
+Chapter 4.5: Disk Share Configuration
+Chapter 4.6: Networking Options with Samba
+Chapter 4.7: Virtual Servers
+Chapter 4.8: Logging Configuration Options
+
+Chapter 5: Browsing and Advanced Disk Shares
+
+Chapter 5.1: Browsing
+Chapter 5.2: Filesystem Differences
+Chapter 5.3: File Permissions and Attributes on MS-DOS and Unix
+Chapter 5.4: Name Mangling and Case
+Chapter 5.5: Locks and Oplocks
+
+Chapter 6: Users, Security, and Domains
+
+Chapter 6.1: Users and Groups
+Chapter 6.2: Controlling Access to Shares
+Chapter 6.3: Authentication Security
+Chapter 6.4: Passwords
+Chapter 6.5: Windows Domains
+Chapter 6.6: Logon Scripts
+
+Chapter 7: Printing and Name Resolution
+
+Chapter 7.1: Sending Print Jobs to Samba
+Chapter 7.2: Printing to Windows Client Printers
+Chapter 7.3: Name Resolution with Samba
+
+Chapter 8: Additional Samba Information
+
+Chapter 8.1: Supporting Programmers
+Chapter 8.2: Magic Scripts
+Chapter 8.3: Internationalization
+Chapter 8.4: WinPopup Messages
+Chapter 8.5: Recently Added Options
+Chapter 8.6: Miscellaneous Options
+Chapter 8.7: Backups with smbtar
+
+Chapter 9: Troubleshooting Samba
+
+Chapter 9.1: The Tool Bag
+Chapter 9.2: The Fault Tree
+Chapter 9.3: Extra Resources
+
+ +Appendix A: Configuring Samba with SSL
+
+Appendix A.1: About Certificates
+Appendix A.2: Requirements
+Appendix A.3: Installing SSLeay
+Appendix A.4: Setting Up SSL Proxy
+Appendix A.5: SSL Configuration Options
+
+Appendix B: Samba Performance Tuning
+
+Appendix B.1: A Simple Benchmark
+Appendix B.2: Samba Tuning
+Appendix B.3: Sizing Samba Servers
+
+Appendix C: Samba Configuration Option Quick Reference
+

+Appendix D: Summary of Samba Daemons and Commands
+

+Appendix E: Downloading Samba with CVS
+

+Appendix F: Sample Configuration File
+

+ +Index
+ +

+
+ + + +
+
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + diff --git a/docs/htmldocs/using_samba/inx.html b/docs/htmldocs/using_samba/inx.html new file mode 100644 index 00000000000..34207d7a747 --- /dev/null +++ b/docs/htmldocs/using_samba/inx.html @@ -0,0 +1,1344 @@ + + +Using Samba + + + + + + + + + + + + + + +
+

Using Samba

+

Index

+ +
+
+[ A ], +[ B ], +[ C ], +[ D ], +[ E ], +[ F ], +[ G ], +[ H ], +[ I ], +[ J ], +[ K ], +[ L ], +[ M ], +[ N ], +[ O ], +[ P ], +[ Q ], +[ R ], +[ S ], +[ T ], +[ U ], +[ V ], +[ W ], +[ Y ], + + +
<> (angled brackets), 14 +
* (asterisk), 169 +
\ (backslash) in smb.conf file, 85 +
\\ (backslashes, two) in directories, 5 +
: (colon), 6 +
\ (continuation character), 85 +
. (dot), 128, 134 +
# (hash mark), 85 +
% (percent sign), 86 +
. (period), 128 +
? (question mark), 135 +
; (semicolon), 85 +
/ (slash character), 129, 134-135 +
/ (slash) in shares, 116 +
_ (underscore) 116 +
* wildcard, 177 + +

A[ Top ] +
access-control options (shares), 160-162 +
accessing Samba server, 61 +
accounts, 51-53 +
active connections, option for, 244 +
addresses, networking option for, 106 +
addtosmbpass executable, 176 +
admin users option, 161 +
AFS files, support for, 35 +
aliases +
      multiple, 29 +
      for NetBIOS names, 107 +
alid users option, 161 +
announce as option, 123 +
announce version option, 123 +
API (application programming interface), 9 +
archive files, 137 +
authentication, 19, 164-171 +
      mechanisms for, 35 +
      NT domain, 170 +
      share-level option for, 192 +
auto services option, 124 +
automounter, support for, 35 +
awk script, 176 +

B[ Top ] +
backup browsers +
      local master browser, 22 +
      per local master browser, 23 +
      maximum number per workgroup, 22 +
backup domain controllers (BDCs), 20 +
backups, with smbtar program, 245-248 +
backwards compatibility +
      elections and, 23 +
      for filenames, 143 +
      Windows domains and, 20 +
base directory, 40 +
.BAT scripts, 192 +
BDCs (backup domain controllers), 20 +
binary vs. source files, 32 +
bind interfaces only option, 106 +
bindings, 71 +
Bindings tab, 60 +
blocking locks option, 152 +
b-node, 13 +
boolean type, 90 +
bottlenecks, 320-328 +
      reducing, 321-326 +
      types of, 320 +
broadcast addresses, troubleshooting, 289 +
broadcast registration, 13 +
broadcast resolution, 13, 59 +
broadcasting +
      troubleshooting with tcpdump utility, 255 +
      (see also browsing; name resolution) +
browse lists, 21, 116 +
      options for, 124, 127 +
      propagation, 24 +
      restricting shares from, 115 +
browsing, 21-23, 114-127 +
      client-side, testing with net view, 280 +
      configuration options for, 122-127 +
      elections, 23, 116-119 +
      machines, list of, 21 +
      options for, list of, 122 +
      preventing, 115 +
      resources of a specific machine, 21-23 +
      server from client, 281 +
      troubleshooting, 275-282 +
            with smbclient, 276-278 +
bug avoidance options, 240-245 +
      list of, 240-241 +

C[ Top ] +
cache size, new option for (Samba version 2.0), 239 +
cache time (printers), option for, 220 +
capitalization, 84 +
Carnegie Mellon University, 35 +
carriage-returns for scripts, 193 +
case sensitivity +
      hostnames and, 5 +
      options for, 146 +
      usernames and, 163 +
CD-ROM with this book +
      Samba distribution, 28, 32 +
      testing tools, 28 +
certificate authority, 300-303 +
change notification, new option for (Samba version 2.0), 239 +
change notify timeout option, 239 +
Change Windows Password dialog box, 52 +
changes at runtime, 85 +
chat characters for passwords, 178 +
CIFS (Common Internet File System), 3 +
      (see also SMB/CIFS protocol) +
client code page option, 234 +
client users (see users) +
client variables, 86 +
clients, testing with nmblookup program, 279 +
.CMD scripts, 192 +
code pages, 234 +
      multiple, 30 +
coding system option, 235 +
command string, SMB, 75 +
commands for Samba, 366-377 +
commas in values, 84 +
comment option, 99 +
comments in smb.conf (Samba configuration) file, 85 +
compatibility, Samba with Windows NT, 30 +
compilers, 33 +
compiling Samba, 38-41 +
      in version 2.0, 29 +
config file option, 91 +
configuration files +
      for individual clients, 253 +
      machine-specific, 87 +
      sample of, 379-383 +
      smb.conf (Samba configuration) file (see smb.conf file) +
configuration options +
      browsing, 122-127 +
      disk share, 97-100 +
      format of, 83 +
      list of, 329-356 +
      server, 94-96 +
configuring disk shares, 96-100 +
configuring DNS (Windows NT), 68 +
configuring Samba, 34-38 +
      configuration file +
            creating, 41-45 +
            testing, 45 +
            (see also smb.conf (Samba configuration) file) +
      configure script +
            GNU, 34 +
            sample execution, 38 +
      options, 34-37 +
      performance tuning, 312-328 +
            benchmark for, 312, 314 +
            other options for, 319-328 +
      server, 93-96 +
      with SSL, 295-311 +
            requirements for, 296 +
configuring TCP/IP networking protocol, 55, 66-71 +
configuring Windows clients, 50-81 +
      Windows 95/98 computers, 50-63 +
      Windows NT 4.0 computers, 63-73 +
            basic configuration, 63-67 +
configuring WINS address, 70 +
connected systems, status of, 9 +
connections +
      active, option for, 244 +
      current, list of, 370 +
      resources, connecting to, 81 +
      scripts for, 198 +
      SMB, 77 +
      testing, 259-263 +
      virtual, 78 +
copy option, 92 +
creation masks, 138 +
      option for, 140 +
cryptography, private key, 35 +
CVS (Concurrent Versions Systems), 378 +
Cyclic Software, 378 +

D[ Top ] +
daemons, 82, 359-362 +
      killing, 48 +
      messages generated by, reading, 8 +
      stand-alone, 47 +
      starting, 46-48 +
      status report, 8 +
      testing, 49 +
            with testparm, 266 +
      troubleshooting, 264-268 +
      Unix, 2 +
      viewing, 8 +
      (see also smbd daemon; nmbd daemon) +
data transfer protocol, 6 +
datagram service, 10, 16-18 +
deadtime option, 241 +
debug files, 49 +
debug level option, 251, 314 +
debug timestamp option, 112 +
default case option, 146 +
default services, 115 +
      option for, 124 +
defending hostnames, 12 +
delays, troubleshooting, 287 +
delete, 142 +
delete readonly option, 139, 142 +
delete veto files option, 135 +
dfree command option, 241 +
DFS, support for, 35 +
DHCP (Dynamic Host Configuration Protocol), 57, 67 +
dialup connection, 53 +
Digital Pathworks clients, option for, 244 +
directories +
      barring users from viewing contents, 130, 133 +
      installation, 40 +
      permissions, options for, 140 +
      for Samba startup file, 363 +
      target, 40 +
      working, option for, 134 +
directory mask option, 138, 141 +
disabling/enabling features, 34 +
discussion archives for Samba, 293 +
disk quotas, support for, 37 +
disk shares, 4-7, 49, 82-113 +
      advanced, 114-154 +
      configuring, 96-100 +
      creating, 96 +
      maximum size of, option for, 242 +
      path option, 98 +
disk sync, options for, 245 +
DMB (domain master browser), 119-122 +
      option for, 126 +
      resource type, 24 +
DNS Configuration tab, 57 +
DNS (Domain Name System), 57 +
      configuring, 68 +
      as fallback for WINS address, 71 +
      names +
            NetBIOS names and, 14 +
            resource types and, 15 +
      option for, 228 +
      resources for further information, 293 +
      tab, 68 +
dns proxy option, 228 +
docs directory, 34 +
      test utilities, 254 +
documentation for Samba, 291 +
      importance of reading, 34 +
domain controllers, 20, 169 +
      for Windows 95/98, 18-20 +
domain group map option, 191 +
domain logons, 28, 184 +
      configuring Windows 95/98 for, 188 +
      configuring Windows NT 4.0 for, 189 +
      scripts for, 192-200 +
domain logons option, 190 +
domain master browser (see DMB) +
domain master option, 126 +
Domain Name System (see DNS) +
domain user map option, 191 +
domain-level security, 164, 169-171 +
domains, 18-20 +
      adding Samba server to Windows NT domain, 171 +
      behavior vs. Windows workgroups, 20 +
      controllers (see domain controllers) +
      logons (see domain logons) +
      new option for password timeout (Samba version 2.0), 239 +
      roles in assumed by Samba, 26 +
      Windows, 18, 28, 184-192 +
            authentication, 170 +
            caution when selecting, 190 +
            support for, 28 +
dont descend option, 133 +
DOS file permissions and attributes, 135-143 +
DOS-formatted carriage returns, 193 +
downloads +
      Samba, 32 +
            obtained using CVS, 378 +
      tcpdump utility, 78, 257 +
drive letters, mapping, 5 +
dynamically linked libraries, 33 +

E[ Top ] +
elections, 23 +
      operating system values in, 117 +
      order of decisions in, 118 +
      role settings in, 117 +
      WINS servers and, 26 +
enabling/disabling features, 34 +
encrypt passwords option, 181 +
encrypted passwords, 172 +
      Microsoft format, 183 +
      option for, 181 +
      vs. plaintext passwords, 173 +
Entire Network icon, 4 +
enumerated lists, 91 +
errors +
      searching for, 38 +
      syntax, 45 +
/etc/hosts file, 57, 60 +
/etc/inetd.conf configuration files, 48 +
      adding SWAT tool to, 41 +
/etc/resolv.conf file, 57 +
/etc/services configuration file, adding SWAT tool to, 41, 48 +
Ethernet adaptor cards, 53, 70 +
      linking to TCP/IP networking protocol, 55 +
execute permissions, 47 +
/export/samba/test directory, 42 +

F[ Top ] +
fake directory create times option, 232 +
fake oplocks option, 153 +
FAQ, Samba, 291 +
fast locking, 36 +
fatal error, option for, 244 +
fault tree, 257-291 +
      how to use, 257 +
"File and Printer Sharing for Microsoft Networks", 53, 60, 246 +
file creation masks, 138 +
filenames +
      8.3 format, 143 +
      limitations on, 143 +
      representing/resolving, 145 +
      Unix, option for, 245 +
files +
      archive, 137 +
      attributes, 135-143 +
      deleting, option for, 129 +
      hidden, 128, 136 +
            options for, 134 +
      open, option for maximum number of, 243 +
      permissions, 135-143 +
            options for, 140 +
      read-only, 136 +
            deleting, 139, 142 +
      system, 136 +
      in use, status of, 9 +
      veto, 129-131 +
            option for deleting, 135 +
filesystems +
      differences between, 127-131 +
      links and, 130 +
      options for, 132-135 +
      reporting on by Samba, option for, 242 +
      (see also files) +
fixed user configuration, 196 +
flat namespaces, 14, 25 +
follow symlinks option, 133 +
force create mode option, 141 +
force directory mode option, 141 +
force group option, 139, 141 +
force user option, 139, 141 +
foreign-language characters, 234-236 +
free space on disk, option for, 241 +
fstype option, 242 +
FTP (File Transfer Protocol), 6 +
      sites for Samba downloads, 32 +

G[ Top ] +
gateway field, 68 +
getwd cache option, 134, 320 +
global options, 90 +
[globals] section, 88 +
GNU autoconf, 29 +
GNU configure script, 34 +
GNU General Public License (GPL), 3, 378 +
groups, 155-158 +
      administrative privileges for, 159 +
      names and types of, 15 +
guest, 162 +
guest access, 159-162 +
guest account option, 162 +
guest ok option, 98 +
guest only option, 162 +

H[ Top ] +
hangup (HUP) signal, 48 +
header, SMB, 74 +
Hexidecimal byte value +
      for NetBIOS group resource types, 16 +
      for NetBIOS unique resource types, 15 +
hidden files, 128, 136 +
      options for, 134, 142, 319 +
h-node, 13 +
home directory, user's, 36, 155 +
      logon script option for location of, 198 +
homedir map option, 200 +
[homes] share, 89, 157 +
hort preserve case option, 147 +
hostnames +
      case sensitivity and, 5 +
      troubleshooting +
            long/short, 286 +
            lookup, 284 +
hosts +
      files (Windows 95/98), 59 +
      files (Windows NT computers), 71 +
      networking option for connections, 101, 103, 105 +
      subnets and, caution with, 102 +
hosts allow option, 103 +
hosts deny option, 105 +
hosts equiv option, 184 +
how-tos, fault tree, 257-291 +
http, 6 +
HUP (hangup) signal, 48 +

I[ Top ] +
Identification Changes dialog box (Windows NT), 63 +
Identification tab, 60 +
implementations, Microsoft, 18-27 +
include option, 92 +
inetd daemon, starting other daemons from, 48 +
installing Samba, 31-49 +
      common problems, 34 +
      installation directories, 40 +
      steps in, 31 +
            final, 41 +
      time required, 31 +
installing TCP/IP protocol, 65 +
installing Workstation service, 65 +
interfaces, networking options for, 102 +
interfaces option, 105 +
internationalization, 234-236 +
invalid users option, 161 +
IP address, 288-290 +
      setting for Windows NT computers, 67 +
IP Address tab +
      Windows 95/98, 57 +
      Windows NT, 67 +
IP packet size, tuning, 316 +

J[ Top ] +
Jacobson, Van, 255 +

K[ Top ] +
keep-alive packets, option for, 242 +
Kerberos, support for, 35 +
kernel oplocks option, 153 +

L[ Top ] +
languages, non-European, 30 +
LDAP (Lightweight Directory Access Protocol) +
      replacement for password synchronization, 179 +
      support for, 36 +
ldd tool, 33 +
legal agreements covering multi-user functionality, 6 +
Leres, Craig, 255 +
Lightweight Directory Access Protocol (see LDAP) +
line continuation, 85 +
links, 130 +
      option for, 133 +
Linux +
      installing Samba on Linux system, 31 +
      submount and, 36 +
lm announce option, 125 +
lm interval option, 125 +
LMHOSTS file, 224 +
load printers option, 222 +
local group map option, 192 +
local master browser, 21, 116-122 +
      checking machines for, 118 +
      option for, 125 +
local master option, 125 +
local profiles, 194 +
localhost +
      address, 69 +
      troubleshooting, 288 +
localization, 234-236 +
lock directory option, 154 +
locking option, 152 +
locks/locking files, 9, 149-154 +
      messaging option for, 237 +
      opportunistic locking, 29 +
            tuning of, 316 +
            (see also oplocks) +
      options for, 151-154 +
      Unix and, 150 +
log files/logging +
      activating/deactivating, 253 +
      checking, 108-113 +
      configuration options, 108-113 +
      in for the first time (Samba), 52 +
      levels of +
            setting, 251-253 +
            tuning, 314 +
      options for, 199 +
      troubleshooting, 282 +
      troubleshooting from, 251-254 +
log level option, 112, 251, 314 +
login dialog box, domain logons +
      Windows 95/98, 188 +
      Windows NT, 190 +
login parameters, setting, 79 +
logon drive option, 197 +
logon home option, 198 +
logon path option, 197 +
logon script option, 197 +
logon scripts, 192-200 +
      options for, 196-198 +
logons (see domain logons) +
lppause command option, 221 +
lpq cache time option, 220, 319 +
lpq command option, 221 +
lpresume command option, 221 +
lprm command option, 221 +

M[ Top ] +
machine name, types, 15 +
machine password timeout option, 239 +
magic output option, 233 +
magic script option, 233 +
magic scripts, 233 +
mailing lists +
      posting to, 39 +
      for Samba, 292 +
main tree, 40 +
makefiles, 33-34 +
mandatory profiles, 196 +
mangle case option, 148 +
mangled map option, 148 +
mangled names option, 147 +
mangled stack option, 148 +
mangling char option, 148 +
map archive option, 142 +
map hidden option, 142 +
Map Network Drive option, 5, 62 +
map system option, 142 +
mapping +
      files, options for location of, 191 +
      network drives, 5 +
masks +
      creation, 138 +
      netmasks, 57 +
      subnet, 57, 67 +
      umasks, 138 +
master browsers (see local master browser; DMB; preferred master browser) +
max connections option, 161 +
max disk size option, 242 +
max log size option, 112 +
max mux option, 243 +
max open files option, 243 +
max ttl option, 229 +
max wins ttl option, 229 +
max xmit option, 243, 317 +
Maximum Transport Unit (MTU), 316 +
McCanne, Steven, 255 +
measurement forms, 326 +
memory, status of, 9 +
message command option, 238 +
messages +
      from daemons, reading, 8 +
      WinPopup, 237 +
Microsoft, 3 +
      encryption, 30 +
      implementations, 18-27 +
Microsoft Networking Client, 65 +
min print space option, 223 +
min wins ttl option, 229 +
mirror sites for Samba distribution, 28 +
MIT, 35 +
mmap code, 36 +
m-node, 13 +
modem, linking to TCP/IP networking protocol, 55 +
MTU (Maximum Transport Unit), 316 +
multiple code pages, 30 +
multiple subnets, 120 +
multi-user functionality, legal agreements and, 6 +
My Computer (Windows 95/98), 51 +

N[ Top ] +
name mangling, 143-149 +
      options for, 145-149 +
      steps in, 143 +
name registration, 10 +
name resolution, 11, 60, 224-229 +
      options for, 227-229 +
name resolve order option, 229 +
name services, 10 +
      identifying what is in use, 283 +
      nmblookup program, 372 +
      testing, 258 +
      troubleshooting, 282-288 +
naming +
      machine name, types, 15 +
      machines on NetBIOS network, 10-13 +
      NT computers, 63 +
            caution with, 64 +
      TCP/IP networking protocol, setting machine name for, 60 +
NBNS (see NetBIOS, name server) +
NBT standard, 10 +
NBTSTAT utility, 15 +
Netatalk (Macintosh), support for interoperating with, 37 +
NetBEUI (NetBIOS Extended User Interface), 10, 53 +
      Windows NT computers and, 65 +
netbios aliases option, 107 +
NetBIOS name, 14-16 +
      option for aliases, 107 +
      setting +
            Windows 95/98, 61 +
            Windows NT, 63 +
      troubleshooting, 290 +
netbios name option, 95 +
NetBIOS (Network Basic Input/Output System), 9 +
      compared with TCP/IP, 10 +
      Extended User Interface (see NetBEUI) +
      multiple servers (see virtual servers) +
      name (see NetBIOS name) +
      name server (NBNS), 11, 25, 58 +
      network, naming machines on, 10-13 +
      over TCP/IP, 10 +
      Unique Resource Types, 15 +
netmasks, 57, 67 +
      troubleshooting, 288 +
network addresses +
      finding, 290 +
      troubleshooting, 288-290 +
Network Basic Input/Output System (see NetBIOS) +
network configuration commands, 192 +
Network dialog box (Windows NT), 63 +
network drives, mapping, 5 +
Network File System +
      resources for further information, 293 +
Network File System (NFS), 30 +
Network icon +
      Windows 95/98, 53 +
      Windows NT, 63 +
network masks (see netmasks) +
Network Neighborhood icon, 61, 93 +
      viewing Samba server, 72 +
Network Neighborhood window, 21-22 +
      mapping network drives via, 5 +
networking +
      hardware for, testing, 259 +
      network address ranges, 289 +
      nmblookup program, testing with, 279 +
      options, 101-106 +
            list of, 103 +
            magic script, 233 +
      printing on a network, steps in, 201 +
      setting up, 53-60 +
newsgroups for Samba, 291 +
NFS (Network File System), 30 +
      resources for further information, 293 +
nis homedir option, 200 +
NIS/NIS+ protocol, 36, 169 +
      how Samba works with, 199 +
      resources for further information, 293 +
nmbd daemon, 2, 29, 82, 85, 361-362 +
      browsing options for, 125 +
      killing, 48 +
      starting, 46 +
nmblookup program, 372 +
      networks, testing with, 279 +
node types, 13 +
non-encrypted passwords, 172 +
non-European languages, 30 +
Novell Networking, 53 +
nt pipe support option, 243 +
nt smb support option, 243 +
null passwords, 183 +
null TID, 74 +
numerical type, 90 +

O[ Top ] +
.old files, 39 +
ole locking compatibility option, 244 +
Open Source Software (OSS), 3 +
operating systems +
      encrypted/non-encrypted passwords, 172 +
      miscellaneous options for, 240 +
      values in elections, 117 +
oplock files option, 316 +
oplocks, 149-154 +
      break requests, 149 +
      messaging option for, 237 +
      options for, 151-154 +
oplocks option, 153 +
opportunistic locking, 29 +
      tuning, 316 +
      (see also oplocks) +
option names, 84 +
os filetime resolution option, 232 +
os level option, 126 +
OS/2, support for share-level security, 165 +
OSF/1 (Digital Unix), 35 +

P[ Top ] +
packets +
      headers for, tcpdump utility and, 376 +
      maximum size of, option for, 243 +
PAM (pluggable authentication modules), 179 +
      support for, 36 +
panic action option, 244 +
passwd chat debug option, 182 +
passwd chat option, 182 +
passwd program option, 182 +
password file, security and, 53 +
password level option, 182 +
Password settings (Windows 95/98), 51 +
passwords, 171-184 +
      chat characters for, 178 +
      encrypted +
            changing, 176 +
            disabling on Windows computers, 173 +
            vs. non-encrypted, 172, 173 +
      null, 183 +
      options for, 180-184 +
            share-level, 192 +
      passwd program, 182 +
      smbpasswd program, 374 +
      stored by Samba, 172 +
      synchronizing, 176-179 +
      user-level security and, 168 +
      Windows 95/98, 51-53 +
            changing, 52 +
pathnames +
      option for, 98 +
      printer configuration and, 207 +
paths, architecture-specific, 86 +
pdate encrypted option, 183 +
PDC (primary domain controller), 20 +
      domain master browser and, 119 +
      domain option for, 190 +
      domain-level security and, 164 +
PDC (continued) +
      Samba 2.1 and, 186 +
      Samba, setting up as, 184 +
      sever-level security and, 168 +
      trust accounts and, 186 +
performance, 29 +
performance tuning, 312-328 +
      benchmark for, 312, 314 +
      other options for, 319-328 +
      recommended enhancements, 320 +
permissions, 207 +
      options for, 140-143 +
      for printing, 207 +
plaintext passwords, 173 +
pluggable authentication modules (PAM), 36, 179 +
p-node, 13 +
point-to-point communication, 13 +
point-to-point registration/resolution, 13 +
port not telnet option, 257 +
postexec option, 199 +
postscript option, 221 +
preexec option, 199 +
preferred master browser, 119 +
preferred master option, 126 +
preserve case option, 147 +
preventing browsing, 115 +
primary domain controller (see PDC) +
primary WINS server, 26 +
print command option, 221 +
print queue, options for, 223 +
print shares, 7-9, 89-90, 204-205 +
      created by Samba, 205 +
      options for, 222 +
      path option, 98 +
      setting up on Windows client, 7 +
printable option, 219 +
printcap name option, 223 +
printer capabilities file, 89 +
printer driver file option, 219 +
printer driver location option, 220 +
printer driver option, 219 +
printer option, 219 +
PRINTER$ share, creating, 212 +
printers +
      BSD, 215 +
      names +
            caution with, 205 +
            checking, 375 +
      option for, 219-221 +
      sharing (see print shares) +
      System V, 216 +
printing, 201-224 +
      commands, 202 +
            default commands for, 221 +
      configuration, minimal, 203-205 +
      configuration options, 203-207 +
      drivers for, setting up, 210-213 +
      on a network, steps in, 201 +
      options for, 217-224 +
      pathnames used in commands for, 207 +
      permissions for, 207 +
      print jobs, 204 +
            spooling with smbprint tool, 213 +
      printer definition file, 211 +
      resources for information on debugging, 208 +
      through Samba, 201-213 +
      test for, 206 +
      types, 218 +
      variables for, 203 +
      Windows client printers +
            printing to, 213-224 +
            setting up and testing, 208 +
printing configuration option, 218 +
private directory (Samba distribution), 172 +
private key cryptography, 35 +
privileges, option for, 199 +
processes (see daemons) +
profiles, 194 +
      creating, 53 +
      local, 194 +
      mandatory, 196 +
      roaming, 194-196 +
            option for location of, 197 +
programmers, support for, 230-233 +
propagation, browse list, 24 +
Properties button (Windows 95/98), 55 +
protocols +
      routed through a hardware device, 53 +
      variant, negotiating, 78 +
Protocols tab, 65-66 +

Q[ Top ] +
queuepause command option, 223 +
queueresume command option, 223 +
quotation marks in values, 84 +

R[ Top ] +
rc.local file, 47 +
read list option, 161 +
read only option, 100 +
read prediction, testing, 318 +
read raw, tuning, 315 +
read size, tuning, 318 +
reading documentation, importance of, 34 +
read-only files, 136 +
      deleting, 139, 142 +
read-only partitions, 40 +
read-only/read-write access, 159 +
remote announce option, 127 +
remote browse sync option, 127 +
remote procedure call (RPC), 376 +
representing/resolving filenames, 145 +
resource names, 14 +
resource types, 14 +
      for primary domain controller vs. domain master browser, 24 +
resources, connecting to, 81 +
resources for further information, 291-293 +
      group attributes, 16 +
      NFS (Network File System), 293 +
      printers, debugging, 208 +
      Samba, 32 +
      Solaris servers, 321 +
      Windows network configuration commands, 192 +
revalidation of users, 192 +
roaming profiles, 194-196 +
      option for location of, 197 +
role settings in elections, 117 +
root postexec option, 199 +
root preexec option, 198 +
root user, 37, 199 +
      access, 159 +
routers, TCP/IP configuring and, 68 +
RPC (remote procedure call), 376 +
rpcclient program, 376 +

S[ Top ] +
SAM (security account manager), 19, 169 +
Samba, 1-9 +
      compatibility with Windows NT, 30 +
      compiling (see compiling Samba) +
      configuring (see configuring Samba) +
      daemons (see daemons) +
      distribution, xi, 28, 32 +
      documentation, importance of reading, 34 +
      downloading, 32-34 +
            with CVS, 378 +
      features/uses, x +
      installing (see installing Samba) +
      logging in for the first time, 52 +
      Microsoft encryption and, 30 +
      new features file, 34 +
      origin of name, 2 +
      performance tuning, 312-328 +
            benchmark for, 312, 314 +
            other options for, 319-328 +
      reasons for using, 3 +
      resources for further information, 291-293 +
      roles in Windows domains/workgroups, 26 +
      startup file, 363 +
      test utilities, 254-257 +
      version 2.0, 20, 28 +
            character sets, 235 +
            code pages for, 234 +
            coding system parameters, 235 +
            new options, 238 +
      version 2.0.5, xi, 28 +
      version 2.1, 20 +
            PDC functionality and, 186 +
      web site, 32, 291 +
      WINS server and, 225 +
Samba server +
      accessing, 61 +
      connecting to, 71 +
      resources offered, 72 +
      sizing, 320-328 +
      viewing via Network Neighborhood icon, 72 +
Samba Web Administration Tool (see SWAT tool) +
scripts +
      connection, 198 +
      logon, 192-200 +
      magic, 233 +
      for Samba startup file, 363 +
secondary WINS server, 26 +
sections of smb.conf (Samba configuration) file, 83 +
Secure Sockets Layer protocol (see SSL) +
security, 35, 164-171 +
      domain-level, 169-171 +
      levels of, 164 +
security (continued) +
      options for, 164 +
      restricting access to shares, 158-163 +
      server-level, 168 +
      share-level, 164-167 +
            options for, 167 +
      user-level, 167 +
security account manager (SAM), 19, 169 +
Select Network Protocol dialog box, 65 +
server configuration options, 94-96 +
Server Message Block (see SMB) +
server string parameter, 95 +
server-level security, 168 +
servers +
      active, list of, 116 +
      testing with nmblookup program, 278 +
      virtual, 106-108 +
            options for, 107 +
service bindings, 71 +
services, 83 +
      list of enabled on machine, 45 +
      performed by Samba, 2 +
      testing low-level, 257-263 +
      Workstation, 65 +
      (see also shares) +
Services tab, 65 +
session layer, connection at, 78 +
session parameters, setting, 79 +
session service, 10, 16-18 +
set directory option, 244 +
share modes, 151 +
share options, 90 +
shared directory/resources (see shares) +
shared resources (see shares) +
share-level security, 164-167 +
      options for, 167 +
      printing and guest accounts, 204 +
      steps in taken by Samba, 165 +
shares, 30, 83 +
      access to +
            controlling, 158-163 +
            creating for groups, 157 +
            by foreign hosts, option for, 184 +
      contents, restricting view of, 115 +
      default, 115 +
      file, path option for, 98 +
      [globals] section, 88 +
      option for identifying users allowed access to, 168 +
      viewing (see browsing) +
sharing +
      disks (see disk shares) +
      printers (see print shares) +
Sharpe, Richard, 74 +
SIGHUP signal, 85 +
sizing Samba servers, 320-328 +
smb passwd file option, 183 +
SMB (Server Message Block), 2, 74-81 +
      command string, 75 +
      commercial products for, 77 +
      deny-mode locks, 151 +
      format of, 74 +
      header, 75 +
      magic scripts, 233 +
      making a simple connection, 77 +
      maximum number of operations, option for, 243 +
      networks, 4 +
            usernames and, 162 +
      option for NT-specific options, 243 +
      password server, 168 +
      resources for further information, 74 +
      seamless operation across networks, 30 +
      troubleshooting connections, 268-275 +
            testing locally, 268 +
            testing with NET USE, 271-274 +
            testing with smbclient, 270 +
            testing with Windows Explorer, 274-275 +
      wrapper support, 34 +
SMB/CIFS protocol, 3 +
      filesystems, 34 +
      network and, 9-18 +
smbclient program, 49, 364-370 +
smb.conf (Samba configuration) file, 8, 41, 63, 82-93 +
      configuring printers, 203 +
      creating, 93 +
            for each client, 253 +
      example of, 82 +
      modifying for printer drivers, 212 +
      options for, 90-93 +
            format of, 83 +
            supporting programmers, 230-232 +
      special sections of, 88-91 +
      structure of, 83-86 +
      testparm program for, 375 +
      variables for, 86-88 +
smbd daemon, 2, 82, 359-360 +
      file, 47 +
      killing, 48 +
      starting, 46 +
smbd server, checking with telnet, 266 +
smbmount, support for, 36 +
smbpasswd file, 172, 174-176 +
      adding entries to, 175 +
      caution with, 173-174 +
      option for location of, 183 +
smbpasswd program, 171, 374 +
      changing passwords with, 176 +
smbprint tool, spooling print jobs, 213 +
smbrun option, 244 +
smbsh program, 364 +
smbstatus program, 8, 370 +
smbtar program, 245-248 +
      tar operations and, 371 +
smbwrapper client, 30 +
smbwrapper package, 35 +
socket address option, 106 +
socket options configuration options, 314 +
software distribution (see Samba, distribution) +
source vs. binary files, 32 +
spaces in values, 84 +
special sections, smb.conf (Samba configuration) file, 88-91 +
spelling, caution with, 61 +
spool space, options for, 223 +
square brackets, 83 +
ssl CA certDir option, 308 +
ssl CA certFile option, 308 +
ssl ciphers option, 310 +
ssl client cert option, 309 +
ssl client key option, 309 +
ssl compatibility option, 311 +
ssl hosts option, 307 +
ssl hosts resign option, 307 +
ssl option, 307 +
ssl require clientcert option, 309 +
ssl require servercert option, 310 +
SSL (Secure Sockets Layer) protocol, 30 +
      configuration options for, 306-311 +
      configuring Samba to use, 300 +
      configuring Samba with, 295-311 +
      SS Proxy, 296 +
            setting up, 304 +
      SSLeay, 296-304 +
      support for, 34, 36 +
ssl server cert option, 308 +
ssl server key option, 308 +
ssl version option, 310 +
stand-alone daemons, 47 +
stat cache option, 239 +
stat cache size option, 239 +
status option, 244 +
status report on Samba, 8 +
strict locking option, 152, 319 +
strict sync option, 245, 319 +
string types, 90 +
strip dot option, 245 +
subnets, 12 +
      hosts and, caution with, 102 +
      mask, 57, 67 +
      multiple spanned by Windows workgroups, 24 +
      Windows NT workstations and, 24 +
superuser (see root user) +
SWAT tool, 29 +
      adding to configuration files, 41 +
      creating configuration file with, 42 +
sync always option, 245, 319 +
synchronizing +
      passwords, 176-179 +
      time, options for, 231 +
syntax errors, 45 +
syslog only option, 113 +
syslog option, 113 +
SYSLOG utility, 110 +
      support for, 36 +
system administrator, WINS server and, 26 +
system files, 136 +
System V Unix, 47 +
      printer configuration for, 203 +

T[ Top ] +
tar operations, 371 +
tcpdump utility, 78, 255-257, 376 +
      passwords, reading, 172 +
TCP/IP networking protocol, 9 +
      adding/configuring, 54 +
      checking setup, 53 +
      compared with NetBIOS, 10 +
      configuring, 66-71 +
      installing, 65 +
      NetBIOS over, 10 +
      receive window, tuning, 317 +
      resources for further information, 293 +
      TCP, troubleshooting, 263 +
TCP/IP Properties panel (Windows 95/98), 55 +
test parser, 45 +
test share, 42 +
testing +
      configuration file, 45 +
      daemons, 49 +
      Samba, 41-46 +
      smbclient program, 364-370 +
      test utilities for Samba, 254-257 +
      tools for (CD-ROM with this book), 28 +
testparm program, 375 +
testparm test parser, 45 +
testprns program, 375 +
TID (tree identifier), 74, 78, 80 +
time server option, 231 +
time synchronization, options for, 231 +
time to live (TTL), options for, 229 +
timestamp logs option, 112 +
trace utility, 254 +
trailing dot, option for, 245 +
tree identifier (TID), 74, 78, 80 +
Tridgell, Andrew, 2, 255 +
troubleshooting, 250-291 +
      information to have on hand, 257 +
      network addresses, 288-290 +
      where to start, 250 +
trust accounts, creating, 186 +
TTL (time to live), options for, 229 +
tuning (see performance tuning) +

U[ Top ] +
umasks, 138 +
uniform resource locators (URLs), 6 +
Universal Naming Convention (UNC), 5 +
Unix +
      carriage returns, 193 +
      daemons, 2 +
      file permissions and attributes, 135-143 +
      filenames, option for, 245 +
      locks and, 150 +
      networks, usernames and, 162 +
      options +
            for messaging, 237 +
            miscellaneous, 240 +
            for print commands, 221 +
            for system logger, 113 +
      password files, 169 +
      permissions, share write access and, 159 +
      servers, backing up computers from, 246 +
      System V, 47 +
            printer configuration for, 203 +
            printing and, 29 +
      troubleshooting utilities, 254 +
      user classifications, 135 +
unix password sync option, 180 +
unix realname option, 133 +
URLs (uniform resource locators), 6 +
      distribution, 28 +
      Kerberos, 35 +
      Samba, 28, 32 +
            distribution, xi +
            web site, 291 +
      SMB (Server Message Block), 74 +
use rhosts option, 184 +
user profiles (Windows 95/98), 50 +
user variables, 86 +
user-level security, 164, 167 +
username level option, 163 +
username map option, 162 +
username option, 167 +
usernames +
      case sensitivity and, 163 +
      options for, 162-163 +
      SMB vs. Unix networks, 162 +
      Windows 95/98, 51-53 +
users, 155-158 +
      allowing superuser (root) access to, 159 +
      creating, 89 +
      domain, semi-automatic deletion, 171 +
      home directory, 36 +
            logon script option for location of, 198 +
      invalid, specifying, 158 +
      read-only/read-write access, 159 +
      setting up, 155 +
      share-level option for authentication of, 192 +
      shares for, setting up, 157 +
/usr/local/samba file, 40 +
/usr/local/samba/var/log.smb file, 49 +

V[ Top ] +
valid chars option, 236 +
variables, 86-88 +
veto files, 129-131 +
      option for deleting, 135 +
veto files option, 134 +
veto oplock files option, 154 +
viewing daemons, 8 +
virtual connection, 78 +
virtual hosts, 29 +
virtual servers, 106-108 +
      options for, 107 +
volume option, 100 +

W[ Top ] +
Whistle, 3 +
whitespaces in values, 84 +
wide links option, 134, 319 +
Windows 95/98 +
      domain controllers for, 18-20 +
      domain logons, configuring, 185 +
      domains, 184-192 +
      miscellaneous options for, 240 +
      multiple users, support for, 50 +
      passwords, encrypted, 172 +
      printer drivers, installing, 210 +
      share-level security, support for, 165 +
      WinPopup tool, 237 +
Windows clients +
      configuring, 50-81 +
            Windows NT 4.0 computers, 63-73 +
            Windows95/98 computers, 50-63 +
      individual configuration files for, 253 +
      printers for, setting up and testing, 208 +
      role settings in elections, 117 +
Windows Explorer, Map Network Drive option, 5 +
Windows Internet Name Service (see WINS) +
Windows NT +
      client/server and, 77 +
      configuring domain logons, 186 +
      domains, 18, 28, 184-192 +
            caution when selecting, 190 +
      IP address, setting, 67 +
      naming, caution with, 63 +
      passwords +
            encrypted, 172 +
            new option for timeout (Samba version 2.0), 239 +
      pipes, option for, 243 +
      server, domain master browser and, 119 +
      SMB, option for, 243 +
      user authentication and, 186 +
      WINS address and, 70 +
Windows NT Server 4.0, 65 +
Windows NT Server Manager for Domains tool, 171 +
Windows NT Workstation 4.0, 65 +
Windows UNC format, 62 +
Windows workgroups (see workgroups, Windows) +
WINDOWSHOSTS directory, 71 +
WinPopup tool, 237 +
WINS Address tab (Windows NT panel), 70 +
WINS Configuration tab, 58 +
wins proxy option, 228 +
wins server option, 228 +
wins support option, 228 +
WINS (Windows Internet Name Service), 2, 25, 58 +
      address, configuring, 70 +
      name resolution and, 224 +
      options for, 228 +
      server, 44 +
            configuring Windows domain logons and, 185 +
      servers, 25, 59 +
      Windows operating systems and, 26 +
      WINS server +
            primary/secondary, 26 +
WINS (Windows Internet Name Service) server +
      setting up Samba as, 226 +
      setting up Sambato use, 225 +
Wong, Brian, 321 +
workgroup parameter, 96 +
workgroups, 4 +
      roles in assumed by Samba, 26 +
      setting, 60 +
      Windows +
            behaviors vs. Windows domain, 20 +
            spanning multiple subnets, 24 +
working directory, option for, 134 +
Workstation service, installing, 65 +
wrapper support for SMB (Server Message Block), 34 +
write ahead, tuning, 318 +
write list option, 161 +
write privileges, 40 +
write raw, tuning, 315 +
write size, tuning, 317 +
writeable/write ok option, 100 +

Y[ Top ] + +

+
+ +

+

+

+Using Samba Table of Contents +

+

+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+
+ + diff --git a/docs/htmldocs/using_samba/licenseinfo.html b/docs/htmldocs/using_samba/licenseinfo.html new file mode 100644 index 00000000000..7e8962a8325 --- /dev/null +++ b/docs/htmldocs/using_samba/licenseinfo.html @@ -0,0 +1,181 @@ + + +License Info + + + + + + + + +
+ + +
+

Using Samba

+ +By Robert Eckstein, David Collier-Brown & Peter Kelly +
1st Edition October 1999 (est.) +
1-56592-449-5, Order Number: 4495 +
424 pages (est.), $34.95 (est.) + +
+
+ +

License Info

+

"Using Samba" may be freely reproduced and distributed in any +form, in any medium physical or electronic, in whole or in +part, provided that the terms of this license are adhered to +and that the reproduction includes this license or a reference +to it. For a complete reproduction of the book, the reference +should read: +

+ Copyright (c) 1999 by O'Reilly & Associates. This book, + Using Samba, first edition, was written by Robert Eckstein, + David Collier-Brown, and Peter Kelly, and published by + O'Reilly & Associates. This material may be distributed only + subject to the terms and conditions set forth in the + license, which is presently available at + + http://www.oreilly.com/catalog/samba/licenseinfo.html. +
+

+For an excerpt, the reference should read: +

+ Copyright (c) 1999 by O'Reilly & Associates. This material + was taken from the book Using Samba, first edition, written + by Robert Eckstein, David Collier-Brown, and Peter Kelly, + and published by O'Reilly & Associates. This material may be + distributed only subject to the terms and conditions set + forth in the license, which is presently available at + + http://www.oreilly.com/catalog/samba/licenseinfo.html. +
+

+Translations must contain similar references in the target +language. A sample model for a reference in a translation is +the following: +

+ Copyright (c) 1999 by [whoever owns the translation]. This + is a translation of Using Samba, first edition, written by + Robert Eckstein, David Collier-Brown, and Peter Kelly, and + published by O'Reilly & Associates. This material may be + distributed only subject to the terms and conditions set + forth in the license, which is presently available at + + http://www.oreilly.com/catalog/samba/licenseinfo.html. +
+

+Both commercial and noncommercial redistribution of material +from this book is permitted, but the following restrictions +apply. +

    +
  1. All copies of any version, including derivative works, must + display a prominent notice indicating the original authors + of the book and that it was originally developed by + O'Reilly & Associates. Any publication as a physical + (paper) book shall show the names of the authors and + O'Reilly & Associates on the outer surface. + +
  2. Any changes made must be shared as described below. + +
  3. No translation can be distributed publicly in print form + without approval from O'Reilly & Associates. Any + translation, by O'Reilly & Associates or another party, + falls under the same conditions as the original version. +
+

+MODIFIED VERSIONS. Distribution of any modified version must +include a prominent notice describing the modifications that +have been made, and must provide a URL or other sufficient +information concerning how to obtain the original work. +O'Reilly & Associates and the Samba Team are not responsible +for the accuracy of any modifications not incorporated into +their originally distributed version. The names of the +original authors, O'Reilly & Associates, or the Samba team may +not be used to assert or imply endorsement of the resulting +document unless permission is obtained in advance. Anyone who +distributes a version of the book with changes to text, +figures, or any other element must provide the changed version +in a standard source format to both O'Reilly and the Samba +team, and must provide them under the same terms as the +original book. +

+Mere aggregation of this work, or a portion of the work, with +other works or programs on the same media shall not cause this +license to apply to those other works. The aggregate work +shall contain this license and a notice specifying the +inclusion of this material. +

+The copyright will stay in O'Reilly's hands, unless O'Reilly stops +printing the book. However, the book will be maintained by +the Samba team. Any changes made by O'Reilly will be given to +the team, and vice versa. +

+TRANSLATIONS. In the case of translations, O'Reilly will +choose when to update and reprint printed versions. If +O'Reilly lets the translation go out of print for more than 6 +months, the copyright and all other rights go to the Samba +team. +

+SEVERABILITY. If any part of this license is found to be +unenforceable in any jurisdiction, the remaining portions of +the license remain in force. +

+NO WARRANTY. This work is licensed and provided "as is" +without warranty of any kind, express or implied, including, +but not limited to, the implied warranties of merchantability +and fitness for a particular purpose or a warranty of +non-infringement. +

+GOOD-PRACTICE RECOMMENDATIONS. In addition to the requirements +of this license, it is requested from and strongly recommended +of redistributors that: +

    +
  1. If you are distributing the work on hardcopy or CD-ROM, + you provide email notification to the authors of your + intent to redistribute at least thirty days before your + manuscript or media freeze, to give the authors time to + provide updated documents. This notification should + describe modifications, if any, made to the document. + +
  2. All substantive modifications (including deletions) should + be either clearly marked in the document or else described + in an attachment to the document. + +
  3. While it is not mandatory under this license, it is + considered good form to offer a free copy of any hardcopy + and CD-ROM expression of this work to its authors and the + original software developers. + +
  4. Translations should contain this license in the target + language. +
+ + + +
+
+ + +O'Reilly Home | + +O'Reilly Bookstores | + +How to Order | + +O'Reilly Contacts
 + +International | + +About O'Reilly | + +Affiliated Companies

+© 1999, O'Reilly & Associates, Inc. + +

+ + + diff --git a/docs/htmldocs/using_samba/this_edition.html b/docs/htmldocs/using_samba/this_edition.html new file mode 100644 index 00000000000..71522ac31e1 --- /dev/null +++ b/docs/htmldocs/using_samba/this_edition.html @@ -0,0 +1,48 @@ + + +This Edition + + + + + + + + +
+ + +
+

Using Samba

+ +By Robert Eckstein, David Collier-Brown & Peter Kelly +
1st Edition October 1999 (est.) +
1-56592-449-5, Order Number: 4495 +
424 pages (est.), $34.95 (est.) + +
+
+ +
+ Copyright (c) 1999 by O'Reilly & Associates. This book, + Using Samba, first edition, was written by Robert Eckstein, + David Collier-Brown, and Peter Kelly, and published by + O'Reilly & Associates. This material may be distributed only + subject to the terms and conditions set forth in the + license, which is presently available at + + http://www.oreilly.com/catalog/samba/licenseinfo.html. +
+ +
+ +
+This is a modified version of the O'Reilly first edition of
+Using Samba. Some of the modifications were made by Jay Ts - thanks Jay!
+
+
+ + + diff --git a/docs/htmldocs/wbinfo.1.html b/docs/htmldocs/wbinfo.1.html new file mode 100644 index 00000000000..4cc0ef423f5 --- /dev/null +++ b/docs/htmldocs/wbinfo.1.html @@ -0,0 +1,324 @@ +wbinfo

wbinfo

Name

wbinfo -- Query information from winbind daemon

Synopsis

wbinfo [-u] [-g] [-n name] [-s sid] [-U uid] [-G gid] [-S sid] [-Y sid] [-t] [-m] [-a user%password] [-p]

DESCRIPTION

This tool is part of the Samba suite.

The wbinfo program queries and returns information + created and used by the winbindd(8) daemon.

The winbindd(8) daemon must be configured + and running for the wbinfo program to be able + to return information.

OPTIONS

-u

This option will list all users available + in the Windows NT domain for which the winbindd(8) + daemon is operating in. Users in all trusted domains + will also be listed. Note that this operation does not assign + user ids to any users that have not already been seen by + winbindd(8).

-g

This option will list all groups available + in the Windows NT domain for which the winbindd(8) + daemon is operating in. Groups in all trusted domains + will also be listed. Note that this operation does not assign + group ids to any groups that have not already been seen by + winbindd(8).

-n name

The -n option + queries winbindd(8) for the SID + associated with the name specified. Domain names can be specified + before the user name by using the winbind separator character. + For example CWDOM1/Administrator refers to the Administrator + user in the domain CWDOM1. If no domain is specified then the + domain used is the one specified in the smb.conf + workgroup parameter.

-s sid

Use -s to resolve + a SID to a name. This is the inverse of the -n + option above. SIDs must be specified as ASCII strings + in the traditional Microsoft format. For example, + S-1-5-21-1455342024-3071081365-2475485837-500.

-U uid

Try to convert a UNIX user id to a Windows NT + SID. If the uid specified does not refer to one within + the winbind uid range then the operation will fail.

-G gid

Try to convert a UNIX group id to a Windows + NT SID. If the gid specified does not refer to one within + the winbind gid range then the operation will fail.

-S sid

Convert a SID to a UNIX user id. If the SID + does not correspond to a UNIX user mapped by winbindd(8) then the operation will fail.

-Y sid

Convert a SID to a UNIX group id. If the SID + does not correspond to a UNIX group mapped by winbindd(8) then the operation will fail.

-t

Verify that the workstation trust account + created when the Samba server is added to the Windows NT + domain is working.

-m

Produce a list of domains trusted by the + Windows NT server winbindd(8) contacts + when resolving names. This list does not include the Windows + NT domain the server is a Primary Domain Controller for. +

-a username%password

Attempt to authenticate a user via winbindd. + This checks both authenticaion methods and reports its results. +

-p

Attempt a simple 'ping' check that the winbindd + is indeed alive. +

EXIT STATUS

The wbinfo program returns 0 if the operation + succeeded, or 1 if the operation failed. If the winbindd(8) + daemon is not working wbinfo will always return + failure.

VERSION

This man page is correct for version 2.2 of + the Samba suite.

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

wbinfo and winbindd + were written by Tim Potter.

The conversion to DocBook for Samba 2.2 was done + by Gerald Carter

\ No newline at end of file diff --git a/docs/htmldocs/winbind.html b/docs/htmldocs/winbind.html new file mode 100644 index 00000000000..60638282227 --- /dev/null +++ b/docs/htmldocs/winbind.html @@ -0,0 +1,1312 @@ +Unified Logons between Windows NT and UNIX using Winbind

Abstract

Integration of UNIX and Microsoft Windows NT through + a unified logon has been considered a "holy grail" in heterogeneous + computing environments for a long time. We present + winbind, a component of the Samba suite + of programs as a solution to the unified logon problem. Winbind + uses a UNIX implementation + of Microsoft RPC calls, Pluggable Authentication Modules, and the Name + Service Switch to allow Windows NT domain users to appear and operate + as UNIX users on a UNIX machine. This paper describes the winbind + system, explaining the functionality it provides, how it is configured, + and how it works internally.

Introduction

It is well known that UNIX and Microsoft Windows NT have + different models for representing user and group information and + use different technologies for implementing them. This fact has + made it difficult to integrate the two systems in a satisfactory + manner.

One common solution in use today has been to create + identically named user accounts on both the UNIX and Windows systems + and use the Samba suite of programs to provide file and print services + between the two. This solution is far from perfect however, as + adding and deleting users on both sets of machines becomes a chore + and two sets of passwords are required both of which + can lead to synchronization problems between the UNIX and Windows + systems and confusion for users.

We divide the unified logon problem for UNIX machines into + three smaller problems:

  • Obtaining Windows NT user and group information +

  • Authenticating Windows NT users +

  • Password changing for Windows NT users +

Ideally, a prospective solution to the unified logon problem + would satisfy all the above components without duplication of + information on the UNIX machines and without creating additional + tasks for the system administrator when maintaining users and + groups on either system. The winbind system provides a simple + and elegant solution to all three components of the unified logon + problem.

What Winbind Provides

Winbind unifies UNIX and Windows NT account management by + allowing a UNIX box to become a full member of a NT domain. Once + this is done the UNIX box will see NT users and groups as if + they were native UNIX users and groups, allowing the NT domain + to be used in much the same manner that NIS+ is used within + UNIX-only environments.

The end result is that whenever any + program on the UNIX machine asks the operating system to lookup + a user or group name, the query will be resolved by asking the + NT domain controller for the specified domain to do the lookup. + Because Winbind hooks into the operating system at a low level + (via the NSS name resolution modules in the C library) this + redirection to the NT domain controller is completely + transparent.

Users on the UNIX machine can then use NT user and group + names as they would use "native" UNIX names. They can chown files + so that they are owned by NT domain users or even login to the + UNIX machine and run a UNIX X-Window session as a domain user.

The only obvious indication that Winbind is being used is + that user and group names take the form DOMAIN\user and + DOMAIN\group. This is necessary as it allows Winbind to determine + that redirection to a domain controller is wanted for a particular + lookup and which trusted domain is being referenced.

Additionally, Winbind provides an authentication service + that hooks into the Pluggable Authentication Modules (PAM) system + to provide authentication via a NT domain to any PAM enabled + applications. This capability solves the problem of synchronizing + passwords between systems since all passwords are stored in a single + location (on the domain controller).

Target Uses

Winbind is targeted at organizations that have an + existing NT based domain infrastructure into which they wish + to put UNIX workstations or servers. Winbind will allow these + organizations to deploy UNIX workstations without having to + maintain a separate account infrastructure. This greatly + simplifies the administrative overhead of deploying UNIX + workstations into a NT based organization.

Another interesting way in which we expect Winbind to + be used is as a central part of UNIX based appliances. Appliances + that provide file and print services to Microsoft based networks + will be able to use Winbind to provide seamless integration of + the appliance into the domain.

How Winbind Works

The winbind system is designed around a client/server + architecture. A long running winbindd daemon + listens on a UNIX domain socket waiting for requests + to arrive. These requests are generated by the NSS and PAM + clients and processed sequentially.

The technologies used to implement winbind are described + in detail below.

Microsoft Remote Procedure Calls

Over the last two years, efforts have been underway + by various Samba Team members to decode various aspects of + the Microsoft Remote Procedure Call (MSRPC) system. This + system is used for most network related operations between + Windows NT machines including remote management, user authentication + and print spooling. Although initially this work was done + to aid the implementation of Primary Domain Controller (PDC) + functionality in Samba, it has also yielded a body of code which + can be used for other purposes.

Winbind uses various MSRPC calls to enumerate domain users + and groups and to obtain detailed information about individual + users or groups. Other MSRPC calls can be used to authenticate + NT domain users and to change user passwords. By directly querying + a Windows PDC for user and group information, winbind maps the + NT account information onto UNIX user and group names.

Name Service Switch

The Name Service Switch, or NSS, is a feature that is + present in many UNIX operating systems. It allows system + information such as hostnames, mail aliases and user information + to be resolved from different sources. For example, a standalone + UNIX workstation may resolve system information from a series of + flat files stored on the local filesystem. A networked workstation + may first attempt to resolve system information from local files, + and then consult a NIS database for user information or a DNS server + for hostname information.

The NSS application programming interface allows winbind + to present itself as a source of system information when + resolving UNIX usernames and groups. Winbind uses this interface, + and information obtained from a Windows NT server using MSRPC + calls to provide a new source of account enumeration. Using standard + UNIX library calls, one can enumerate the users and groups on + a UNIX machine running winbind and see all users and groups in + a NT domain plus any trusted domain as though they were local + users and groups.

The primary control file for NSS is + /etc/nsswitch.conf. + When a UNIX application makes a request to do a lookup + the C library looks in /etc/nsswitch.conf + for a line which matches the service type being requested, for + example the "passwd" service type is used when user or group names + are looked up. This config line species which implementations + of that service should be tried and in what order. If the passwd + config line is:

passwd: files example

then the C library will first load a module called + /lib/libnss_files.so followed by + the module /lib/libnss_example.so. The + C library will dynamically load each of these modules in turn + and call resolver functions within the modules to try to resolve + the request. Once the request is resolved the C library returns the + result to the application.

This NSS interface provides a very easy way for Winbind + to hook into the operating system. All that needs to be done + is to put libnss_winbind.so in /lib/ + then add "winbind" into /etc/nsswitch.conf at + the appropriate place. The C library will then call Winbind to + resolve user and group names.

Pluggable Authentication Modules

Pluggable Authentication Modules, also known as PAM, + is a system for abstracting authentication and authorization + technologies. With a PAM module it is possible to specify different + authentication methods for different system applications without + having to recompile these applications. PAM is also useful + for implementing a particular policy for authorization. For example, + a system administrator may only allow console logins from users + stored in the local password file but only allow users resolved from + a NIS database to log in over the network.

Winbind uses the authentication management and password + management PAM interface to integrate Windows NT users into a + UNIX system. This allows Windows NT users to log in to a UNIX + machine and be authenticated against a suitable Primary Domain + Controller. These users can also change their passwords and have + this change take effect directly on the Primary Domain Controller. +

PAM is configured by providing control files in the directory + /etc/pam.d/ for each of the services that + require authentication. When an authentication request is made + by an application the PAM code in the C library looks up this + control file to determine what modules to load to do the + authentication check and in what order. This interface makes adding + a new authentication service for Winbind very easy, all that needs + to be done is that the pam_winbind.so module + is copied to /lib/security/ and the PAM + control files for relevant services are updated to allow + authentication via winbind. See the PAM documentation + for more details.

User and Group ID Allocation

When a user or group is created under Windows NT + is it allocated a numerical relative identifier (RID). This is + slightly different to UNIX which has a range of numbers that are + used to identify users, and the same range in which to identify + groups. It is winbind's job to convert RIDs to UNIX id numbers and + vice versa. When winbind is configured it is given part of the UNIX + user id space and a part of the UNIX group id space in which to + store Windows NT users and groups. If a Windows NT user is + resolved for the first time, it is allocated the next UNIX id from + the range. The same process applies for Windows NT groups. Over + time, winbind will have mapped all Windows NT users and groups + to UNIX user ids and group ids.

The results of this mapping are stored persistently in + an ID mapping database held in a tdb database). This ensures that + RIDs are mapped to UNIX IDs in a consistent way.

Result Caching

An active system can generate a lot of user and group + name lookups. To reduce the network cost of these lookups winbind + uses a caching scheme based on the SAM sequence number supplied + by NT domain controllers. User or group information returned + by a PDC is cached by winbind along with a sequence number also + returned by the PDC. This sequence number is incremented by + Windows NT whenever any user or group information is modified. If + a cached entry has expired, the sequence number is requested from + the PDC and compared against the sequence number of the cached entry. + If the sequence numbers do not match, then the cached information + is discarded and up to date information is requested directly + from the PDC.

Installation and Configuration

Many thanks to John Trostel jtrostel@snapserver.com +for providing the HOWTO for this section.

This HOWTO describes how to get winbind services up and running +to control access and authenticate users on your Linux box using +the winbind services which come with SAMBA 2.2.2.

Introduction

This HOWTO describes the procedures used to get winbind up and +running on my RedHat 7.1 system. Winbind is capable of providing access +and authentication control for Windows Domain users through an NT +or Win2K PDC for 'regular' services, such as telnet a nd ftp, as +well for SAMBA services.

This HOWTO has been written from a 'RedHat-centric' perspective, so if +you are using another distribution, you may have to modify the instructions +somewhat to fit the way your distribution works.

  • Why should I to this? +

    This allows the SAMBA administrator to rely on the + authentication mechanisms on the NT/Win2K PDC for the authentication + of domain members. NT/Win2K users no longer need to have separate + accounts on the SAMBA server. +

  • Who should be reading this document? +

    This HOWTO is designed for system administrators. If you are + implementing SAMBA on a file server and wish to (fairly easily) + integrate existing NT/Win2K users from your PDC onto the + SAMBA server, this HOWTO is for you. That said, I am no NT or PAM + expert, so you may find a better or easier way to accomplish + these tasks. +

Requirements

If you have a samba configuration file that you are currently +using... BACK IT UP! If your system already uses PAM, +back up the /etc/pam.d directory +contents! If you haven't already made a boot disk, +MAKE ONE NOW!

Messing with the pam configuration files can make it nearly impossible +to log in to yourmachine. That's why you want to be able to boot back +into your machine in single user mode and restore your +/etc/pam.d back to the original state they were in if +you get frustrated with the way things are going. ;-)

The latest version of SAMBA (version 2.2.2 as of this writing), now +includes a functioning winbindd daemon. Please refer to the +main SAMBA web page or, +better yet, your closest SAMBA mirror site for instructions on +downloading the source code.

To allow Domain users the ability to access SAMBA shares and +files, as well as potentially other services provided by your +SAMBA machine, PAM (pluggable authentication modules) must +be setup properly on your machine. In order to compile the +winbind modules, you should have at least the pam libraries resident +on your system. For recent RedHat systems (7.1, for instance), that +means pam-0.74-22. For best results, it is helpful to also +install the development packages in pam-devel-0.74-22.

Testing Things Out

Before starting, it is probably best to kill off all the SAMBA +related daemons running on your server. Kill off all smbd, +nmbd, and winbindd processes that may +be running. To use PAM, you will want to make sure that you have the +standard PAM package (for RedHat) which supplies the /etc/pam.d +directory structure, including the pam modules are used by pam-aware +services, several pam libraries, and the /usr/doc +and /usr/man entries for pam. Winbind built better +in SAMBA if the pam-devel package was also installed. This package includes +the header files needed to compile pam-aware applications. For instance, +my RedHat system has both pam-0.74-22 and +pam-devel-0.74-22 RPMs installed.

Configure and compile SAMBA

The configuration and compilation of SAMBA is pretty straightforward. +The first three steps may not be necessary depending upon +whether or not you have previously built the Samba binaries.

root# autoconf
+root# make clean
+root# rm config.cache
+root# ./configure --with-winbind
+root# make
+root# make install

This will, by default, install SAMBA in /usr/local/samba. +See the main SAMBA documentation if you want to install SAMBA somewhere else. +It will also build the winbindd executable and libraries.

Configure nsswitch.conf and the +winbind libraries

The libraries needed to run the winbindd daemon +through nsswitch need to be copied to their proper locations, so

root# cp ../samba/source/nsswitch/libnss_winbind.so /lib

I also found it necessary to make the following symbolic link:

root# ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2

Now, as root you need to edit /etc/nsswitch.conf to +allow user and group entries to be visible from the winbindd +daemon. My /etc/nsswitch.conf file look like +this after editing:

	passwd:     files winbind
+	shadow:     files 
+	group:      files winbind

+The libraries needed by the winbind daemon will be automatically +entered into the ldconfig cache the next time +your system reboots, but it +is faster (and you don't need to reboot) if you do it manually:

root# /sbin/ldconfig -v | grep winbind

This makes libnss_winbind available to winbindd +and echos back a check to you.

Configure smb.conf

Several parameters are needed in the smb.conf file to control +the behavior of winbindd. Configure +smb.conf These are described in more detail in +the winbindd(8) man page. My +smb.conf file was modified to +include the following entries in the [global] section:

[global]
+     <...>
+     # separate domain and username with '+', like DOMAIN+username
+     winbind separator = +
+     # use uids from 10000 to 20000 for domain users
+     winbind uid = 10000-20000
+     # use gids from 10000 to 20000 for domain groups
+     winbind gid = 10000-20000
+     # allow enumeration of winbind users and groups
+     winbind enum users = yes
+     winbind enum groups = yes
+     # give winbind users a real shell (only needed if they have telnet access)
+     template homedir = /home/winnt/%D/%U
+     template shell = /bin/bash

Join the SAMBA server to the PDC domain

Enter the following command to make the SAMBA server join the +PDC domain, where DOMAIN is the name of +your Windows domain and Administrator is +a domain user who has administrative privileges in the domain.

root# /usr/local/samba/bin/net rpc join -s PDC -U Administrator

The proper response to the command should be: "Joined the domain +DOMAIN" where DOMAIN +is your DOMAIN name.

Start up the winbindd daemon and test it!

Eventually, you will want to modify your smb startup script to +automatically invoke the winbindd daemon when the other parts of +SAMBA start, but it is possible to test out just the winbind +portion first. To start up winbind services, enter the following +command as root:

root# /usr/local/samba/bin/winbindd

I'm always paranoid and like to make sure the daemon +is really running...

root# ps -ae | grep winbindd

This command should produce output like this, if the daemon is running

3025 ? 00:00:00 winbindd

Now... for the real test, try to get some information about the +users on your PDC

root# /usr/local/samba/bin/wbinfo -u

+This should echo back a list of users on your Windows users on +your PDC. For example, I get the following response:

CEO+Administrator
+CEO+burdell
+CEO+Guest
+CEO+jt-ad
+CEO+krbtgt
+CEO+TsInternetUser

Obviously, I have named my domain 'CEO' and my winbind +separator is '+'.

You can do the same sort of thing to get group information from +the PDC:

root# /usr/local/samba/bin/wbinfo -g
+CEO+Domain Admins
+CEO+Domain Users
+CEO+Domain Guests
+CEO+Domain Computers
+CEO+Domain Controllers
+CEO+Cert Publishers
+CEO+Schema Admins
+CEO+Enterprise Admins
+CEO+Group Policy Creator Owners

The function 'getent' can now be used to get unified +lists of both local and PDC users and groups. +Try the following command:

root# getent passwd

You should get a list that looks like your /etc/passwd +list followed by the domain users with their new uids, gids, home +directories and default shells.

The same thing can be done for groups with the command

root# getent group

Fix the /etc/rc.d/init.d/smb startup files

The winbindd daemon needs to start up after the +smbd and nmbd daemons are running. +To accomplish this task, you need to modify the /etc/init.d/smb +script to add commands to invoke this daemon in the proper sequence. My +/etc/init.d/smb file starts up smbd, +nmbd, and winbindd from the +/usr/local/samba/bin directory directly. The 'start' +function in the script looks like this:

start() {
+        KIND="SMB"
+        echo -n $"Starting $KIND services: "
+        daemon /usr/local/samba/bin/smbd $SMBDOPTIONS
+        RETVAL=$?
+        echo
+        KIND="NMB"
+        echo -n $"Starting $KIND services: "
+        daemon /usr/local/samba/bin/nmbd $NMBDOPTIONS
+        RETVAL2=$?
+        echo
+        KIND="Winbind"
+        echo -n $"Starting $KIND services: "
+        daemon /usr/local/samba/bin/winbindd
+        RETVAL3=$?
+        echo
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && touch /var/lock/subsys/smb || \
+           RETVAL=1
+        return $RETVAL
+}

The 'stop' function has a corresponding entry to shut down the +services and look s like this:

stop() {
+        KIND="SMB"
+        echo -n $"Shutting down $KIND services: "
+        killproc smbd
+        RETVAL=$?
+        echo
+        KIND="NMB"
+        echo -n $"Shutting down $KIND services: "
+        killproc nmbd
+        RETVAL2=$?
+        echo
+        KIND="Winbind"
+        echo -n $"Shutting down $KIND services: "
+        killproc winbindd
+        RETVAL3=$?
+        [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 -a $RETVAL3 -eq 0 ] && rm -f /var/lock/subsys/smb
+        echo ""
+        return $RETVAL
+}

If you restart the smbd, nmbd, +and winbindd daemons at this point, you +should be able to connect to the samba server as a domain member just as +if you were a local user.

Configure Winbind and PAM

If you have made it this far, you know that winbindd and samba are working +together. If you want to use winbind to provide authentication for other +services, keep reading. The pam configuration files need to be altered in +this step. (Did you remember to make backups of your original +/etc/pam.d files? If not, do it now.)

You will need a pam module to use winbindd with these other services. This +module will be compiled in the ../source/nsswitch directory +by invoking the command

root# make nsswitch/pam_winbind.so

from the ../source directory. The +pam_winbind.so file should be copied to the location of +your other pam security modules. On my RedHat system, this was the +/lib/security directory.

root# cp ../samba/source/nsswitch/pam_winbind.so /lib/security

The /etc/pam.d/samba file does not need to be changed. I +just left this fileas it was:

auth    required        /lib/security/pam_stack.so service=system-auth
+account required        /lib/security/pam_stack.so service=system-auth

The other services that I modified to allow the use of winbind +as an authentication service were the normal login on the console (or a terminal +session), telnet logins, and ftp service. In order to enable these +services, you may first need to change the entries in +/etc/xinetd.d (or /etc/inetd.conf). +RedHat 7.1 uses the new xinetd.d structure, in this case you need +to change the lines in /etc/xinetd.d/telnet +and /etc/xinetd.d/wu-ftp from 

enable = no

to

enable = yes

+For ftp services to work properly, you will also need to either +have individual directories for the domain users already present on +the server, or change the home directory template to a general +directory for all domain users. These can be easily set using +the smb.conf global entry +template homedir.

The /etc/pam.d/ftp file can be changed +to allow winbind ftp access in a manner similar to the +samba file. My /etc/pam.d/ftp file was +changed to look like this:

auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
+auth       sufficient   /lib/security/pam_winbind.so
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_shells.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth

The /etc/pam.d/login file can be changed nearly the +same way. It now looks like this:

auth       required     /lib/security/pam_securetty.so
+auth       sufficient   /lib/security/pam_winbind.so
+auth       sufficient   /lib/security/pam_unix.so use_first_pass
+auth       required     /lib/security/pam_stack.so service=system-auth
+auth       required     /lib/security/pam_nologin.so
+account    sufficient   /lib/security/pam_winbind.so
+account    required     /lib/security/pam_stack.so service=system-auth
+password   required     /lib/security/pam_stack.so service=system-auth
+session    required     /lib/security/pam_stack.so service=system-auth
+session    optional     /lib/security/pam_console.so

In this case, I added the auth sufficient /lib/security/pam_winbind.so +lines as before, but also added the required pam_securetty.so +above it, to disallow root logins over the network. I also added a +sufficient /lib/security/pam_unix.so use_first_pass +line after the winbind.so line to get rid of annoying +double prompts for passwords.

Limitations

Winbind has a number of limitations in its current + released version that we hope to overcome in future + releases:

  • Winbind is currently only available for + the Linux operating system, although ports to other operating + systems are certainly possible. For such ports to be feasible, + we require the C library of the target operating system to + support the Name Service Switch and Pluggable Authentication + Modules systems. This is becoming more common as NSS and + PAM gain support among UNIX vendors.

  • The mappings of Windows NT RIDs to UNIX ids + is not made algorithmically and depends on the order in which + unmapped users or groups are seen by winbind. It may be difficult + to recover the mappings of rid to UNIX id mapping if the file + containing this information is corrupted or destroyed.

  • Currently the winbind PAM module does not take + into account possible workstation and logon time restrictions + that may be been set for Windows NT users.

Conclusion

The winbind system, through the use of the Name Service + Switch, Pluggable Authentication Modules, and appropriate + Microsoft RPC calls have allowed us to provide seamless + integration of Microsoft Windows NT domain users on a + UNIX system. The result is a great reduction in the administrative + cost of running a mixed UNIX and NT network.

\ No newline at end of file diff --git a/docs/htmldocs/winbindd.8.html b/docs/htmldocs/winbindd.8.html new file mode 100644 index 00000000000..51a70042b18 --- /dev/null +++ b/docs/htmldocs/winbindd.8.html @@ -0,0 +1,961 @@ +winbindd

winbindd

Name

winbindd -- Name Service Switch daemon for resolving names + from NT servers

Synopsis

winbindd [-i] [-d <debug level>] [-s <smb config file>]

DESCRIPTION

This program is part of the Samba suite.

winbindd is a daemon that provides + a service for the Name Service Switch capability that is present + in most modern C libraries. The Name Service Switch allows user + and system information to be obtained from different databases + services such as NIS or DNS. The exact behaviour can be configured + throught the /etc/nsswitch.conf file. + Users and groups are allocated as they are resolved to a range + of user and group ids specified by the administrator of the + Samba system.

The service provided by winbindd is called `winbind' and + can be used to resolve user and group information from a + Windows NT server. The service can also provide authentication + services via an associated PAM module.

The pam_winbind module in the 2.2.2 release only + supports the auth and account + module-types. The latter is simply + performs a getpwnam() to verify that the system can obtain a uid for the + user. If the libnss_winbind library has been correctly + installed, this should always suceed. +

The following nsswitch databases are implemented by + the winbindd service:

passwd

User information traditionally stored in + the passwd(5) file and used by + getpwent(3) functions.

group

Group information traditionally stored in + the group(5) file and used by + getgrent(3) functions.

For example, the following simple configuration in the + /etc/nsswitch.conf file can be used to initially + resolve user and group information from /etc/passwd + and /etc/group and then from the + Windows NT server. 

passwd:         files winbind
+group:          files winbind
+

OPTIONS

-d debuglevel

Sets the debuglevel to an integer between + 0 and 100. 0 is for no debugging and 100 is for reams and + reams. To submit a bug report to the Samba Team, use debug + level 100 (see BUGS.txt).

-i

Tells winbindd to not + become a daemon and detach from the current terminal. This + option is used by developers when interactive debugging + of winbindd is required.

NAME AND ID RESOLUTION

Users and groups on a Windows NT server are assigned + a relative id (rid) which is unique for the domain when the + user or group is created. To convert the Windows NT user or group + into a unix user or group, a mapping between rids and unix user + and group ids is required. This is one of the jobs that winbindd performs.

As winbindd users and groups are resolved from a server, user + and group ids are allocated from a specified range. This + is done on a first come, first served basis, although all existing + users and groups will be mapped as soon as a client performs a user + or group enumeration command. The allocated unix ids are stored + in a database file under the Samba lock directory and will be + remembered.

WARNING: The rid to unix id database is the only location + where the user and group mappings are stored by winbindd. If this + file is deleted or corrupted, there is no way for winbindd to + determine which user and group ids correspond to Windows NT user + and group rids.

CONFIGURATION

Configuration of the winbindd daemon + is done through configuration parameters in the smb.conf(5) + file. All parameters should be specified in the + [global] section of smb.conf.

winbind separator

The winbind separator option allows you + to specify how NT domain names and user names are combined + into unix user names when presented to users. By default, + winbindd will use the traditional '\' + separator so that the unix user names look like + DOMAIN\username. In some cases this separator character may + cause problems as the '\' character has special meaning in + unix shells. In that case you can use the winbind separator + option to specify an alternative separator character. Good + alternatives may be '/' (although that conflicts + with the unix directory separator) or a '+ 'character. + The '+' character appears to be the best choice for 100% + compatibility with existing unix utilities, but may be an + aesthetically bad choice depending on your taste.

Default: winbind separator = \ +

Example: winbind separator = +

winbind uid

The winbind uid parameter specifies the + range of user ids that are allocated by the winbindd daemon. + This range of ids should have no existing local or NIS users + within it as strange conflicts can occur otherwise.

Default: winbind uid = <empty string> +

Example: winbind uid = 10000-20000

winbind gid

The winbind gid parameter specifies the + range of group ids that are allocated by the winbindd daemon. + This range of group ids should have no existing local or NIS + groups within it as strange conflicts can occur otherwise.

Default: winbind gid = <empty string> +

Example: winbind gid = 10000-20000 +

winbind cache time

This parameter specifies the number of + seconds the winbindd daemon will cache user and group information + before querying a Windows NT server again. When a item in the + cache is older than this time winbindd will ask the domain + controller for the sequence number of the server's account database. + If the sequence number has not changed then the cached item is + marked as valid for a further winbind cache time + seconds. Otherwise the item is fetched from the + server. This means that as long as the account database is not + actively changing winbindd will only have to send one sequence + number query packet every winbind cache time + seconds.

Default: winbind cache time = 15 +

winbind enum users

On large installations it may be necessary + to suppress the enumeration of users through the setpwent(), getpwent() and + endpwent() group of system calls. If + the winbind enum users parameter is false, + calls to the getpwent system call will not + return any data.

Warning: Turning off user enumeration + may cause some programs to behave oddly. For example, the finger + program relies on having access to the full user list when + searching for matching usernames.

Default: winbind enum users = yes

winbind enum groups

On large installations it may be necessary + to suppress the enumeration of groups through the setgrent(), getgrent() and + endgrent() group of system calls. If + the winbind enum groups parameter is + false, calls to the getgrent() system + call will not return any data.

Warning: Turning off group + enumeration may cause some programs to behave oddly. +

Default: winbind enum groups = no +

template homedir

When filling out the user information + for a Windows NT user, the winbindd daemon + uses this parameter to fill in the home directory for that user. + If the string %D is present it is + substituted with the user's Windows NT domain name. If the + string %U is present it is substituted + with the user's Windows NT user name.

Default: template homedir = /home/%D/%U +

template shell

When filling out the user information for + a Windows NT user, the winbindd daemon + uses this parameter to fill in the shell for that user. +

Default: template shell = /bin/false +

winbind use default domain

This parameter specifies whether the winbindd + daemon should operate on users without domain component in their username. + Users without a domain component are treated as is part of the winbindd server's + own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail + function in a way much closer to the way they would in a native unix system.

Default: winbind use default domain = <falseg> +

Example: winbind use default domain = true

EXAMPLE SETUP

To setup winbindd for user and group lookups plus + authentication from a domain controller use something like the + following setup. This was tested on a RedHat 6.2 Linux box.

In /etc/nsswitch.conf put the + following:

passwd:     files winbind
+group:      files winbind
+

In /etc/pam.d/* replace the + auth lines with something like this: 

auth       required	/lib/security/pam_securetty.so
+auth       required	/lib/security/pam_nologin.so
+auth       sufficient	/lib/security/pam_winbind.so
+auth       required     /lib/security/pam_pwdb.so use_first_pass shadow nullok
+

Note in particular the use of the sufficient + keyword and the use_first_pass keyword.

Now replace the account lines with this:

account required /lib/security/pam_winbind.so +

The next step is to join the domain. To do that use the + smbpasswd program like this:

smbpasswd -j DOMAIN -r PDC -U + Administrator

The username after the -U can be any + Domain user that has administrator privileges on the machine. + Substitute your domain name for "DOMAIN" and the name of your PDC + for "PDC".

Next copy libnss_winbind.so to + /lib and pam_winbind.so + to /lib/security. A symbolic link needs to be + made from /lib/libnss_winbind.so to + /lib/libnss_winbind.so.2. If you are using an + older version of glibc then the target of the link should be + /lib/libnss_winbind.so.1.

Finally, setup a smb.conf containing directives like the + following: 

[global]
+	winbind separator = +
+        winbind cache time = 10
+        template shell = /bin/bash
+        template homedir = /home/%D/%U
+        winbind uid = 10000-20000
+        winbind gid = 10000-20000
+        workgroup = DOMAIN
+        security = domain
+        password server = *
+

Now start winbindd and you should find that your user and + group database is expanded to include your NT users and groups, + and that you can login to your unix box as a domain user, using + the DOMAIN+user syntax for the username. You may wish to use the + commands getent passwd and getent group + to confirm the correct operation of winbindd.

NOTES

The following notes are useful when configuring and + running winbindd:

nmbd must be running on the local machine + for winbindd to work. winbindd + queries the list of trusted domains for the Windows NT server + on startup and when a SIGHUP is received. Thus, for a running winbindd to become aware of new trust relationships between + servers, it must be sent a SIGHUP signal.

Client processes resolving names through the winbindd + nsswitch module read an environment variable named $WINBINDD_DOMAIN. If this variable contains a comma separated + list of Windows NT domain names, then winbindd will only resolve users + and groups within those Windows NT domains.

PAM is really easy to misconfigure. Make sure you know what + you are doing when modifying PAM configuration files. It is possible + to set up PAM such that you can no longer log into your system.

If more than one UNIX machine is running winbindd, + then in general the user and groups ids allocated by winbindd will not + be the same. The user and group ids will only be valid for the local + machine.

If the the Windows NT RID to UNIX user and group id mapping + file is damaged or destroyed then the mappings will be lost.

SIGNALS

The following signals can be used to manipulate the + winbindd daemon.

SIGHUP

Reload the smb.conf(5) + file and apply any parameter changes to the running + version of winbindd. This signal also clears any cached + user and group information. The list of other domains trusted + by winbindd is also reloaded.

SIGUSR1

The SIGUSR1 signal will cause winbindd to write status information to the winbind + log file including information about the number of user and + group ids allocated by winbindd.

Log files are stored in the filename specified by the + log file parameter.

FILES

/etc/nsswitch.conf(5)

Name service switch configuration file.

/tmp/.winbindd/pipe

The UNIX pipe over which clients communicate with + the winbindd program. For security reasons, the + winbind client will only attempt to connect to the winbindd daemon + if both the /tmp/.winbindd directory + and /tmp/.winbindd/pipe file are owned by + root.

/lib/libnss_winbind.so.X

Implementation of name service switch library. +

$LOCKDIR/winbindd_idmap.tdb

Storage for the Windows NT rid to UNIX user/group + id mapping. The lock directory is specified when Samba is initially + compiled using the --with-lockdir option. + This directory is by default /usr/local/samba/var/locks + .

$LOCKDIR/winbindd_cache.tdb

Storage for cached user and group information. +

VERSION

This man page is correct for version 2.2 of + the Samba suite.

SEE ALSO

nsswitch.conf(5), + samba(7), + wbinfo(1), + smb.conf(5)

AUTHOR

The original Samba software and related utilities + were created by Andrew Tridgell. Samba is now developed + by the Samba Team as an Open Source project similar + to the way the Linux kernel is developed.

wbinfo and winbindd + were written by Tim Potter.

The conversion to DocBook for Samba 2.2 was done + by Gerald Carter

\ No newline at end of file diff --git a/docs/manpages/findsmb.1 b/docs/manpages/findsmb.1 new file mode 100644 index 00000000000..a6bb66b7f1b --- /dev/null +++ b/docs/manpages/findsmb.1 @@ -0,0 +1,90 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "FINDSMB" "1" "28 January 2002" "" "" +.SH NAME +findsmb \- list info about machines that respond to SMB name queries on a subnet +.SH SYNOPSIS +.sp +\fBfindsmb\fR [ \fBsubnet broadcast address\fR ] +.SH "DESCRIPTION" +.PP +This perl script is part of the Sambasuite. +.PP +\fBfindsmb\fR is a perl script that +prints out several pieces of information about machines +on a subnet that respond to SMB name query requests. +It uses \fB nmblookup(1)\fRto obtain this information. +.SH "OPTIONS" +.TP +\fBsubnet broadcast address\fR +Without this option, \fBfindsmb +\fRwill probe the subnet of the machine where +\fBfindsmb\fR is run. This value is passed +to \fBnmblookup\fR as part of the +-B option +.SH "EXAMPLES" +.PP +The output of \fBfindsmb\fR lists the following +information for all machines that respond to the initial +\fBnmblookup\fR for any name: IP address, NetBIOS name, +Workgroup name, operating system, and SMB server version. +.PP +There will be a '+' in front of the workgroup name for +machines that are local master browsers for that workgroup. There +will be an '*' in front of the workgroup name for +machines that are the domain master browser for that workgroup. +Machines that are running Windows, Windows 95 or Windows 98 will +not show any information about the operating system or server +version. +.PP +The command must be run on a system without \fBnmbd\fRrunning. +If \fBnmbd\fR is running on the system, you will +only get the IP address and the DNS name of the machine. To +get proper responses from Windows 95 and Windows 98 machines, +the command must be run as root. +.PP +For example running \fBfindsmb\fR on a machine +without \fBnmbd\fR running would yield output similar +to the following +.sp +.nf +IP ADDR NETBIOS NAME WORKGROUP/OS/VERSION +--------------------------------------------------------------------- +192.168.35.10 MINESET-TEST1 [DMVENGR] +192.168.35.55 LINUXBOX *[MYGROUP] [Unix] [Samba 2.0.6] +192.168.35.56 HERBNT2 [HERB-NT] +192.168.35.63 GANDALF [MVENGR] [Unix] [Samba 2.0.5a for IRIX] +192.168.35.65 SAUNA [WORKGROUP] [Unix] [Samba 1.9.18p10] +192.168.35.71 FROGSTAR [ENGR] [Unix] [Samba 2.0.0 for IRIX] +192.168.35.78 HERBDHCP1 +[HERB] +192.168.35.88 SCNT2 +[MVENGR] [Windows NT 4.0] [NT LAN Manager 4.0] +192.168.35.93 FROGSTAR-PC [MVENGR] [Windows 5.0] [Windows 2000 LAN Manager] +192.168.35.97 HERBNT1 *[HERB-NT] [Windows NT 4.0] [NT LAN Manager 4.0] + +.sp +.fi +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBnmbd(8)\fR, +\fBsmbclient(1) +\fR +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/lmhosts.5 b/docs/manpages/lmhosts.5 new file mode 100644 index 00000000000..ed3a81251b6 --- /dev/null +++ b/docs/manpages/lmhosts.5 @@ -0,0 +1,92 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "LMHOSTS" "5" "28 January 2002" "" "" +.SH NAME +lmhosts \- The Samba NetBIOS hosts file +.SH SYNOPSIS +.PP +\fIlmhosts\fR is the SambaNetBIOS name to IP address mapping file. +.SH "DESCRIPTION" +.PP +This file is part of the Sambasuite. +.PP +\fIlmhosts\fR is the \fBSamba +\fRNetBIOS name to IP address mapping file. It +is very similar to the \fI/etc/hosts\fR file +format, except that the hostname component must correspond +to the NetBIOS naming format. +.SH "FILE FORMAT" +.PP +It is an ASCII file containing one line for NetBIOS name. +The two fields on each line are separated from each other by +white space. Any entry beginning with '#' is ignored. Each line +in the lmhosts file contains the following information : +.TP 0.2i +\(bu +IP Address - in dotted decimal format. +.TP 0.2i +\(bu +NetBIOS Name - This name format is a +maximum fifteen character host name, with an optional +trailing '#' character followed by the NetBIOS name type +as two hexadecimal digits. + +If the trailing '#' is omitted then the given IP +address will be returned for all names that match the given +name, whatever the NetBIOS name type in the lookup. +.PP +An example follows : +.PP +.PP +.sp +.nf +# +# Sample Samba lmhosts file. +# +192.9.200.1 TESTPC +192.9.200.20 NTSERVER#20 +192.9.200.21 SAMBASERVER + +.sp +.fi +.PP +.PP +Contains three IP to NetBIOS name mappings. The first +and third will be returned for any queries for the names "TESTPC" +and "SAMBASERVER" respectively, whatever the type component of +the NetBIOS name requested. +.PP +.PP +The second mapping will be returned only when the "0x20" name +type for a name "NTSERVER" is queried. Any other name type will not +be resolved. +.PP +.PP +The default location of the \fIlmhosts\fR file +is in the same directory as the +smb.conf(5)>file. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbclient(1) +\fR +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/make_smbcodepage.1 b/docs/manpages/make_smbcodepage.1 new file mode 100644 index 00000000000..915f0fc44bb --- /dev/null +++ b/docs/manpages/make_smbcodepage.1 @@ -0,0 +1,140 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "MAKE_SMBCODEPAGE" "1" "28 January 2002" "" "" +.SH NAME +make_smbcodepage \- construct a codepage file for Samba +.SH SYNOPSIS +.sp +\fBmake_smbcodepage\fR \fBc|d\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBmake_smbcodepage\fR compiles or de-compiles +codepage files for use with the internationalization features +of Samba 2.2 +.SH "OPTIONS" +.TP +\fBc|d\fR +This tells \fBmake_smbcodepage\fR +if it is compiling (\fIc\fR) a text format code +page file to binary, or (\fId\fR) de-compiling +a binary codepage file to text. +.TP +\fBcodepage\fR +This is the codepage we are processing (a +number, e.g. 850). +.TP +\fBinputfile\fR +This is the input file to process. In +the \fIc\fR case this will be a text +codepage definition file such as the ones found in the Samba +\fIsource/codepages\fR directory. In +the \fId\fR case this will be the +binary format codepage definition file normally found in +the \fIlib/codepages\fR directory in the +Samba install directory path. +.TP +\fBoutputfile\fR +This is the output file to produce. +.SH "SAMBA CODEPAGE FILES" +.PP +A text Samba codepage definition file is a description +that tells Samba how to map from upper to lower case for +characters greater than ascii 127 in the specified DOS code page. +Note that for certain DOS codepages (437 for example) mapping +from lower to upper case may be non-symmetrical. For example, in +code page 437 lower case a acute maps to a plain upper case A +when going from lower to upper case, but plain upper case A maps +to plain lower case a when lower casing a character. +.PP +A binary Samba codepage definition file is a binary +representation of the same information, including a value that +specifies what codepage this file is describing. +.PP +As Samba does not yet use UNICODE (current for Samba version 2.2) +you must specify the client code page that your DOS and Windows +clients are using if you wish to have case insensitivity done +correctly for your particular language. The default codepage Samba +uses is 850 (Western European). Text codepage definition sample files +are provided in the Samba distribution for codepages 437 (USA), 737 (Greek), +850 (Western European) 852 (MS-DOS Latin 2), 861 (Icelandic), 866 (Cyrillic), +932 (Kanji SJIS), 936 (Simplified Chinese), 949 (Hangul) and 950 (Traditional +Chinese). Users are encouraged to write text codepage definition files for +their own code pages and donate them to samba@samba.org. All codepage files +in the Samba \fIsource/codepages\fR directory are +compiled and installed when a \fB'make install'\fR +command is issued there. +.PP +The client codepage used by the \fBsmbd\fR server +is configured using the \fBclient code page\fR parameter +in the \fBsmb.conf\fR file. +.SH "FILES" +.PP +\fBcodepage_def.\fR +.PP +These are the input (text) codepage files provided in the +Samba \fIsource/codepages\fR directory. +.PP +A text codepage definition file consists of multiple lines +containing four fields. These fields are: +.TP 0.2i +\(bu +\fBlower\fR: which is the +(hex) lower case character mapped on this line. +.TP 0.2i +\(bu +\fBupper\fR: which is the (hex) +upper case character that the lower case character will map to. +.TP 0.2i +\(bu +\fBmap upper to lower\fR which +is a boolean value (put either True or False here) which tells +Samba if it is to map the given upper case character to the +given lower case character when lower casing a filename. +.TP 0.2i +\(bu +\fBmap lower to upper\fR which +is a boolean value (put either True or False here) which tells +Samba if it is to map the given lower case character to the +given upper case character when upper casing a filename. +.PP +\fBcodepage.\fR - These are the +output (binary) codepage files produced and placed in the Samba +destination \fIlib/codepage\fR directory. +.PP +.SH "INSTALLATION" +.PP +The location of the server and its support files is a +matter for individual system administrators. The following are +thus suggestions only. +.PP +It is recommended that the \fBmake_smbcodepage +\fRprogram be installed under the \fI/usr/local/samba +\fRhierarchy, in a directory readable by all, writeable +only by root. The program itself should be executable by all. The +program should NOT be setuid or setgid! +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbd(8)\fR, +smb.conf(5) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/make_unicodemap.1 b/docs/manpages/make_unicodemap.1 new file mode 100644 index 00000000000..a49d66d7a73 --- /dev/null +++ b/docs/manpages/make_unicodemap.1 @@ -0,0 +1,99 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "MAKE_UNICODEMAP" "1" "28 January 2002" "" "" +.SH NAME +make_unicodemap \- construct a unicode map file for Samba +.SH SYNOPSIS +.sp +\fBmake_unicodemap\fR \fBcodepage\fR \fBinputfile\fR \fBoutputfile\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Samba +suite. +.PP +\fBmake_unicodemap\fR compiles text unicode map +files into binary unicode map files for use with the +internationalization features of Samba 2.2. +.SH "OPTIONS" +.TP +\fBcodepage\fR +This is the codepage or UNIX character +set we are processing (a number, e.g. 850). +.TP +\fBinputfile\fR +This is the input file to process. This is a +text unicode map file such as the ones found in the Samba +\fIsource/codepages\fR directory. +.TP +\fBoutputfile\fR +This is the binary output file to produce. +.SH "SAMBA UNICODE MAP FILES" +.PP +A text Samba unicode map file is a description that tells Samba +how to map characters from a specified DOS code page or UNIX character +set to 16 bit unicode. +.PP +A binary Samba unicode map file is a binary representation +of the same information, including a value that specifies what +codepage or UNIX character set this file is describing. +.SH "FILES" +.PP +\fICP.TXT\fR +.PP +These are the input (text) unicode map files provided +in the Samba \fIsource/codepages\fR +directory. +.PP +A text unicode map file consists of multiple lines +containing two fields. These fields are : +.TP 0.2i +\(bu +\fIcharacter\fR - which is +the (hex) character mapped on this line. +.TP 0.2i +\(bu +\fIunicode\fR - which +is the (hex) 16 bit unicode character that the character +will map to. +.PP +\fIunicode_map.\fR - These are +the output (binary) unicode map files produced and placed in +the Samba destination \fIlib/codepage\fR +directory. +.PP +.SH "INSTALLATION" +.PP +The location of the server and its support files is a matter +for individual system administrators. The following are thus +suggestions only. +.PP +It is recommended that the \fBmake_unicodemap\fR +program be installed under the +\fI$prefix/samba\fR hierarchy, +in a directory readable by all, writeable only by root. The +program itself should be executable by all. The program +should NOT be setuid or setgid! +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbd(8)\fR, +smb.conf(5) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/net.8 b/docs/manpages/net.8 new file mode 100644 index 00000000000..e063e3c2296 --- /dev/null +++ b/docs/manpages/net.8 @@ -0,0 +1,32 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "NET" "8" "28 January 2002" "" "" +.SH NAME +net \- Tool for administration of Samba and remote CIFS servers. +.SH SYNOPSIS +.sp +\fBnet\fR \fB\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.SH "OPTIONS" +.PP +.SH "COMMANDS" +.PP +.SH "VERSION" +.PP +This man page is incomplete for version 3.0 of the Samba +suite. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code. diff --git a/docs/manpages/nmbd.8 b/docs/manpages/nmbd.8 index e42f194cdee..18168220e42 100644 --- a/docs/manpages/nmbd.8 +++ b/docs/manpages/nmbd.8 @@ -1,491 +1,252 @@ -.TH NMBD 8 17/1/1995 nmbd nmbd +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "NMBD" "8" "28 January 2002" "" "" .SH NAME -nmbd \- provide netbios nameserver support to clients +nmbd \- NetBIOS name server to provide NetBIOS over IP naming services to clients .SH SYNOPSIS -.B nmbd -[ -.B -B -.I broadcast address -] [ -.B -I -.I IP address -] [ -.B -D -] [ -.B -C comment string -] [ -.B -G -.I group name -] [ -.B -H -.I netbios hosts file -] [ -.B -N -.I netmask -] [ -.B -d -.I debuglevel -] [ -.B -l -.I log basename -] [ -.B -n -.I netbios name -] [ -.B -p -.I port number -] [ -.B -s -.I config file name -] - -.SH DESCRIPTION +.sp +\fBnmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-d \fR ] [ \fB-H \fR ] [ \fB-l \fR ] [ \fB-n \fR ] [ \fB-p \fR ] [ \fB-s \fR ] +.SH "DESCRIPTION" +.PP This program is part of the Samba suite. - -.B nmbd -is a server that understands and can reply to netbios -name service requests, like those produced by LanManager -clients. It also controls browsing. - -LanManager clients, when they start up, may wish to locate a LanManager server. -That is, they wish to know what IP number a specified host is using. - -This program simply listens for such requests, and if its own name is specified -it will respond with the IP number of the host it is running on. "Its own name" -is by default the name of the host it is running on, but this can be overriden -with the -.B -n -option (see "OPTIONS" below). Using the -.B -S -option (see "OPTIONS" below), it can also be instructed to respond with IP -information about other hosts, provided they are locatable via the -gethostbyname() call, or they are in a netbios hosts file. - -Nmbd can also be used as a WINS (Windows Internet Name Server) -server. It will do this automatically by default. What this basically -means is that it will respond to all name requests that it receives -that are not broadcasts, as long as it can resolve the name. -.SH OPTIONS -.B -B - -.RS 3 -On some systems, the server is unable to determine the broadcast address to -use for name registration requests. If your system has this difficulty, this -parameter may be used to specify an appropriate broadcast address. The -address should be given in standard "a.b.c.d" notation. - -Only use this parameter if you are sure that the server cannot properly -determine the proper broadcast address. - -The default broadcast address is determined by the server at run time. If it -encounters difficulty doing so, it makes a guess based on the local IP -number. -.RE -.B -I - -.RS 3 -On some systems, the server is unable to determine the correct IP -address to use. This allows you to override the default choice. -.RE - -.B -D - -.RS 3 -If specified, this parameter causes the server to operate as a daemon. That is, -it detaches itself and runs in the background, fielding requests on the -appropriate port. - -By default, the server will NOT operate as a daemon. -.RE - -.B -C comment string - -.RS 3 -This allows you to set the "comment string" that is shown next to the -machine name in browse listings. - -A %v will be replaced with the Samba version number. - -A %h will be replaced with the hostname. - -It defaults to "Samba %v". -.RE - -.B -G - -.RS 3 -This option allows you to specify a netbios group (also known as -lanmanager domain) that the server should be part of. You may include -several of these on the command line if you like. Alternatively you -can use the -H option to load a netbios hosts file containing domain names. - -At startup, unless the -R switch has been used, the server will -attempt to register all group names in the hosts file and on the -command line (from the -G option). - -The server will also respond to queries on this name. -.RE - -.B -H - -.RS 3 -It may be useful in some situations to be able to specify a list of -netbios names for which the server should send a reply if -queried. This option allows that. The syntax is similar to the -standard /etc/hosts file format, but has some extensions. - -The file contains three columns. Lines beginning with a # are ignored -as comments. The first column is an IP address, or a hostname. If it -is a hostname then it is interpreted as the IP address returned by -gethostbyname() when read. Any IP address of 0.0.0.0 will be -interpreted as the servers own IP address. - -The second column is a netbios name. This is the name that the server -will respond to. It must be less than 20 characters long. - -The third column is optional, and is intended for flags. Currently the -only flags supported are G, S and M. A G indicates that the name is a -group (also known as domain) name. - -At startup all groups known to the server (either from this file or -from the -G option) are registered on the network (unless the -R -option has been selected). - -A S or G means that the specified address is a broadcast address of a -network that you want people to be able to browse you from. Nmbd will -search for a master browser in that domain and will send host -announcements to that machine, informing it that the specifed somain -is available. - -A M means that this name is the default netbios name for this -machine. This has the same affect as specifying the -n option to nmbd. - -After startup the server waits for queries, and will answer queries to -any name known to it. This includes all names in the netbios hosts -file (if any), it's own name, and any names given with the -G option. - -The primary intention of the -H option is to allow a mapping from -netbios names to internet domain names, and to allow the specification -of groups that the server should be part of. - -.B Example: - - # This is a sample netbios hosts file - - # DO NOT USE THIS FILE AS-IS - # YOU MAY INCONVENIENCE THE OWNERS OF THESE IPs - # if you want to include a name with a space in it then - # use double quotes. - - # first put ourselves in the group LANGROUP - 0.0.0.0 LANGROUP G - - # next add a netbios alias for a faraway host - arvidsjaur.anu.edu.au ARVIDSJAUR - - # finally put in an IP for a hard to find host - 130.45.3.213 FREDDY - - # now we want another subnet to be able to browse - # us in the workgroup UNIXSERV - 192.0.2.255 UNIXSERV G - -.RE - -.B -M -.I workgroup name - -.RS 3 -If this parameter is given, the server will look for a master browser -for the specified workgroup name, report success or failure, then -exit. If successful, the IP address of the name located will be -reported. - -If you use the workgroup name "-" then nmbd will search for a master -browser for any workgroup by using the name __MSBROWSE__. - -This option is meant to be used interactively on the command line, not -as a daemon or in inetd. - -.RE -.B -N - -.RS 3 -On some systems, the server is unable to determine the netmask. If -your system has this difficulty, this parameter may be used to specify -an appropriate netmask. The mask should be given in standard -"a.b.c.d" notation. - -Only use this parameter if you are sure that the server cannot properly -determine the proper netmask. - -The default netmask is determined by the server at run time. If it -encounters difficulty doing so, it makes a guess based on the local IP -number. -.RE - -.B -d -.I debuglevel -.RS 3 - -debuglevel is an integer from 0 to 5. - -The default value if this parameter is not specified is zero. - -The higher this value, the more detail will be logged to the log files about -the activities of the server. At level 0, only critical errors and serious -warnings will be logged. Level 1 is a reasonable level for day to day running -- it generates a small amount of information about operations carried out. - -Levels above 1 will generate considerable amounts of log data, and should -only be used when investigating a problem. Levels above 3 are designed for -use only by developers and generate HUGE amounts of log data, most of which -is extremely cryptic. -.RE - -.B -l -.I log file - -.RS 3 -If specified, -.I logfile -specifies a base filename into which operational data from the running server -will be logged. - -The default base name is specified at compile time. - -The base name is used to generate actual log file names. For example, if the -name specified was "log", the following files would be used for log data: - -.RS 3 -log.nmb (containing debugging information) - -log.nmb.in (containing inbound transaction data) - -log.nmb.out (containing outbound transaction data) -.RE - -The log files generated are never removed by the server. -.RE -.RE - -.B -n -.I netbios name - -.RS 3 -This parameter tells the server what netbios name to respond with when -queried. The same name is also registered on startup unless the -R -parameter was specified. - -The default netbios name used if this parameter is not specified is the -name of the host on which the server is running. -.RE - -.B -p -.I port number -.RS 3 - -port number is a positive integer value. - -The default value if this parameter is not specified is 137. - -This number is the port number that will be used when making connections to -the server from client software. The standard (well-known) port number for the -server is 137, hence the default. If you wish to run the server as an ordinary -user rather than as root, most systems will require you to use a port number -greater than 1024 - ask your system administrator for help if you are in this -situation. - -Note that the name server uses UDP, not TCP! - -This parameter is not normally specified except in the above situation. -.RE -.SH FILES - -.B /etc/inetd.conf - -.RS 3 -If the server is to be run by the inetd meta-daemon, this file must contain -suitable startup information for the meta-daemon. See the section -"INSTALLATION" below. -.RE - -.B /etc/rc.d/rc.inet2 - -.RS 3 -(or whatever initialisation script your system uses) - -If running the server as a daemon at startup, this file will need to contain -an appropriate startup sequence for the server. See the section "Installation" -below. -.RE - -.B /etc/services - -.RS 3 -If running the server via the meta-daemon inetd, this file must contain a -mapping of service name (eg., netbios-ns) to service port (eg., 137) and -protocol type (eg., udp). See the section "INSTALLATION" below. -.RE -.RE - -.SH ENVIRONMENT VARIABLES -Not applicable. - -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the server software be installed under the /usr/local -hierarchy, in a directory readable by all, writeable only by root. The server -program itself should be executable by all, as users may wish to run the -server themselves (in which case it will of course run with their privileges). -The server should NOT be setuid or setgid! - -The server log files should be put in a directory readable and writable only -by root, as the log files may contain sensitive information. - -The remaining notes will assume the following: - -.RS 3 -nmbd (the server program) installed in /usr/local/smb - -log files stored in /var/adm/smblogs -.RE - -The server may be run either as a daemon by users or at startup, or it may -be run from a meta-daemon such as inetd upon request. If run as a daemon, the -server will always be ready, so starting sessions will be faster. If run from -a meta-daemon some memory will be saved and utilities such as the tcpd -TCP-wrapper may be used for extra security. - -When you've decided, continue with either "Running the server as a daemon" or -"Running the server on request". -.SH RUNNING THE SERVER AS A DAEMON -To run the server as a daemon from the command line, simply put the "-D" option -on the command line. There is no need to place an ampersand at the end of the -command line - the "-D" option causes the server to detach itself from the -tty anyway. - -Any user can run the server as a daemon (execute permissions permitting, of -course). This is useful for testing purposes. - -To ensure that the server is run as a daemon whenever the machine is started, -you will need to modify the system startup files. Wherever appropriate (for -example, in /etc/rc.d/rc.inet2), insert the following line, substituting -values appropriate to your system: - -.RS 3 -/usr/local/smb/nmbd -D -l/var/adm/smblogs/log -.RE - -(The above should appear in your initialisation script as a single line. -Depending on your terminal characteristics, it may not appear that way in -this man page. If the above appears as more than one line, please treat any -newlines or indentation as a single space or TAB character.) - -If the options used at compile time are appropriate for your system, all -parameters except the desired debug level and "-D" may be omitted. See the -section on "Options" above. -.SH RUNNING THE SERVER ON REQUEST -If your system uses a meta-daemon such as inetd, you can arrange to have the -SMB name server started whenever a process attempts to connect to it. This -requires several changes to the startup files on the host machine. If you are -experimenting as an ordinary user rather than as root, you will need the -assistance of your system administrator to modify the system files. - -First, ensure that a port is configured in the file /etc/services. The -well-known port 137 should be used if possible, though any port may be used. - -Ensure that a line similar to the following is in /etc/services: - -.RS 3 -netbios-ns 137/udp -.RE - -Note for NIS/YP users: You may need to rebuild the NIS service maps rather -than alter your local /etc/services file. - -Next, put a suitable line in the file /etc/inetd.conf (in the unlikely event -that you are using a meta-daemon other than inetd, you are on your own). Note -that the first item in this line matches the service name in /etc/services. -Substitute appropriate values for your system in this line (see -.B inetd(8)): - -.RS 3 -netbios-ns dgram udp wait root /usr/local/smb/nmbd -l/var/adm/smblogs/log -.RE - -(The above should appear in /etc/inetd.conf as a single line. Depending on -your terminal characteristics, it may not appear that way in this man page. -If the above appears as more than one line, please treat any newlines or -indentation as a single space or TAB character.) - -Note that there is no need to specify a port number here, even if you are -using a non-standard port number. -.SH TESTING THE INSTALLATION -If running the server as a daemon, execute it before proceeding. If -using a meta-daemon, either restart the system or kill and restart the -meta-daemon. Some versions of inetd will reread their configuration tables if -they receive a HUP signal. - -To test whether the name server is running, start up a client -.I on a different machine -and see whether the desired name is now present. Alternatively, run -the nameserver -.I on a different machine -specifying "-L netbiosname", where "netbiosname" is the name you have -configured the test server to respond with. The command should respond -with success, and the IP number of the machine using the specified netbios -name. You may need the -B parameter on some systems. See the README -file for more information on testing nmbd. - -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the server has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B inetd(8), -.B smbd(8), -.B smb.conf(5), -.B smbclient(1), -.B testparm(1), -.B testprns(1) - -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the server are logged in the specified log file. The -log file name is specified at compile time, but may be overridden on the +.PP +\fBnmbd\fR is a server that understands +and can reply to NetBIOS over IP name service requests, like +those produced by SMB/CIFS clients such as Windows 95/98/ME, +Windows NT, Windows 2000, and LanManager clients. It also +participates in the browsing protocols which make up the +Windows "Network Neighborhood" view. +.PP +SMB/CIFS clients, when they start up, may wish to +locate an SMB/CIFS server. That is, they wish to know what +IP number a specified host is using. +.PP +Amongst other services, \fBnmbd\fR will +listen for such requests, and if its own NetBIOS name is +specified it will respond with the IP number of the host it +is running on. Its "own NetBIOS name" is by +default the primary DNS name of the host it is running on, +but this can be overridden with the \fB-n\fR +option (see OPTIONS below). Thus \fBnmbd\fR will +reply to broadcast queries for its own name(s). Additional +names for \fBnmbd\fR to respond on can be set +via parameters in the \fI smb.conf(5)\fRconfiguration file. +.PP +\fBnmbd\fR can also be used as a WINS +(Windows Internet Name Server) server. What this basically means +is that it will act as a WINS database server, creating a +database from name registration requests that it receives and +replying to queries from clients for these names. +.PP +In addition, \fBnmbd\fR can act as a WINS +proxy, relaying broadcast queries from clients that do +not understand how to talk the WINS protocol to a WIN +server. +.SH "OPTIONS" +.TP +\fB-D\fR +If specified, this parameter causes +\fBnmbd\fR to operate as a daemon. That is, +it detaches itself and runs in the background, fielding +requests on the appropriate port. By default, \fBnmbd\fR +will operate as a daemon if launched from a command shell. +nmbd can also be operated from the \fBinetd\fR +meta-daemon, although this is not recommended. +.TP +\fB-a\fR +If this parameter is specified, each new +connection will append log messages to the log file. +This is the default. +.TP +\fB-i\fR +If this parameter is specified it causes the +server to run "interactively", not as a daemon, even if the +server is executed on the command line of a shell. Setting this +parameter negates the implicit deamon mode when run from the command line. - -The number and nature of diagnostics available depends on the debug level used -by the server. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the -diagnostics you are seeing. - -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -This man page written by Karl Auer (Karl.Auer@anu.edu.au) - -See -.B smb.conf(5) for a full list of contributors and details on how to -submit bug reports, comments etc. - - - - - +.TP +\fB-o\fR +If this parameter is specified, the +log files will be overwritten when opened. By default, +\fBsmbd\fR will append entries to the log +files. +.TP +\fB-h\fR +Prints the help information (usage) +for \fBnmbd\fR. +.TP +\fB-H \fR +NetBIOS lmhosts file. The lmhosts +file is a list of NetBIOS names to IP addresses that +is loaded by the nmbd server and used via the name +resolution mechanism name resolve order +to resolve any NetBIOS name queries needed by the server. Note +that the contents of this file are \fBNOT\fR +used by \fBnmbd\fR to answer any name queries. +Adding a line to this file affects name NetBIOS resolution +from this host \fBONLY\fR. + +The default path to this file is compiled into +Samba as part of the build process. Common defaults +are \fI/usr/local/samba/lib/lmhosts\fR, +\fI/usr/samba/lib/lmhosts\fR or +\fI/etc/lmhosts\fR. See the \fIlmhosts(5)\fRman page for details on the +contents of this file. +.TP +\fB-V\fR +Prints the version number for +\fBnmbd\fR. +.TP +\fB-d \fR +debuglevel is an integer +from 0 to 10. The default value if this parameter is +not specified is zero. + +The higher this value, the more detail will +be logged to the log files about the activities of the +server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of +information about operations carried out. + +Levels above 1 will generate considerable amounts +of log data, and should only be used when investigating +a problem. Levels above 3 are designed for use only by developers +and generate HUGE amounts of log data, most of which is extremely +cryptic. + +Note that specifying this parameter here will override +the log level +parameter in the \fI smb.conf\fRfile. +.TP +\fB-l \fR +The -l parameter specifies a directory +into which the "log.nmbd" log file will be created +for operational data from the running +\fBnmbd\fR server. + +The default log directory is compiled into Samba +as part of the build process. Common defaults are \fI /usr/local/samba/var/log.nmb\fR, \fI /usr/samba/var/log.nmb\fR or +\fI/var/log/log.nmb\fR. +.TP +\fB-n \fR +This option allows you to override +the NetBIOS name that Samba uses for itself. This is identical +to setting the NetBIOS nameparameter in the +\fIsmb.conf\fRfile. However, a command +line setting will take precedence over settings in +\fIsmb.conf\fR. +.TP +\fB-p \fR +UDP port number is a positive integer value. +This option changes the default UDP port number (normally 137) +that \fBnmbd\fR responds to name queries on. Don't +use this option unless you are an expert, in which case you +won't need help! +.TP +\fB-s \fR +The default configuration file name +is set at build time, typically as \fI /usr/local/samba/lib/smb.conf\fR, but +this may be changed when Samba is autoconfigured. + +The file specified contains the configuration details +required by the server. See +\fIsmb.conf(5)\fRfor more information. +.SH "FILES" +.TP +\fB\fI/etc/inetd.conf\fB\fR +If the server is to be run by the +\fBinetd\fR meta-daemon, this file +must contain suitable startup information for the +meta-daemon. See the UNIX_INSTALL.htmldocument +for details. +.TP +\fB\fI/etc/rc\fB\fR +or whatever initialization script your +system uses). + +If running the server as a daemon at startup, +this file will need to contain an appropriate startup +sequence for the server. See the UNIX_INSTALL.htmldocument +for details. +.TP +\fB\fI/etc/services\fB\fR +If running the server via the +meta-daemon \fBinetd\fR, this file +must contain a mapping of service name (e.g., netbios-ssn) +to service port (e.g., 139) and protocol type (e.g., tcp). +See the UNIX_INSTALL.html +document for details. +.TP +\fB\fI/usr/local/samba/lib/smb.conf\fB\fR +This is the default location of the +\fIsmb.conf\fR +server configuration file. Other common places that systems +install this file are \fI/usr/samba/lib/smb.conf\fR +and \fI/etc/smb.conf\fR. + +When run as a WINS server (see the +wins support +parameter in the \fIsmb.conf(5)\fR man page), +\fBnmbd\fR +will store the WINS database in the file \fIwins.dat\fR +in the \fIvar/locks\fR directory configured under +wherever Samba was configured to install itself. + +If \fBnmbd\fR is acting as a \fB browse master\fR (see the local master +parameter in the \fIsmb.conf(5)\fR man page, +\fBnmbd\fR +will store the browsing database in the file \fIbrowse.dat +\fRin the \fIvar/locks\fR directory +configured under wherever Samba was configured to install itself. +.SH "SIGNALS" +.PP +To shut down an \fBnmbd\fR process it is recommended +that SIGKILL (-9) \fBNOT\fR be used, except as a last +resort, as this may leave the name database in an inconsistent state. +The correct way to terminate \fBnmbd\fR is to send it +a SIGTERM (-15) signal and wait for it to die on its own. +.PP +\fBnmbd\fR will accept SIGHUP, which will cause +it to dump out its namelists into the file \fInamelist.debug +\fRin the \fI/usr/local/samba/var/locks\fR +directory (or the \fIvar/locks\fR directory configured +under wherever Samba was configured to install itself). This will also +cause \fBnmbd\fR to dump out its server database in +the \fIlog.nmb\fR file. +.PP +The debug log level of nmbd may be raised or lowered using +\fBsmbcontrol(1)\fR +(SIGUSR[1|2] signals are no longer used in Samba 2.2). This is +to allow transient problems to be diagnosed, whilst still running +at a normally low log level. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBinetd(8)\fR, \fBsmbd(8)\fR, +\fIsmb.conf(5)\fR +, \fBsmbclient(1) +\fR, and the Internet RFC's +\fIrfc1001.txt\fR, \fIrfc1002.txt\fR. +In addition the CIFS (formerly SMB) specification is available +as a link from the Web page +http://samba.org/cifs/ . +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/nmblookup.1 b/docs/manpages/nmblookup.1 new file mode 100644 index 00000000000..ed6bd38ebab --- /dev/null +++ b/docs/manpages/nmblookup.1 @@ -0,0 +1,154 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "NMBLOOKUP" "1" "28 January 2002" "" "" +.SH NAME +nmblookup \- NetBIOS over TCP/IP client used to lookup NetBIOS names +.SH SYNOPSIS +.sp +\fBnmblookup\fR [ \fB-M\fR ] [ \fB-R\fR ] [ \fB-S\fR ] [ \fB-r\fR ] [ \fB-A\fR ] [ \fB-h\fR ] [ \fB-B \fR ] [ \fB-U \fR ] [ \fB-d \fR ] [ \fB-s \fR ] [ \fB-i \fR ] [ \fB-T\fR ] \fBname\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBnmblookup\fR is used to query NetBIOS names +and map them to IP addresses in a network using NetBIOS over TCP/IP +queries. The options allow the name queries to be directed at a +particular IP broadcast area or to a particular machine. All queries +are done over UDP. +.SH "OPTIONS" +.TP +\fB-M\fR +Searches for a master browser by looking +up the NetBIOS name \fIname\fR with a +type of 0x1d. If \fI name\fR is "-" then it does a lookup on the special name +__MSBROWSE__. +.TP +\fB-R\fR +Set the recursion desired bit in the packet +to do a recursive lookup. This is used when sending a name +query to a machine running a WINS server and the user wishes +to query the names in the WINS server. If this bit is unset +the normal (broadcast responding) NetBIOS processing code +on a machine is used instead. See rfc1001, rfc1002 for details. +.TP +\fB-S\fR +Once the name query has returned an IP +address then do a node status query as well. A node status +query returns the NetBIOS names registered by a host. +.TP +\fB-r\fR +Try and bind to UDP port 137 to send and receive UDP +datagrams. The reason for this option is a bug in Windows 95 +where it ignores the source port of the requesting packet +and only replies to UDP port 137. Unfortunately, on most UNIX +systems root privilege is needed to bind to this port, and +in addition, if the nmbd(8) +daemon is running on this machine it also binds to this port. +.TP +\fB-A\fR +Interpret \fIname\fR as +an IP Address and do a node status query on this address. +.TP +\fB-h\fR +Print a help (usage) message. +.TP +\fB-B \fR +Send the query to the given broadcast address. Without +this option the default behavior of nmblookup is to send the +query to the broadcast address of the network interfaces as +either auto-detected or defined in the \fIinterfaces\fR +parameter of the \fIsmb.conf (5)\fR file. +.TP +\fB-U \fR +Do a unicast query to the specified address or +host \fIunicast address\fR. This option +(along with the \fI-R\fR option) is needed to +query a WINS server. +.TP +\fB-d \fR +debuglevel is an integer from 0 to 10. + +The default value if this parameter is not specified +is zero. + +The higher this value, the more detail will be logged +about the activities of \fBnmblookup\fR. At level +0, only critical errors and serious warnings will be logged. + +Levels above 1 will generate considerable amounts of +log data, and should only be used when investigating a problem. +Levels above 3 are designed for use only by developers and +generate HUGE amounts of data, most of which is extremely cryptic. + +Note that specifying this parameter here will override +the \fI log level\fRparameter in the \fI smb.conf(5)\fR file. +.TP +\fB-s \fR +This parameter specifies the pathname to +the Samba configuration file, smb.conf(5). This file controls all aspects of +the Samba setup on the machine. +.TP +\fB-i \fR +This specifies a NetBIOS scope that +\fBnmblookup\fR will use to communicate with when +generating NetBIOS names. For details on the use of NetBIOS +scopes, see rfc1001.txt and rfc1002.txt. NetBIOS scopes are +\fBvery\fR rarely used, only set this parameter +if you are the system administrator in charge of all the +NetBIOS systems you communicate with. +.TP +\fB-T\fR +This causes any IP addresses found in the +lookup to be looked up via a reverse DNS lookup into a +DNS name, and printed out before each + +\fBIP address .... NetBIOS name\fR + +pair that is the normal output. +.TP +\fBname\fR +This is the NetBIOS name being queried. Depending +upon the previous options this may be a NetBIOS name or IP address. +If a NetBIOS name then the different name types may be specified +by appending '#' to the name. This name may also be +\&'*', which will return all registered names within a broadcast +area. +.SH "EXAMPLES" +.PP +\fBnmblookup\fR can be used to query +a WINS server (in the same way \fBnslookup\fR is +used to query DNS servers). To query a WINS server, +\fBnmblookup\fR must be called like this: +.PP +\fBnmblookup -U server -R 'name'\fR +.PP +For example, running : +.PP +\fBnmblookup -U samba.org -R 'IRIX#1B'\fR +.PP +would query the WINS server samba.org for the domain +master browser (1B name type) for the IRIX workgroup. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBnmbd(8)\fR, +samba(7) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/pdbedit.8 b/docs/manpages/pdbedit.8 new file mode 100644 index 00000000000..7a8661c30bd --- /dev/null +++ b/docs/manpages/pdbedit.8 @@ -0,0 +1,195 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "PDBEDIT" "8" "28 January 2002" "" "" +.SH NAME +pdbedit \- manage the SAM database +.SH SYNOPSIS +.sp +\fBpdbedit\fR [ \fB-l\fR ] [ \fB-v\fR ] [ \fB-w\fR ] [ \fB-u username\fR ] [ \fB-f fullname\fR ] [ \fB-h homedir\fR ] [ \fB-d drive\fR ] [ \fB-s script\fR ] [ \fB-p profile\fR ] [ \fB-a\fR ] [ \fB-m\fR ] [ \fB-x\fR ] [ \fB-i file\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +The pdbedit program is used to manage the users accounts +stored in the sam database and can be run only by root. +.PP +The pdbedit tool use the passdb modular interface and is +independent from the kind of users database used (currently there +are smbpasswd, ldap, nis+ and tdb based and more can be addedd +without changing the tool). +.PP +There are five main ways to use pdbedit: adding a user account, +removing a user account, modifing a user account, listing user +accounts, importing users accounts. +.SH "OPTIONS" +.TP +\fB-l\fR +This option list all the user accounts +present in the users database. +This option prints a list of user/uid pairs separated by +the ':' character. + +Example: \fBpdbedit -l\fR + +.sp +.nf + sorce:500:Simo Sorce + samba:45:Test User + +.sp +.fi +.TP +\fB-v\fR +This option sets the verbose listing format. +It will make pdbedit list the users in the database printing +out the account fields in a descriptive format. + +Example: \fBpdbedit -l -v\fR + +.sp +.nf + --------------- + username: sorce + user ID/Group: 500/500 + user RID/GRID: 2000/2001 + Full Name: Simo Sorce + Home Directory: \\\\BERSERKER\\sorce + HomeDir Drive: H: + Logon Script: \\\\BERSERKER\\netlogon\\sorce.bat + Profile Path: \\\\BERSERKER\\profile + --------------- + username: samba + user ID/Group: 45/45 + user RID/GRID: 1090/1091 + Full Name: Test User + Home Directory: \\\\BERSERKER\\samba + HomeDir Drive: + Logon Script: + Profile Path: \\\\BERSERKER\\profile + +.sp +.fi +.TP +\fB-w\fR +This option sets the "smbpasswd" listing format. +It will make pdbedit list the users in the database printing +out the account fields in a format compatible with the +\fIsmbpasswd\fR file format. (see the \fIsmbpasswd(5)\fRfor details) + +Example: \fBpdbedit -l -w\fR + +.sp +.nf + sorce:500:508818B733CE64BEAAD3B435B51404EE:D2A2418EFC466A8A0F6B1DBB5C3DB80C:[UX ]:LCT-00000000: + samba:45:0F2B255F7B67A7A9AAD3B435B51404EE:BC281CE3F53B6A5146629CD4751D3490:[UX ]:LCT-3BFA1E8D: + +.sp +.fi +.TP +\fB-u username\fR +This option specifies that the username to be +used for the operation requested (listing, adding, removing) +It is \fBrequired\fR in add, remove and modify +operations and \fBoptional\fR in list +operations. +.TP +\fB-f fullname\fR +This option can be used while adding or +modifing a user account. It will specify the user's full +name. + +Example: \fB-f "Simo Sorce"\fR +.TP +\fB-h homedir\fR +This option can be used while adding or +modifing a user account. It will specify the user's home +directory network path. + +Example: \fB-h "\\\\\\\\BERSERKER\\\\sorce"\fR +.TP +\fB-d drive\fR +This option can be used while adding or +modifing a user account. It will specify the windows drive +letter to be used to map the home directory. + +Example: \fB-d "H:"\fR +.TP +\fB-s script\fR +This option can be used while adding or +modifing a user account. It will specify the user's logon +script path. + +Example: \fB-s "\\\\\\\\BERSERKER\\\\netlogon\\\\sorce.bat"\fR +.TP +\fB-p profile\fR +This option can be used while adding or +modifing a user account. It will specify the user's profile +directory. + +Example: \fB-p "\\\\\\\\BERSERKER\\\\netlogon"\fR +.TP +\fB-a\fR +This option is used to add a user into the +database. This command need the user name be specified with +the -u switch. When adding a new user pdbedit will also +ask for the password to be used + +Example: \fBpdbedit -a -u sorce\fR +.sp +.nf +new password: + retype new password +.sp +.fi +.TP +\fB-m\fR +This option may only be used in conjunction +with the \fI-a\fR option. It will make +pdbedit to add a machine trust account instead of a user +account (-u username will provide the machine name). + +Example: \fBpdbedit -a -m -u w2k-wks\fR +.TP +\fB-x\fR +This option causes pdbedit to delete an account +from the database. It need the username be specified with the +-u switch. + +Example: \fBpdbedit -x -u bob\fR +.TP +\fB-i file\fR +This command is used to import a smbpasswd +file into the database. + +This option will ease migration from the plain smbpasswd +file database to more powerful backend databases like tdb and +ldap. + +Example: \fBpdbedit -i /etc/smbpasswd.old\fR +.SH "NOTES" +.PP +This command may be used only by root. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +smbpasswd(8), +samba(7) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/rpcclient.1 b/docs/manpages/rpcclient.1 new file mode 100644 index 00000000000..683929b3fcb --- /dev/null +++ b/docs/manpages/rpcclient.1 @@ -0,0 +1,323 @@ +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "RPCCLIENT" "1" "28 March 2002" "" "" +.SH NAME +rpcclient \- tool for executing client side MS-RPC functions +.SH SYNOPSIS + +\fBrpcclient\fR \fBserver\fR [ \fB-A authfile\fR] [ \fB-c \fR] [ \fB-d debuglevel\fR] [ \fB-h\fR] [ \fB-l logfile\fR] [ \fB-N\fR] [ \fB-s \fR] [ \fB-U username[%password]\fR] [ \fB-W workgroup\fR] [ \fB-N\fR] + +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBrpcclient\fR is a utility initially developed +to test MS-RPC functionality in Samba itself. It has undergone +several stages of development and stability. Many system administrators +have now written scripts around it to manage Windows NT clients from +their UNIX workstation. +.SH "OPTIONS" +.TP +\fBserver\fR +NetBIOS name of Server to which to connect. +The server can be any SMB/CIFS server. The name is +resolved using the \fIname resolve order\fRline from +\fIsmb.conf(5)\fR. +.TP +\fB-A|--authfile=filename\fR +This option allows +you to specify a file from which to read the username and +password used in the connection. The format of the file is + + +.nf + username = + password = + domain = + +.fi + +Make certain that the permissions on the file restrict +access from unwanted users. +.TP +\fB-c|--command='command string'\fR +execute semicolon separated commands (listed +below)) +.TP +\fB-d|--debug=debuglevel\fR +set the debuglevel. Debug level 0 is the lowest +and 100 being the highest. This should be set to 100 if you are +planning on submitting a bug report to the Samba team (see \fIBUGS.txt\fR). +.TP +\fB-h|--help\fR +Print a summary of command line options. +.TP +\fB-l|--logfile=logbasename\fR +File name for log/debug files. The extension +\&'.client' will be appended. The log file is never removed +by the client. +.TP +\fB-N|--nopass\fR +instruct \fBrpcclient\fR not to ask +for a password. By default, \fBrpcclient\fR will prompt +for a password. See also the \fI-U\fR option. +.TP +\fB-s|--conf=smb.conf\fR +Specifies the location of the all important +\fIsmb.conf\fR file. +.TP +\fB-U|--user=username[%password]\fR +Sets the SMB username or username and password. + +If %password is not specified, the user will be prompted. The +client will first check the \fBUSER\fR environment variable, then the +\fBLOGNAME\fR variable and if either exists, the +string is uppercased. If these environmental variables are not +found, the username GUEST is used. + +A third option is to use a credentials file which +contains the plaintext of the username and password. This +option is mainly provided for scripts where the admin doesn't +desire to pass the credentials on the command line or via environment +variables. If this method is used, make certain that the permissions +on the file restrict access from unwanted users. See the +\fI-A\fR for more details. + +Be cautious about including passwords in scripts. Also, on +many systems the command line of a running process may be seen +via the \fBps\fR command. To be safe always allow +\fBrpcclient\fR to prompt for a password and type +it in directly. +.TP +\fB-W|--workgroup=domain\fR +Set the SMB domain of the username. This +overrides the default domain which is the domain defined in +smb.conf. If the domain specified is the same as the server's NetBIOS name, +it causes the client to log on using the server's local SAM (as +opposed to the Domain SAM). +.SH "COMMANDS" +.PP +\fBLSARPC\fR +.TP 0.2i +\(bu +\fBlsaquery\fR +.TP 0.2i +\(bu +\fBlookupsids\fR - Resolve a list +of SIDs to usernames. +.TP 0.2i +\(bu +\fBlookupnames\fR - Resolve s list +of usernames to SIDs. +.TP 0.2i +\(bu +\fBenumtrusts\fR +.PP +.PP +\fBSAMR\fR +.TP 0.2i +\(bu +\fBqueryuser\fR +.TP 0.2i +\(bu +\fBquerygroup\fR +.TP 0.2i +\(bu +\fBqueryusergroups\fR +.TP 0.2i +\(bu +\fBquerygroupmem\fR +.TP 0.2i +\(bu +\fBqueryaliasmem\fR +.TP 0.2i +\(bu +\fBquerydispinfo\fR +.TP 0.2i +\(bu +\fBquerydominfo\fR +.TP 0.2i +\(bu +\fBenumdomgroups\fR +.PP +.PP +\fBSPOOLSS\fR +.TP 0.2i +\(bu +\fBadddriver \fR +- Execute an AddPrinterDriver() RPC to install the printer driver +information on the server. Note that the driver files should +already exist in the directory returned by +\fBgetdriverdir\fR. Possible values for +\fIarch\fR are the same as those for +the \fBgetdriverdir\fR command. +The \fIconfig\fR parameter is defined as +follows: + + +.nf + Long Printer Name:\\ + Driver File Name:\\ + Data File Name:\\ + Config File Name:\\ + Help File Name:\\ + Language Monitor Name:\\ + Default Data Type:\\ + Comma Separated list of Files + +.fi + +Any empty fields should be enter as the string "NULL". + +Samba does not need to support the concept of Print Monitors +since these only apply to local printers whose driver can make +use of a bi-directional link for communication. This field should +be "NULL". On a remote NT print server, the Print Monitor for a +driver must already be installed prior to adding the driver or +else the RPC will fail. +.TP 0.2i +\(bu +\fBaddprinter + \fR +- Add a printer on the remote server. This printer +will be automatically shared. Be aware that the printer driver +must already be installed on the server (see \fBadddriver\fR) +and the \fIport\fRmust be a valid port name (see +\fBenumports\fR. +.TP 0.2i +\(bu +\fBdeldriver\fR - Delete the +specified printer driver for all architectures. This +does not delete the actual driver files from the server, +only the entry from the server's list of drivers. +.TP 0.2i +\(bu +\fBenumdata\fR - Enumerate all +printer setting data stored on the server. On Windows NT clients, +these values are stored in the registry, while Samba servers +store them in the printers TDB. This command corresponds +to the MS Platform SDK GetPrinterData() function (* This +command is currently unimplemented). +.TP 0.2i +\(bu +\fBenumjobs \fR +- List the jobs and status of a given printer. +This command corresponds to the MS Platform SDK EnumJobs() +function (* This command is currently unimplemented). +.TP 0.2i +\(bu +\fBenumports [level]\fR +- Executes an EnumPorts() call using the specified +info level. Currently only info levels 1 and 2 are supported. +.TP 0.2i +\(bu +\fBenumdrivers [level]\fR +- Execute an EnumPrinterDrivers() call. This lists the various installed +printer drivers for all architectures. Refer to the MS Platform SDK +documentation for more details of the various flags and calling +options. Currently supported info levels are 1, 2, and 3. +.TP 0.2i +\(bu +\fBenumprinters [level]\fR +- Execute an EnumPrinters() call. This lists the various installed +and share printers. Refer to the MS Platform SDK documentation for +more details of the various flags and calling options. Currently +supported info levels are 0, 1, and 2. +.TP 0.2i +\(bu +\fBgetdata \fR +- Retrieve the data for a given printer setting. See +the \fBenumdata\fR command for more information. +This command corresponds to the GetPrinterData() MS Platform +SDK function (* This command is currently unimplemented). +.TP 0.2i +\(bu +\fBgetdriver \fR +- Retrieve the printer driver information (such as driver file, +config file, dependent files, etc...) for +the given printer. This command corresponds to the GetPrinterDriver() +MS Platform SDK function. Currently info level 1, 2, and 3 are supported. +.TP 0.2i +\(bu +\fBgetdriverdir \fR +- Execute a GetPrinterDriverDirectory() +RPC to retreive the SMB share name and subdirectory for +storing printer driver files for a given architecture. Possible +values for \fIarch\fR are "Windows 4.0" +(for Windows 95/98), "Windows NT x86", "Windows NT PowerPC", "Windows +Alpha_AXP", and "Windows NT R4000". +.TP 0.2i +\(bu +\fBgetprinter \fR +- Retrieve the current printer information. This command +corresponds to the GetPrinter() MS Platform SDK function. +.TP 0.2i +\(bu +\fBopenprinter \fR +- Execute an OpenPrinterEx() and ClosePrinter() RPC +against a given printer. +.TP 0.2i +\(bu +\fBsetdriver \fR +- Execute a SetPrinter() command to update the printer driver associated +with an installed printer. The printer driver must already be correctly +installed on the print server. + +See also the \fBenumprinters\fR and +\fBenumdrivers\fR commands for obtaining a list of +of installed printers and drivers. +.PP +\fBGENERAL OPTIONS\fR +.TP 0.2i +\(bu +\fBdebuglevel\fR - Set the current debug level +used to log information. +.TP 0.2i +\(bu +\fBhelp (?)\fR - Print a listing of all +known commands or extended help on a particular command. +.TP 0.2i +\(bu +\fBquit (exit)\fR - Exit \fBrpcclient +\fR. +.SH "BUGS" +.PP +\fBrpcclient\fR is designed as a developer testing tool +and may not be robust in certain areas (such as command line parsing). +It has been known to generate a core dump upon failures when invalid +parameters where passed to the interpreter. +.PP +From Luke Leighton's original rpcclient man page: +.PP +\fB"WARNING!\fR The MSRPC over SMB code has +been developed from examining Network traces. No documentation is +available from the original creators (Microsoft) on how MSRPC over +SMB works, or how the individual MSRPC services work. Microsoft's +implementation of these services has been demonstrated (and reported) +to be... a bit flaky in places. +.PP +The development of Samba's implementation is also a bit rough, +and as more of the services are understood, it can even result in +versions of \fBsmbd(8)\fR and \fBrpcclient(1)\fR +that are incompatible for some commands or services. Additionally, +the developers are sending reports to Microsoft, and problems found +or reported to Microsoft are fixed in Service Packs, which may +result in incompatibilities." +.SH "VERSION" +.PP +This man page is correct for version 3.0 of the Samba +suite. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original rpcclient man page was written by Matthew +Geddes, Luke Kenneth Casson Leighton, and rewritten by Gerald Carter. +The conversion to DocBook for Samba 2.2 was done by Gerald +Carter. diff --git a/docs/manpages/samba.7 b/docs/manpages/samba.7 index 0c81f736b6e..82e74096278 100644 --- a/docs/manpages/samba.7 +++ b/docs/manpages/samba.7 @@ -1,190 +1,141 @@ -.TH SAMBA 7 29/3/95 Samba Samba +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SAMBA" "7" "28 January 2002" "" "" .SH NAME -Samba \- a LanManager like fileserver for Unix +SAMBA \- A Windows SMB/CIFS fileserver for UNIX .SH SYNOPSIS -.B Samba -.SH DESCRIPTION -The -.B Samba -software suite is a collection of programs that implements the SMB -protocol for unix systems. This protocol is sometimes also referred to -as the LanManager or Netbios protocol. - -.SH COMPONENTS - -The Samba suite is made up of several components. Each component is -described in a separate manual page. It is strongly recommended that -you read the documentation that comes with Samba and the manual pages -of those components that you use. If the manual pages aren't clear -enough then please send me a patch! - -The smbd(8) daemon provides the file and print services to SMB clents, -such as Windows for Workgroups, Windows NT or LanManager. The -configuration file for this daemon is described in smb.conf(5). - -The nmbd(8) daemon provides Netbios nameserving and browsing -support. It can also be run interactively to query other name service -daemons. - -The smbclient(1) program implements a simple ftp-like client. This is -useful for accessing SMB shares on other compatible servers (such as -WfWg), and can also be used to allow a unix box to print to a printer -attached to any SMB server (such as a PC running WfWg). - -The testparm(1) utility allows you to test your smb.conf(5) -configuration file. - -The smbstatus(1) utility allows you to tell who is currently using the -smbd(8) server. - -.SH AVAILABILITY - -The Samba software suite is licensed under the Gnu Public License. A -copy of that license should have come with the package. You are -encouraged to distribute copies of the Samba suite, but please keep it -intact. - -The latest version of the Samba suite can be obtained via anonymous -ftp from nimbus.anu.edu.au in the directory pub/tridge/samba/. It is -also available on several mirror sites worldwide. - -You may also find useful information about Samba on the newsgroup -comp.protocols.smb and the Samba mailing list. Details on how to join -the mailing list are given in the README file that comes with Samba. - -If you have access to a WWW viewer (such as Netscape or Mosaic) then -you will also find lots of useful information, including back issues -of the Samba mailing list, at http://lake.canberra.edu.au/pub/samba/ - -.SH AUTHOR - -The main author of the Samba suite is Andrew Tridgell. He may be -contacted via e-mail at samba-bugs@anu.edu.au. - -There have also been an enourmous number of contributors to Samba from -all over the world. A partial list of these contributors is included -in the CREDITS section below. The list is, however, badly out of -date. More up to date info may be obtained from the change-log that -comes with the Samba source code. - -.SH CONTRIBUTIONS - -If you wish to contribute to the Samba project, then I suggest you -join the Samba mailing list. - -If you have patches to submit or bugs to report then you may mail them -directly to samba-bugs@anu.edu.au. Note, however, that due to the -enourmous popularity of this package I may take some time to repond to -mail. I prefer patches in "diff -u" format. - -.SH CREDITS - -Contributors to the project are (in alphabetical order by email address): - -(NOTE: This list is very out of date) - - Adams, Graham - (gadams@ddrive.demon.co.uk) - Allison, Jeremy - (jeremy@netcom.com) - Andrus, Ross - (ross@augie.insci.com) - Auer, Karl - (Karl.Auer@anu.edu.au) - Bogstad, Bill - (bogstad@cs.jhu.edu) - Boreham, Bryan - (Bryan@alex.com) - Boreham, David - (davidb@ndl.co.uk) - Butler, Michael - (imb@asstdc.scgt.oz.au) - ??? - (charlie@edina.demon.co.uk) - Chua, Michael - (lpc@solomon.technet.sg) - Cochran, Marc - (mcochran@wellfleet.com) - Dey, Martin N - (mnd@netmgrs.co.uk) - Errath, Maximilian - (errath@balu.kfunigraz.ac.at) - Fisher, Lee - (leefi@microsoft.com) - Foderaro, Sean - (jkf@frisky.Franz.COM) - Greer, Brad - (brad@cac.washington.edu) - Griffith, Michael A - (grif@cs.ucr.edu) - Grosen, Mark - (MDGrosen@spectron.COM) - ???? - (gunjkoa@dep.sa.gov.au) - Haapanen, Tom - (tomh@metrics.com) - Hench, Mike - (hench@cae.uwm.edu) - Horstman, Mark A - (mh2620@sarek.sbc.com) - Hudson, Tim - (tim.hudson@gslmail.mincom.oz.au) - Hulthen, Erik Magnus - (magnus@axiom.se) - ??? - (imb@asstdc.scgt.oz.au) - Iversen, Per Steinar - (iversen@dsfys1.fi.uib.no) - Kaara, Pasi - (ppk@atk.tpo.fi) - Karman, Merik - (merik@blackadder.dsh.oz.au) - Kiff, Martin - (mgk@newton.npl.co.uk) - Kiick, Chris - (cjkiick@flinx.b11.ingr.com) - Kukulies, Christoph - (kuku@acds.physik.rwth-aachen.de) - ??? - (lance@fox.com) - Lendecke, Volker - (lendecke@namu01.gwdg.de) - ??? - (lonnie@itg.ti.com) - Mahoney, Paul Thomas - (ptm@xact1.xact.com) - Mauelshagen, Heinz - (mauelsha@ez.da.telekom.de) - Merrick, Barry G - (bgm@atml.co.uk) - Mol, Marcel - (marcel@fanout.et.tudeflt.nl) - ??? - (njw@cpsg.com.au) - ??? - (noses@oink.rhein.de) - Owens, John - (john@micros.com) - Pierson, Jacques - (pierson@ketje.enet.dec.com) - Powell, Mark - (mark@scot1.ucsalf.ac.uk) - Reiz, Steven - (sreiz@aie.nl) - Schlaeger, Joerg - (joergs@toppoint.de) - S{rkel{, Vesa - (vesku@rankki.kcl.fi) - Tridgell, Andrew - (samba-bugs@anu.edu.au) - Troyer, Dean - (troyer@saifr00.ateng.az.honeywell.com) - Wakelin, Ross - (rossw@march.co.uk) - Wessels, Stefan - (SWESSELS@dos-lan.cs.up.ac.za) - Young, Ian A - (iay@threel.co.uk) - van der Zwan, Paul - (paulzn@olivetti.nl) - +.sp +\fBSamba\fR +.SH "DESCRIPTION" +.PP +The Samba software suite is a collection of programs +that implements the Server Message Block (commonly abbreviated +as SMB) protocol for UNIX systems. This protocol is sometimes +also referred to as the Common Internet File System (CIFS), +LanManager or NetBIOS protocol. +.TP +\fBsmbd\fR +The \fBsmbd \fR +daemon provides the file and print services to +SMB clients, such as Windows 95/98, Windows NT, Windows +for Workgroups or LanManager. The configuration file +for this daemon is described in \fIsmb.conf\fR +.TP +\fBnmbd\fR +The \fBnmbd\fR +daemon provides NetBIOS nameserving and browsing +support. The configuration file for this daemon +is described in \fIsmb.conf\fR +.TP +\fBsmbclient\fR +The \fBsmbclient\fR +program implements a simple ftp-like client. This +is useful for accessing SMB shares on other compatible +servers (such as Windows NT), and can also be used +to allow a UNIX box to print to a printer attached to +any SMB server (such as a PC running Windows NT). +.TP +\fBtestparm\fR +The \fBtestparm\fR +utility is a simple syntax checker for Samba's +\fIsmb.conf\fRconfiguration file. +.TP +\fBtestprns\fR +The \fBtestprns\fR +utility supports testing printer names defined +in your \fIprintcap>\fR file used +by Samba. +.TP +\fBsmbstatus\fR +The \fBsmbstatus\fR +tool provides access to information about the +current connections to \fBsmbd\fR. +.TP +\fBnmblookup\fR +The \fBnmblookup\fR +tools allows NetBIOS name queries to be made +from a UNIX host. +.TP +\fBmake_smbcodepage\fR +The \fBmake_smbcodepage\fR +utility provides a means of creating SMB code page +definition files for your \fBsmbd\fR server. +.TP +\fBsmbpasswd\fR +The \fBsmbpasswd\fR +command is a tool for changing LanMan and Windows NT +password hashes on Samba and Windows NT servers. +.SH "COMPONENTS" +.PP +The Samba suite is made up of several components. Each +component is described in a separate manual page. It is strongly +recommended that you read the documentation that comes with Samba +and the manual pages of those components that you use. If the +manual pages aren't clear enough then please send a patch or +bug report to samba@samba.org +.SH "AVAILABILITY" +.PP +The Samba software suite is licensed under the +GNU Public License(GPL). A copy of that license should +have come with the package in the file COPYING. You are +encouraged to distribute copies of the Samba suite, but +please obey the terms of this license. +.PP +The latest version of the Samba suite can be +obtained via anonymous ftp from samba.org in the +directory pub/samba/. It is also available on several +mirror sites worldwide. +.PP +You may also find useful information about Samba +on the newsgroup comp.protocol.smb and the Samba mailing +list. Details on how to join the mailing list are given in +the README file that comes with Samba. +.PP +If you have access to a WWW viewer (such as Netscape +or Mosaic) then you will also find lots of useful information, +including back issues of the Samba mailing list, at +http://lists.samba.org . +.SH "VERSION" +.PP +This man page is correct for version 2.2 of the +Samba suite. +.SH "CONTRIBUTIONS" +.PP +If you wish to contribute to the Samba project, +then I suggest you join the Samba mailing list at +http://lists.samba.org . +.PP +If you have patches to submit or bugs to report +then you may mail them directly to samba-patches@samba.org. +Note, however, that due to the enormous popularity of this +package the Samba Team may take some time to respond to mail. We +prefer patches in \fBdiff -u\fR format. +.SH "CONTRIBUTORS" +.PP +Contributors to the project are now too numerous +to mention here but all deserve the thanks of all Samba +users. To see a full list, look at ftp://samba.org/pub/samba/alpha/change-log +for the pre-CVS changes and at ftp://samba.org/pub/samba/alpha/cvs.log +for the contributors to Samba post-CVS. CVS is the Open Source +source code control system used by the Samba Team to develop +Samba. The project would have been unmanageable without it. +.PP +In addition, several commercial organizations now help +fund the Samba Team with money and equipment. For details see +the Samba Web pages at http://samba.org/samba/samba-thanks.html. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smb.conf.5 b/docs/manpages/smb.conf.5 index 933d71ff0c3..32a40d26091 100644 --- a/docs/manpages/smb.conf.5 +++ b/docs/manpages/smb.conf.5 @@ -1,2719 +1,7252 @@ -.TH SMB.CONF 5 11/10/94 smb.conf smb.conf +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMB.CONF" "5" "01 April 2002" "" "" .SH NAME -smb.conf \- configuration file for smbd -.SH SYNOPSIS -.B smb.conf -.SH DESCRIPTION -The -.B smb.conf -file is a configuration file for the Samba suite. - -.B smb.conf -contains runtime configuration information for the -.B smbd -program. The -.B smbd -program provides LanManager-like services to clients -using the SMB protocol. - -.SH FILE FORMAT -The file consists of sections and parameters. A section begins with the -name of the section in square brackets and continues until the next -section begins. Sections contain parameters of the form 'name = value'. - -The file is line-based - that is, each newline-terminated line represents -either a comment, a section name or a parameter. - +smb.conf \- The configuration file for the Samba suite +.SH "SYNOPSIS" +.PP +The \fIsmb.conf\fR file is a configuration +file for the Samba suite. \fIsmb.conf\fR contains +runtime configuration information for the Samba programs. The +\fIsmb.conf\fR file is designed to be configured and +administered by the \fBswat(8)\fR +program. The complete description of the file format and +possible parameters held within are here for reference purposes. +.SH "FILE FORMAT" +.PP +The file consists of sections and parameters. A section +begins with the name of the section in square brackets and continues +until the next section begins. Sections contain parameters of the +form +.PP +\fIname\fR = \fIvalue +\fR.PP +The file is line-based - that is, each newline-terminated +line represents either a comment, a section name or a parameter. +.PP Section and parameter names are not case sensitive. - -Only the first equals sign in a parameter is significant. Whitespace before -or after the first equals sign is discarded. Leading, trailing and internal -whitespace in section and parameter names is irrelevant. Leading and -trailing whitespace in a parameter value is discarded. Internal whitespace -within a parameter value is retained verbatim. - -Any line beginning with a semicolon is ignored, as are lines containing -only whitespace. - -Any line ending in a \\ is "continued" on the next line in the -customary unix fashion. - -The values following the equals sign in parameters are all either a string -(no quotes needed) or a boolean, which may be given as yes/no, 0/1 or -true/false. Case is not significant in boolean values, but is preserved -in string values. Some items such as create modes are numeric. -.SH SERVICE DESCRIPTIONS -Each section in the configuration file describes a service. The section name -is the service name and the parameters within the section define the service's -attributes. - -There are three special sections, [global], [homes] and [printers], which are -described under 'special sections'. The following notes apply to ordinary -service descriptions. - -A service consists of a directory to which access is being given plus a -description of the access rights which are granted to the user of the -service. Some housekeeping options are also specifiable. - -Services are either filespace services (used by the client as an extension of -their native file systems) or printable services (used by the client to access -print services on the host running the server). - -Services may be guest services, in which case no password is required to -access them. A specified guest account is used to define access privileges -in this case. - -Services other than guest services will require a password to access -them. The client provides the username. As many clients only provide -passwords and not usernames, you may specify a list of usernames to -check against the password using the "user=" option in the service -definition. - -Note that the access rights granted by the server are masked by the access -rights granted to the specified or guest user by the host system. The -server does not grant more access than the host system grants. - -The following sample section defines a file space service. The user has write -access to the path /home/bar. The service is accessed via the service name -"foo": - - [foo] +.PP +Only the first equals sign in a parameter is significant. +Whitespace before or after the first equals sign is discarded. +Leading, trailing and internal whitespace in section and parameter +names is irrelevant. Leading and trailing whitespace in a parameter +value is discarded. Internal whitespace within a parameter value +is retained verbatim. +.PP +Any line beginning with a semicolon (';') or a hash ('#') +character is ignored, as are lines containing only whitespace. +.PP +Any line ending in a '\\' is continued +on the next line in the customary UNIX fashion. +.PP +The values following the equals sign in parameters are all +either a string (no quotes needed) or a boolean, which may be given +as yes/no, 0/1 or true/false. Case is not significant in boolean +values, but is preserved in string values. Some items such as +create modes are numeric. +.SH "SECTION DESCRIPTIONS" +.PP +Each section in the configuration file (except for the +[global] section) describes a shared resource (known +as a "share"). The section name is the name of the +shared resource and the parameters within the section define +the shares attributes. +.PP +There are three special sections, [global], +[homes] and [printers], which are +described under \fBspecial sections\fR. The +following notes apply to ordinary section descriptions. +.PP +A share consists of a directory to which access is being +given plus a description of the access rights which are granted +to the user of the service. Some housekeeping options are +also specifiable. +.PP +Sections are either file share services (used by the +client as an extension of their native file systems) or +printable services (used by the client to access print services +on the host running the server). +.PP +Sections may be designated \fBguest\fR services, +in which case no password is required to access them. A specified +UNIX \fBguest account\fR is used to define access +privileges in this case. +.PP +Sections other than guest services will require a password +to access them. The client provides the username. As older clients +only provide passwords and not usernames, you may specify a list +of usernames to check against the password using the "user =" +option in the share definition. For modern clients such as +Windows 95/98/ME/NT/2000, this should not be necessary. +.PP +Note that the access rights granted by the server are +masked by the access rights granted to the specified or guest +UNIX user by the host system. The server does not grant more +access than the host system grants. +.PP +The following sample section defines a file space share. +The user has write access to the path \fI/home/bar\fR. +The share is accessed via the share name "foo": +.sp +.nf + [foo] path = /home/bar - writable = true - -The following sample section defines a printable service. The service is -readonly, but printable. That is, the only write access permitted is via -calls to open, write to and close a spool file. The 'guest ok' parameter -means access will be permitted as the default guest user (specified elsewhere): - - [aprinter] + writeable = true + + +.sp +.fi +.PP +The following sample section defines a printable share. +The share is readonly, but printable. That is, the only write +access permitted is via calls to open, write to and close a +spool file. The \fBguest ok\fR parameter means +access will be permitted as the default guest user (specified +elsewhere): +.sp +.nf + [aprinter] path = /usr/spool/public - read only = true + writeable = false printable = true - public = true - -.SH SPECIAL SECTIONS - -.SS The [global] section -.RS 3 -Parameters in this section apply to the server as a whole, or are defaults -for services which do not specifically define certain items. See the notes -under 'Parameters' for more information. -.RE - -.SS The [homes] section -.RS 3 -If a section called 'homes' is included in the configuration file, services -connecting clients to their home directories can be created on the fly by the -server. - -When the connection request is made, the existing services are scanned. If a -match is found, it is used. If no match is found, the requested service name is -treated as a user name and looked up in the local passwords file. If the -name exists and the correct password has been given, a service is created -by cloning the [homes] section. - -Some modifications are then made to the newly created section: - -.RS 3 -The service name is changed from 'homes' to the located username - -If no path was given, the path is set to the user's home directory. + guest ok = true + + +.sp +.fi +.SH "SPECIAL SECTIONS" +.SS "THE GLOBAL SECTION" +.PP +parameters in this section apply to the server +as a whole, or are defaults for sections which do not +specifically define certain items. See the notes +under PARAMETERS for more information. +.SS "THE HOMES SECTION" +.PP +If a section called homes is included in the +configuration file, services connecting clients to their +home directories can be created on the fly by the server. +.PP +When the connection request is made, the existing +sections are scanned. If a match is found, it is used. If no +match is found, the requested section name is treated as a +user name and looked up in the local password file. If the +name exists and the correct password has been given, a share is +created by cloning the [homes] section. +.PP +Some modifications are then made to the newly +created share: +.TP 0.2i +\(bu +The share name is changed from homes to +the located username. +.TP 0.2i +\(bu +If no path was given, the path is set to +the user's home directory. +.PP +If you decide to use a \fBpath =\fR line +in your [homes] section then you may find it useful +to use the %S macro. For example : +.PP +.PP +\fBpath = /data/pchome/%S\fR +.PP +.PP +would be useful if you have different home directories +for your PCs than for UNIX access. +.PP +.PP +This is a fast and simple way to give a large number +of clients access to their home directories with a minimum +of fuss. +.PP +.PP +A similar process occurs if the requested section +name is "homes", except that the share name is not +changed to that of the requesting user. This method of using +the [homes] section works well if different users share +a client PC. +.PP +.PP +The [homes] section can specify all the parameters +a normal service section can specify, though some make more sense +than others. The following is a typical and suitable [homes] +section: +.PP +.sp +.nf + [homes] + writeable = yes + + +.sp +.fi +.PP +An important point is that if guest access is specified +in the [homes] section, all home directories will be +visible to all clients \fBwithout a password\fR. +In the very unlikely event that this is actually desirable, it +would be wise to also specify \fBread only +access\fR. +.PP +.PP +Note that the \fBbrowseable\fR flag for +auto home directories will be inherited from the global browseable +flag, not the [homes] browseable flag. This is useful as +it means setting \fBbrowseable = no\fR in +the [homes] section will hide the [homes] share but make +any auto home directories visible. +.PP +.SS "THE PRINTERS SECTION" +.PP +This section works like [homes], +but for printers. +.PP +If a [printers] section occurs in the +configuration file, users are able to connect to any printer +specified in the local host's printcap file. +.PP +When a connection request is made, the existing sections +are scanned. If a match is found, it is used. If no match is found, +but a [homes] section exists, it is used as described +above. Otherwise, the requested section name is treated as a +printer name and the appropriate printcap file is scanned to see +if the requested section name is a valid printer share name. If +a match is found, a new printer share is created by cloning +the [printers] section. +.PP +A few modifications are then made to the newly created +share: +.TP 0.2i +\(bu +The share name is set to the located printer +name +.TP 0.2i +\(bu +If no printer name was given, the printer name +is set to the located printer name +.TP 0.2i +\(bu +If the share does not permit guest access and +no username was given, the username is set to the located +printer name. +.PP +Note that the [printers] service MUST be +printable - if you specify otherwise, the server will refuse +to load the configuration file. +.PP +.PP +Typically the path specified would be that of a +world-writeable spool directory with the sticky bit set on +it. A typical [printers] entry would look like +this: +.PP +.sp +.nf + [printers] + path = /usr/spool/public + guest ok = yes + printable = yes + +.sp +.fi +.PP +All aliases given for a printer in the printcap file +are legitimate printer names as far as the server is concerned. +If your printing subsystem doesn't work like that, you will have +to set up a pseudo-printcap. This is a file consisting of one or +more lines like this: +.PP +.sp +.nf + alias|alias|alias|alias... + + +.sp +.fi +.PP +Each alias should be an acceptable printer name for +your printing subsystem. In the [global] section, specify +the new file as your printcap. The server will then only recognize +names found in your pseudo-printcap, which of course can contain +whatever aliases you like. The same technique could be used +simply to limit access to a subset of your local printers. +.PP +.PP +An alias, by the way, is defined as any component of the +first entry of a printcap record. Records are separated by newlines, +components (if there are more than one) are separated by vertical +bar symbols ('|'). +.PP +.PP +NOTE: On SYSV systems which use lpstat to determine what +printers are defined on the system you may be able to use +"printcap name = lpstat" to automatically obtain a list +of printers. See the "printcap name" option +for more details. +.PP +.SH "PARAMETERS" +.PP +parameters define the specific attributes of sections. +.PP +Some parameters are specific to the [global] section +(e.g., \fBsecurity\fR). Some parameters are usable +in all sections (e.g., \fBcreate mode\fR). All others +are permissible only in normal sections. For the purposes of the +following descriptions the [homes] and [printers] +sections will be considered normal. The letter \fBG\fR +in parentheses indicates that a parameter is specific to the +[global] section. The letter \fBS\fR +indicates that a parameter can be specified in a service specific +section. Note that all \fBS\fR parameters can also be specified in +the [global] section - in which case they will define +the default behavior for all services. +.PP +parameters are arranged here in alphabetical order - this may +not create best bedfellows, but at least you can find them! Where +there are synonyms, the preferred synonym is described, others refer +to the preferred synonym. +.SH "VARIABLE SUBSTITUTIONS" +.PP +Many of the strings that are settable in the config file +can take substitutions. For example the option "path = +/tmp/%u" would be interpreted as "path = +/tmp/john" if the user connected with the username john. +.PP +These substitutions are mostly noted in the descriptions below, +but there are some general substitutions which apply whenever they +might be relevant. These are: +.TP +\fB%S\fR +the name of the current service, if any. +.TP +\fB%P\fR +the root directory of the current service, +if any. +.TP +\fB%u\fR +user name of the current service, if any. +.TP +\fB%g\fR +primary group name of %u. +.TP +\fB%U\fR +session user name (the user name that the client +wanted, not necessarily the same as the one they got). +.TP +\fB%G\fR +primary group name of %U. +.TP +\fB%H\fR +the home directory of the user given +by %u. +.TP +\fB%v\fR +the Samba version. +.TP +\fB%h\fR +the Internet hostname that Samba is running +on. +.TP +\fB%m\fR +the NetBIOS name of the client machine +(very useful). +.TP +\fB%L\fR +the NetBIOS name of the server. This allows you +to change your config based on what the client calls you. Your +server can have a "dual personality". + +Note that this paramater is not available when Samba listens +on port 445, as clients no longer send this information +.TP +\fB%M\fR +the Internet name of the client machine. +.TP +\fB%N\fR +the name of your NIS home directory server. +This is obtained from your NIS auto.map entry. If you have +not compiled Samba with the \fB--with-automount\fR +option then this value will be the same as %L. +.TP +\fB%p\fR +the path of the service's home directory, +obtained from your NIS auto.map entry. The NIS auto.map entry +is split up as "%N:%p". +.TP +\fB%R\fR +the selected protocol level after +protocol negotiation. It can be one of CORE, COREPLUS, +LANMAN1, LANMAN2 or NT1. +.TP +\fB%d\fR +The process id of the current server +process. +.TP +\fB%a\fR +the architecture of the remote +machine. Only some are recognized, and those may not be +100% reliable. It currently recognizes Samba, WfWg, Win95, +WinNT and Win2k. Anything else will be known as +"UNKNOWN". If it gets it wrong then sending a level +3 log to samba@samba.org + should allow it to be fixed. +.TP +\fB%I\fR +The IP address of the client machine. +.TP +\fB%T\fR +the current date and time. +.TP +\fB%$(\fIenvvar\fB)\fR +The value of the environment variable +\fIenvar\fR. +.PP +There are some quite creative things that can be done +with these substitutions and other smb.conf options. +.PP +.SH "NAME MANGLING" +.PP +Samba supports "name mangling" so that DOS and +Windows clients can use files that don't conform to the 8.3 format. +It can also be set to adjust the case of 8.3 format filenames. +.PP +There are several options that control the way mangling is +performed, and they are grouped here rather than listed separately. +For the defaults look at the output of the testparm program. +.PP +All of these options can be set separately for each service +(or globally, of course). +.PP +The options are: +.TP +\fBmangle case = yes/no\fR +controls if names that have characters that +aren't of the "default" case are mangled. For example, +if this is yes then a name like "Mail" would be mangled. +Default \fBno\fR. +.TP +\fBcase sensitive = yes/no\fR +controls whether filenames are case sensitive. If +they aren't then Samba must do a filename search and match on passed +names. Default \fBno\fR. +.TP +\fBdefault case = upper/lower\fR +controls what the default case is for new +filenames. Default \fBlower\fR. +.TP +\fBpreserve case = yes/no\fR +controls if new files are created with the +case that the client passes, or if they are forced to be the +"default" case. Default \fByes\fR. +.TP +\fBshort preserve case = yes/no\fR +controls if new files which conform to 8.3 syntax, +that is all in upper case and of suitable length, are created +upper case, or if they are forced to be the "default" +case. This option can be use with "preserve case = yes" +to permit long filenames to retain their case, while short names +are lowercased. Default \fByes\fR. +.PP +By default, Samba 2.2 has the same semantics as a Windows +NT server, in that it is case insensitive but case preserving. +.PP +.SH "NOTE ABOUT USERNAME/PASSWORD VALIDATION" +.PP +There are a number of ways in which a user can connect +to a service. The server uses the following steps in determining +if it will allow a connection to a specified service. If all the +steps fail, then the connection request is rejected. However, if one of the +steps succeeds, then the following steps are not checked. +.PP +If the service is marked "guest only = yes" then +steps 1 to 5 are skipped. +.IP 1. +If the client has passed a username/password +pair and that username/password pair is validated by the UNIX +system's password programs then the connection is made as that +username. Note that this includes the +\\\\server\\service%\fIusername\fR method of passing +a username. +.IP 2. +If the client has previously registered a username +with the system and now supplies a correct password for that +username then the connection is allowed. +.IP 3. +The client's NetBIOS name and any previously +used user names are checked against the supplied password, if +they match then the connection is allowed as the corresponding +user. +.IP 4. +If the client has previously validated a +username/password pair with the server and the client has passed +the validation token then that username is used. +.IP 5. +If a "user = " field is given in the +\fIsmb.conf\fR file for the service and the client +has supplied a password, and that password matches (according to +the UNIX system's password checking) with one of the usernames +from the "user =" field then the connection is made as +the username in the "user =" line. If one +of the username in the "user =" list begins with a +\&'@' then that name expands to a list of names in +the group of the same name. +.IP 6. +If the service is a guest service then a +connection is made as the username given in the "guest +account =" for the service, irrespective of the +supplied password. +.SH "COMPLETE LIST OF GLOBAL PARAMETERS" +.PP +Here is a list of all global parameters. See the section of +each parameter for details. Note that some are synonyms. +.TP 0.2i +\(bu +\fIabort shutdown script\fR +.TP 0.2i +\(bu +\fIadd printer command\fR +.TP 0.2i +\(bu +\fIadd share command\fR +.TP 0.2i +\(bu +\fIadd user script\fR +.TP 0.2i +\(bu +\fIadd machine script\fR +.TP 0.2i +\(bu +\fIallow trusted domains\fR +.TP 0.2i +\(bu +\fIannounce as\fR +.TP 0.2i +\(bu +\fIannounce version\fR +.TP 0.2i +\(bu +\fIauth methods\fR +.TP 0.2i +\(bu +\fIauto services\fR +.TP 0.2i +\(bu +\fIbind interfaces only\fR +.TP 0.2i +\(bu +\fIbrowse list\fR +.TP 0.2i +\(bu +\fIchange notify timeout\fR +.TP 0.2i +\(bu +\fIchange share command\fR +.TP 0.2i +\(bu +\fIconfig file\fR +.TP 0.2i +\(bu +\fIdeadtime\fR +.TP 0.2i +\(bu +\fIdebug hires timestamp\fR +.TP 0.2i +\(bu +\fIdebug pid\fR +.TP 0.2i +\(bu +\fIdebug timestamp\fR +.TP 0.2i +\(bu +\fIdebug uid\fR +.TP 0.2i +\(bu +\fIdebuglevel\fR +.TP 0.2i +\(bu +\fIdefault\fR +.TP 0.2i +\(bu +\fIdefault service\fR +.TP 0.2i +\(bu +\fIdelete printer command\fR +.TP 0.2i +\(bu +\fIdelete share command\fR +.TP 0.2i +\(bu +\fIdelete user script\fR +.TP 0.2i +\(bu +\fIdfree command\fR +.TP 0.2i +\(bu +\fIdisable spoolss\fR +.TP 0.2i +\(bu +\fIdns proxy\fR +.TP 0.2i +\(bu +\fIdomain admin group\fR +.TP 0.2i +\(bu +\fIdomain guest group\fR +.TP 0.2i +\(bu +\fIdomain logons\fR +.TP 0.2i +\(bu +\fIdomain master\fR +.TP 0.2i +\(bu +\fIencrypt passwords\fR +.TP 0.2i +\(bu +\fIenhanced browsing\fR +.TP 0.2i +\(bu +\fIenumports command\fR +.TP 0.2i +\(bu +\fIgetwd cache\fR +.TP 0.2i +\(bu +\fIhide local users\fR +.TP 0.2i +\(bu +\fIhide unreadable\fR +.TP 0.2i +\(bu +\fIhomedir map\fR +.TP 0.2i +\(bu +\fIhost msdfs\fR +.TP 0.2i +\(bu +\fIhosts equiv\fR +.TP 0.2i +\(bu +\fIinterfaces\fR +.TP 0.2i +\(bu +\fIkeepalive\fR +.TP 0.2i +\(bu +\fIkernel oplocks\fR +.TP 0.2i +\(bu +\fIlanman auth\fR +.TP 0.2i +\(bu +\fIlarge readwrite\fR +.TP 0.2i +\(bu +\fIldap admin dn\fR +.TP 0.2i +\(bu +\fIldap filter\fR +.TP 0.2i +\(bu +\fIldap port\fR +.TP 0.2i +\(bu +\fIldap server\fR +.TP 0.2i +\(bu +\fIldap ssl\fR +.TP 0.2i +\(bu +\fIldap suffix\fR +.TP 0.2i +\(bu +\fIlm announce\fR +.TP 0.2i +\(bu +\fIlm interval\fR +.TP 0.2i +\(bu +\fIload printers\fR +.TP 0.2i +\(bu +\fIlocal master\fR +.TP 0.2i +\(bu +\fIlock dir\fR +.TP 0.2i +\(bu +\fIlock directory\fR +.TP 0.2i +\(bu +\fIlog file\fR +.TP 0.2i +\(bu +\fIlog level\fR +.TP 0.2i +\(bu +\fIlogon drive\fR +.TP 0.2i +\(bu +\fIlogon home\fR +.TP 0.2i +\(bu +\fIlogon path\fR +.TP 0.2i +\(bu +\fIlogon script\fR +.TP 0.2i +\(bu +\fIlpq cache time\fR +.TP 0.2i +\(bu +\fImachine password timeout\fR +.TP 0.2i +\(bu +\fImangled stack\fR +.TP 0.2i +\(bu +\fImap to guest\fR +.TP 0.2i +\(bu +\fImax disk size\fR +.TP 0.2i +\(bu +\fImax log size\fR +.TP 0.2i +\(bu +\fImax mux\fR +.TP 0.2i +\(bu +\fImax open files\fR +.TP 0.2i +\(bu +\fImax protocol\fR +.TP 0.2i +\(bu +\fImax smbd processes\fR +.TP 0.2i +\(bu +\fImax ttl\fR +.TP 0.2i +\(bu +\fImax wins ttl\fR +.TP 0.2i +\(bu +\fImax xmit\fR +.TP 0.2i +\(bu +\fImessage command\fR +.TP 0.2i +\(bu +\fImin passwd length\fR +.TP 0.2i +\(bu +\fImin password length\fR +.TP 0.2i +\(bu +\fImin protocol\fR +.TP 0.2i +\(bu +\fImin wins ttl\fR +.TP 0.2i +\(bu +\fIname resolve order\fR +.TP 0.2i +\(bu +\fInetbios aliases\fR +.TP 0.2i +\(bu +\fInetbios name\fR +.TP 0.2i +\(bu +\fInetbios scope\fR +.TP 0.2i +\(bu +\fInis homedir\fR +.TP 0.2i +\(bu +\fInon unix account range\fR +.TP 0.2i +\(bu +\fInt pipe support\fR +.TP 0.2i +\(bu +\fInull passwords\fR +.TP 0.2i +\(bu +\fIobey pam restrictions\fR +.TP 0.2i +\(bu +\fIoplock break wait time\fR +.TP 0.2i +\(bu +\fIos level\fR +.TP 0.2i +\(bu +\fIos2 driver map\fR +.TP 0.2i +\(bu +\fIpam password change\fR +.TP 0.2i +\(bu +\fIpanic action\fR +.TP 0.2i +\(bu +\fIpassdb backend\fR +.TP 0.2i +\(bu +\fIpasswd chat\fR +.TP 0.2i +\(bu +\fIpasswd chat debug\fR +.TP 0.2i +\(bu +\fIpasswd program\fR +.TP 0.2i +\(bu +\fIpassword level\fR +.TP 0.2i +\(bu +\fIpassword server\fR +.TP 0.2i +\(bu +\fIprefered master\fR +.TP 0.2i +\(bu +\fIpreferred master\fR +.TP 0.2i +\(bu +\fIpreload\fR +.TP 0.2i +\(bu +\fIprintcap\fR +.TP 0.2i +\(bu +\fIprintcap name\fR +.TP 0.2i +\(bu +\fIprinter driver file\fR +.TP 0.2i +\(bu +\fIprivate dir\fR +.TP 0.2i +\(bu +\fIprotocol\fR +.TP 0.2i +\(bu +\fIread bmpx\fR +.TP 0.2i +\(bu +\fIread raw\fR +.TP 0.2i +\(bu +\fIread size\fR +.TP 0.2i +\(bu +\fIremote announce\fR +.TP 0.2i +\(bu +\fIremote browse sync\fR +.TP 0.2i +\(bu +\fIrestrict anonymous\fR +.TP 0.2i +\(bu +\fIroot\fR +.TP 0.2i +\(bu +\fIroot dir\fR +.TP 0.2i +\(bu +\fIroot directory\fR +.TP 0.2i +\(bu +\fIsecurity\fR +.TP 0.2i +\(bu +\fIserver string\fR +.TP 0.2i +\(bu +\fIshow add printer wizard\fR +.TP 0.2i +\(bu +\fIshutdown script\fR +.TP 0.2i +\(bu +\fIsmb passwd file\fR +.TP 0.2i +\(bu +\fIsocket address\fR +.TP 0.2i +\(bu +\fIsocket options\fR +.TP 0.2i +\(bu +\fIsource environment\fR +.TP 0.2i +\(bu +\fIssl\fR +.TP 0.2i +\(bu +\fIssl CA certDir\fR +.TP 0.2i +\(bu +\fIssl CA certFile\fR +.TP 0.2i +\(bu +\fIssl ciphers\fR +.TP 0.2i +\(bu +\fIssl client cert\fR +.TP 0.2i +\(bu +\fIssl client key\fR +.TP 0.2i +\(bu +\fIssl compatibility\fR +.TP 0.2i +\(bu +\fIssl egd socket\fR +.TP 0.2i +\(bu +\fIssl entropy bytes\fR +.TP 0.2i +\(bu +\fIssl entropy file\fR +.TP 0.2i +\(bu +\fIssl hosts\fR +.TP 0.2i +\(bu +\fIssl hosts resign\fR +.TP 0.2i +\(bu +\fIssl require clientcert\fR +.TP 0.2i +\(bu +\fIssl require servercert\fR +.TP 0.2i +\(bu +\fIssl server cert\fR +.TP 0.2i +\(bu +\fIssl server key\fR +.TP 0.2i +\(bu +\fIssl version\fR +.TP 0.2i +\(bu +\fIstat cache\fR +.TP 0.2i +\(bu +\fIstat cache size\fR +.TP 0.2i +\(bu +\fIstrip dot\fR +.TP 0.2i +\(bu +\fIsyslog\fR +.TP 0.2i +\(bu +\fIsyslog only\fR +.TP 0.2i +\(bu +\fItemplate homedir\fR +.TP 0.2i +\(bu +\fItemplate shell\fR +.TP 0.2i +\(bu +\fItime offset\fR +.TP 0.2i +\(bu +\fItime server\fR +.TP 0.2i +\(bu +\fItimestamp logs\fR +.TP 0.2i +\(bu +\fItotal print jobs\fR +.TP 0.2i +\(bu +\fIunix extensions\fR +.TP 0.2i +\(bu +\fIunix password sync\fR +.TP 0.2i +\(bu +\fIupdate encrypted\fR +.TP 0.2i +\(bu +\fIuse mmap\fR +.TP 0.2i +\(bu +\fIuse rhosts\fR +.TP 0.2i +\(bu +\fIusername level\fR +.TP 0.2i +\(bu +\fIusername map\fR +.TP 0.2i +\(bu +\fIutmp\fR +.TP 0.2i +\(bu +\fIutmp directory\fR +.TP 0.2i +\(bu +\fIwinbind cache time\fR +.TP 0.2i +\(bu +\fIwinbind enum users\fR +.TP 0.2i +\(bu +\fIwinbind enum groups\fR +.TP 0.2i +\(bu +\fIwinbind gid\fR +.TP 0.2i +\(bu +\fIwinbind separator\fR +.TP 0.2i +\(bu +\fIwinbind uid\fR +.TP 0.2i +\(bu +\fIwinbind use default domain\fR +.TP 0.2i +\(bu +\fIwins hook\fR +.TP 0.2i +\(bu +\fIwins proxy\fR +.TP 0.2i +\(bu +\fIwins server\fR +.TP 0.2i +\(bu +\fIwins support\fR +.TP 0.2i +\(bu +\fIworkgroup\fR +.TP 0.2i +\(bu +\fIwrite raw\fR +.SH "COMPLETE LIST OF SERVICE PARAMETERS" +.PP +Here is a list of all service parameters. See the section on +each parameter for details. Note that some are synonyms. +.TP 0.2i +\(bu +\fIadmin users\fR +.TP 0.2i +\(bu +\fIallow hosts\fR +.TP 0.2i +\(bu +\fIavailable\fR +.TP 0.2i +\(bu +\fIblocking locks\fR +.TP 0.2i +\(bu +\fIbrowsable\fR +.TP 0.2i +\(bu +\fIbrowseable\fR +.TP 0.2i +\(bu +\fIcase sensitive\fR +.TP 0.2i +\(bu +\fIcasesignames\fR +.TP 0.2i +\(bu +\fIcomment\fR +.TP 0.2i +\(bu +\fIcopy\fR +.TP 0.2i +\(bu +\fIcreate mask\fR +.TP 0.2i +\(bu +\fIcreate mode\fR +.TP 0.2i +\(bu +\fIdefault case\fR +.TP 0.2i +\(bu +\fIdefault devmode\fR +.TP 0.2i +\(bu +\fIdelete readonly\fR +.TP 0.2i +\(bu +\fIdelete veto files\fR +.TP 0.2i +\(bu +\fIdeny hosts\fR +.TP 0.2i +\(bu +\fIdirectory\fR +.TP 0.2i +\(bu +\fIdirectory mask\fR +.TP 0.2i +\(bu +\fIdirectory mode\fR +.TP 0.2i +\(bu +\fIdirectory security mask\fR +.TP 0.2i +\(bu +\fIdont descend\fR +.TP 0.2i +\(bu +\fIdos filemode\fR +.TP 0.2i +\(bu +\fIdos filetime resolution\fR +.TP 0.2i +\(bu +\fIdos filetimes\fR +.TP 0.2i +\(bu +\fIexec\fR +.TP 0.2i +\(bu +\fIfake directory create times\fR +.TP 0.2i +\(bu +\fIfake oplocks\fR +.TP 0.2i +\(bu +\fIfollow symlinks\fR +.TP 0.2i +\(bu +\fIforce create mode\fR +.TP 0.2i +\(bu +\fIforce directory mode\fR +.TP 0.2i +\(bu +\fIforce directory security mode\fR +.TP 0.2i +\(bu +\fIforce group\fR +.TP 0.2i +\(bu +\fIforce security mode\fR +.TP 0.2i +\(bu +\fIforce user\fR +.TP 0.2i +\(bu +\fIfstype\fR +.TP 0.2i +\(bu +\fIgroup\fR +.TP 0.2i +\(bu +\fIguest account\fR +.TP 0.2i +\(bu +\fIguest ok\fR +.TP 0.2i +\(bu +\fIguest only\fR +.TP 0.2i +\(bu +\fIhide dot files\fR +.TP 0.2i +\(bu +\fIhide files\fR +.TP 0.2i +\(bu +\fIhosts allow\fR +.TP 0.2i +\(bu +\fIhosts deny\fR +.TP 0.2i +\(bu +\fIinclude\fR +.TP 0.2i +\(bu +\fIinherit permissions\fR +.TP 0.2i +\(bu +\fIinvalid users\fR +.TP 0.2i +\(bu +\fIlevel2 oplocks\fR +.TP 0.2i +\(bu +\fIlocking\fR +.TP 0.2i +\(bu +\fIlppause command\fR +.TP 0.2i +\(bu +\fIlpq command\fR +.TP 0.2i +\(bu +\fIlpresume command\fR +.TP 0.2i +\(bu +\fIlprm command\fR +.TP 0.2i +\(bu +\fImagic output\fR +.TP 0.2i +\(bu +\fImagic script\fR +.TP 0.2i +\(bu +\fImangle case\fR +.TP 0.2i +\(bu +\fImangled map\fR +.TP 0.2i +\(bu +\fImangled names\fR +.TP 0.2i +\(bu +\fImangling char\fR +.TP 0.2i +\(bu +\fImap archive\fR +.TP 0.2i +\(bu +\fImap hidden\fR +.TP 0.2i +\(bu +\fImap system\fR +.TP 0.2i +\(bu +\fImax connections\fR +.TP 0.2i +\(bu +\fImax print jobs\fR +.TP 0.2i +\(bu +\fImin print space\fR +.TP 0.2i +\(bu +\fImsdfs root\fR +.TP 0.2i +\(bu +\fInt acl support\fR +.TP 0.2i +\(bu +\fIonly guest\fR +.TP 0.2i +\(bu +\fIonly user\fR +.TP 0.2i +\(bu +\fIoplock contention limit\fR +.TP 0.2i +\(bu +\fIoplocks\fR +.TP 0.2i +\(bu +\fIpath\fR +.TP 0.2i +\(bu +\fIposix locking\fR +.TP 0.2i +\(bu +\fIpostexec\fR +.TP 0.2i +\(bu +\fIpostscript\fR +.TP 0.2i +\(bu +\fIpreexec\fR +.TP 0.2i +\(bu +\fIpreexec close\fR +.TP 0.2i +\(bu +\fIpreserve case\fR +.TP 0.2i +\(bu +\fIprint command\fR +.TP 0.2i +\(bu +\fIprint ok\fR +.TP 0.2i +\(bu +\fIprintable\fR +.TP 0.2i +\(bu +\fIprinter\fR +.TP 0.2i +\(bu +\fIprinter admin\fR +.TP 0.2i +\(bu +\fIprinter driver\fR +.TP 0.2i +\(bu +\fIprinter driver location\fR +.TP 0.2i +\(bu +\fIprinter name\fR +.TP 0.2i +\(bu +\fIprinting\fR +.TP 0.2i +\(bu +\fIpublic\fR +.TP 0.2i +\(bu +\fIqueuepause command\fR +.TP 0.2i +\(bu +\fIqueueresume command\fR +.TP 0.2i +\(bu +\fIread list\fR +.TP 0.2i +\(bu +\fIread only\fR +.TP 0.2i +\(bu +\fIroot postexec\fR +.TP 0.2i +\(bu +\fIroot preexec\fR +.TP 0.2i +\(bu +\fIroot preexec close\fR +.TP 0.2i +\(bu +\fIsecurity mask\fR +.TP 0.2i +\(bu +\fIset directory\fR +.TP 0.2i +\(bu +\fIshort preserve case\fR +.TP 0.2i +\(bu +\fIstatus\fR +.TP 0.2i +\(bu +\fIstrict allocate\fR +.TP 0.2i +\(bu +\fIstrict locking\fR +.TP 0.2i +\(bu +\fIstrict sync\fR +.TP 0.2i +\(bu +\fIsync always\fR +.TP 0.2i +\(bu +\fIuse client driver\fR +.TP 0.2i +\(bu +\fIuser\fR +.TP 0.2i +\(bu +\fIusername\fR +.TP 0.2i +\(bu +\fIusers\fR +.TP 0.2i +\(bu +\fIvalid users\fR +.TP 0.2i +\(bu +\fIveto files\fR +.TP 0.2i +\(bu +\fIveto oplock files\fR +.TP 0.2i +\(bu +\fIvfs object\fR +.TP 0.2i +\(bu +\fIvfs options\fR +.TP 0.2i +\(bu +\fIvolume\fR +.TP 0.2i +\(bu +\fIwide links\fR +.TP 0.2i +\(bu +\fIwritable\fR +.TP 0.2i +\(bu +\fIwrite cache size\fR +.TP 0.2i +\(bu +\fIwrite list\fR +.TP 0.2i +\(bu +\fIwrite ok\fR +.TP 0.2i +\(bu +\fIwriteable\fR +.SH "EXPLANATION OF EACH PARAMETER" +.TP +\fBabort shutdown script (G)\fR +\fBThis parameter only exists in the HEAD cvs branch\fR +This a full path name to a script called by +\fBsmbd(8)\fRthat +should stop a shutdown procedure issued by the \fIshutdown script\fR. + +This command will be run as user. + +Default: \fBNone\fR. + +Example: \fBabort shutdown script = /sbin/shutdown -c\fR +.TP +\fBadd printer command (G)\fR +With the introduction of MS-RPC based printing +support for Windows NT/2000 clients in Samba 2.2, The MS Add +Printer Wizard (APW) icon is now also available in the +"Printers..." folder displayed a share listing. The APW +allows for printers to be add remotely to a Samba or Windows +NT/2000 print server. + +For a Samba host this means that the printer must be +physically added to the underlying printing system. The \fIadd +printer command\fR defines a script to be run which +will perform the necessary operations for adding the printer +to the print system and to add the appropriate service definition +to the \fIsmb.conf\fR file in order that it can be +shared by \fBsmbd(8)\fR +. + +The \fIadd printer command\fR is +automatically invoked with the following parameter (in +order: +.RS +.TP 0.2i +\(bu +\fIprinter name\fR +.TP 0.2i +\(bu +\fIshare name\fR +.TP 0.2i +\(bu +\fIport name\fR +.TP 0.2i +\(bu +\fIdriver name\fR +.TP 0.2i +\(bu +\fIlocation\fR +.TP 0.2i +\(bu +\fIWindows 9x driver location\fR .RE - -If you decide to use a path= line in your [homes] section then you may -find it useful to use the %S macro. For example path=/data/pchome/%S -would be useful if you have different home directories for your PCs -than for unix access. - -This is a fast and simple way to give a large number of clients access to -their home directories with a minimum of fuss. - -A similar process occurs if the requested service name is "homes", except that -the service name is not changed to that of the requesting user. This method -of using the [homes] section works well if different users share a client PC. - -The [homes] section can specify all the parameters a normal service section -can specify, though some make more sense than others. The following is a -typical and suitable [homes] section: - - [homes] - writable = yes - -An important point: - -.RS 3 -If guest access is specified in the [homes] section, all home directories will -be accessible to all clients -.B without a password. -In the very unlikely event -that this is actually desirable, it would be wise to also specify read only -access. +.PP +All parameters are filled in from the PRINTER_INFO_2 structure sent +by the Windows NT/2000 client with one exception. The "Windows 9x +driver location" parameter is included for backwards compatibility +only. The remaining fields in the structure are generated from answers +to the APW questions. +.PP +.PP +Once the \fIadd printer command\fR has +been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to determine if the share defined by the APW +exists. If the sharename is still invalid, then \fBsmbd +\fRwill return an ACCESS_DENIED error to the client. +.PP +.PP +See also \fI delete printer command\fR, \fIprinting\fR, +\fIshow add +printer wizard\fR +.PP +.PP +Default: \fBnone\fR +.PP +.PP +Example: \fBaddprinter command = /usr/bin/addprinter +\fR.PP +.TP +\fBadd share command (G)\fR +Samba 2.2.0 introduced the ability to dynamically +add and delete shares via the Windows NT 4.0 Server Manager. The +\fIadd share command\fR is used to define an +external program or script which will add a new service definition +to \fIsmb.conf\fR. In order to successfully +execute the \fIadd share command\fR, \fBsmbd\fR +requires that the administrator be connected using a root account (i.e. +uid == 0). + +When executed, \fBsmbd\fR will automatically invoke the +\fIadd share command\fR with four parameters. +.RS +.TP 0.2i +\(bu +\fIconfigFile\fR - the location +of the global \fIsmb.conf\fR file. +.TP 0.2i +\(bu +\fIshareName\fR - the name of the new +share. +.TP 0.2i +\(bu +\fIpathName\fR - path to an **existing** +directory on disk. +.TP 0.2i +\(bu +\fIcomment\fR - comment string to associate +with the new share. .RE +.PP +This parameter is only used for add file shares. To add printer shares, +see the \fIadd printer +command\fR. +.PP +.PP +See also \fIchange share +command\fR, \fIdelete share +command\fR. +.PP +.PP +Default: \fBnone\fR +.PP +.PP +Example: \fBadd share command = /usr/local/bin/addshare\fR +.PP +.TP +\fBadd machine script (G)\fR +This is the full pathname to a script that will +be run by smbd(8)when a machine is added +to it's domain using the administrator username and password method. + +This option is only required when using sam back-ends tied to the +Unix uid method of RID calculation such as smbpasswd. This option is only +available in Samba 3.0. + +Default: \fBadd machine script = +\fR +Example: \fBadd machine script = /usr/sbin/adduser -n -g machines -c Machine -d /dev/null -s /bin/false %u +\fR.TP +\fBadd user script (G)\fR +This is the full pathname to a script that will +be run \fBAS ROOT\fR by smbd(8) +under special circumstances described below. + +Normally, a Samba server requires that UNIX users are +created for all users accessing files on this server. For sites +that use Windows NT account databases as their primary user database +creating these users and keeping the user list in sync with the +Windows NT PDC is an onerous task. This option allows smbdto create the required UNIX users +\fBON DEMAND\fR when a user accesses the Samba server. + +In order to use this option, smbd +must \fBNOT\fR be set to \fIsecurity = share\fR +and \fIadd user script\fR +must be set to a full pathname for a script that will create a UNIX +user given one argument of \fI%u\fR, which expands into +the UNIX user name to create. + +When the Windows user attempts to access the Samba server, +at login (session setup in the SMB protocol) time, smbdcontacts the \fIpassword server\fR and +attempts to authenticate the given user with the given password. If the +authentication succeeds then \fBsmbd\fR +attempts to find a UNIX user in the UNIX password database to map the +Windows user into. If this lookup fails, and \fIadd user script +\fRis set then \fBsmbd\fR will +call the specified script \fBAS ROOT\fR, expanding +any \fI%u\fR argument to be the user name to create. + +If this script successfully creates the user then \fBsmbd +\fRwill continue on as though the UNIX user +already existed. In this way, UNIX users are dynamically created to +match existing Windows NT accounts. + +See also \fI security\fR, \fIpassword server\fR, +\fIdelete user +script\fR. + +Default: \fBadd user script = +\fR +Example: \fBadd user script = /usr/local/samba/bin/add_user +%u\fR +.TP +\fBadmin users (S)\fR +This is a list of users who will be granted +administrative privileges on the share. This means that they +will do all file operations as the super-user (root). + +You should use this option very carefully, as any user in +this list will be able to do anything they like on the share, +irrespective of file permissions. + +Default: \fBno admin users\fR + +Example: \fBadmin users = jason\fR +.TP +\fBallow hosts (S)\fR +Synonym for \fIhosts allow\fR. +.TP +\fBallow trusted domains (G)\fR +This option only takes effect when the \fIsecurity\fR option is set to +server or domain. +If it is set to no, then attempts to connect to a resource from +a domain or workgroup other than the one which smbdis running +in will fail, even if that domain is trusted by the remote server +doing the authentication. + +This is useful if you only want your Samba server to +serve resources to users in the domain it is a member of. As +an example, suppose that there are two domains DOMA and DOMB. DOMB +is trusted by DOMA, which contains the Samba server. Under normal +circumstances, a user with an account in DOMB can then access the +resources of a UNIX account with the same account name on the +Samba server even if they do not have an account in DOMA. This +can make implementing a security boundary difficult. + +Default: \fBallow trusted domains = yes\fR +.TP +\fBannounce as (G)\fR +This specifies what type of server +\fBnmbd\fR +will announce itself as, to a network neighborhood browse +list. By default this is set to Windows NT. The valid options +are : "NT Server" (which can also be written as "NT"), +"NT Workstation", "Win95" or "WfW" meaning Windows NT Server, +Windows NT Workstation, Windows 95 and Windows for Workgroups +respectively. Do not change this parameter unless you have a +specific need to stop Samba appearing as an NT server as this +may prevent Samba servers from participating as browser servers +correctly. + +Default: \fBannounce as = NT Server\fR + +Example: \fBannounce as = Win95\fR +.TP +\fBannounce version (G)\fR +This specifies the major and minor version numbers +that nmbd will use when announcing itself as a server. The default +is 4.2. Do not change this parameter unless you have a specific +need to set a Samba server to be a downlevel server. + +Default: \fBannounce version = 4.5\fR + +Example: \fBannounce version = 2.0\fR +.TP +\fBauto services (G)\fR +This is a synonym for the \fIpreload\fR. +.TP +\fBauth methods (G)\fR +This option allows the administrator to chose what +authentication methods \fBsmbd\fR will use when authenticating +a user. This option defaults to sensible values based on \fI security\fR. +Each entry in the list attempts to authenticate the user in turn, until +the user authenticates. In practice only one method will ever actually +be able to complete the authentication. + +Default: \fBauth methods = \fR + +Example: \fBauth methods = guest sam ntdomain\fR +.TP +\fBavailable (S)\fR +This parameter lets you "turn off" a service. If +\fIavailable = no\fR, then \fBALL\fR +attempts to connect to the service will fail. Such failures are +logged. + +Default: \fBavailable = yes\fR +.TP +\fBbind interfaces only (G)\fR +This global parameter allows the Samba admin +to limit what interfaces on a machine will serve SMB requests. If +affects file service smbd(8)and +name service nmbd(8)in slightly +different ways. + +For name service it causes \fBnmbd\fR to bind +to ports 137 and 138 on the interfaces listed in the interfaces parameter. \fBnmbd +\fRalso binds to the "all addresses" interface (0.0.0.0) +on ports 137 and 138 for the purposes of reading broadcast messages. +If this option is not set then \fBnmbd\fR will service +name requests on all of these sockets. If \fIbind interfaces +only\fR is set then \fBnmbd\fR will check the +source address of any packets coming in on the broadcast sockets +and discard any that don't match the broadcast addresses of the +interfaces in the \fIinterfaces\fR parameter list. +As unicast packets are received on the other sockets it allows +\fBnmbd\fR to refuse to serve names to machines that +send packets that arrive through any interfaces not listed in the +\fIinterfaces\fR list. IP Source address spoofing +does defeat this simple check, however so it must not be used +seriously as a security feature for \fBnmbd\fR. + +For file service it causes smbd(8) +to bind only to the interface list given in the interfaces parameter. This restricts the networks that +\fBsmbd\fR will serve to packets coming in those +interfaces. Note that you should not use this parameter for machines +that are serving PPP or other intermittent or non-broadcast network +interfaces as it will not cope with non-permanent interfaces. + +If \fIbind interfaces only\fR is set then +unless the network address \fB127.0.0.1\fR is added +to the \fIinterfaces\fR parameter list \fBsmbpasswd(8)\fR +and \fBswat(8)\fRmay +not work as expected due to the reasons covered below. + +To change a users SMB password, the \fBsmbpasswd\fR +by default connects to the \fBlocalhost - 127.0.0.1\fR +address as an SMB client to issue the password change request. If +\fIbind interfaces only\fR is set then unless the +network address \fB127.0.0.1\fR is added to the +\fIinterfaces\fR parameter list then \fB smbpasswd\fR will fail to connect in it's default mode. +\fBsmbpasswd\fR can be forced to use the primary IP interface +of the local host by using its \fI-r remote machine\fR +parameter, with \fIremote machine\fR set +to the IP name of the primary interface of the local host. + +The \fBswat\fR status page tries to connect with +\fBsmbd\fR and \fBnmbd\fR at the address +\fB127.0.0.1\fR to determine if they are running. +Not adding \fB127.0.0.1\fR will cause \fB smbd\fR and \fBnmbd\fR to always show +"not running" even if they really are. This can prevent \fB swat\fR from starting/stopping/restarting \fBsmbd\fR +and \fBnmbd\fR. + +Default: \fBbind interfaces only = no\fR +.TP +\fBblocking locks (S)\fR +This parameter controls the behavior of smbd(8)when given a request by a client +to obtain a byte range lock on a region of an open file, and the +request has a time limit associated with it. + +If this parameter is set and the lock range requested +cannot be immediately satisfied, Samba 2.2 will internally +queue the lock request, and periodically attempt to obtain +the lock until the timeout period expires. + +If this parameter is set to false, then +Samba 2.2 will behave as previous versions of Samba would and +will fail the lock request immediately if the lock range +cannot be obtained. + +Default: \fBblocking locks = yes\fR +.TP +\fBbrowsable (S)\fR +See the \fI browseable\fR. +.TP +\fBbrowse list (G)\fR +This controls whether \fBsmbd(8)\fRwill serve a browse list to +a client doing a \fBNetServerEnum\fR call. Normally +set to true. You should never need to change +this. + +Default: \fBbrowse list = yes\fR +.TP +\fBbrowseable (S)\fR +This controls whether this share is seen in +the list of available shares in a net view and in the browse list. + +Default: \fBbrowseable = yes\fR +.TP +\fBcase sensitive (S)\fR +See the discussion in the section NAME MANGLING. + +Default: \fBcase sensitive = no\fR +.TP +\fBcasesignames (S)\fR +Synonym for case +sensitive. +.TP +\fBchange notify timeout (G)\fR +This SMB allows a client to tell a server to +"watch" a particular directory for any changes and only reply to +the SMB request when a change has occurred. Such constant scanning of +a directory is expensive under UNIX, hence an \fBsmbd(8)\fRdaemon only performs such a scan +on each requested directory once every \fIchange notify +timeout\fR seconds. + +Default: \fBchange notify timeout = 60\fR + +Example: \fBchange notify timeout = 300\fR + +Would change the scan time to every 5 minutes. +.TP +\fBchange share command (G)\fR +Samba 2.2.0 introduced the ability to dynamically +add and delete shares via the Windows NT 4.0 Server Manager. The +\fIchange share command\fR is used to define an +external program or script which will modify an existing service definition +in \fIsmb.conf\fR. In order to successfully +execute the \fIchange share command\fR, \fBsmbd\fR +requires that the administrator be connected using a root account (i.e. +uid == 0). + +When executed, \fBsmbd\fR will automatically invoke the +\fIchange share command\fR with four parameters. +.RS +.TP 0.2i +\(bu +\fIconfigFile\fR - the location +of the global \fIsmb.conf\fR file. +.TP 0.2i +\(bu +\fIshareName\fR - the name of the new +share. +.TP 0.2i +\(bu +\fIpathName\fR - path to an **existing** +directory on disk. +.TP 0.2i +\(bu +\fIcomment\fR - comment string to associate +with the new share. .RE - -Note that the browseable flag for auto home directories will be -inherited from the global browseable flag, not the [homes] browseable -flag. This is useful as it means setting browseable=no in the [homes] -section will hide the [homes] service but make any auto home -directories visible. - -.SS The [printers] section -.RS 3 -This section works like [homes], but for printers. - -If a [printers] section occurs in the configuration file, users are able -to connect to any printer specified in the local host's printcap file. - -When a connection request is made, the existing services are scanned. If a -match is found, it is used. If no match is found, but a [homes] section -exists, it is used as described above. Otherwise, the requested service name is -treated as a printer name and the appropriate printcap file is scanned to -see if the requested service name is a valid printer name. If a match is -found, a new service is created by cloning the [printers] section. - -A few modifications are then made to the newly created section: - -.RS 3 -The service name is set to the located printer name - -If no printer name was given, the printer name is set to the located printer -name - -If the service does not permit guest access and no username was given, the -username is set to the located printer name. +.PP +This parameter is only used modify existing file shares definitions. To modify +printer shares, use the "Printers..." folder as seen when browsing the Samba host. +.PP +.PP +See also \fIadd share +command\fR, \fIdelete +share command\fR. +.PP +.PP +Default: \fBnone\fR +.PP +.PP +Example: \fBchange share command = /usr/local/bin/addshare\fR +.PP +.TP +\fBcomment (S)\fR +This is a text field that is seen next to a share +when a client does a queries the server, either via the network +neighborhood or via \fBnet view\fR to list what shares +are available. + +If you want to set the string that is displayed next to the +machine name then see the \fI server string\fR parameter. + +Default: \fBNo comment string\fR + +Example: \fBcomment = Fred's Files\fR +.TP +\fBconfig file (G)\fR +This allows you to override the config file +to use, instead of the default (usually \fIsmb.conf\fR). +There is a chicken and egg problem here as this option is set +in the config file! + +For this reason, if the name of the config file has changed +when the parameters are loaded then it will reload them from +the new config file. + +This option takes the usual substitutions, which can +be very useful. + +If the config file doesn't exist then it won't be loaded +(allowing you to special case the config files of just a few +clients). + +Example: \fBconfig file = /usr/local/samba/lib/smb.conf.%m +\fR.TP +\fBcopy (S)\fR +This parameter allows you to "clone" service +entries. The specified service is simply duplicated under the +current service's name. Any parameters specified in the current +section will override those in the section being copied. + +This feature lets you set up a 'template' service and +create similar services easily. Note that the service being +copied must occur earlier in the configuration file than the +service doing the copying. + +Default: \fBno value\fR + +Example: \fBcopy = otherservice\fR +.TP +\fBcreate mask (S)\fR +A synonym for this parameter is +\fIcreate mode\fR +\&. + +When a file is created, the necessary permissions are +calculated according to the mapping from DOS modes to UNIX +permissions, and the resulting UNIX mode is then bit-wise 'AND'ed +with this parameter. This parameter may be thought of as a bit-wise +MASK for the UNIX modes of a file. Any bit \fBnot\fR +set here will be removed from the modes set on a file when it is +created. + +The default value of this parameter removes the +\&'group' and 'other' write and execute bits from the UNIX modes. + +Following this Samba will bit-wise 'OR' the UNIX mode created +from this parameter with the value of the \fIforce create mode\fR +parameter which is set to 000 by default. + +This parameter does not affect directory modes. See the +parameter \fIdirectory mode +\fRfor details. + +See also the \fIforce +create mode\fR parameter for forcing particular mode +bits to be set on created files. See also the \fIdirectory mode\fR parameter for masking +mode bits on created directories. See also the \fIinherit permissions\fR parameter. + +Note that this parameter does not apply to permissions +set by Windows NT/2000 ACL editors. If the administrator wishes to enforce +a mask on access control lists also, they need to set the \fIsecurity mask\fR. + +Default: \fBcreate mask = 0744\fR + +Example: \fBcreate mask = 0775\fR +.TP +\fBcreate mode (S)\fR +This is a synonym for \fI create mask\fR. +.TP +\fBdeadtime (G)\fR +The value of the parameter (a decimal integer) +represents the number of minutes of inactivity before a connection +is considered dead, and it is disconnected. The deadtime only takes +effect if the number of open files is zero. + +This is useful to stop a server's resources being +exhausted by a large number of inactive connections. + +Most clients have an auto-reconnect feature when a +connection is broken so in most cases this parameter should be +transparent to users. + +Using this parameter with a timeout of a few minutes +is recommended for most systems. + +A deadtime of zero indicates that no auto-disconnection +should be performed. + +Default: \fBdeadtime = 0\fR + +Example: \fBdeadtime = 15\fR +.TP +\fBdebug hires timestamp (G)\fR +Sometimes the timestamps in the log messages +are needed with a resolution of higher that seconds, this +boolean parameter adds microsecond resolution to the timestamp +message header when turned on. + +Note that the parameter \fI debug timestamp\fR must be on for this to have an +effect. + +Default: \fBdebug hires timestamp = no\fR +.TP +\fBdebug pid (G)\fR +When using only one log file for more then one +forked smbd-process there may be hard to follow which process +outputs which message. This boolean parameter is adds the process-id +to the timestamp message headers in the logfile when turned on. + +Note that the parameter \fI debug timestamp\fR must be on for this to have an +effect. + +Default: \fBdebug pid = no\fR +.TP +\fBdebug timestamp (G)\fR +Samba 2.2 debug log messages are timestamped +by default. If you are running at a high \fIdebug level\fR these timestamps +can be distracting. This boolean parameter allows timestamping +to be turned off. + +Default: \fBdebug timestamp = yes\fR +.TP +\fBdebug uid (G)\fR +Samba is sometimes run as root and sometime +run as the connected user, this boolean parameter inserts the +current euid, egid, uid and gid to the timestamp message headers +in the log file if turned on. + +Note that the parameter \fI debug timestamp\fR must be on for this to have an +effect. + +Default: \fBdebug uid = no\fR +.TP +\fBdebuglevel (G)\fR +Synonym for \fI log level\fR. +.TP +\fBdefault (G)\fR +A synonym for \fI default service\fR. +.TP +\fBdefault case (S)\fR +See the section on NAME MANGLING. Also note the \fIshort preserve case\fR parameter. + +Default: \fBdefault case = lower\fR +.TP +\fBdefault devmode (S)\fR +This parameter is only applicable to printable services. When smbd is serving +Printer Drivers to Windows NT/2k/XP clients, each printer on the Samba +server has a Device Mode which defines things such as paper size and +orientation and duplex settings. The device mode can only correctly be +generated by the printer driver itself (which can only be executed on a +Win32 platform). Because smbd is unable to execute the driver code +to generate the device mode, the default behavior is to set this field +to NULL. + +Most problems with serving printer drivers to Windows NT/2k/XP clients +can be traced to a problem with the generated device mode. Certain drivers +will do things such as crashing the client's Explorer.exe with a NULL devmode. +However, other printer drivers can cause the client's spooler service +(spoolsv.exe) to die if the devmode was not created by the driver itself +(i.e. smbd generates a default devmode). + +This parameter should be used with care and tested with the printer +driver in question. It is better to leave the device mode to NULL +and let the Windows client set the correct values. Because drivers do not +do this all the time, setting \fBdefault devmode = yes\fR +will instruct smbd to generate a default one. + +For more information on Windows NT/2k printing and Device Modes, +see the MSDN documentation . + +Default: \fBdefault devmode = no\fR +.TP +\fBdefault service (G)\fR +This parameter specifies the name of a service +which will be connected to if the service actually requested cannot +be found. Note that the square brackets are \fBNOT\fR +given in the parameter value (see example below). + +There is no default value for this parameter. If this +parameter is not given, attempting to connect to a nonexistent +service results in an error. + +Typically the default service would be a \fIguest ok\fR, \fIread-only\fR service. + +Also note that the apparent service name will be changed +to equal that of the requested service, this is very useful as it +allows you to use macros like \fI%S\fR to make +a wildcard service. + +Note also that any "_" characters in the name of the service +used in the default service will get mapped to a "/". This allows for +interesting things. + +Example: + +.sp +.nf +[global] + default service = pub + +[pub] + path = /%S + +.sp +.fi +.TP +\fBdelete printer command (G)\fR +With the introduction of MS-RPC based printer +support for Windows NT/2000 clients in Samba 2.2, it is now +possible to delete printer at run time by issuing the +DeletePrinter() RPC call. + +For a Samba host this means that the printer must be +physically deleted from underlying printing system. The \fI deleteprinter command\fR defines a script to be run which +will perform the necessary operations for removing the printer +from the print system and from \fIsmb.conf\fR. + +The \fIdelete printer command\fR is +automatically called with only one parameter: \fI "printer name"\fR. + +Once the \fIdelete printer command\fR has +been executed, \fBsmbd\fR will reparse the \fI smb.conf\fR to associated printer no longer exists. +If the sharename is still valid, then \fBsmbd +\fRwill return an ACCESS_DENIED error to the client. + +See also \fI add printer command\fR, \fIprinting\fR, +\fIshow add +printer wizard\fR + +Default: \fBnone\fR + +Example: \fBdeleteprinter command = /usr/bin/removeprinter +\fR.TP +\fBdelete readonly (S)\fR +This parameter allows readonly files to be deleted. +This is not normal DOS semantics, but is allowed by UNIX. + +This option may be useful for running applications such +as rcs, where UNIX file ownership prevents changing file +permissions, and DOS semantics prevent deletion of a read only file. + +Default: \fBdelete readonly = no\fR +.TP +\fBdelete share command (G)\fR +Samba 2.2.0 introduced the ability to dynamically +add and delete shares via the Windows NT 4.0 Server Manager. The +\fIdelete share command\fR is used to define an +external program or script which will remove an existing service +definition from \fIsmb.conf\fR. In order to successfully +execute the \fIdelete share command\fR, \fBsmbd\fR +requires that the administrator be connected using a root account (i.e. +uid == 0). + +When executed, \fBsmbd\fR will automatically invoke the +\fIdelete share command\fR with two parameters. +.RS +.TP 0.2i +\(bu +\fIconfigFile\fR - the location +of the global \fIsmb.conf\fR file. +.TP 0.2i +\(bu +\fIshareName\fR - the name of +the existing service. .RE +.PP +This parameter is only used to remove file shares. To delete printer shares, +see the \fIdelete printer +command\fR. +.PP +.PP +See also \fIadd share +command\fR, \fIchange +share command\fR. +.PP +.PP +Default: \fBnone\fR +.PP +.PP +Example: \fBdelete share command = /usr/local/bin/delshare\fR +.PP +.TP +\fBdelete user script (G)\fR +This is the full pathname to a script that will +be run \fBAS ROOT\fR by \fBsmbd(8)\fRunder special circumstances +described below. + +Normally, a Samba server requires that UNIX users are +created for all users accessing files on this server. For sites +that use Windows NT account databases as their primary user database +creating these users and keeping the user list in sync with the +Windows NT PDC is an onerous task. This option allows \fB smbd\fR to delete the required UNIX users \fBON +DEMAND\fR when a user accesses the Samba server and the +Windows NT user no longer exists. + +In order to use this option, \fBsmbd\fR must be +set to \fIsecurity = domain\fR or \fIsecurity = +user\fR and \fIdelete user script\fR +must be set to a full pathname for a script +that will delete a UNIX user given one argument of \fI%u\fR, +which expands into the UNIX user name to delete. + +When the Windows user attempts to access the Samba server, +at \fBlogin\fR (session setup in the SMB protocol) +time, \fBsmbd\fR contacts the \fIpassword server\fR and attempts to authenticate +the given user with the given password. If the authentication fails +with the specific Domain error code meaning that the user no longer +exists then \fBsmbd\fR attempts to find a UNIX user in +the UNIX password database that matches the Windows user account. If +this lookup succeeds, and \fIdelete user script\fR is +set then \fBsmbd\fR will all the specified script +\fBAS ROOT\fR, expanding any \fI%u\fR +argument to be the user name to delete. + +This script should delete the given UNIX username. In this way, +UNIX users are dynamically deleted to match existing Windows NT +accounts. + +See also security = domain, +\fIpassword server\fR +, \fIadd user script\fR +\&. + +Default: \fBdelete user script = +\fR +Example: \fBdelete user script = /usr/local/samba/bin/del_user +%u\fR +.TP +\fBdelete veto files (S)\fR +This option is used when Samba is attempting to +delete a directory that contains one or more vetoed directories +(see the \fIveto files\fR +option). If this option is set to false (the default) then if a vetoed +directory contains any non-vetoed files or directories then the +directory delete will fail. This is usually what you want. + +If this option is set to true, then Samba +will attempt to recursively delete any files and directories within +the vetoed directory. This can be useful for integration with file +serving systems such as NetAtalk which create meta-files within +directories you might normally veto DOS/Windows users from seeing +(e.g. \fI.AppleDouble\fR) + +Setting \fBdelete veto files = yes\fR allows these +directories to be transparently deleted when the parent directory +is deleted (so long as the user has permissions to do so). + +See also the \fIveto +files\fR parameter. + +Default: \fBdelete veto files = no\fR +.TP +\fBdeny hosts (S)\fR +Synonym for \fIhosts +deny\fR. +.TP +\fBdfree command (G)\fR +The \fIdfree command\fR setting should +only be used on systems where a problem occurs with the internal +disk space calculations. This has been known to happen with Ultrix, +but may occur with other operating systems. The symptom that was +seen was an error of "Abort Retry Ignore" at the end of each +directory listing. -Note that the [printers] service MUST be printable - if you specify otherwise, -the server will refuse to load the configuration file. - -Typically the path specified would be that of a world-writable spool directory -with the sticky bit set on it. A typical [printers] entry would look like this: - - [printers] - path = /usr/spool/public - writable = no - public = yes - printable = yes - -All aliases given for a printer in the printcap file are legitimate printer -names as far as the server is concerned. If your printing subsystem doesn't -work like that, you will have to set up a pseudo-printcap. This is a file -consisting of one or more lines like this: - - alias|alias|alias|alias... - -Each alias should be an acceptable printer name for your printing -subsystem. In the [global] section, specify the new file as your printcap. -The server will then only recognise names found in your pseudo-printcap, -which of course can contain whatever aliases you like. The same technique -could be used simply to limit access to a subset of your local printers. - -An alias, by the way, is defined as any component of the first entry of a -printcap record. Records are separated by newlines, components (if there are -more than one) are separated by vertical bar symbols ("|"). -.SH PARAMETERS -Parameters define the specific attributes of services. - -Some parameters are specific to the [global] section (eg., security). -Some parameters are usable in all sections (eg., create mode). All others are -permissible only in normal sections. For the purposes of the following -descriptions the [homes] and [printers] sections will be considered normal. -The letter 'G' in parentheses indicates that a parameter is specific to the -[global] section. The letter 'S' indicates that a parameter can be -specified in a secvice specific section. Note that all S parameters -can also be specified in the [global] section - in which case they -will define the default behaviour for all services. - -Parameters are arranged here in alphabetical order - this may not create -best bedfellows, but at least you can find them! Where there are synonyms, -the preferred synonym is described, others refer to the preferred synonym. - -.SS VARIABLE SUBSTITUTIONS - -Many of the strings that are settable in the config file can take -substitutions. For example the option "path = /tmp/%u" would be -interpreted as "path = /tmp/john" if the user connected with the -username john. - -These substitutions are mostly noted in the descriptions below, but -there are some general substitions which apply whenever they might be -relevant. These are: - -%S = the name of the current service, if any - -%P = the root directory of the current service, if any - -%u = user name of the current service, if any - -%g = primary group name of %u - -%U = session user name (the user name that the client wanted, not -necessarily the same as the one they got) - -%G = primary group name of %U - -%H = the home directory of the user given by %u - -%v = the Samba version - -%h = the hostname that Samba is running on - -%m = the netbios name of the client machine (very useful) - -%L = the netbios name of the server. This allows you to change your -config based on what the client calls you. Your server can have a "dual -personality". - -%M = the internet name of the client machine - -%d = The process id of the current server process - -%a = the architecture of the remote machine. Only some are recognised, -and those may not be 100% reliable. It currently recognises Samba, -WfWg, WinNT and Win95. Anything else will be known as "UNKNOWN". If it -gets it wrong then sending me a level 3 log should allow me to fix it. - -%I = The IP address of the client machine - -%T = the current date and time - -There are some quite creative things that can be done with these -substitutions and other smb.conf options. - -.SS NAME MANGLING - -Samba supports "name mangling" so that Dos and Windows clients can use -files that don't conform to the 8.3 format. It can also be set to adjust -the case of 8.3 format filenames. - -There are several options that control the way mangling is performed, -and they are grouped here rather than listed separately. For the -defaults look at the output of the testparm program. - -All of these options can be set separately for each service (or -globally, of course). - -The options are: - -"mangle case = yes/no" controls if names that have characters that -aren't of the "default" case are mangled. For example, if this is yes -then a name like "Mail" would be mangled. Default no. - -"case sensitive = yes/no" controls whether filenames are case -sensitive. If they aren't then Samba must do a filename search and -match on passed names. Default no. - -"default case = upper/lower" controls what the default case is for new -filenames. Default lower. - -"preserve case = yes/no" controls if new files are created with the -case that the client passes, or if they are forced to be the "default" -case. Default no. - -"short preserve case = yes/no" controls if new files which conform to 8.3 -syntax, that is all in upper case and of suitable length, are created -upper case, or if they are forced to be the "default" case. This option can -be use with "preserve case = yes" to permit long filenames to retain their -case, while short names are lowered. Default no. - -.SS COMPLETE LIST OF GLOBAL PARAMETER - -Here is a list of all global parameters. See the section of each -parameter for details. Note that some are synonyms. - -auto services - -config file - -deadtime - -debuglevel - -default - -default service - -dfree command - -encrypt passwords - -getwd cache - -hosts equiv - -include - -keepalive - -lock dir - -load printers - -lock directory - -log file - -log level - -lpq cache time - -mangled stack - -max log size - -max packet - -max xmit - -message command - -null passwords - -os level - -packet size - -passwd chat - -passwd program - -password level - -password server - -preferred master - -preload - -printing - -printcap name - -protocol - -read bmpx - -read prediction - -read raw - -read size - -root - -root dir - -root directory - -security - -server string - -smbrun - -socket options - -status - -strip dot - -time offset - -username map - -use rhosts - -valid chars - -workgroup - -write raw - -.SS COMPLETE LIST OF SERVICE PARAMETER - -Here is a list of all service parameters. See the section of each -parameter for details. Note that some are synonyms. - -admin users - -allow hosts - -alternate permissions - -available - -browseable - -case sensitive - -case sig names - -copy - -create mask - -create mode - -comment - -default case - -deny hosts - -directory - -dont descend - -exec - -force group - -force user - -guest account - -guest ok - -guest only - -hide dot files - -hosts allow - -hosts deny - -invalid users - -locking - -lppause command - -lpq command - -lpresume command - -lprm command - -magic output - -magic script - -mangle case - -mangled names - -mangling char - -map archive - -map hidden - -map system - -max connections - -min print space - -only guest - -only user - -path - -postexec - -postscript - -preserve case - -print command - -print ok - -printable - -printer - -printer name - -public - -read only - -read list - -revalidate - -root postexec - -root preexec - -set directory - -share modes - -short preserve case - -strict locking - -sync always - -user - -username - -users - -valid users - -volume - -wide links - -writable - -write ok - -writeable - -write list - -.SS EXPLANATION OF EACH PARAMETER -.RS 3 - -.SS admin users (G) - -This is a list of users who will be granted administrative privilages -on the share. This means that they will do all file operations as the -super-user (root). - -You should use this option very carefully, as any user in this list -will be able to do anything they like on the share, irrespective of -file permissions. - -.B Default: - no admin users - -.B Example: - admin users = jason - -.SS auto services (G) -This is a list of services that you want to be automatically added to -the browse lists. This is most useful for homes and printers services -that would otherwise not be visible. - -Note that if you just want all printers in your printcap file loaded -then the "load printers" option is easier. - -.B Default: - no auto services - -.B Example: - auto services = fred lp colorlp - - -.SS allow hosts (S) -A synonym for this parameter is 'hosts allow'. - -This parameter is a comma delimited set of hosts which are permitted to access -a services. If specified in the [global] section, matching hosts will be -allowed access to any service that does not specifically exclude them from -access. Specific services my have their own list, which override those -specified in the [global] section. - -You can specify the hosts by name or IP number. For example, you could -restrict access to only the hosts on a Class C subnet with something like -"allow hosts = 150.203.5.". The full syntax of the list is described in -the man page -.B hosts_access(5). - -You can also specify hosts by network/netmask pairs and by netgroup -names if your system supports netgroups. The EXCEPT keyword can also -be used to limit a wildcard list. The following examples may provide -some help: +This setting allows the replacement of the internal routines to +calculate the total disk space and amount available with an external +routine. The example below gives a possible script that might fulfill +this function. + +The external program will be passed a single parameter indicating +a directory in the filesystem being queried. This will typically consist +of the string \fI./\fR. The script should return two +integers in ASCII. The first should be the total disk space in blocks, +and the second should be the number of available blocks. An optional +third return value can give the block size in bytes. The default +blocksize is 1024 bytes. + +Note: Your script should \fBNOT\fR be setuid or +setgid and should be owned by (and writeable only by) root! + +Default: \fBBy default internal routines for +determining the disk capacity and remaining space will be used. +\fR +Example: \fBdfree command = /usr/local/samba/bin/dfree +\fR +Where the script dfree (which must be made executable) could be: + +.sp +.nf + + #!/bin/sh + df $1 | tail -1 | awk '{print $2" "$4}' + +.sp +.fi + +or perhaps (on Sys V based systems): + +.sp +.nf + + #!/bin/sh + /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' + +.sp +.fi + +Note that you may have to replace the command names +with full path names on some systems. +.TP +\fBdirectory (S)\fR +Synonym for \fIpath +\fR\&. +.TP +\fBdirectory mask (S)\fR +This parameter is the octal modes which are +used when converting DOS modes to UNIX modes when creating UNIX +directories. + +When a directory is created, the necessary permissions are +calculated according to the mapping from DOS modes to UNIX permissions, +and the resulting UNIX mode is then bit-wise 'AND'ed with this +parameter. This parameter may be thought of as a bit-wise MASK for +the UNIX modes of a directory. Any bit \fBnot\fR set +here will be removed from the modes set on a directory when it is +created. + +The default value of this parameter removes the 'group' +and 'other' write bits from the UNIX mode, allowing only the +user who owns the directory to modify it. + +Following this Samba will bit-wise 'OR' the UNIX mode +created from this parameter with the value of the \fIforce directory mode +\fRparameter. This parameter is set to 000 by +default (i.e. no extra mode bits are added). + +Note that this parameter does not apply to permissions +set by Windows NT/2000 ACL editors. If the administrator wishes to enforce +a mask on access control lists also, they need to set the \fIdirectory security mask\fR. + +See the \fIforce +directory mode\fR parameter to cause particular mode +bits to always be set on created directories. + +See also the \fIcreate mode +\fRparameter for masking mode bits on created files, +and the \fIdirectory +security mask\fR parameter. + +Also refer to the \fI inherit permissions\fR parameter. + +Default: \fBdirectory mask = 0755\fR + +Example: \fBdirectory mask = 0775\fR +.TP +\fBdirectory mode (S)\fR +Synonym for \fI directory mask\fR +.TP +\fBdirectory security mask (S)\fR +This parameter controls what UNIX permission bits +can be modified when a Windows NT client is manipulating the UNIX +permission on a directory using the native NT security dialog +box. + +This parameter is applied as a mask (AND'ed with) to +the changed permission bits, thus preventing any bits not in +this mask from being modified. Essentially, zero bits in this +mask may be treated as a set of bits the user is not allowed +to change. + +If not set explicitly this parameter is set to 0777 +meaning a user is allowed to modify all the user/group/world +permissions on a directory. + +\fBNote\fR that users who can access the +Samba server through other means can easily bypass this restriction, +so it is primarily useful for standalone "appliance" systems. +Administrators of most normal systems will probably want to leave +it as the default of 0777. + +See also the \fI force directory security mode\fR, \fIsecurity mask\fR, +\fIforce security mode +\fRparameters. + +Default: \fBdirectory security mask = 0777\fR + +Example: \fBdirectory security mask = 0700\fR +.TP +\fBdisable spoolss (G)\fR +Enabling this parameter will disables Samba's support +for the SPOOLSS set of MS-RPC's and will yield identical behavior +as Samba 2.0.x. Windows NT/2000 clients will downgrade to using +Lanman style printing commands. Windows 9x/ME will be uneffected by +the parameter. However, this will also disable the ability to upload +printer drivers to a Samba server via the Windows NT Add Printer +Wizard or by using the NT printer properties dialog window. It will +also disable the capability of Windows NT/2000 clients to download +print drivers from the Samba host upon demand. +\fBBe very careful about enabling this parameter.\fR + +See also use client driver + +Default : \fBdisable spoolss = no\fR +.TP +\fBdns proxy (G)\fR +Specifies that nmbd(8) +when acting as a WINS server and finding that a NetBIOS name has not +been registered, should treat the NetBIOS name word-for-word as a DNS +name and do a lookup with the DNS server for that name on behalf of +the name-querying client. + +Note that the maximum length for a NetBIOS name is 15 +characters, so the DNS name (or DNS alias) can likewise only be +15 characters, maximum. + +\fBnmbd\fR spawns a second copy of itself to do the +DNS name lookup requests, as doing a name lookup is a blocking +action. + +See also the parameter \fI wins support\fR. + +Default: \fBdns proxy = yes\fR +.TP +\fBdomain admin group (G)\fR +This parameter is intended as a temporary solution +to enable users to be a member of the "Domain Admins" group when +a Samba host is acting as a PDC. A complete solution will be provided +by a system for mapping Windows NT/2000 groups onto UNIX groups. +Please note that this parameter has a somewhat confusing name. It +accepts a list of usernames and of group names in standard +\fIsmb.conf\fR notation. + +See also \fIdomain +guest group\fR, \fIdomain +logons\fR + +Default: \fBno domain administrators\fR + +Example: \fBdomain admin group = root @wheel\fR +.TP +\fBdomain guest group (G)\fR +This parameter is intended as a temporary solution +to enable users to be a member of the "Domain Guests" group when +a Samba host is acting as a PDC. A complete solution will be provided +by a system for mapping Windows NT/2000 groups onto UNIX groups. +Please note that this parameter has a somewhat confusing name. It +accepts a list of usernames and of group names in standard +\fIsmb.conf\fR notation. + +See also \fIdomain +admin group\fR, \fIdomain +logons\fR + +Default: \fBno domain guests\fR + +Example: \fBdomain guest group = nobody @guest\fR +.TP +\fBdomain logons (G)\fR +If set to true, the Samba server will serve +Windows 95/98 Domain logons for the \fIworkgroup\fR it is in. Samba 2.2 also +has limited capability to act as a domain controller for Windows +NT 4 Domains. For more details on setting up this feature see +the Samba-PDC-HOWTO included in the \fIhtmldocs/\fR +directory shipped with the source code. + +Default: \fBdomain logons = no\fR +.TP +\fBdomain master (G)\fR +Tell \fB nmbd(8)\fRto enable WAN-wide browse list +collation. Setting this option causes \fBnmbd\fR to +claim a special domain specific NetBIOS name that identifies +it as a domain master browser for its given \fIworkgroup\fR. Local master browsers +in the same \fIworkgroup\fR on broadcast-isolated +subnets will give this \fBnmbd\fR their local browse lists, +and then ask \fBsmbd(8)\fR +for a complete copy of the browse list for the whole wide area +network. Browser clients will then contact their local master browser, +and will receive the domain-wide browse list, instead of just the list +for their broadcast-isolated subnet. + +Note that Windows NT Primary Domain Controllers expect to be +able to claim this \fIworkgroup\fR specific special +NetBIOS name that identifies them as domain master browsers for +that \fIworkgroup\fR by default (i.e. there is no +way to prevent a Windows NT PDC from attempting to do this). This +means that if this parameter is set and \fBnmbd\fR claims +the special name for a \fIworkgroup\fR before a Windows +NT PDC is able to do so then cross subnet browsing will behave +strangely and may fail. + +If \fBdomain logons = yes\fR +, then the default behavior is to enable the \fIdomain +master\fR parameter. If \fIdomain logons\fR is +not enabled (the default setting), then neither will \fIdomain +master\fR be enabled by default. + +Default: \fBdomain master = auto\fR +.TP +\fBdont descend (S)\fR +There are certain directories on some systems +(e.g., the \fI/proc\fR tree under Linux) that are either not +of interest to clients or are infinitely deep (recursive). This +parameter allows you to specify a comma-delimited list of directories +that the server should always show as empty. + +Note that Samba can be very fussy about the exact format +of the "dont descend" entries. For example you may need \fI ./proc\fR instead of just \fI/proc\fR. +Experimentation is the best policy :-) + +Default: \fBnone (i.e., all directories are OK +to descend)\fR + +Example: \fBdont descend = /proc,/dev\fR +.TP +\fBdos filemode (S)\fR +The default behavior in Samba is to provide +UNIX-like behavior where only the owner of a file/directory is +able to change the permissions on it. However, this behavior +is often confusing to DOS/Windows users. Enabling this parameter +allows a user who has write access to the file (by whatever +means) to modify the permissions on it. Note that a user +belonging to the group owning the file will not be allowed to +change permissions if the group is only granted read access. +Ownership of the file/directory is not changed, only the permissions +are modified. + +Default: \fBdos filemode = no\fR +.TP +\fBdos filetime resolution (S)\fR +Under the DOS and Windows FAT filesystem, the finest +granularity on time resolution is two seconds. Setting this parameter +for a share causes Samba to round the reported time down to the +nearest two second boundary when a query call that requires one second +resolution is made to \fBsmbd(8)\fR +. + +This option is mainly used as a compatibility option for Visual +C++ when used against Samba shares. If oplocks are enabled on a +share, Visual C++ uses two different time reading calls to check if a +file has changed since it was last read. One of these calls uses a +one-second granularity, the other uses a two second granularity. As +the two second call rounds any odd second down, then if the file has a +timestamp of an odd number of seconds then the two timestamps will not +match and Visual C++ will keep reporting the file has changed. Setting +this option causes the two timestamps to match, and Visual C++ is +happy. + +Default: \fBdos filetime resolution = no\fR +.TP +\fBdos filetimes (S)\fR +Under DOS and Windows, if a user can write to a +file they can change the timestamp on it. Under POSIX semantics, +only the owner of the file or root may change the timestamp. By +default, Samba runs with POSIX semantics and refuses to change the +timestamp on a file if the user \fBsmbd\fR is acting +on behalf of is not the file owner. Setting this option to true allows DOS semantics and smbdwill change the file +timestamp as DOS requires. + +Default: \fBdos filetimes = no\fR +.TP +\fBencrypt passwords (G)\fR +This boolean controls whether encrypted passwords +will be negotiated with the client. Note that Windows NT 4.0 SP3 and +above and also Windows 98 will by default expect encrypted passwords +unless a registry entry is changed. To use encrypted passwords in +Samba see the file ENCRYPTION.txt in the Samba documentation +directory \fIdocs/\fR shipped with the source code. + +In order for encrypted passwords to work correctly +\fBsmbd(8)\fRmust either +have access to a local \fIsmbpasswd(5) +\fRprogram for information on how to set up +and maintain this file), or set the security = [server|domain|ads] parameter which +causes \fBsmbd\fR to authenticate against another +server. -Example 1: allow all IPs in 150.203.*.* except one +Default: \fBencrypt passwords = yes\fR +.TP +\fBenhanced browsing (G)\fR +This option enables a couple of enhancements to +cross-subnet browse propagation that have been added in Samba +but which are not standard in Microsoft implementations. + +The first enhancement to browse propagation consists of a regular +wildcard query to a Samba WINS server for all Domain Master Browsers, +followed by a browse synchronization with each of the returned +DMBs. The second enhancement consists of a regular randomised browse +synchronization with all currently known DMBs. + +You may wish to disable this option if you have a problem with empty +workgroups not disappearing from browse lists. Due to the restrictions +of the browse protocols these enhancements can cause a empty workgroup +to stay around forever which can be annoying. + +In general you should leave this option enabled as it makes +cross-subnet browse propagation much more reliable. + +Default: \fBenhanced browsing = yes\fR +.TP +\fBenumports command (G)\fR +The concept of a "port" is fairly foreign +to UNIX hosts. Under Windows NT/2000 print servers, a port +is associated with a port monitor and generally takes the form of +a local port (i.e. LPT1:, COM1:, FILE:) or a remote port +(i.e. LPD Port Monitor, etc...). By default, Samba has only one +port defined--"Samba Printer Port". Under +Windows NT/2000, all printers must have a valid port name. +If you wish to have a list of ports displayed (\fBsmbd +\fRdoes not use a port name for anything) other than +the default "Samba Printer Port", you +can define \fIenumports command\fR to point to +a program which should generate a list of ports, one per line, +to standard output. This listing will then be used in response +to the level 1 and 2 EnumPorts() RPC. + +Default: \fBno enumports command\fR + +Example: \fBenumports command = /usr/bin/listports +\fR.TP +\fBexec (S)\fR +This is a synonym for \fIpreexec\fR. +.TP +\fBfake directory create times (S)\fR +NTFS and Windows VFAT file systems keep a create +time for all files and directories. This is not the same as the +ctime - status change time - that Unix keeps, so Samba by default +reports the earliest of the various times Unix does keep. Setting +this parameter for a share causes Samba to always report midnight +1-1-1980 as the create time for directories. + +This option is mainly used as a compatibility option for +Visual C++ when used against Samba shares. Visual C++ generated +makefiles have the object directory as a dependency for each object +file, and a make rule to create the directory. Also, when NMAKE +compares timestamps it uses the creation time when examining a +directory. Thus the object directory will be created if it does not +exist, but once it does exist it will always have an earlier +timestamp than the object files it contains. + +However, Unix time semantics mean that the create time +reported by Samba will be updated whenever a file is created or +or deleted in the directory. NMAKE finds all object files in +the object directory. The timestamp of the last one built is then +compared to the timestamp of the object directory. If the +directory's timestamp if newer, then all object files +will be rebuilt. Enabling this option +ensures directories always predate their contents and an NMAKE build +will proceed as expected. + +Default: \fBfake directory create times = no\fR +.TP +\fBfake oplocks (S)\fR +Oplocks are the way that SMB clients get permission +from a server to locally cache file operations. If a server grants +an oplock (opportunistic lock) then the client is free to assume +that it is the only one accessing the file and it will aggressively +cache file data. With some oplock types the client may even cache +file open/close operations. This can give enormous performance benefits. + +When you set \fBfake oplocks = yes\fR, \fBsmbd(8)\fRwill +always grant oplock requests no matter how many clients are using +the file. + +It is generally much better to use the real \fIoplocks\fR support rather +than this parameter. + +If you enable this option on all read-only shares or +shares that you know will only be accessed from one client at a +time such as physically read-only media like CDROMs, you will see +a big performance improvement on many operations. If you enable +this option on shares where multiple clients may be accessing the +files read-write at the same time you can get data corruption. Use +this option carefully! + +Default: \fBfake oplocks = no\fR +.TP +\fBfollow symlinks (S)\fR +This parameter allows the Samba administrator +to stop \fBsmbd(8)\fR +from following symbolic links in a particular share. Setting this +parameter to no prevents any file or directory +that is a symbolic link from being followed (the user will get an +error). This option is very useful to stop users from adding a +symbolic link to \fI/etc/passwd\fR in their home +directory for instance. However it will slow filename lookups +down slightly. + +This option is enabled (i.e. \fBsmbd\fR will +follow symbolic links) by default. + +Default: \fBfollow symlinks = yes\fR +.TP +\fBforce create mode (S)\fR +This parameter specifies a set of UNIX mode bit +permissions that will \fBalways\fR be set on a +file created by Samba. This is done by bitwise 'OR'ing these bits onto +the mode bits of a file that is being created or having its +permissions changed. The default for this parameter is (in octal) +000. The modes in this parameter are bitwise 'OR'ed onto the file +mode after the mask set in the \fIcreate mask\fR +parameter is applied. + +See also the parameter \fIcreate +mask\fR for details on masking mode bits on files. + +See also the \fIinherit +permissions\fR parameter. + +Default: \fBforce create mode = 000\fR + +Example: \fBforce create mode = 0755\fR + +would force all created files to have read and execute +permissions set for 'group' and 'other' as well as the +read/write/execute bits set for the 'user'. +.TP +\fBforce directory mode (S)\fR +This parameter specifies a set of UNIX mode bit +permissions that will \fBalways\fR be set on a directory +created by Samba. This is done by bitwise 'OR'ing these bits onto the +mode bits of a directory that is being created. The default for this +parameter is (in octal) 0000 which will not add any extra permission +bits to a created directory. This operation is done after the mode +mask in the parameter \fIdirectory mask\fR is +applied. + +See also the parameter \fI directory mask\fR for details on masking mode bits +on created directories. + +See also the \fI inherit permissions\fR parameter. + +Default: \fBforce directory mode = 000\fR + +Example: \fBforce directory mode = 0755\fR + +would force all created directories to have read and execute +permissions set for 'group' and 'other' as well as the +read/write/execute bits set for the 'user'. +.TP +\fBforce directory security mode (S)\fR +This parameter controls what UNIX permission bits +can be modified when a Windows NT client is manipulating the UNIX +permission on a directory using the native NT security dialog box. + +This parameter is applied as a mask (OR'ed with) to the +changed permission bits, thus forcing any bits in this mask that +the user may have modified to be on. Essentially, one bits in this +mask may be treated as a set of bits that, when modifying security +on a directory, the user has always set to be 'on'. + +If not set explicitly this parameter is 000, which +allows a user to modify all the user/group/world permissions on a +directory without restrictions. + +\fBNote\fR that users who can access the +Samba server through other means can easily bypass this restriction, +so it is primarily useful for standalone "appliance" systems. +Administrators of most normal systems will probably want to leave +it set as 0000. + +See also the \fI directory security mask\fR, \fIsecurity mask\fR, +\fIforce security mode +\fRparameters. + +Default: \fBforce directory security mode = 0\fR + +Example: \fBforce directory security mode = 700\fR +.TP +\fBforce group (S)\fR +This specifies a UNIX group name that will be +assigned as the default primary group for all users connecting +to this service. This is useful for sharing files by ensuring +that all access to files on service will use the named group for +their permissions checking. Thus, by assigning permissions for this +group to the files and directories within this service the Samba +administrator can restrict or allow sharing of these files. + +In Samba 2.0.5 and above this parameter has extended +functionality in the following way. If the group name listed here +has a '+' character prepended to it then the current user accessing +the share only has the primary group default assigned to this group +if they are already assigned as a member of that group. This allows +an administrator to decide that only users who are already in a +particular group will create files with group ownership set to that +group. This gives a finer granularity of ownership assignment. For +example, the setting \fIforce group = +sys\fR means +that only users who are already in group sys will have their default +primary group assigned to sys when accessing this Samba share. All +other users will retain their ordinary primary group. + +If the \fIforce user +\fRparameter is also set the group specified in +\fIforce group\fR will override the primary group +set in \fIforce user\fR. + +See also \fIforce +user\fR. + +Default: \fBno forced group\fR + +Example: \fBforce group = agroup\fR +.TP +\fBforce security mode (S)\fR +This parameter controls what UNIX permission +bits can be modified when a Windows NT client is manipulating +the UNIX permission on a file using the native NT security dialog +box. + +This parameter is applied as a mask (OR'ed with) to the +changed permission bits, thus forcing any bits in this mask that +the user may have modified to be on. Essentially, one bits in this +mask may be treated as a set of bits that, when modifying security +on a file, the user has always set to be 'on'. + +If not set explicitly this parameter is set to 0, +and allows a user to modify all the user/group/world permissions on a file, +with no restrictions. + +\fBNote\fR that users who can access +the Samba server through other means can easily bypass this restriction, +so it is primarily useful for standalone "appliance" systems. +Administrators of most normal systems will probably want to leave +this set to 0000. + +See also the \fI force directory security mode\fR, +\fIdirectory security +mask\fR, \fI security mask\fR parameters. + +Default: \fBforce security mode = 0\fR + +Example: \fBforce security mode = 700\fR +.TP +\fBforce user (S)\fR +This specifies a UNIX user name that will be +assigned as the default user for all users connecting to this service. +This is useful for sharing files. You should also use it carefully +as using it incorrectly can cause security problems. + +This user name only gets used once a connection is established. +Thus clients still need to connect as a valid user and supply a +valid password. Once connected, all file operations will be performed +as the "forced user", no matter what username the client connected +as. This can be very useful. + +In Samba 2.0.5 and above this parameter also causes the +primary group of the forced user to be used as the primary group +for all file activity. Prior to 2.0.5 the primary group was left +as the primary group of the connecting user (this was a bug). + +See also \fIforce group +\fR +Default: \fBno forced user\fR + +Example: \fBforce user = auser\fR +.TP +\fBfstype (S)\fR +This parameter allows the administrator to +configure the string that specifies the type of filesystem a share +is using that is reported by \fBsmbd(8) +\fRwhen a client queries the filesystem type +for a share. The default type is NTFS for +compatibility with Windows NT but this can be changed to other +strings such as Samba or FAT +if required. + +Default: \fBfstype = NTFS\fR + +Example: \fBfstype = Samba\fR +.TP +\fBgetwd cache (G)\fR +This is a tuning option. When this is enabled a +caching algorithm will be used to reduce the time taken for getwd() +calls. This can have a significant impact on performance, especially +when the \fIwide links\fR +parameter is set to false. + +Default: \fBgetwd cache = yes\fR +.TP +\fBgroup (S)\fR +Synonym for \fIforce +group\fR. +.TP +\fBguest account (S)\fR +This is a username which will be used for access +to services which are specified as \fI guest ok\fR (see below). Whatever privileges this +user has will be available to any client connecting to the guest service. +Typically this user will exist in the password file, but will not +have a valid login. The user account "ftp" is often a good choice +for this parameter. If a username is specified in a given service, +the specified username overrides this one. - hosts allow = 150.203. EXCEPT 150.203.6.66 +One some systems the default guest account "nobody" may not +be able to print. Use another account in this case. You should test +this by trying to log in as your guest user (perhaps by using the +\fBsu -\fR command) and trying to print using the +system print command such as \fBlpr(1)\fR or \fB lp(1)\fR. + +Default: \fBspecified at compile time, usually +"nobody"\fR + +Example: \fBguest account = ftp\fR +.TP +\fBguest ok (S)\fR +If this parameter is yes for +a service, then no password is required to connect to the service. +Privileges will be those of the \fI guest account\fR. + +See the section below on \fI security\fR for more information about this option. + +Default: \fBguest ok = no\fR +.TP +\fBguest only (S)\fR +If this parameter is yes for +a service, then only guest connections to the service are permitted. +This parameter will have no effect if \fIguest ok\fR is not set for the service. + +See the section below on \fI security\fR for more information about this option. + +Default: \fBguest only = no\fR +.TP +\fBhide dot files (S)\fR +This is a boolean parameter that controls whether +files starting with a dot appear as hidden files. + +Default: \fBhide dot files = yes\fR +.TP +\fBhide files(S)\fR +This is a list of files or directories that are not +visible but are accessible. The DOS 'hidden' attribute is applied +to any files or directories that match. + +Each entry in the list must be separated by a '/', +which allows spaces to be included in the entry. '*' +and '?' can be used to specify multiple files or directories +as in DOS wildcards. + +Each entry must be a Unix path, not a DOS path and must +not include the Unix directory separator '/'. + +Note that the case sensitivity option is applicable +in hiding files. + +Setting this parameter will affect the performance of Samba, +as it will be forced to check all files and directories for a match +as they are scanned. + +See also \fIhide +dot files\fR, \fI veto files\fR and \fIcase sensitive\fR. + +Default: \fBno file are hidden\fR + +Example: \fBhide files = +/.*/DesktopFolderDB/TrashFor%m/resource.frk/\fR + +The above example is based on files that the Macintosh +SMB client (DAVE) available from +Thursby creates for internal use, and also still hides +all files beginning with a dot. +.TP +\fBhide local users(G)\fR +This parameter toggles the hiding of local UNIX +users (root, wheel, floppy, etc) from remote clients. + +Default: \fBhide local users = no\fR +.TP +\fBhide unreadable (S)\fR +This parameter prevents clients from seeing the +existance of files that cannot be read. Defaults to off. + +Default: \fBhide unreadable = no\fR +.TP +\fBhomedir map (G)\fR +If\fInis homedir +\fRis true, and \fBsmbd(8)\fRis also acting +as a Win95/98 \fIlogon server\fR then this parameter +specifies the NIS (or YP) map from which the server for the user's +home directory should be extracted. At present, only the Sun +auto.home map format is understood. The form of the map is: + +\fBusername server:/some/file/system\fR + +and the program will extract the servername from before +the first ':'. There should probably be a better parsing system +that copes with different map formats and also Amd (another +automounter) maps. + +\fBNOTE :\fRA working NIS client is required on +the system for this option to work. + +See also \fInis homedir\fR +, \fIdomain logons\fR +\&. + +Default: \fBhomedir map = \fR + +Example: \fBhomedir map = amd.homedir\fR +.TP +\fBhost msdfs (G)\fR +This boolean parameter is only available +if Samba has been configured and compiled with the \fB --with-msdfs\fR option. If set to yes, +Samba will act as a Dfs server, and allow Dfs-aware clients +to browse Dfs trees hosted on the server. + +See also the \fI msdfs root\fR share level parameter. For +more information on setting up a Dfs tree on Samba, +refer to msdfs_setup.html. + +Default: \fBhost msdfs = no\fR +.TP +\fBhosts allow (S)\fR +A synonym for this parameter is \fIallow +hosts\fR. + +This parameter is a comma, space, or tab delimited +set of hosts which are permitted to access a service. + +If specified in the [global] section then it will +apply to all services, regardless of whether the individual +service has a different setting. + +You can specify the hosts by name or IP number. For +example, you could restrict access to only the hosts on a +Class C subnet with something like \fBallow hosts = 150.203.5. +\fR\&. The full syntax of the list is described in the man +page \fIhosts_access(5)\fR. Note that this man +page may not be present on your system, so a brief description will +be given here also. + +Note that the localhost address 127.0.0.1 will always +be allowed access unless specifically denied by a \fIhosts deny\fR option. + +You can also specify hosts by network/netmask pairs and +by netgroup names if your system supports netgroups. The +\fBEXCEPT\fR keyword can also be used to limit a +wildcard list. The following examples may provide some help: + +Example 1: allow all IPs in 150.203.*.*; except one + +\fBhosts allow = 150.203. EXCEPT 150.203.6.66\fR Example 2: allow hosts that match the given network/netmask - hosts allow = 150.203.15.0/255.255.255.0 +\fBhosts allow = 150.203.15.0/255.255.255.0\fR Example 3: allow a couple of hosts - hosts allow = lapland, arvidsjaur +\fBhosts allow = lapland, arvidsjaur\fR -Example 4: allow only hosts in netgroup "foonet" or localhost, but +Example 4: allow only hosts in NIS netgroup "foonet", but deny access from one particular host - hosts allow = @foonet, localhost - hosts deny = pirate +\fBhosts allow = @foonet\fR -Note that access still requires suitable user-level passwords. - -See testparm(1) for a way of testing your host access to see if it -does what you expect. +\fBhosts deny = pirate\fR -.B Default: - none (ie., all hosts permitted access) +Note that access still requires suitable user-level passwords. -.B Example: - allow hosts = 150.203.5. myhost.mynet.edu.au +See \fBtestparm(1)\fR +for a way of testing your host access to see if it does +what you expect. + +Default: \fBnone (i.e., all hosts permitted access) +\fR +Example: \fBallow hosts = 150.203.5. myhost.mynet.edu.au +\fR.TP +\fBhosts deny (S)\fR +The opposite of \fIhosts allow\fR +- hosts listed here are \fBNOT\fR permitted access to +services unless the specific services have their own lists to override +this one. Where the lists conflict, the \fIallow\fR +list takes precedence. + +Default: \fBnone (i.e., no hosts specifically excluded) +\fR +Example: \fBhosts deny = 150.203.4. badhost.mynet.edu.au +\fR.TP +\fBhosts equiv (G)\fR +If this global parameter is a non-null string, +it specifies the name of a file to read for the names of hosts +and users who will be allowed access without specifying a password. + +This is not be confused with \fIhosts allow\fR which is about hosts +access to services and is more useful for guest services. \fI hosts equiv\fR may be useful for NT clients which will +not supply passwords to Samba. + +\fBNOTE :\fR The use of \fIhosts equiv +\fRcan be a major security hole. This is because you are +trusting the PC to supply the correct username. It is very easy to +get a PC to supply a false username. I recommend that the +\fIhosts equiv\fR option be only used if you really +know what you are doing, or perhaps on a home network where you trust +your spouse and kids. And only if you \fBreally\fR trust +them :-). + +Default: \fBno host equivalences\fR + +Example: \fBhosts equiv = /etc/hosts.equiv\fR +.TP +\fBinclude (G)\fR +This allows you to include one config file +inside another. The file is included literally, as though typed +in place. + +It takes the standard substitutions, except \fI%u +\fR, \fI%P\fR and \fI%S\fR. + +Default: \fBno file included\fR + +Example: \fBinclude = /usr/local/samba/lib/admin_smb.conf +\fR.TP +\fBinherit permissions (S)\fR +The permissions on new files and directories +are normally governed by \fI create mask\fR, \fIdirectory mask\fR, \fIforce create mode\fR +and \fIforce +directory mode\fR but the boolean inherit +permissions parameter overrides this. + +New directories inherit the mode of the parent directory, +including bits such as setgid. + +New files inherit their read/write bits from the parent +directory. Their execute bits continue to be determined by +\fImap archive\fR +, \fImap hidden\fR +and \fImap system\fR +as usual. + +Note that the setuid bit is \fBnever\fR set via +inheritance (the code explicitly prohibits this). + +This can be particularly useful on large systems with +many users, perhaps several thousand, to allow a single [homes] +share to be used flexibly by each user. + +See also \fIcreate mask +\fR, \fI directory mask\fR, \fIforce create mode\fR and \fIforce directory mode\fR +\&. + +Default: \fBinherit permissions = no\fR +.TP +\fBinterfaces (G)\fR +This option allows you to override the default +network interfaces list that Samba will use for browsing, name +registration and other NBT traffic. By default Samba will query +the kernel for the list of all active interfaces and use any +interfaces except 127.0.0.1 that are broadcast capable. + +The option takes a list of interface strings. Each string +can be in any of the following forms: +.RS +.TP 0.2i +\(bu +a network interface name (such as eth0). +This may include shell-like wildcards so eth* will match +any interface starting with the substring "eth" +.TP 0.2i +\(bu +an IP address. In this case the netmask is +determined from the list of interfaces obtained from the +kernel +.TP 0.2i +\(bu +an IP/mask pair. +.TP 0.2i +\(bu +a broadcast/mask pair. +.RE +.PP +The "mask" parameters can either be a bit length (such +as 24 for a C class network) or a full netmask in dotted +decimal form. +.PP +.PP +The "IP" parameters above can either be a full dotted +decimal IP address or a hostname which will be looked up via +the OS's normal hostname resolution mechanisms. +.PP +.PP +For example, the following line: +.PP +.PP +\fBinterfaces = eth0 192.168.2.10/24 192.168.3.10/255.255.255.0 +\fR.PP +.PP +would configure three network interfaces corresponding +to the eth0 device and IP addresses 192.168.2.10 and 192.168.3.10. +The netmasks of the latter two interfaces would be set to 255.255.255.0. +.PP +.PP +See also \fIbind +interfaces only\fR. +.PP +.PP +Default: \fBall active interfaces except 127.0.0.1 +that are broadcast capable\fR +.PP +.TP +\fBinvalid users (S)\fR +This is a list of users that should not be allowed +to login to this service. This is really a \fBparanoid\fR +check to absolutely ensure an improper setting does not breach +your security. + +A name starting with a '@' is interpreted as an NIS +netgroup first (if your system supports NIS), and then as a UNIX +group if the name was not found in the NIS netgroup database. + +A name starting with '+' is interpreted only +by looking in the UNIX group database. A name starting with +\&'&' is interpreted only by looking in the NIS netgroup database +(this requires NIS to be working on your system). The characters +\&'+' and '&' may be used at the start of the name in either order +so the value \fI+&group\fR means check the +UNIX group database, followed by the NIS netgroup database, and +the value \fI&+group\fR means check the NIS +netgroup database, followed by the UNIX group database (the +same as the '@' prefix). + +The current servicename is substituted for \fI%S\fR. +This is useful in the [homes] section. + +See also \fIvalid users +\fR\&. + +Default: \fBno invalid users\fR + +Example: \fBinvalid users = root fred admin @wheel +\fR.TP +\fBkeepalive (G)\fR +The value of the parameter (an integer) represents +the number of seconds between \fIkeepalive\fR +packets. If this parameter is zero, no keepalive packets will be +sent. Keepalive packets, if sent, allow the server to tell whether +a client is still present and responding. + +Keepalives should, in general, not be needed if the socket +being used has the SO_KEEPALIVE attribute set on it (see \fIsocket options\fR). +Basically you should only use this option if you strike difficulties. + +Default: \fBkeepalive = 300\fR + +Example: \fBkeepalive = 600\fR +.TP +\fBkernel oplocks (G)\fR +For UNIXes that support kernel based \fIoplocks\fR +(currently only IRIX and the Linux 2.4 kernel), this parameter +allows the use of them to be turned on or off. + +Kernel oplocks support allows Samba \fIoplocks +\fRto be broken whenever a local UNIX process or NFS operation +accesses a file that \fBsmbd(8)\fR +has oplocked. This allows complete data consistency between +SMB/CIFS, NFS and local file access (and is a \fBvery\fR +cool feature :-). + +This parameter defaults to on, but is translated +to a no-op on systems that no not have the necessary kernel support. +You should never need to touch this parameter. + +See also the \fIoplocks\fR +and \fIlevel2 oplocks +\fRparameters. + +Default: \fBkernel oplocks = yes\fR +.TP +\fBlanman auth (G)\fR +This parameter determines whether or not smbdwill +attempt to authenticate users using the LANMAN password hash. +If disabled, only clients which support NT password hashes (e.g. Windows +NT/2000 clients, smbclient, etc... but not Windows 95/98 or the MS DOS +network client) will be able to connect to the Samba host. + +Default : \fBlanman auth = yes\fR +.TP +\fBlarge readwrite (G)\fR +This parameter determines whether or not smbd +supports the new 64k streaming read and write varient SMB requests introduced +with Windows 2000. Note that due to Windows 2000 client redirector bugs +this requires Samba to be running on a 64-bit capable operating system such +as IRIX, Solaris or a Linux 2.4 kernel. Can improve performance by 10% with +Windows 2000 clients. Defaults to on. Not as tested as some other Samba +code paths. + +Default : \fBlarge readwrite = yes\fR +.TP +\fBldap admin dn (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +The \fIldap admin dn\fR defines the Distinguished +Name (DN) name used by Samba to contact the ldap +server when retreiving user account information. The \fIldap +admin dn\fR is used in conjunction with the admin dn password +stored in the \fIprivate/secrets.tdb\fR file. See the +\fBsmbpasswd(8)\fRman +page for more information on how to accmplish this. + +Default : \fBnone\fR +.TP +\fBldap filter (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This parameter specifies the RFC 2254 compliant LDAP search filter. +The default is to match the login name with the uid +attribute for all entries matching the sambaAccount +objectclass. Note that this filter should only return one entry. + +Default : \fBldap filter = (&(uid=%u)(objectclass=sambaAccount))\fR +.TP +\fBldap port (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This option is used to control the tcp port number used to contact +the \fIldap server\fR. +The default is to use the stand LDAPS port 636. + +See Also: ldap ssl + +Default : \fBldap port = 636\fR +.TP +\fBldap server (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This parameter should contains the FQDN of the ldap directory +server which should be queried to locate user account information. + +Default : \fBldap server = localhost\fR +.TP +\fBldap ssl (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +This option is used to define whether or not Samba should +use SSL when connecting to the \fIldap +server\fR. This is \fBNOT\fR related to +Samba SSL support which is enabled by specifying the +\fB--with-ssl\fR option to the \fIconfigure\fR +script (see \fIssl\fR). + +The \fIldap ssl\fR can be set to one of three values: +(a) on - Always use SSL when contacting the +\fIldap server\fR, (b) off - +Never use SSL when querying the directory, or (c) start_tls +- Use the LDAPv3 StartTLS extended operation +(RFC2830) for communicating with the directory server. + +Default : \fBldap ssl = on\fR +.TP +\fBldap suffix (G)\fR +This parameter is only available if Samba has been +configure to include the \fB--with-ldapsam\fR option +at compile time. This option should be considered experimental and +under active development. + +Default : \fBnone\fR +.TP +\fBlevel2 oplocks (S)\fR +This parameter controls whether Samba supports +level2 (read-only) oplocks on a share. + +Level2, or read-only oplocks allow Windows NT clients +that have an oplock on a file to downgrade from a read-write oplock +to a read-only oplock once a second client opens the file (instead +of releasing all oplocks on a second open, as in traditional, +exclusive oplocks). This allows all openers of the file that +support level2 oplocks to cache the file for read-ahead only (ie. +they may not cache writes or lock requests) and increases performance +for many accesses of files that are not commonly written (such as +application .EXE files). + +Once one of the clients which have a read-only oplock +writes to the file all clients are notified (no reply is needed +or waited for) and told to break their oplocks to "none" and +delete any read-ahead caches. + +It is recommended that this parameter be turned on +to speed access to shared executables. + +For more discussions on level2 oplocks see the CIFS spec. + +Currently, if \fIkernel +oplocks\fR are supported then level2 oplocks are +not granted (even if this parameter is set to yes). +Note also, the \fIoplocks\fR +parameter must be set to true on this share in order for +this parameter to have any effect. + +See also the \fIoplocks\fR +and \fIkernel oplocks\fR +parameters. + +Default: \fBlevel2 oplocks = yes\fR +.TP +\fBlm announce (G)\fR +This parameter determines if \fBnmbd(8)\fRwill produce Lanman announce +broadcasts that are needed by OS/2 clients in order for them to see +the Samba server in their browse list. This parameter can have three +values, true, false, or +auto. The default is auto. +If set to false Samba will never produce these +broadcasts. If set to true Samba will produce +Lanman announce broadcasts at a frequency set by the parameter +\fIlm interval\fR. If set to auto +Samba will not send Lanman announce broadcasts by default but will +listen for them. If it hears such a broadcast on the wire it will +then start sending them at a frequency set by the parameter +\fIlm interval\fR. + +See also \fIlm interval +\fR\&. + +Default: \fBlm announce = auto\fR + +Example: \fBlm announce = yes\fR +.TP +\fBlm interval (G)\fR +If Samba is set to produce Lanman announce +broadcasts needed by OS/2 clients (see the \fIlm announce\fR parameter) then this +parameter defines the frequency in seconds with which they will be +made. If this is set to zero then no Lanman announcements will be +made despite the setting of the \fIlm announce\fR +parameter. + +See also \fIlm +announce\fR. + +Default: \fBlm interval = 60\fR + +Example: \fBlm interval = 120\fR +.TP +\fBload printers (G)\fR +A boolean variable that controls whether all +printers in the printcap will be loaded for browsing by default. +See the printers section for +more details. + +Default: \fBload printers = yes\fR +.TP +\fBlocal master (G)\fR +This option allows \fB nmbd(8)\fRto try and become a local master browser +on a subnet. If set to false then \fB nmbd\fR will not attempt to become a local master browser +on a subnet and will also lose in all browsing elections. By +default this value is set to true. Setting this value to true doesn't +mean that Samba will \fBbecome\fR the local master +browser on a subnet, just that \fBnmbd\fR will \fB participate\fR in elections for local master browser. + +Setting this value to false will cause \fBnmbd\fR +\fBnever\fR to become a local master browser. + +Default: \fBlocal master = yes\fR +.TP +\fBlock dir (G)\fR +Synonym for \fI lock directory\fR. +.TP +\fBlock directory (G)\fR +This option specifies the directory where lock +files will be placed. The lock files are used to implement the +\fImax connections\fR +option. + +Default: \fBlock directory = ${prefix}/var/locks\fR + +Example: \fBlock directory = /var/run/samba/locks\fR +.TP +\fBlocking (S)\fR +This controls whether or not locking will be +performed by the server in response to lock requests from the +client. + +If \fBlocking = no\fR, all lock and unlock +requests will appear to succeed and all lock queries will report +that the file in question is available for locking. + +If \fBlocking = yes\fR, real locking will be performed +by the server. + +This option \fBmay\fR be useful for read-only +filesystems which \fBmay\fR not need locking (such as +CDROM drives), although setting this parameter of no +is not really recommended even in this case. + +Be careful about disabling locking either globally or in a +specific service, as lack of locking may result in data corruption. +You should never need to set this parameter. + +Default: \fBlocking = yes\fR +.TP +\fBlog file (G)\fR +This option allows you to override the name +of the Samba log file (also known as the debug file). + +This option takes the standard substitutions, allowing +you to have separate log files for each user or machine. + +Example: \fBlog file = /usr/local/samba/var/log.%m +\fR.TP +\fBlog level (G)\fR +The value of the parameter (an integer) allows +the debug level (logging level) to be specified in the +\fIsmb.conf\fR file. This is to give greater +flexibility in the configuration of the system. + +The default will be the log level specified on +the command line or level zero if none was specified. + +Example: \fBlog level = 3\fR +.TP +\fBlogon drive (G)\fR +This parameter specifies the local path to +which the home directory will be connected (see \fIlogon home\fR) +and is only used by NT Workstations. + +Note that this option is only useful if Samba is set up as a +logon server. + +Default: \fBlogon drive = z:\fR + +Example: \fBlogon drive = h:\fR +.TP +\fBlogon home (G)\fR +This parameter specifies the home directory +location when a Win95/98 or NT Workstation logs into a Samba PDC. +It allows you to do + +C:\\> \fBNET USE H: /HOME\fR + +from a command prompt, for example. + +This option takes the standard substitutions, allowing +you to have separate logon scripts for each user or machine. + +This parameter can be used with Win9X workstations to ensure +that roaming profiles are stored in a subdirectory of the user's +home directory. This is done in the following way: + +\fBlogon home = \\\\%N\\%U\\profile\fR + +This tells Samba to return the above string, with +substitutions made when a client requests the info, generally +in a NetUserGetInfo request. Win9X clients truncate the info to +\\\\server\\share when a user does \fBnet use /home\fR +but use the whole string when dealing with profiles. + +Note that in prior versions of Samba, the \fIlogon path\fR was returned rather than +\fIlogon home\fR. This broke \fBnet use +/home\fR but allowed profiles outside the home directory. +The current implementation is correct, and can be used for +profiles if you use the above trick. + +This option is only useful if Samba is set up as a logon +server. -.SS alternate permissions (S) +Default: \fBlogon home = "\\\\%N\\%U"\fR + +Example: \fBlogon home = "\\\\remote_smb_server\\%U"\fR +.TP +\fBlogon path (G)\fR +This parameter specifies the home directory +where roaming profiles (NTuser.dat etc files for Windows NT) are +stored. Contrary to previous versions of these manual pages, it has +nothing to do with Win 9X roaming profiles. To find out how to +handle roaming profiles for Win 9X system, see the \fIlogon home\fR parameter. + +This option takes the standard substitutions, allowing you +to have separate logon scripts for each user or machine. It also +specifies the directory from which the "Application Data", +(\fIdesktop\fR, \fIstart menu\fR, +\fInetwork neighborhood\fR, \fIprograms\fR +and other folders, and their contents, are loaded and displayed on +your Windows NT client. + +The share and the path must be readable by the user for +the preferences and directories to be loaded onto the Windows NT +client. The share must be writeable when the user logs in for the first +time, in order that the Windows NT client can create the NTuser.dat +and other directories. + +Thereafter, the directories and any of the contents can, +if required, be made read-only. It is not advisable that the +NTuser.dat file be made read-only - rename it to NTuser.man to +achieve the desired effect (a \fBMAN\fRdatory +profile). + +Windows clients can sometimes maintain a connection to +the [homes] share, even though there is no user logged in. +Therefore, it is vital that the logon path does not include a +reference to the homes share (i.e. setting this parameter to +\\%N\\%U\\profile_path will cause problems). + +This option takes the standard substitutions, allowing +you to have separate logon scripts for each user or machine. + +Note that this option is only useful if Samba is set up +as a logon server. + +Default: \fBlogon path = \\\\%N\\%U\\profile\fR + +Example: \fBlogon path = \\\\PROFILESERVER\\PROFILE\\%U\fR +.TP +\fBlogon script (G)\fR +This parameter specifies the batch file (.bat) or +NT command file (.cmd) to be downloaded and run on a machine when +a user successfully logs in. The file must contain the DOS +style CR/LF line endings. Using a DOS-style editor to create the +file is recommended. + +The script must be a relative path to the [netlogon] +service. If the [netlogon] service specifies a \fIpath\fR of \fI/usr/local/samba/netlogon +\fR, and \fBlogon script = STARTUP.BAT\fR, then +the file that will be downloaded is: + +\fI/usr/local/samba/netlogon/STARTUP.BAT\fR + +The contents of the batch file are entirely your choice. A +suggested command would be to add \fBNET TIME \\\\SERVER /SET +/YES\fR, to force every machine to synchronize clocks with +the same time server. Another use would be to add \fBNET USE +U: \\\\SERVER\\UTILS\fR for commonly used utilities, or \fB NET USE Q: \\\\SERVER\\ISO9001_QA\fR for example. + +Note that it is particularly important not to allow write +access to the [netlogon] share, or to grant users write permission +on the batch files in a secure environment, as this would allow +the batch files to be arbitrarily modified and security to be +breached. + +This option takes the standard substitutions, allowing you +to have separate logon scripts for each user or machine. + +This option is only useful if Samba is set up as a logon +server. -This option affects the way the "read only" DOS attribute is produced -for unix files. If this is false then the read only bit is set for -files on writeable shares which the user cannot write to. +Default: \fBno logon script defined\fR + +Example: \fBlogon script = scripts\\%U.bat\fR +.TP +\fBlppause command (S)\fR +This parameter specifies the command to be +executed on the server host in order to stop printing or spooling +a specific print job. + +This command should be a program or script which takes +a printer name and job number to pause the print job. One way +of implementing this is by using job priorities, where jobs +having a too low priority won't be sent to the printer. + +If a \fI%p\fR is given then the printer name +is put in its place. A \fI%j\fR is replaced with +the job number (an integer). On HPUX (see \fIprinting=hpux +\fR), if the \fI-p%p\fR option is added +to the lpq command, the job will show up with the correct status, i.e. +if the job priority is lower than the set fence priority it will +have the PAUSED status, whereas if the priority is equal or higher it +will have the SPOOLED or PRINTING status. + +Note that it is good practice to include the absolute path +in the lppause command as the PATH may not be available to the server. + +See also the \fIprinting +\fRparameter. + +Default: Currently no default value is given to +this string, unless the value of the \fIprinting\fR +parameter is SYSV, in which case the default is : + +\fBlp -i %p-%j -H hold\fR + +or if the value of the \fIprinting\fR parameter +is SOFTQ, then the default is: + +\fBqstat -s -j%j -h\fR + +Example for HPUX: \fBlppause command = /usr/bin/lpalt +%p-%j -p0\fR +.TP +\fBlpq cache time (G)\fR +This controls how long lpq info will be cached +for to prevent the \fBlpq\fR command being called too +often. A separate cache is kept for each variation of the \fB lpq\fR command used by the system, so if you use different +\fBlpq\fR commands for different users then they won't +share cache information. + +The cache files are stored in \fI/tmp/lpq.xxxx\fR +where xxxx is a hash of the \fBlpq\fR command in use. + +The default is 10 seconds, meaning that the cached results +of a previous identical \fBlpq\fR command will be used +if the cached data is less than 10 seconds old. A large value may +be advisable if your \fBlpq\fR command is very slow. + +A value of 0 will disable caching completely. + +See also the \fIprinting +\fRparameter. + +Default: \fBlpq cache time = 10\fR + +Example: \fBlpq cache time = 30\fR +.TP +\fBlpq command (S)\fR +This parameter specifies the command to be +executed on the server host in order to obtain \fBlpq +\fR-style printer status information. + +This command should be a program or script which +takes a printer name as its only parameter and outputs printer +status information. + +Currently eight styles of printer status information +are supported; BSD, AIX, LPRNG, PLP, SYSV, HPUX, QNX and SOFTQ. +This covers most UNIX systems. You control which type is expected +using the \fIprinting =\fR option. + +Some clients (notably Windows for Workgroups) may not +correctly send the connection number for the printer they are +requesting status information about. To get around this, the +server reports on the first printer service connected to by the +client. This only happens if the connection number sent is invalid. + +If a \fI%p\fR is given then the printer name +is put in its place. Otherwise it is placed at the end of the +command. -If this is true then it is set for files whos user write bit is not set. +Note that it is good practice to include the absolute path +in the \fIlpq command\fR as the \fB$PATH +\fRmay not be available to the server. + +See also the \fIprinting +\fRparameter. + +Default: \fBdepends on the setting of \fI printing\fB\fR + +Example: \fBlpq command = /usr/bin/lpq -P%p\fR +.TP +\fBlpresume command (S)\fR +This parameter specifies the command to be +executed on the server host in order to restart or continue +printing or spooling a specific print job. + +This command should be a program or script which takes +a printer name and job number to resume the print job. See +also the \fIlppause command +\fRparameter. + +If a \fI%p\fR is given then the printer name +is put in its place. A \fI%j\fR is replaced with +the job number (an integer). + +Note that it is good practice to include the absolute path +in the \fIlpresume command\fR as the PATH may not +be available to the server. + +See also the \fIprinting +\fRparameter. + +Default: Currently no default value is given +to this string, unless the value of the \fIprinting\fR +parameter is SYSV, in which case the default is : + +\fBlp -i %p-%j -H resume\fR + +or if the value of the \fIprinting\fR parameter +is SOFTQ, then the default is: + +\fBqstat -s -j%j -r\fR + +Example for HPUX: \fBlpresume command = /usr/bin/lpalt +%p-%j -p2\fR +.TP +\fBlprm command (S)\fR +This parameter specifies the command to be +executed on the server host in order to delete a print job. + +This command should be a program or script which takes +a printer name and job number, and deletes the print job. + +If a \fI%p\fR is given then the printer name +is put in its place. A \fI%j\fR is replaced with +the job number (an integer). + +Note that it is good practice to include the absolute +path in the \fIlprm command\fR as the PATH may not be +available to the server. + +See also the \fIprinting +\fRparameter. + +Default: \fBdepends on the setting of \fIprinting +\fB\fR +Example 1: \fBlprm command = /usr/bin/lprm -P%p %j +\fR +Example 2: \fBlprm command = /usr/bin/cancel %p-%j +\fR.TP +\fBmachine password timeout (G)\fR +If a Samba server is a member of a Windows +NT Domain (see the security = domain) +parameter) then periodically a running smbd(8)process will try and change the MACHINE ACCOUNT +PASSWORD stored in the TDB called \fIprivate/secrets.tdb +\fR\&. This parameter specifies how often this password +will be changed, in seconds. The default is one week (expressed in +seconds), the same as a Windows NT Domain member server. + +See also \fBsmbpasswd(8) +\fR, and the security = domain) parameter. + +Default: \fBmachine password timeout = 604800\fR +.TP +\fBmagic output (S)\fR +This parameter specifies the name of a file +which will contain output created by a magic script (see the +\fImagic script\fR +parameter below). + +Warning: If two clients use the same \fImagic script +\fRin the same directory the output file content +is undefined. + +Default: \fBmagic output = .out +\fR +Example: \fBmagic output = myfile.txt\fR +.TP +\fBmagic script (S)\fR +This parameter specifies the name of a file which, +if opened, will be executed by the server when the file is closed. +This allows a UNIX script to be sent to the Samba host and +executed on behalf of the connected user. + +Scripts executed in this way will be deleted upon +completion assuming that the user has the appropriate level +of privilege and the file permissions allow the deletion. + +If the script generates output, output will be sent to +the file specified by the \fI magic output\fR parameter (see above). + +Note that some shells are unable to interpret scripts +containing CR/LF instead of CR as +the end-of-line marker. Magic scripts must be executable +\fBas is\fR on the host, which for some hosts and +some shells will require filtering at the DOS end. + +Magic scripts are \fBEXPERIMENTAL\fR and +should \fBNOT\fR be relied upon. + +Default: \fBNone. Magic scripts disabled.\fR + +Example: \fBmagic script = user.csh\fR +.TP +\fBmangle case (S)\fR +See the section on NAME MANGLING + +Default: \fBmangle case = no\fR +.TP +\fBmangled map (S)\fR +This is for those who want to directly map UNIX +file names which cannot be represented on Windows/DOS. The mangling +of names is not always what is needed. In particular you may have +documents with file extensions that differ between DOS and UNIX. +For example, under UNIX it is common to use \fI.html\fR +for HTML files, whereas under Windows/DOS \fI.htm\fR +is more commonly used. + +So to map \fIhtml\fR to \fIhtm\fR +you would use: + +\fBmangled map = (*.html *.htm)\fR + +One very useful case is to remove the annoying \fI;1 +\fRoff the ends of filenames on some CDROMs (only visible +under some UNIXes). To do this use a map of (*;1 *;). + +Default: \fBno mangled map\fR + +Example: \fBmangled map = (*;1 *;)\fR +.TP +\fBmangled names (S)\fR +This controls whether non-DOS names under UNIX +should be mapped to DOS-compatible names ("mangled") and made visible, +or whether non-DOS names should simply be ignored. + +See the section on NAME MANGLING for details on how to control the mangling process. -The latter behaviour of useful for when users copy files from each -others directories, and use a file manager that preserves -permissions. Without this option they may get annoyed as all copied -files will have the "read only" bit set. +If mangling is used then the mangling algorithm is as follows: +.RS +.TP 0.2i +\(bu +The first (up to) five alphanumeric characters +before the rightmost dot of the filename are preserved, forced +to upper case, and appear as the first (up to) five characters +of the mangled name. +.TP 0.2i +\(bu +A tilde "~" is appended to the first part of the mangled +name, followed by a two-character unique sequence, based on the +original root name (i.e., the original filename minus its final +extension). The final extension is included in the hash calculation +only if it contains any upper case characters or is longer than three +characters. -.B Default: - alternate permissions = no +Note that the character to use may be specified using +the \fImangling char\fR +option, if you don't like '~'. +.TP 0.2i +\(bu +The first three alphanumeric characters of the final +extension are preserved, forced to upper case and appear as the +extension of the mangled name. The final extension is defined as that +part of the original filename after the rightmost dot. If there are no +dots in the filename, the mangled name will have no extension (except +in the case of "hidden files" - see below). +.TP 0.2i +\(bu +Files whose UNIX name begins with a dot will be +presented as DOS hidden files. The mangled name will be created as +for other filenames, but with the leading dot removed and "___" as +its extension regardless of actual original extension (that's three +underscores). +.RE +.PP +The two-digit hash value consists of upper case +alphanumeric characters. +.PP +.PP +This algorithm can cause name collisions only if files +in a directory share the same first five alphanumeric characters. +The probability of such a clash is 1/1300. +.PP +.PP +The name mangling (if enabled) allows a file to be +copied between UNIX directories from Windows/DOS while retaining +the long UNIX filename. UNIX files can be renamed to a new extension +from Windows/DOS and will retain the same basename. Mangled names +do not change between sessions. +.PP +.PP +Default: \fBmangled names = yes\fR +.PP +.TP +\fBmangled stack (G)\fR +This parameter controls the number of mangled names +that should be cached in the Samba server smbd(8). + +This stack is a list of recently mangled base names +(extensions are only maintained if they are longer than 3 characters +or contains upper case characters). + +The larger this value, the more likely it is that mangled +names can be successfully converted to correct long UNIX names. +However, large stack sizes will slow most directory accesses. Smaller +stacks save memory in the server (each stack element costs 256 bytes). + +It is not possible to absolutely guarantee correct long +filenames, so be prepared for some surprises! + +Default: \fBmangled stack = 50\fR + +Example: \fBmangled stack = 100\fR +.TP +\fBmangling char (S)\fR +This controls what character is used as +the \fBmagic\fR character in name mangling. The default is a '~' +but this may interfere with some software. Use this option to set +it to whatever you prefer. + +Default: \fBmangling char = ~\fR + +Example: \fBmangling char = ^\fR +.TP +\fBmap archive (S)\fR +This controls whether the DOS archive attribute +should be mapped to the UNIX owner execute bit. The DOS archive bit +is set when a file has been modified since its last backup. One +motivation for this option it to keep Samba/your PC from making +any file it touches from becoming executable under UNIX. This can +be quite annoying for shared source code, documents, etc... + +Note that this requires the \fIcreate mask\fR +parameter to be set such that owner execute bit is not masked out +(i.e. it must include 100). See the parameter \fIcreate mask\fR for details. + +Default: \fBmap archive = yes\fR +.TP +\fBmap hidden (S)\fR +This controls whether DOS style hidden files +should be mapped to the UNIX world execute bit. + +Note that this requires the \fIcreate mask\fR +to be set such that the world execute bit is not masked out (i.e. +it must include 001). See the parameter \fIcreate mask\fR for details. + +Default: \fBmap hidden = no\fR +.TP +\fBmap system (S)\fR +This controls whether DOS style system files +should be mapped to the UNIX group execute bit. + +Note that this requires the \fIcreate mask\fR +to be set such that the group execute bit is not masked out (i.e. +it must include 010). See the parameter \fIcreate mask\fR for details. + +Default: \fBmap system = no\fR +.TP +\fBmap to guest (G)\fR +This parameter is only useful in security modes other than \fIsecurity = share\fR +- i.e. user, server, +and domain. + +This parameter can take three different values, which tell +smbd(8)what to do with user +login requests that don't match a valid UNIX user in some way. + +The three settings are : +.RS +.TP 0.2i +\(bu +Never - Means user login +requests with an invalid password are rejected. This is the +default. +.TP 0.2i +\(bu +Bad User - Means user +logins with an invalid password are rejected, unless the username +does not exist, in which case it is treated as a guest login and +mapped into the \fI guest account\fR. +.TP 0.2i +\(bu +Bad Password - Means user logins +with an invalid password are treated as a guest login and mapped +into the guest account. Note that +this can cause problems as it means that any user incorrectly typing +their password will be silently logged on as "guest" - and +will not know the reason they cannot access files they think +they should - there will have been no message given to them +that they got their password wrong. Helpdesk services will +\fBhate\fR you if you set the \fImap to +guest\fR parameter this way :-). +.RE +.PP +Note that this parameter is needed to set up "Guest" +share services when using \fIsecurity\fR modes other than +share. This is because in these modes the name of the resource being +requested is \fBnot\fR sent to the server until after +the server has successfully authenticated the client so the server +cannot make authentication decisions at the correct time (connection +to the share) for "Guest" shares. +.PP +.PP +For people familiar with the older Samba releases, this +parameter maps to the old compile-time setting of the GUEST_SESSSETUP value in local.h. +.PP +.PP +Default: \fBmap to guest = Never\fR +.PP +.PP +Example: \fBmap to guest = Bad User\fR +.PP +.TP +\fBmax connections (S)\fR +This option allows the number of simultaneous +connections to a service to be limited. If \fImax connections +\fRis greater than 0 then connections will be refused if +this number of connections to the service are already open. A value +of zero mean an unlimited number of connections may be made. + +Record lock files are used to implement this feature. The +lock files will be stored in the directory specified by the \fIlock directory\fR +option. + +Default: \fBmax connections = 0\fR + +Example: \fBmax connections = 10\fR +.TP +\fBmax disk size (G)\fR +This option allows you to put an upper limit +on the apparent size of disks. If you set this option to 100 +then all shares will appear to be not larger than 100 MB in +size. + +Note that this option does not limit the amount of +data you can put on the disk. In the above case you could still +store much more than 100 MB on the disk, but if a client ever asks +for the amount of free disk space or the total disk size then the +result will be bounded by the amount specified in \fImax +disk size\fR. + +This option is primarily useful to work around bugs +in some pieces of software that can't handle very large disks, +particularly disks over 1GB in size. + +A \fImax disk size\fR of 0 means no limit. + +Default: \fBmax disk size = 0\fR + +Example: \fBmax disk size = 1000\fR +.TP +\fBmax log size (G)\fR +This option (an integer in kilobytes) specifies +the max size the log file should grow to. Samba periodically checks +the size and if it is exceeded it will rename the file, adding +a \fI.old\fR extension. -.B Example: - alternate permissions = yes +A size of 0 means no limit. -.SS available (S) -This parameter lets you 'turn off' a service. If 'available = no', then -ALL attempts to connect to the service will fail. Such failures are logged. +Default: \fBmax log size = 5000\fR + +Example: \fBmax log size = 1000\fR +.TP +\fBmax mux (G)\fR +This option controls the maximum number of +outstanding simultaneous SMB operations that Samba tells the client +it will allow. You should never need to set this parameter. + +Default: \fBmax mux = 50\fR +.TP +\fBmax open files (G)\fR +This parameter limits the maximum number of +open files that one smbd(8)file +serving process may have open for a client at any one time. The +default for this parameter is set very high (10,000) as Samba uses +only one bit per unopened file. + +The limit of the number of open files is usually set +by the UNIX per-process file descriptor limit rather than +this parameter so you should never need to touch this parameter. + +Default: \fBmax open files = 10000\fR +.TP +\fBmax print jobs (S)\fR +This parameter limits the maximum number of +jobs allowable in a Samba printer queue at any given moment. +If this number is exceeded, \fB smbd(8)\fRwill remote "Out of Space" to the client. +See all \fItotal +print jobs\fR. + +Default: \fBmax print jobs = 1000\fR + +Example: \fBmax print jobs = 5000\fR +.TP +\fBmax protocol (G)\fR +The value of the parameter (a string) is the highest +protocol level that will be supported by the server. + +Possible values are : +.RS +.TP 0.2i +\(bu +CORE: Earliest version. No +concept of user names. +.TP 0.2i +\(bu +COREPLUS: Slight improvements on +CORE for efficiency. +.TP 0.2i +\(bu +LANMAN1: First \fB modern\fR version of the protocol. Long filename +support. +.TP 0.2i +\(bu +LANMAN2: Updates to Lanman1 protocol. +.TP 0.2i +\(bu +NT1: Current up to date version of +the protocol. Used by Windows NT. Known as CIFS. +.RE +.PP +Normally this option should not be set as the automatic +negotiation phase in the SMB protocol takes care of choosing +the appropriate protocol. +.PP +.PP +See also \fImin +protocol\fR +.PP +.PP +Default: \fBmax protocol = NT1\fR +.PP +.PP +Example: \fBmax protocol = LANMAN1\fR +.PP +.TP +\fBmax smbd processes (G)\fR +This parameter limits the maximum number of +\fBsmbd(8)\fR +processes concurrently running on a system and is intended +as a stopgap to prevent degrading service to clients in the event +that the server has insufficient resources to handle more than this +number of connections. Remember that under normal operating +conditions, each user will have an smbdassociated with him or her +to handle connections to all shares from a given host. + +Default: \fBmax smbd processes = 0\fR ## no limit + +Example: \fBmax smbd processes = 1000\fR +.TP +\fBmax ttl (G)\fR +This option tells nmbd(8) +what the default 'time to live' of NetBIOS names should be (in seconds) +when \fBnmbd\fR is requesting a name using either a +broadcast packet or from a WINS server. You should never need to +change this parameter. The default is 3 days. + +Default: \fBmax ttl = 259200\fR +.TP +\fBmax wins ttl (G)\fR +This option tells nmbd(8) +when acting as a WINS server ( \fIwins support = yes\fR) what the maximum +\&'time to live' of NetBIOS names that \fBnmbd\fR +will grant will be (in seconds). You should never need to change this +parameter. The default is 6 days (518400 seconds). + +See also the \fImin +wins ttl\fR parameter. + +Default: \fBmax wins ttl = 518400\fR +.TP +\fBmax xmit (G)\fR +This option controls the maximum packet size +that will be negotiated by Samba. The default is 65535, which +is the maximum. In some cases you may find you get better performance +with a smaller value. A value below 2048 is likely to cause problems. + +Default: \fBmax xmit = 65535\fR + +Example: \fBmax xmit = 8192\fR +.TP +\fBmessage command (G)\fR +This specifies what command to run when the +server receives a WinPopup style message. + +This would normally be a command that would +deliver the message somehow. How this is to be done is +up to your imagination. + +An example is: + +\fBmessage command = csh -c 'xedit %s;rm %s' &\fR + +This delivers the message using \fBxedit\fR, then +removes it afterwards. \fBNOTE THAT IT IS VERY IMPORTANT +THAT THIS COMMAND RETURN IMMEDIATELY\fR. That's why I +have the '&' on the end. If it doesn't return immediately then +your PCs may freeze when sending messages (they should recover +after 30 seconds, hopefully). + +All messages are delivered as the global guest user. +The command takes the standard substitutions, although \fI %u\fR won't work (\fI%U\fR may be better +in this case). -.B Default: - available = yes +Apart from the standard substitutions, some additional +ones apply. In particular: +.RS +.TP 0.2i +\(bu +\fI%s\fR = the filename containing +the message. +.TP 0.2i +\(bu +\fI%t\fR = the destination that +the message was sent to (probably the server name). +.TP 0.2i +\(bu +\fI%f\fR = who the message +is from. +.RE +.PP +You could make this command send mail, or whatever else +takes your fancy. Please let us know of any really interesting +ideas you have. +.PP +.PP +Here's a way of sending the messages as mail to root: +.PP +.PP +\fBmessage command = /bin/mail -s 'message from %f on +%m' root < %s; rm %s\fR +.PP +.PP +If you don't have a message command then the message +won't be delivered and Samba will tell the sender there was +an error. Unfortunately WfWg totally ignores the error code +and carries on regardless, saying that the message was delivered. +.PP +.PP +If you want to silently delete it then try: +.PP +.PP +\fBmessage command = rm %s\fR +.PP +.PP +Default: \fBno message command\fR +.PP +.PP +Example: \fBmessage command = csh -c 'xedit %s; +rm %s' &\fR +.PP +.TP +\fBmin passwd length (G)\fR +Synonym for \fImin password length\fR. +.TP +\fBmin password length (G)\fR +This option sets the minimum length in characters +of a plaintext password that \fBsmbd\fR will accept when performing +UNIX password changing. + +See also \fIunix +password sync\fR, \fIpasswd program\fR and \fIpasswd chat debug\fR +\&. + +Default: \fBmin password length = 5\fR +.TP +\fBmin print space (S)\fR +This sets the minimum amount of free disk +space that must be available before a user will be able to spool +a print job. It is specified in kilobytes. The default is 0, which +means a user can always spool a print job. + +See also the \fIprinting +\fRparameter. + +Default: \fBmin print space = 0\fR + +Example: \fBmin print space = 2000\fR +.TP +\fBmin protocol (G)\fR +The value of the parameter (a string) is the +lowest SMB protocol dialect than Samba will support. Please refer +to the \fImax protocol\fR +parameter for a list of valid protocol names and a brief description +of each. You may also wish to refer to the C source code in +\fIsource/smbd/negprot.c\fR for a listing of known protocol +dialects supported by clients. + +If you are viewing this parameter as a security measure, you should +also refer to the \fIlanman +auth\fR parameter. Otherwise, you should never need +to change this parameter. + +Default : \fBmin protocol = CORE\fR + +Example : \fBmin protocol = NT1\fR # disable DOS +clients +.TP +\fBmin wins ttl (G)\fR +This option tells nmbd(8) +when acting as a WINS server (\fI wins support = yes\fR) what the minimum 'time to live' +of NetBIOS names that \fBnmbd\fR will grant will be (in +seconds). You should never need to change this parameter. The default +is 6 hours (21600 seconds). + +Default: \fBmin wins ttl = 21600\fR +.TP +\fBmsdfs root (S)\fR +This boolean parameter is only available if +Samba is configured and compiled with the \fB --with-msdfs\fR option. If set to yes, +Samba treats the share as a Dfs root and allows clients to browse +the distributed file system tree rooted at the share directory. +Dfs links are specified in the share directory by symbolic +links of the form \fImsdfs:serverA\\shareA,serverB\\shareB +\fRand so on. For more information on setting up a Dfs tree +on Samba, refer to msdfs_setup.html +. + +See also \fIhost msdfs +\fR +Default: \fBmsdfs root = no\fR +.TP +\fBname resolve order (G)\fR +This option is used by the programs in the Samba +suite to determine what naming services to use and in what order +to resolve host names to IP addresses. The option takes a space +separated string of name resolution options. + +The options are :"lmhosts", "host", "wins" and "bcast". They +cause names to be resolved as follows : +.RS +.TP 0.2i +\(bu +lmhosts : Lookup an IP +address in the Samba lmhosts file. If the line in lmhosts has +no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +any name type matches for lookup. +.TP 0.2i +\(bu +host : Do a standard host +name to IP address resolution, using the system \fI/etc/hosts +\fR, NIS, or DNS lookups. This method of name resolution +is operating system depended for instance on IRIX or Solaris this +may be controlled by the \fI/etc/nsswitch.conf\fR +file. Note that this method is only used if the NetBIOS name +type being queried is the 0x20 (server) name type, otherwise +it is ignored. +.TP 0.2i +\(bu +wins : Query a name with +the IP address listed in the \fI wins server\fR parameter. If no WINS server has +been specified this method will be ignored. +.TP 0.2i +\(bu +bcast : Do a broadcast on +each of the known local interfaces listed in the \fIinterfaces\fR +parameter. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally +connected subnet. +.RE +.PP +Default: \fBname resolve order = lmhosts host wins bcast +\fR.PP +.PP +Example: \fBname resolve order = lmhosts bcast host +\fR.PP +.PP +This will cause the local lmhosts file to be examined +first, followed by a broadcast attempt, followed by a normal +system hostname lookup. +.PP +.TP +\fBnetbios aliases (G)\fR +This is a list of NetBIOS names that nmbd(8)will advertise as additional +names by which the Samba server is known. This allows one machine +to appear in browse lists under multiple names. If a machine is +acting as a browse server or logon server none +of these names will be advertised as either browse server or logon +servers, only the primary name of the machine will be advertised +with these capabilities. + +See also \fInetbios +name\fR. + +Default: \fBempty string (no additional names)\fR + +Example: \fBnetbios aliases = TEST TEST1 TEST2\fR +.TP +\fBnetbios name (G)\fR +This sets the NetBIOS name by which a Samba +server is known. By default it is the same as the first component +of the host's DNS name. If a machine is a browse server or +logon server this name (or the first component +of the hosts DNS name) will be the name that these services are +advertised under. + +See also \fInetbios +aliases\fR. + +Default: \fBmachine DNS name\fR + +Example: \fBnetbios name = MYNAME\fR +.TP +\fBnetbios scope (G)\fR +This sets the NetBIOS scope that Samba will +operate under. This should not be set unless every machine +on your LAN also sets this value. +.TP +\fBnis homedir (G)\fR +Get the home share server from a NIS map. For +UNIX systems that use an automounter, the user's home directory +will often be mounted on a workstation on demand from a remote +server. + +When the Samba logon server is not the actual home directory +server, but is mounting the home directories via NFS then two +network hops would be required to access the users home directory +if the logon server told the client to use itself as the SMB server +for home directories (one over SMB and one over NFS). This can +be very slow. + +This option allows Samba to return the home share as +being on a different server to the logon server and as +long as a Samba daemon is running on the home directory server, +it will be mounted on the Samba client directly from the directory +server. When Samba is returning the home share to the client, it +will consult the NIS map specified in \fIhomedir map\fR and return the server +listed there. + +Note that for this option to work there must be a working +NIS system and the Samba server with this option must also +be a logon server. + +Default: \fBnis homedir = no\fR +.TP +\fBnon unix account range (G)\fR +The non unix account range parameter specifies +the range of 'user ids' that are allocated by the various 'non unix +account' passdb backends. These backends allow +the storage of passwords for users who don't exist in /etc/passwd. +This is most often used for machine account creation. +This range of ids should have no existing local or NIS users within +it as strange conflicts can occur otherwise. + +NOTE: These userids never appear on the system and Samba will never +\&'become' these users. They are used only to ensure that the algorithmic +RID mapping does not conflict with normal users. + +Default: \fBnon unix account range = +\fR +Example: \fBnon unix account range = 10000-20000\fR +.TP +\fBnt acl support (S)\fR +This boolean parameter controls whether +smbd(8)will attempt to map +UNIX permissions into Windows NT access control lists. +This parameter was formally a global parameter in releases +prior to 2.2.2. + +Default: \fBnt acl support = yes\fR +.TP +\fBnt pipe support (G)\fR +This boolean parameter controls whether +smbd(8)will allow Windows NT +clients to connect to the NT SMB specific IPC$ +pipes. This is a developer debugging option and can be left +alone. + +Default: \fBnt pipe support = yes\fR +.TP +\fBnull passwords (G)\fR +Allow or disallow client access to accounts +that have null passwords. + +See also smbpasswd (5). + +Default: \fBnull passwords = no\fR +.TP +\fBobey pam restrictions (G)\fR +When Samba 2.2 is configured to enable PAM support +(i.e. --with-pam), this parameter will control whether or not Samba +should obey PAM's account and session management directives. The +default behavior is to use PAM for clear text authentication only +and to ignore any account or session management. Note that Samba +always ignores PAM for authentication in the case of \fIencrypt passwords = yes\fR +\&. The reason is that PAM modules cannot support the challenge/response +authentication mechanism needed in the presence of SMB password encryption. + +Default: \fBobey pam restrictions = no\fR +.TP +\fBonly user (S)\fR +This is a boolean option that controls whether +connections with usernames not in the \fIuser\fR +list will be allowed. By default this option is disabled so that a +client can supply a username to be used by the server. Enabling +this parameter will force the server to only user the login +names from the \fIuser\fR list and is only really +useful in shave level +security. + +Note that this also means Samba won't try to deduce +usernames from the service name. This can be annoying for +the [homes] section. To get around this you could use \fBuser = +%S\fR which means your \fIuser\fR list +will be just the service name, which for home directories is the +name of the user. + +See also the \fIuser\fR +parameter. + +Default: \fBonly user = no\fR +.TP +\fBonly guest (S)\fR +A synonym for \fI guest only\fR. +.TP +\fBoplock break wait time (G)\fR +This is a tuning parameter added due to bugs in +both Windows 9x and WinNT. If Samba responds to a client too +quickly when that client issues an SMB that can cause an oplock +break request, then the network client can fail and not respond +to the break request. This tuning parameter (which is set in milliseconds) +is the amount of time Samba will wait before sending an oplock break +request to such (broken) clients. + +\fBDO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ +AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR. + +Default: \fBoplock break wait time = 0\fR +.TP +\fBoplock contention limit (S)\fR +This is a \fBvery\fR advanced +smbd(8)tuning option to +improve the efficiency of the granting of oplocks under multiple +client contention for the same file. + +In brief it specifies a number, which causes smbdnot to +grant an oplock even when requested if the approximate number of +clients contending for an oplock on the same file goes over this +limit. This causes \fBsmbd\fR to behave in a similar +way to Windows NT. + +\fBDO NOT CHANGE THIS PARAMETER UNLESS YOU HAVE READ +AND UNDERSTOOD THE SAMBA OPLOCK CODE\fR. + +Default: \fBoplock contention limit = 2\fR +.TP +\fBoplocks (S)\fR +This boolean option tells \fBsmbd\fR whether to +issue oplocks (opportunistic locks) to file open requests on this +share. The oplock code can dramatically (approx. 30% or more) improve +the speed of access to files on Samba servers. It allows the clients +to aggressively cache files locally and you may want to disable this +option for unreliable network environments (it is turned on by +default in Windows NT Servers). For more information see the file +\fISpeed.txt\fR in the Samba \fIdocs/\fR +directory. + +Oplocks may be selectively turned off on certain files with a +share. See the \fI veto oplock files\fR parameter. On some systems +oplocks are recognized by the underlying operating system. This +allows data synchronization between all access to oplocked files, +whether it be via Samba or NFS or a local UNIX process. See the +\fIkernel oplocks\fR parameter for details. + +See also the \fIkernel +oplocks\fR and \fI level2 oplocks\fR parameters. + +Default: \fBoplocks = yes\fR +.TP +\fBos level (G)\fR +This integer value controls what level Samba +advertises itself as for browse elections. The value of this +parameter determines whether nmbd(8) +has a chance of becoming a local master browser for the \fI WORKGROUP\fR in the local broadcast area. + +\fBNote :\fRBy default, Samba will win +a local master browsing election over all Microsoft operating +systems except a Windows NT 4.0/2000 Domain Controller. This +means that a misconfigured Samba host can effectively isolate +a subnet for browsing purposes. See \fIBROWSING.txt +\fRin the Samba \fIdocs/\fR directory +for details. + +Default: \fBos level = 20\fR + +Example: \fBos level = 65 \fR +.TP +\fBos2 driver map (G)\fR +The parameter is used to define the absolute +path to a file containing a mapping of Windows NT printer driver +names to OS/2 printer driver names. The format is: + + = . + +For example, a valid entry using the HP LaserJet 5 +printer driver would appear as \fBHP LaserJet 5L = LASERJET.HP +LaserJet 5L\fR. + +The need for the file is due to the printer driver namespace +problem described in the Samba +Printing HOWTO. For more details on OS/2 clients, please +refer to the OS2-Client-HOWTO +containing in the Samba documentation. + +Default: \fBos2 driver map = +\fR.TP +\fBpam password change (G)\fR +With the addition of better PAM support in Samba 2.2, +this parameter, it is possible to use PAM's password change control +flag for Samba. If enabled, then PAM will be used for password +changes when requested by an SMB client instead of the program listed in +\fIpasswd program\fR. +It should be possible to enable this without changing your +\fIpasswd chat\fR +parameter for most setups. + +Default: \fBpam password change = no\fR +.TP +\fBpanic action (G)\fR +This is a Samba developer option that allows a +system command to be called when either smbd(8) +crashes. This is usually used to draw attention to the fact that +a problem occurred. + +Default: \fBpanic action = \fR + +Example: \fBpanic action = "/bin/sleep 90000"\fR +.TP +\fBpassdb backend (G)\fR +This option allows the administrator to chose what +backend in which to store passwords. This allows (for example) both +smbpasswd and tdbsam to be used without a recompile. Only one can +be used at a time however, and experimental backends must still be selected +(eg --with-tdbsam) at configure time. + +This paramater is in two parts, the backend's name, and a 'location' +string that has meaning only to that particular backed. These are separated +by a : character. + +Available backends can include: +.RS +.TP 0.2i +\(bu +\fBsmbpasswd\fR - The default smbpasswd +backend. Takes a path to the smbpasswd file as an optional argument. +.TP 0.2i +\(bu +\fBsmbpasswd_nua\fR - The smbpasswd +backend, but with support for 'not unix accounts'. +Takes a path to the smbpasswd file as an optional argument. + +See also \fInon unix account range\fR +.TP 0.2i +\(bu +\fBtdbsam\fR - The TDB based password storage +backend. Takes a path to the TDB as an optional argument (defaults to passdb.tdb +in the \fIprivate dir\fR directory. +.TP 0.2i +\(bu +\fBtdbsam_nua\fR - The TDB based password storage +backend, with non unix account support. Takes a path to the TDB as an optional argument (defaults to passdb.tdb +in the \fIprivate dir\fR directory. + +See also \fInon unix account range\fR +.TP 0.2i +\(bu +\fBldapsam\fR - The LDAP based passdb +backend. Takes an LDAP URL as an optional argument (defaults to +\fBldap://localhost\fR) +.TP 0.2i +\(bu +\fBldapsam_nua\fR - The LDAP based passdb +backend, with non unix account support. Takes an LDAP URL as an optional argument (defaults to +\fBldap://localhost\fR) + +See also \fInon unix account range\fR +.TP 0.2i +\(bu +\fBplugin\fR - Allows Samba to load an +arbitary passdb backend from the .so specified as a compulsary argument. + +Any characters after the (optional) second : are passed to the plugin +for its own processing +.RE +.PP + +Default: \fBpassdb backend = smbpasswd\fR + +Example: \fBpassdb backend = tdbsam:/etc/samba/private/passdb.tdb\fR + +Example: \fBpassdb backend = ldapsam_nua:ldaps://ldap.example.com\fR + +Example: \fBpassdb backend = plugin:/usr/local/samba/lib/my_passdb.so:my_plugin_args\fR +.TP +\fBpasswd chat (G)\fR +This string controls the \fB"chat"\fR +conversation that takes places between smbdand the local password changing +program to change the user's password. The string describes a +sequence of response-receive pairs that smbd(8)uses to determine what to send to the +\fIpasswd program\fR +and what to expect back. If the expected output is not +received then the password is not changed. + +This chat sequence is often quite site specific, depending +on what local methods are used for password control (such as NIS +etc). + +Note that this parameter only is only used if the \fIunix +password sync\fR parameter is set to yes. This +sequence is then called \fBAS ROOT\fR when the SMB password +in the smbpasswd file is being changed, without access to the old +password cleartext. This means that root must be able to reset the user's password +without knowing the text of the previous password. In the presence of NIS/YP, +this means that the passwd program must be +executed on the NIS master. + +The string can contain the macro \fI%n\fR which is substituted +for the new password. The chat sequence can also contain the standard +macros \\n, \\r, \\t and \\s to give line-feed, +carriage-return, tab and space. The chat sequence string can also contain +a '*' which matches any sequence of characters. +Double quotes can be used to collect strings with spaces +in them into a single string. + +If the send string in any part of the chat sequence +is a full stop ".", then no string is sent. Similarly, +if the expect string is a full stop then no string is expected. + +If the \fIpam +password change\fR parameter is set to true, the chat pairs +may be matched in any order, and success is determined by the PAM result, +not any particular output. The \\n macro is ignored for PAM conversions. + +See also \fIunix password +sync\fR, \fI passwd program\fR , \fIpasswd chat debug\fR and \fIpam password change\fR. + +Default: \fBpasswd chat = *new*password* %n\\n +*new*password* %n\\n *changed*\fR + +Example: \fBpasswd chat = "*Enter OLD password*" %o\\n +"*Enter NEW password*" %n\\n "*Reenter NEW password*" %n\\n "*Password +changed*"\fR +.TP +\fBpasswd chat debug (G)\fR +This boolean specifies if the passwd chat script +parameter is run in \fBdebug\fR mode. In this mode the +strings passed to and received from the passwd chat are printed +in the smbd(8)log with a +\fIdebug level\fR +of 100. This is a dangerous option as it will allow plaintext passwords +to be seen in the \fBsmbd\fR log. It is available to help +Samba admins debug their \fIpasswd chat\fR scripts +when calling the \fIpasswd program\fR and should +be turned off after this has been done. This option has no effect if the +\fIpam password change\fR +paramter is set. This parameter is off by default. + +See also \fIpasswd chat\fR +, \fIpam password change\fR +, \fIpasswd program\fR +\&. + +Default: \fBpasswd chat debug = no\fR +.TP +\fBpasswd program (G)\fR +The name of a program that can be used to set +UNIX user passwords. Any occurrences of \fI%u\fR +will be replaced with the user name. The user name is checked for +existence before calling the password changing program. + +Also note that many passwd programs insist in \fBreasonable +\fRpasswords, such as a minimum length, or the inclusion +of mixed case chars and digits. This can pose a problem as some clients +(such as Windows for Workgroups) uppercase the password before sending +it. + +\fBNote\fR that if the \fIunix +password sync\fR parameter is set to true +then this program is called \fBAS ROOT\fR +before the SMB password in the smbpasswd(5) +file is changed. If this UNIX password change fails, then +\fBsmbd\fR will fail to change the SMB password also +(this is by design). + +If the \fIunix password sync\fR parameter +is set this parameter \fBMUST USE ABSOLUTE PATHS\fR +for \fBALL\fR programs called, and must be examined +for security implications. Note that by default \fIunix +password sync\fR is set to false. + +See also \fIunix +password sync\fR. + +Default: \fBpasswd program = /bin/passwd\fR + +Example: \fBpasswd program = /sbin/npasswd %u\fR +.TP +\fBpassword level (G)\fR +Some client/server combinations have difficulty +with mixed-case passwords. One offending client is Windows for +Workgroups, which for some reason forces passwords to upper +case when using the LANMAN1 protocol, but leaves them alone when +using COREPLUS! Another problem child is the Windows 95/98 +family of operating systems. These clients upper case clear +text passwords even when NT LM 0.12 selected by the protocol +negotiation request/response. + +This parameter defines the maximum number of characters +that may be upper case in passwords. + +For example, say the password given was "FRED". If \fI password level\fR is set to 1, the following combinations +would be tried if "FRED" failed: + +"Fred", "fred", "fRed", "frEd","freD" + +If \fIpassword level\fR was set to 2, +the following combinations would also be tried: + +"FRed", "FrEd", "FreD", "fREd", "fReD", "frED", .. + +And so on. + +The higher value this parameter is set to the more likely +it is that a mixed case password will be matched against a single +case password. However, you should be aware that use of this +parameter reduces security and increases the time taken to +process a new connection. + +A value of zero will cause only two attempts to be +made - the password as is and the password in all-lower case. + +Default: \fBpassword level = 0\fR + +Example: \fBpassword level = 4\fR +.TP +\fBpassword server (G)\fR +By specifying the name of another SMB server (such +as a WinNT box) with this option, and using \fBsecurity = domain +\fRor \fBsecurity = server\fR you can get Samba +to do all its username/password validation via a remote server. + +This option sets the name of the password server to use. +It must be a NetBIOS name, so if the machine's NetBIOS name is +different from its Internet name then you may have to add its NetBIOS +name to the lmhosts file which is stored in the same directory +as the \fIsmb.conf\fR file. + +The name of the password server is looked up using the +parameter \fIname +resolve order\fR and so may resolved +by any method and order described in that parameter. + +The password server much be a machine capable of using +the "LM1.2X002" or the "NT LM 0.12" protocol, and it must be in +user level security mode. + +\fBNOTE:\fR Using a password server +means your UNIX box (running Samba) is only as secure as your +password server. \fBDO NOT CHOOSE A PASSWORD SERVER THAT +YOU DON'T COMPLETELY TRUST\fR. + +Never point a Samba server at itself for password +serving. This will cause a loop and could lock up your Samba +server! + +The name of the password server takes the standard +substitutions, but probably the only useful one is \fI%m +\fR, which means the Samba server will use the incoming +client as the password server. If you use this then you better +trust your clients, and you had better restrict them with hosts allow! + +If the \fIsecurity\fR parameter is set to +domain, then the list of machines in this +option must be a list of Primary or Backup Domain controllers for the +Domain or the character '*', as the Samba server is effectively +in that domain, and will use cryptographically authenticated RPC calls +to authenticate the user logging on. The advantage of using \fB security = domain\fR is that if you list several hosts in the +\fIpassword server\fR option then \fBsmbd +\fRwill try each in turn till it finds one that responds. This +is useful in case your primary server goes down. + +If the \fIpassword server\fR option is set +to the character '*', then Samba will attempt to auto-locate the +Primary or Backup Domain controllers to authenticate against by +doing a query for the name WORKGROUP<1C> +and then contacting each server returned in the list of IP +addresses from the name resolution source. + +If the \fIsecurity\fR parameter is +set to server, then there are different +restrictions that \fBsecurity = domain\fR doesn't +suffer from: +.RS +.TP 0.2i +\(bu +You may list several password servers in +the \fIpassword server\fR parameter, however if an +\fBsmbd\fR makes a connection to a password server, +and then the password server fails, no more users will be able +to be authenticated from this \fBsmbd\fR. This is a +restriction of the SMB/CIFS protocol when in \fBsecurity = server +\fRmode and cannot be fixed in Samba. +.TP 0.2i +\(bu +If you are using a Windows NT server as your +password server then you will have to ensure that your users +are able to login from the Samba server, as when in \fB security = server\fR mode the network logon will appear to +come from there rather than from the users workstation. +.RE +.PP +See also the \fIsecurity +\fRparameter. +.PP +.PP +Default: \fBpassword server = \fR +.PP +.PP +Example: \fBpassword server = NT-PDC, NT-BDC1, NT-BDC2 +\fR.PP +.PP +Example: \fBpassword server = *\fR +.PP +.TP +\fBpath (S)\fR +This parameter specifies a directory to which +the user of the service is to be given access. In the case of +printable services, this is where print data will spool prior to +being submitted to the host for printing. + +For a printable service offering guest access, the service +should be readonly and the path should be world-writeable and +have the sticky bit set. This is not mandatory of course, but +you probably won't get the results you expect if you do +otherwise. + +Any occurrences of \fI%u\fR in the path +will be replaced with the UNIX username that the client is using +on this connection. Any occurrences of \fI%m\fR +will be replaced by the NetBIOS name of the machine they are +connecting from. These replacements are very useful for setting +up pseudo home directories for users. + +Note that this path will be based on \fIroot dir\fR if one was specified. + +Default: \fBnone\fR + +Example: \fBpath = /home/fred\fR +.TP +\fBposix locking (S)\fR +The \fBsmbd(8)\fR +daemon maintains an database of file locks obtained by SMB clients. +The default behavior is to map this internal database to POSIX +locks. This means that file locks obtained by SMB clients are +consistent with those seen by POSIX compliant applications accessing +the files via a non-SMB method (e.g. NFS or local file access). +You should never need to disable this parameter. + +Default: \fBposix locking = yes\fR +.TP +\fBpostexec (S)\fR +This option specifies a command to be run +whenever the service is disconnected. It takes the usual +substitutions. The command may be run as the root on some +systems. + +An interesting example may be to unmount server +resources: + +\fBpostexec = /etc/umount /cdrom\fR + +See also \fIpreexec\fR +\&. + +Default: \fBnone (no command executed)\fR + +Example: \fBpostexec = echo \\"%u disconnected from %S +from %m (%I)\\" >> /tmp/log\fR +.TP +\fBpostscript (S)\fR +This parameter forces a printer to interpret +the print files as PostScript. This is done by adding a %! +to the start of print output. + +This is most useful when you have lots of PCs that persist +in putting a control-D at the start of print jobs, which then +confuses your printer. + +Default: \fBpostscript = no\fR +.TP +\fBpreexec (S)\fR +This option specifies a command to be run whenever +the service is connected to. It takes the usual substitutions. + +An interesting example is to send the users a welcome +message every time they log in. Maybe a message of the day? Here +is an example: + +\fBpreexec = csh -c 'echo \\"Welcome to %S!\\" | +/usr/local/samba/bin/smbclient -M %m -I %I' & \fR -.B Example: - available = no -.SS browseable (S) -This controls whether this share is seen in the list of available -shares in a net view and in the browse list. +Of course, this could get annoying after a while :-) -.B Default: - browseable = Yes +See also \fIpreexec close +\fRand \fIpostexec +\fR\&. + +Default: \fBnone (no command executed)\fR + +Example: \fBpreexec = echo \\"%u connected to %S from %m +(%I)\\" >> /tmp/log\fR +.TP +\fBpreexec close (S)\fR +This boolean option controls whether a non-zero +return code from \fIpreexec +\fRshould close the service being connected to. + +Default: \fBpreexec close = no\fR +.TP +\fBpreferred master (G)\fR +This boolean parameter controls if nmbd(8)is a preferred master browser +for its workgroup. + +If this is set to true, on startup, \fBnmbd\fR +will force an election, and it will have a slight advantage in +winning the election. It is recommended that this parameter is +used in conjunction with \fB\fI domain master\fB = yes\fR, so that \fB nmbd\fR can guarantee becoming a domain master. + +Use this option with caution, because if there are several +hosts (whether Samba servers, Windows 95 or NT) that are preferred +master browsers on the same subnet, they will each periodically +and continuously attempt to become the local master browser. +This will result in unnecessary broadcast traffic and reduced browsing +capabilities. + +See also \fIos level\fR +\&. + +Default: \fBpreferred master = auto\fR +.TP +\fBprefered master (G)\fR +Synonym for \fI preferred master\fR for people who cannot spell :-). +.TP +\fBpreload\fR +This is a list of services that you want to be +automatically added to the browse lists. This is most useful +for homes and printers services that would otherwise not be +visible. + +Note that if you just want all printers in your +printcap file loaded then the \fIload printers\fR option is easier. + +Default: \fBno preloaded services\fR + +Example: \fBpreload = fred lp colorlp\fR +.TP +\fBpreserve case (S)\fR +This controls if new filenames are created +with the case that the client passes, or if they are forced to +be the \fIdefault case +\fR\&. + +Default: \fBpreserve case = yes\fR + +See the section on NAME +MANGLING for a fuller discussion. +.TP +\fBprint command (S)\fR +After a print job has finished spooling to +a service, this command will be used via a \fBsystem()\fR +call to process the spool file. Typically the command specified will +submit the spool file to the host's printing subsystem, but there +is no requirement that this be the case. The server will not remove +the spool file, so whatever command you specify should remove the +spool file when it has been processed, otherwise you will need to +manually remove old spool files. + +The print command is simply a text string. It will be used +verbatim, with two exceptions: All occurrences of \fI%s +\fRand \fI%f\fR will be replaced by the +appropriate spool file name, and all occurrences of \fI%p +\fRwill be replaced by the appropriate printer name. The +spool file name is generated automatically by the server. The +\fI%J\fR macro can be used to access the job +name as transmitted by the client. + +The print command \fBMUST\fR contain at least +one occurrence of \fI%s\fR or \fI%f +\fR- the \fI%p\fR is optional. At the time +a job is submitted, if no printer name is supplied the \fI%p +\fRwill be silently removed from the printer command. + +If specified in the [global] section, the print command given +will be used for any printable service that does not have its own +print command specified. + +If there is neither a specified print command for a +printable service nor a global print command, spool files will +be created but not processed and (most importantly) not removed. + +Note that printing may fail on some UNIXes from the +nobody account. If this happens then create +an alternative guest account that can print and set the \fIguest account\fR +in the [global] section. + +You can form quite complex print commands by realizing +that they are just passed to a shell. For example the following +will log a print job, print the file, then remove it. Note that +\&';' is the usual separator for command in shell scripts. + +\fBprint command = echo Printing %s >> +/tmp/print.log; lpr -P %p %s; rm %s\fR + +You may have to vary this command considerably depending +on how you normally print files on your system. The default for +the parameter varies depending on the setting of the \fIprinting\fR parameter. + +Default: For \fBprinting = BSD, AIX, QNX, LPRNG +or PLP :\fR + +\fBprint command = lpr -r -P%p %s\fR + +For \fBprinting = SYSV or HPUX :\fR + +\fBprint command = lp -c -d%p %s; rm %s\fR + +For \fBprinting = SOFTQ :\fR + +\fBprint command = lp -d%p -s %s; rm %s\fR + +Example: \fBprint command = /usr/local/samba/bin/myprintscript +%p %s\fR +.TP +\fBprint ok (S)\fR +Synonym for \fIprintable\fR. +.TP +\fBprintable (S)\fR +If this parameter is yes, then +clients may open, write to and submit spool files on the directory +specified for the service. + +Note that a printable service will ALWAYS allow writing +to the service path (user privileges permitting) via the spooling +of print data. The \fIwriteable +\fRparameter controls only non-printing access to +the resource. + +Default: \fBprintable = no\fR +.TP +\fBprintcap (G)\fR +Synonym for \fI printcap name\fR. +.TP +\fBprintcap name (G)\fR +This parameter may be used to override the +compiled-in default printcap name used by the server (usually \fI /etc/printcap\fR). See the discussion of the [printers] section above for reasons +why you might want to do this. + +On System V systems that use \fBlpstat\fR to +list available printers you can use \fBprintcap name = lpstat +\fRto automatically obtain lists of available printers. This +is the default for systems that define SYSV at configure time in +Samba (this includes most System V based systems). If \fI printcap name\fR is set to \fBlpstat\fR on +these systems then Samba will launch \fBlpstat -v\fR and +attempt to parse the output to obtain a printer list. -.B Example: - browseable = No +A minimal printcap file would look something like this: -.SS case sig names (G) -See "case sensitive" +.sp +.nf + print1|My Printer 1 + print2|My Printer 2 + print3|My Printer 3 + print4|My Printer 4 + print5|My Printer 5 + +.sp +.fi + +where the '|' separates aliases of a printer. The fact +that the second alias has a space in it gives a hint to Samba +that it's a comment. + +\fBNOTE\fR: Under AIX the default printcap +name is \fI/etc/qconfig\fR. Samba will assume the +file is in AIX \fIqconfig\fR format if the string +\fIqconfig\fR appears in the printcap filename. + +Default: \fBprintcap name = /etc/printcap\fR + +Example: \fBprintcap name = /etc/myprintcap\fR +.TP +\fBprinter admin (S)\fR +This is a list of users that can do anything to +printers via the remote administration interfaces offered by MS-RPC +(usually using a NT workstation). Note that the root user always +has admin rights. + +Default: \fBprinter admin = \fR + +Example: \fBprinter admin = admin, @staff\fR +.TP +\fBprinter driver (S)\fR +\fBNote :\fRThis is a deprecated +parameter and will be removed in the next major release +following version 2.2. Please see the instructions in +the Samba 2.2. Printing +HOWTOfor more information +on the new method of loading printer drivers onto a Samba server. + +This option allows you to control the string +that clients receive when they ask the server for the printer driver +associated with a printer. If you are using Windows95 or Windows NT +then you can use this to automate the setup of printers on your +system. + +You need to set this parameter to the exact string (case +sensitive) that describes the appropriate printer driver for your +system. If you don't know the exact string to use then you should +first try with no \fI printer driver\fR option set and the client will +give you a list of printer drivers. The appropriate strings are +shown in a scroll box after you have chosen the printer manufacturer. + +See also \fIprinter +driver file\fR. + +Example: \fBprinter driver = HP LaserJet 4L\fR +.TP +\fBprinter driver file (G)\fR +\fBNote :\fRThis is a deprecated +parameter and will be removed in the next major release +following version 2.2. Please see the instructions in +the Samba 2.2. Printing +HOWTOfor more information +on the new method of loading printer drivers onto a Samba server. + +This parameter tells Samba where the printer driver +definition file, used when serving drivers to Windows 95 clients, is +to be found. If this is not set, the default is : + +\fISAMBA_INSTALL_DIRECTORY +/lib/printers.def\fR + +This file is created from Windows 95 \fImsprint.inf +\fRfiles found on the Windows 95 client system. For more +details on setting up serving of printer drivers to Windows 95 +clients, see the outdated documentation file in the \fIdocs/\fR +directory, \fIPRINTER_DRIVER.txt\fR. + +See also \fI printer driver location\fR. + +Default: \fBNone (set in compile).\fR + +Example: \fBprinter driver file = +/usr/local/samba/printers/drivers.def\fR +.TP +\fBprinter driver location (S)\fR +\fBNote :\fRThis is a deprecated +parameter and will be removed in the next major release +following version 2.2. Please see the instructions in +the Samba 2.2. Printing +HOWTOfor more information +on the new method of loading printer drivers onto a Samba server. + +This parameter tells clients of a particular printer +share where to find the printer driver files for the automatic +installation of drivers for Windows 95 machines. If Samba is set up +to serve printer drivers to Windows 95 machines, this should be set to + +\fB\\\\MACHINE\\PRINTER$\fR + +Where MACHINE is the NetBIOS name of your Samba server, +and PRINTER$ is a share you set up for serving printer driver +files. For more details on setting this up see the outdated documentation +file in the \fIdocs/\fR directory, \fI PRINTER_DRIVER.txt\fR. + +See also \fI printer driver file\fR. + +Default: \fBnone\fR + +Example: \fBprinter driver location = \\\\MACHINE\\PRINTER$ +\fR.TP +\fBprinter name (S)\fR +This parameter specifies the name of the printer +to which print jobs spooled through a printable service will be sent. + +If specified in the [global] section, the printer +name given will be used for any printable service that does +not have its own printer name specified. + +Default: \fBnone (but may be lp +on many systems)\fR + +Example: \fBprinter name = laserwriter\fR +.TP +\fBprinter (S)\fR +Synonym for \fI printer name\fR. +.TP +\fBprinting (S)\fR +This parameters controls how printer status +information is interpreted on your system. It also affects the +default values for the \fIprint command\fR, +\fIlpq command\fR, \fIlppause command +\fR, \fIlpresume command\fR, and +\fIlprm command\fR if specified in the +[global] section. + +Currently nine printing styles are supported. They are +BSD, AIX, +LPRNG, PLP, +SYSV, HPUX, +QNX, SOFTQ, +and CUPS. + +To see what the defaults are for the other print +commands when using the various options use the testparm(1)program. + +This option can be set on a per printer basis + +See also the discussion in the [printers] section. +.TP +\fBprivate dir (G)\fR +This parameters defines the directory +smbd will use for storing such files as \fIsmbpasswd\fR +and \fIsecrets.tdb\fR. + +Default :\fBprivate dir = ${prefix}/private\fR +.TP +\fBprotocol (G)\fR +Synonym for \fImax protocol\fR. +.TP +\fBpublic (S)\fR +Synonym for \fIguest +ok\fR. +.TP +\fBqueuepause command (S)\fR +This parameter specifies the command to be +executed on the server host in order to pause the printer queue. + +This command should be a program or script which takes +a printer name as its only parameter and stops the printer queue, +such that no longer jobs are submitted to the printer. + +This command is not supported by Windows for Workgroups, +but can be issued from the Printers window under Windows 95 +and NT. + +If a \fI%p\fR is given then the printer name +is put in its place. Otherwise it is placed at the end of the command. + +Note that it is good practice to include the absolute +path in the command as the PATH may not be available to the +server. -.SS comment (S) -This is a text field that is seen when a client does a net view to -list what shares are available. It will also be used when browsing is -fully supported. +Default: \fBdepends on the setting of \fIprinting +\fB\fR +Example: \fBqueuepause command = disable %p\fR +.TP +\fBqueueresume command (S)\fR +This parameter specifies the command to be +executed on the server host in order to resume the printer queue. It +is the command to undo the behavior that is caused by the +previous parameter (\fI queuepause command\fR). + +This command should be a program or script which takes +a printer name as its only parameter and resumes the printer queue, +such that queued jobs are resubmitted to the printer. + +This command is not supported by Windows for Workgroups, +but can be issued from the Printers window under Windows 95 +and NT. + +If a \fI%p\fR is given then the printer name +is put in its place. Otherwise it is placed at the end of the +command. -.B Default: - No comment string +Note that it is good practice to include the absolute +path in the command as the PATH may not be available to the +server. -.B Example: - comment = Fred's Files - -.SS config file (G) - -This allows you to override the config file to use, instead of the -default (usually smb.conf). There is a chicken and egg problem here as -this option is set in the config file! - -For this reason, if the name of the config file has changed when the -parameters are loaded then it will reload them from the new config -file. - -This option takes the usual substitutions, which can be very useful. - -If thew config file doesn't exist then it won't be loaded (allowing -you to special case the config files of just a few clients). - -.B Example: - config file = /usr/local/samba/smb.conf.%m - -.SS copy (S) -This parameter allows you to 'clone' service entries. The specified -service is simply duplicated under the current service's name. Any -parameters specified in the current section will override those in the -section being copied. - -This feature lets you set up a 'template' service and create similar -services easily. Note that the service being copied must occur earlier -in the configuration file than the service doing the copying. - -.B Default: - none - -.B Example: - copy = otherservice -.SS create mask (S) -A synonym for this parameter is 'create mode'. - -This parameter is the octal modes which are used when converting DOS modes -to Unix modes. - -Note that Samba will or this value with 0700 as you must have at least -user read, write and execute for Samba to work properly. - -.B Default: - create mask = 0755 - -.B Example: - create mask = 0775 -.SS create mode (S) -See -.B create mask. -.SS dead time (G) -The value of the parameter (a decimal integer) represents the number of -minutes of inactivity before a connection is considered dead, and it -is disconnected. The deadtime only takes effect if the number of open files -is zero. - -This is useful to stop a server's resources being exhausted by a large -number of inactive connections. - -Most clients have an auto-reconnect feature when a connection is broken so -in most cases this parameter should be transparent to users. - -Using this parameter with a timeout of a few minutes is recommended -for most systems. - -A deadtime of zero indicates that no auto-disconnection should be performed. - -.B Default: - dead time = 0 - -.B Example: - dead time = 15 -.SS debug level (G) -The value of the parameter (an integer) allows the debug level -(logging level) to be specified in the smb.conf file. This is to give -greater flexibility in the configuration of the system. - -The default will be the debug level specified on the command line. - -.B Example: - debug level = 3 -.SS default (G) -See -.B default service. -.SS default case (S) - -See the section on "NAME MANGLING" Also note the addition of "short -preserve case" - -.SS default service (G) -A synonym for this parameter is 'default'. - -This parameter specifies the name of a service which will be connected to -if the service actually requested cannot be found. Note that the square -brackets are NOT given in the parameter value (see example below). - -There is no default value for this parameter. If this parameter is not given, -attempting to connect to a nonexistent service results in an error. - -Typically the default service would be a public, read-only service. - -Also not that s of 1.9.14 the apparent service name will be changed to -equal that of the requested service, this is very useful as it allows -you to use macros like %S to make a wildcard service. - -Note also that any _ characters in the name of the service used in the -default service will get mapped to a /. This allows for interesting -things. - - -.B Example: - default service = pub - - [pub] - path = /%S - - -.SS deny hosts (S) -A synonym for this parameter is 'hosts deny'. - -The opposite of 'allow hosts' - hosts listed here are NOT permitted -access to services unless the specific services have their own lists to -override this one. Where the lists conflict, the 'allow' list takes precedence. - -.B Default: - none (ie., no hosts specifically excluded) - -.B Example: - deny hosts = 150.203.4. badhost.mynet.edu.au -.SS dfree command (G) -The dfree command setting should only be used on systems where a -problem occurs with the internal disk space calculations. This has -been known to happen with Ultrix, but may occur with other operating -systems. The symptom that was seen was an error of "Abort Retry -Ignore" at the end of each directory listing. - -This setting allows the replacement of the internal routines to -calculate the total disk space and amount available with an external -routine. The example below gives a possible script that might fulfill -this function. - -The external program will be passed a single parameter indicating a -directory in the filesystem being queried. This will typically consist -of the string "./". The script should return two integers in ascii. The -first should be the total disk space in blocks, and the second should -be the number of available blocks. An optional third return value -can give the block size in bytes. The default blocksize is 1024 bytes. - -Note: Your script should NOT be setuid or setgid and should be owned by -(and writable only by) root! - -.B Default: - By default internal routines for determining the disk capacity -and remaining space will be used. - -.B Example: - dfree command = /usr/local/smb/dfree - - Where the script dfree (which must be made executable) could be - - #!/bin/sh - df $1 | tail -1 | awk '{print $2" "$4}' - - or perhaps (on Sys V) - - #!/bin/sh - /usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}' - - - Note that you may have to replace the command names with full -path names on some systems. -.SS directory (S) -See -.B path. -.SS dont descend (S) -There are certain directories on some systems (eg., the /proc tree under -Linux) that are either not of interest to clients or are infinitely deep -(recursive). This parameter allows you to specify a comma-delimited list -of directories that the server should always show as empty. - -Note that Samba can be very fussy about the exact format of the "dont -descend" entries. For example you ma need "./proc" instead of just -"/proc". Experimentation is the best policy :-) - -.B Default: - none (ie., all directories are OK to descend) - -.B Example: - dont descend = /proc,/dev - -.SS encrypt passwords (G) - -This boolean controls whether encrypted passwords will be negotiated -with the cient. Note that this option has no effect if you haven't -compiled in the necessary des libraries and encryption code. It -defaults to no. - -.SS exec (S) - -This is an alias for preexec - - -.SS force group (S) -This specifies a group name that all connections to this service -should be made as. This may be useful for sharing files. - -.B Default: - no forced group - -.B Example: - force group = agroup - -.SS force user (S) -This specifies a user name that all connections to this service -should be made as. This may be useful for sharing files. You should -also use it carefully as using it incorrectly can cause security -problems. - -This user name only gets used once a connection is established. Thus -clients still need to connect as a valid user and supply a valid -password. Once connected, all file operations will be performed as the -"forced user", not matter what username the client connected as. - -.B Default: - no forced user - -.B Example: - force user = auser - -.SS guest account (S) -This is a username which will be used for access to services which are -specified as 'guest ok' (see below). Whatever privileges this user has -will be available to any client connecting to the guest -service. Typically this user will exist in the password file, but will -not have a valid login. If a username is specified in a given service, -the specified username overrides this one. - -One some systems the account "nobody" may not be able to print. Use -another account in this case. You should test this by trying to log in -as your guest user (perhaps by using the "su -" command) and trying to -print using lpr. - -Note that as of version 1.9 of Samba this option may be set -differently for each service. - -.B Default: - specified at compile time - -.B Example: - guest account = nobody -.SS getwd cache (G) -This is a tuning option. When this is enabled a cacheing algorithm will -be used to reduce the time taken for getwd() calls. This can have a -significant impact on performance, especially when widelinks is False. - -.B Default: - getwd cache = No - -.B Example: - getwd cache = Yes -.SS guest ok (S) -See -.B public. -.SS guest only (S) -If this parameter is 'yes' for a service, then only guest connections to the -service are permitted. This parameter will have no affect if "guest ok" or -"public" is not set for the service. - -See the section below on user/password validation for more information about -this option. - -.B Default: - guest only = no - -.B Example: - guest only = yes -.SS hide dot files (S) -This is a boolean parameter that controls whether files starting with -a dot appear as hidden files. - -.B Default: - hide dot files = yes - -.B Example: - hide dot files = no -.SS hosts allow (S) -See -.B allow hosts. -.SS hosts deny (S) -See -.B deny hosts. - -.SS group (S) -This is an alias for "force group" and is only kept for compatability -with old versions of Samba. It may be removed in future versions. - -.SS hosts equiv (G) -If this global parameter is a non-null string, it specifies the name of -a file to read for the names of hosts and users who will be allowed access -without specifying a password. - -This is not be confused with -.B allow hosts -which is about hosts access to services and is more useful for guest services. -.B hosts equiv -may be useful for NT clients which will not supply passwords to samba. - -NOTE: The use of hosts.equiv can be a major security hole. This is -because you are trusting the PC to supply the correct username. It is -very easy to get a PC to supply a false username. I recommend that the -hosts.equiv option be only used if you really know what you are doing, -or perhaps on a home network where you trust your wife and kids :-) - -.B Default - No host equivalences - -.B Example - hosts equiv = /etc/hosts.equiv - -.SS invalid users (S) -This is a list of users that should not be allowed to login to this -service. This is really a "paranoid" check to absolutely ensure an -improper setting does not breach your security. - -A name starting with @ is interpreted as a unix group. - -The current servicename is substituted for %S. This is useful in the -[homes] section. - -See also "valid users" - -.B Default - No invalid users - -.B Example - invalid users = root fred admin @wheel - -.SS include (G) - -This allows you to inlcude one config file inside another. the file is -included literally, as though typed in place. - -It takes the standard substitutions, except %u, %P and %S - -.SS keep alive (G) -The value of the parameter (an integer) represents the number of seconds -between 'keepalive' packets. If this parameter is zero, no keepalive packets -will be sent. Keepalive packets, if sent, allow the server to tell whether a -client is still present and responding. - -Keepalives should, in general, not be needed if the socket being used -has the SO_KEEPALIVE attribute set on it (see "socket -options"). Basically you should only use this option if you strike -difficulties. - -.B Default: - keep alive = 0 - -.B Example: - keep alive = 60 -.SS load printers (G) -A boolean variable that controls whether all printers in the printcap -will be loaded for browsing by default. - -.B Default: - load printers = no - -.B Example: - load printers = yes - -.SS lock directory (G) -This options specifies the directory where lock files will be placed. -The lock files are used to implement the "max connections" option. - -.B Default: - lock directory = /tmp/samba - -.B Example: - lock directory = /usr/local/samba/locks -.SS locking (S) -This controls whether or not locking will be performed by the server in -response to lock requests from the client. - -If "locking = no", all lock and unlock requests will appear to succeed and -all lock queries will indicate that the queried lock is clear. - -If "locking = yes", real locking will be performed by the server. - -This option may be particularly useful for read-only filesystems which -do not need locking (such as cdrom drives). - -Be careful about disabling locking either globally or in a specific -service, as lack of locking may result in data corruption. - -.B Default: - locking = yes - -.B Example: - locking = no - -.SS log file (G) - -This options allows you to override the name of the Samba log file -(also known as the debug file). - -This option takes the standard substitutions, allowing you to have -separate log files for each user or machine. - -.B Example: - log file = /usr/local/samba/log.%m - -.SS log level (G) -see "debug level" - -.SS lppause command (S) -This parameter specifies the command to be executed on the server host in -order to stop printing or spooling a specific print job. - -This command should be a program or script which takes a printer name and -job number to pause the print job. Currently I don't know of any print -spooler system that can do this with a simple option, except for the PPR -system from Trinity College (ppr\-dist.trincoll.edu/pub/ppr). One way -of implementing this is by using job priorities, where jobs having a too -low priority wont be sent to the printer. See also the lppause command. - -If a %p is given then the printername is put in it's place. A %j is -replaced with the job number (an integer). -On HPUX (see printing=hpux), if the -p%p option is added to the lpq -command, the job will show up with the correct status, i.e. if the job -priority is lower than the set fence priority it will have the PAUSED -status, whereas if the priority is equal or higher it will have the -SPOOLED or PRINTING status. - -Note that it is good practice to include the absolute path in the lppause -command as the PATH may not be available to the server. - -.B Default: - Currently no default value is given to this string - -.B Example for HPUX: - lppause command = /usr/bin/lpalt %p-%j -p0 - -.SS lpq cache time (G) - -This controls how long lpq info will be cached for to prevent the lpq -command being called too often. A separate cache is kept for each -variation of the lpq command used by the system, so if you use -different lpq commands for different users then they won't share cache -information. - -The cache files are stored in /tmp/lpq.xxxx where xxxx is a hash -of the lpq command in use. - -The default is 10 seconds, meaning that the cached results of a -previous identical lpq command will be used if the cached data is less -than 10 seconds old. A large value may be advisable if your lpq -command is very slow. - -A value of 0 will disable cacheing completely. - -.B Default: - lpq cache time = 10 - -.B Example: - lpq cache time = 30 - -.SS lpq command (S) -This parameter specifies the command to be executed on the server host in -order to obtain "lpq"-style printer status information. - -This command should be a program or script which takes a printer name -as its only parameter and outputs printer status information. - -Currently four styles of printer status information are supported; -BSD, SYSV, AIX and HPUX. This covers most unix systems. You control -which type is expected using the "printing =" option. - -Some clients (notably Windows for Workgroups) may not correctly send the -connection number for the printer they are requesting status information -about. To get around this, the server reports on the first printer service -connected to by the client. This only happens if the connection number sent -is invalid. - -If a %p is given then the printername is put in it's place. Otherwise -it is placed at the end of the command. - -Note that it is good practice to include the absolute path in the lpq -command as the PATH may not be available to the server. - -.B Default: - depends on the setting of "printing =" - -.B Example: - lpq command = /usr/bin/lpq %p - -.SS lpresume command (S) -This parameter specifies the command to be executed on the server host in -order to restart or continue printing or spooling a specific print job. - -This command should be a program or script which takes a printer name and -job number to resume the print job. See also the lppause command. - -If a %p is given then the printername is put in it's place. A %j is -replaced with the job number (an integer). - -Note that it is good practice to include the absolute path in the lpresume -command as the PATH may not be available to the server. - -.B Default: - Currently no default value is given to this string - -.B Example for HPUX: - lpresume command = /usr/bin/lpalt %p-%j -p2 - -.SS lprm command (S) -This parameter specifies the command to be executed on the server host in -order to delete a print job. - -This command should be a program or script which takes a printer name -and job number, and deletes the print job. - -Currently four styles of printer control are supported; BSD, SYSV, AIX -and HPUX. This covers most unix systems. You control which type is -expected using the "printing =" option. - -If a %p is given then the printername is put in it's place. A %j is -replaced with the job number (an integer). - -Note that it is good practice to include the absolute path in the lprm -command as the PATH may not be available to the server. - -.B Default: - depends on the setting of "printing =" - -.B Example 1: - lprm command = /usr/bin/lprm -P%p %j - -.B Example 2: - lprm command = /usr/bin/cancel %p-%j - -.SS magic output (S) -This parameter specifies the name of a file which will contain output -created by a magic script (see -.I magic script -below). - -Warning: If two clients use the same magic script in the same directory the -output file content is undefined. -.B Default: - magic output = .out - -.B Example: - magic output = myfile.txt -.SS magic script (S) -This parameter specifies the name of a file which, if opened, will be -executed by the server when the file is closed. This allows a Unix script -to be sent to the Samba host and executed on behalf of the connected user. - -Scripts executed in this way will be deleted upon completion, permissions -permitting. - -If the script generates output, output will be sent to the file specified by -the -.I magic output -parameter (see above). - -Note that some shells are unable to interpret scripts containing -carriage-return-linefeed instead of linefeed as the end-of-line -marker. Magic scripts must be executable "as is" on the host, which -for some hosts and some shells will require filtering at the DOS end. - -Magic scripts are EXPERIMENTAL and should NOT be relied upon. -.B Default: - None. Magic scripts disabled. - -.B Example: - magic script = user.csh -.SS mangled map (S) -This is for those who want to directly map UNIX file names which are -not representable on DOS. The mangling of names is not always what is -needed. In particular you may have documents with file extensiosn -that differ between dos and unix. For example, under unix it is common -to use .html for HTML files, whereas under dos .htm is more commonly -used. - -So to map 'html' to 'htm' you put: - - mangled map = (*.html *.htm) - -One very useful case is to remove the annoying ;1 off the ends of -filenames on some CDROMS (only visible under some unixes). To do this -use a map of (*;1 *) - -.B default: - no mangled map - -.B Example: - mangled map = (*;1 *) - -.SS mangle case (S) - -See the section on "NAME MANGLING" - -.SS mangled names (S) -This controls whether non-DOS names under Unix should be mapped to -DOS-compatible names ("mangled") and made visible, or whether non-DOS names -should simply be ignored. - -See the section on "NAME MANGLING" for details on how to control the -mangling process. - -If mangling is used then the mangling algorithm is as follows: +Default: \fBdepends on the setting of \fIprinting\fB\fR + +Example: \fBqueuepause command = enable %p +\fR.TP +\fBread bmpx (G)\fR +This boolean parameter controls whether smbd(8)will support the "Read +Block Multiplex" SMB. This is now rarely used and defaults to +no. You should never need to set this +parameter. + +Default: \fBread bmpx = no\fR +.TP +\fBread list (S)\fR +This is a list of users that are given read-only +access to a service. If the connecting user is in this list then +they will not be given write access, no matter what the \fIwriteable\fR +option is set to. The list can include group names using the +syntax described in the \fI invalid users\fR parameter. + +See also the \fI write list\fR parameter and the \fIinvalid users\fR +parameter. + +Default: \fBread list = \fR + +Example: \fBread list = mary, @students\fR +.TP +\fBread only (S)\fR +Note that this is an inverted synonym for \fIwriteable\fR. +.TP +\fBread raw (G)\fR +This parameter controls whether or not the server +will support the raw read SMB requests when transferring data +to clients. + +If enabled, raw reads allow reads of 65535 bytes in +one packet. This typically provides a major performance benefit. + +However, some clients either negotiate the allowable +block size incorrectly or are incapable of supporting larger block +sizes, and for these clients you may need to disable raw reads. + +In general this parameter should be viewed as a system tuning +tool and left severely alone. See also \fIwrite raw\fR. + +Default: \fBread raw = yes\fR +.TP +\fBread size (G)\fR +The option \fIread size\fR +affects the overlap of disk reads/writes with network reads/writes. +If the amount of data being transferred in several of the SMB +commands (currently SMBwrite, SMBwriteX and SMBreadbraw) is larger +than this value then the server begins writing the data before it +has received the whole packet from the network, or in the case of +SMBreadbraw, it begins writing to the network before all the data +has been read from disk. + +This overlapping works best when the speeds of disk and +network access are similar, having very little effect when the +speed of one is much greater than the other. + +The default value is 16384, but very little experimentation +has been done yet to determine the optimal value, and it is likely +that the best value will vary greatly between systems anyway. +A value over 65536 is pointless and will cause you to allocate +memory unnecessarily. + +Default: \fBread size = 16384\fR + +Example: \fBread size = 8192\fR +.TP +\fBremote announce (G)\fR +This option allows you to setup nmbd(8)to periodically announce itself +to arbitrary IP addresses with an arbitrary workgroup name. + +This is useful if you want your Samba server to appear +in a remote workgroup for which the normal browse propagation +rules don't work. The remote workgroup can be anywhere that you +can send IP packets to. + +For example: + +\fBremote announce = 192.168.2.255/SERVERS +192.168.4.255/STAFF\fR + +the above line would cause \fBnmbd\fR to announce itself +to the two given IP addresses using the given workgroup names. +If you leave out the workgroup name then the one given in +the \fIworkgroup\fR +parameter is used instead. + +The IP addresses you choose would normally be the broadcast +addresses of the remote networks, but can also be the IP addresses +of known browse masters if your network config is that stable. + +See the documentation file \fIBROWSING.txt\fR +in the \fIdocs/\fR directory. + +Default: \fBremote announce = +\fR.TP +\fBremote browse sync (G)\fR +This option allows you to setup nmbd(8)to periodically request +synchronization of browse lists with the master browser of a Samba +server that is on a remote segment. This option will allow you to +gain browse lists for multiple workgroups across routed networks. This +is done in a manner that does not work with any non-Samba servers. + +This is useful if you want your Samba server and all local +clients to appear in a remote workgroup for which the normal browse +propagation rules don't work. The remote workgroup can be anywhere +that you can send IP packets to. + +For example: + +\fBremote browse sync = 192.168.2.255 192.168.4.255 +\fR +the above line would cause \fBnmbd\fR to request +the master browser on the specified subnets or addresses to +synchronize their browse lists with the local server. + +The IP addresses you choose would normally be the broadcast +addresses of the remote networks, but can also be the IP addresses +of known browse masters if your network config is that stable. If +a machine IP address is given Samba makes NO attempt to validate +that the remote machine is available, is listening, nor that it +is in fact the browse master on its segment. + +Default: \fBremote browse sync = +\fR.TP +\fBrestrict anonymous (G)\fR +This is a boolean parameter. If it is true, then +anonymous access to the server will be restricted, namely in the +case where the server is expecting the client to send a username, +but it doesn't. Setting it to true will force these anonymous +connections to be denied, and the client will be required to always +supply a username and password when connecting. Use of this parameter +is only recommended for homogeneous NT client environments. + +This parameter makes the use of macro expansions that rely +on the username (%U, %G, etc) consistent. NT 4.0 +likes to use anonymous connections when refreshing the share list, +and this is a way to work around that. + +When restrict anonymous is true, all anonymous connections +are denied no matter what they are for. This can effect the ability +of a machine to access the Samba Primary Domain Controller to revalidate +its machine account after someone else has logged on the client +interactively. The NT client will display a message saying that +the machine's account in the domain doesn't exist or the password is +bad. The best way to deal with this is to reboot NT client machines +between interactive logons, using "Shutdown and Restart", rather +than "Close all programs and logon as a different user". + +Default: \fBrestrict anonymous = no\fR +.TP +\fBroot (G)\fR +Synonym for \fIroot directory"\fR. +.TP +\fBroot dir (G)\fR +Synonym for \fIroot directory"\fR. +.TP +\fBroot directory (G)\fR +The server will \fBchroot()\fR (i.e. +Change its root directory) to this directory on startup. This is +not strictly necessary for secure operation. Even without it the +server will deny access to files not in one of the service entries. +It may also check for, and deny access to, soft links to other +parts of the filesystem, or attempts to use ".." in file names +to access other directories (depending on the setting of the \fIwide links\fR +parameter). + +Adding a \fIroot directory\fR entry other +than "/" adds an extra level of security, but at a price. It +absolutely ensures that no access is given to files not in the +sub-tree specified in the \fIroot directory\fR +option, \fBincluding\fR some files needed for +complete operation of the server. To maintain full operability +of the server you will need to mirror some system files +into the \fIroot directory\fR tree. In particular +you will need to mirror \fI/etc/passwd\fR (or a +subset of it), and any binaries or configuration files needed for +printing (if required). The set of files that must be mirrored is +operating system dependent. + +Default: \fBroot directory = /\fR + +Example: \fBroot directory = /homes/smb\fR +.TP +\fBroot postexec (S)\fR +This is the same as the \fIpostexec\fR +parameter except that the command is run as root. This +is useful for unmounting filesystems +(such as CDROMs) after a connection is closed. + +See also \fI postexec\fR. + +Default: \fBroot postexec = +\fR.TP +\fBroot preexec (S)\fR +This is the same as the \fIpreexec\fR +parameter except that the command is run as root. This +is useful for mounting filesystems (such as CDROMs) when a +connection is opened. + +See also \fI preexec\fR and \fIpreexec close\fR. + +Default: \fBroot preexec = +\fR.TP +\fBroot preexec close (S)\fR +This is the same as the \fIpreexec close +\fRparameter except that the command is run as root. + +See also \fI preexec\fR and \fIpreexec close\fR. + +Default: \fBroot preexec close = no\fR +.TP +\fBsecurity (G)\fR +This option affects how clients respond to +Samba and is one of the most important settings in the \fI smb.conf\fR file. + +The option sets the "security mode bit" in replies to +protocol negotiations with smbd(8) +to turn share level security on or off. Clients decide +based on this bit whether (and how) to transfer user and password +information to the server. + +The default is \fBsecurity = user\fR, as this is +the most common setting needed when talking to Windows 98 and +Windows NT. + +The alternatives are \fBsecurity = share\fR, +\fBsecurity = server\fR or \fBsecurity = domain +\fR\&. + +In versions of Samba prior to 2.0.0, the default was +\fBsecurity = share\fR mainly because that was +the only option at one stage. + +There is a bug in WfWg that has relevance to this +setting. When in user or server level security a WfWg client +will totally ignore the password you type in the "connect +drive" dialog box. This makes it very difficult (if not impossible) +to connect to a Samba service as anyone except the user that +you are logged into WfWg as. + +If your PCs use usernames that are the same as their +usernames on the UNIX machine then you will want to use +\fBsecurity = user\fR. If you mostly use usernames +that don't exist on the UNIX box then use \fBsecurity = +share\fR. + +You should also use \fBsecurity = share\fR if you +want to mainly setup shares without a password (guest shares). This +is commonly used for a shared printer server. It is more difficult +to setup guest shares with \fBsecurity = user\fR, see +the \fImap to guest\fR +parameter for details. + +It is possible to use \fBsmbd\fR in a \fB hybrid mode\fR where it is offers both user and share +level security under different \fINetBIOS aliases\fR. + +The different settings will now be explained. + +\fBSECURITY = SHARE +\fR +When clients connect to a share level security server they +need not log onto the server with a valid username and password before +attempting to connect to a shared resource (although modern clients +such as Windows 95/98 and Windows NT will send a logon request with +a username but no password when talking to a \fBsecurity = share +\fRserver). Instead, the clients send authentication information +(passwords) on a per-share basis, at the time they attempt to connect +to that share. + +Note that \fBsmbd\fR \fBALWAYS\fR +uses a valid UNIX user to act on behalf of the client, even in +\fBsecurity = share\fR level security. + +As clients are not required to send a username to the server +in share level security, \fBsmbd\fR uses several +techniques to determine the correct UNIX user to use on behalf +of the client. + +A list of possible UNIX usernames to match with the given +client password is constructed using the following methods : .RS -- the first (up to) five alphanumeric characters before the rightmost dot of -the filename are preserved, forced to upper case, and appear as the first (up -to) five characters of the mangled name. - -- a tilde ("~") is appended to the first part of the mangled name, followed -by a two-character unique sequence, based on the origonal root name -(i.e., the original filename minus its final extension). The final -extension is included in the hash calculation only if it contains any upper -case characters or is longer than three characters. - -Note that the character to use may be specified using the "mangling -char" option, if you don't like ~. - -- the first three alphanumeric characters of the final extension are preserved, -forced to upper case and appear as the extension of the mangled name. The -final extension is defined as that part of the original filename after the -rightmost dot. If there are no dots in the filename, the mangled name will -have no extension (except in the case of hidden files - see below). - -- files whose Unix name begins with a dot will be presented as DOS hidden -files. The mangled name will be created as for other filenames, but with the -leading dot removed and "___" as its extension regardless of actual original -extension (that's three underscores). +.TP 0.2i +\(bu +If the \fIguest +only\fR parameter is set, then all the other +stages are missed and only the \fIguest account\fR username is checked. +.TP 0.2i +\(bu +Is a username is sent with the share connection +request, then this username (after mapping - see \fIusername map\fR), +is added as a potential username. +.TP 0.2i +\(bu +If the client did a previous \fBlogon +\fRrequest (the SessionSetup SMB call) then the +username sent in this SMB will be added as a potential username. +.TP 0.2i +\(bu +The name of the service the client requested is +added as a potential username. +.TP 0.2i +\(bu +The NetBIOS name of the client is added to +the list as a potential username. +.TP 0.2i +\(bu +Any users on the \fI user\fR list are added as potential usernames. .RE +.PP +If the \fIguest only\fR parameter is +not set, then this list is then tried with the supplied password. +The first user for whom the password matches will be used as the +UNIX user. +.PP +.PP +If the \fIguest only\fR parameter is +set, or no username can be determined then if the share is marked +as available to the \fIguest account\fR, then this +guest user will be used, otherwise access is denied. +.PP +.PP +Note that it can be \fBvery\fR confusing +in share-level security as to which UNIX username will eventually +be used in granting access. +.PP +.PP +See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. +.PP +.PP +\fBSECURITY = USER +\fR.PP +.PP +This is the default security setting in Samba 2.2. +With user-level security a client must first "log-on" with a +valid username and password (which can be mapped using the \fIusername map\fR +parameter). Encrypted passwords (see the \fIencrypted passwords\fR parameter) can also +be used in this security mode. Parameters such as \fIuser\fR and \fIguest only\fR if set are then applied and +may change the UNIX user to use on this connection, but only after +the user has been successfully authenticated. +.PP +.PP +\fBNote\fR that the name of the resource being +requested is \fBnot\fR sent to the server until after +the server has successfully authenticated the client. This is why +guest shares don't work in user level security without allowing +the server to automatically map unknown users into the \fIguest account\fR. +See the \fImap to guest\fR +parameter for details on doing this. +.PP +.PP +See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. +.PP +.PP +\fBSECURITY = SERVER +\fR.PP +.PP +In this mode Samba will try to validate the username/password +by passing it to another SMB server, such as an NT box. If this +fails it will revert to \fBsecurity = user\fR, but note +that if encrypted passwords have been negotiated then Samba cannot +revert back to checking the UNIX password file, it must have a valid +\fIsmbpasswd\fR file to check users against. See the +documentation file in the \fIdocs/\fR directory +\fIENCRYPTION.txt\fR for details on how to set this +up. +.PP +.PP +\fBNote\fR that from the client's point of +view \fBsecurity = server\fR is the same as \fB security = user\fR. It only affects how the server deals +with the authentication, it does not in any way affect what the +client sees. +.PP +.PP +\fBNote\fR that the name of the resource being +requested is \fBnot\fR sent to the server until after +the server has successfully authenticated the client. This is why +guest shares don't work in user level security without allowing +the server to automatically map unknown users into the \fIguest account\fR. +See the \fImap to guest\fR +parameter for details on doing this. +.PP +.PP +See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. +.PP +.PP +See also the \fIpassword +server\fR parameter and the \fIencrypted passwords\fR +parameter. +.PP +.PP +\fBSECURITY = DOMAIN +\fR.PP +.PP +This mode will only work correctly if smbpasswd(8)has been used to add this +machine into a Windows NT Domain. It expects the \fIencrypted passwords\fR +parameter to be set to true. In this +mode Samba will try to validate the username/password by passing +it to a Windows NT Primary or Backup Domain Controller, in exactly +the same way that a Windows NT Server would do. +.PP +.PP +\fBNote\fR that a valid UNIX user must still +exist as well as the account on the Domain Controller to allow +Samba to have a valid UNIX account to map file access to. +.PP +.PP +\fBNote\fR that from the client's point +of view \fBsecurity = domain\fR is the same as \fBsecurity = user +\fR\&. It only affects how the server deals with the authentication, +it does not in any way affect what the client sees. +.PP +.PP +\fBNote\fR that the name of the resource being +requested is \fBnot\fR sent to the server until after +the server has successfully authenticated the client. This is why +guest shares don't work in user level security without allowing +the server to automatically map unknown users into the \fIguest account\fR. +See the \fImap to guest\fR +parameter for details on doing this. +.PP +.PP +\fBBUG:\fR There is currently a bug in the +implementation of \fBsecurity = domain\fR with respect +to multi-byte character set usernames. The communication with a +Domain Controller must be done in UNICODE and Samba currently +does not widen multi-byte user names to UNICODE correctly, thus +a multi-byte username will not be recognized correctly at the +Domain Controller. This issue will be addressed in a future release. +.PP +.PP +See also the section NOTE ABOUT USERNAME/PASSWORD VALIDATION. +.PP +.PP +See also the \fIpassword +server\fR parameter and the \fIencrypted passwords\fR +parameter. +.PP +.PP +Default: \fBsecurity = USER\fR +.PP +.PP +Example: \fBsecurity = DOMAIN\fR +.PP +.TP +\fBsecurity mask (S)\fR +This parameter controls what UNIX permission +bits can be modified when a Windows NT client is manipulating +the UNIX permission on a file using the native NT security +dialog box. + +This parameter is applied as a mask (AND'ed with) to +the changed permission bits, thus preventing any bits not in +this mask from being modified. Essentially, zero bits in this +mask may be treated as a set of bits the user is not allowed +to change. + +If not set explicitly this parameter is 0777, allowing +a user to modify all the user/group/world permissions on a file. + +\fBNote\fR that users who can access the +Samba server through other means can easily bypass this +restriction, so it is primarily useful for standalone +"appliance" systems. Administrators of most normal systems will +probably want to leave it set to 0777. + +See also the \fIforce directory security mode\fR, +\fIdirectory +security mask\fR, \fIforce security mode\fR parameters. + +Default: \fBsecurity mask = 0777\fR + +Example: \fBsecurity mask = 0770\fR +.TP +\fBserver string (G)\fR +This controls what string will show up in the +printer comment box in print manager and next to the IPC connection +in \fBnet view\fR. It can be any string that you wish +to show to your users. + +It also sets what will appear in browse lists next +to the machine name. + +A \fI%v\fR will be replaced with the Samba +version number. + +A \fI%h\fR will be replaced with the +hostname. + +Default: \fBserver string = Samba %v\fR + +Example: \fBserver string = University of GNUs Samba +Server\fR +.TP +\fBset directory (S)\fR +If \fBset directory = no\fR, then +users of the service may not use the setdir command to change +directory. + +The \fBsetdir\fR command is only implemented +in the Digital Pathworks client. See the Pathworks documentation +for details. + +Default: \fBset directory = no\fR +.TP +\fBshort preserve case (S)\fR +This boolean parameter controls if new files +which conform to 8.3 syntax, that is all in upper case and of +suitable length, are created upper case, or if they are forced +to be the \fIdefault case +\fR\&. This option can be use with \fBpreserve case = yes\fR +to permit long filenames to retain their case, while short +names are lowered. + +See the section on NAME MANGLING. + +Default: \fBshort preserve case = yes\fR +.TP +\fBshow add printer wizard (G)\fR +With the introduction of MS-RPC based printing support +for Windows NT/2000 client in Samba 2.2, a "Printers..." folder will +appear on Samba hosts in the share listing. Normally this folder will +contain an icon for the MS Add Printer Wizard (APW). However, it is +possible to disable this feature regardless of the level of privilege +of the connected user. + +Under normal circumstances, the Windows NT/2000 client will +open a handle on the printer server with OpenPrinterEx() asking for +Administrator privileges. If the user does not have administrative +access on the print server (i.e is not root or a member of the +\fIprinter admin\fR group), the OpenPrinterEx() +call fails and the client makes another open call with a request for +a lower privilege level. This should succeed, however the APW +icon will not be displayed. + +Disabling the \fIshow add printer wizard\fR +parameter will always cause the OpenPrinterEx() on the server +to fail. Thus the APW icon will never be displayed. \fB Note :\fRThis does not prevent the same user from having +administrative privilege on an individual printer. + +See also \fIaddprinter +command\fR, \fIdeleteprinter command\fR, \fIprinter admin\fR + +Default :\fBshow add printer wizard = yes\fR +.TP +\fBshutdown script (G)\fR +\fBThis parameter only exists in the HEAD cvs branch\fR +This a full path name to a script called by +\fBsmbd(8)\fRthat +should start a shutdown procedure. + +This command will be run as the user connected to the +server. -The two-digit hash value consists of upper case alphanumeric characters. - -This algorithm can cause name collisions only if files in a directory share -the same first five alphanumeric characters. The probability of such a clash -is 1/1300. - -The name mangling (if enabled) allows a file to be copied between Unix -directories from DOS while retaining the long Unix filename. Unix files can -be renamed to a new extension from DOS and will retain the same basename. -Mangled names do not change between sessions. - -.B Default: - mangled names = yes - -.B Example: - mangled names = no -.SS mangling char (S) -This controls what character is used as the "magic" character in name -mangling. The default is a ~ but this may interfere with some -software. Use this option to set it to whatever you prefer. - -.B Default: - mangling char = ~ - -.B Example: - mangling char = ^ - -.SS max log size (G) - -This option (an integer in kilobytes) specifies the max size the log -file should grow to. Samba periodically checks the size and if it is -exceeded it will rename the file, adding a .old extension. - -A size of 0 means no limit. - -.B Default: - max log size = 5000 - -.B Example: - max log size = 1000 - -.SS max xmit (G) - -This option controls the maximum packet size that will be negotiated -by Samba. The default is 65535, which is the maximum. In some cases -you may find you get better performance with a smaller value. A value -below 2048 is likely to cause problems. - -.B Default: - max xmit = 65535 - -.B Example: - max xmit = 8192 - -.SS mangled stack (G) -This parameter controls the number of mangled names that should be cached in -the Samba server. - -This stack is a list of recently mangled base names (extensions are only -maintained if they are longer than 3 characters or contains upper case -characters). - -The larger this value, the more likely it is that mangled names can be -successfully converted to correct long Unix names. However, large stack -sizes will slow most directory access. Smaller stacks save memory in the -server (each stack element costs 256 bytes). - -It is not possible to absolutely guarantee correct long file names, so -be prepared for some surprises! - -.B Default: - mangled stack = 50 - -.B Example: - mangled stack = 100 - -.SS map archive (S) -This controls whether the DOS archive attribute should be mapped to Unix -execute bits. The DOS archive bit is set when a file has been modified -since its last backup. One motivation for this option it to keep Samba/your -PC from making any file it touches from becoming executable under UNIX. -This can be quite annoying for shared source code, documents, etc... - -.B Default: - map archive = yes - -.B Example: - map archive = no - -.SS map hidden (S) -This controls whether DOS style hidden files should be mapped to Unix -execute bits. - -.B Default: - map hidden = no - -.B Example: - map hidden = yes -.SS map system (S) -This controls whether DOS style system files should be mapped to Unix -execute bits. - -.B Default: - map system = no - -.B Example: - map system = yes -.SS max connections (S) -This option allows the number of simultaneous connections to a -service to be limited. If "max connections" is greater than 0 then -connections will be refused if this number of connections to the -service are already open. A value of zero mean an unlimited number of -connections may be made. - -Record lock files are used to implement this feature. The lock files -will be stored in the directory specified by the "lock directory" option. - -.B Default: - max connections = 0 - -.B Example: - max connections = 10 -.SS only user (S) -This is a boolean option that controls whether connections with -usernames not in the user= list will be allowed. By default this -option is disabled so a client can supply a username to be used by -the server. - -Note that this also means Samba won't try to deduce usernames from the -service name. This can be annoying for the [homes] section. To get -around this you could use "user = %S" which means your "user" list -will be just the service name, which for home directories is the name -of the user. - -.B Default: - only user = False - -.B Example: - only user = True - -.SS message command (G) - -This specifies what command to run when the server receives a WinPopup -style message. - -This would normally be a command that would deliver the message -somehow. How this is to be done is up to your imagination. - -What I use is: - - message command = csh -c 'xedit %s;rm %s' & - -This delivers the message using xedit, then removes it -afterwards. NOTE THAT IT IS VERY IMPORTANT THAT THIS COMMAND RETURN -IMMEDIATELY. That's why I have the & on the end. If it doesn't return -immediately then your PCs may freeze when sending messages (they -should recover after 30secs, hopefully). - -All messages are delivered as the global guest user. The command takes -the standard substitutions, although %u won't work (%U may be better -in this case). - -Apart from the standard substitutions, some additional ones apply. In -particular: - -%s = the filename containing the message - -%t = the destination that the message was sent to (probably the server -name) - -%f = who the message is from - -You could make this command send mail, or whatever else takes your -fancy. Please let me know of any really interesting ideas you have. - -Here's a way of sending the messages as mail to root: - -message command = /bin/mail -s 'message from %f on %m' root < %s; rm %s - -If you don't have a message command then the message won't be -delivered and Samba will tell the sender there was an -error. Unfortunately WfWg totally ignores the error code and carries -on regardless, saying that the message was delivered. - -If you want to silently delete it then try "message command = rm %s". - -For the really adventurous, try something like this: - -message command = csh -c 'csh < %s |& /usr/local/samba/smbclient \\ - -M %m; rm %s' & - -this would execute the command as a script on the server, then give -them the result in a WinPopup message. Note that this could cause a -loop if you send a message from the server using smbclient! You better -wrap the above in a script that checks for this :-) - -.B Default: - no message command - -.B Example: - message command = csh -c 'xedit %s;rm %s' & - -.SS min print space (S) - -This sets the minimum amount of free disk space that must be available -before a user will be able to spool a print job. It is specified in -kilobytes. The default is 0, which means no limit. - -.B Default: - min print space = 0 - -.B Example: - min print space = 2000 - -.SS null passwords (G) -Allow or disallow access to accounts that have null passwords. - -.B Default: - null passwords = no - -.B Example: - null passwords = yes - -.SS os level (G) -This integer value controls what level Samba advertises itself as for -browse elections. See BROWSING.txt for details. - -.SS packet size (G) -The maximum transmit packet size during a raw read. This option is no -longer implemented as of version 1.7.00, and is kept only so old -configuration files do not become invalid. - -.SS passwd chat (G) -This string coontrols the "chat" conversation that takes places -between smbd and the local password changing program to change the -users password. The string describes a sequence of response-receive -pairs that smbd uses to determine what to send to the passwd program -and what to expect back. If the expected output is not received then -the password is not changed. - -This chat sequence is often quite site specific, deppending on what -local methods are used for password control (such as NIS+ etc). - -The string can contain the macros %o and %n which are substituted for -the old and new passwords respectively. It can aso contain the -standard macros \\n \\r \\t and \\s to give line-feed, carriage-return, -tab and space. - -The string can also contain a * which matches any sequence of -characters. - -Double quotes can be used to collect strings with spaces in them into -a single string. - -If the send string in any part of the chat sequence is a fullstop "." -then no string is sent. Similarly, is the expect string is a fullstop -then no string is expected. - -.B Example: - passwd chat = "*Enter OLD password*" %o\\n "*Enter NEW password*" %n\\n \\ - "*Reenter NEW password*" %n\\n "*Password changed*" - -.B Default: - passwd chat = *old*password* %o\\n *new*password* %n\\n *new*password* %n\\n *changed* - -.SS passwd program (G) -The name of a program that can be used to set user passwords. - -This is only necessary if you have enabled remote password changing at -compile time. Any occurances of %u will be replaced with the user -name. - -Also note that many passwd programs insist in "reasonable" passwords, -such as a minimum length, or the inclusion of mixed case chars and -digits. This can pose a problem as some clients (such as Windows for -Workgroups) uppercase the password before sending it. - -.B Default: - passwd program = /bin/passwd - -.B Example: - passwd program = /sbin/passwd %u - -.SS password level (G) -Some client/server conbinations have difficulty with mixed-case passwords. -One offending client is Windows for Workgroups, which for some reason forces -passwords to upper case when using the LANMAN1 protocol, but leaves them alone -when using COREPLUS! - -This parameter defines the maximum number of characters that may be upper case -in passwords. - -For example, say the password given was "FRED". If -.B password level -is set to 1 (one), the following combinations would be tried if "FRED" failed: -"Fred", "fred", "fRed", "frEd", "freD". If -.B password level was set to 2 (two), the following combinations would also be -tried: "FRed", "FrEd", "FreD", "fREd", "fReD", "frED". And so on. - -The higher value this parameter is set to the more likely it is that a mixed -case password will be matched against a single case password. However, you -should be aware that use of this parameter reduces security and increases the -time taken to process a new connection. - -A value of zero will cause only two attempts to be made - the password as is -and the password in all-lower case. - -If you find the connections are taking too long with this option then -you probably have a slow crypt() routine. Samba now comes with a fast -"ufc crypt" that you can select in the Makefile. You should also make -sure the PASSWORD_LENGTH option is correct for your system in local.h -and includes.h. On most systems only the first 8 chars of a password -are significant so PASSWORD_LENGTH should be 8, but on some longer -passwords are significant. The inlcudes.h file tries to select the -right length for your system. - -.B Default: - password level = 0 - -.B Example: - password level = 4 - -.SS password server (G) - -By specifying the name of another SMB server (such as a WinNT box) -with this option, and using "security = server" you can get Samba to -do all it's username/password validation via a remote server. - -This options sets the name of the password server to use. It must be a -netbios name, so if the machines netbios name is different from it's -internet name then you may have to add it's netbios name to -/etc/hosts. - -The password server much be a machine capable of using the "LM1.2X002" -or the "LM NT 0.12" protocol, and it must be in user level security -mode. - -NOTE: Using a password server means your unix box (running Samba) is -only as secure as your password server. DO NOT CHOOSE A PASSWORD -SERVER THAT YOU DON'T COMPLETELY TRUST. - -Never point a Samba server at itself for password serving. This will -cause a loop and could lock up your Samba server! - -The name of the password server takes the standard substitutions, but -probably the only useful one is %m, which means the Samba server will -use the incoming client as the password server. If you use this then -you better trust your clients, and you better restrict them with hosts -allow! - -If you list several hosts in the "password server" option then smbd -will try each in turn till it finds one that responds. This is useful -in case your primary server goes down. - -.SS path (S) -A synonym for this parameter is 'directory'. - -This parameter specifies a directory to which the user of the service is to -be given access. In the case of printable services, this is where print data -will spool prior to being submitted to the host for printing. - -For a printable service offering guest access, the service should be readonly -and the path should be world-writable and have the sticky bit set. This is not -mandatory of course, but you probably won't get the results you expect if you -do otherwise. - -Any occurances of %u in the path will be replaced with the username -that the client is connecting as. Any occurances of %m will be -replaced by the name of the machine they are connecting from. These -replacements are very useful for setting up pseudo home directories -for users. - -Note that this path will be based on 'root dir' if one was specified. -.B Default: - none - -.B Example: - path = /home/fred+ - -.SS postexec (S) - -This option specifies a command to be run whenever the service is -disconnected. It takes the usual substitutions. The command may be run -as the root on some systems. - -An interesting example may be do unmount server resources: - -postexec = /etc/umount /cdrom - -See also preexec - -.B Default: - none (no command executed) - -.B Example: - postexec = echo \"%u disconnected from %S from %m (%I)\" >> /tmp/log - -.SS postscript (S) -This parameter forces a printer to interpret the print files as -postscript. This is done by adding a %! to the start of print output. - -This is most useful when you have lots of PCs that persist in putting -a control-D at the start of print jobs, which then confuses your -printer. - -.B Default: - postscript = False - -.B Example: - postscript = True - -.SS preexec (S) - -This option specifies a command to be run whenever the service is -connected to. It takes the usual substitutions. - -An interesting example is to send the users a welcome message every -time they log in. Maybe a message of the day? Here is an example: - -preexec = csh -c 'echo \"Welcome to %S!\" | \ - /usr/local/samba/smbclient -M %m -I %I' & - -Of course, this could get annoying after a while :-) - -See also postexec - -.B Default: - none (no command executed) - -.B Example: - preexec = echo \"%u connected to %S from %m (%I)\" >> /tmp/log - -.SS preferred master (G) -This boolean parameter controls if Samba is a preferred master browser -for its workgroup. Setting this gives it a slight edge in elections -and also means it will automatically start an election when it starts -up. - -It is on by default. - -.SS preload -This is an alias for "auto services" - -.SS preserve case (S) - -This controls if new filenames are created with the case that the -client passes, or if they are forced to be the "default" case. - -.B Default: - preserve case = no - -See the section on "NAME MANGLING" for a fuller discussion. - -.SS print command (S) -After a print job has finished spooling to a service, this command will be -used via a system() call to process the spool file. Typically the command -specified will submit the spool file to the host's printing subsystem, but -there is no requirement that this be the case. The server will not remove the -spool file, so whatever command you specify should remove the spool file when -it has been processed, otherwise you will need to manually remove old spool -files. - -The print command is simply a text string. It will be used verbatim, -with two exceptions: All occurrences of "%s" will be replaced by the -appropriate spool file name, and all occurrences of "%p" will be -replaced by the appropriate printer name. The spool file name is -generated automatically by the server, the printer name is discussed -below. - -The full path name will be used for the filename if %s is not preceded -by a /. If you don't like this (it can stuff up some lpq output) then -use %f instead. Any occurances of %f get replaced by the spool -filename without the full path at the front. - -The print command MUST contain at least one occurrence of "%s" or %f - -the "%p" is optional. At the time a job is submitted, if no printer -name is supplied the "%p" will be silently removed from the printer -command. - -If specified in the [global] section, the print command given will be used -for any printable service that does not have its own print command specified. - -If there is neither a specified print command for a printable service nor a -global print command, spool files will be created but not processed and (most -importantly) not removed. - -Note that printing may fail on some unixes from the "nobody" -account. If this happens then create an alternative guest account that -can print and set the "guest account" in the [global] section. - -You can form quite complex print commands by realising that they are -just passed to a shell. For example the following will log a print -job, print the file, then remove it. Note that ; is the usual -separator for command in shell scripts. - -print command = echo Printing %s >> /tmp/print.log; lpr -P %p %s; rm %s - -You may have to vary this command considerably depending on how you -normally print files on your system. - -.B Default: - print command = lpr -r -P %p %s - -.B Example: - print command = /usr/local/samba/myprintscript %p %s -.SS print ok (S) -See -.B printable. -.SS printable (S) -A synonym for this parameter is 'print ok'. - -If this parameter is 'yes', then clients may open, write to and submit spool -files on the directory specified for the service. - -Note that a printable service will ALWAYS allow writing to the service path -(user privileges permitting) via the spooling of print data. The 'read only' -parameter controls only non-printing access to the resource. - -.B Default: - printable = no - -.B Example: - printable = yes - -.SS printing (G) -This parameters controls how printer status information is interpreted -on your system, and also affects the default values for the "print -command", "lpq command" and "lprm command". - -Currently three printing styles are supported. They are "printing = -bsd", "printing = sysv", "printing = hpux" and "printing = aix". - -To see what the defaults are for the other print commands when using -these three options use the "testparm" program. - - -.SS printcap name (G) -This parameter may be used to override the compiled-in default printcap -name used by the server (usually /etc/printcap). See the discussion of the -[printers] section above for reasons why you might want to do this. - -For those of you without a printcap (say on SysV) you can just create a -minimal file that looks like a printcap and set "printcap name =" in -[global] to point at it. - -A minimal printcap file would look something like this: - -print1|My Printer 1 -print2|My Printer 2 -print3|My Printer 3 -print4|My Printer 4 -print5|My Printer 5 - -where the | separates aliases of a printer. The fact that the second -alias has a space in it gives a hint to Samba that it's a comment. - -NOTE: Under AIX the default printcap name is "/etc/qconfig". Samba -will assume the file is in AIX "qconfig" format if the string -"/qconfig" appears in the printcap filename. - -.B Default: - printcap name = /etc/printcap - -.B Example: - printcap name = /etc/myprintcap -.SS printer (S) -A synonym for this parameter is 'printer name'. - -This parameter specifies the name of the printer to which print jobs spooled -through a printable service will be sent. - -If specified in the [global] section, the printer name given will be used -for any printable service that does not have its own printer name specified. - -.B Default: - none (but may be 'lp' on many systems) - -.B Example: - printer name = laserwriter -.SS printer name (S) -See -.B printer. -.SS protocol (G) -The value of the parameter (a string) is the highest protocol level that will -be supported by the server. - -Possible values are CORE, COREPLUS, LANMAN1, LANMAN2 and NT1. The relative -merits of each are discussed in the README file. - -.B Default: - protocol = NT1 - -.B Example: - protocol = LANMAN1 -.SS public (S) -A synonym for this parameter is 'guest ok'. - -If this parameter is 'yes' for a service, then no password is required -to connect to the service. Privileges will be those of the guest -account. - -See the section below on user/password validation for more information about -this option. - -.B Default: - public = no - -.B Example: - public = yes -.SS read list (S) -This is a list of users that are given read-only access to a -service. If the connecting user is in this list then they will -not be given write access, no matter what the "read only" option -is set to. The list can include group names using the @group syntax. - -See also the "write list" option - -.B Default: - read list = - -.B Example: - read list = mary, @students - -.SS read only (S) -See -.B writable -and -.B write ok. -Note that this is an inverted synonym for writable and write ok. -.SS read prediction (G) -This options enables or disables the read prediction code used to -speed up reads from the server. When enabled the server will try to -pre-read data from the last accessed file that was opened read-only -while waiting for packets. - -.SS Default: - read prediction = False - -.SS Example: - read prediction = True -.SS read raw (G) -This parameter controls whether or not the server will support raw reads when -transferring data to clients. - -If enabled, raw reads allow reads of 65535 bytes in one packet. This -typically provides a major performance benefit. - -However, some clients either negotiate the allowable block size incorrectly -or are incapable of supporting larger block sizes, and for these clients you -may need to disable raw reads. - -In general this parameter should be viewed as a system tuning tool and left -severely alone. See also -.B write raw. - -.B Default: - read raw = yes - -.B Example: - read raw = no -.SS read size (G) - -The option "read size" affects the overlap of disk reads/writes with -network reads/writes. If the amount of data being transferred in -several of the SMB commands (currently SMBwrite, SMBwriteX and -SMBreadbraw) is larger than this value then the server begins writing -the data before it has received the whole packet from the network, or -in the case of SMBreadbraw, it begins writing to the network before -all the data has been read from disk. - -This overlapping works best when the speeds of disk and network access -are similar, having very little effect when the speed of one is much -greater than the other. - -The default value is 2048, but very little experimentation has been -done yet to determine the optimal value, and it is likely that the best -value will vary greatly between systems anyway. A value over 65536 is -pointless and will cause you to allocate memory unnecessarily. - -.B Default: - read size = 2048 - -.B Example: - read size = 8192 - -.SS revalidate (S) - -This options controls whether Samba will allow a previously validated -username/password pair to be used to attach to a share. Thus if you -connect to \\\\server\\share1 then to \\\\server\\share2 it won't -automatically allow the client to request connection to the second -share as the same username as the first without a password. - -If "revalidate" is True then the client will be denied automatic -access as the same username. - -.B Default: - revalidate = False - -.B Example: - revalidate = True - -.SS root (G) -See -.B root directory. -.SS root dir (G) -See -.B root directory. -.SS root directory (G) -Synonyms for this parameter are 'root dir' and 'root'. - -The server will chroot() to this directory on startup. This is not -strictly necessary for secure operation. Even without it the server -will deny access to files not in one of the service entries. It may -also check for, and deny access to, soft links to other parts of the -filesystem, or attempts to use .. in file names to access other -directories (depending on the setting of the "wide links" parameter). - -Adding a "root dir" entry other than "/" adds an extra level of security, -but at a price. It absolutely ensures that no access is given to files not -in the sub-tree specified in the "root dir" option, *including* some files -needed for complete operation of the server. To maintain full operability -of the server you will need to mirror some system files into the "root dir" -tree. In particular you will need to mirror /etc/passwd (or a subset of it), -and any binaries or configuration files needed for printing (if required). -The set of files that must be mirrored is operating system dependent. - -.B Default: - root directory = / - -.B Example: - root directory = /homes/smb -.SS security (G) -This option does affects how clients respond to Samba. - -The option sets the "security mode bit" in replies to protocol negotiations -to turn share level security on or off. Clients decide based on this bit -whether (and how) to transfer user and password information to the server. - -The default is "security=SHARE", mainly because that was the only -option at one stage. - -The alternatives are "security = user" or "security = server". - -If your PCs use usernames that are the same as their usernames on the -unix machine then you will want to use "security = user". If you -mostly use usernames that don't exist on the unix box then use -"security = share". - -There is a bug in WfWg that may affect your decision. When in user -level security a WfWg client will totally ignore the password you type -in the "connect drive" dialog box. This makes it very difficult (if -not impossible) to connect to a Samba service as anyone except the -user that you are logged into WfWg as. - -If you use "security = server" then Samba will try to validate the -username/password by passing it to another SMB server, such as an NT -box. If this fails it will revert to "security = USER". - -See the "password server" option for more details. - -.B Default: - security = SHARE - -.B Example: - security = USER -.SS server string (G) -This controls what string will show up in the printer comment box in -print manager and next to the IPC connection in "net view". It can be -any string that you wish to show to your users. - -Note that it DOES NOT affect the string that appears in browse -lists. That is controlled by a nmbd command line option instead. - -A %v will be replaced with the Samba version number. - -A %h will be replaced with the hostname. - -.B Default: - server string = Samba %v - -.B Example: - server string = University of GNUs Samba Server - -.SS smbrun (G) -This sets the full path to the smbrun binary. This defaults to the -value in the Makefile. - -You must get this path right for many services to work correctly. - -.B Default: taken from Makefile - -.B Example: - smbrun = /usr/local/samba/bin/smbrun - -.SS short preserve case (S) - -This controls if new short filenames are created with the case that -the client passes, or if they are forced to be the "default" case. - -.B Default: - short preserve case = no - -See the section on "NAME MANGLING" for a fuller discussion. - -.SS root preexec (S) - -This is the same as preexec except that the command is run as -root. This is useful for mounting filesystems (such as cdroms) before -a connection is finalised. - -.SS root postexec (S) - -This is the same as postexec except that the command is run as -root. This is useful for unmounting filesystems (such as cdroms) after -a connection is closed. - -.SS set directory (S) -If 'set directory = no', then users of the service may not use the setdir -command to change directory. - -The setdir comand is only implemented in the Digital Pathworks client. See the -Pathworks documentation for details. -.B Default: - set directory = no - -.B Example: - set directory = yes - -.SS share modes (S) - -This enables or disables the honouring of the "share modes" during a -file open. These modes are used by clients to gain exclusive read or -write access to a file. - -These open modes are not directly supported by unix, so they are -simulated using lock files in the "lock directory". The "lock -directory" specified in smb.conf must be readable by all users. - -The share modes that are enabled by this option are DENY_DOS, -DENY_ALL, DENY_READ, DENY_WRITE, DENY_NONE and DENY_FCB. - -Enabling this option gives full share compatability but may cost a bit -of processing time on the unix server. They are enabled by default. - -.B Default: - share modes = yes - -.B Example: - share modes = no - -.SS socket options (G) -This option (which can also be invoked with the -O command line -option) allows you to set socket options to be used when talking with -the client. - -Socket options are controls on the networking layer of the operating -systems which allow the connection to be tuned. - -This option will typically be used to tune your Samba server for -optimal performance for your local network. There is no way that Samba -can know what the optimal parameters are for your net, so you must -experiment and choose them yourself. I strongly suggest you read the -appropriate documentation for your operating system first (perhaps -"man setsockopt" will help). - -You may find that on some systems Samba will say "Unknown socket -option" when you supply an option. This means you either mis-typed it -or you need to add an include file to includes.h for your OS. If the -latter is the case please send the patch to me -(samba-bugs@anu.edu.au). - -Any of the supported socket options may be combined in any way you -like, as long as your OS allows it. - -This is the list of socket options currently settable using this -option: - - SO_KEEPALIVE - - SO_REUSEADDR - - SO_BROADCAST - - TCP_NODELAY - - IPTOS_LOWDELAY - - IPTOS_THROUGHPUT - - SO_SNDBUF * - - SO_RCVBUF * - - SO_SNDLOWAT * - - SO_RCVLOWAT * - -Those marked with a * take an integer argument. The others can -optionally take a 1 or 0 argument to enable or disable the option, by -default they will be enabled if you don't specify 1 or 0. - -To specify an argument use the syntax SOME_OPTION=VALUE for example -SO_SNDBUF=8192. Note that you must not have any spaces before or after -the = sign. - -If you are on a local network then a sensible option might be - -socket options = IPTOS_LOWDELAY - -If you have an almost unloaded local network and you don't mind a lot -of extra CPU usage in the server then you could try - -socket options = IPTOS_LOWDELAY TCP_NODELAY - -If you are on a wide area network then perhaps try setting -IPTOS_THROUGHPUT. - -Note that several of the options may cause your Samba server to fail -completely. Use these options with caution! - -.B Default: - no socket options - -.B Example: - socket options = IPTOS_LOWDELAY - - - - -.SS status (G) -This enables or disables logging of connections to a status file that -smbstatus can read. - -With this disabled smbstatus won't be able to tell you what -connections are active. - -.B Default: - status = yes - -.B Example: - status = no - -.SS strip dot (G) -This is a boolean that controls whether to strup trailing dots off -filenames. This helps with some CDROMs that have filenames ending in a -single dot. - -NOTE: This option is now obsolete, and may be removed in future. You -should use the "mangled map" option instead as it is much more -general. - -.SS strict locking (S) -This is a boolean that controls the handling of file locking in the -server. When this is set to yes the server will check every read and -write access for file locks, and deny access if locks exist. This can -be slow on some systems. - -When strict locking is "no" the server does file lock checks only when -the client explicitly asks for them. - -Well behaved clients always ask for lock checks when it is important, -so in the vast majority of cases "strict locking = no" is preferable. - -.B Default: - strict locking = no - -.B Example: - strict locking = yes - -.SS sync always (S) - -This is a boolean parameter that controls whether writes will always -be written to stable storage before the write call returns. If this is -false then the server will be guided by the clients request in each -write call (clients can set a bit indicating that a particular write -should be synchronous). If this is true then every write will be -followed by a fsync() call to ensure the data is written to disk. - -.B Default: - sync always = no - -.B Example: - sync always = yes - -.SS time offset (G) -This parameter is a setting in minutes to add to the normal GMT to -local time conversion. This is useful if you are serving a lot of PCs -that have incorrect daylight saving time handling. - -.B Default: - time offset = 0 - -.B Example: - time offset = 60 - -.SS user (S) -See -.B username. -.SS username (S) -A synonym for this parameter is 'user'. - -Multiple users may be specified in a comma-delimited list, in which case the -supplied password will be tested against each username in turn (left to right). - -The username= line is needed only when the PC is unable to supply it's own -username. This is the case for the coreplus protocol or where your -users have different WfWg usernames to unix usernames. In both these -cases you may also be better using the \\\\server\\share%user syntax -instead. - -The username= line is not a great solution in many cases as it means Samba -will try to validate the supplied password against each of the -usernames in the username= line in turn. This is slow and a bad idea for -lots of users in case of duplicate passwords. You may get timeouts or -security breaches using this parameter unwisely. - -Samba relies on the underlying unix security. This parameter does not -restrict who can login, it just offers hints to the Samba server as to -what usernames might correspond to the supplied password. Users can -login as whoever they please and they will be able to do no more -damage than if they started a telnet session. The daemon runs as the -user that they log in as, so they cannot do anything that user cannot -do. - -To restrict a service to a particular set of users you can use the -"valid users=" line. - -If any of the usernames begin with a @ then the name will be looked up -in the groups file and will expand to a list of all users in the group -of that name. Note that searching though a groups file can take quite -some time, and some clients may time out during the search. - -See the section below on username/password validation for more information -on how this parameter determines access to the services. - -.B Default: - The guest account if a guest service, else the name of the service. - -.B Examples: - username = fred - username = fred, mary, jack, jane, @users, @pcgroup - -.SS username map (G) - -This option allows you to to specify a file containing a mapping of -usernames from the clients to the server. This can be used for several -purposes. The most common is to map usernames that users use on dos or -windows machines to those that the unix box uses. The other is to map -multiple users to a single username so that they can more easily share -files. - -The map file is parsed line by line. Each line should contain a single -unix username on the left then a '=' followed by a list of usernames -on the right. The list of usernames on the right may contain names of -the form @group in which case they will match any unix username in -that group. The special client name '*' is a wildcard and matches any -name. - -The file is processed on each line by taking the supplied username and -comparing it with each username on the right hand side of the '=' -signs. If the supplied name matrches any of the names on the right -hand side then it is replaced with the name on the left. Processing -then continues with the next line. - -If any line begins with a '#' or a ';' then it is ignored - -For example to map from he name "admin" or "administrator" to the unix -name "root" you would use - - root = admin administrator - -Or to map anyone in the unix group "system" to the unix name "sys" you -would use - - sys = @system - -You can have as many mappings as you like in a username map file. - -Note that the remapping is applied to all occurances of -usernames. Thus if you connect to "\\\\server\\fred" and "fred" is -remapped to "mary" then you will actually be connecting to -"\\\\server\\mary" and will need to supply a password suitable for -"mary" not "fred". The only exception to this is the username passwed -to the "password server" (if you have one). The password server will -receive whatever username the client supplies without modification. - -Also note that no reverse mapping is done. The main effect this has is -with printing. Users who have been mapped may have trouble deleting -print jobs as PrintManager under WfWg will think they don't own the -print job. - -.B Default - no username map - -.B Example - username map = /usr/local/samba/lib/users.map - -.SS valid chars (S) - -The option allows you to specify additional characters that should be -considered valid by the server in filenames. This is particularly -useful for national character sets, such as adding u-umlaut or a-ring. - -The option takes a list of characters in either integer or character -form with spaces between them. If you give two characters with a colon -between them then it will be taken as an lowercase:uppercase pair. - -If you have an editor capable of entering the characters into the -config file then it is probably easiest to use this method. Otherwise -you can specify the characters in octal, decimal or hexidecimal form -using the usual C notation. - -For example to add the single character 'Z' to the charset (which is a -pointless thing to do as it's already there) you could do one of the -following - -valid chars = Z -valid chars = z:Z -valid chars = 0132:0172 - -The last two examples above actually add two characters, and alters -the uppercase and lowercase mappings appropriately. - -.B Default - Samba defaults to using a reasonable set of valid characters - for english systems - -.B Example - valid chars = 0345:0305 0366:0326 0344:0304 - -The above example allows filenames to have the swedish characters in -them. - -.SS valid users (S) -This is a list of users that should be allowed to login to this -service. A name starting with @ is interpreted as a unix group. - -If this is empty (the default) then any user can login. If a username -is in both this list and the "invalid users" list then access is -denied for that user. - -The current servicename is substituted for %S. This is useful in the -[homes] section. - -See also "invalid users" - -.B Default - No valid users list. (anyone can login) - -.B Example - valid users = greg, @pcusers - -.SS volume (S) -This allows you to override the volume label returned for a -share. Useful for CDROMs whos installation programs insist on a -particular volume label. - -The default is the name of the share - -.SS wide links (S) -This parameter controls whether or not links in the Unix file system may be -followed by the server. Links that point to areas within the directory tree -exported by the server are always allowed; this parameter controls access -only to areas that are outside the directory tree being exported. - -.B Default: - wide links = yes - -.B Example: - wide links = no - -.SS workgroup (G) - -This controls what workgroup your server will appear to be in when -queried by clients. This can be different to the workgroup specified -in the nmbd configuration, but it is probably best if you set them to -the same value. - -.B Default: - set in the Makefile - -.B Example: - workgroup = MYGROUP - -.SS write ok (S) -See -.B writable -and -.B read only. -.SS writable (S) -A synonym for this parameter is 'write ok'. An inverted synonym is 'read only'. - -If this parameter is 'no', then users of a service may not create or modify -files in the service's directory. - -Note that a printable service ('printable = yes') will ALWAYS allow -writing to the directory (user privileges permitting), but only via -spooling operations. - -.B Default: - writable = no - -.B Examples: - read only = no - writable = yes - write ok = yes -.SS write list (S) -This is a list of users that are given read-write access to a -service. If the connecting user is in this list then they will be -given write access, no matter what the "read only" option is set -to. The list can include group names using the @group syntax. - -Note that if a user is in both the read list and the write list then -they will be given write access. - -See also the "read list" option - -.B Default: - write list = - -.B Example: - write list = admin, root, @staff - -.SS write raw (G) -This parameter controls whether or not the server will support raw writes when -transferring data from clients. - -.B Default: - write raw = yes - -.B Example: - write raw = no -.SH NOTE ABOUT USERNAME/PASSWORD VALIDATION -There are a number of ways in which a user can connect to a -service. The server follows the following steps in determining if it -will allow a connection to a specified service. If all the steps fail -then the connection request is rejected. If one of the steps pass then -the following steps are not checked. - -If the service is marked "guest only = yes" then steps 1 to 5 are skipped - -Step 1: If the client has passed a username/password pair and that -username/password pair is validated by the unix systems password -programs then the connection is made as that username. Note that this -includes the \\\\server\\service%username method of passing a username. - -Step 2: If the client has previously registered a username with the -system and now supplies a correct password for that username then the -connection is allowed. - -Step 3: The clients netbios name and any previously used user names -are checked against the supplied password, if they match then the -connection is allowed as the corresponding user. - -Step 4: If the client has previously validated a username/password -pair with the server and the client has passed the validation token -then that username is used. This step is skipped if "revalidate = yes" -for this service. - -Step 5: If a "user = " field is given in the smb.conf file for the -service and the client has supplied a password, and that password -matches (according to the unix systems password checking) with one of -the usernames from the user= field then the connection is made as the -username in the "user=" line. If one of the username in the user= list -begins with a @ then that name expands to a list of names in the group -of the same name. - -Step 6: If the service is a guest service then a connection is made as -the username given in the "guest account =" for the service, -irrespective of the supplied password. - - -.SH WARNINGS -Although the configuration file permits service names to contain spaces, -your client software may not. Spaces will be ignored in comparisons anyway, -so it shouldn't be a problem - but be aware of the possibility. - -On a similar note, many clients - especially DOS clients - limit service -names to eight characters. Smbd has no such limitation, but attempts -to connect from such clients will fail if they truncate the service names. -For this reason you should probably keep your service names down to eight -characters in length. - -Use of the [homes] and [printers] special sections make life for an -administrator easy, but the various combinations of default attributes can be -tricky. Take extreme care when designing these sections. In particular, -ensure that the permissions on spool directories are correct. -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the server has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. - -Prior to version 1.5.21 of the Samba suite, the configuration file was -radically different (more primitive). If you are using a version earlier than -1.8.05, it is STRONGLY recommended that you upgrade. -.SH OPTIONS -Not applicable. - -.SH FILES -Not applicable. - -.SH ENVIRONMENT VARIABLES -Not applicable. - -.SH SEE ALSO -.B smbd(8), -.B smbclient(1), -.B nmbd(8), -.B testparm(1), -.B testprns(1), -.B lpq(1), -.B hosts_access(5) -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the server are logged in a specified log file. The -log file name is specified at compile time, but may be overridden on the -smbd (see smbd(8)) command line. - -The number and nature of diagnostics available depends on the debug level used -by the server. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the -diagnostics you are seeing. - -.SH BUGS -None known. - -Please send bug reports, comments and so on to: - -.RS 3 -.B samba-bugs@anu.edu.au (Andrew Tridgell) - -.RS 3 -or to the mailing list -.RE - -.B samba@listproc.anu.edu.au - -.RE -You may also like to subscribe to the announcement channel - -.RS 3 -samba-announce@listproc.anu.edu.au +%m %t %r %f parameters are expanded + +\fI%m\fR will be substituted with the +shutdown message sent to the server. + +\fI%t\fR will be substituted with the +number of seconds to wait before effectively starting the +shutdown procedure. + +\fI%r\fR will be substituted with the +switch \fB-r\fR. It means reboot after shutdown +for NT. + +\fI%f\fR will be substituted with the +switch \fB-f\fR. It means force the shutdown +even if applications do not respond for NT. + +Default: \fBNone\fR. + +Example: \fBabort shutdown script = /usr/local/samba/sbin/shutdown %m %t %r %f\fR + +Shutdown script example: +.sp +.nf + #!/bin/bash + + $time=0 + let "time/60" + let "time++" + + /sbin/shutdown $3 $4 +$time $1 & + +.sp +.fi +Shutdown does not return so we need to launch it in background. + +See also \fIabort shutdown script\fR. +.TP +\fBsmb passwd file (G)\fR +This option sets the path to the encrypted +smbpasswd file. By default the path to the smbpasswd file +is compiled into Samba. + +Default: \fBsmb passwd file = ${prefix}/private/smbpasswd +\fR +Example: \fBsmb passwd file = /etc/samba/smbpasswd +\fR.TP +\fBsocket address (G)\fR +This option allows you to control what +address Samba will listen for connections on. This is used to +support multiple virtual interfaces on the one server, each +with a different configuration. + +By default Samba will accept connections on any +address. + +Example: \fBsocket address = 192.168.2.20\fR +.TP +\fBsocket options (G)\fR +This option allows you to set socket options +to be used when talking with the client. + +Socket options are controls on the networking layer +of the operating systems which allow the connection to be +tuned. + +This option will typically be used to tune your Samba +server for optimal performance for your local network. There is +no way that Samba can know what the optimal parameters are for +your net, so you must experiment and choose them yourself. We +strongly suggest you read the appropriate documentation for your +operating system first (perhaps \fBman setsockopt\fR +will help). + +You may find that on some systems Samba will say +"Unknown socket option" when you supply an option. This means you +either incorrectly typed it or you need to add an include file +to includes.h for your OS. If the latter is the case please +send the patch to samba@samba.org . + +Any of the supported socket options may be combined +in any way you like, as long as your OS allows it. + +This is the list of socket options currently settable +using this option: +.RS +.TP 0.2i +\(bu +SO_KEEPALIVE +.TP 0.2i +\(bu +SO_REUSEADDR +.TP 0.2i +\(bu +SO_BROADCAST +.TP 0.2i +\(bu +TCP_NODELAY +.TP 0.2i +\(bu +IPTOS_LOWDELAY +.TP 0.2i +\(bu +IPTOS_THROUGHPUT +.TP 0.2i +\(bu +SO_SNDBUF * +.TP 0.2i +\(bu +SO_RCVBUF * +.TP 0.2i +\(bu +SO_SNDLOWAT * +.TP 0.2i +\(bu +SO_RCVLOWAT * .RE - -To subscribe to these lists send a message to -listproc@listproc.anu.edu.au with a body of "subscribe samba Your -Name" or "subscribe samba-announce Your Name". - -Errors or suggestions for improvements to the Samba man pages should be -mailed to: - -.RS 3 -.B samba-bugs@anu.edu.au (Andrew Tridgell) +.PP +Those marked with a \fB'*'\fR take an integer +argument. The others can optionally take a 1 or 0 argument to enable +or disable the option, by default they will be enabled if you +don't specify 1 or 0. +.PP +.PP +To specify an argument use the syntax SOME_OPTION = VALUE +for example \fBSO_SNDBUF = 8192\fR. Note that you must +not have any spaces before or after the = sign. +.PP +.PP +If you are on a local network then a sensible option +might be +.PP +.PP +\fBsocket options = IPTOS_LOWDELAY\fR +.PP +.PP +If you have a local network then you could try: +.PP +.PP +\fBsocket options = IPTOS_LOWDELAY TCP_NODELAY\fR +.PP +.PP +If you are on a wide area network then perhaps try +setting IPTOS_THROUGHPUT. +.PP +.PP +Note that several of the options may cause your Samba +server to fail completely. Use these options with caution! +.PP +.PP +Default: \fBsocket options = TCP_NODELAY\fR +.PP +.PP +Example: \fBsocket options = IPTOS_LOWDELAY\fR +.PP +.TP +\fBsource environment (G)\fR +This parameter causes Samba to set environment +variables as per the content of the file named. + +If the value of this parameter starts with a "|" character +then Samba will treat that value as a pipe command to open and +will set the environment variables from the output of the pipe. + +The contents of the file or the output of the pipe should +be formatted as the output of the standard Unix \fBenv(1) +\fRcommand. This is of the form : + +Example environment entry: + +\fBSAMBA_NETBIOS_NAME = myhostname\fR + +Default: \fBNo default value\fR + +Examples: \fBsource environment = |/etc/smb.conf.sh +\fR +Example: \fBsource environment = +/usr/local/smb_env_vars\fR +.TP +\fBssl (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This variable enables or disables the entire SSL mode. If +it is set to no, the SSL-enabled Samba behaves +exactly like the non-SSL Samba. If set to yes, +it depends on the variables \fI ssl hosts\fR and \fIssl hosts resign\fR whether an SSL +connection will be required. + +Default: \fBssl = no\fR +.TP +\fBssl CA certDir (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This variable defines where to look up the Certification +Authorities. The given directory should contain one file for +each CA that Samba will trust. The file name must be the hash +value over the "Distinguished Name" of the CA. How this directory +is set up is explained later in this document. All files within the +directory that don't fit into this naming scheme are ignored. You +don't need this variable if you don't verify client certificates. + +Default: \fBssl CA certDir = /usr/local/ssl/certs +\fR.TP +\fBssl CA certFile (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This variable is a second way to define the trusted CAs. +The certificates of the trusted CAs are collected in one big +file and this variable points to the file. You will probably +only use one of the two ways to define your CAs. The first choice is +preferable if you have many CAs or want to be flexible, the second +is preferable if you only have one CA and want to keep things +simple (you won't need to create the hashed file names). You +don't need this variable if you don't verify client certificates. + +Default: \fBssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem +\fR.TP +\fBssl ciphers (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This variable defines the ciphers that should be offered +during SSL negotiation. You should not set this variable unless +you know what you are doing. +.TP +\fBssl client cert (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +The certificate in this file is used by \fBsmbclient(1)\fRif it exists. It's needed +if the server requires a client certificate. + +Default: \fBssl client cert = /usr/local/ssl/certs/smbclient.pem +\fR.TP +\fBssl client key (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This is the private key for \fBsmbclient(1)\fR. It's only needed if the +client should have a certificate. + +Default: \fBssl client key = /usr/local/ssl/private/smbclient.pem +\fR.TP +\fBssl compatibility (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This variable defines whether OpenSSL should be configured +for bug compatibility with other SSL implementations. This is +probably not desirable because currently no clients with SSL +implementations other than OpenSSL exist. + +Default: \fBssl compatibility = no\fR +.TP +\fBssl egd socket (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This option is used to define the location of the communiation socket of +an EGD or PRNGD daemon, from which entropy can be retrieved. This option +can be used instead of or together with the \fIssl entropy file\fR +directive. 255 bytes of entropy will be retrieved from the daemon. + +Default: \fBnone\fR +.TP +\fBssl entropy bytes (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This parameter is used to define the number of bytes which should +be read from the \fIssl entropy +file\fR If a -1 is specified, the entire file will +be read. + +Default: \fBssl entropy bytes = 255\fR +.TP +\fBssl entropy file (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This parameter is used to specify a file from which processes will +read "random bytes" on startup. In order to seed the internal pseudo +random number generator, entropy must be provided. On system with a +\fI/dev/urandom\fR device file, the processes +will retrieve its entropy from the kernel. On systems without kernel +entropy support, a file can be supplied that will be read on startup +and that will be used to seed the PRNG. + +Default: \fBnone\fR +.TP +\fBssl hosts (G)\fR +See \fI ssl hosts resign\fR. +.TP +\fBssl hosts resign (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +These two variables define whether Samba will go +into SSL mode or not. If none of them is defined, Samba will +allow only SSL connections. If the \fIssl hosts\fR variable lists +hosts (by IP-address, IP-address range, net group or name), +only these hosts will be forced into SSL mode. If the \fI ssl hosts resign\fR variable lists hosts, only these +hosts will \fBNOT\fR be forced into SSL mode. The syntax for these two +variables is the same as for the \fI hosts allow\fR and \fIhosts deny\fR pair of variables, only +that the subject of the decision is different: It's not the access +right but whether SSL is used or not. + +The example below requires SSL connections from all hosts +outside the local net (which is 192.168.*.*). + +Default: \fBssl hosts = \fR + +\fBssl hosts resign = \fR + +Example: \fBssl hosts resign = 192.168.\fR +.TP +\fBssl require clientcert (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +If this variable is set to yes, the +server will not tolerate connections from clients that don't +have a valid certificate. The directory/file given in \fIssl CA certDir\fR +and \fIssl CA certFile +\fRwill be used to look up the CAs that issued +the client's certificate. If the certificate can't be verified +positively, the connection will be terminated. If this variable +is set to no, clients don't need certificates. +Contrary to web applications you really \fBshould\fR +require client certificates. In the web environment the client's +data is sensitive (credit card numbers) and the server must prove +to be trustworthy. In a file server environment the server's data +will be sensitive and the clients must prove to be trustworthy. + +Default: \fBssl require clientcert = no\fR +.TP +\fBssl require servercert (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +If this variable is set to yes, the +\fBsmbclient(1)\fR +will request a certificate from the server. Same as +\fIssl require +clientcert\fR for the server. + +Default: \fBssl require servercert = no\fR +.TP +\fBssl server cert (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This is the file containing the server's certificate. +The server \fBmust\fR have a certificate. The +file may also contain the server's private key. See later for +how certificates and private keys are created. + +Default: \fBssl server cert = +\fR.TP +\fBssl server key (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This file contains the private key of the server. If +this variable is not defined, the key is looked up in the +certificate file (it may be appended to the certificate). +The server \fBmust\fR have a private key +and the certificate \fBmust\fR +match this private key. + +Default: \fBssl server key = +\fR.TP +\fBssl version (G)\fR +This variable is part of SSL-enabled Samba. This +is only available if the SSL libraries have been compiled on your +system and the configure option \fB--with-ssl\fR was +given at configure time. + +This enumeration variable defines the versions of the +SSL protocol that will be used. ssl2or3 allows +dynamic negotiation of SSL v2 or v3, ssl2 results +in SSL v2, ssl3 results in SSL v3 and +tls1 results in TLS v1. TLS (Transport Layer +Security) is the new standard for SSL. + +Default: \fBssl version = "ssl2or3"\fR +.TP +\fBstat cache (G)\fR +This parameter determines if smbd(8)will use a cache in order to +speed up case insensitive name mappings. You should never need +to change this parameter. + +Default: \fBstat cache = yes\fR +.TP +\fBstat cache size (G)\fR +This parameter determines the number of +entries in the \fIstat cache\fR. You should +never need to change this parameter. + +Default: \fBstat cache size = 50\fR +.TP +\fBstatus (G)\fR +This enables or disables logging of connections +to a status file that smbstatus(1) +can read. + +With this disabled \fBsmbstatus\fR won't be able +to tell you what connections are active. You should never need to +change this parameter. + +Default: \fBstatus = yes\fR +.TP +\fBstrict allocate (S)\fR +This is a boolean that controls the handling of +disk space allocation in the server. When this is set to yes +the server will change from UNIX behaviour of not committing real +disk storage blocks when a file is extended to the Windows behaviour +of actually forcing the disk system to allocate real storage blocks +when a file is created or extended to be a given size. In UNIX +terminology this means that Samba will stop creating sparse files. +This can be slow on some systems. + +When strict allocate is no the server does sparse +disk block allocation when a file is extended. + +Setting this to yes can help Samba return +out of quota messages on systems that are restricting the disk quota +of users. + +Default: \fBstrict allocate = no\fR +.TP +\fBstrict locking (S)\fR +This is a boolean that controls the handling of +file locking in the server. When this is set to yes +the server will check every read and write access for file locks, and +deny access if locks exist. This can be slow on some systems. + +When strict locking is no the server does file +lock checks only when the client explicitly asks for them. + +Well-behaved clients always ask for lock checks when it +is important, so in the vast majority of cases \fBstrict +locking = no\fR is preferable. + +Default: \fBstrict locking = no\fR +.TP +\fBstrict sync (S)\fR +Many Windows applications (including the Windows +98 explorer shell) seem to confuse flushing buffer contents to +disk with doing a sync to disk. Under UNIX, a sync call forces +the process to be suspended until the kernel has ensured that +all outstanding data in kernel disk buffers has been safely stored +onto stable storage. This is very slow and should only be done +rarely. Setting this parameter to no (the +default) means that smbdignores the Windows applications requests for +a sync call. There is only a possibility of losing data if the +operating system itself that Samba is running on crashes, so there is +little danger in this default setting. In addition, this fixes many +performance problems that people have reported with the new Windows98 +explorer shell file copies. + +See also the \fIsync +always>\fR parameter. + +Default: \fBstrict sync = no\fR +.TP +\fBstrip dot (G)\fR +This is a boolean that controls whether to +strip trailing dots off UNIX filenames. This helps with some +CDROMs that have filenames ending in a single dot. + +Default: \fBstrip dot = no\fR +.TP +\fBsync always (S)\fR +This is a boolean parameter that controls +whether writes will always be written to stable storage before +the write call returns. If this is false then the server will be +guided by the client's request in each write call (clients can +set a bit indicating that a particular write should be synchronous). +If this is true then every write will be followed by a \fBfsync() +\fRcall to ensure the data is written to disk. Note that +the \fIstrict sync\fR parameter must be set to +yes in order for this parameter to have +any affect. + +See also the \fIstrict +sync\fR parameter. + +Default: \fBsync always = no\fR +.TP +\fBsyslog (G)\fR +This parameter maps how Samba debug messages +are logged onto the system syslog logging levels. Samba debug +level zero maps onto syslog LOG_ERR, debug +level one maps onto LOG_WARNING, debug level +two maps onto LOG_NOTICE, debug level three +maps onto LOG_INFO. All higher levels are mapped to LOG_DEBUG. + +This parameter sets the threshold for sending messages +to syslog. Only messages with debug level less than this value +will be sent to syslog. + +Default: \fBsyslog = 1\fR +.TP +\fBsyslog only (G)\fR +If this parameter is set then Samba debug +messages are logged into the system syslog only, and not to +the debug log files. + +Default: \fBsyslog only = no\fR +.TP +\fBtemplate homedir (G)\fR +When filling out the user information for a Windows NT +user, the winbindd(8)daemon +uses this parameter to fill in the home directory for that user. +If the string \fI%D\fR is present it is substituted +with the user's Windows NT domain name. If the string \fI%U +\fRis present it is substituted with the user's Windows +NT user name. + +Default: \fBtemplate homedir = /home/%D/%U\fR +.TP +\fBtemplate shell (G)\fR +When filling out the user information for a Windows NT +user, the winbindd(8)daemon +uses this parameter to fill in the login shell for that user. + +Default: \fBtemplate shell = /bin/false\fR +.TP +\fBtime offset (G)\fR +This parameter is a setting in minutes to add +to the normal GMT to local time conversion. This is useful if +you are serving a lot of PCs that have incorrect daylight +saving time handling. + +Default: \fBtime offset = 0\fR + +Example: \fBtime offset = 60\fR +.TP +\fBtime server (G)\fR +This parameter determines if +nmbd(8)advertises itself as a time server to Windows +clients. + +Default: \fBtime server = no\fR +.TP +\fBtimestamp logs (G)\fR +Synonym for \fI debug timestamp\fR. +.TP +\fBtotal print jobs (G)\fR +This parameter accepts an integer value which defines +a limit on the maximum number of print jobs that will be accepted +system wide at any given time. If a print job is submitted +by a client which will exceed this number, then smbdwill return an +error indicating that no space is available on the server. The +default value of 0 means that no such limit exists. This parameter +can be used to prevent a server from exceeding its capacity and is +designed as a printing throttle. See also +\fImax print jobs\fR. + +Default: \fBtotal print jobs = 0\fR + +Example: \fBtotal print jobs = 5000\fR +.TP +\fBunix extensions(G)\fR +This boolean parameter controls whether Samba +implments the CIFS UNIX extensions, as defined by HP. These +extensions enable CIFS to server UNIX clients to UNIX servers +better, and allow such things as symbolic links, hard links etc. +These extensions require a similarly enabled client, and are of +no current use to Windows clients. + +Default: \fBunix extensions = no\fR +.TP +\fBunix password sync (G)\fR +This boolean parameter controls whether Samba +attempts to synchronize the UNIX password with the SMB password +when the encrypted SMB password in the smbpasswd file is changed. +If this is set to true the program specified in the \fIpasswd +program\fRparameter is called \fBAS ROOT\fR - +to allow the new UNIX password to be set without access to the +old UNIX password (as the SMB password change code has no +access to the old password cleartext, only the new). + +See also \fIpasswd +program\fR, \fI passwd chat\fR. + +Default: \fBunix password sync = no\fR +.TP +\fBupdate encrypted (G)\fR +This boolean parameter allows a user logging +on with a plaintext password to have their encrypted (hashed) +password in the smbpasswd file to be updated automatically as +they log on. This option allows a site to migrate from plaintext +password authentication (users authenticate with plaintext +password over the wire, and are checked against a UNIX account +database) to encrypted password authentication (the SMB +challenge/response authentication mechanism) without forcing +all users to re-enter their passwords via smbpasswd at the time the +change is made. This is a convenience option to allow the change over +to encrypted passwords to be made over a longer period. Once all users +have encrypted representations of their passwords in the smbpasswd +file this parameter should be set to no. + +In order for this parameter to work correctly the \fIencrypt passwords\fR +parameter must be set to no when +this parameter is set to yes. + +Note that even when this parameter is set a user +authenticating to \fBsmbd\fR must still enter a valid +password in order to connect correctly, and to update their hashed +(smbpasswd) passwords. + +Default: \fBupdate encrypted = no\fR +.TP +\fBuse client driver (S)\fR +This parameter applies only to Windows NT/2000 +clients. It has no affect on Windows 95/98/ME clients. When +serving a printer to Windows NT/2000 clients without first installing +a valid printer driver on the Samba host, the client will be required +to install a local printer driver. From this point on, the client +will treat the print as a local printer and not a network printer +connection. This is much the same behavior that will occur +when \fBdisable spoolss = yes\fR. + +The differentiating +factor is that under normal circumstances, the NT/2000 client will +attempt to open the network printer using MS-RPC. The problem is that +because the client considers the printer to be local, it will attempt +to issue the OpenPrinterEx() call requesting access rights associated +with the logged on user. If the user possesses local administator rights +but not root privilegde on the Samba host (often the case), the OpenPrinterEx() +call will fail. The result is that the client will now display an "Access +Denied; Unable to connect" message in the printer queue window (even though +jobs may successfully be printed). + +If this parameter is enabled for a printer, then any attempt +to open the printer with the PRINTER_ACCESS_ADMINISTER right is mapped +to PRINTER_ACCESS_USE instead. Thus allowing the OpenPrinterEx() +call to succeed. \fBThis parameter MUST not be able enabled +on a print share which has valid print driver installed on the Samba +server.\fR + +See also disable spoolss + +Default: \fBuse client driver = no\fR +.TP +\fBuse mmap (G)\fR +This global parameter determines if the tdb internals of Samba can +depend on mmap working correctly on the running system. Samba requires a coherent +mmap/read-write system memory cache. Currently only HPUX does not have such a +coherent cache, and so this parameter is set to false by +default on HPUX. On all other systems this parameter should be left alone. This +parameter is provided to help the Samba developers track down problems with +the tdb internal code. + +Default: \fBuse mmap = yes\fR +.TP +\fBuse rhosts (G)\fR +If this global parameter is true, it specifies +that the UNIX user's \fI.rhosts\fR file in their home directory +will be read to find the names of hosts and users who will be allowed +access without specifying a password. + +\fBNOTE:\fR The use of \fIuse rhosts +\fRcan be a major security hole. This is because you are +trusting the PC to supply the correct username. It is very easy to +get a PC to supply a false username. I recommend that the \fI use rhosts\fR option be only used if you really know what +you are doing. + +Default: \fBuse rhosts = no\fR +.TP +\fBuser (S)\fR +Synonym for \fI username\fR. +.TP +\fBusers (S)\fR +Synonym for \fI username\fR. +.TP +\fBusername (S)\fR +Multiple users may be specified in a comma-delimited +list, in which case the supplied password will be tested against +each username in turn (left to right). + +The \fIusername\fR line is needed only when +the PC is unable to supply its own username. This is the case +for the COREPLUS protocol or where your users have different WfWg +usernames to UNIX usernames. In both these cases you may also be +better using the \\\\server\\share%user syntax instead. + +The \fIusername\fR line is not a great +solution in many cases as it means Samba will try to validate +the supplied password against each of the usernames in the +\fIusername\fR line in turn. This is slow and +a bad idea for lots of users in case of duplicate passwords. +You may get timeouts or security breaches using this parameter +unwisely. + +Samba relies on the underlying UNIX security. This +parameter does not restrict who can login, it just offers hints +to the Samba server as to what usernames might correspond to the +supplied password. Users can login as whoever they please and +they will be able to do no more damage than if they started a +telnet session. The daemon runs as the user that they log in as, +so they cannot do anything that user cannot do. + +To restrict a service to a particular set of users you +can use the \fIvalid users +\fRparameter. + +If any of the usernames begin with a '@' then the name +will be looked up first in the NIS netgroups list (if Samba +is compiled with netgroup support), followed by a lookup in +the UNIX groups database and will expand to a list of all users +in the group of that name. + +If any of the usernames begin with a '+' then the name +will be looked up only in the UNIX groups database and will +expand to a list of all users in the group of that name. + +If any of the usernames begin with a '&'then the name +will be looked up only in the NIS netgroups database (if Samba +is compiled with netgroup support) and will expand to a list +of all users in the netgroup group of that name. + +Note that searching though a groups database can take +quite some time, and some clients may time out during the +search. + +See the section NOTE ABOUT +USERNAME/PASSWORD VALIDATION for more information on how +this parameter determines access to the services. + +Default: \fBThe guest account if a guest service, +else .\fR + +Examples:\fBusername = fred, mary, jack, jane, +@users, @pcgroup\fR +.TP +\fBusername level (G)\fR +This option helps Samba to try and 'guess' at +the real UNIX username, as many DOS clients send an all-uppercase +username. By default Samba tries all lowercase, followed by the +username with the first letter capitalized, and fails if the +username is not found on the UNIX machine. + +If this parameter is set to non-zero the behavior changes. +This parameter is a number that specifies the number of uppercase +combinations to try while trying to determine the UNIX user name. The +higher the number the more combinations will be tried, but the slower +the discovery of usernames will be. Use this parameter when you have +strange usernames on your UNIX machine, such as AstrangeUser +\&. + +Default: \fBusername level = 0\fR + +Example: \fBusername level = 5\fR +.TP +\fBusername map (G)\fR +This option allows you to specify a file containing +a mapping of usernames from the clients to the server. This can be +used for several purposes. The most common is to map usernames +that users use on DOS or Windows machines to those that the UNIX +box uses. The other is to map multiple users to a single username +so that they can more easily share files. + +The map file is parsed line by line. Each line should +contain a single UNIX username on the left then a '=' followed +by a list of usernames on the right. The list of usernames on the +right may contain names of the form @group in which case they +will match any UNIX username in that group. The special client +name '*' is a wildcard and matches any name. Each line of the +map file may be up to 1023 characters long. + +The file is processed on each line by taking the +supplied username and comparing it with each username on the right +hand side of the '=' signs. If the supplied name matches any of +the names on the right hand side then it is replaced with the name +on the left. Processing then continues with the next line. + +If any line begins with a '#' or a ';' then it is +ignored + +If any line begins with an '!' then the processing +will stop after that line if a mapping was done by the line. +Otherwise mapping continues with every line being processed. +Using '!' is most useful when you have a wildcard mapping line +later in the file. + +For example to map from the name admin +or administrator to the UNIX name root you would use: + +\fBroot = admin administrator\fR + +Or to map anyone in the UNIX group system +to the UNIX name sys you would use: + +\fBsys = @system\fR + +You can have as many mappings as you like in a username +map file. + +If your system supports the NIS NETGROUP option then +the netgroup database is checked before the \fI/etc/group +\fRdatabase for matching groups. + +You can map Windows usernames that have spaces in them +by using double quotes around the name. For example: + +\fBtridge = "Andrew Tridgell"\fR + +would map the windows username "Andrew Tridgell" to the +unix username "tridge". + +The following example would map mary and fred to the +unix user sys, and map the rest to guest. Note the use of the +\&'!' to tell Samba to stop processing if it gets a match on +that line. + +.sp +.nf + !sys = mary fred + guest = * + +.sp +.fi + +Note that the remapping is applied to all occurrences +of usernames. Thus if you connect to \\\\server\\fred and fred is remapped to mary then you +will actually be connecting to \\\\server\\mary and will need to +supply a password suitable for mary not +fred. The only exception to this is the +username passed to the \fI password server\fR (if you have one). The password +server will receive whatever username the client supplies without +modification. + +Also note that no reverse mapping is done. The main effect +this has is with printing. Users who have been mapped may have +trouble deleting print jobs as PrintManager under WfWg will think +they don't own the print job. + +Default: \fBno username map\fR + +Example: \fBusername map = /usr/local/samba/lib/users.map +\fR.TP +\fButmp (G)\fR +This boolean parameter is only available if +Samba has been configured and compiled with the option \fB --with-utmp\fR. If set to true then Samba will attempt +to add utmp or utmpx records (depending on the UNIX system) whenever a +connection is made to a Samba server. Sites may use this to record the +user connecting to a Samba share. + +See also the \fI utmp directory\fR parameter. + +Default: \fButmp = no\fR +.TP +\fButmp directory(G)\fR +This parameter is only available if Samba has +been configured and compiled with the option \fB --with-utmp\fR. It specifies a directory pathname that is +used to store the utmp or utmpx files (depending on the UNIX system) that +record user connections to a Samba server. See also the \fIutmp\fR parameter. By default this is +not set, meaning the system will use whatever utmp file the +native system is set to use (usually +\fI/var/run/utmp\fR on Linux). + +Default: \fBno utmp directory\fR +.TP +\fBvalid users (S)\fR +This is a list of users that should be allowed +to login to this service. Names starting with '@', '+' and '&' +are interpreted using the same rules as described in the +\fIinvalid users\fR parameter. + +If this is empty (the default) then any user can login. +If a username is in both this list and the \fIinvalid +users\fR list then access is denied for that user. + +The current servicename is substituted for \fI%S +\fR\&. This is useful in the [homes] section. + +See also \fIinvalid users +\fR +Default: \fBNo valid users list (anyone can login) +\fR +Example: \fBvalid users = greg, @pcusers\fR +.TP +\fBveto files(S)\fR +This is a list of files and directories that +are neither visible nor accessible. Each entry in the list must +be separated by a '/', which allows spaces to be included +in the entry. '*' and '?' can be used to specify multiple files +or directories as in DOS wildcards. + +Each entry must be a unix path, not a DOS path and +must \fBnot\fR include the unix directory +separator '/'. + +Note that the \fIcase sensitive\fR option +is applicable in vetoing files. + +One feature of the veto files parameter that it +is important to be aware of is Samba's behaviour when +trying to delete a directory. If a directory that is +to be deleted contains nothing but veto files this +deletion will \fBfail\fR unless you also set +the \fIdelete veto files\fR parameter to +\fIyes\fR. + +Setting this parameter will affect the performance +of Samba, as it will be forced to check all files and directories +for a match as they are scanned. + +See also \fIhide files +\fRand \fI case sensitive\fR. + +Default: \fBNo files or directories are vetoed. +\fR +Examples: +.sp +.nf +; Veto any files containing the word Security, +; any ending in .tmp, and any directory containing the +; word root. +veto files = /*Security*/*.tmp/*root*/ + +; Veto the Apple specific files that a NetAtalk server +; creates. +veto files = /.AppleDouble/.bin/.AppleDesktop/Network Trash Folder/ +.sp +.fi +.TP +\fBveto oplock files (S)\fR +This parameter is only valid when the \fIoplocks\fR +parameter is turned on for a share. It allows the Samba administrator +to selectively turn off the granting of oplocks on selected files that +match a wildcarded list, similar to the wildcarded list used in the +\fIveto files\fR +parameter. + +Default: \fBNo files are vetoed for oplock +grants\fR + +You might want to do this on files that you know will +be heavily contended for by clients. A good example of this +is in the NetBench SMB benchmark program, which causes heavy +client contention for files ending in \fI.SEM\fR. +To cause Samba not to grant oplocks on these files you would use +the line (either in the [global] section or in the section for +the particular NetBench share : + +Example: \fBveto oplock files = /*.SEM/ +\fR.TP +\fBvfs object (S)\fR +This parameter specifies a shared object file that +is used for Samba VFS I/O operations. By default, normal +disk I/O operations are used but these can be overloaded +with a VFS object. The Samba VFS layer is new to Samba 2.2 and +must be enabled at compile time with --with-vfs. + +Default : \fBno value\fR +.TP +\fBvfs options (S)\fR +This parameter allows parameters to be passed +to the vfs layer at initialization time. The Samba VFS layer +is new to Samba 2.2 and must be enabled at compile time +with --with-vfs. See also \fI vfs object\fR. + +Default : \fBno value\fR +.TP +\fBvolume (S)\fR +This allows you to override the volume label +returned for a share. Useful for CDROMs with installation programs +that insist on a particular volume label. + +Default: \fBthe name of the share\fR +.TP +\fBwide links (S)\fR +This parameter controls whether or not links +in the UNIX file system may be followed by the server. Links +that point to areas within the directory tree exported by the +server are always allowed; this parameter controls access only +to areas that are outside the directory tree being exported. + +Note that setting this parameter can have a negative +effect on your server performance due to the extra system calls +that Samba has to do in order to perform the link checks. + +Default: \fBwide links = yes\fR +.TP +\fBwinbind cache time\fR +This parameter specifies the number of seconds the +winbindd(8)daemon will cache +user and group information before querying a Windows NT server +again. + +Default: \fBwinbind cache type = 15\fR +.TP +\fBwinbind enum users\fR +On large installations using +winbindd(8)it may be +necessary to suppress the enumeration of users through the +\fBsetpwent()\fR, +\fBgetpwent()\fR and +\fBendpwent()\fR group of system calls. If +the \fIwinbind enum users\fR parameter is +false, calls to the \fBgetpwent\fR system call +will not return any data. + +\fBWarning:\fR Turning off user +enumeration may cause some programs to behave oddly. For +example, the finger program relies on having access to the +full user list when searching for matching +usernames. + +Default: \fBwinbind enum users = yes \fR +.TP +\fBwinbind enum groups\fR +On large installations using +winbindd(8)it may be +necessary to suppress the enumeration of groups through the +\fBsetgrent()\fR, +\fBgetgrent()\fR and +\fBendgrent()\fR group of system calls. If +the \fIwinbind enum groups\fR parameter is +false, calls to the \fBgetgrent()\fR system +call will not return any data. + +\fBWarning:\fR Turning off group +enumeration may cause some programs to behave oddly. + +Default: \fBwinbind enum groups = yes \fR +.TP +\fBwinbind gid\fR +The winbind gid parameter specifies the range of group +ids that are allocated by the winbindd(8)daemon. This range of group ids should have no +existing local or NIS groups within it as strange conflicts can +occur otherwise. + +Default: \fBwinbind gid = +\fR +Example: \fBwinbind gid = 10000-20000\fR +.TP +\fBwinbind separator\fR +This parameter allows an admin to define the character +used when listing a username of the form of \fIDOMAIN +\fR\\\fIuser\fR. This parameter +is only applicable when using the \fIpam_winbind.so\fR +and \fInss_winbind.so\fR modules for UNIX services. + +Example: \fBwinbind separator = \\\fR + +Example: \fBwinbind separator = +\fR +.TP +\fBwinbind uid\fR +The winbind gid parameter specifies the range of group +ids that are allocated by the winbindd(8)daemon. This range of ids should have no +existing local or NIS users within it as strange conflicts can +occur otherwise. + +Default: \fBwinbind uid = +\fR +Example: \fBwinbind uid = 10000-20000\fR +.TP +\fBwinbind use default domain\fR +.TP +\fBwinbind use default domain\fR +This parameter specifies whether the winbindd(8) +daemon should operate on users without domain component in their username. +Users without a domain component are treated as is part of the winbindd server's +own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail +function in a way much closer to the way they would in a native unix system. + +Default: \fBwinbind use default domain = +\fR +Example: \fBwinbind use default domain = true\fR +.TP +\fBwins hook (G)\fR +When Samba is running as a WINS server this +allows you to call an external program for all changes to the +WINS database. The primary use for this option is to allow the +dynamic update of external name resolution databases such as +dynamic DNS. + +The wins hook parameter specifies the name of a script +or executable that will be called as follows: + +\fBwins_hook operation name nametype ttl IP_list +\fR.RS +.TP 0.2i +\(bu +The first argument is the operation and is one +of "add", "delete", or "refresh". In most cases the operation can +be ignored as the rest of the parameters provide sufficient +information. Note that "refresh" may sometimes be called when the +name has not previously been added, in that case it should be treated +as an add. +.TP 0.2i +\(bu +The second argument is the NetBIOS name. If the +name is not a legal name then the wins hook is not called. +Legal names contain only letters, digits, hyphens, underscores +and periods. +.TP 0.2i +\(bu +The third argument is the NetBIOS name +type as a 2 digit hexadecimal number. +.TP 0.2i +\(bu +The fourth argument is the TTL (time to live) +for the name in seconds. +.TP 0.2i +\(bu +The fifth and subsequent arguments are the IP +addresses currently registered for that name. If this list is +empty then the name should be deleted. .RE - +.PP +An example script that calls the BIND dynamic DNS update +program \fBnsupdate\fR is provided in the examples +directory of the Samba source code. +.PP +.TP +\fBwins proxy (G)\fR +This is a boolean that controls if nmbd(8)will respond to broadcast name +queries on behalf of other hosts. You may need to set this +to yes for some older clients. + +Default: \fBwins proxy = no\fR +.TP +\fBwins server (G)\fR +This specifies the IP address (or DNS name: IP +address for preference) of the WINS server that nmbd(8)should register with. If you have a WINS server on +your network then you should set this to the WINS server's IP. + +You should point this at your WINS server if you have a +multi-subnetted network. + +\fBNOTE\fR. You need to set up Samba to point +to a WINS server if you have multiple subnets and wish cross-subnet +browsing to work correctly. + +See the documentation file \fIBROWSING.txt\fR +in the docs/ directory of your Samba source distribution. + +Default: \fBnot enabled\fR + +Example: \fBwins server = 192.9.200.1\fR +.TP +\fBwins support (G)\fR +This boolean controls if the +nmbd(8)process in Samba will act as a WINS server. You should +not set this to true unless you have a multi-subnetted network and +you wish a particular \fBnmbd\fR to be your WINS server. +Note that you should \fBNEVER\fR set this to true +on more than one machine in your network. + +Default: \fBwins support = no\fR +.TP +\fBworkgroup (G)\fR +This controls what workgroup your server will +appear to be in when queried by clients. Note that this parameter +also controls the Domain name used with the \fBsecurity = domain\fR +setting. + +Default: \fBset at compile time to WORKGROUP\fR + +Example: \fBworkgroup = MYGROUP\fR +.TP +\fBwritable (S)\fR +Synonym for \fI writeable\fR for people who can't spell :-). +.TP +\fBwrite cache size (S)\fR +If this integer parameter is set to non-zero value, +Samba will create an in-memory cache for each oplocked file +(it does \fBnot\fR do this for +non-oplocked files). All writes that the client does not request +to be flushed directly to disk will be stored in this cache if possible. +The cache is flushed onto disk when a write comes in whose offset +would not fit into the cache or when the file is closed by the client. +Reads for the file are also served from this cache if the data is stored +within it. + +This cache allows Samba to batch client writes into a more +efficient write size for RAID disks (i.e. writes may be tuned to +be the RAID stripe size) and can improve performance on systems +where the disk subsystem is a bottleneck but there is free +memory for userspace programs. + +The integer parameter specifies the size of this cache +(per oplocked file) in bytes. + +Default: \fBwrite cache size = 0\fR + +Example: \fBwrite cache size = 262144\fR + +for a 256k cache size per file. +.TP +\fBwrite list (S)\fR +This is a list of users that are given read-write +access to a service. If the connecting user is in this list then +they will be given write access, no matter what the \fIwriteable\fR +option is set to. The list can include group names using the +@group syntax. + +Note that if a user is in both the read list and the +write list then they will be given write access. + +See also the \fIread list +\fRoption. + +Default: \fBwrite list = +\fR +Example: \fBwrite list = admin, root, @staff +\fR.TP +\fBwrite ok (S)\fR +Synonym for \fI writeable\fR. +.TP +\fBwrite raw (G)\fR +This parameter controls whether or not the server +will support raw write SMB's when transferring data from clients. +You should never need to change this parameter. + +Default: \fBwrite raw = yes\fR +.TP +\fBwriteable (S)\fR +An inverted synonym is \fIread only\fR. + +If this parameter is no, then users +of a service may not create or modify files in the service's +directory. + +Note that a printable service (\fBprintable = yes\fR) +will \fBALWAYS\fR allow writing to the directory +(user privileges permitting), but only via spooling operations. + +Default: \fBwriteable = no\fR +.SH "WARNINGS" +.PP +Although the configuration file permits service names +to contain spaces, your client software may not. Spaces will +be ignored in comparisons anyway, so it shouldn't be a +problem - but be aware of the possibility. +.PP +On a similar note, many clients - especially DOS clients - +limit service names to eight characters. smbd(8) +has no such limitation, but attempts to connect from such +clients will fail if they truncate the service names. For this reason +you should probably keep your service names down to eight characters +in length. +.PP +Use of the [homes] and [printers] special sections make life +for an administrator easy, but the various combinations of default +attributes can be tricky. Take extreme care when designing these +sections. In particular, ensure that the permissions on spool +directories are correct. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +samba(7), +\fBsmbpasswd(8)\fR, +\fBswat(8)\fR, +\fBsmbd(8)\fR, +\fBnmbd(8)\fR, +\fBsmbclient(1)\fR, +\fBnmblookup(1)\fR, +\fBtestparm(1)\fR, +\fBtestprns(1)\fR +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbcacls.1 b/docs/manpages/smbcacls.1 new file mode 100644 index 00000000000..449a2a24b83 --- /dev/null +++ b/docs/manpages/smbcacls.1 @@ -0,0 +1,191 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBCACLS" "1" "28 January 2002" "" "" +.SH NAME +smbcacls \- Set or get ACLs on an NT file or directory names +.SH SYNOPSIS +.sp +\fBsmbcacls\fR \fB//server/share\fR \fBfilename\fR [ \fB-U username\fR ] [ \fB-A acls\fR ] [ \fB-M acls\fR ] [ \fB-D acls\fR ] [ \fB-S acls\fR ] [ \fB-C name\fR ] [ \fB-G name\fR ] [ \fB-n\fR ] [ \fB-h\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +The \fBsmbcacls\fR program manipulates NT Access Control Lists +(ACLs) on SMB file shares. +.SH "OPTIONS" +.PP +The following options are available to the \fBsmbcacls\fR program. +The format of ACLs is described in the section ACL FORMAT +.TP +\fB-A acls\fR +Add the ACLs specified to the ACL list. Existing +access control entries are unchanged. +.TP +\fB-M acls\fR +Modify the mask value (permissions) for the ACLs +specified on the command line. An error will be printed for each +ACL specified that was not already present in the ACL list +.TP +\fB-D acls\fR +Delete any ACLs specified on the command line. +An error will be printed for each ACL specified that was not +already present in the ACL list. +.TP +\fB-S acls\fR +This command sets the ACLs on the file with +only the ones specified on the command line. All other ACLs are +erased. Note that the ACL specified must contain at least a revision, +type, owner and group for the call to succeed. +.TP +\fB-U username\fR +Specifies a username used to connect to the +specified service. The username may be of the form "username" in +which case the user is prompted to enter in a password and the +workgroup specified in the \fIsmb.conf\fR file is +used, or "username%password" or "DOMAIN\\username%password" and the +password and workgroup names are used as provided. +.TP +\fB-C name\fR +The owner of a file or directory can be changed +to the name given using the \fI-C\fR option. +The name can be a sid in the form S-1-x-y-z or a name resolved +against the server specified in the first argument. + +This command is a shortcut for -M OWNER:name. +.TP +\fB-G name\fR +The group owner of a file or directory can +be changed to the name given using the \fI-G\fR +option. The name can be a sid in the form S-1-x-y-z or a name +resolved against the server specified n the first argument. + +This command is a shortcut for -M GROUP:name. +.TP +\fB-n\fR +This option displays all ACL information in numeric +format. The default is to convert SIDs to names and ACE types +and masks to a readable string format. +.TP +\fB-h\fR +Print usage information on the \fBsmbcacls +\fRprogram. +.SH "ACL FORMAT" +.PP +The format of an ACL is one or more ACL entries separated by +either commas or newlines. An ACL entry is one of the following: +.PP +.sp +.nf + +REVISION: +OWNER: +GROUP: +ACL::// + +.sp +.fi +.PP +The revision of the ACL specifies the internal Windows +NT ACL revision for the security descriptor. +If not specified it defaults to 1. Using values other than 1 may +cause strange behaviour. +.PP +The owner and group specify the owner and group sids for the +object. If a SID in the format CWS-1-x-y-z is specified this is used, +otherwise the name specified is resolved using the server on which +the file or directory resides. +.PP +ACLs specify permissions granted to the SID. This SID again +can be specified in CWS-1-x-y-z format or as a name in which case +it is resolved against the server on which the file or directory +resides. The type, flags and mask values determine the type of +access granted to the SID. +.PP +The type can be either 0 or 1 corresponding to ALLOWED or +DENIED access to the SID. The flags values are generally +zero for file ACLs and either 9 or 2 for directory ACLs. Some +common flags are: +.TP 0.2i +\(bu +#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 +.TP 0.2i +\(bu +#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 +.TP 0.2i +\(bu +#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 +.TP 0.2i +\(bu +#define SEC_ACE_FLAG_INHERIT_ONLY 0x8 +.PP +At present flags can only be specified as decimal or +hexadecimal values. +.PP +.PP +The mask is a value which expresses the access right +granted to the SID. It can be given as a decimal or hexadecimal value, +or by using one of the following text strings which map to the NT +file permissions of the same name. +.PP +.TP 0.2i +\(bu +\fBR\fR - Allow read access +.TP 0.2i +\(bu +\fBW\fR - Allow write access +.TP 0.2i +\(bu +\fBX\fR - Execute permission on the object +.TP 0.2i +\(bu +\fBD\fR - Delete the object +.TP 0.2i +\(bu +\fBP\fR - Change permissions +.TP 0.2i +\(bu +\fBO\fR - Take ownership +.PP +The following combined permissions can be specified: +.PP +.TP 0.2i +\(bu +\fBREAD\fR - Equivalent to 'RX' +permissions +.TP 0.2i +\(bu +\fBCHANGE\fR - Equivalent to 'RXWD' permissions +.TP 0.2i +\(bu +\fBFULL\fR - Equivalent to 'RWXDPO' +permissions +.SH "EXIT STATUS" +.PP +The \fBsmbcacls\fR program sets the exit status +depending on the success or otherwise of the operations performed. +The exit status may be one of the following values. +.PP +If the operation succeeded, smbcacls returns and exit +status of 0. If \fBsmbcacls\fR couldn't connect to the specified server, +or there was an error getting or setting the ACLs, an exit status +of 1 is returned. If there was an error parsing any command line +arguments, an exit status of 2 is returned. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +\fBsmbcacls\fR was written by Andrew Tridgell +and Tim Potter. +.PP +The conversion to DocBook for Samba 2.2 was done +by Gerald Carter diff --git a/docs/manpages/smbclient.1 b/docs/manpages/smbclient.1 index 5590e01296e..8b969ce4d1a 100644 --- a/docs/manpages/smbclient.1 +++ b/docs/manpages/smbclient.1 @@ -1,1133 +1,779 @@ -.TH SMBCLIENT 1 17/1/1995 smbclient smbclient +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBCLIENT" "1" "28 January 2002" "" "" .SH NAME -smbclient \- ftp-like Lan Manager client program +smbclient \- ftp-like client to access SMB/CIFS resources on servers .SH SYNOPSIS -.B smbclient -.B servicename -[ -.B password -] [ -.B -A -] [ -.B -E -] [ -.B -L -.I host -] [ -.B -M -.I host -] [ -.B -I -.I IP number -] [ -.B -N -] [ -.B -P -] [ -.B -U -.I username -] [ -.B -d -.I debuglevel -] [ -.B -l -.I log basename -] [ -.B -n -.I netbios name -] [ -.B -O -.I socket options -] [ -.B -p -.I port number -.B -T -.I tar options -.B -D -.I initial directory -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B smbclient -is a client that can 'talk' to a Lan Manager server. It offers -an interface similar to that of the -.B ftp -program (see -.B ftp(1)). Operations include things like getting files from the -server to the local machine, putting files from the local machine to -the server, retrieving directory information from the server and so on. - -.SH OPTIONS -.B servicename -.RS 3 -.B servicename -is the name of the service you want to use on the server. A service -name takes the form -.B "\\\\\\\\server\\\\service" -where -.B server -is the netbios name of the Lan Manager server offering the desired service and -.B service -is the name of the service offered. Thus to connect to the service "printer" -on the Lan Manager server "lanman", you would use the servicename - -.RS 10 -.B "\\\\\\\\lanman\\\\printer" -.RE - -Note that the server name required is NOT necessarily the host name of the -server! The name required is a Lan Manager server name, which may or may not -be the same as the hostname of the machine running the server. -.RE - -.B password -.RS 3 -.B -password -is the password required to access the specified service on the -specified server. If supplied, the -.B -N -option (suppress password prompt) is assumed. - -There is no default password. If no password is supplied on the command line -(either here or using the -.B -U -option (see below)) and -.B -N -is not specified, the client will prompt for a password, even if the desired -service does not require one. (If prompted for a password and none is +.sp +\fBsmbclient\fR \fBservicename\fR [ \fBpassword\fR ] [ \fB-b \fR ] [ \fB-d debuglevel\fR ] [ \fB-D Directory\fR ] [ \fB-U username\fR ] [ \fB-W workgroup\fR ] [ \fB-M \fR ] [ \fB-m maxprotocol\fR ] [ \fB-A authfile\fR ] [ \fB-N\fR ] [ \fB-l logfile\fR ] [ \fB-L \fR ] [ \fB-I destinationIP\fR ] [ \fB-E \fR ] [ \fB-c \fR ] [ \fB-i scope\fR ] [ \fB-O \fR ] [ \fB-p port\fR ] [ \fB-R \fR ] [ \fB-s \fR ] [ \fB-TIXFqgbNan\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBsmbclient\fR is a client that can +\&'talk' to an SMB/CIFS server. It offers an interface +similar to that of the ftp program (see \fBftp(1)\fR). +Operations include things like getting files from the server +to the local machine, putting files from the local machine to +the server, retrieving directory information from the server +and so on. +.SH "OPTIONS" +.TP +\fBservicename\fR +servicename is the name of the service +you want to use on the server. A service name takes the form +\fI//server/service\fR where \fIserver +\fRis the NetBIOS name of the SMB/CIFS server +offering the desired service and \fIservice\fR +is the name of the service offered. Thus to connect to +the service "printer" on the SMB/CIFS server "smbserver", +you would use the servicename \fI//smbserver/printer +\fR +Note that the server name required is NOT necessarily +the IP (DNS) host name of the server ! The name required is +a NetBIOS server name, which may or may not be the +same as the IP hostname of the machine running the server. + +The server name is looked up according to either +the \fI-R\fR parameter to \fBsmbclient\fR or +using the name resolve order parameter in the \fIsmb.conf\fR file, +allowing an administrator to change the order and methods +by which server names are looked up. +.TP +\fBpassword\fR +The password required to access the specified +service on the specified server. If this parameter is +supplied, the \fI-N\fR option (suppress +password prompt) is assumed. + +There is no default password. If no password is supplied +on the command line (either by using this parameter or adding +a password to the \fI-U\fR option (see +below)) and the \fI-N\fR option is not +specified, the client will prompt for a password, even if +the desired service does not require one. (If no password is required, simply press ENTER to provide a null password.) -Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. +Note: Some servers (including OS/2 and Windows for +Workgroups) insist on an uppercase password. Lowercase +or mixed case passwords may be rejected by these servers. Be cautious about including passwords in scripts. -.RE - -.B -A - -.RS 3 -This parameter, if specified, causes the maximum debug level to be selected. -Be warned that this generates prodigious amounts of debug data. There is also -a security issue involved, as at the maximum debug level cleartext passwords -may be written to some log files. -.RE - -.B -L - -.RS 3 -This option allows you to look at what services are available on a -server. You use it as "smbclient -L host" and a list should appear. -The -I option may be useful if your netbios names don't match your -tcp/ip host names or if you are trying to reach a host on another -network. For example: - -smbclient -L ftp -I ftp.microsoft.com - -will list the shares available on microsofts public server. -.RE - -.B -M - -.RS 3 -This options allows you to send messages, using the "WinPopup" -protocol, to another computer. Once a connection is established you -then type your message, pressing ^D (control-D) to end. - -If the receiving computer is running WinPopup the user will receive -the message and probably a beep. If they are not running WinPopup the -message will be lost, and no error message will occur. - -The message is also automatically truncated if the message is over -1600 bytes, as this is the limit of the protocol. - -One useful trick is to cat the message through smbclient. For example: - -cat mymessage.txt | smbclient -M FRED - -will send the message in the file "mymessage.txt" to the machine FRED. - -You may also find the -U and -I options useful, as they allow you to +.TP +\fB-s smb.conf\fR +Specifies the location of the all important +\fIsmb.conf\fR file. +.TP +\fB-O socket options\fR +TCP socket options to set on the client +socket. See the socket options parameter in the \fI smb.conf (5)\fR manpage for the list of valid +options. +.TP +\fB-R \fR +This option is used by the programs in the Samba +suite to determine what naming services and in what order to resolve +host names to IP addresses. The option takes a space-separated +string of different name resolution options. + +The options are :"lmhosts", "host", "wins" and "bcast". They +cause names to be resolved as follows : +.RS +.TP 0.2i +\(bu +lmhosts : Lookup an IP +address in the Samba lmhosts file. If the line in lmhosts has +no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +any name type matches for lookup. +.TP 0.2i +\(bu +host : Do a standard host +name to IP address resolution, using the system \fI/etc/hosts +\fR, NIS, or DNS lookups. This method of name resolution +is operating system dependent, for instance on IRIX or Solaris this +may be controlled by the \fI/etc/nsswitch.conf\fR +file). Note that this method is only used if the NetBIOS name +type being queried is the 0x20 (server) name type, otherwise +it is ignored. +.TP 0.2i +\(bu +wins : Query a name with +the IP address listed in the \fIwins server\fR +parameter. If no WINS server has +been specified this method will be ignored. +.TP 0.2i +\(bu +bcast : Do a broadcast on +each of the known local interfaces listed in the +\fIinterfaces\fR +parameter. This is the least reliable of the name resolution +methods as it depends on the target host being on a locally +connected subnet. +.RE +.PP +If this parameter is not set then the name resolve order +defined in the \fIsmb.conf\fR file parameter +(name resolve order) will be used. +.PP +.PP +The default order is lmhosts, host, wins, bcast and without +this parameter or any entry in the \fIname resolve order +\fRparameter of the \fIsmb.conf\fR file the name resolution +methods will be attempted in this order. +.PP +.TP +\fB-M NetBIOS name\fR +This options allows you to send messages, using +the "WinPopup" protocol, to another computer. Once a connection is +established you then type your message, pressing ^D (control-D) to +end. + +If the receiving computer is running WinPopup the user will +receive the message and probably a beep. If they are not running +WinPopup the message will be lost, and no error message will +occur. + +The message is also automatically truncated if the message +is over 1600 bytes, as this is the limit of the protocol. + +One useful trick is to cat the message through +\fBsmbclient\fR. For example: \fB cat mymessage.txt | smbclient -M FRED \fR will +send the message in the file \fImymessage.txt\fR +to the machine FRED. + +You may also find the \fI-U\fR and +\fI-I\fR options useful, as they allow you to control the FROM and TO parts of the message. -Samba currently has no way of receiving WinPopup messages. - -Note: Copy WinPopup into the startup group on your WfWg PCs if you -want them to always be able to receive messages. -.RE - -.B -E - -.RS 3 -This parameter, if specified, causes the client to write messages to the -standard error stream (stderr) rather than to the standard output stream. - -By default, the client writes messages to standard output - typically the -user's tty. -.RE - -.B -I -.I IP number - -.RS 3 -.I IP number -represents the IP number of the server to connect to. It should -be specified in standard "a.b.c.d" notation. - -Normally the client will attempt to locate the specified Lan Manager server -by looking it up - that is, broadcasting a request for the given server to -identify itself. Using this parameter will force the client to assume that -the server is on the machine with the specified IP number. - -There is no default for this parameter. If not supplied, it will be determined -automatically by the client as described above. -.RE - -.B -N - -.RS 3 -If specified, this parameter suppresses the normal password prompt from the -client to the user. This is useful when accessing a service that does not -require a password. - -Unless a password is specified on the command line or this parameter is -specified, the client will request a password. -.RE - -.B -O -.I socket options -.RS 3 - -See the socket options section of smb.conf(5) for details - -.RE -.B -P - -.RS 3 -If specified, the service requested will be connected to as a printer service -rather than as a normal filespace service. Operations such as put and get -will not be applicable for such a connection. - -By default, services will be connected to as NON-printer services. -.RE - -.B -U -.I username - -.RS 3 -.I username -is the user name that will be used by the client to make a connection, -assuming your server is running a protocol that allows for usernames. - -Some servers are fussy about the case of this name, and some insist -that it must be a valid netbios name. - -If no -.I username -is supplied, it will default to an uppercase version of the -environment variable -.B USER -or -.B LOGNAME -in that order. -If no -.I username -is supplied and neither environment variable exists the user name will -be empty. - -If the service you are connecting to requires a password, it can be supplied -using the -.B -U -option, by appending a percent symbol ("%") then the password to -.I username. -For example, to attach to a service as user "fred" with password "secret", you -would specify -.B -U -.I fred%secret -on the command line. Note that there are no spaces around the percent symbol. - -If you specify the password as part of -.I username -then the -.B -N -option (suppress password prompt) is assumed. - -If you specify the password as a parameter AND as part of -.I username -then the password as part of -.I username -will take precedence. Putting nothing before or nothing after the percent -symbol will cause an empty username or an empty password to be used, -respectively. - -Note: Some servers (including OS/2 and Windows for Workgroups) insist -on an uppercase password. Lowercase or mixed case passwords may be -rejected by these servers. - -Be cautious about including passwords in scripts. -.RE - -.B -d -.I debuglevel -.RS 3 - -debuglevel is an integer from 0 to 5. - -The default value if this parameter is not specified is zero. - -The higher this value, the more detail will be logged to the log files about -the activities of the client. At level 0, only critical errors and serious -warnings will be logged. Level 1 is a reasonable level for day to day running -- it generates a small amount of information about operations carried out. - -Levels above 1 will generate considerable amounts of log data, and should -only be used when investigating a problem. Levels above 3 are designed for -use only by developers and generate HUGE amounts of log data, most of which -is extremely cryptic. -.RE - -.B -l -.I log basename - -.RS 3 -If specified, -.I log basename -specifies a base filename into which operational data from the running client -will be logged. +See the message command parameter in the \fI smb.conf(5)\fR for a description of how to handle incoming +WinPopup messages in Samba. + +\fBNote\fR: Copy WinPopup into the startup group +on your WfWg PCs if you want them to always be able to receive +messages. +.TP +\fB-i scope\fR +This specifies a NetBIOS scope that smbclient will +use to communicate with when generating NetBIOS names. For details +on the use of NetBIOS scopes, see \fIrfc1001.txt\fR +and \fIrfc1002.txt\fR. +NetBIOS scopes are \fBvery\fR rarely used, only set +this parameter if you are the system administrator in charge of all +the NetBIOS systems you communicate with. +.TP +\fB-N\fR +If specified, this parameter suppresses the normal +password prompt from the client to the user. This is useful when +accessing a service that does not require a password. + +Unless a password is specified on the command line or +this parameter is specified, the client will request a +password. +.TP +\fB-n NetBIOS name\fR +By default, the client will use the local +machine's hostname (in uppercase) as its NetBIOS name. This parameter +allows you to override the host name and use whatever NetBIOS +name you wish. +.TP +\fB-d debuglevel\fR +\fIdebuglevel\fR is an integer from 0 to 10, or +the letter 'A'. + +The default value if this parameter is not specified +is zero. + +The higher this value, the more detail will be logged to +the log files about the activities of the +client. At level 0, only critical errors and serious warnings will +be logged. Level 1 is a reasonable level for day to day running - +it generates a small amount of information about operations +carried out. + +Levels above 1 will generate considerable amounts of log +data, and should only be used when investigating a problem. +Levels above 3 are designed for use only by developers and +generate HUGE amounts of log data, most of which is extremely +cryptic. If \fIdebuglevel\fR is set to the letter 'A', then \fBall +\fRdebug messages will be printed. This setting +is for developers only (and people who \fBreally\fR want +to know how the code works internally). + +Note that specifying this parameter here will override +the log level parameter in the \fIsmb.conf (5)\fR +file. +.TP +\fB-p port\fR +This number is the TCP port number that will be used +when making connections to the server. The standard (well-known) +TCP port number for an SMB/CIFS server is 139, which is the +default. +.TP +\fB-l logfilename\fR +If specified, \fIlogfilename\fR specifies a base filename +into which operational data from the running client will be +logged. The default base name is specified at compile time. -The base name is used to generate actual log file names. For example, if the -name specified was "log", the following files would be used for log data: - -.RS 3 -log.client.debug (containing debugging information) - -log.client.in (containing inbound transaction data) - -log.client.out (containing outbound transaction data) -.RE - -The log files generated are never removed by the client. -.RE -.RE - -.B -n -.I netbios name - -.RS 3 -By default, the client will use the local machine's hostname (in -uppercase) as its netbios name. This parameter allows you to override -the host name and use whatever netbios name you wish. -.RE - -.B -p -.I port number -.RS 3 - -port number is a positive integer value. - -The default value if this parameter is not specified is 139. - -This number is the port number that will be used when making connections to -the server. The standard (well-known) port number for the server is 139, -hence the default. - -This parameter is not normally specified. - -.B -T -.I tar options -.RS3 - -where tar options are one or more of c,x,I,X,b,g,N or a; used as: -.LP -smbclient -.B "\\\\\\\\server\\\\share" -\-TcxIXbgNa -[ -.IR blocksize -] -[ -.IR newer-file -] -.IR tarfile -[ -.IR filenames.... -] - -.RS3 -.B c -Create a tar file on UNIX. Must be followed by the name of a tar file, -tape device or "-" for standard output. (May be useful to set debugging -low (-d0)) to avoid corrupting your tar file if using "-"). Mutually -exclusive with the x flag. - -.B x -Extract (restore) a local tar file back to a share. Unless the -D -option is given, the tar files will be restored from the top level of -the share. Must be followed by the name of the tar file, device or "-" -for standard input. Mutually exclusive with the c flag. - -.B I -Include files and directories. Is the default behaviour when -.IR filenames -are specified above. Causes tar files to be included in an extract or create -(and therefore everything else to be excluded). See example below. -Filename globbing does not work for included files for extractions (yet). - -.B X -Exclude files and directories. Causes tar files to be excluded from -an extract or create. See example below. -Filename globbing does not work for excluded files (yet). - -.B b -Blocksize. Must be followed by a valid (greater than zero) blocksize. -Causes tar file to be written out in blocksize*TBLOCK (usually 512 byte) -blocks. - -.B g -Incremental. Only back up files that have the archive bit set. Useful -only with the c flag. - -.B N -Newer than. Must be followed by the name of a file whose date is -compared against files found on the share during a create. Only files -newer than the file specified are backed up to the tar file. Useful -only with the c flag. - -.B a -Set archive bit. Causes the archive bit to be reset when a file is backed -up. Useful with the g (and c) flags. -.LP - -.B Examples - -smbclient \\\\mypc\\myshare "" -N -Tx backup.tar - -Restore from tar file backup.tar into myshare on mypc (no password on share). - -smbclient \\\\mypc\\myshare "" -N -TXx backup.tar users/docs - -Restore everything except users/docs - -smbclient \\\\mypc\\myshare "" -N -Tc backup.tar users/docs - -Create a tar file of the files beneath users/docs. - -.RE - -.B -D -.I initial directory - -.RS3 - -Change to initial directory before starting. Probably only of any use -with the tar (\-T) option. - - -.RE - -.SH OPERATIONS -Once the client is running, the user is presented with a prompt, "smb: \\>". -The backslash ("\\") indicates the current working directory on the server, -and will change if the current working directory is changed. - -The prompt indicates that the client is ready and waiting to carry out a user -command. Each command is a single word, optionally followed by parameters -specific to that command. Command and parameters are space-delimited unless -these notes specifically state otherwise. All commands are case-insensitive. -Parameters to commands may or may not be case sensitive, depending on the -command. - -You can specify file names which have spaces in them by quoting the -name with double quotes, for example "a long file name". - -Parameters shown in square brackets (eg., "[parameter]") are optional. If not -given, the command will use suitable defaults. Parameters shown in angle -brackets (eg., "") are required. - -Note that all commands operating on the server are actually performed by -issuing a request to the server. Thus the behaviour may vary from server to -server, depending on how the server was implemented. - -The commands available are given here in alphabetical order. - -.B ? -.RS 3 -.B Parameters: -.RS 3 -.I [command] - -.RE -.B Description: -.RS 3 -If -.I command -is specified, the -.B ? -command will display a brief informative message about the specified command. - -If no command is specified, a list of available commands will be displayed. -.RE -.RE - -.B ! -.RS 3 -.B Parameters: -.RS 3 -.I [shell command] - -.RE -.B Description: -.RS 3 -If -.I shell command -is specified, the -.B ! -command will execute a shell locally and run the specified shell command. If -no command is specified, a shell will be run. -.RE -.RE - -.B cd -.RS 3 -.B Parameters: -.RS 3 -.I [directory name] - -.RE -.B Description: -.RS 3 -If -.I directory name -is specified, the current working directory -.B on the server -will be changed to the directory specified. This operation will fail if for -any reason the specified directory is inaccessible. - -If no directory name is specified, the current working directory -.B on the server -will be reported. -.RE -.RE - -.B del -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -The client will request that the server attempt to delete all files matching -.I mask -from the current working directory -.B on the server. -.RE -.RE - -.B dir -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -A list of the files matching -.I mask -in the current working directory -.B on the server -will be retrieved from the server and displayed. -.RE -.RE - -.B exit -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Terminate the connection with the server and exit from the program. -.RE -.RE - -.B get -.RS 3 -.B Parameters: -.RS 3 -.I [local file name] - -.RE -.B Description: -.RS 3 -Copy the file called -.I remote file name -from the server to the machine running the client. If specified, name the -local copy -.I local file name. -Note that all transfers in smbclient are binary. See also the -.B lowercase -command. -.RE -.RE - -.B help -.RS 3 -.B Parameters: -.RS 3 -.I [command] - -.RE -.B Description: -.RS 3 -See the -.B ? -command above. -.RE -.RE - -.B lcd -.RS 3 -.B Parameters: -.RS 3 -.I [directory name] - -.RE -.B Description: -.RS 3 -If -.I directory name -is specified, the current working directory -.B on the local machine -will be changed to the directory specified. This operation will fail if for -any reason the specified directory is inaccessible. - -If no directory name is specified, the name of the current working directory -.B on the local machine -will be reported. -.RE -.RE - -.B lowercase -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Toggle lowercasing of filenames for the -.B get -and -.B mget -commands. - -When lowercasing is toggled ON, local filenames are converted to lowercase -when using the -.B get -and -.B mget -commands. This is often useful when copying (say) MSDOS files from a server, -because lowercase filenames are the norm on Unix systems. -.RE -.RE - -.B ls -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -See the -.B dir -command above. -.RE -.RE - -.B mask -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -This command allows the user to set up a mask which will be used during -recursive operation of the -.B mget -and -.B mput -commands. - -The masks specified to the -.B mget -and -.B mput -commands act as filters for directories -rather than files when recursion is toggled ON. - -The mask specified with the -.B mask -command is necessary to filter files within those directories. For example, -if the mask specified in an -.B mget -command is "source*" -.I and -the mask specified with the -.B mask -command is "*.c" -.I and -recursion is toggled ON, the -.B mget -command will retrieve all files matching "*.c" in all directories below -and including all directories matching "source*" in the current working -directory. - -Note that the value for -.I mask -defaults to blank (equivalent to "*") and remains so until the -.B mask -command is used to change it. It retains the most recently specified value -indefinitely. To avoid unexpected results it would be wise to change the -value of -.I mask -back to "*" after using the -.B mget -or -.B mput -commands. -.RE -.RE - -.B md -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -See the -.B mkdir -command. -.RE -.RE - -.B mget -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Copy all files matching -.I mask -from the server to the machine running the client. - -Note that -.I mask -is interpreted differently during recursive operation and non-recursive -operation - refer to the -.B recurse -and -.B mask -commands for more information. Note that all transfers in smbclient are -binary. See also the -.B lowercase -command. -.RE -.RE - -.B mkdir -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Create a new directory -.B on the server -(user access privileges permitting) with the specified name. -.RE -.RE - -.B mput -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Copy all files matching -.I mask -in the current working directory -.B on the local machine -to the current working directory on the server. - -Note that -.I mask -is interpreted differently during recursive operation and non-recursive -operation - refer to the -.B recurse -and -.B mask -commands for more information. Note that all transfers in smbclient are -binary. -.RE -.RE - -.B print -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Print the specified file -.B from the local machine -through a printable service on the server. - -See also the -.B printmode -command. -.RE -.RE - -.B printmode -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Set the print mode to suit either binary data (such as graphical information) -or text. Subsequent -.B print -commands will use the currently set print mode. -.RE -.RE - -.B prompt -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Toggle prompting for filenames during operation of the -.B mget -and -.B mput -commands. - -When toggled ON, the user will be prompted to confirm the transfer of each -file during these commands. When toggled OFF, all specified files will be -transferred without prompting. -.RE -.RE - -.B put -.RS 3 -.B Parameters: -.RS 3 -.I [remote file name] - -.RE -.B Description: -.RS 3 -Copy the file called -.I local file name -from the machine running the client to the server. If specified, name the -remote copy -.I remote file name. -Note that all transfers in smbclient are binary. See also the -.B lowercase -command. -.RE -.RE - -.B queue -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Displays the print queue, showing the job id, name, size and current status. -.RE -.RE - -.B quit -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -See the -.B exit -command. -.RE -.RE - -.B rd -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -See the -.B rmdir -command. -.RE -.RE - -.B recurse -.RS 3 -.B Parameters: -.RS 3 -None. - -.RE -.B Description: -.RS 3 -Toggle directory recursion for the commands -.B mget -and -.B mput -. - -When toggled ON, these commands will process all directories in the source -directory (ie., the directory they are copying -.I from -) and will recurse into any that match the mask specified to the command. Only -files that match the mask specified using the -.B mask -command will be retrieved. See also the -.mask -command. - -When recursion is toggled OFF, only files from the current working -directory on the source machine that match the mask specified to the -.B mget -or -.B mput -commands will be copied, and any mask specified using the -.B mask -command will be ignored. -.RE -.RE - -.B rm -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Remove all files matching -.I mask -from the current working directory -.B on the server. -.RE -.RE - -.B rmdir -.RS 3 -.B Parameters: -.RS 3 -.I - -.RE -.B Description: -.RS 3 -Remove the specified directory (user access privileges permitting) -.B from the server. -.RE -.RE - -.B tar -.RS 3 -.B Parameters: -.RS 3 -.I [IXbgNa] - -.RE -.B Description: -.RS 3 -Performs a tar operation - see -T command line option above. Behaviour -may be affected by the -.B tarmode -command (see below). Using the g (incremental) and N (newer) will affect -tarmode settings. Note that using the "-" option with tar x may not -work - use the command line option instead. -.RE -.RE - -.B blocksize -.RS 3 -.B Parameters -.RS 3 -.I - -.RE -.B Description -.RS 3 -Blocksize. Must be followed by a valid (greater than zero) blocksize. -Causes tar file to be written out in blocksize*TBLOCK (usually 512 byte) -blocks. -.RE -.RE - -.B tarmode -.RS 3 -.B Parameters -.RS 3 -.I - -.RE -.B Description -.RS 3 -Changes tar's behaviour with regard to archive bits. In full mode, -tar will back up everything regardless of the archive bit setting (this -is the default mode). In incremental mode, tar will only back up files -with the archive bit set. In reset mode, tar will reset the archive bit -on all files it backs up (implies read/write share). -.RE -.RE - -.B setmode -.RS 3 -.B Parameters -.RS 3 -.I - -.RE -.B Description -.RS 3 -A version of the DOS attrib command to set file permissions. For example, - -setmode myfile +r - -would make myfile read only. -.RE -.RE - -.SH NOTES -Some servers are fussy about the case of supplied usernames, passwords, share -names (aka service names) and machine names. If you fail to connect try -giving all parameters in uppercase. - -It is often necessary to use the -.B -n -option when connecting to some types -of servers. For example OS/2 LanManager insists on a valid netbios name -being used, so you need to supply a valid name that would be known to -the server. - -.B smbclient -supports long file names where the server supports the LANMAN2 -protocol. - -.SH FILES -Not applicable. - -.SH ENVIRONMENT VARIABLES -.B USER -.RS 3 -The variable USER may contain the username of the person using the client. -This information is used only if the protocol level is high enough to support +The base name is used to generate actual log file names. +For example, if the name specified was "log", the debug file +would be \fIlog.client\fR. + +The log file generated is never removed by the client. +.TP +\fB-h\fR +Print the usage message for the client. +.TP +\fB-I IP-address\fR +\fIIP address\fR is the address of the server to connect to. +It should be specified in standard "a.b.c.d" notation. + +Normally the client would attempt to locate a named +SMB/CIFS server by looking it up via the NetBIOS name resolution +mechanism described above in the \fIname resolve order\fR +parameter above. Using this parameter will force the client +to assume that the server is on the machine with the specified IP +address and the NetBIOS name component of the resource being +connected to will be ignored. + +There is no default for this parameter. If not supplied, +it will be determined automatically by the client as described +above. +.TP +\fB-E\fR +This parameter causes the client to write messages +to the standard error stream (stderr) rather than to the standard +output stream. + +By default, the client writes messages to standard output +- typically the user's tty. +.TP +\fB-U username[%pass]\fR +Sets the SMB username or username and password. +If %pass is not specified, The user will be prompted. The client +will first check the \fBUSER\fR environment variable, then the +\fBLOGNAME\fR variable and if either exists, the +string is uppercased. Anything in these variables following a '%' +sign will be treated as the password. If these environment +variables are not found, the username GUEST +is used. + +If the password is not included in these environment +variables (using the %pass syntax), \fBsmbclient\fR will look for +a \fBPASSWD\fR environment variable from which +to read the password. + +A third option is to use a credentials file which +contains the plaintext of the domain name, username and password. This +option is mainly provided for scripts where the admin doesn't +wish to pass the credentials on the command line or via environment +variables. If this method is used, make certain that the permissions +on the file restrict access from unwanted users. See the +\fI-A\fR for more details. + +Be cautious about including passwords in scripts or in +the \fBPASSWD\fR environment variable. Also, on +many systems the command line of a running process may be seen +via the \fBps\fR command to be safe always allow +\fBsmbclient\fR to prompt for a password and type +it in directly. +.TP +\fB-A filename\fR +This option allows +you to specify a file from which to read the username, domain name, and +password used in the connection. The format of the file is + +.sp +.nf +username = +password = +domain = + +.sp +.fi + +If the domain parameter is missing the current workgroup name +is used instead. Make certain that the permissions on the file restrict +access from unwanted users. +.TP +\fB-L\fR +This option allows you to look at what services +are available on a server. You use it as \fBsmbclient -L +host\fR and a list should appear. The \fI-I +\fRoption may be useful if your NetBIOS names don't +match your TCP/IP DNS host names or if you are trying to reach a +host on another network. +.TP +\fB-t terminal code\fR +This option tells \fBsmbclient\fR how to interpret +filenames coming from the remote server. Usually Asian language +multibyte UNIX implementations use different character sets than +SMB/CIFS servers (\fBEUC\fR instead of \fB SJIS\fR for example). Setting this parameter will let +\fBsmbclient\fR convert between the UNIX filenames and +the SMB filenames correctly. This option has not been seriously tested +and may have some problems. + +The terminal codes include CWsjis, CWeuc, CWjis7, CWjis8, +CWjunet, CWhex, CWcap. This is not a complete list, check the Samba +source code for the complete list. +.TP +\fB-b buffersize\fR +This option changes the transmit/send buffer +size when getting or putting a file from/to the server. The default +is 65520 bytes. Setting this value smaller (to 1200 bytes) has been +observed to speed up file transfers to and from a Win9x server. +.TP +\fB-W WORKGROUP\fR +Override the default workgroup specified in the +workgroup parameter of the \fIsmb.conf\fR file +for this connection. This may be needed to connect to some +servers. +.TP +\fB-T tar options\fR +smbclient may be used to create \fBtar(1) +\fRcompatible backups of all the files on an SMB/CIFS +share. The secondary tar flags that can be given to this option +are : +.RS +.TP 0.2i +\(bu +\fIc\fR - Create a tar file on UNIX. +Must be followed by the name of a tar file, tape device +or "-" for standard output. If using standard output you must +turn the log level to its lowest value -d0 to avoid corrupting +your tar file. This flag is mutually exclusive with the +\fIx\fR flag. +.TP 0.2i +\(bu +\fIx\fR - Extract (restore) a local +tar file back to a share. Unless the -D option is given, the tar +files will be restored from the top level of the share. Must be +followed by the name of the tar file, device or "-" for standard +input. Mutually exclusive with the \fIc\fR flag. +Restored files have their creation times (mtime) set to the +date saved in the tar file. Directories currently do not get +their creation dates restored properly. +.TP 0.2i +\(bu +\fII\fR - Include files and directories. +Is the default behavior when filenames are specified above. Causes +tar files to be included in an extract or create (and therefore +everything else to be excluded). See example below. Filename globbing +works in one of two ways. See r below. +.TP 0.2i +\(bu +\fIX\fR - Exclude files and directories. +Causes tar files to be excluded from an extract or create. See +example below. Filename globbing works in one of two ways now. +See \fIr\fR below. +.TP 0.2i +\(bu +\fIb\fR - Blocksize. Must be followed +by a valid (greater than zero) blocksize. Causes tar file to be +written out in blocksize*TBLOCK (usually 512 byte) blocks. +.TP 0.2i +\(bu +\fIg\fR - Incremental. Only back up +files that have the archive bit set. Useful only with the +\fIc\fR flag. +.TP 0.2i +\(bu +\fIq\fR - Quiet. Keeps tar from printing +diagnostics as it works. This is the same as tarmode quiet. +.TP 0.2i +\(bu +\fIr\fR - Regular expression include +or exclude. Uses regular expression matching for +excluding or excluding files if compiled with HAVE_REGEX_H. +However this mode can be very slow. If not compiled with +HAVE_REGEX_H, does a limited wildcard match on '*' and '?'. +.TP 0.2i +\(bu +\fIN\fR - Newer than. Must be followed +by the name of a file whose date is compared against files found +on the share during a create. Only files newer than the file +specified are backed up to the tar file. Useful only with the +\fIc\fR flag. +.TP 0.2i +\(bu +\fIa\fR - Set archive bit. Causes the +archive bit to be reset when a file is backed up. Useful with the +\fIg\fR and \fIc\fR flags. +.RE +.PP +\fBTar Long File Names\fR +.PP +.PP +\fBsmbclient\fR's tar option now supports long +file names both on backup and restore. However, the full path +name of the file must be less than 1024 bytes. Also, when +a tar archive is created, \fBsmbclient\fR's tar option places all +files in the archive with relative names, not absolute names. +.PP +.PP +\fBTar Filenames\fR +.PP +.PP +All file names can be given as DOS path names (with '\\' +as the component separator) or as UNIX path names (with '/' as +the component separator). +.PP +.PP +\fBExamples\fR +.PP +.PP +Restore from tar file \fIbackup.tar\fR into myshare on mypc +(no password on share). +.PP +.PP +\fBsmbclient //mypc/yshare "" -N -Tx backup.tar +\fR.PP +.PP +Restore everything except \fIusers/docs\fR +.PP +.PP +\fBsmbclient //mypc/myshare "" -N -TXx backup.tar +users/docs\fR +.PP +.PP +Create a tar file of the files beneath \fI users/docs\fR. +.PP +.PP +\fBsmbclient //mypc/myshare "" -N -Tc +backup.tar users/docs \fR +.PP +.PP +Create the same tar file as above, but now use +a DOS path name. +.PP +.PP +\fBsmbclient //mypc/myshare "" -N -tc backup.tar +users\\edocs \fR +.PP +.PP +Create a tar file of all the files and directories in +the share. +.PP +.PP +\fBsmbclient //mypc/myshare "" -N -Tc backup.tar * +\fR.PP +.TP +\fB-D initial directory\fR +Change to initial directory before starting. Probably +only of any use with the tar -T option. +.TP +\fB-c command string\fR +command string is a semicolon-separated list of +commands to be executed instead of prompting from stdin. \fI -N\fR is implied by \fI-c\fR. + +This is particularly useful in scripts and for printing stdin +to the server, e.g. \fB-c 'print -'\fR. +.SH "OPERATIONS" +.PP +Once the client is running, the user is presented with +a prompt : +.PP +smb:\\> +.PP +The backslash ("\\") indicates the current working directory +on the server, and will change if the current working directory +is changed. +.PP +The prompt indicates that the client is ready and waiting to +carry out a user command. Each command is a single word, optionally +followed by parameters specific to that command. Command and parameters +are space-delimited unless these notes specifically +state otherwise. All commands are case-insensitive. Parameters to +commands may or may not be case sensitive, depending on the command. +.PP +You can specify file names which have spaces in them by quoting +the name with double quotes, for example "a long file name". +.PP +Parameters shown in square brackets (e.g., "[parameter]") are +optional. If not given, the command will use suitable defaults. Parameters +shown in angle brackets (e.g., "") are required. +.PP +Note that all commands operating on the server are actually +performed by issuing a request to the server. Thus the behavior may +vary from server to server, depending on how the server was implemented. +.PP +The commands available are given here in alphabetical order. +.TP +\fB? [command]\fR +If \fIcommand\fR is specified, the ? command will display +a brief informative message about the specified command. If no +command is specified, a list of available commands will +be displayed. +.TP +\fB! [shell command]\fR +If \fIshell command\fR is specified, the ! +command will execute a shell locally and run the specified shell +command. If no command is specified, a local shell will be run. +.TP +\fBcd [directory name]\fR +If "directory name" is specified, the current +working directory on the server will be changed to the directory +specified. This operation will fail if for any reason the specified +directory is inaccessible. + +If no directory name is specified, the current working +directory on the server will be reported. +.TP +\fBdel \fR +The client will request that the server attempt +to delete all files matching \fImask\fR from the current working +directory on the server. +.TP +\fBdir \fR +A list of the files matching \fImask\fR in the current +working directory on the server will be retrieved from the server +and displayed. +.TP +\fBexit\fR +Terminate the connection with the server and exit +from the program. +.TP +\fBget [local file name]\fR +Copy the file called \fIremote file name\fR from +the server to the machine running the client. If specified, name +the local copy \fIlocal file name\fR. Note that all transfers in +\fBsmbclient\fR are binary. See also the +lowercase command. +.TP +\fBhelp [command]\fR +See the ? command above. +.TP +\fBlcd [directory name]\fR +If \fIdirectory name\fR is specified, the current +working directory on the local machine will be changed to +the directory specified. This operation will fail if for any +reason the specified directory is inaccessible. + +If no directory name is specified, the name of the +current working directory on the local machine will be reported. +.TP +\fBlowercase\fR +Toggle lowercasing of filenames for the get and +mget commands. + +When lowercasing is toggled ON, local filenames are converted +to lowercase when using the get and mget commands. This is +often useful when copying (say) MSDOS files from a server, because +lowercase filenames are the norm on UNIX systems. +.TP +\fBls \fR +See the dir command above. +.TP +\fBmask \fR +This command allows the user to set up a mask +which will be used during recursive operation of the mget and +mput commands. + +The masks specified to the mget and mput commands act as +filters for directories rather than files when recursion is +toggled ON. + +The mask specified with the mask command is necessary +to filter files within those directories. For example, if the +mask specified in an mget command is "source*" and the mask +specified with the mask command is "*.c" and recursion is +toggled ON, the mget command will retrieve all files matching +"*.c" in all directories below and including all directories +matching "source*" in the current working directory. + +Note that the value for mask defaults to blank (equivalent +to "*") and remains so until the mask command is used to change it. +It retains the most recently specified value indefinitely. To +avoid unexpected results it would be wise to change the value of +mask back to "*" after using the mget or mput commands. +.TP +\fBmd \fR +See the mkdir command. +.TP +\fBmget \fR +Copy all files matching \fImask\fR from the server to +the machine running the client. + +Note that \fImask\fR is interpreted differently during recursive +operation and non-recursive operation - refer to the recurse and +mask commands for more information. Note that all transfers in +\fBsmbclient\fR are binary. See also the lowercase command. +.TP +\fBmkdir \fR +Create a new directory on the server (user access +privileges permitting) with the specified name. +.TP +\fBmput \fR +Copy all files matching \fImask\fR in the current working +directory on the local machine to the current working directory on +the server. + +Note that \fImask\fR is interpreted differently during recursive +operation and non-recursive operation - refer to the recurse and mask +commands for more information. Note that all transfers in \fBsmbclient\fR +are binary. +.TP +\fBprint \fR +Print the specified file from the local machine +through a printable service on the server. + +See also the printmode command. +.TP +\fBprintmode \fR +Set the print mode to suit either binary data +(such as graphical information) or text. Subsequent print +commands will use the currently set print mode. +.TP +\fBprompt\fR +Toggle prompting for filenames during operation +of the mget and mput commands. + +When toggled ON, the user will be prompted to confirm +the transfer of each file during these commands. When toggled +OFF, all specified files will be transferred without prompting. +.TP +\fBput [remote file name]\fR +Copy the file called \fIlocal file name\fR from the +machine running the client to the server. If specified, +name the remote copy \fIremote file name\fR. Note that all transfers +in \fBsmbclient\fR are binary. See also the lowercase command. +.TP +\fBqueue\fR +Displays the print queue, showing the job id, +name, size and current status. +.TP +\fBquit\fR +See the exit command. +.TP +\fBrd \fR +See the rmdir command. +.TP +\fBrecurse\fR +Toggle directory recursion for the commands mget +and mput. + +When toggled ON, these commands will process all directories +in the source directory (i.e., the directory they are copying +from ) and will recurse into any that match the mask specified +to the command. Only files that match the mask specified using +the mask command will be retrieved. See also the mask command. + +When recursion is toggled OFF, only files from the current +working directory on the source machine that match the mask specified +to the mget or mput commands will be copied, and any mask specified +using the mask command will be ignored. +.TP +\fBrm \fR +Remove all files matching \fImask\fR from the current +working directory on the server. +.TP +\fBrmdir \fR +Remove the specified directory (user access +privileges permitting) from the server. +.TP +\fBtar [IXbgNa]\fR +Performs a tar operation - see the \fI-T +\fRcommand line option above. Behavior may be affected +by the tarmode command (see below). Using g (incremental) and N +(newer) will affect tarmode settings. Note that using the "-" option +with tar x may not work - use the command line option instead. +.TP +\fBblocksize \fR +Blocksize. Must be followed by a valid (greater +than zero) blocksize. Causes tar file to be written out in +\fIblocksize\fR*TBLOCK (usually 512 byte) blocks. +.TP +\fBtarmode \fR +Changes tar's behavior with regard to archive +bits. In full mode, tar will back up everything regardless of the +archive bit setting (this is the default mode). In incremental mode, +tar will only back up files with the archive bit set. In reset mode, +tar will reset the archive bit on all files it backs up (implies +read/write share). +.TP +\fBsetmode \fR +A version of the DOS attrib command to set +file permissions. For example: + +\fBsetmode myfile +r \fR + +would make myfile read only. +.SH "NOTES" +.PP +Some servers are fussy about the case of supplied usernames, +passwords, share names (AKA service names) and machine names. +If you fail to connect try giving all parameters in uppercase. +.PP +It is often necessary to use the -n option when connecting +to some types of servers. For example OS/2 LanManager insists +on a valid NetBIOS name being used, so you need to supply a valid +name that would be known to the server. +.PP +smbclient supports long file names where the server +supports the LANMAN2 protocol or above. +.SH "ENVIRONMENT VARIABLES" +.PP +The variable \fBUSER\fR may contain the +username of the person using the client. This information is +used only if the protocol level is high enough to support session-level passwords. -.RE - -.SH INSTALLATION -The location of the client program is a matter for individual system -administrators. The following are thus suggestions only. - -It is recommended that the client software be installed under the /usr/local -hierarchy, in a directory readable by all, writeable only by root. The client -program itself should be executable by all. The client should NOT be setuid -or setgid! - -The client log files should be put in a directory readable and writable only -by the user. - -To test the client, you will need to know the name of a running Lan manager -server. It is possible to run the smbd (see -.B smbd(8)) as an ordinary user - running that server as a daemon on a -user-accessible port (typically any port number over 1024) would -provide a suitable test server. -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the client software, so it is possible that your version of -the client has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B smbd(8) - -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the client are logged in a specified log file. The -log file name is specified at compile time, but may be overridden on the -command line. - -The number and nature of diagnostics available depends on the debug level used -by the client. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the -diagnostics you are seeing. - -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -This man page written by Karl Auer (Karl.Auer@anu.edu.au) - -See -.B smb.conf(5) for a full list of contributors and details on how to -submit bug reports, comments etc. +.PP +The variable \fBPASSWD\fR may contain +the password of the person using the client. This information is +used only if the protocol level is high enough to support +session-level passwords. +.PP +The variable \fBLIBSMB_PROG\fR may contain +the path, executed with system(), which the client should connect +to instead of connecting to a server. This functionality is primarily +intended as a development aid, and works best when using a LMHOSTS +file +.SH "INSTALLATION" +.PP +The location of the client program is a matter for +individual system administrators. The following are thus +suggestions only. +.PP +It is recommended that the smbclient software be installed +in the \fI/usr/local/samba/bin/\fR or \fI /usr/samba/bin/\fR directory, this directory readable +by all, writeable only by root. The client program itself should +be executable by all. The client should \fBNOT\fR be +setuid or setgid! +.PP +The client log files should be put in a directory readable +and writeable only by the user. +.PP +To test the client, you will need to know the name of a +running SMB/CIFS server. It is possible to run \fBsmbd(8) +\fRas an ordinary user - running that server as a daemon +on a user-accessible port (typically any port number over 1024) +would provide a suitable test server. +.SH "DIAGNOSTICS" +.PP +Most diagnostics issued by the client are logged in a +specified log file. The log file name is specified at compile time, +but may be overridden on the command line. +.PP +The number and nature of diagnostics available depends +on the debug level used by the client. If you have problems, +set the debug level to 3 and peruse the log files. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbcontrol.1 b/docs/manpages/smbcontrol.1 new file mode 100644 index 00000000000..f341b563e15 --- /dev/null +++ b/docs/manpages/smbcontrol.1 @@ -0,0 +1,124 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBCONTROL" "1" "28 January 2002" "" "" +.SH NAME +smbcontrol \- send messages to smbd or nmbd processes +.SH SYNOPSIS +.sp +\fBsmbcontrol\fR [ \fB-i\fR ] +.sp +\fBsmbcontrol\fR [ \fBdestination\fR ] [ \fBmessage-type\fR ] [ \fBparameter\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBsmbcontrol\fR is a very small program, which +sends messages to an smbd(8)or +an nmbd(8)daemon running on the +system. +.SH "OPTIONS" +.TP +\fB-i\fR +Run interactively. Individual commands +of the form destination message-type parameters can be entered +on STDIN. An empty command line or a "q" will quit the +program. +.TP +\fBdestination\fR +One of \fInmbd\fR +\fIsmbd\fR or a process ID. + +The \fIsmbd\fR destination causes the +message to "broadcast" to all smbd daemons. + +The \fInmbd\fR destination causes the +message to be sent to the nmbd daemon specified in the +\fInmbd.pid\fR file. + +If a single process ID is given, the message is sent +to only that process. +.TP +\fBmessage-type\fR +One of: close-share, +debug, +force-election, ping +, profile, debuglevel, profilelevel, +or printer-notify. + +The close-share message-type sends a +message to smbd which will then close the client connections to +the named share. Note that this doesn't affect client connections +to any other shares. This message-type takes an argument of the +share name for which client connections will be close, or the +"*" character which will close all currently open shares. +This message can only be sent to smbd. + +The debug message-type allows +the debug level to be set to the value specified by the +parameter. This can be sent to any of the destinations. + +The force-election message-type can only be +sent to the nmbd destination. This message +causes the \fBnmbd\fR daemon to force a new browse +master election. + +The ping message-type sends the +number of "ping" messages specified by the parameter and waits +for the same number of reply "pong" messages. This can be sent to +any of the destinations. + +The profile message-type sends a +message to an smbd to change the profile settings based on the +parameter. The parameter can be "on" to turn on profile stats +collection, "off" to turn off profile stats collection, "count" +to enable only collection of count stats (time stats are +disabled), and "flush" to zero the current profile stats. This can +be sent to any of the destinations. + +The debuglevel message-type sends +a "request debug level" message. The current debug level setting +is returned by a "debuglevel" message. This can be +sent to any of the destinations. + +The profilelevel message-type sends +a "request profile level" message. The current profile level +setting is returned by a "profilelevel" message. This can be sent +to any of the destinations. + +The printer-notify message-type sends a +message to smbd which in turn sends a printer notify message to +any Windows NT clients connected to a printer. This message-type +takes an argument of the printer name to send notify messages to. +This message can only be sent to smbd. + +The close-share message-type sends a +message to smbd which forces smbd to close the share that was +specified as an argument. This may be useful if you made changes +to the access controls on the share. +.TP +\fBparameters\fR +any parameters required for the message-type +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBnmbd(8)\fR, +and \fBsmbd(8)\fR. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbd.8 b/docs/manpages/smbd.8 index bae41b2c479..f534a59bf3b 100644 --- a/docs/manpages/smbd.8 +++ b/docs/manpages/smbd.8 @@ -1,407 +1,310 @@ -.TH SMBD 8 17/1/1995 smbd smbd +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBD" "8" "28 January 2002" "" "" .SH NAME -smbd \- provide SMB (aka LanManager) services to clients +smbd \- server to provide SMB/CIFS services to clients .SH SYNOPSIS -.B smbd -[ -.B -D -] [ -.B -a -] [ -.B -d -.I debuglevel -] [ -.B -l -.I log file -] [ -.B -p -.I port number -] [ -.B -O -.I socket options -] [ -.B -s -.I configuration file -] -.SH DESCRIPTION +.sp +\fBsmbd\fR [ \fB-D\fR ] [ \fB-a\fR ] [ \fB-i\fR ] [ \fB-o\fR ] [ \fB-P\fR ] [ \fB-h\fR ] [ \fB-V\fR ] [ \fB-b\fR ] [ \fB-d \fR ] [ \fB-l \fR ] [ \fB-p \fR ] [ \fB-O \fR ] [ \fB-s \fR ] +.SH "DESCRIPTION" +.PP This program is part of the Samba suite. - -.B smbd -is a server that can provide most SMB services. The -server provides filespace and printer services to clients using the SMB -protocol. This is compatible with the LanManager protocol, and can -service LanManager clients. - -An extensive description of the services that the server can provide is given -in the man page for the configuration file controlling the attributes of those -services (see -.B smb.conf(5)). This man page will not describe the services, but -will concentrate on the administrative aspects of running the server. - -Please note that there are significant security implications to running this -server, and -.B smb.conf(5) should be regarded as mandatory reading before proceeding with -installation. - -A session is created whenever a client requests one. Each client gets a copy -of the server for each session. This copy then services all connections made -by the client during that session. When all connections from its client are -are closed, the copy of the server for that client terminates. - -The configuration file is automatically reloaded if it changes. You -can force a reload by sending a SIGHUP to the server. - -.SH OPTIONS -.B -D - -.RS 3 -If specified, this parameter causes the server to operate as a daemon. That is, -it detaches itself and runs in the background, fielding requests on the -appropriate port. - -By default, the server will NOT operate as a daemon. -.RE - -.B -a - -.RS 3 -If this parameter is specified, the log files will be overwritten with each -new connection. By default, the log files will be appended to. -.RE - -.B -d -.I debuglevel -.RS 3 - -debuglevel is an integer from 0 to 5. - -The default value if this parameter is not specified is zero. - -The higher this value, the more detail will be logged to the log files about -the activities of the server. At level 0, only critical errors and serious -warnings will be logged. Level 1 is a reasonable level for day to day running -- it generates a small amount of information about operations carried out. - -Levels above 1 will generate considerable amounts of log data, and should -only be used when investigating a problem. Levels above 3 are designed for -use only by developers and generate HUGE amounts of log data, most of which -is extremely cryptic. -.RE - -.B -l -.I log file - -.RS 3 -If specified, -.I logfile -specifies a base filename into which operational data from the running server -will be logged. - -The default base name is specified at compile time. - -The base name is used to generate actual log file names. For example, if the -name specified was "log", the following files would be used for log data: - -.RS 3 -log.debug (containing debugging information) - -log.in (containing inbound transaction data) - -log.out (containing outbound transaction data) -.RE - -The log files generated are never removed by the server. -.RE - -.B -O -.I socket options -.RS 3 - -See the socket options section of smb.conf(5) for details - -.RE -.B -p -.I port number -.RS 3 - -port number is a positive integer value. - -The default value if this parameter is not specified is 139. - -This number is the port number that will be used when making connections to -the server from client software. The standard (well-known) port number for the -server is 139, hence the default. If you wish to run the server as an ordinary -user rather than as root, most systems will require you to use a port number -greater than 1024 - ask your system administrator for help if you are in this -situation. - -This parameter is not normally specified except in the above situation. -.RE - -.B -s -.I configuration file - -.RS 3 -The default configuration file name is determined at compile time. - -The file specified contains the configuration details required by the server. -The information in this file includes server-specific information such as -what printcap file to use, as well as descriptions of all the services that the -server is to provide. See -.B smb.conf(5) for more information. -.RE - -.SH FILES - -.B /etc/inetd.conf - -.RS 3 -If the server is to be run by the inetd meta-daemon, this file must contain -suitable startup information for the meta-daemon. See the section -"INSTALLATION" below. -.RE - -.B /etc/rc - -.RS 3 -(or whatever initialisation script your system uses) - -If running the server as a daemon at startup, this file will need to contain -an appropriate startup sequence for the server. See the section "INSTALLATION" -below. -.RE - -.B /etc/services - -.RS 3 -If running the server via the meta-daemon inetd, this file must contain a -mapping of service name (eg., netbios-ssn) to service port (eg., 139) and -protocol type (eg., tcp). See the section "INSTALLATION" below. -.RE - -.B /usr/local/smb/smb.conf - -.RS 3 -This file describes all the services the server is to make available to -clients. See -.B smb.conf(5) for more information. -.RE -.RE - -.SH LIMITATIONS - -On some systems smbd cannot change uid back to root after a setuid() call. -Such systems are called "trapdoor" uid systems. If you have such a system, -you will be unable to connect from a client (such as a PC) as two different -users at once. Attempts to connect the second user will result in "access -denied" or similar. - -.SH ENVIRONMENT VARIABLES - -.B PRINTER - -.RS 3 -If no printer name is specified to printable services, most systems will -use the value of this variable (or "lp" if this variable is not defined) -as the name of the printer to use. This is not specific to the server, -however. -.RE - -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the server software be installed under the -/usr/local hierarchy, in a directory readable by all, writeable only -by root. The server program itself should be executable by all, as -users may wish to run the server themselves (in which case it will of -course run with their privileges). The server should NOT be -setuid. On some systems it may be worthwhile to make smbd setgid to an -empty group. This is because some systems may have a security hole where -daemon processes that become a user can be attached to with a -debugger. Making the smbd file setgid to an empty group may prevent -this hole from being exploited. This secrity hole and the suggested -fix has only been confirmed on Linux at the time this was written. It -is possible that this hole only exists in Linux, as testing on other -systems has thus far shown them to be immune. - -The server log files should be put in a directory readable and writable only -by root, as the log files may contain sensitive information. - -The configuration file should be placed in a directory readable and writable -only by root, as the configuration file controls security for the services -offered by the server. The configuration file can be made readable by all if -desired, but this is not necessary for correct operation of the server and -is not recommended. A sample configuration file "smb.conf.sample" is supplied -with the source to the server - this may be renamed to "smb.conf" and -modified to suit your needs. - -The remaining notes will assume the following: - -.RS 3 -smbd (the server program) installed in /usr/local/smb - -smb.conf (the configuration file) installed in /usr/local/smb - -log files stored in /var/adm/smblogs -.RE - -The server may be run either as a daemon by users or at startup, or it may -be run from a meta-daemon such as inetd upon request. If run as a daemon, the -server will always be ready, so starting sessions will be faster. If run from -a meta-daemon some memory will be saved and utilities such as the tcpd -TCP-wrapper may be used for extra security. - -When you've decided, continue with either "RUNNING THE SERVER AS A DAEMON" or -"RUNNING THE SERVER ON REQUEST". -.SH RUNNING THE SERVER AS A DAEMON -To run the server as a daemon from the command line, simply put the "-D" option -on the command line. There is no need to place an ampersand at the end of the -command line - the "-D" option causes the server to detach itself from the -tty anyway. - -Any user can run the server as a daemon (execute permissions permitting, of -course). This is useful for testing purposes, and may even be useful as a -temporary substitute for something like ftp. When run this way, however, the -server will only have the privileges of the user who ran it. - -To ensure that the server is run as a daemon whenever the machine is started, -and to ensure that it runs as root so that it can serve multiple clients, you -will need to modify the system startup files. Wherever appropriate (for -example, in /etc/rc), insert the following line, substituting -port number, log file location, configuration file location and debug level as -desired: - -.RS 3 -/usr/local/smb/smbd -D -l /var/adm/smblogs/log -s /usr/local/smb/smb.conf -.RE - -(The above should appear in your initialisation script as a single line. -Depending on your terminal characteristics, it may not appear that way in -this man page. If the above appears as more than one line, please treat any -newlines or indentation as a single space or TAB character.) - -If the options used at compile time are appropriate for your system, all -parameters except the desired debug level and "-D" may be omitted. See the -section "OPTIONS" above. -.SH RUNNING THE SERVER ON REQUEST -If your system uses a meta-daemon such as inetd, you can arrange to have the -smbd server started whenever a process attempts to connect to it. This requires -several changes to the startup files on the host machine. If you are -experimenting as an ordinary user rather than as root, you will need the -assistance of your system administrator to modify the system files. - -You will probably want to set up the name server -.B nmbd -at the same time as -the smbd - refer to the man page -.B nmbd(8). - -First, ensure that a port is configured in the file /etc/services. The -well-known port 139 should be used if possible, though any port may be used. - -Ensure that a line similar to the following is in /etc/services: - -.RS 3 -netbios-ssn 139/tcp -.RE - -Note for NIS/YP users - you may need to rebuild the NIS service maps rather -than alter your local /etc/services file. - -Next, put a suitable line in the file /etc/inetd.conf (in the unlikely event -that you are using a meta-daemon other than inetd, you are on your own). Note -that the first item in this line matches the service name in /etc/services. -Substitute appropriate values for your system in this line (see -.B inetd(8)): - -.RS 3 -netbios-ssn stream tcp nowait root /usr/local/smb/smbd -d1 --l/var/adm/smblogs/log -s/usr/local/smb/smb.conf -.RE - -(The above should appear in /etc/inetd.conf as a single line. Depending on -your terminal characteristics, it may not appear that way in this man page. -If the above appears as more than one line, please treat any newlines or -indentation as a single space or TAB character.) - -Note that there is no need to specify a port number here, even if you are -using a non-standard port number. - -Lastly, edit the configuration file to provide suitable services. To start -with, the following two services should be all you need: - -.RS 3 -[homes] -.RS 3 - writable = yes -.RE - -[printers] -.RS 3 - writable = no - printable = yes - path = /tmp - public = yes -.RE -.RE - -This will allow you to connect to your home directory and print to any printer -supported by the host (user privileges permitting). -.SH TESTING THE INSTALLATION -If running the server as a daemon, execute it before proceeding. If -using a meta-daemon, either restart the system or kill and restart the -meta-daemon. Some versions of inetd will reread their configuration tables if -they receive a HUP signal. - -If your machine's name is "fred" and your name is "mary", you should now be -able to connect to the service "\\\\fred\\mary". - -To properly test and experiment with the server, we recommend using the -smbclient program (see -.B smbclient(1)). -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the server has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B hosts_access(5), -.B inetd(8), -.B nmbd(8), -.B smb.conf(5), -.B smbclient(1), -.B testparm(1), -.B testprns(1) - -.SH DIAGNOSTICS -[This section under construction] - -Most diagnostics issued by the server are logged in a specified log file. The -log file name is specified at compile time, but may be overridden on the +.PP +\fBsmbd\fR is the server daemon that +provides filesharing and printing services to Windows clients. +The server provides filespace and printer services to +clients using the SMB (or CIFS) protocol. This is compatible +with the LanManager protocol, and can service LanManager +clients. These include MSCLIENT 3.0 for DOS, Windows for +Workgroups, Windows 95/98/ME, Windows NT, Windows 2000, +OS/2, DAVE for Macintosh, and smbfs for Linux. +.PP +An extensive description of the services that the +server can provide is given in the man page for the +configuration file controlling the attributes of those +services (see \fIsmb.conf(5) +\fR. This man page will not describe the +services, but will concentrate on the administrative aspects +of running the server. +.PP +Please note that there are significant security +implications to running this server, and the \fIsmb.conf(5)\fR +manpage should be regarded as mandatory reading before +proceeding with installation. +.PP +A session is created whenever a client requests one. +Each client gets a copy of the server for each session. This +copy then services all connections made by the client during +that session. When all connections from its client are closed, +the copy of the server for that client terminates. +.PP +The configuration file, and any files that it includes, +are automatically reloaded every minute, if they change. You +can force a reload by sending a SIGHUP to the server. Reloading +the configuration file will not affect connections to any service +that is already established. Either the user will have to +disconnect from the service, or \fBsmbd\fR killed and restarted. +.SH "OPTIONS" +.TP +\fB-D\fR +If specified, this parameter causes +the server to operate as a daemon. That is, it detaches +itself and runs in the background, fielding requests +on the appropriate port. Operating the server as a +daemon is the recommended way of running \fBsmbd\fR for +servers that provide more than casual use file and +print services. This switch is assumed if \fBsmbd +\fRis executed on the command line of a shell. +.TP +\fB-a\fR +If this parameter is specified, each new +connection will append log messages to the log file. +This is the default. +.TP +\fB-i\fR +If this parameter is specified it causes the +server to run "interactively", not as a daemon, even if the +server is executed on the command line of a shell. Setting this +parameter negates the implicit deamon mode when run from the command line. - -The number and nature of diagnostics available depends on the debug level used -by the server. If you have problems, set the debug level to 3 and peruse the -log files. - -Most messages are reasonably self-explanatory. Unfortunately, at time of -creation of this man page the source code is still too fluid to warrant -describing each and every diagnostic. At this stage your best bet is still -to grep the source code and inspect the conditions that gave rise to the +.TP +\fB-o\fR +If this parameter is specified, the +log files will be overwritten when opened. By default, +\fBsmbd\fR will append entries to the log +files. +.TP +\fB-P\fR +Passive option. Causes \fBsmbd\fR not to +send any network traffic out. Used for debugging by +the developers only. +.TP +\fB-h\fR +Prints the help information (usage) +for \fBsmbd\fR. +.TP +\fB-v\fR +Prints the version number for +\fBsmbd\fR. +.TP +\fB-b\fR +Prints information about how +Samba was built. +.TP +\fB-d \fR +\fIdebuglevel\fR is an integer +from 0 to 10. The default value if this parameter is +not specified is zero. + +The higher this value, the more detail will be +logged to the log files about the activities of the +server. At level 0, only critical errors and serious +warnings will be logged. Level 1 is a reasonable level for +day to day running - it generates a small amount of +information about operations carried out. + +Levels above 1 will generate considerable +amounts of log data, and should only be used when +investigating a problem. Levels above 3 are designed for +use only by developers and generate HUGE amounts of log +data, most of which is extremely cryptic. + +Note that specifying this parameter here will +override the log +levelfile. +.TP +\fB-l \fR +If specified, +\fIlog directory\fR +specifies a log directory into which the "log.smbd" log +file will be created for informational and debug +messages from the running server. The log +file generated is never removed by the server although +its size may be controlled by the max log size +option in the \fI smb.conf(5)\fRfile. + +The default log directory is specified at +compile time. +.TP +\fB-O \fR +See the socket options +parameter in the \fIsmb.conf(5) +\fRfile for details. +.TP +\fB-p \fR +\fIport number\fR is a positive integer +value. The default value if this parameter is not +specified is 139. + +This number is the port number that will be +used when making connections to the server from client +software. The standard (well-known) port number for the +SMB over TCP is 139, hence the default. If you wish to +run the server as an ordinary user rather than +as root, most systems will require you to use a port +number greater than 1024 - ask your system administrator +for help if you are in this situation. + +In order for the server to be useful by most +clients, should you configure it on a port other +than 139, you will require port redirection services +on port 139, details of which are outlined in rfc1002.txt +section 4.3.5. + +This parameter is not normally specified except +in the above situation. +.TP +\fB-s \fR +The file specified contains the +configuration details required by the server. The +information in this file includes server-specific +information such as what printcap file to use, as well +as descriptions of all the services that the server is +to provide. See \fI smb.conf(5)\fRfor more information. +The default configuration file name is determined at +compile time. +.SH "FILES" +.TP +\fB\fI/etc/inetd.conf\fB\fR +If the server is to be run by the +\fBinetd\fR meta-daemon, this file +must contain suitable startup information for the +meta-daemon. See the UNIX_INSTALL.html +document for details. +.TP +\fB\fI/etc/rc\fB\fR +or whatever initialization script your +system uses). + +If running the server as a daemon at startup, +this file will need to contain an appropriate startup +sequence for the server. See the UNIX_INSTALL.html +document for details. +.TP +\fB\fI/etc/services\fB\fR +If running the server via the +meta-daemon \fBinetd\fR, this file +must contain a mapping of service name (e.g., netbios-ssn) +to service port (e.g., 139) and protocol type (e.g., tcp). +See the UNIX_INSTALL.html +document for details. +.TP +\fB\fI/usr/local/samba/lib/smb.conf\fB\fR +This is the default location of the +\fIsmb.conf\fR +server configuration file. Other common places that systems +install this file are \fI/usr/samba/lib/smb.conf\fR +and \fI/etc/smb.conf\fR. + +This file describes all the services the server +is to make available to clients. See \fIsmb.conf(5)\fRfor more information. +.SH "LIMITATIONS" +.PP +On some systems \fBsmbd\fR cannot change uid back +to root after a setuid() call. Such systems are called +trapdoor uid systems. If you have such a system, +you will be unable to connect from a client (such as a PC) as +two different users at once. Attempts to connect the +second user will result in access denied or +similar. +.SH "ENVIRONMENT VARIABLES" +.TP +\fBPRINTER\fR +If no printer name is specified to +printable services, most systems will use the value of +this variable (or lp if this variable is +not defined) as the name of the printer to use. This +is not specific to the server, however. +.SH "PAM INTERACTION" +.PP +Samba uses PAM for authentication (when presented with a plaintext +password), for account checking (is this account disabled?) and for +session management. The degree too which samba supports PAM is restricted +by the limitations of the SMB protocol and the +obey pam restricions +smb.conf paramater. When this is set, the following restrictions apply: +.TP 0.2i +\(bu +\fBAccount Validation\fR: All acccesses to a +samba server are checked +against PAM to see if the account is vaild, not disabled and is permitted to +login at this time. This also applies to encrypted logins. +.TP 0.2i +\(bu +\fBSession Management\fR: When not using share +level secuirty, users must pass PAM's session checks before access +is granted. Note however, that this is bypassed in share level secuirty. +Note also that some older pam configuration files may need a line +added for session support. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "DIAGNOSTICS" +.PP +Most diagnostics issued by the server are logged +in a specified log file. The log file name is specified +at compile time, but may be overridden on the command line. +.PP +The number and nature of diagnostics available depends +on the debug level used by the server. If you have problems, set +the debug level to 3 and peruse the log files. +.PP +Most messages are reasonably self-explanatory. Unfortunately, +at the time this man page was created, there are too many diagnostics +available in the source code to warrant describing each and every +diagnostic. At this stage your best bet is still to grep the +source code and inspect the conditions that gave rise to the diagnostics you are seeing. - -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -This man page written by Karl Auer (Karl.Auer@anu.edu.au) - -See -.B smb.conf(5) for a full list of contributors and details on how to -submit bug reports, comments etc. +.SH "SIGNALS" +.PP +Sending the \fBsmbd\fR a SIGHUP will cause it to +reload its \fIsmb.conf\fR configuration +file within a short period of time. +.PP +To shut down a user's \fBsmbd\fR process it is recommended +that \fBSIGKILL (-9)\fR \fBNOT\fR +be used, except as a last resort, as this may leave the shared +memory area in an inconsistent state. The safe way to terminate +an \fBsmbd\fR is to send it a SIGTERM (-15) signal and wait for +it to die on its own. +.PP +The debug log level of \fBsmbd\fR may be raised +or lowered using \fBsmbcontrol(1) +\fRprogram (SIGUSR[1|2] signals are no longer used in +Samba 2.2). This is to allow transient problems to be diagnosed, +whilst still running at a normally low log level. +.PP +Note that as the signal handlers send a debug write, +they are not re-entrant in \fBsmbd\fR. This you should wait until +\fBsmbd\fR is in a state of waiting for an incoming SMB before +issuing them. It is possible to make the signal handlers safe +by un-blocking the signals before the select call and re-blocking +them after, however this would affect performance. +.SH "SEE ALSO" +.PP +hosts_access(5), \fBinetd(8)\fR, +\fBnmbd(8)\fR, +\fIsmb.conf(5)\fR +, \fBsmbclient(1) +\fR, and the Internet RFC's +\fIrfc1001.txt\fR, \fIrfc1002.txt\fR. +In addition the CIFS (formerly SMB) specification is available +as a link from the Web page +http://samba.org/cifs/ . +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbgroupedit.8 b/docs/manpages/smbgroupedit.8 new file mode 100644 index 00000000000..9f01fcaaeae --- /dev/null +++ b/docs/manpages/smbgroupedit.8 @@ -0,0 +1,159 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBGROUPEDIT" "8" "28 January 2002" "" "" +.SH NAME +smbgroupedit \- Query/set/change UNIX - Windows NT group mapping +.SH SYNOPSIS +.sp +\fBsmbroupedit\fR [ \fB-v [l|s]\fR ] [ \fB-a UNIX-groupname [-d NT-groupname|-p prividge|\fR ] +.SH "DESCRIPTION" +.PP +This program is part of the Samba +suite. +.PP +The smbgroupedit command allows for mapping unix groups +to NT Builtin, Domain, or Local groups. Also +allows setting privileges for that group, such as saAddUser, +etc. +.SH "OPTIONS" +.TP +\fB-v[l|s]\fR +This option will list all groups available +in the Windows NT domain in which samba is operating. +.RS +.TP +\fB-l\fR +give a long listing, of the format: + +.sp +.nf +"NT Group Name" + SID : + Unix group : + Group type : + Comment : + Privilege : +.sp +.fi + +For examples, + +.sp +.nf +Users + SID : S-1-5-32-545 + Unix group: -1 + Group type: Local group + Comment : + Privilege : No privilege +.sp +.fi +.TP +\fB-s\fR +display a short listing of the format: + +.sp +.nf +NTGroupName(SID) -> UnixGroupName +.sp +.fi + +For example, + +.sp +.nf +Users (S-1-5-32-545) -> -1 +.sp +.fi +.RE +.SH "FILES" +.PP +.SH "EXIT STATUS" +.PP +\fBsmbgroupedit\fR returns a status of 0 if the +operation completed successfully, and a value of 1 in the event +of a failure. +.SH "EXAMPLES" +.PP +To make a subset of your samba PDC users members of +the 'Domain Admins' Global group: +.IP 1. +create a unix group (usually in +\fI/etc/group\fR), let's call it domadm. +.IP 2. +add to this group the users that you want to be +domain administrators. For example if you want joe, john and mary, +your entry in \fI/etc/group\fR will look like: + +domadm:x:502:joe,john,mary +.IP 3. +map this domadm group to the 'domain admins' group: +.RS +.IP 1. +Get the SID for the Windows NT "Domain Admins" +group: + +.sp +.nf +root# \fBsmbgroupedit -vs | grep "Domain Admins"\fR +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> -1 +.sp +.fi +.IP 2. +map the unix domadm group to the Windows NT +"Domain Admins" group, by running the command: + +.sp +.nf +root# \fBsmbgroupedit \\ +-c S-1-5-21-1108995562-3116817432-1375597819-512 \\ +-u domadm\fR +.sp +.fi + +\fBwarning:\fR don't copy and paste this sample, the +Domain Admins SID (the S-1-5-21-...-512) is different for every PDC. +.RE +.PP +To verify that you mapping has taken effect: +.PP +.PP +.sp +.nf +root# \fBsmbgroupedit -vs|grep "Domain Admins"\fR +Domain Admins (S-1-5-21-1108995562-3116817432-1375597819-512) -> domadm +.sp +.fi +.PP +.PP +To give access to a certain directory on a domain member machine (an +NT/W2K or a samba server running winbind) to some users who are member +of a group on your samba PDC, flag that group as a domain group: +.PP +.PP +.sp +.nf +root# \fBsmbgroupedit -a unixgroup -td\fR +.sp +.fi +.PP +.SH "VERSION" +.PP +This man page is correct for the 3.0alpha releases of +the Samba suite. +.SH "SEE ALSO" +.PP +smb.conf(5) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +\fBsmbgroupedit\fR was written by Jean Francois Micouleau. +The current set of manpages and documentation is maintained +by the Samba Team in the same fashion as the Samba source code. diff --git a/docs/manpages/smbmnt.8 b/docs/manpages/smbmnt.8 new file mode 100644 index 00000000000..885ab82f998 --- /dev/null +++ b/docs/manpages/smbmnt.8 @@ -0,0 +1,63 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBMNT" "8" "28 January 2002" "" "" +.SH NAME +smbmnt \- helper utility for mounting SMB filesystems +.SH SYNOPSIS +.sp +\fBsmbmnt\fR \fBmount-point\fR [ \fB-s \fR ] [ \fB-r\fR ] [ \fB-u \fR ] [ \fB-g \fR ] [ \fB-f \fR ] [ \fB-d \fR ] [ \fB-o \fR ] +.SH "DESCRIPTION" +.PP +\fBsmbmnt\fR is a helper application used +by the smbmount program to do the actual mounting of SMB shares. +\fBsmbmnt\fR can be installed setuid root if you want +normal users to be able to mount their SMB shares. +.PP +A setuid smbmnt will only allow mounts on directories owned +by the user, and that the user has write permission on. +.PP +The \fBsmbmnt\fR program is normally invoked +by \fBsmbmount(8)\fR +. It should not be invoked directly by users. +.PP +smbmount searches the normal PATH for smbmnt. You must ensure +that the smbmnt version in your path matches the smbmount used. +.SH "OPTIONS" +.TP +\fB-r\fR +mount the filesystem read-only +.TP +\fB-u uid\fR +specify the uid that the files will +be owned by +.TP +\fB-g gid\fR +specify the gid that the files will be +owned by +.TP +\fB-f mask\fR +specify the octal file mask applied +.TP +\fB-d mask\fR +specify the octal directory mask +applied +.TP +\fB-o options\fR +list of options that are passed as-is to smbfs, if this +command is run on a 2.4 or higher Linux kernel. +.SH "AUTHOR" +.PP +Volker Lendecke, Andrew Tridgell, Michael H. Warfield +and others. +.PP +The current maintainer of smbfs and the userspace +tools \fBsmbmount\fR, \fBsmbumount\fR, +and \fBsmbmnt\fR is Urban Widmark . +The SAMBA Mailing list +is the preferred place to ask questions regarding these programs. +.PP +The conversion of this manpage for Samba 2.2 was performed +by Gerald Carter diff --git a/docs/manpages/smbmount.8 b/docs/manpages/smbmount.8 new file mode 100644 index 00000000000..1cef431e47b --- /dev/null +++ b/docs/manpages/smbmount.8 @@ -0,0 +1,216 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBMOUNT" "8" "28 January 2002" "" "" +.SH NAME +smbmount \- mount an smbfs filesystem +.SH SYNOPSIS +.sp +\fBsmbumount\fR \fBservice\fR \fBmount-point\fR [ \fB-o options\fR ] +.SH "DESCRIPTION" +.PP +\fBsmbmount\fR mounts a Linux SMB filesystem. It +is usually invoked as \fBmount.smbfs\fR by +the \fBmount(8)\fR command when using the +"-t smbfs" option. This command only works in Linux, and the kernel must +support the smbfs filesystem. +.PP +Options to \fBsmbmount\fR are specified as a comma-separated +list of key=value pairs. It is possible to send options other +than those listed here, assuming that smbfs supports them. If +you get mount failures, check your kernel log for errors on +unknown options. +.PP +\fBsmbmount\fR is a daemon. After mounting it keeps running until +the mounted smbfs is umounted. It will log things that happen +when in daemon mode using the "machine name" smbmount, so +typically this output will end up in \fIlog.smbmount\fR. The +\fBsmbmount\fR process may also be called mount.smbfs. +.PP +\fBNOTE:\fR \fBsmbmount\fR +calls \fBsmbmnt(8)\fR to do the actual mount. You +must make sure that \fBsmbmnt\fR is in the path so +that it can be found. +.SH "OPTIONS" +.TP +\fBusername=\fR +specifies the username to connect as. If +this is not given, then the environment variable \fB USER\fR is used. This option can also take the +form "user%password" or "user/workgroup" or +"user/workgroup%password" to allow the password and workgroup +to be specified as part of the username. +.TP +\fBpassword=\fR +specifies the SMB password. If this +option is not given then the environment variable +\fBPASSWD\fR is used. If it can find +no password \fBsmbmount\fR will prompt +for a passeword, unless the guest option is +given. + +Note that password which contain the arguement delimiter +character (i.e. a comma ',') will failed to be parsed correctly +on the command line. However, the same password defined +in the PASSWD environment variable or a credentials file (see +below) will be read correctly. +.TP +\fBcredentials=\fR +specifies a file that contains a username +and/or password. The format of the file is: + +.sp +.nf + username = + password = + +.sp +.fi + +This is preferred over having passwords in plaintext in a +shared file, such as \fI/etc/fstab\fR. Be sure to protect any +credentials file properly. +.TP +\fBnetbiosname=\fR +sets the source NetBIOS name. It defaults +to the local hostname. +.TP +\fBuid=\fR +sets the uid that will own all files on +the mounted filesystem. +It may be specified as either a username or a numeric uid. +.TP +\fBgid=\fR +sets the gid that will own all files on +the mounted filesystem. +It may be specified as either a groupname or a numeric +gid. +.TP +\fBport=\fR +sets the remote SMB port number. The default +is 139. +.TP +\fBfmask=\fR +sets the file mask. This determines the +permissions that remote files have in the local filesystem. +The default is based on the current umask. +.TP +\fBdmask=\fR +sets the directory mask. This determines the +permissions that remote directories have in the local filesystem. +The default is based on the current umask. +.TP +\fBdebug=\fR +sets the debug level. This is useful for +tracking down SMB connection problems. A suggested value to +start with is 4. If set too high there will be a lot of +output, possibly hiding the useful output. +.TP +\fBip=\fR +sets the destination host or IP address. +.TP +\fBworkgroup=\fR +sets the workgroup on the destination +.TP +\fBsockopt=\fR +sets the TCP socket options. See the \fIsmb.conf +\fR\fIsocket options\fR option. +.TP +\fBscope=\fR +sets the NetBIOS scope +.TP +\fBguest\fR +don't prompt for a password +.TP +\fBro\fR +mount read-only +.TP +\fBrw\fR +mount read-write +.TP +\fBiocharset=\fR +sets the charset used by the Linux side for codepage +to charset translations (NLS). Argument should be the +name of a charset, like iso8859-1. (Note: only kernel +2.4.0 or later) +.TP +\fBcodepage=\fR +sets the codepage the server uses. See the iocharset +option. Example value cp850. (Note: only kernel 2.4.0 +or later) +.TP +\fBttl=\fR +how long a directory listing is cached in milliseconds +(also affects visibility of file size and date +changes). A higher value means that changes on the +server take longer to be noticed but it can give +better performance on large directories, especially +over long distances. Default is 1000ms but something +like 10000ms (10 seconds) is probably more reasonable +in many cases. +(Note: only kernel 2.4.2 or later) +.SH "ENVIRONMENT VARIABLES" +.PP +The variable \fBUSER\fR may contain the username of the +person using the client. This information is used only if the +protocol level is high enough to support session-level +passwords. The variable can be used to set both username and +password by using the format username%password. +.PP +The variable \fBPASSWD\fR may contain the password of the +person using the client. This information is used only if the +protocol level is high enough to support session-level +passwords. +.PP +The variable \fBPASSWD_FILE\fR may contain the pathname +of a file to read the password from. A single line of input is +read and used as the password. +.SH "BUGS" +.PP +Passwords and other options containing , can not be handled. +For passwords an alternative way of passing them is in a credentials +file or in the PASSWD environment. +.PP +The credentials file does not handle usernames or passwords with +leading space. +.PP +One smbfs bug is important enough to mention here, even if it +is a bit misplaced: +.TP 0.2i +\(bu +Mounts sometimes stop working. This is usually +caused by smbmount terminating. Since smbfs needs smbmount to +reconnect when the server disconnects, the mount will eventually go +dead. An umount/mount normally fixes this. At least 2 ways to +trigger this bug are known. +.PP +Note that the typical response to a bug report is suggestion +to try the latest version first. So please try doing that first, +and always include which versions you use of relevant software +when reporting bugs (minimum: samba, kernel, distribution) +.PP +.SH "SEE ALSO" +.PP +Documentation/filesystems/smbfs.txt in the linux kernel +source tree may contain additional options and information. +.PP +FreeBSD also has a smbfs, but it is not related to smbmount +.PP +For Solaris, HP-UX and others you may want to look at +\fBsmbsh(1)\fRor at other +solutions, such as sharity or perhaps replacing the SMB server with +a NFS server. +.SH "AUTHOR" +.PP +Volker Lendecke, Andrew Tridgell, Michael H. Warfield +and others. +.PP +The current maintainer of smbfs and the userspace +tools \fBsmbmount\fR, \fBsmbumount\fR, +and \fBsmbmnt\fR is Urban Widmark . +The SAMBA Mailing list +is the preferred place to ask questions regarding these programs. +.PP +The conversion of this manpage for Samba 2.2 was performed +by Gerald Carter diff --git a/docs/manpages/smbpasswd.5 b/docs/manpages/smbpasswd.5 new file mode 100644 index 00000000000..39281eb34e9 --- /dev/null +++ b/docs/manpages/smbpasswd.5 @@ -0,0 +1,159 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBPASSWD" "5" "28 January 2002" "" "" +.SH NAME +smbpasswd \- The Samba encrypted password file +.SH SYNOPSIS +.PP +\fIsmbpasswd\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +smbpasswd is the Samba encrypted password file. It contains +the username, Unix user id and the SMB hashed passwords of the +user, as well as account flag information and the time the +password was last changed. This file format has been evolving with +Samba and has had several different formats in the past. +.SH "FILE FORMAT" +.PP +The format of the smbpasswd file used by Samba 2.2 +is very similar to the familiar Unix \fIpasswd(5)\fR +file. It is an ASCII file containing one line for each user. Each field +ithin each line is separated from the next by a colon. Any entry +beginning with '#' is ignored. The smbpasswd file contains the +following information for each user: +.TP +\fBname\fR +This is the user name. It must be a name that +already exists in the standard UNIX passwd file. +.TP +\fBuid\fR +This is the UNIX uid. It must match the uid +field for the same user entry in the standard UNIX passwd file. +If this does not match then Samba will refuse to recognize +this smbpasswd file entry as being valid for a user. +.TP +\fBLanman Password Hash\fR +This is the LANMAN hash of the user's password, +encoded as 32 hex digits. The LANMAN hash is created by DES +encrypting a well known string with the user's password as the +DES key. This is the same password used by Windows 95/98 machines. +Note that this password hash is regarded as weak as it is +vulnerable to dictionary attacks and if two users choose the +same password this entry will be identical (i.e. the password +is not "salted" as the UNIX password is). If the user has a +null password this field will contain the characters "NO PASSWORD" +as the start of the hex string. If the hex string is equal to +32 'X' characters then the user's account is marked as +disabled and the user will not be able to +log onto the Samba server. + +\fBWARNING !!\fR Note that, due to +the challenge-response nature of the SMB/CIFS authentication +protocol, anyone with a knowledge of this password hash will +be able to impersonate the user on the network. For this +reason these hashes are known as \fBplain text +equivalents\fR and must \fBNOT\fR be made +available to anyone but the root user. To protect these passwords +the smbpasswd file is placed in a directory with read and +traverse access only to the root user and the smbpasswd file +itself must be set to be read/write only by root, with no +other access. +.TP +\fBNT Password Hash\fR +This is the Windows NT hash of the user's +password, encoded as 32 hex digits. The Windows NT hash is +created by taking the user's password as represented in +16-bit, little-endian UNICODE and then applying the MD4 +(internet rfc1321) hashing algorithm to it. + +This password hash is considered more secure than +the LANMAN Password Hash as it preserves the case of the +password and uses a much higher quality hashing algorithm. +However, it is still the case that if two users choose the same +password this entry will be identical (i.e. the password is +not "salted" as the UNIX password is). + +\fBWARNING !!\fR. Note that, due to +the challenge-response nature of the SMB/CIFS authentication +protocol, anyone with a knowledge of this password hash will +be able to impersonate the user on the network. For this +reason these hashes are known as \fBplain text +equivalents\fR and must \fBNOT\fR be made +available to anyone but the root user. To protect these passwords +the smbpasswd file is placed in a directory with read and +traverse access only to the root user and the smbpasswd file +itself must be set to be read/write only by root, with no +other access. +.TP +\fBAccount Flags\fR +This section contains flags that describe +the attributes of the users account. In the Samba 2.2 release +this field is bracketed by '[' and ']' characters and is always +13 characters in length (including the '[' and ']' characters). +The contents of this field may be any of the characters. +.RS +.TP 0.2i +\(bu +\fBU\fR - This means +this is a "User" account, i.e. an ordinary user. Only User +and Workstation Trust accounts are currently supported +in the smbpasswd file. +.TP 0.2i +\(bu +\fBN\fR - This means the +account has no password (the passwords in the fields LANMAN +Password Hash and NT Password Hash are ignored). Note that this +will only allow users to log on with no password if the \fI null passwords\fR parameter is set in the \fIsmb.conf(5) +\fRconfig file. +.TP 0.2i +\(bu +\fBD\fR - This means the account +is disabled and no SMB/CIFS logins will be allowed for +this user. +.TP 0.2i +\(bu +\fBW\fR - This means this account +is a "Workstation Trust" account. This kind of account is used +in the Samba PDC code stream to allow Windows NT Workstations +and Servers to join a Domain hosted by a Samba PDC. +.RE +.PP +Other flags may be added as the code is extended in future. +The rest of this field space is filled in with spaces. +.PP +.TP +\fBLast Change Time\fR +This field consists of the time the account was +last modified. It consists of the characters 'LCT-' (standing for +"Last Change Time") followed by a numeric encoding of the UNIX time +in seconds since the epoch (1970) that the last change was made. +.PP +All other colon separated fields are ignored at this time. +.PP +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbpasswd(8)\fR, +samba(7), and +the Internet RFC1321 for details on the MD4 algorithm. +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbpasswd.8 b/docs/manpages/smbpasswd.8 new file mode 100644 index 00000000000..1a841e53cea --- /dev/null +++ b/docs/manpages/smbpasswd.8 @@ -0,0 +1,282 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBPASSWD" "8" "28 January 2002" "" "" +.SH NAME +smbpasswd \- change a user's SMB password +.SH SYNOPSIS +.sp +\fBsmbpasswd\fR [ \fB-a\fR ] [ \fB-x\fR ] [ \fB-d\fR ] [ \fB-e\fR ] [ \fB-D debuglevel\fR ] [ \fB-n\fR ] [ \fB-r \fR ] [ \fB-R \fR ] [ \fB-m\fR ] [ \fB-j DOMAIN\fR ] [ \fB-U username[%password]\fR ] [ \fB-h\fR ] [ \fB-s\fR ] [ \fB-w pass\fR ] [ \fBusername\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +The smbpasswd program has several different +functions, depending on whether it is run by the \fBroot\fR +user or not. When run as a normal user it allows the user to change +the password used for their SMB sessions on any machines that store +SMB passwords. +.PP +By default (when run with no arguments) it will attempt to +change the current user's SMB password on the local machine. This is +similar to the way the \fBpasswd(1)\fR program works. +\fBsmbpasswd\fR differs from how the passwd program works +however in that it is not \fBsetuid root\fR but works in +a client-server mode and communicates with a locally running +\fBsmbd(8)\fR. As a consequence in order for this to +succeed the smbd daemon must be running on the local machine. On a +UNIX machine the encrypted SMB passwords are usually stored in +the \fIsmbpasswd(5)\fR file. +.PP +When run by an ordinary user with no options. smbpasswd +will prompt them for their old SMB password and then ask them +for their new password twice, to ensure that the new password +was typed correctly. No passwords will be echoed on the screen +whilst being typed. If you have a blank SMB password (specified by +the string "NO PASSWORD" in the smbpasswd file) then just press +the key when asked for your old password. +.PP +smbpasswd can also be used by a normal user to change their +SMB password on remote machines, such as Windows NT Primary Domain +Controllers. See the (-r) and -U options below. +.PP +When run by root, smbpasswd allows new users to be added +and deleted in the smbpasswd file, as well as allows changes to +the attributes of the user in this file to be made. When run by root, +\fBsmbpasswd\fR accesses the local smbpasswd file +directly, thus enabling changes to be made even if smbd is not +running. +.SH "OPTIONS" +.TP +\fB-a\fR +This option specifies that the username +following should be added to the local smbpasswd file, with the +new password typed (type for the old password). This +option is ignored if the username following already exists in +the smbpasswd file and it is treated like a regular change +password command. Note that the default passdb backends require +the user to already exist in the system password file (usually +\fI/etc/passwd\fR), else the request to add the +user will fail. + +This option is only available when running smbpasswd +as root. +.TP +\fB-x\fR +This option specifies that the username +following should be deleted from the local smbpasswd file. + +This option is only available when running smbpasswd as +root. +.TP +\fB-d\fR +This option specifies that the username following +should be disabled in the local smbpasswd +file. This is done by writing a 'D' flag +into the account control space in the smbpasswd file. Once this +is done all attempts to authenticate via SMB using this username +will fail. + +If the smbpasswd file is in the 'old' format (pre-Samba 2.0 +format) there is no space in the user's password entry to write +this information and the command will FAIL. See \fBsmbpasswd(5) +\fRfor details on the 'old' and new password file formats. + +This option is only available when running smbpasswd as +root. +.TP +\fB-e\fR +This option specifies that the username following +should be enabled in the local smbpasswd file, +if the account was previously disabled. If the account was not +disabled this option has no effect. Once the account is enabled then +the user will be able to authenticate via SMB once again. + +If the smbpasswd file is in the 'old' format, then \fB smbpasswd\fR will FAIL to enable the account. +See \fBsmbpasswd (5)\fR for +details on the 'old' and new password file formats. + +This option is only available when running smbpasswd as root. +.TP +\fB-D debuglevel\fR +\fIdebuglevel\fR is an integer +from 0 to 10. The default value if this parameter is not specified +is zero. + +The higher this value, the more detail will be logged to the +log files about the activities of smbpasswd. At level 0, only +critical errors and serious warnings will be logged. + +Levels above 1 will generate considerable amounts of log +data, and should only be used when investigating a problem. Levels +above 3 are designed for use only by developers and generate +HUGE amounts of log data, most of which is extremely cryptic. +.TP +\fB-n\fR +This option specifies that the username following +should have their password set to null (i.e. a blank password) in +the local smbpasswd file. This is done by writing the string "NO +PASSWORD" as the first part of the first password stored in the +smbpasswd file. + +Note that to allow users to logon to a Samba server once +the password has been set to "NO PASSWORD" in the smbpasswd +file the administrator must set the following parameter in the [global] +section of the \fIsmb.conf\fR file : + +\fBnull passwords = yes\fR + +This option is only available when running smbpasswd as +root. +.TP +\fB-r remote machine name\fR +This option allows a user to specify what machine +they wish to change their password on. Without this parameter +smbpasswd defaults to the local host. The \fIremote +machine name\fR is the NetBIOS name of the SMB/CIFS +server to contact to attempt the password change. This name is +resolved into an IP address using the standard name resolution +mechanism in all programs of the Samba suite. See the \fI-R +name resolve order\fR parameter for details on changing +this resolving mechanism. + +The username whose password is changed is that of the +current UNIX logged on user. See the \fI-U username\fR +parameter for details on changing the password for a different +username. + +Note that if changing a Windows NT Domain password the +remote machine specified must be the Primary Domain Controller for +the domain (Backup Domain Controllers only have a read-only +copy of the user account database and will not allow the password +change). + +\fBNote\fR that Windows 95/98 do not have +a real password database so it is not possible to change passwords +specifying a Win95/98 machine as remote machine target. +.TP +\fB-R name resolve order\fR +This option allows the user of smbpasswd to determine +what name resolution services to use when looking up the NetBIOS +name of the host being connected to. + +The options are :"lmhosts", "host", "wins" and "bcast". They cause +names to be resolved as follows : +.RS +.TP 0.2i +\(bu +lmhosts : Lookup an IP +address in the Samba lmhosts file. If the line in lmhosts has +no name type attached to the NetBIOS name (see the lmhosts(5)for details) then +any name type matches for lookup. +.TP 0.2i +\(bu +host : Do a standard host +name to IP address resolution, using the system \fI/etc/hosts +\fR, NIS, or DNS lookups. This method of name resolution +is operating system depended for instance on IRIX or Solaris this +may be controlled by the \fI/etc/nsswitch.conf\fR +file). Note that this method is only used if the NetBIOS name +type being queried is the 0x20 (server) name type, otherwise +it is ignored. +.TP 0.2i +\(bu +wins : Query a name with +the IP address listed in the \fIwins server\fR +parameter. If no WINS server has been specified this method +will be ignored. +.TP 0.2i +\(bu +bcast : Do a broadcast on +each of the known local interfaces listed in the +\fIinterfaces\fR parameter. This is the least +reliable of the name resolution methods as it depends on the +target host being on a locally connected subnet. +.RE +.PP +The default order is \fBlmhosts, host, wins, bcast\fR +and without this parameter or any entry in the +\fIsmb.conf\fR file the name resolution methods will +be attempted in this order. +.PP +.TP +\fB-m\fR +This option tells smbpasswd that the account +being changed is a MACHINE account. Currently this is used +when Samba is being used as an NT Primary Domain Controller. + +This option is only available when running smbpasswd as root. +.TP +\fB-U username\fR +This option may only be used in conjunction +with the \fI-r\fR option. When changing +a password on a remote machine it allows the user to specify +the user name on that machine whose password will be changed. It +is present to allow users who have different user names on +different systems to change these passwords. +.TP +\fB-h\fR +This option prints the help string for \fB smbpasswd\fR, selecting the correct one for running as root +or as an ordinary user. +.TP +\fB-s\fR +This option causes smbpasswd to be silent (i.e. +not issue prompts) and to read its old and new passwords from +standard input, rather than from \fI/dev/tty\fR +(like the \fBpasswd(1)\fR program does). This option +is to aid people writing scripts to drive smbpasswd +.TP +\fB-w password\fR +This parameter is only available is Samba +has been configured to use the experiemental +\fB--with-ldapsam\fR option. The \fI-w\fR +switch is used to specify the password to be used with the +\fIldap admin +dn\fR. Note that the password is stored in +the \fIprivate/secrets.tdb\fR and is keyed off +of the admin's DN. This means that if the value of \fIldap +admin dn\fR ever changes, the password will beed to be +manually updated as well. +.TP +\fBusername\fR +This specifies the username for all of the +\fBroot only\fR options to operate on. Only root +can specify this parameter as only root has the permission needed +to modify attributes directly in the local smbpasswd file. +.SH "NOTES" +.PP +Since \fBsmbpasswd\fR works in client-server +mode communicating with a local smbd for a non-root user then +the smbd daemon must be running for this to work. A common problem +is to add a restriction to the hosts that may access the \fB smbd\fR running on the local machine by specifying a +\fIallow hosts\fR or \fIdeny hosts\fR +entry in the \fIsmb.conf\fR file and neglecting to +allow "localhost" access to the smbd. +.PP +In addition, the smbpasswd command is only useful if Samba +has been set up to use encrypted passwords. See the file +\fIENCRYPTION.txt\fR in the docs directory for details +on how to do this. +.SH "VERSION" +.PP +This man page is correct for version 3.0 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fIsmbpasswd(5)\fR, +samba(7) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbrun.1 b/docs/manpages/smbrun.1 deleted file mode 100644 index 1608d3bb345..00000000000 --- a/docs/manpages/smbrun.1 +++ /dev/null @@ -1,70 +0,0 @@ -.TH SMBRUN 1 17/1/1995 smbrun smbrun -.SH NAME -smbrun \- interface program between smbd and external programs -.SH SYNOPSIS -.B smbrun -.I shell-command -.SH DESCRIPTION -This program is part of the Samba suite. - -.B smbrun -is a very small 'glue' program, which runs shell commands for -the -.B smbd -daemon (see -.B smbd(8)). - -It first changes to the highest effective user and group ID that it can, -then runs the command line provided using the system() call. This program is -necessary to allow some operating systems to run external programs as non-root. -.SH OPTIONS -.I shell-command - -.RS 3 -The shell command to execute. - -The command should have a fully-qualified path. -.RE -.SH ENVIRONMENT VARIABLES -The PATH variable set for the environment in which -.B smbrun -is executed will affect what executables are located and executed if a -fully-qualified path is not given in the command. - -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B smbrun -program be installed under the /usr/local hierarchy, in a directory readable -by all, writeable only by root. The program should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B smbd(8), -.B smb.conf(8) -.SH DIAGNOSTICS -If smbrun cannot be located or cannot be executed by -.B smbd -then appropriate messages will be found in the smbd logs. Other diagnostics are -dependent on the shell-command being run. It is advisable for your shell -commands to issue suitable diagnostics to aid trouble-shooting. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -This man page was written by Karl Auer (Karl.Auer@anu.edu.au) - -See -.B smb.conf(5) for a full list of contributors and details of how to -submit bug reports, comments etc. diff --git a/docs/manpages/smbsh.1 b/docs/manpages/smbsh.1 new file mode 100644 index 00000000000..130df3582b0 --- /dev/null +++ b/docs/manpages/smbsh.1 @@ -0,0 +1,74 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBSH" "1" "28 January 2002" "" "" +.SH NAME +smbsh \- Allows access to Windows NT filesystem using UNIX commands +.SH SYNOPSIS +.sp +\fBsmbsh\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBsmbsh\fR allows you to access an NT filesystem +using UNIX commands such as \fBls\fR, \fB egrep\fR, and \fBrcp\fR. You must use a +shell that is dynamically linked in order for \fBsmbsh\fR +to work correctly. +.PP +To use the \fBsmbsh\fR command, execute \fB smbsh\fR from the prompt and enter the username and password +that authenticates you to the machine running the Windows NT +operating system. +.PP +.sp +.nf + system% \fBsmbsh\fR + Username: \fBuser\fR + Password: \fBXXXXXXX\fR + +.sp +.fi +.PP +Any dynamically linked command you execute from +this shell will access the \fI/smb\fR directory +using the smb protocol. For example, the command \fBls /smb +\fRwill show a list of workgroups. The command +\fBls /smb/MYGROUP \fR will show all the machines in +the workgroup MYGROUP. The command +\fBls /smb/MYGROUP/\fR will show the share +names for that machine. You could then, for example, use the \fB cd\fR command to change directories, \fBvi\fR to +edit files, and \fBrcp\fR to copy files. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "BUGS" +.PP +\fBsmbsh\fR works by intercepting the standard +libc calls with the dynamically loaded versions in \fI smbwrapper.o\fR. Not all calls have been "wrapped", so +some programs may not function correctly under \fBsmbsh +\fR\&. +.PP +Programs which are not dynamically linked cannot make +use of \fBsmbsh\fR's functionality. Most versions +of UNIX have a \fBfile\fR command that will +describe how a program was linked. +.SH "SEE ALSO" +.PP +\fBsmbd(8)\fR, +smb.conf(5) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbspool.8 b/docs/manpages/smbspool.8 new file mode 100644 index 00000000000..779ba4921f1 --- /dev/null +++ b/docs/manpages/smbspool.8 @@ -0,0 +1,102 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBSPOOL" "8" "28 January 2002" "" "" +.SH NAME +smbspool \- send print file to an SMB printer +.SH SYNOPSIS +.sp +\fBsmbspool\fR [ \fBjob\fR ] [ \fBuser\fR ] [ \fBtitle\fR ] [ \fBcopies\fR ] [ \fBoptions\fR ] [ \fBfilename\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +smbspool is a very small print spooling program that +sends a print file to an SMB printer. The command-line arguments +are position-dependent for compatibility with the Common UNIX +Printing System, but you can use smbspool with any printing system +or from a program or script. +.PP +\fBDEVICE URI\fR +.PP +smbspool specifies the destination using a Uniform Resource +Identifier ("URI") with a method of "smb". This string can take +a number of forms: +.TP 0.2i +\(bu +smb://server/printer +.TP 0.2i +\(bu +smb://workgroup/server/printer +.TP 0.2i +\(bu +smb://username:password@server/printer +.TP 0.2i +\(bu +smb://username:password@workgroup/server/printer +.PP +smbspool tries to get the URI from argv[0]. If argv[0] +contains the name of the program then it looks in the \fB DEVICE_URI\fR environment variable. +.PP +.PP +Programs using the \fBexec(2)\fR functions can +pass the URI in argv[0], while shell scripts must set the +\fBDEVICE_URI\fR environment variable prior to +running smbspool. +.PP +.SH "OPTIONS" +.TP 0.2i +\(bu +The job argument (argv[1]) contains the +job ID number and is presently not used by smbspool. +.TP 0.2i +\(bu +The user argument (argv[2]) contains the +print user's name and is presently not used by smbspool. +.TP 0.2i +\(bu +The title argument (argv[3]) contains the +job title string and is passed as the remote file name +when sending the print job. +.TP 0.2i +\(bu +The copies argument (argv[4]) contains +the number of copies to be printed of the named file. If +no filename is provided than this argument is not used by +smbspool. +.TP 0.2i +\(bu +The options argument (argv[5]) contains +the print options in a single string and is presently +not used by smbspool. +.TP 0.2i +\(bu +The filename argument (argv[6]) contains the +name of the file to print. If this argument is not specified +then the print file is read from the standard input. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbd(8)\fR, +and samba(7). +.SH "AUTHOR" +.PP +\fBsmbspool\fR was written by Michael Sweet +at Easy Software Products. +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbstatus.1 b/docs/manpages/smbstatus.1 index 76dc50cbb53..1f5d4f75712 100644 --- a/docs/manpages/smbstatus.1 +++ b/docs/manpages/smbstatus.1 @@ -1,52 +1,77 @@ -.TH SMBSTATUS 1 17/1/1995 smbstatus smbstatus +.\" This manpage has been automatically generated by docbook2man +.\" from a DocBook document. This tool can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBSTATUS" "1" "28 March 2002" "" "" .SH NAME smbstatus \- report on current Samba connections .SH SYNOPSIS -.B smbstatus -[-d] -[-s -.I configuration file -] -.SH DESCRIPTION -This program is part of the Samba suite. -.B smbstatus -is a very simple program to list the current Samba connections +\fBsmbstatus\fR [ \fB-P\fR] [ \fB-b\fR] [ \fB-d \fR] [ \fB-v\fR] [ \fB-L\fR] [ \fB-B\fR] [ \fB-p\fR] [ \fB-S\fR] [ \fB-s \fR] [ \fB-u \fR] -Just run the program and the output is self explanatory. You can offer -a configuration filename to override the default. The default is -CONFIGFILE from the Makefile. - -Option -.I -d +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBsmbstatus\fR is a very simple program to +list the current Samba connections. +.SH "OPTIONS" +.TP +\fB-P|--profile\fR +If samba has been compiled with the +profiling option, print only the contents of the profiling +shared memory area. +.TP +\fB-b|--brief\fR +gives brief output. +.TP +\fB-d|--debug=\fR +sets debugging to specified level +.TP +\fB-v|--verbose\fR gives verbose output. - -.I -p -print a list of smbd processes and exit. Useful for scripting. - -.SH ENVIRONMENT VARIABLES -Not applicable. - -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B smbstatus -program be installed under the /usr/local hierarchy, in a directory readable -by all, writeable only by root. The program itself should be executable by all. - -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B smb.conf(5), -.B smbd(8) - -See -.B smb.conf(5) for a full list of contributors and details on how to -submit bug reports, comments etc. +.TP +\fB-L|--locks\fR +causes smbstatus to only list locks. +.TP +\fB-B|--byterange\fR +causes smbstatus to include byte range locks. +.TP +\fB-p|--processes\fR +print a list of \fBsmbd(8)\fRprocesses and exit. +Useful for scripting. +.TP +\fB-S|--shares\fR +causes smbstatus to only list shares. +.TP +\fB-s|--conf=\fR +The default configuration file name is +determined at compile time. The file specified contains the +configuration details required by the server. See \fIsmb.conf(5)\fR +for more information. +.TP +\fB-u|--user=\fR +selects information relevant to +\fIusername\fR only. +.SH "VERSION" +.PP +This man page is correct for version 3.0 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbd(8)\fRand +smb.conf(5). +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/smbtar.1 b/docs/manpages/smbtar.1 index 0f1c38c271f..b9bbf3df15e 100644 --- a/docs/manpages/smbtar.1 +++ b/docs/manpages/smbtar.1 @@ -1,167 +1,120 @@ -.TH SMBTAR 1 18/2/96 smbtar smbtar +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBTAR" "1" "28 January 2002" "" "" .SH NAME -smbtar \- shell script for backing up SMB shares directly to UNIX tape drive +smbtar \- shell script for backing up SMB/CIFS shares directly to UNIX tape drives .SH SYNOPSIS -.B smbtar -.B \-s -.I server -.B [ \-p -.I password -.B ] -.B [ \-x -.I service -.B ] -.B [ \-X ] -.B [ \-d -.I directory -.B ] -.B [ \-u -.I user -.B ] -.B [ \-t -.I tape -.B ] -.B [ \-b -.I blocksize -.B ] -.B [ \-N -.I filename -.B ] -.B [ \-i ] -.B [ \-r ] -.B [ \-l ] -.B [ \-v ] -.I filenames... - -.SH DESCRIPTION -This program is an extension to the Samba suite. - -.B smbtar -is a very small shell script on top of smbclient, which dumps SMB -shares directly to tape. - -.SH OPTIONS -.B \-s -.I server -.RS 3 -The PC that the share resides upon. -.RE - -.B \-x -.I service -.RS 3 -The share name on the PC to connect to. Default: -.I backup. -.RE - -.B \-X -.RS 3 -Exclude mode. Exclude -.I filenames... -from tar create or restore. -.RE - -.B \-d -.I directory -.RS 3 -Change to initial -.I directory -before restoring / backing up files. -.RE - -.B \-v -.RS 3 +.sp +\fBsmbtar\fR \fB-s server\fR [ \fB-p password\fR ] [ \fB-x services\fR ] [ \fB-X\fR ] [ \fB-d directory\fR ] [ \fB-u user\fR ] [ \fB-t tape\fR ] [ \fB-t tape\fR ] [ \fB-b blocksize\fR ] [ \fB-N filename\fR ] [ \fB-i\fR ] [ \fB-r\fR ] [ \fB-l loglevel\fR ] [ \fB-v\fR ] \fBfilenames\fR +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBsmbtar\fR is a very small shell script on top +of \fBsmbclient(1)\fR +which dumps SMB shares directly to tape. +.SH "OPTIONS" +.TP +\fB-s server\fR +The SMB/CIFS server that the share resides +upon. +.TP +\fB-x service\fR +The share name on the server to connect to. +The default is "backup". +.TP +\fB-X\fR +Exclude mode. Exclude filenames... from tar +create or restore. +.TP +\fB-d directory\fR +Change to initial \fIdirectory +\fRbefore restoring / backing up files. +.TP +\fB-v\fR Verbose mode. -.RE - -.B \-p -.I password - -.RS 3 -The password to use to access a share. Default: none -.RE - -.B \-u -.I user -.RS 3 -The user id to connect as. Default: UNIX login name. -.RE - -.B \-t -.I tape -.RS 3 -Tape device. May be regular file or tape device. Default: Tape environmental -variable; if not set, a file called -.I tar.out. -.RE - -.B \-b -.I blocksize -.RS 3 -Blocking factor. Defaults to 20. See tar(1) for a fuller explanation. -.RE - -.B \-N -.I filename -.RS 3 -Backup only files newer than filename. Could be used (for example) on a log -file to implement incremental backups. -.RE - -.B \-i -.RS 3 -Incremental mode; tar files are only backed up if they have the -archive bit set. The archive bit is reset after each file is read. -.RE - -.B \-r -.RS 3 -Restore. Files are restored to the share from the tar file. -.RE - -.B \-l -.RS 3 -Debug level. Corresponds to -d flag on smbclient(1). -.RE - -.SH ENVIRONMENT VARIABLES -The TAPE variable specifies the default tape device to write to. May -be overidden with the -t option. - -.SH BUGS -The smbtar script has different options from ordinary tar and tar -called from smbclient. - -.SH CAVEATS -Sites that are more careful about security may not like the way -the script handles PC passwords. Backup and restore work on entire shares, -should work on file lists. - -.SH VERSION -This man page is correct for version 1.9.15p8 of the Samba suite. - -.SH SEE ALSO -.B smbclient -(8), -.B smb.conf -(8) -.SH DIAGNOSTICS -See diagnostics for -.B smbclient +.TP +\fB-p password\fR +The password to use to access a share. +Default: none +.TP +\fB-u user\fR +The user id to connect as. Default: +UNIX login name. +.TP +\fB-t tape\fR +Tape device. May be regular file or tape +device. Default: \fI$TAPE\fR environmental +variable; if not set, a file called \fItar.out +\fR\&. +.TP +\fB-b blocksize\fR +Blocking factor. Defaults to 20. See +\fBtar(1)\fR for a fuller explanation. +.TP +\fB-N filename\fR +Backup only files newer than filename. Could +be used (for example) on a log file to implement incremental +backups. +.TP +\fB-i\fR +Incremental mode; tar files are only backed +up if they have the archive bit set. The archive bit is reset +after each file is read. +.TP +\fB-r\fR +Restore. Files are restored to the share +from the tar file. +.TP +\fB-l log level\fR +Log (debug) level. Corresponds to the +\fI-d\fR flag of \fBsmbclient(1) +\fR\&. +.SH "ENVIRONMENT VARIABLES" +.PP +The \fI$TAPE\fR variable specifies the +default tape device to write to. May be overridden +with the -t option. +.SH "BUGS" +.PP +The \fBsmbtar\fR script has different +options from ordinary tar and tar called from smbclient. +.SH "CAVEATS" +.PP +Sites that are more careful about security may not like +the way the script handles PC passwords. Backup and restore work +on entire shares, should work on file lists. smbtar works best +with GNU tar and may not work well with other versions. +.SH "DIAGNOSTICS" +.PP +See the \fBDIAGNOSTICS\fR section for the +\fBsmbclient(1)\fR command. - -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -Ricky Poulten (poultenr@logica.co.uk) wrote the tar extension and this -man page. The smbtar script was heavily rewritten and improved by -Martin Kraemer . Many thanks to everyone -who suggested extensions, improvements, bug fixes, etc. - -See -.B smb.conf -(5) for a full list of contributors and details of how to submit bug reports, -comments etc. - +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBsmbd(8)\fR, +\fBsmbclient(1)\fR, +smb.conf(5), +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +Ricky Poulten +wrote the tar extension and this man page. The \fBsmbtar\fR +script was heavily rewritten and improved by Martin Kraemer . Many +thanks to everyone who suggested extensions, improvements, bug +fixes, etc. The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter. diff --git a/docs/manpages/smbumount.8 b/docs/manpages/smbumount.8 new file mode 100644 index 00000000000..bf64061e3a5 --- /dev/null +++ b/docs/manpages/smbumount.8 @@ -0,0 +1,42 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SMBUMOUNT" "8" "28 January 2002" "" "" +.SH NAME +smbumount \- smbfs umount for normal users +.SH SYNOPSIS +.sp +\fBsmbumount\fR \fBmount-point\fR +.SH "DESCRIPTION" +.PP +With this program, normal users can unmount smb-filesystems, +provided that it is suid root. \fBsmbumount\fR has +been written to give normal Linux users more control over their +resources. It is safe to install this program suid root, because only +the user who has mounted a filesystem is allowed to unmount it again. +For root it is not necessary to use smbumount. The normal umount +program works perfectly well, but it would certainly be problematic +to make umount setuid root. +.SH "OPTIONS" +.TP +\fBmount-point\fR +The directory to unmount. +.SH "SEE ALSO" +.PP +\fBsmbmount(8)\fR + +.SH "AUTHOR" +.PP +Volker Lendecke, Andrew Tridgell, Michael H. Warfield +and others. +.PP +The current maintainer of smbfs and the userspace +tools \fBsmbmount\fR, \fBsmbumount\fR, +and \fBsmbmnt\fR is Urban Widmark . +The SAMBA Mailing list +is the preferred place to ask questions regarding these programs. +.PP +The conversion of this manpage for Samba 2.2 was performed +by Gerald Carter diff --git a/docs/manpages/swat.8 b/docs/manpages/swat.8 new file mode 100644 index 00000000000..e42d9638062 --- /dev/null +++ b/docs/manpages/swat.8 @@ -0,0 +1,140 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "SWAT" "8" "28 January 2002" "" "" +.SH NAME +swat \- Samba Web Administration Tool +.SH SYNOPSIS +.sp +\fBswat\fR [ \fB-s \fR ] [ \fB-a\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBswat\fR allows a Samba administrator to +configure the complex \fI smb.conf(5)\fRfile via a Web browser. In addition, +a \fBswat\fR configuration page has help links +to all the configurable options in the \fIsmb.conf\fR file allowing an +administrator to easily look up the effects of any change. +.PP +\fBswat\fR is run from \fBinetd\fR +.SH "OPTIONS" +.TP +\fB-s smb configuration file\fR +The default configuration file path is +determined at compile time. The file specified contains +the configuration details required by the \fBsmbd +\fRserver. This is the file that \fBswat\fR will modify. +The information in this file includes server-specific +information such as what printcap file to use, as well as +descriptions of all the services that the server is to provide. +See \fIsmb.conf\fR for more information. +.TP +\fB-a\fR +This option disables authentication and puts +\fBswat\fR in demo mode. In that mode anyone will be able to modify +the \fIsmb.conf\fR file. + +\fBDo NOT enable this option on a production +server. \fR +.SH "INSTALLATION" +.PP +After you compile SWAT you need to run \fBmake install +\fRto install the \fBswat\fR binary +and the various help files and images. A default install would put +these in: +.TP 0.2i +\(bu +/usr/local/samba/bin/swat +.TP 0.2i +\(bu +/usr/local/samba/swat/images/* +.TP 0.2i +\(bu +/usr/local/samba/swat/help/* +.SS "INETD INSTALLATION" +.PP +You need to edit your \fI/etc/inetd.conf +\fRand \fI/etc/services\fR +to enable SWAT to be launched via \fBinetd\fR. +.PP +In \fI/etc/services\fR you need to +add a line like this: +.PP +\fBswat 901/tcp\fR +.PP +Note for NIS/YP users - you may need to rebuild the +NIS service maps rather than alter your local \fI /etc/services\fR file. +.PP +the choice of port number isn't really important +except that it should be less than 1024 and not currently +used (using a number above 1024 presents an obscure security +hole depending on the implementation details of your +\fBinetd\fR daemon). +.PP +In \fI/etc/inetd.conf\fR you should +add a line like this: +.PP +\fBswat stream tcp nowait.400 root +/usr/local/samba/bin/swat swat\fR +.PP +One you have edited \fI/etc/services\fR +and \fI/etc/inetd.conf\fR you need to send a +HUP signal to inetd. To do this use \fBkill -1 PID +\fRwhere PID is the process ID of the inetd daemon. +.SS "LAUNCHING" +.PP +To launch SWAT just run your favorite web browser and +point it at "http://localhost:901/". +.PP +Note that you can attach to SWAT from any IP connected +machine but connecting from a remote machine leaves your +connection open to password sniffing as passwords will be sent +in the clear over the wire. +.SH "FILES" +.TP +\fB\fI/etc/inetd.conf\fB\fR +This file must contain suitable startup +information for the meta-daemon. +.TP +\fB\fI/etc/services\fB\fR +This file must contain a mapping of service name +(e.g., swat) to service port (e.g., 901) and protocol type +(e.g., tcp). +.TP +\fB\fI/usr/local/samba/lib/smb.conf\fB\fR +This is the default location of the \fIsmb.conf(5) +\fRserver configuration file that swat edits. Other +common places that systems install this file are \fI /usr/samba/lib/smb.conf\fR and \fI/etc/smb.conf +\fR\&. This file describes all the services the server +is to make available to clients. +.SH "WARNINGS" +.PP +\fBswat\fR will rewrite your \fIsmb.conf +\fRfile. It will rearrange the entries and delete all +comments, \fIinclude=\fR and \fIcopy=" +\fRoptions. If you have a carefully crafted \fI smb.conf\fR then back it up or don't use swat! +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBinetd(5)\fR, +\fBsmbd(8)\fR, +smb.conf(5) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/testparm.1 b/docs/manpages/testparm.1 index 4a0ffcbc489..21b66661331 100644 --- a/docs/manpages/testparm.1 +++ b/docs/manpages/testparm.1 @@ -1,104 +1,100 @@ -.TH TESTPARM 1 17/1/1995 testparm testparm +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "TESTPARM" "1" "28 January 2002" "" "" .SH NAME -testparm \- check an smbd configuration file for internal correctness +testparm \- check an smb.conf configuration file for internal correctness .SH SYNOPSIS -.B testparm -[ -.I configfilename -[ -.I hostname -.I hostIP -] -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B testparm -is a very simple test program to check an -.B smbd -configuration -file for internal correctness. If this program reports no problems, you can use -the configuration file with confidence that smbd will successfully -load the configuration file. - -Note that this is NOT a guarantee that the services specified in the -configuration file will be available or will operate as expected. - -If the optional host name and host IP address are specified on the -command line, this test program will run through the service entries -reporting whether the specified host has access to each service. -.SH OPTIONS -.I configfilename - -.RS 3 -This is the name of the configuration file to check. -.RE - -.I hostname - -.RS 3 -This is the name of the host to check access on. - -If this parameter is supplied, the -.I hostIP -parameter must also be supplied, or strange things may happen. -.RE - -.I hostIP - -.RS 3 -This is the IP number of the host specified in the previous parameter. - -This number must be supplied if the -.I hostname -parameter is supplied, or strange things may happen. -.RE -.SH FILES -.B smb.conf -.RS 3 -This is usually the name of the configuration file used by smbd. -.RE -.SH ENVIRONMENT VARIABLES -Not applicable. - -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B testparm -program be installed under the /usr/local hierarchy, in a directory readable -by all, writeable only by root. The program itself should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B smb.conf(5), -.B smbd(8) -.SH DIAGNOSTICS -The program will issue a message saying whether the configuration file loaded -OK or not. This message may be preceded by errors and warnings if the file -did not load. If the file was loaded OK, the program then dumps all known -service details to stdout. - -If a host name is specified but no host IP number, all bets are off. - -Other messages are self-explanatory. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -The testparm program and this man page were written by Karl Auer -(Karl.Auer@anu.edu.au) - -See -.B samba(7) for a full list of contributors and details on how to -submit bug reports, comments etc. +.sp +\fBtestparm\fR [ \fB-s\fR ] [ \fB-h\fR ] [ \fB-L \fR ] \fBconfig filename\fR [ \fBhostname hostIP\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBtestparm\fR is a very simple test program +to check an \fBsmbd\fR configuration file for +internal correctness. If this program reports no problems, you +can use the configuration file with confidence that \fBsmbd +\fRwill successfully load the configuration file. +.PP +Note that this is \fBNOT\fR a guarantee that +the services specified in the configuration file will be +available or will operate as expected. +.PP +If the optional host name and host IP address are +specified on the command line, this test program will run through +the service entries reporting whether the specified host +has access to each service. +.PP +If \fBtestparm\fR finds an error in the \fI smb.conf\fR file it returns an exit code of 1 to the calling +program, else it returns an exit code of 0. This allows shell scripts +to test the output from \fBtestparm\fR. +.SH "OPTIONS" +.TP +\fB-s\fR +Without this option, \fBtestparm\fR +will prompt for a carriage return after printing the service +names and before dumping the service definitions. +.TP +\fB-h\fR +Print usage message +.TP +\fB-L servername\fR +Sets the value of the %L macro to \fIservername\fR. +This is useful for testing include files specified with the +%L macro. +.TP +\fBconfigfilename\fR +This is the name of the configuration file +to check. If this parameter is not present then the +default \fIsmb.conf\fR file will be checked. +.TP +\fBhostname\fR +If this parameter and the following are +specified, then \fBtestparm\fR will examine the \fIhosts +allow\fR and \fIhosts deny\fR +parameters in the \fIsmb.conf\fR file to +determine if the hostname with this IP address would be +allowed access to the \fBsmbd\fR server. If +this parameter is supplied, the hostIP parameter must also +be supplied. +.TP +\fBhostIP\fR +This is the IP address of the host specified +in the previous parameter. This address must be supplied +if the hostname parameter is supplied. +.SH "FILES" +.TP +\fB\fIsmb.conf\fB\fR +This is usually the name of the configuration +file used by \fBsmbd\fR. +.SH "DIAGNOSTICS" +.PP +The program will issue a message saying whether the +configuration file loaded OK or not. This message may be preceded by +errors and warnings if the file did not load. If the file was +loaded OK, the program then dumps all known service details +to stdout. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fIsmb.conf(5)\fR, +\fBsmbd(8)\fR +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/testprns.1 b/docs/manpages/testprns.1 index f1c3d3ef020..bc1a27b198f 100644 --- a/docs/manpages/testprns.1 +++ b/docs/manpages/testprns.1 @@ -1,107 +1,90 @@ -.TH TESTPRNS 1 17/1/1995 testprns testprns +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "TESTPRNS" "1" "28 January 2002" "" "" .SH NAME testprns \- check printer name for validity with smbd .SH SYNOPSIS -.B testprns -.I printername -[ -.I printcapname -] -.SH DESCRIPTION -This program is part of the Samba suite. - -.B testprns -is a very simple test program to determine whether a given -printer name is valid for use in a service to be provided by -.B smbd. - -"Valid" in this context means "can be found in the printcap specified". This -program is very stupid - so stupid in fact that it would be wisest to always -specify the printcap file to use. -.SH OPTIONS -.I printername - -.RS 3 +.sp +\fBtestprns\fR \fBprintername\fR [ \fBprintcapname\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +\fBtestprns\fR is a very simple test program +to determine whether a given printer name is valid for use in +a service to be provided by \fB smbd(8)\fR. +.PP +"Valid" in this context means "can be found in the +printcap specified". This program is very stupid - so stupid in +fact that it would be wisest to always specify the printcap file +to use. +.SH "OPTIONS" +.TP +\fBprintername\fR The printer name to validate. -Printer names are taken from the first field in each record in the printcap -file, single printer names and sets of aliases separated by vertical bars -("|") are recognised. Note that no validation or checking of the printcap -syntax is done beyond that required to extract the printer name. It may -be that the print spooling system is more forgiving or less forgiving -than -.B testprns -however if -.B testprns -finds the printer then smbd should do as well. - -.RE - -.I printcapname - -.RS 3 -This is the name of the printcap file to search for the given printer name -in. - -If no printcap name is specified, -.B testprns -will attempt to scan the printcap file specified at compile time -(PRINTCAP_NAME). -.RE -.SH FILES -.B /etc/printcap -.RS 3 -This is usually the default printcap file to scan. See -.B printcap(5)). -.RE -.SH ENVIRONMENT VARIABLES -Not applicable. - -.SH INSTALLATION -The location of the server and its support files is a matter for individual -system administrators. The following are thus suggestions only. - -It is recommended that the -.B testprns -program be installed under the /usr/local hierarchy, in a directory readable -by all, writeable only by root. The program should be executable by all. -The program should NOT be setuid or setgid! -.SH VERSION -This man page is (mostly) correct for version 1.9.00 of the Samba suite, plus some -of the recent patches to it. These notes will necessarily lag behind -development of the software, so it is possible that your version of -the program has extensions or parameter semantics that differ from or are not -covered by this man page. Please notify these to the address below for -rectification. -.SH SEE ALSO -.B printcap(5), -.B smbd(8), -.B smbclient(1) -.SH DIAGNOSTICS -If a printer is found to be valid, the message "Printer name is -valid" will be displayed. - -If a printer is found to be invalid, the message "Printer name -is not valid" will be displayed. - -All messages that would normally be logged during operation of smbd are -logged by this program to the file -.I test.log -in the current directory. The program runs at debuglevel 3, so quite extensive -logging information is written. The log should be checked carefully for errors -and warnings. - -Other messages are self-explanatory. -.SH BUGS -None known. -.SH CREDITS -The original Samba software and related utilities were created by -Andrew Tridgell (samba-bugs@anu.edu.au). Andrew is also the Keeper -of the Source for this project. - -The testprns program and this man page were written by Karl Auer -(Karl.Auer@anu.edu.au) +Printer names are taken from the first field in each +record in the printcap file, single printer names and sets +of aliases separated by vertical bars ("|") are recognized. +Note that no validation or checking of the printcap syntax is +done beyond that required to extract the printer name. It may +be that the print spooling system is more forgiving or less +forgiving than \fBtestprns\fR. However, if +\fBtestprns\fR finds the printer then +\fBsmbd\fR should do so as well. +.TP +\fBprintcapname\fR +This is the name of the printcap file within +which to search for the given printer name. -See -.B samba(7) for a full list of contributors and details of how to -submit bug reports, comments etc. +If no printcap name is specified \fBtestprns +\fRwill attempt to scan the printcap file name +specified at compile time. +.SH "FILES" +.TP +\fB\fI/etc/printcap\fB\fR +This is usually the default printcap +file to scan. See \fIprintcap (5)\fR. +.SH "DIAGNOSTICS" +.PP +If a printer is found to be valid, the message +"Printer name is valid" will be +displayed. +.PP +If a printer is found to be invalid, the message +"Printer name is not valid" will be +displayed. +.PP +All messages that would normally be logged during +operation of the Samba daemons are logged by this program to the +file \fItest.log\fR in the current directory. The +program runs at debuglevel 3, so quite extensive logging +information is written. The log should be checked carefully +for errors and warnings. +.PP +Other messages are self-explanatory. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fIprintcap(5)\fR, +\fBsmbd(8)\fR, +\fBsmbclient(1)\fR +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +The original Samba man pages were written by Karl Auer. +The man page sources were converted to YODL format (another +excellent piece of Open Source software, available at +ftp://ftp.icce.rug.nl/pub/unix/ ) and updated for the Samba 2.0 +release by Jeremy Allison. The conversion to DocBook for +Samba 2.2 was done by Gerald Carter diff --git a/docs/manpages/wbinfo.1 b/docs/manpages/wbinfo.1 new file mode 100644 index 00000000000..9537af287b8 --- /dev/null +++ b/docs/manpages/wbinfo.1 @@ -0,0 +1,118 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "WBINFO" "1" "28 January 2002" "" "" +.SH NAME +wbinfo \- Query information from winbind daemon +.SH SYNOPSIS +.sp +\fBwbinfo\fR [ \fB-u\fR ] [ \fB-g\fR ] [ \fB-n name\fR ] [ \fB-s sid\fR ] [ \fB-U uid\fR ] [ \fB-G gid\fR ] [ \fB-S sid\fR ] [ \fB-Y sid\fR ] [ \fB-t\fR ] [ \fB-m\fR ] [ \fB-a user%password\fR ] [ \fB-p\fR ] +.SH "DESCRIPTION" +.PP +This tool is part of the Sambasuite. +.PP +The \fBwbinfo\fR program queries and returns information +created and used by the \fB winbindd(8)\fRdaemon. +.PP +The \fBwinbindd(8)\fR daemon must be configured +and running for the \fBwbinfo\fR program to be able +to return information. +.SH "OPTIONS" +.TP +\fB-u\fR +This option will list all users available +in the Windows NT domain for which the \fBwinbindd(8) +\fRdaemon is operating in. Users in all trusted domains +will also be listed. Note that this operation does not assign +user ids to any users that have not already been seen by +\fBwinbindd(8)\fR. +.TP +\fB-g\fR +This option will list all groups available +in the Windows NT domain for which the \fBwinbindd(8) +\fRdaemon is operating in. Groups in all trusted domains +will also be listed. Note that this operation does not assign +group ids to any groups that have not already been seen by +\fBwinbindd(8)\fR. +.TP +\fB-n name\fR +The \fI-n\fR option +queries \fBwinbindd(8)\fR for the SID +associated with the name specified. Domain names can be specified +before the user name by using the winbind separator character. +For example CWDOM1/Administrator refers to the Administrator +user in the domain CWDOM1. If no domain is specified then the +domain used is the one specified in the \fIsmb.conf\fR +\fIworkgroup\fR parameter. +.TP +\fB-s sid\fR +Use \fI-s\fR to resolve +a SID to a name. This is the inverse of the \fI-n +\fRoption above. SIDs must be specified as ASCII strings +in the traditional Microsoft format. For example, +S-1-5-21-1455342024-3071081365-2475485837-500. +.TP +\fB-U uid\fR +Try to convert a UNIX user id to a Windows NT +SID. If the uid specified does not refer to one within +the winbind uid range then the operation will fail. +.TP +\fB-G gid\fR +Try to convert a UNIX group id to a Windows +NT SID. If the gid specified does not refer to one within +the winbind gid range then the operation will fail. +.TP +\fB-S sid\fR +Convert a SID to a UNIX user id. If the SID +does not correspond to a UNIX user mapped by \fB winbindd(8)\fR then the operation will fail. +.TP +\fB-Y sid\fR +Convert a SID to a UNIX group id. If the SID +does not correspond to a UNIX group mapped by \fB winbindd(8)\fR then the operation will fail. +.TP +\fB-t\fR +Verify that the workstation trust account +created when the Samba server is added to the Windows NT +domain is working. +.TP +\fB-m\fR +Produce a list of domains trusted by the +Windows NT server \fBwinbindd(8)\fR contacts +when resolving names. This list does not include the Windows +NT domain the server is a Primary Domain Controller for. +.TP +\fB-a username%password\fR +Attempt to authenticate a user via winbindd. +This checks both authenticaion methods and reports its results. +.TP +\fB-p\fR +Attempt a simple 'ping' check that the winbindd +is indeed alive. +.SH "EXIT STATUS" +.PP +The wbinfo program returns 0 if the operation +succeeded, or 1 if the operation failed. If the \fBwinbindd(8) +\fRdaemon is not working \fBwbinfo\fR will always return +failure. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fBwinbindd(8)\fR + +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +\fBwbinfo\fR and \fBwinbindd\fR +were written by Tim Potter. +.PP +The conversion to DocBook for Samba 2.2 was done +by Gerald Carter diff --git a/docs/manpages/winbindd.8 b/docs/manpages/winbindd.8 new file mode 100644 index 00000000000..cca62f25e4e --- /dev/null +++ b/docs/manpages/winbindd.8 @@ -0,0 +1,392 @@ +.\" This manpage has been automatically generated by docbook2man-spec +.\" from a DocBook document. docbook2man-spec can be found at: +.\" +.\" Please send any bug reports, improvements, comments, patches, +.\" etc. to Steve Cheng . +.TH "WINBINDD" "8" "28 January 2002" "" "" +.SH NAME +winbindd \- Name Service Switch daemon for resolving names from NT servers +.SH SYNOPSIS +.sp +\fBwinbindd\fR [ \fB-i\fR ] [ \fB-d \fR ] [ \fB-s \fR ] +.SH "DESCRIPTION" +.PP +This program is part of the Sambasuite. +.PP +\fBwinbindd\fR is a daemon that provides +a service for the Name Service Switch capability that is present +in most modern C libraries. The Name Service Switch allows user +and system information to be obtained from different databases +services such as NIS or DNS. The exact behaviour can be configured +throught the \fI/etc/nsswitch.conf\fR file. +Users and groups are allocated as they are resolved to a range +of user and group ids specified by the administrator of the +Samba system. +.PP +The service provided by \fBwinbindd\fR is called `winbind' and +can be used to resolve user and group information from a +Windows NT server. The service can also provide authentication +services via an associated PAM module. +.PP +The \fIpam_winbind\fR module in the 2.2.2 release only +supports the \fIauth\fR and \fIaccount\fR +module-types. The latter is simply +performs a getpwnam() to verify that the system can obtain a uid for the +user. If the \fIlibnss_winbind\fR library has been correctly +installed, this should always suceed. +.PP +The following nsswitch databases are implemented by +the winbindd service: +.TP +\fBpasswd\fR +User information traditionally stored in +the \fIpasswd(5)\fR file and used by +\fBgetpwent(3)\fR functions. +.TP +\fBgroup\fR +Group information traditionally stored in +the \fIgroup(5)\fR file and used by +\fBgetgrent(3)\fR functions. +.PP +For example, the following simple configuration in the +\fI/etc/nsswitch.conf\fR file can be used to initially +resolve user and group information from \fI/etc/passwd +\fRand \fI/etc/group\fR and then from the +Windows NT server. +.PP +.PP +.sp +.nf +passwd: files winbind +group: files winbind + +.sp +.fi +.PP +.SH "OPTIONS" +.TP +\fB-d debuglevel\fR +Sets the debuglevel to an integer between +0 and 100. 0 is for no debugging and 100 is for reams and +reams. To submit a bug report to the Samba Team, use debug +level 100 (see BUGS.txt). +.TP +\fB-i\fR +Tells \fBwinbindd\fR to not +become a daemon and detach from the current terminal. This +option is used by developers when interactive debugging +of \fBwinbindd\fR is required. +.SH "NAME AND ID RESOLUTION" +.PP +Users and groups on a Windows NT server are assigned +a relative id (rid) which is unique for the domain when the +user or group is created. To convert the Windows NT user or group +into a unix user or group, a mapping between rids and unix user +and group ids is required. This is one of the jobs that \fB winbindd\fR performs. +.PP +As winbindd users and groups are resolved from a server, user +and group ids are allocated from a specified range. This +is done on a first come, first served basis, although all existing +users and groups will be mapped as soon as a client performs a user +or group enumeration command. The allocated unix ids are stored +in a database file under the Samba lock directory and will be +remembered. +.PP +WARNING: The rid to unix id database is the only location +where the user and group mappings are stored by winbindd. If this +file is deleted or corrupted, there is no way for winbindd to +determine which user and group ids correspond to Windows NT user +and group rids. +.SH "CONFIGURATION" +.PP +Configuration of the \fBwinbindd\fR daemon +is done through configuration parameters in the \fIsmb.conf(5) +\fRfile. All parameters should be specified in the +[global] section of smb.conf. +.TP +\fBwinbind separator\fR +The winbind separator option allows you +to specify how NT domain names and user names are combined +into unix user names when presented to users. By default, +\fBwinbindd\fR will use the traditional '\\' +separator so that the unix user names look like +DOMAIN\\username. In some cases this separator character may +cause problems as the '\\' character has special meaning in +unix shells. In that case you can use the winbind separator +option to specify an alternative separator character. Good +alternatives may be '/' (although that conflicts +with the unix directory separator) or a '+ 'character. +The '+' character appears to be the best choice for 100% +compatibility with existing unix utilities, but may be an +aesthetically bad choice depending on your taste. + +Default: \fBwinbind separator = \\ \fR + +Example: \fBwinbind separator = + \fR +.TP +\fBwinbind uid\fR +The winbind uid parameter specifies the +range of user ids that are allocated by the winbindd daemon. +This range of ids should have no existing local or NIS users +within it as strange conflicts can occur otherwise. + +Default: \fBwinbind uid = +\fR +Example: \fBwinbind uid = 10000-20000\fR +.TP +\fBwinbind gid\fR +The winbind gid parameter specifies the +range of group ids that are allocated by the winbindd daemon. +This range of group ids should have no existing local or NIS +groups within it as strange conflicts can occur otherwise. + +Default: \fBwinbind gid = +\fR +Example: \fBwinbind gid = 10000-20000 +\fR.TP +\fBwinbind cache time\fR +This parameter specifies the number of +seconds the winbindd daemon will cache user and group information +before querying a Windows NT server again. When a item in the +cache is older than this time winbindd will ask the domain +controller for the sequence number of the server's account database. +If the sequence number has not changed then the cached item is +marked as valid for a further \fIwinbind cache time +\fRseconds. Otherwise the item is fetched from the +server. This means that as long as the account database is not +actively changing winbindd will only have to send one sequence +number query packet every \fIwinbind cache time +\fRseconds. + +Default: \fBwinbind cache time = 15\fR +.TP +\fBwinbind enum users\fR +On large installations it may be necessary +to suppress the enumeration of users through the \fB setpwent()\fR, \fBgetpwent()\fR and +\fBendpwent()\fR group of system calls. If +the \fIwinbind enum users\fR parameter is false, +calls to the \fBgetpwent\fR system call will not +return any data. + +\fBWarning:\fR Turning off user enumeration +may cause some programs to behave oddly. For example, the \fBfinger\fR +program relies on having access to the full user list when +searching for matching usernames. + +Default: \fBwinbind enum users = yes \fR +.TP +\fBwinbind enum groups\fR +On large installations it may be necessary +to suppress the enumeration of groups through the \fB setgrent()\fR, \fBgetgrent()\fR and +\fBendgrent()\fR group of system calls. If +the \fIwinbind enum groups\fR parameter is +false, calls to the \fBgetgrent()\fR system +call will not return any data. + +\fBWarning:\fR Turning off group +enumeration may cause some programs to behave oddly. + +Default: \fBwinbind enum groups = no \fR +.TP +\fBtemplate homedir\fR +When filling out the user information +for a Windows NT user, the \fBwinbindd\fR daemon +uses this parameter to fill in the home directory for that user. +If the string \fI%D\fR is present it is +substituted with the user's Windows NT domain name. If the +string \fI%U\fR is present it is substituted +with the user's Windows NT user name. + +Default: \fBtemplate homedir = /home/%D/%U \fR +.TP +\fBtemplate shell\fR +When filling out the user information for +a Windows NT user, the \fBwinbindd\fR daemon +uses this parameter to fill in the shell for that user. + +Default: \fBtemplate shell = /bin/false \fR +.TP +\fBwinbind use default domain\fR +This parameter specifies whether the \fBwinbindd\fR +daemon should operate on users without domain component in their username. +Users without a domain component are treated as is part of the winbindd server's +own domain. While this does not benifit Windows users, it makes SSH, FTP and e-mail +function in a way much closer to the way they would in a native unix system. + +Default: \fBwinbind use default domain = +\fR +Example: \fBwinbind use default domain = true\fR +.SH "EXAMPLE SETUP" +.PP +To setup winbindd for user and group lookups plus +authentication from a domain controller use something like the +following setup. This was tested on a RedHat 6.2 Linux box. +.PP +In \fI/etc/nsswitch.conf\fR put the +following: +.PP +.sp +.nf +passwd: files winbind +group: files winbind + +.sp +.fi +.PP +In \fI/etc/pam.d/*\fR replace the +\fIauth\fR lines with something like this: +.PP +.sp +.nf +auth required /lib/security/pam_securetty.so +auth required /lib/security/pam_nologin.so +auth sufficient /lib/security/pam_winbind.so +auth required /lib/security/pam_pwdb.so use_first_pass shadow nullok + +.sp +.fi +.PP +Note in particular the use of the \fIsufficient\fR +keyword and the \fIuse_first_pass\fR keyword. +.PP +Now replace the account lines with this: +.PP +\fBaccount required /lib/security/pam_winbind.so +\fR.PP +The next step is to join the domain. To do that use the +\fBsmbpasswd\fR program like this: +.PP +\fBsmbpasswd -j DOMAIN -r PDC -U +Administrator\fR +.PP +The username after the \fI-U\fR can be any +Domain user that has administrator privileges on the machine. +Substitute your domain name for "DOMAIN" and the name of your PDC +for "PDC". +.PP +Next copy \fIlibnss_winbind.so\fR to +\fI/lib\fR and \fIpam_winbind.so\fR +to \fI/lib/security\fR. A symbolic link needs to be +made from \fI/lib/libnss_winbind.so\fR to +\fI/lib/libnss_winbind.so.2\fR. If you are using an +older version of glibc then the target of the link should be +\fI/lib/libnss_winbind.so.1\fR. +.PP +Finally, setup a \fIsmb.conf\fR containing directives like the +following: +.PP +.sp +.nf +[global] + winbind separator = + + winbind cache time = 10 + template shell = /bin/bash + template homedir = /home/%D/%U + winbind uid = 10000-20000 + winbind gid = 10000-20000 + workgroup = DOMAIN + security = domain + password server = * + +.sp +.fi +.PP +Now start winbindd and you should find that your user and +group database is expanded to include your NT users and groups, +and that you can login to your unix box as a domain user, using +the DOMAIN+user syntax for the username. You may wish to use the +commands \fBgetent passwd\fR and \fBgetent group +\fRto confirm the correct operation of winbindd. +.SH "NOTES" +.PP +The following notes are useful when configuring and +running \fBwinbindd\fR: +.PP +\fBnmbd\fR must be running on the local machine +for \fBwinbindd\fR to work. \fBwinbindd\fR +queries the list of trusted domains for the Windows NT server +on startup and when a SIGHUP is received. Thus, for a running \fB winbindd\fR to become aware of new trust relationships between +servers, it must be sent a SIGHUP signal. +.PP +Client processes resolving names through the \fBwinbindd\fR +nsswitch module read an environment variable named \fB $WINBINDD_DOMAIN\fR. If this variable contains a comma separated +list of Windows NT domain names, then winbindd will only resolve users +and groups within those Windows NT domains. +.PP +PAM is really easy to misconfigure. Make sure you know what +you are doing when modifying PAM configuration files. It is possible +to set up PAM such that you can no longer log into your system. +.PP +If more than one UNIX machine is running \fBwinbindd\fR, +then in general the user and groups ids allocated by winbindd will not +be the same. The user and group ids will only be valid for the local +machine. +.PP +If the the Windows NT RID to UNIX user and group id mapping +file is damaged or destroyed then the mappings will be lost. +.SH "SIGNALS" +.PP +The following signals can be used to manipulate the +\fBwinbindd\fR daemon. +.TP +\fBSIGHUP\fR +Reload the \fIsmb.conf(5)\fR +file and apply any parameter changes to the running +version of winbindd. This signal also clears any cached +user and group information. The list of other domains trusted +by winbindd is also reloaded. +.TP +\fBSIGUSR1\fR +The SIGUSR1 signal will cause \fB winbindd\fR to write status information to the winbind +log file including information about the number of user and +group ids allocated by \fBwinbindd\fR. + +Log files are stored in the filename specified by the +log file parameter. +.SH "FILES" +.TP +\fB\fI/etc/nsswitch.conf(5)\fB\fR +Name service switch configuration file. +.TP +\fB/tmp/.winbindd/pipe\fR +The UNIX pipe over which clients communicate with +the \fBwinbindd\fR program. For security reasons, the +winbind client will only attempt to connect to the winbindd daemon +if both the \fI/tmp/.winbindd\fR directory +and \fI/tmp/.winbindd/pipe\fR file are owned by +root. +.TP +\fB/lib/libnss_winbind.so.X\fR +Implementation of name service switch library. +.TP +\fB$LOCKDIR/winbindd_idmap.tdb\fR +Storage for the Windows NT rid to UNIX user/group +id mapping. The lock directory is specified when Samba is initially +compiled using the \fI--with-lockdir\fR option. +This directory is by default \fI/usr/local/samba/var/locks +\fR\&. +.TP +\fB$LOCKDIR/winbindd_cache.tdb\fR +Storage for cached user and group information. +.SH "VERSION" +.PP +This man page is correct for version 2.2 of +the Samba suite. +.SH "SEE ALSO" +.PP +\fInsswitch.conf(5)\fR, +samba(7), +wbinfo(1), +smb.conf(5) +.SH "AUTHOR" +.PP +The original Samba software and related utilities +were created by Andrew Tridgell. Samba is now developed +by the Samba Team as an Open Source project similar +to the way the Linux kernel is developed. +.PP +\fBwbinfo\fR and \fBwinbindd\fR +were written by Tim Potter. +.PP +The conversion to DocBook for Samba 2.2 was done +by Gerald Carter diff --git a/docs/samba.lsm b/docs/samba.lsm deleted file mode 100644 index 503ba1ec94b..00000000000 --- a/docs/samba.lsm +++ /dev/null @@ -1,26 +0,0 @@ -Begin2 -Title = Samba -Version = 1.8.0 -Desc1 = Samba is a SMB based file and print server for unix. It -Desc2 = provides access to unix file and print services from -Desc3 = SMB compatible clients such as WinNT, WfWg, OS/2 -Desc4 = and Pathworks. It also includes a ftp-style unix client -Desc5 = and a netbios nameserver. -Author = Andrew Tridgell -AuthorEmail = samba-bugs@anu.edu.au -Maintainer = Andrew Tridgell -MaintEmail = samba-bugs@anu.edu.au -Site1 = nimbus.anu.edu.au -Path1 = pub/tridge/samba/ -File1 = samba-latest.tar.gz -FileSize1 = 200K -Required1 = Ansi-C compiler and a TCP/IP network. -CopyPolicy1 = GNU Public License -Keywords = LanManager, SMB, Networking -Comment1 = To join the Samba mailing list send mail to -Comment2 = listproc@listproc.anu.edu.au with a body of -Comment3 = "subscribe samba Your Name" -Entered = October 1994 -EnteredBy = Andrew Tridgell -End - diff --git a/docs/textdocs/ADS-HOWTO.txt b/docs/textdocs/ADS-HOWTO.txt new file mode 100644 index 00000000000..7a066c69ecf --- /dev/null +++ b/docs/textdocs/ADS-HOWTO.txt @@ -0,0 +1,142 @@ +Samba 3.0 prealpha guide to Kerberos authentication +--------------------------------------------------- + +Andrew Tridgell +tridge@samba.org + +This is a VERY ROUGH guide to setting up the current (November 2001) +pre-alpha version of Samba 3.0 with kerberos authentication against a +Windows2000 KDC. The procedures listed here are likely to change as +the code develops. + +Pieces you need before you begin: + +- a Windows 2000 server +- the latest CVS source code for Samba. See http://cvs.samba.org/ for how to + fetch this. +- the MIT kerberos development libraries (either install from the + above sources or use a package). Under debian you need "libkrb5-dev" + and "krb5-user". The heimdal libraries will not work. +- the OpenLDAP development libraries. + +On RedHat this means you should have at least: + +krb5-workstation (for kinit) +krb5-libs (for linking with) +krb5-devel (because you are compiling from source) + +in addition to the standard development environment. + +Note that these are not standard on a RedHat install, and you may need +to get them off CD2. + +Also check that you have the latest copy of this HOWTO. It is +available from http://samba.org/ftp/tridge/kerberos/HOWTO + +Step 1: Compile Samba + + If your kerberos libraries are in a non-standard location then + remember to add the configure option --with-krb5=DIR. + + After you run configure make sure that include/config.h contains + lines like this: + + #define HAVE_KRB5 1 + #define HAVE_LDAP 1 + + If it doesn't then configure did not find your krb5 libraries or + your ldap libraries. Look in config.log to figure out why and fix + it. + + Then compile and install Samba as usual. You must use at least the + following 3 options in smb.conf: + + realm = YOUR.KERBEROS.REALM + ads server = your.kerberos.server + security = ADS + encrypt passwords = yes + + Strictly speaking, you can omit the realm name and you can use an IP + address for the ads server. In that case Samba will auto-detect these. + + You do *not* need a smbpasswd file, although it won't do any harm + and if you have one then Samba will be able to fall back to normal + password security for older clients. I expect that the above + required options will change soon when we get better active + directory integration. + + +Step 2: Setup your /etc/krb5.conf + + The minimal configuration for krb5.conf is: + + [realms] + YOUR.KERBEROS.REALM = { + kdc = your.kerberos.server + } + + + Test your config by doing a "kinit USERNAME@REALM" and making sure that + your password is accepted by the Win2000 KDC. + + NOTE: The realm must be uppercase. + + You also must ensure that you can do a reverse DNS lookup on the IP + address of your KDC. Also, the name that this reverse lookup maps to + must either be the netbios name of the KDC (ie. the hostname with no + domain attached) or it can alternatively be the netbios name + followed by the realm. + + The easiest way to ensure you get this right is to add a /etc/hosts + entry mapping the IP address of your KDC to its netbios name. If you + don't get this right then you will get a "local error" when you try + to join the realm. + +* If all you want is kerberos support in smbclient then you can skip +* straight to step 5 now. Step 3 is only needed if you want kerberos +* support in smbd. + + +Step 3: Create the computer account + + Do a "kinit" as a user that has authority to change arbitrary + passwords on the KDC ("Administrator" is a good choice). Then as a + user that has write permission on the Samba private directory + (usually root) run: + + net ads join + + Possible errors: + - "bash: kinit: command not found": + - kinit is in the krb5-workstation RPM on RedHat systems, and is + in /usr/kerberos/bin, so it won't be in the path until + you log in again (or open a new terminal) + - "ADS support not compiled in" + - Samba must be reconfigured (remove config.cache) and + recompiled (make clean all install) after the kerberos libs + and headers are installed. + + +Step 4: Test your server setup + + On a Windows 2000 client try "net use * \\server\share". You should + be logged in with kerberos without needing to know a password. If + this fails then run "klist tickets". Did you get a ticket for the + server? Does it have an encoding type of DES-CBC-MD5 ? + +Step 5: Testing with smbclient + + On your Samba server try to login to a Win2000 server or your Samba + server using smbclient and kerberos. Use smbclient as usual, but + specify the -k option to choose kerberos authentication. + + +-------- + +NOTES: + - must change administrator password at least once after DC install, + to create the right encoding types + + - w2k doesn't seem to create the _kerberos._udp and _ldap._tcp in + their defaults DNS setup. Maybe fixed in service packs? + diff --git a/docs/textdocs/Application_Serving.txt b/docs/textdocs/Application_Serving.txt new file mode 100644 index 00000000000..6a61a99d7e0 --- /dev/null +++ b/docs/textdocs/Application_Serving.txt @@ -0,0 +1,56 @@ +Contributed: January 7, 1997 +Updated: March 24, 1998 +Contributor: John H Terpstra + Copyright (C) 1997 - John H Terpstra +Status: Current + +Subject: Using a Samba share as an administrative share for MS Office, etc. +============================================================================== + +Problem: +======== +Microsoft Office products can be installed as an administrative installation +from which the application can either be run off the administratively installed +product that resides on a shared resource, or from which that product can be +installed onto workstation clients. + +The general mechanism for implementing an adminstrative installation involves +running: + X:\setup /A, where X is the drive letter of either CDROM or floppy + +This installation process will NOT install the product for use per se, but +rather results in unpacking of the compressed distribution files into a target +shared folder. For this process you need write privilidge to the share and it +is desirable to enable file locking and share mode operation during this +process. + +Subsequent installation of MS Office from this share will FAIL unless certain +precautions are taken. This failure will be caused by share mode operation +which will prevent the MS Office installation process from re-opening various +dynamic link library files and will cause sporadic file not found problems. + +Solution: +========= +1. As soon as the administrative installation (unpacking) has completed + set the following parameters on the share containing it: + [MSOP95] + path = /where_you_put_it + comment = Your comment + volume = "The_CD_ROM_Label" + read only = yes + available = yes + share modes = no + locking = no + browseable = yes + public = yes + +2. Now you are ready to run the setup program from the Microsoft Windows +workstation as follows:- + \\"Server_Name"\MSOP95\msoffice\setup + +MS Office Sharing - Please note: +================================ + +Workgroup Templates should be stored on an ordinary writable or read-only share +but USER templates MUST be stored on a writable share _OR_ on the users' local +machine. diff --git a/docs/textdocs/BROWSING-Config.txt b/docs/textdocs/BROWSING-Config.txt new file mode 100644 index 00000000000..ba0f399f48d --- /dev/null +++ b/docs/textdocs/BROWSING-Config.txt @@ -0,0 +1,215 @@ +Date: July 5, 1998 +Contributor: John H Terpstra + +Subject: Cross Subnet Browsing / Cross Workgroup Browsing +=============================================================================== + +OVERVIEW: +========= + +This document should be read in conjunction with BROWSING.txt and may +be taken as the fast track guide to implementing browsing across subnets +and / or across workgroups (or domains). WINS is the best tool for resolution +of NetBIOS names to IP addesses. WINS is NOT involved in browse list handling +except by way of name to address mapping. + + +DISCUSSION: +=========== + +Firstly, all MS Windows networking is based on SMB (Server Message +Block) based messaging. SMB messaging is implemented using NetBIOS. Samba +implements NetBIOS by encapsulating it over TCP/IP. MS Windows products can +do likewise. NetBIOS based networking uses broadcast messaging to affect +browse list management. When running NetBIOS over TCP/IP this uses UDP +based messaging. UDP messages can be broadcast or unicast. + +Normally, only unicast UDP messaging can be forwarded by routers. The +"remote announce" parameter to smb.conf helps to project browse announcements +to remote network segments via unicast UDP. Similarly, the "remote browse sync" +parameter of smb.conf implements browse list collation using unicast UDP. + +Secondly, in those networks where Samba is the only SMB server technology +wherever possible nmbd should be configured on one (1) machine as the WINS +server. This makes it easy to manage the browsing environment. If each network +segment is configured with it's own Samba WINS server, then the only way to +get cross segment browsing to work is by using the "remote announce" and +the "remote browse sync" parameters to your smb.conf file. + +If only one WINS server is used then the use of the "remote announce" and the +"remote browse sync" parameters should NOT be necessary. + +Samba WINS does not support MS-WINS replication. This means that when setting up +Samba as a WINS server there must only be one nmbd configured as a WINS server +on the network. Some sites have used multiple Samba WINS servers for redundancy +(one server per subnet) and then used "remote browse sync" and "remote announce" +to affect browse list collation across all segments. Note that this means +clients will only resolve local names, and must be configured to use DNS to +resolve names on other subnets in order to resolve the IP addresses of the +servers they can see on other subnets. This setup is not recommended, but is +mentioned as a practical consideration (ie: an 'if all else fails' scenario). + +Lastly, take note that browse lists are a collection of unreliable broadcast +messages that are repeated at intervals of not more than 15 minutes. This means +that it will take time to establish a browse list and it can take up to 45 +minutes to stabilise, particularly across network segments. + + +A) Use of the "Remote Announce" parameter +------------------------------------------ +The "remote announce" parameter of smb.conf can be used to forcibly ensure +that all the NetBIOS names on a network get announced to a remote network. +The syntax of the "remote announce" parameter is: + + remote announce = a.b.c.d [e.f.g.h] ... +_or_ + remote announce = a.b.c.d/WORKGROUP [e.f.g.h/WORKGROUP] ... + +where: + a.b.c.d: is either the LMB (Local Master Browser) IP address + e.f.g.h: or the broadcst address of the remote network. + ie: the LMB is at 192.168.1.10, or the address + could be given as 192.168.1.255 where the netmask + is assumed to be 24 bits (255.255.255.0). + When the remote announcement is made to the broadcast + address of the remote network every host will receive + our announcements. This is noisy and therefore + undesirable but may be necessary if we do NOT know + the IP address of the remote LMB. + + WORKGROUP: is optional and can be either our own workgroup + or that of the remote network. If you use the + workgroup name of the remote network then our + NetBIOS machine names will end up looking like + they belong to that workgroup, this may cause + name resolution problems and should be avoided. + + +B) Use of the "Remote Browse Sync" parameter +-------------------------------------------- + +The "remote browse sync" parameter of smb.conf is used to announce to +another LMB that it must synchronise it's NetBIOS name list with our +Samba LMB. It works ONLY if the Samba server that has this option is +simultaneously the LMB on it's network segment. + +The syntax of the "remote browse sync" parameter is: + + remote browse sync = a.b.c.d + +where: + a.b.c.d: is either the IP address of the remote LMB or else + is the network broadcast address of the remote segment. + + +C) Use of WINS +-------------- + +Use of WINS (either Samba WINS _or_ MS Windows NT Server WINS) is highly +recommended. Every NetBIOS machine registers it's name together with a +name_type value for each of of several types of service it has available. +eg: It registers it's name directly as a unique (the type 0x03) name. +It also registers it's name if it is running the lanmanager compatible +server service (used to make shares and printers available to other users) +by registering the server (the type 0x20) name. + +All NetBIOS names are up to 15 characters in length. The name_type variable +is added to the end of the name - thus creating a 16 character name. Any +name that is shorter than 15 characters is padded with spaces to the 15th +character. ie: All NetBIOS names are 16 characters long (including the +name_type information). + +WINS can store these 16 character names as they get registered. A client +that wants to log onto the network can ask the WINS server for a list +of all names that have registered the NetLogon service name_type. This saves +broadcast traffic and greatly expedites logon processing. Since broadcast +name resolution can not be used across network segments this type of +information can only be provided via WINS _or_ via statically configured +"lmhosts" files that must reside on all clients in the absence of WINS. + +WINS also serves the purpose of forcing browse list synchronisation by all +LMB's. LMB's must synchronise their browse list with the DMB (domain master +browser) and WINS helps the LMB to identify it's DMB. By definition this +will work only within a single workgroup. Note that the domain master browser +has NOTHING to do with what is referred to as an MS Windows NT Domain. The +later is a reference to a security environment while the DMB refers to the +master controller for browse list information only. + +Use of WINS will work correctly only if EVERY client TCP/IP protocol stack +has been configured to use the WINS server/s. Any client that has not been +configured to use the WINS server will continue to use only broadcast based +name registration so that WINS may NEVER get to know about it. In any case, +machines that have not registered with a WINS server will fail name to address +lookup attempts by other clients and will therefore cause workstation access +errors. + +To configure Samba as a WINS server just add "wins support = yes" to the +smb.conf file [globals] section. + +To configure Samba to register with a WINS server just add +"wins server = a.b.c.d" to your smb.conf file [globals] section. + +DO NOT EVER use both "wins support = yes" together with "wins server = a.b.c.d" +particularly not using it's own IP address. + + +D) Do NOT use more than one (1) protocol on MS Windows machines +--------------------------------------------------------------- + +A very common cause of browsing problems results from installing more than +one protocol on an MS Windows machine. + +Every NetBIOS machine take part in a process of electing the LMB (and DMB) +every 15 minutes. A set of election criteria is used to determine the order +of precidence for winning this election process. A machine running Samba or +Windows NT will be biased so that the most suitable machine will predictably +win and thus retain it's role. + +The election process is "fought out" so to speak over every NetBIOS network +interface. In the case of a Windows 9x machine that has both TCP/IP and IPX +installed and has NetBIOS enabled over both protocols the election will be +decided over both protocols. As often happens, if the Windows 9x machine is +the only one with both protocols then the LMB may be won on the NetBIOS +interface over the IPX protocol. Samba will then lose the LMB role as Windows +9x will insist it knows who the LMB is. Samba will then cease to function +as an LMB and thus browse list operation on all TCP/IP only machines will +fail. + +The safest rule of all to follow it this - USE ONLY ONE PROTOCOL! + + +E) Name Resolution Order +======================== + +Resolution of NetBIOS names to IP addresses can take place using a number +of methods. The only ones that can provide NetBIOS name_type information +are: + WINS: the best tool! + LMHOSTS: is static and hard to maintain. + Broadcast: uses UDP and can not resolve names across + remote segments. + +Alternative means of name resolution includes: + /etc/hosts: is static, hard to maintain, and lacks name_type info. + DNS: is a good choice but lacks essential name_type info. + +Many sites want to restrict DNS lookups and want to avoid broadcast name +resolution traffic. The "name resolve order" parameter is of great help here. +The syntax of the "name resolve order" parameter is: + + name resolve order = wins lmhosts bcast host +_or_ + name resolve order = wins lmhosts (eliminates bcast and host) + +the default is: + name resolve order = host lmhost wins bcast + +where: + "host" refers the the native methods used by the Unix system + to implement the gethostbyname() function call. This is normally + controlled by: + /etc/host.conf + /etc/nsswitch.conf + /etc/resolv.conf + +=============================================================================== diff --git a/docs/textdocs/BROWSING.txt b/docs/textdocs/BROWSING.txt index 8a09d2274fb..ad12d4c7220 100644 --- a/docs/textdocs/BROWSING.txt +++ b/docs/textdocs/BROWSING.txt @@ -1,60 +1,66 @@ -BROWSING -======== - -Samba now fully supports browsing. The browsing is supported by nmbd -and is also controlled by options in the smb.conf file (see -smb.conf(5)). +Author/s: Many (Thanks to Luke, Jeremy, Andrew, etc.) +Updated: July 5, 1998 +Status: Current - For VERY Advanced Users ONLY -Samba can act as a browse master for a workgroup, but currently cannot -act as a domain controller. The ability to be a domain controller will -be added in a later version. - -To get browsing to work you need to run nmbd as usual, but will need -to use the "workgroup" option in smb.conf to control what workgroup -Samba becomes a part of. +Summary: This describes how to configure Samba for improved browsing. +===================================================================== -The -G option is most useful for simple setups where Samba is browsable -in only one workgroup. In more complex cases the lmhosts file is -better. +OVERVIEW: +========= +SMB networking provides a mechanism by which clients can access a list +of machines that are available within the network. This list is called +the browse list and is heavily used by all SMB clients. Configuration +of SMB browsing has been problematic for some Samba users, hence this +document. -Be very careful setting up your lmhosts file. An incorrectly setup -lmhosts file can have disasterous results for your net! +Browsing will NOT work if name resolution from NetBIOS names to IP +addresses does not function correctly. Use of a WINS server is highly +recommended to aid the resolution of NetBIOS (SMB) names to IP addresses. +WINS allows remote segment clients to obtain NetBIOS name_type information +that can NOT be provided by any other means of name resolution. -A simple lmhosts file might be: +===================================================================== -# This is a simple lmhosts file -# -# This is a host alias. Anyone querying this name -# will get the specified IP -192.0.2.17 SMBDATA -# -# first put ourselves in workgroup MYGROUP using -# our own net address -0.0.0.0 MYGROUP G +BROWSING +======== +Samba now fully supports browsing. The browsing is supported by nmbd +and is also controlled by options in the smb.conf file (see smb.conf(5)). + +Samba can act as a local browse master for a workgroup and the ability +for samba to support domain logons and scripts is now available. See +DOMAIN.txt for more information on domain logons. + +Samba can also act as a domain master browser for a workgroup. This +means that it will collate lists from local browse masters into a +wide area network server list. In order for browse clients to +resolve the names they may find in this list, it is recommended that +both samba and your clients use a WINS server. + +Note that you should NOT set Samba to be the domain master for a +workgroup that has the same name as an NT Domain: on each wide area +network, you must only ever have one domain master browser per workgroup, +regardless of whether it is NT, Samba or any other type of domain master +that is providing this service. + +[Note that nmbd can be configured as a WINS server, but it is not +necessary to specifically use samba as your WINS server. NTAS can +be configured as your WINS server. In a mixed NT server and +samba environment on a Wide Area Network, it is recommended that +you use the NT server's WINS server capabilities. In a samba-only +environment, it is recommended that you use one and only one nmbd +as your WINS server]. -Note in the above that I overrode what workgroup Samba is in using the -G flag. Also note that the 0.0.0.0 address is used, which will be -automatically replaced with the broadcast address for groups, and with -the local IP address for other entries. +To get browsing to work you need to run nmbd as usual, but will need +to use the "workgroup" option in smb.conf to control what workgroup +Samba becomes a part of. Samba also has a useful option for a Samba server to offer itself for -browsing on another subnet. - -This works by the lmhosts file specifying a broadcast address on the -other network to use to find a browse master for the workgroup. - -For example if you wanted yourself to appear in the workgroup STAFF on -the network which has a broadcast of 192.0.3.255 then this entry would -do the trick: - -# put ourselves in the STAFF workgroup on the other subnet -192.0.3.255 STAFF G - -Notice the G at the end! It is very important you include this as this -entry without the G could cause a broadcast storm! +browsing on another subnet. It is recommended that this option is only +used for 'unusual' purposes: announcements over the internet, for +example. See "remote announce" in the smb.conf man page. If something doesn't work then hopefully the log.nmb file will -help you track down the problem. Try a debug level of 2 or 3 for +help you track down the problem. Try a debug level of 2 or 3 for finding problems. Note that if it doesn't work for you, then you should still be able to @@ -62,84 +68,487 @@ type the server name as \\SERVER in filemanager then hit enter and filemanager should display the list of available shares. Some people find browsing fails because they don't have the global -"guest account" set to a valid account. Remember that the IPC$ +"guest account" set to a valid account. Remember that the IPC$ connection that lists the shares is done as guest, and thus you must have a valid guest account. Also, a lot of people are getting bitten by the problem of too many -parameters on the command line of nmbd in inetd.conf. This trick is to +parameters on the command line of nmbd in inetd.conf. This trick is to not use spaces between the option and the parameter (eg: -d2 instead -of -d 2), and to not use the -B and -N options. New versions of nmbd +of -d 2), and to not use the -B and -N options. New versions of nmbd are now far more likely to correctly find your broadcast and network -addess, so in most cases these aren't needed. +address, so in most cases these aren't needed. The other big problem people have is that their broadcast address, -netmask or IP address is wrong (specified with the -B, -N and -I -options to nmbd). +netmask or IP address is wrong (specified with the "interfaces" option +in smb.conf) + + +BROWSING ACROSS SUBNETS +======================= + +With the release of Samba 1.9.17(alpha1 and above) Samba has been +updated to enable it to support the replication of browse lists +across subnet boundaries. New code and options have been added to +achieve this. This section describes how to set this feature up +in different settings. + +To see browse lists that span TCP/IP subnets (ie. networks separated +by routers that don't pass broadcast traffic) you must set up at least +one WINS server. The WINS server acts as a DNS for NetBIOS names, allowing +NetBIOS name to IP address translation to be done by doing a direct +query of the WINS server. This is done via a directed UDP packet on +port 137 to the WINS server machine. The reason for a WINS server is +that by default, all NetBIOS name to IP address translation is done +by broadcasts from the querying machine. This means that machines +on one subnet will not be able to resolve the names of machines on +another subnet without using a WINS server. + +Remember, for browsing across subnets to work correctly, all machines, +be they Windows 95, Windows NT, or Samba servers must have the IP address +of a WINS server given to them by a DHCP server, or by manual configuration +(for Win95 and WinNT, this is in the TCP/IP Properties, under Network +settings) for Samba this is in the smb.conf file. + +How does cross subnet browsing work ? +===================================== + +Cross subnet browsing is a complicated dance, containing multiple +moving parts. It has taken Microsoft several years to get the code +that achieves this correct, and Samba lags behind in some areas. +However, with the 1.9.17 release, Samba is capable of cross subnet +browsing when configured correctly. + +Consider a network set up as follows : + + (DMB) + N1_A N1_B N1_C N1_D N1_E + | | | | | + ------------------------------------------------------- + | subnet 1 | + +---+ +---+ + |R1 | Router 1 Router 2 |R2 | + +---+ +---+ + | | + | subnet 2 subnet 3 | + -------------------------- ------------------------------------ + | | | | | | | | + N2_A N2_B N2_C N2_D N3_A N3_B N3_C N3_D + (WINS) + +Consisting of 3 subnets (1, 2, 3) conneted by two routers +(R1, R2) - these do not pass broadcasts. Subnet 1 has 5 machines +on it, subnet 2 has 4 machines, subnet 3 has 4 machines. Assume +for the moment that all these machines are configured to be in the +same workgroup (for simplicities sake). Machine N1_C on subnet 1 +is configured as Domain Master Browser (ie. it will collate the +browse lists for the workgroup). Machine N2_D is configured as +WINS server and all the other machines are configured to register +their NetBIOS names with it. + +As all these machines are booted up, elections for master browsers +will take place on each of the three subnets. Assume that machine +N1_C wins on subnet 1, N2_B wins on subnet 2, and N3_D wins on +subnet 3 - these machines are known as local master browsers for +their particular subnet. N1_C has an advantage in winning as the +local master browser on subnet 1 as it is set up as Domain Master +Browser. + +On each of the three networks, machines that are configured to +offer sharing services will broadcast that they are offering +these services. The local master browser on each subnet will +receive these broadcasts and keep a record of the fact that +the machine is offering a service. This list of records is +the basis of the browse list. For this case, assume that +all the machines are configured to offer services so all machines +will be on the browse list. + +For each network, the local master browser on that network is +considered 'authoritative' for all the names it receives via +local broadcast. This is because a machine seen by the local +master browser via a local broadcast must be on the same +network as the local master browser and thus is a 'trusted' +and 'verifiable' resource. Machines on other networks that +the local master browsers learn about when collating their +browse lists have not been directly seen - these records are +called 'non-authoritative'. + +At this point the browse lists look as follows (these are +the machines you would see in your network neighborhood if +you looked in it on a particular network right now). + +Subnet Browse Master List +------ ------------- ---- +Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E + +Subnet2 N2_B N2_A, N2_B, N2_C, N2_D + +Subnet3 N3_D N3_A, N3_B, N3_C, N3_D + +Note that at this point all the subnets are separate, no +machine is seen across any of the subnets. + +Now examine subnet 2. As soon as N2_B has become the local +master browser it looks for a Domain master browser to synchronize +its browse list with. It does this by querying the WINS server +(N2_D) for the IP address associated with the NetBIOS name +WORKGROUP<1B>. This name was registerd by the Domain master +browser (N1_C) with the WINS server as soon as it was booted. + +Once N2_B knows the address of the Domain master browser it +tells it that is the local master browser for subnet 2 by +sending a MasterAnnouncement packet as a UDP port 138 packet. +It then synchronizes with it by doing a NetServerEnum2 call. This +tells the Domain Master Browser to send it all the server +names it knows about. Once the domain master browser receives +the MasterAnnouncement packet it schedules a synchronization +request to the sender of that packet. After both synchronizations +are done the browse lists look like : + +Subnet Browse Master List +------ ------------- ---- +Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, + N2_A(*), N2_B(*), N2_C(*), N2_D(*) + +Subnet2 N2_B N2_A, N2_B, N2_C, N2_D + N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) + +Subnet3 N3_D N3_A, N3_B, N3_C, N3_D + +Servers with a (*) after them are non-authoritative names. + +At this point users looking in their network neighborhood on +subnets 1 or 2 will see all the servers on both, users on +subnet 3 will still only see the servers on their own subnet. + +The same sequence of events that occured for N2_B now occurs +for the local master browser on subnet 3 (N3_D). When it +synchronizes browse lists with the domain master browser (N1_A) +it gets both the server entries on subnet 1, and those on +subnet 2. After N3_D has synchronized with N1_C and vica-versa +the browse lists look like. + +Subnet Browse Master List +------ ------------- ---- +Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, + N2_A(*), N2_B(*), N2_C(*), N2_D(*), + N3_A(*), N3_B(*), N3_C(*), N3_D(*) + +Subnet2 N2_B N2_A, N2_B, N2_C, N2_D + N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) + +Subnet3 N3_D N3_A, N3_B, N3_C, N3_D + N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), + N2_A(*), N2_B(*), N2_C(*), N2_D(*) + +Servers with a (*) after them are non-authoritative names. + +At this point users looking in their network neighborhood on +subnets 1 or 3 will see all the servers on all sunbets, users on +subnet 2 will still only see the servers on subnets 1 and 2, but not 3. + +Finally, the local master browser for subnet 2 (N2_B) will sync again +with the domain master browser (N1_C) and will recieve the missing +server entries. Finally - and as a steady state (if no machines +are removed or shut off) the browse lists will look like : + +Subnet Browse Master List +------ ------------- ---- +Subnet1 N1_C N1_A, N1_B, N1_C, N1_D, N1_E, + N2_A(*), N2_B(*), N2_C(*), N2_D(*), + N3_A(*), N3_B(*), N3_C(*), N3_D(*) + +Subnet2 N2_B N2_A, N2_B, N2_C, N2_D + N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*) + N3_A(*), N3_B(*), N3_C(*), N3_D(*) + +Subnet3 N3_D N3_A, N3_B, N3_C, N3_D + N1_A(*), N1_B(*), N1_C(*), N1_D(*), N1_E(*), + N2_A(*), N2_B(*), N2_C(*), N2_D(*) + +Servers with a (*) after them are non-authoritative names. + +Synchronizations between the domain master browser and local +master browsers will continue to occur, but this should be a +steady state situation. + +If either router R1 or R2 fails the following will occur: + +1) Names of computers on each side of the inaccessible network fragments +will be maintained for as long as 36 minutes, in the network neighbourhood +lists. + +2) Attempts to connect to these inaccessible computers will fail, but the +names will not be removed from the network neighbourhood lists. + +3) If one of the fragments is cut off from the WINS server, it will only +be able to access servers on its local subnet, by using subnet-isolated +broadcast NetBIOS name resolution. The effects are similar to that of +losing access to a DNS server. + +Setting up a WINS server +======================== + +Either a Samba machine or a Windows NT Server machine may be set up +as a WINS server. To set a Samba machine to be a WINS server you must +add the following option to the smb.conf file on the selected machine : +in the [globals] section add the line + + wins support = yes + +Versions of Samba previous to 1.9.17 had this parameter default to +yes. If you have any older versions of Samba on your network it is +strongly suggested you upgrade to 1.9.17 or above, or at the very +least set the parameter to 'no' on all these machines. + +Machines with "wins support = yes" will keep a list of all NetBIOS +names registered with them, acting as a DNS for NetBIOS names. + +You should set up only ONE wins server. Do NOT set the +"wins support = yes" option on more than one Samba server. + +To set up a Windows NT Server as a WINS server you need to set up +the WINS service - see your NT documentation for details. Note that +Windows NT WINS Servers can replicate to each other, allowing more +than one to be set up in a complex subnet environment. As Microsoft +refuse to document these replication protocols Samba cannot currently +participate in these replications. It is possible in the future that +a Samba->Samba WINS replication protocol may be defined, in which +case more than one Samba machine could be set up as a WINS server +but currently only one Samba server should have the "wins support = yes" +parameter set. + +After the WINS server has been configured you must ensure that all +machines participating on the network are configured with the address +of this WINS server. If your WINS server is a Samba machine, fill in +the Samba machine IP address in the "Primary WINS Server" field of +the "Control Panel->Network->Protocols->TCP->WINS Server" dialogs +in Windows 95 or Windows NT. To tell a Samba server the IP address +of the WINS server add the following line to the [global] section of +all smb.conf files : + + wins server = + +where is either the DNS name of the WINS server +machine or its IP address. + +Note that this line MUST NOT BE SET in the smb.conf file of the Samba +server acting as the WINS server itself. If you set both the +"wins support = yes" option and the "wins server = " option then +nmbd will fail to start. + +There are two possible scenarios for setting up cross subnet browsing. +The first details setting up cross subnet browsing on a network containing +Windows 95, Samba and Windows NT machines that are not configured as +part of a Windows NT Domain. The second details setting up cross subnet +browsing on networks that contain NT Domains. + +Setting up Browsing in a WORKGROUP +================================== + +To set up cross subnet browsing on a network containing machines +in up to be in a WORKGROUP, not an NT Domain you need to set up one +Samba server to be the Domain Master Browser (note that this is *NOT* +the same as a Primary Domain Controller, although in an NT Domain the +same machine plays both roles). The role of a Domain master browser is +to collate the browse lists from local master browsers on all the +subnets that have a machine participating in the workgroup. Without +one machine configured as a domain master browser each subnet would +be an isolated workgroup, unable to see any machines on any other +subnet. It is the presense of a domain master browser that makes +cross subnet browsing possible for a workgroup. + +In an WORKGROUP environment the domain master browser must be a +Samba server, and there must only be one domain master browser per +workgroup name. To set up a Samba server as a domain master browser, +set the following option in the [global] section of the smb.conf file : + + domain master = yes + +The domain master browser should also preferrably be the local master +browser for its own subnet. In order to achieve this set the following +options in the [global] section of the smb.conf file : + + domain master = yes + local master = yes + preferred master = yes + os level = 65 + +The domain master browser may be the same machine as the WINS +server, if you require. + +Next, you should ensure that each of the subnets contains a +machine that can act as a local master browser for the +workgroup. Any NT machine should be able to do this, as will +Windows 95 machines (although these tend to get rebooted more +often, so it's not such a good idea to use these). To make a +Samba server a local master browser set the following +options in the [global] section of the smb.conf file : + + domain master = no + local master = yes + preferred master = yes + os level = 65 + +Do not do this for more than one Samba server on each subnet, +or they will war with each other over which is to be the local +master browser. + +The "local master" parameter allows Samba to act as a local master +browser. The "preferred master" causes nmbd to force a browser +election on startup and the "os level" parameter sets Samba high +enough so that it should win any browser elections. + +If you have an NT machine on the subnet that you wish to +be the local master browser then you can disable Samba from +becoming a local master browser by setting the following +options in the [global] section of the smb.conf file : + + domain master = no + local master = no + preferred master = no + os level = 0 + +Setting up Browsing in a DOMAIN +=============================== + +If you are adding Samba servers to a Windows NT Domain then +you must not set up a Samba server as a domain master browser. +By default, a Windows NT Primary Domain Controller for a Domain +name is also the Domain master browser for that name, and many +things will break if a Samba server registers the Domain master +browser NetBIOS name (DOMAIN<1B>) with WINS instead of the PDC. + +For subnets other than the one containing the Windows NT PDC +you may set up Samba servers as local master browsers as +described. To make a Samba server a local master browser set +the following options in the [global] section of the smb.conf +file : + + domain master = no + local master = yes + preferred master = yes + os level = 65 + +If you wish to have a Samba server fight the election with machines +on the same subnet you may set the "os level" parameter to lower +levels. By doing this you can tune the order of machines that +will become local master browsers if they are running. For +more details on this see the section "FORCING SAMBA TO BE THE MASTER" +below. + +If you have Windows NT machines that are members of the domain +on all subnets, and you are sure they will always be running then +you can disable Samba from taking part in browser elections and +ever becoming a local master browser by setting following options +in the [global] section of the smb.conf file : + + domain master = no + local master = no + preferred master = no + os level = 0 FORCING SAMBA TO BE THE MASTER ============================== Who becomes the "master browser" is determined by an election process -using broadcasts. Each election packet contains a number of parameters +using broadcasts. Each election packet contains a number of parameters which determine what precedence (bias) a host should have in the -election. By default Samba uses a very low precedence and thus loses +election. By default Samba uses a very low precedence and thus loses elections to just about anyone else. If you want Samba to win elections then just set the "os level" global -option in smb.conf to a higher number. It defaults to 0. Using 33 +option in smb.conf to a higher number. It defaults to 0. Using 34 would make it win all elections over every other system (except other samba systems!) -A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A +A "os level" of 2 would make it beat WfWg and Win95, but not NTAS. A NTAS domain controller uses level 32. The maximum os level is 255 +If you want samba to force an election on startup, then set the +"preferred master" global option in smb.conf to "yes". Samba will +then have a slight advantage over other potential master browsers +that are not preferred master browsers. Use this parameter with +care, as if you have two hosts (whether they are windows 95 or NT or +samba) on the same local subnet both set with "preferred master" to +"yes", then periodically and continually they will force an election +in order to become the local master browser. + +If you want samba to be a "domain master browser", then it is +recommended that you also set "preferred master" to "yes", because +samba will not become a domain master browser for the whole of your +LAN or WAN if it is not also a local master browser on its own +broadcast isolated subnet. + +It is possible to configure two samba servers to attempt to become +the domain master browser for a domain. The first server that comes +up will be the domain master browser. All other samba servers will +attempt to become the domain master browser every 5 minutes. They +will find that another samba server is already the domain master +browser and will fail. This provides automatic redundancy, should +the current domain master browser fail. + + MAKING SAMBA THE DOMAIN MASTER ============================== The domain master is responsible for collating the browse lists of -multiple subnets so that browsing can occur between subnets. You can +multiple subnets so that browsing can occur between subnets. You can make samba act as the domain master by setting "domain master = yes" -in smb.conf. By default it will not be a domain master. +in smb.conf. By default it will not be a domain master. + +Note that you should NOT set Samba to be the domain master for a +workgroup that has the same name as an NT Domain. When samba is the domain master and the master browser it will listen -for master announcements from other subnets and then contact them to -synchronise browse lists. +for master announcements (made roughly every twelve minutes) from local +master browsers on other subnets and then contact them to synchronise +browse lists. If you want samba to be the domain master then I suggest you also set -the "os level" high enough to make sure it wins elections. +the "os level" high enough to make sure it wins elections, and set +"preferred master" to "yes", to get samba to force an election on +startup. -NOTIFYING THE DOMAIN CONTROLLER -=============================== +Note that all your servers (including samba) and clients should be +using a WINS server to resolve NetBIOS names. If your clients are only +using broadcasting to resolve NetBIOS names, then two things will occur: -If you have a domain controller for the domain which Samba is a part -of then you should add the line "domain controller = address" to -smb.conf. "address" can either be a name available via DNS or a IP -address or a broadcast address. If it is a broadcast address then -Samba will look for a domain controller on that network. +a) your local master browsers will be unable to find a domain master + browser, as it will only be looking on the local subnet. -When Samba is the master browser it will regularly contact the domain -controller to synchronise browse lists. +b) if a client happens to get hold of a domain-wide browse list, and + a user attempts to access a host in that list, it will be unable to + resolve the NetBIOS name of that host. +If, however, both samba and your clients are using a WINS server, then: + +a) your local master browsers will contact the WINS server and, as long as + samba has registered that it is a domain master browser with the WINS + server, your local master browser will receive samba's ip address + as its domain master browser. + +b) when a client receives a domain-wide browse list, and a user attempts + to access a host in that list, it will contact the WINS server to + resolve the NetBIOS name of that host. as long as that host has + registered its NetBIOS name with the same WINS server, the user will + be able to see that host. NOTE ABOUT BROADCAST ADDRESSES ============================== If your network uses a "0" based broadcast address (for example if it -ends in a 0) then you will strike problems. Windows for Workgroups +ends in a 0) then you will strike problems. Windows for Workgroups does not seem to support a 0's broadcast and you will probably find that browsing and name lookups won't work. -You have a few options: - -1) change to a 1's broadcast on your unix server. These often end in -.255 (check with your local network guru for details) -2) set the nmbd broadcast to a 1's based address on the command line using -the -B option. This only works if your network setup listens on both -0s and 1s based broadcasts. The -B option can only control what -address it sends to, not what it listens on. +MULTIPLE INTERFACES +=================== +Samba now supports machines with multiple network interfaces. If you +have multiple interfaces then you will need to use the "interfaces" +option in smb.conf to configure them. See smb.conf(5) for details. diff --git a/docs/textdocs/BUGS.txt b/docs/textdocs/BUGS.txt index e0fd6951477..247998c6c7a 100644 --- a/docs/textdocs/BUGS.txt +++ b/docs/textdocs/BUGS.txt @@ -1,31 +1,31 @@ -This file describes how to report Samba bugs. +Contributor: Samba Team +Updated: June 27, 1997 ->> The email address for bug reports is samba-bugs@anu.edu.au << - -(NOTE: This mail may not be in place yet. If you have troubles with it -then use samba-bugs@arvidsjaur.anu.edu.au) +Subject: This file describes how to report Samba bugs. +============================================================================ +>> The email address for bug reports is samba@samba.org << Please take the time to read this file before you submit a bug -report. Also, please see if it has changed between releases, as I -may be changing the bug reporting mechanism sometime soon. +report. Also, please see if it has changed between releases, as we +may be changing the bug reporting mechanism at some time. Please also do as much as you can yourself to help track down the -bug. I only develop Samba in my spare time and I receive far more mail -about it than I can possibly answer, so you have a much higher chance -of an answer and a fix if you send me a "developer friendly" bug -report that lets me fix it fast. +bug. Samba is maintained by a dedicated group of people who volunteer +their time, skills and efforts. We receive far more mail about it than +we can possibly answer, so you have a much higher chance of an answer +and a fix if you send us a "developer friendly" bug report that lets +us fix it fast. Do not assume that if you post the bug to the comp.protocols.smb -newsgroup that I will read it. I do read all postings to the samba -mailing list (see the README). If you suspect that your problem is not -a bug but a configuration problem then it is better to send it to the -Samba mailing list, as there are (at last count) 1900 other users on +newsgroup or the mailing list that we will read it. If you suspect that your +problem is not a bug but a configuration problem then it is better to send +it to the Samba mailing list, as there are (at last count) 5000 other users on that list that may be able to help you. You may also like to look though the recent mailing list archives, which are conveniently accessible on the Samba web pages -at http://lake.canberra.edu.au/pub/samba/ +at http://samba.org/samba/ GENERAL INFO @@ -36,6 +36,8 @@ errors. Look in your log files for obvious messages that tell you that you've misconfigured something and run testparm to test your config file for correct syntax. +Have you run through DIAGNOSIS.txt? This is very important. + If you include part of a log file with your bug report then be sure to annotate it with exactly what you were doing on the client at the time, and exactly what the results were. @@ -54,6 +56,7 @@ To set the debug level use "log level =" in your smb.conf. You may also find it useful to set the log level higher for just one machine and keep separate logs for each machine. To do this use: +log level = 10 log file = /usr/local/samba/lib/log.%m include = /usr/local/samba/lib/smb.conf.%m @@ -63,6 +66,15 @@ put any smb.conf commands you want, for example "log level=" may be useful. This also allows you to experiment with different security systems, protocol levels etc on just one machine. +The smb.conf entry "log level =" is synonymous with the entry +"debuglevel =" that has been used in older versions of Samba and +is being retained for backwards compatibility of smb.conf files. + +As the "log level =" value is increased you will record a significantly +increasing level of debugging information. For most debugging operations +you may not need a setting higher than 3. Nearly all bugs can be tracked +at a setting of 10, but be prepared for a VERY large volume of log data. + INTERNAL ERRORs --------------- @@ -115,7 +127,7 @@ where it occurred. PATCHES ------- -The best sort of bug report is one that includes a fix! If you send me +The best sort of bug report is one that includes a fix! If you send us patches please use "diff -u" format if your version of diff supports it, otherwise use "diff -c4". Make sure your do the diff against a clean version of the source and let me know exactly what version you diff --git a/docs/textdocs/DHCP-Server-Configuration.txt b/docs/textdocs/DHCP-Server-Configuration.txt new file mode 100644 index 00000000000..499706955fb --- /dev/null +++ b/docs/textdocs/DHCP-Server-Configuration.txt @@ -0,0 +1,240 @@ +Subject: DHCP Server Configuration for SMB Clients +Date: March 1, 1998 +Updated: May 15, 2001 +Contributor: John H Terpstra +Support: This is an unsupported document. Refer to documentation that is + supplied with the ISC DHCP Server. Do NOT email the contributor + for ANY assistance. +=============================================================================== + +Background: +=========== + +We wish to help those folks who wish to use the ISC DHCP Server and provide +sample configuration settings. Most operating systems today come ship with +the ISC DHCP Server. ISC DHCP is available from: + ftp://ftp.isc.org/isc/dhcp + +Incorrect configuration of MS Windows clients (Windows9X, Windows ME, Windows +NT/2000) will lead to problems with browsing and with general network +operation. Windows 9X/ME users often report problems where the TCP/IP and related +network settings will inadvertantly become reset at machine start-up resulting +in loss of configuration settings. This results in increased maintenance +overheads as well as serious user frustration. + +In recent times users on one mailing list incorrectly attributed the cause of +network operating problems to incorrect configuration of Samba. + +One user insisted that the only way to provent Windows95 from periodically +performing a full system reset and hardware detection process on start-up was +to install the NetBEUI protocol in addition to TCP/IP. This assertion is not +correct. + +In the first place, there is NO need for NetBEUI. All Microsoft Windows clients +natively run NetBIOS over TCP/IP, and that is the only protocol that is +recognised by Samba. Installation of NetBEUI and/or NetBIOS over IPX will +cause problems with browse list operation on most networks. Even Windows NT +networks experience these problems when incorrectly configured Windows95 +systems share the same name space. It is important that only those protocols +that are strictly needed for site specific reasons should EVER be installed. + +Secondly, and totally against common opinion, DHCP is NOT an evil design but is +an extension of the BOOTP protocol that has been in use in Unix environments +for many years without any of the melt-down problems that some sensationalists +would have us believe can be experienced with DHCP. In fact, DHCP in covered by +rfc1541 and is a very safe method of keeping an MS Windows desktop environment +under control and for ensuring stable network operation. + +Please note that MS Windows systems as of MS Windows NT 3.1 and MS Windows 95 +store all network configuration settings a registry. There are a few reports +from MS Windows network administrators that warrant mention here. It would appear +that when one sets certain MS TCP/IP protocol settings (either directly or via +DHCP) that these do get written to the registry. Even though a subsequent +change of setting may occur the old value may persist in the registry. This +has been known to create serious networking problems. + +An example of this occurs when a manual TCP/IP environment is configured to +include a NetBIOS Scope. In this event, when the administrator then changes the +configuration of the MS TCP/IP protocol stack, without first deleting the +current settings, by simply checking the box to configure the MS TCP/IP stack +via DHCP then the NetBIOS Scope that is still persistent in the registry WILL be +applied to the resulting DHCP offered settings UNLESS the DHCP server also sets +a NetBIOS Scope. It may therefore be prudent to forcibly apply a NULL NetBIOS +Scope from your DHCP server. The can be done in the dhcpd.conf file with the +parameter: + option netbios-scope ""; + +While it is true that the Microsoft DHCP server that comes with Windows NT +Server provides only a sub-set of rfc1533 functionality this is hardly an issue +in those sites that already have a large investment and commitment to Unix +systems and technologies. The current state of the art of the DHCP Server +specification in covered in rfc2132. + +This document aims to provide enough background information so that the +majority of site can without too much hardship get the Internet Software +Consortium's (ISC) DHCP Server into operation. The key benefits of using DHCP +includes: + +1) Automated IP Address space management and maximised re-use of available IP +Addresses, + +2) Automated control of MS Windows client TCP/IP network configuration, + +3) Automatic recovery from start-up and run-time problems with Windows95. + + + +Client Configuration for SMB Networking: +======================================== +SMB network clients need to be configured so that all standard TCP/IP name to +address resolution works correctly. Once this has been achieved the SMB +environment provides additional tools and services that act as helper agents in +the translation of SMB (NetBIOS) names to their appropriate IP Addresses. One +such helper agent is the NetBIOS Name Server (NBNS) or as Microsoft called it +in their Windows NT Server implementation WINS (Windows Internet Name Server). + +A client needs to be configured so that it has a unique Machine (Computer) +Name. + +This can be done, but needs a few NT registry hacks and you need to be able to +speak UNICODE, which is of course no problem for a True Wizzard(tm) :) +Instructions on how to do this (including a small util for less capable +Wizzards) can be found at + + http://www.unixtools.org/~nneul/sw/nt/dhcp-netbios-hostname.html + + +All remaining TCP/IP networking parameters can be assigned via DHCP. These include: + +a) IP Address, +b) Netmask, +c) Gateway (Router) Address, +d) DNS Domain Name, +e) DNS Server addresses, +f) WINS (NBNS) Server addresses, +g) IP Forwarding, +h) Timezone offset, +i) Node Type, +j) NetBIOS Scope + +Other assignments can be made from a DHCP server too, but the above cover the +major needs. + +Note: IF ever an entry has has been made to the NetBIOS Scope field of the +TCP/IP configuration panel on an MS Windows machine, and it has then been +committed, then that setting may become persistent. In such a c ase it is better +to configure the DHCP server with a NetBIOS Scope consisting of an empty string +(ie: A NULL scope). + + +DHCP Server Installation: +========================= +It is assumed that you will have obtained a copy of the GPL'd ISC DHCP server +source files from ftp://ftp.isc.org/isc/dhcp, it is also assumed that you have +compiled the sources and have installed the binary files. + +The following simply serves to provide sample configuration files to enable +dhcpd to operate. The sample files assume that your site is configured to use +private IP network address space using the Class B range of 172.16.1.0 - +172.16.1.255 and is using a netmask of 255.255.255.0 (ie:24 bits). It is +assumed that your router to the outside world is at 172.16.1.254 and that your +Internet Domain Name is bestnet.com.au. The IP Address range 172.16.1.100 to +172.16.1.240 has been set aside as your dynamically allocated range. In +addition, bestnet.com.au have two print servers that need to obtain settings +via BOOTP. The machine linux.bestnet.com.au has IP address 172.16.1.1 and is +you primary Samba server with WINS support enabled by adding the parameter to +the /etc/smb.conf file: [globals] wins support = yes. The dhcp lease time will +be set to 20 hours. + +Configuration Files: +==================== +Before dhcpd will run you need to install a file that speifies the +configuration settings, and another that holds the database of issued IP +addresses. On many systems these are stored in the /etc directory on the Unix +system. + +Example /etc/dhcpd.conf: +======================== +server-identifier linux.bestnet.com.au; + +subnet 172.16.1.0 netmask 255.255.255.0 { + range 172.16.1.100 172.16.1.240; + default-lease-time 72000; + max-lease-time 144000; + option subnet-mask 255.255.255.0; + option broadcast-address 172.16.1.255; + option routers 172.16.1.254; + option domain-name-servers 172.16.1.1, 172.16.1.2; + option domain-name "bestnet.com.au"; + option time-offset 39600; + option ip-forwarding off; + option netbios-name-servers 172.16.0.1, 172.16.0.1; + option netbios-dd-server 172.16.0.1; + option netbios-node-type 8; + option netbios-scope ""; +} + +; Note: The above netbios-scope is purposely an empty (NULL) string. + +group { + next-server 172.16.1.10; + option subnet-mask 255.255.255.0; + option domain-name "bestnet.com.au"; + option domain-name-servers 172.16.1.1, 172.16.0.2; + option netbios-name-servers 172.16.0.1, 172.16.0.1; + option netbios-dd-server 172.16.0.1; + option netbios-node-type 8; + option netbios-scope "SomeCrazyScope"; + option routers 172.16.1.240; + option time-offset 39600; + host lexmark1 { + hardware ethernet 06:07:08:09:0a:0b; + fixed-address 172.16.1.245; + } + host epson4 { + hardware ethernet 01:02:03:04:05:06; + fixed-address 172.16.1.242; + } +} + + +Creating the /etc/dhcpd.leases file: +==================================== +At a Unix shell create an empty dhcpd.leases file in the /etc directory. +You can do this by typing: cp /dev/null /etc/dhcpd.leases + + +Setting up a route table for all-ones addresses: +================================================ +Quoting from the README file that comes with the ISC DHCPD Server: + + BROADCAST + +In order for dhcpd to work correctly with picky DHCP clients (e.g., +Windows 95), it must be able to send packets with an IP destination +address of 255.255.255.255. Unfortunately, Linux insists on changing +255.255.255.255 into the local subnet broadcast address (here, that's +192.5.5.223). This results in a DHCP protocol violation, and while +many DHCP clients don't notice the problem, some (e.g., all Microsoft +DHCP clients) do. Clients that have this problem will appear not to +see DHCPOFFER messages from the server. + +It is possible to work around this problem on some versions of Linux +by creating a host route from your network interface address to +255.255.255.255. The command you need to use to do this on Linux +varies from version to version. The easiest version is: + + route add -host 255.255.255.255 dev eth0 + +On some older Linux systems, you will get an error if you try to do +this. On those systems, try adding the following entry to your +/etc/hosts file: + +255.255.255.255 all-ones + +Then, try: + + route add -host all-ones dev eth0 + + +For more information please refer to the ISC DHCPD Server documentation. diff --git a/docs/textdocs/DIAGNOSIS.txt b/docs/textdocs/DIAGNOSIS.txt index 6681bdc4bcb..2816610a9cb 100644 --- a/docs/textdocs/DIAGNOSIS.txt +++ b/docs/textdocs/DIAGNOSIS.txt @@ -1,5 +1,8 @@ -DIAGNOSING YOUR SAMBA SERVER -============================ +Contributor: Andrew Tridgell +Updated: November 1, 1999 + +Subject: DIAGNOSING YOUR SAMBA SERVER +=========================================================================== This file contains a list of tests you can perform to validate your Samba server. It also tells you what the likely cause of the problem @@ -10,9 +13,6 @@ You should do ALL the tests, in the order shown. I have tried to carefully choose them so later tests only use capabilities verified in the earlier tests. -I would welcome additions to this set of tests. Please mail them to -samba-bugs@anu.edu.au - If you send me an email saying "it doesn't work" and you have not followed this test procedure then you should not be surprised if I ignore your email. @@ -22,11 +22,14 @@ ASSUMPTIONS ----------- In all of the tests I assume you have a Samba server called BIGSERVER -and a PC called ACLIENT. I also assume the PC is running windows for -workgroups with a recent copy of the microsoft tcp/ip stack. The -procedure is similar for other types of clients. +and a PC called ACLIENT both in workgroup TESTGROUP. I also assume the +PC is running windows for workgroups with a recent copy of the +microsoft tcp/ip stack. Alternatively, your PC may be running Windows +95 or Windows NT (Workstation or Server). + +The procedure is similar for other types of clients. -I also assume you know the name of a available share in your +I also assume you know the name of an available share in your smb.conf. I will assume this share is called "tmp". You can add a "tmp" share like by adding the following to smb.conf: @@ -36,15 +39,28 @@ smb.conf. I will assume this share is called "tmp". You can add a read only = yes -THESE TESTS ASSUME VERSION 1.9.15 OR LATER OF THE SAMBA SUITE. SOME +THESE TESTS ASSUME VERSION 2.0.6 OR LATER OF THE SAMBA SUITE. SOME COMMANDS SHOWN DID NOT EXIST IN EARLIER VERSIONS +Please pay attention to the error messages you receive. If any error message +reports that your server is being unfriendly you should first check that you +IP name resolution is correctly set up. eg: Make sure your /etc/resolv.conf +file points to name servers that really do exist. + +Also, if you do not have DNS server access for name resolution please check +that the settings for your smb.conf file results in "dns proxy = no". The +best way to check this is with "testparm smb.conf" + TEST 1: ------- -run the command "testparm". If it reports any errors then your -smb.conf configuration file is faulty. +In the directory in which you store your smb.conf file, run the command +"testparm smb.conf". If it reports any errors then your smb.conf +configuration file is faulty. + +Note: Your smb.conf file may be located in: /etc + Or in: /usr/local/samba/lib TEST 2: @@ -60,13 +76,18 @@ run ping. If you get a message saying "host not found" or similar then your DNS software or /etc/hosts file is not correctly setup. It is possible to run samba without DNS entries for the server and client, but I assume -you do have correct entries for the remainder of these tests. +you do have correct entries for the remainder of these tests. + +Another reason why ping might fail is if your host is running firewall +software. You will need to relax the rules to let in the workstation +in question, perhaps by allowing access from another subnet (on Linux +this is done via the ipfwadm program.) TEST 3: ------- -run the command "smbclient -L BIGSERVER -U%" on the unix box. You +Run the command "smbclient -L BIGSERVER" on the unix box. You should get a list of available shares back. If you get a error message containing the string "Bad password" then @@ -76,26 +97,57 @@ valid. Check what your guest account is using "testparm" and temporarily remove any "hosts allow", "hosts deny", "valid users" or "invalid users" lines. -If you get a "connection refused" response then the smbd server could -not be run. If you installed it in inetd.conf then you probably edited +If you get a "connection refused" response then the smbd server may +not be running. If you installed it in inetd.conf then you probably edited that file incorrectly. If you installed it as a daemon then check that it is running, and check that the netbios-ssn port is in a LISTEN state using "netstat -a". If you get a "session request failed" then the server refused the -connection. If it says "your server software is being unfriendly" then +connection. If it says "Your server software is being unfriendly" then its probably because you have invalid command line parameters to smbd, or a similar fatal problem with the initial startup of smbd. Also -check your config file for syntax errors with "testparm". +check your config file (smb.conf) for syntax errors with "testparm" +and that the various directories where samba keeps its log and lock +files exist. + +There are a number of reasons for which smbd may refuse or decline +a session request. The most common of these involve one or more of +the following smb.conf file entries: + hosts deny = ALL + hosts allow = xxx.xxx.xxx.xxx/yy + bind interfaces only = Yes + +In the above, no allowance has been made for any session requests that +will automatically translate to the loopback adaptor address 127.0.0.1. +To solve this problem change these lines to: + hosts deny = ALL + hosts allow = xxx.xxx.xxx.xxx/yy 127. +Do NOT use the "bind interfaces only" parameter where you may wish to +use the samba password change facility, or where smbclient may need to +access local service for name resolution or for local resource +connections. (Note: the "bind interfaces only" parameter deficiency +where it will not allow connections to the loopback address will be +fixed soon). + +Another common cause of these two errors is having something already running +on port 139, such as Samba (ie: smbd is running from inetd already) or +something like Digital's Pathworks. Check your inetd.conf file before trying +to start smbd as a daemon, it can avoid a lot of frustration! + +And yet another possible cause for failure of TEST 3 is when the subnet mask +and / or broadcast address settings are incorrect. Please check that the +network interface IP Address / Broadcast Address / Subnet Mask settings are +correct and that Samba has correctly noted these in the log.nmb file. TEST 4: ------- -run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the +Run the command "nmblookup -B BIGSERVER __SAMBA__". You should get the IP address of your Samba server back. If you don't then nmbd is incorrectly installed. Check your inetd.conf -if yu run it from there, or that the daemon is running and listening +if you run it from there, or that the daemon is running and listening to udp port 137. One common problem is that many inetd implementations can't take many @@ -103,6 +155,7 @@ parameters on the command line. If this is the case then create a one-line script that contains the right parameters and run that from inetd. + TEST 5: ------- @@ -110,14 +163,16 @@ run the command "nmblookup -B ACLIENT '*'" You should get the PCs IP address back. If you don't then the client software on the PC isn't installed correctly, or isn't started, or you -got the name of the PC wrong. Note that you probably won't get a "node -status response" from the PC due to a bug in the microsoft netbios -nameserver implementation (it responds to the wrong port number). +got the name of the PC wrong. + +If ACLIENT doesn't resolve via DNS then use the IP address of the +client in the above test. + TEST 6: ------- -run the command "nmblookup -d 2 '*'" +Run the command "nmblookup -d 2 '*'" This time we are trying the same as the previous test but are trying it via a broadcast to the default broadcast address. A number of @@ -128,33 +183,29 @@ hosts. If this doesn't give a similar result to the previous test then nmblookup isn't correctly getting your broadcast address through its -automatic mechanism. In this case you should experiment with the -B -option which allows you to manually specify the broadcast address, -overriding the automatic detection. You should try different broadcast -addresses until your find the one that works. It will most likely be -something like a.b.c.255 as microsoft tcpip stacks only listen on 1's -based broadcast addresses. If you get stuck then ask your local -networking guru for help (and show them this paragraph). - -If you find you do need the -B option (ie. the automatic detection -doesn't work) then you should add the -B option with the right -broadcast address for your network to the command line of nmbd in -inetd.conf or in the script you use to start nmbd as a daemon. Once -you do this go back to the "nmblookup __SAMBA__ -B BIGSERVER" test to -make sure you have it running properly. +automatic mechanism. In this case you should experiment use the +"interfaces" option in smb.conf to manually configure your IP +address, broadcast and netmask. If your PC and server aren't on the same subnet then you will need to use the -B option to set the broadcast address to the that of the PCs subnet. +This test will probably fail if your subnet mask and broadcast address are +not correct. (Refer to TEST 3 notes above). + TEST 7: ------- -run the command "smbclient '\\BIGSERVER\TMP'". You should then be +Run the command "smbclient //BIGSERVER/TMP". You should then be prompted for a password. You should use the password of the account you are logged into the unix box with. If you want to test with -another account then add the -U option to the command -line. +another account then add the -U option to the end of +the command line. eg: smbclient //bigserver/tmp -Ujohndoe + +Note: It is possible to specify the password along with the username +as follows: + smbclient //bigserver/tmp -Ujohndoe%secret Once you enter the password you should get the "smb>" prompt. If you don't then look at the error message. If it says "invalid network @@ -168,6 +219,8 @@ compile in support for them in smbd - you have a mixed case password and you haven't enabled the "password level" option at a high enough level - the "path =" line in smb.conf is incorrect. Check it with testparm +- you enabled password encryption but didn't create the SMB encrypted +password file Once connected you should be able to use the commands "dir" "get" "put" etc. Type "help " for instructions. You should @@ -199,11 +252,22 @@ same fixes apply as they did for the "smbclient -L" test above. In particular, make sure your "hosts allow" line is correct (see the man pages) +Also, do not overlook that fact that when the workstation requests the +connection to the samba server it will attempt to connect using the +name with which you logged onto your Windows machine. You need to make +sure that an account exists on your Samba server with that exact same +name and password. + +If you get "specified computer is not receiving requests" or similar +it probably means that the host is not contactable via tcp services. +Check to see if the host is running tcp wrappers, and if so add an entry in +the hosts.allow file for your client (or subnet, etc.) + TEST 9: -------- -run the command "net use x: \\BIGSERVER\TMP". You should be prompted +Run the command "net use x: \\BIGSERVER\TMP". You should be prompted for a password then you should get a "command completed successfully" message. If not then your PC software is incorrectly installed or your smb.conf is incorrect. make sure your "hosts allow" and other config @@ -215,23 +279,43 @@ USERNAME" to the [tmp] section of smb.conf where "USERNAME" is the username corresponding to the password you typed. If you find this fixes things you may need the username mapping option. - TEST 10: -------- +Run the command "nmblookup -M TESTGROUP" where TESTGROUP is the name +of the workgroup that your Samba server and Windows PCs belong to. You +should get back the IP address of the master browser for that +workgroup. + +If you don't then the election process has failed. Wait a minute to +see if it is just being slow then try again. If it still fails after +that then look at the browsing options you have set in smb.conf. Make +sure you have "preferred master = yes" to ensure that an election is +held at startup. + +TEST 11: +-------- + From file manager try to browse the server. Your samba server should appear in the browse list of your local workgroup (or the one you -specified in the Makefile). You should be able to double click on the -name of the server and get a list of shares. If you get a "invalid +specified in smb.conf). You should be able to double click on the name +of the server and get a list of shares. If you get a "invalid password" error when you do then you are probably running WinNT and it is refusing to browse a server that has no encrypted password -capability and is in user level security mode. +capability and is in user level security mode. In this case either set +"security = server" AND "password server = Windows_NT_Machine" in your +smb.conf file, or enable encrypted passwords AFTER compiling in support +for encrypted passwords (refer to the Makefile). Still having troubles? ---------------------- Try the mailing list or newsgroup, or use the tcpdump-smb utility to -sniff the problem. +sniff the problem. The official samba mailing list can be reached at +samba@samba.org. To find out more about samba and how to +subscribe to the mailing list check out the samba web page at + http://samba.org/samba +Also look at the other docs in the Samba package! diff --git a/docs/textdocs/DOMAIN.txt b/docs/textdocs/DOMAIN.txt deleted file mode 100644 index 31e19675fae..00000000000 --- a/docs/textdocs/DOMAIN.txt +++ /dev/null @@ -1,68 +0,0 @@ -Samba now supports domain logons and network logon scripts. The -support is still experimental, but it seems to work. - -The support is also not complete. Samba does not yet support the -sharing of the SAM database with other systems yet, or remote -administration. Support for these kind of things should be added -sometime in the future. - -The domain support only works for WfWg and Win95 clients. Support for -NT and OS/2 clients is still being worked on. - -Using these features you can make your clients verify their logon via -the Samba server and make clients run a batch file when they logon to -the network. The latter is particularly useful. - -To use domain logons you need to do the following: - -1) Setup nmbd and smbd and configure the smb.conf so that Samba is -acting as the master browser. See INSTALL.txt and BROWSING.txt for -details. - -2) create a share called [netlogon] in your smb.conf. This share should -be readable by all users, and probably should not be writeable. This -share will hold your network logon scripts. - -For example I have used: - - [netlogon] - path = /data/dos/netlogon - writeable = no - guest ok = yes - - -3) in the [global] section of smb.conf set the following: - - domain logons = yes - logon script = %U.bat - -the choice of batch file is, of course, up to you. The above would -give each user a separate batch file as the %U will be changed to -their username automatically. The other standard % macros may also be -used. You can make the btch files come from a subdirectory by using -soemthing like: - - logon script = scripts\%U.bat - -4) create the batch files to be run when the user logs in. If the batch -file doesn't exist then no batch file will be run. - -In the batch files you need to be careful to use DOS style cr/lf line -endings. If you don't then DOS may get confused. I suggest you use a -DOS editor to remotely edit the files if you don't know how to produce -DOS style files under unix. - -5) Use smbclient with the -U option for some users to make sure that -the \\server\NETLOGON share is available, the batch files are visible -and they are readable by the users. - -6) you will probabaly find that your clients automatically mount the -\\SERVER\NETLOGON share as drive z: while logging in. You can put some -useful programs there to execute from the batch files. - - -NOTE: You must be using "security = user" or "security = server" for -domain logons to work correctly. Share level security won't work -correctly. - - diff --git a/docs/textdocs/ENCRYPTION.txt b/docs/textdocs/ENCRYPTION.txt deleted file mode 100644 index 046b473e9a1..00000000000 --- a/docs/textdocs/ENCRYPTION.txt +++ /dev/null @@ -1,333 +0,0 @@ - LanManager / Samba Password Encryption. - --------------------------------------- - -With the development of LanManager compatible password encryption for -Samba, it is now able to validate user connections in exactly the same -way as a LanManager or Windows NT server. - -This document describes how the SMB password encryption algorithm -works and what issues there are in choosing whether you want to use -it. You should read it carefully, especially the part about security -and the "PROS and CONS" section. - -How does it work ? ------------------- - - LanManager encryption is somewhat similar to UNIX password -encryption. The server uses a file containing a hashed value of a -users password. This is created by taking the users paintext -password, capitalising it, and either truncating to 14 bytes (or -padding to 14 bytes with null bytes). This 14 byte value is used as -two 56 bit DES keys to encrypt a 'magic' eight byte value, forming a -16 byte value which is stored by the server and client. Let this value -be known as the *hashed password*. - -When a client (LanManager, Windows for WorkGroups, Windows 95 or -Windows NT) wishes to mount a Samba drive (or use a Samba resource) it -first requests a connection and negotiates the protocol that the client -and server will use. In the reply to this request the Samba server -generates and appends an 8 byte, random value - this is stored in the -Samba server after the reply is sent and is known as the *challenge*. - -The challenge is different for every client connection. - -The client then uses the hashed password (16 byte value described -above), appended with 5 null bytes, as three 56 bit DES keys, each of -which is used to encrypt the challenge 8 byte value, forming a 24 byte -value known as the *response*. - -In the SMB call SMBsessionsetupX (when user level security is -selected) or the call SMBtconX (when share level security is selected) -the 24 byte response is returned by the client to the Samba server. - -The Samba server then reproduces the above calculation, using it's own -stored value of the 16 byte hashed password (read from the smbpasswd -file - described later) and the challenge value that it kept from the -negotiate protocol reply. It then checks to see if the 24 byte value it -calculates matches the 24 byte value returned to it from the client. - -If these values match exactly, then the client knew the correct -password (or the 16 byte hashed value - see security note below) and -is this allowed access. If not then the client did not know the -correct password and is denied access. - -Note that the Samba server never knows or stores the cleartext of the -users password - just the 16 byte hashed function derived from it. Also -note that the cleartext password or 16 byte hashed value are never -transmitted over the network - thus increasing security. - -IMPORTANT NOTE ABOUT SECURITY ------------------------------ - -The unix and SMB password encryption techniques seem similar on the -surface. This similarity is, however, only skin deep. The unix scheme -typically sends clear text passwords over the nextwork when logging -in. This is bad. The SMB encryption scheme never sends the cleartext -password over the network but it does store the 16 byte hashed value -on disk. This is also bad. Why? Because the 16 byte hashed value is a -"password equivalent". You cannot derive the users password from it, -but it could potentially be used in a modified client to gain access -to a server. This would require considerable technical knowledge on -behalf of the attacker but is perfectly possible. You should thus -treat the smbpasswd file as though it contained the cleartext -passwords of all your users. Its contents must be kept secret, and the -file should be protected accordingly. - -Ideally we would like a password scheme which neither requires plain -text passwords on the net or on disk. Unfortunately this is not -available as Samba is stuck with being compatible with other SMB -systems (WinNT, WfWg, Win95 etc). - - -PROS AND CONS -------------- - -There are advantages and disadvantages to both schemes. - -Advantages of SMB Encryption: ------------------------------ - -- plain text passwords are not passed across the network. Someone using -a network sniffer cannot just record passwords going to the SMB server. - -- WinNT doesn't like talking to a server that isn't using SMB -encrypted passwords. It will refuse to browse the server if the server -is also in user level security mode. It will insist on promting the -user for the password on each connection, which is very annoying. The -only things you can do to stop this is to use SMB encryption. - -Advantages of non-encrypted passwords: --------------------------------------- - -- plain text passwords are not kept on disk. - -- uses same password file as other unix services such as login and -ftp - -- you are probably already using other services (such as telnet and -ftp) which send plain text passwords over the net, so not sending them -for SMB isn't such a big deal. - -- the SMB encryption code in Samba is new and has only had limited -testing. We have tried hard to make it secure but in any new -implementation of a password scheme there is the possability of an -error. - - -The smbpasswd file. -------------------- - - In order for Samba to participate in the above protocol it must -be able to look up the 16 byte hashed value given a user name. -Unfortunately, as the UNIX password value is also a one way hash -function (ie. it is impossible to retrieve the cleartext of the users -password given the UNIX hash of it) then a separate password file -containing this 16 byte value must be kept. To minimise problems with -these two password files, getting out of sync, the UNIX /etc/passwd and -the smbpasswd file, a utility, mksmbpasswd.sh, is provided to generate -a smbpasswd file from a UNIX /etc/passwd file. - -To generate the smbpasswd file from your /etc/passwd file use the -following command :- - -cat /etc/passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd - -If you are running on a system that uses NIS, use - -ypcat passwd | mksmbpasswd.sh >/usr/local/samba/private/smbpasswd - -The mksmbpasswd.sh program is found in the Samba source directory. By -default, the smbpasswd file is stored in :- - -/usr/local/samba/private/smbpasswd - -The owner of the /usr/local/samba/private directory should be set to -root, and the permissions on it should be set to :- - -r-x------ - -The command - -chmod 500 /usr/local/samba/private - -will do the trick. Likewise, the smbpasswd file inside the private -directory should be owned by root and the permissions on is should be -set to - -rw------- - -by the command :- - -chmod 600 smbpasswd. - -The format of the smbpasswd file is - -username:uid:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Long name:user home dir:user shell - -Although only the username, uid, and XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX -sections are significant and are looked at in the Samba code. - -It is *VITALLY* important that there by 32 'X' characters between the -two ':' characters - the smbpasswd and Samba code will fail to validate -any entries that do not have 32 characters between ':' characters. - -When the password file is created all users have password entries -consisting of 32 'X' characters. By default this disallows any access -as this user. When a user has a password set, the 'X' characters change -to 32 ascii hexadecimal digits (0-9, A-F). These are an ascii -representation of the 16 byte hashed value of a users password. - -To set a user to have no password (not recommended), edit the file -using vi, and replace the first 11 characters with the asci text - -NO PASSWORD - -Eg. To clear the password for user bob, his smbpasswd file entry would -look like : - -bob:100:NO PASSWORDXXXXXXXXXXXXXXXXXXXXX:Bob's full name:/bobhome:/bobshell - -If you are allowing users to use the smbpasswd command to set their own -passwords, you may want to give users NO PASSWORD initially so they do -not have to enter a previous password when changing to their new -password (not recommended). - -Note : This file should be protected very carefully. Anyone with -access to this file can (with enough knowledge of the protocols) gain -access to your SMB server. The file is thus more sensitive than a -normal unix /etc/passwd file. - -The smbpasswd Command. ----------------------- - - The smbpasswd command maintains the 32 byte password field in -the smbpasswd file. If you wish to make it similar to the unix passwd -or yppasswd programs, install it in /usr/local/samba/bin (or your main -Samba binary directory) and make it setuid root. - -Note that if you do not do this then the root user will have to set all -users passwords. - -To set up smbpasswd as setuid root, change to the Samba binary install -directory and then type (as root) : - -chown root smbpasswd -chmod 4555 smbpasswd - -If smbpasswd is installed as setuid root then you would use it as -follows. - -smbpasswd -Old SMB password: -New SMB Password: < type new value > -Repeat New SMB Password: < re-type new value > - -If the old value does not match the current value stored for that user, -or the two new values do not match each other, then the password will -not be changed. - -If invoked by an ordinary user it will only allow the user to change -his or her own Samba password. - -If run by the root user smbpasswd may take an optional argument, -specifying the user name whose SMB password you wish to change. Note -that when run as root smbpasswd does not prompt for or check the old -password value, thus allowing root to set passwords for users who have -forgotten their passwords. - -smbpasswd is designed to work in the same way and be familiar to UNIX -users who use the passwd or yppasswd commands. - -NOTE. As smbpasswd is designed to be installed as setuid root I would -appreciate it if everyone examined the source code to look for -potential security flaws. A setuid program, if not written properly can -be an open door to a system cracker. Please help make this program -secure by reporting all problems to me (the author, Jeremy Allison). - -My email address is :- - -jra@vantive.com - -Setting up Samba to support LanManager Encryption. --------------------------------------------------- - -This is a very brief description on how to setup samba to support -password encryption. More complete instructions will probably be added -later. - -1) get and compile the libdes libraries. the source is available from -nimbus.anu.edu.au in pub/tridge/libdes/libdes.tar.92-10-13.gz - -2) enable the encryption stuff in the Samba makefile, making sure you -point it to the libdes library and include file (it needs des.h) -The entries you need to uncomment are the four lines after the comment :- - -# This is for SMB encrypted (lanman) passwords. - -Note that you may have to change the variable DES_BASE to -point at the place where you installed the DES library. - -3) compile and install samba as usual - -4) f your system can't compile the module getsmbpass.c then remove the --DSMBGETPASS define from the Makefile. - -5) enable encrypted passwords in smb.conf by adding the line -"encrypt passwords = yes" in the [global] section - -6) create the initial smbpasswd password file in the place you -specified in the Makefile. A simple way to do this based on your -existing Makefile (assuming it is in a reasonably standard format) is -like this: - -cat /etc/passwd | mksmbpasswd.sh > /usr/local/samba/private/smbpasswd - -Change ownership of private and smbpasswd to root. - -chown -R root /usr/local/samba/private - -Set the correct permissions on /usr/local/samba/private - -chmod 500 /usr/local/samba/private - -Set the correct permissions on /usr/local/samba/private/smbpasswd - -chmod 600 /usr/local/samba/private/smbpasswd - -note that the mksmbpasswd.sh script is in the samba source directory. - -If this fails then you will find that you will need entries that look -like this: - -# SMB password file. -tridge:148:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:Andrew Tridgell:/home/tridge:/bin/tcsh - -note that the uid and username fields must be right. Also, you must get -the number of X's right (there should be 32). - -If you wish, install the smbpasswd program as suid root. - -chown root /usr/local/samba/bin/smbpasswd -chmod 4555 /usr/local/samba/bin/smbpasswd - -7) set the passwords for users using the smbpasswd command. For -example, as root you could do "smbpasswd tridge" - -8) try it out! - -Note that you can test things using smbclient, as it also now supports -encryption. - -NOTE TO USA Sites that Mirror Samba ------------------------------------ - -The DES library is considered a munition in the USA. Under US Law it is -illegal to export this software, or to put it in a freely available ftp -site. - -Please do not mirror the DES directory from the site on nimbus.anu.edu.au - -Thank you, - -Jeremy Allison. - diff --git a/docs/textdocs/Faxing.txt b/docs/textdocs/Faxing.txt new file mode 100644 index 00000000000..0703d75cc35 --- /dev/null +++ b/docs/textdocs/Faxing.txt @@ -0,0 +1,220 @@ +Contributor: Gerhard Zuber +Date: August 5th 1997. +Status: Current + +Subject: F A X I N G with S A M B A +========================================================================== + +This text describes how to turn your SAMBA-server into a fax-server +for any environment, especially for Windows. + Author: Gerhard Zuber + Version: 1.4 + Date: 04. Aug. 1997 + +Requirements: + UNIX box (Linux preferred) with SAMBA and a faxmodem + ghostscript package + mgetty+sendfax package + pbm package (portable bitmap tools) + +FTP sites: + sunsite.unc.edu:/pub/Linux/system/Serial/mgetty+sendfax* + tsx-11.mit.edu:/pub/linux/sources/sbin/mgetty+sendfax + ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/mgetty1.1.6-May05.tar.gz + + pbm10dec91.tgz + ftp.leo.org:/pub/comp/networking/communication/modem/mgetty/pbm10dec91.tgz + sunsite.unc.edu: ..../apps/graphics/convert/pbmplus-10dec91-bin.tar.gz + ftp.gwdg.de/pub/linux/grafik/pbmplus.src.tar.Z (this is 10dec91 source) + or ??? pbm10dec91.tgz pbmplus10dec91.tgz + + +making mgetty+sendfax running: +============================== + + go to source tree: /usr/src/mgetty+sendfax + cp policy.h-dist policy.h + + change your settings: valid tty ports, modem initstring, Station-Id + +#define MODEM_INIT_STRING "AT &F S0=0 &D3 &K3 &C1\\\\N2" + +#define FAX_STATION_ID "49 30 12345678" + +#define FAX_MODEM_TTYS "ttyS1:ttyS2:ttyS3" + + Modem initstring is for rockwell based modems + if you want to use mgetty+sendfax as PPP-dialin-server, + define AUTO_PPP in Makefile: + +CFLAGS=-O2 -Wall -pipe -DAUTO_PPP + + compile it and install the package. + edit your /etc/inittab and let mgetty running on your preferred + ports: + +s3:45:respawn:/usr/local/sbin/mgetty ttyS2 vt100 + + now issue a + kill -HUP 1 + and enjoy with the lightning LEDs on your modem + your now are ready to receive faxes ! + + + if you want a PPP dialin-server, edit + /usr/local/etc/mgetty+sendfax/login.config + +/AutoPPP/ - ppp /usr/sbin/pppd auth debug passive modem + + + Note: this package automatically decides between a fax call and + a modem call. In case of modem call you get a login prompt ! + +Tools for printing faxes: +========================= + + your incomed faxes are in: + /var/spool/fax/incoming + + print it with: + + for i in * + do + g3cat $i | g3tolj | lpr -P hp + done + + in case of low resolution use instead: + + g3cat $i | g3tolj -aspect 2 | lpr -P hp + + + g3cat is in the tools-section, g3tolj is in the contrib-section + for printing to HP lasers. + + If you want to produce files for displaying and printing with Windows, use + some tools from the pbm-package like follow + + g3cat $i | g3topbm - | ppmtopcx - >$i.pcx + + and view it with your favourite Windows tool (maybe paintbrush) + + +Now making the fax-server: +=========================== + + fetch the file + mgetty+sendfax/frontends/winword/faxfilter + + and place it in + + /usr/local/etc/mgetty+sendfax/ + + prepare your faxspool file as mentioned in this file + edit fax/faxspool.in and reinstall or change the final + /usr/local/bin/faxspool too. + + if [ "$user" = "root" -o "$user" = "fax" -o \ + "$user" = "lp" -o "$user" = "daemon" -o "$user" = "bin" ] + + find the first line and change the second. + + make sure you have pbmtext (from the pbm-package). This is + needed for creating the small header line on each page. + Notes on pbmplus: + Some peoples had problems with precompiled binaries (especially + at linux) with a shared lib libgr.so.x.x. The better way is + to fetch the source and compile it. One needs only pbmtext for + generating the small line on top of each page /faxheader). Install + only the individual programs you need. If you install the full + package then install pbmplus first and then mgetty+sendfax, because + this package has some changed programs by itself (but not pbmtext). + + make sure your ghostscript is functional. You need fonts ! + I prefer these from the OS/2 disks + + prepare your faxheader + /usr/local/etc/mgetty+sendfax/faxheader + + edit your /etc/printcap file: + +# FAX +lp3|fax:\ + :lp=/dev/null:\ + :sd=/usr/spool/lp3:\ + :if=/usr/local/etc/mgetty+sendfax/faxfilter:sh:sf:mx#0:\ + :lf=/usr/spool/lp3/fax-log: + + + + + edit your /usr/local/samba/lib/smb.conf + + so you have a smb based printer named "fax" + + +The final step: +=============== + + Now you have a printer called "fax" which can be used via + TCP/IP-printing (lpd-system) or via SAMBA (windows printing). + + On every system you are able to produce postscript-files you + are ready to fax. + + On Windows 3.1 95 and NT: + + Install a printer wich produces postscript output, + e.g. apple laserwriter + + connect the "fax" to your printer + + + Now write your first fax. Use your favourite wordprocessor, + write, winword, notepad or whatever you want, and start + with the headerpage. + + Usually each fax has a header page. It carries your name, + your address, your phone/fax-number. + + It carries also the recipient, his address and his *** fax + number ***. Now here is the trick: + + Use the text: + Fax-Nr: 123456789 + as the recipients fax-number. Make sure this text does not + occur in regular text ! Make sure this text is not broken + by formatting information, e.g. format it as a single entity. + (Windows Write and Win95 Wordpad are functional, maybe newer + versions of Winword are breaking formatting information). + + The trick is that postscript output is human readable and + the faxfilter program scans the text for this pattern and + uses the found number as the fax-destination-number. + + Now print your fax through the fax-printer and it will be + queued for later transmission. Use faxrunq for sending the + queue out. + + Notes of SAMBA smb.conf: + Simply use fall through from the samba printer to the unix + printer. Sample: + + + printcap name = /etc/printcap + print command = /usr/bin/lpr -r -P %p %s + lpq command = /usr/bin/lpq -P %p + lprm command = /usr/bin/lprm -P %p %j + + +[fax] + comment = FAX (mgetty+sendfax) + path = /tmp + printable = yes + public = yes + writable = no + create mode = 0700 + browseable = yes + guest ok = no + + + diff --git a/docs/textdocs/GOTCHAS.txt b/docs/textdocs/GOTCHAS.txt new file mode 100644 index 00000000000..bc5c6dae853 --- /dev/null +++ b/docs/textdocs/GOTCHAS.txt @@ -0,0 +1,68 @@ +This file lists Gotchas to watch out for: +========================================================================= +Item Number: 1.0 +Description: Problem Detecting Interfaces +Symptom: Workstations do NOT see Samba server in Browse List +OS: RedHat - Rembrandt Beta 2 +Platform: Intel +Date: August 16, 1996 +Submitted By: John H Terpstra +Details: + By default RedHat Rembrandt-II during installation adds an + entry to /etc/hosts as follows:- + 127.0.0.1 loopback "hostname"."domainname" + + This causes Samba to loop back onto the loopback interface. + The result is that Samba fails to communicate correctly with + the world and therefor may fail to correctly negotiate who + is the master browse list holder and who is the master browser. + +Corrective Action: Delete the entry after the word loopback + in the line starting 127.0.0.1 +========================================================================= +Item Number: 2.0 +Description: Problems with MS Windows NT Server network logon service +Symptom: Loss of Domain Logon Services and failed Windows NT / 95 + logon attempts. +OS: All Unix systems with Windows NT Domain Control environments. +Platform: All +Date: February 1, 1997 +Submitted By: John H Terpstra +Details: + Samba is configured for Domain logon control in a network + where a Windows NT Domain Primary Controller is running. + + Case 1: + The Windows NT Server is shut down, then restarted. Then + the Samba server is reconfigured so that it NO LONGER offers + Domain logon services. Windows NT and 95 workstations can no + longer log onto the domain. Ouch!!! + + Case 2: + The Windows NT Server which is running the Network logon + Service is shut down and restarted while Samba is a domain + controller offering the Domain LogOn service. Windows NT + Workstation and Server can no longer log onto the network. + + Cause: + Windows NT checks at start up to see if any domain logon + controllers are already running within the domain. It finds + Samba claiming to offer the service and therefore does NOT + start its Network Logon Service. + + Windows NT needs the Windows NT network logon service to gain + from its Domain controller's SAM database the security + identifier for the user loging on. + +Work-around: Stop the Samba nmbd and smbd processes, then on the Windows + NT Primary Domain Controller start the Network Logon Service. + Now restart the Samba nmbd and smbd services. + + Better still: DO NOT CONFIGURE SAMBA AS THE NETWORK LOGON + SERVER, DO NOT SET SAMBA TO BE THE DOMAIN MASTER, DO NOT + SET SAMBA TO OS LEVEL GREATER THAN 0. + + ie: Let Windows NT Server be the Domain Logon server, the + domain master browser and do NOT interfere with any aspect + of Microsoft Windows NT Domain Control. +========================================================================= diff --git a/docs/textdocs/GROUP-MAPPING-HOWTO.txt b/docs/textdocs/GROUP-MAPPING-HOWTO.txt new file mode 100644 index 00000000000..c266f56548d --- /dev/null +++ b/docs/textdocs/GROUP-MAPPING-HOWTO.txt @@ -0,0 +1,60 @@ +Samba 3.0 prealpha guide to group mapping +--------------------------------------------------- + +Jean François Micouleau (jfm@samba.org) + +Starting with Samba 3.0 alpha 2, a new group mapping function is available. The +current method (likely to change) to manage the groups is a new command called +smbgroupedit. + +The first immediate reason to use the group mapping on a PDC, is that +the 'domain admin group' of smb.conf is now gone. This parameter was +used to give the listed users local admin rights on their +workstations. It was some magic stuff that simply worked but didn't +scale very well for complex setups. + +Let me explain how it works on NT/W2K, to have this magic fade away. +When installing NT/W2K on a computer, the installer program creates some users +and groups. Notably the 'Administrators' group, and gives to that group some +privileges like the ability to change the date and time or to kill any process +(or close too) running on the local machine. The 'Administrator' user is a +member of the 'Administrators' group, and thus 'inherit' the 'Administrators' +group privileges. If a 'joe' user is created and become a member of the +'Administrator' group, 'joe' has exactly the same rights as 'Administrator'. + +When a NT/W2K machine is joined to a domain, during that phase, the "Domain +Administrators' group of the PDC is added to the 'Administrators' group of the +workstation. Every members of the 'Domain Administrators' group 'inherit' the +rights of the 'Administrators' group when logging on the workstation. + + +You are now wondering how to make some of your samba PDC users members of the +'Domain Administrators' ? That's really easy. + +1) create a unix group (usually in /etc/group), let's call it domadm +2) add to this group the users that must be Administrators. For example if you +want joe,john and mary, your entry in /etc/group will look like: + + domadm:x:502:joe,john,mary + +3) map this domadm group to the 'domain admins' group by running the command: + + smbgroupedit -c "Domain Admins" -u domadm + +you're set, joe, john and mary are domain administrators ! + + + +Like the Domain Admins group, you can map any arbitrary Unix group to any NT +group. You can also make any Unix group a domain group. For example, on a domain +member machine (an NT/W2K or a samba server running winbind), you would like to +give access to a certain directory to some users who are member of a group on +your samba PDC. Flag that group as a domain group by running: + + smbgroupedit -a unixgroup -td + + +You can list the various groups in the mapping database like this + + smbgroupedit -v + diff --git a/docs/textdocs/HINTS.txt b/docs/textdocs/HINTS.txt index 953650bdd3e..75114557fe8 100644 --- a/docs/textdocs/HINTS.txt +++ b/docs/textdocs/HINTS.txt @@ -1,3 +1,10 @@ +Contributor: Many +Updated: Not for a long time! + +Subject: A collection of hints +Status: May be useful information but NOT current +=============================================================================== + Here are some random hints that you may find useful. These really should be incorporated in the main docs someday. @@ -40,7 +47,7 @@ Jim barry has written an excellent drag-and-drop cr/lf converter for windows. Just drag your file onto the icon and it converts the file. Get it from -ftp://nimbus.anu.edu.au/pub/tridge/samba/contributed/fixcrlf.zip +ftp://samba.org/pub/samba/contributed/fixcrlf.zip ---------------------- HINT: Use the "username map" option diff --git a/docs/textdocs/INSTALL.sambatar b/docs/textdocs/INSTALL.sambatar index 388e2a3eb6f..413f54d3c65 100644 --- a/docs/textdocs/INSTALL.sambatar +++ b/docs/textdocs/INSTALL.sambatar @@ -1,3 +1,9 @@ +Contributor: Ricky Poulten +Date: Unknown +Status: Current + +Subject: Using smbtar +============================================================================= Please see the readme and the man page for general info. diff --git a/docs/textdocs/Imprints.txt b/docs/textdocs/Imprints.txt new file mode 100644 index 00000000000..4ea9782bd38 --- /dev/null +++ b/docs/textdocs/Imprints.txt @@ -0,0 +1,47 @@ +================================================================== + + +Imprints (Installation Manager of Printer driver +Retreival and Installation for Samba) is a project to +implement a UNIX equivalent of the Windows NT APW. +It has been taken on in part by the Samba Team, VA Linux +Systems and Hewlett-Packard. The Imprints toolset seeks +to provide central repository for users and administrators +to locate, download, and install all variations Window +95/98/NT printer drivers on Samba print servers. + +The server portion of Imprints is composed of a database +server which contains information and locations of various +printer driver packages. This server can be queried over +standard HTTP get requests and should therefore be available +to most administrators behind firewalls. The server's +database consists of records containing data about each +known printer driver package. For example, each driver +record contains a URL from which the Imprints installation +client can download the package as well as a public key which +can be used to verify the package's integrity. + +Once downloaded, the installation client will attempt to +install the printer driver on the defined remote server +using the username and password provided by the administrator. +If the username/password pair can be authenticated by the +remote server (and has the appropriate authorization), then +the printer driver(s) is (are) installed and the new Printer +is created. + +From Samba's point of view, the process of creating a new +printer via the Imprints installation client is identical to +that of using the Windows NT APW. In fact, Imprints utilizes +Samba's rpcclient and smbclient tools to issue the same MS-RPC +and file copy operations as an NT client. This means that +Imprints can also be used to install printers on remote Windows +NT print servers. + +For more information on Imprints, visit the project homepage +at + + http://imprints.sourceforge.net/. + + + + diff --git a/docs/textdocs/Macintosh_Clients.txt b/docs/textdocs/Macintosh_Clients.txt new file mode 100644 index 00000000000..dfac97e1aa2 --- /dev/null +++ b/docs/textdocs/Macintosh_Clients.txt @@ -0,0 +1,23 @@ +> Are there any Macintosh clients for Samba? + +Yes. Thursby now have a CIFS Client / Server called DAVE - see +http://www.thursby.com/ + +They test it against Windows 95, Windows NT and samba for +compatibility issues. At the time of writing, DAVE was at version +1.0.1. The 1.0.0 to 1.0.1 update is available as a free download from +the Thursby web site (the speed of finder copies has been greatly +enhanced, and there are bug-fixes included). + +Alternatives - There are two free implementations of AppleTalk for +several kinds of UNIX machnes, and several more commercial ones. +These products allow you to run file services and print services +natively to Macintosh users, with no additional support required on +the Macintosh. The two free omplementations are Netatalk, +http://www.umich.edu/~rsug/netatalk/, and CAP, +http://www.cs.mu.oz.au/appletalk/atalk.html. What Samba offers MS +Windows users, these packages offer to Macs. For more info on these +packages, Samba, and Linux (and other UNIX-based systems) see +http://www.eats.com/linux_mac_win.html + + diff --git a/docs/textdocs/NetBIOS.txt b/docs/textdocs/NetBIOS.txt new file mode 100644 index 00000000000..ca0dcc84b72 --- /dev/null +++ b/docs/textdocs/NetBIOS.txt @@ -0,0 +1,152 @@ +Contributor: lkcl - samba@samba.org + Copyright 1997 Luke Kenneth Casson Leighton +Date: March 1997 +Status: Current +Updated: 12jun97 + +Subject: Definition of NetBIOS Protocol and Name Resolution Modes +============================================================================= + +======= +NETBIOS +======= + +NetBIOS runs over the following tranports: TCP/IP; NetBEUI and IPX/SPX. +Samba only uses NetBIOS over TCP/IP. For details on the TCP/IP NetBIOS +Session Service NetBIOS Datagram Service, and NetBIOS Names, see +rfc1001.txt and rfc1002.txt. + +NetBEUI is a raw NetBIOS frame protocol implementation that allows NetBIOS +datagrams to be sent out over the 'wire' embedded within LLC frames. +NetBEUI is not required when using NetBIOS over TCP/IP protocols and it +is preferable NOT to install NetBEUI if it can be avoided. + +IPX/SPX is also not required when using NetBIOS over TCP/IP, and it is +preferable NOT to install the IPX/SPX transport unless you are using Novell +servers. At the very least, it is recommended that you do not install +'NetBIOS over IPX/SPX'. + +[When installing Windows 95, you will find that NetBEUI and IPX/SPX are +installed as the default protocols. This is because they are the simplest +to manage: no Windows 95 user-configuration is required]. + + +NetBIOS applications (such as samba) offer their services (for example, +SMB file and print sharing) on a NetBIOS name. They must claim this name +on the network before doing so. The NetBIOS session service will then +accept connections on the application's behalf (on the NetBIOS name +claimed by the application). A NetBIOS session between the application +and the client can then commence. + +NetBIOS names consist of 15 characters plus a 'type' character. This is +similar, in concept, to an IP address and a TCP port number, respectively. +A NetBIOS-aware application on a host will offer different services under +different NetBIOS name types, just as a host will offer different TCP/IP +services on different port numbers. + +NetBIOS names must be claimed on a network, and must be defended. The use +of NetBIOS names is most suitable on a single subnet; a Local Area Network +or a Wide Area Network. + +NetBIOS names are either UNIQUE or GROUP. Only one application can claim a +UNIQUE NetBIOS name on a network. + +There are two kinds of NetBIOS Name resolution: Broadcast and Point-to-Point. + + +================= +BROADCAST NetBIOS +================= + +Clients can claim names, and therefore offer services on successfully claimed +names, on their broadcast-isolated subnet. One way to get NetBIOS services +(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and +SMB file/print sharing: see cifs4.txt) working on a LAN or WAN is to make +your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. + +This, however, is not recommended. If you have a large LAN or WAN, you will +find that some of your hosts spend 95 percent of their time dealing with +broadcast traffic. [If you have IPX/SPX on your LAN or WAN, you will find +that this is already happening: a packet analyzer will show, roughly +every twelve minutes, great swathes of broadcast traffic!]. + + +============ +NBNS NetBIOS +============ + +rfc1001.txt describes, amongst other things, the implementation and use +of, a 'NetBIOS Name Service'. NT/AS offers 'Windows Internet Name Service' +which is fully rfc1001/2 compliant, but has had to take specific action +with certain NetBIOS names in order to make it useful. (for example, it +deals with the registration of <1c> <1d> <1e> names all in different ways. +I recommend the reading of the Microsoft WINS Server Help files for full +details). + +Samba also offers WINS server capabilities. Samba does not interact +with NT/AS (WINS replication), so if you have a mixed NT server and +Samba server environment, it is recommended that you use the NT server's +WINS capabilities, instead of samba's WINS server capabilities. + +The use of a WINS server cuts down on broadcast network traffic for +NetBIOS name resolution. It has the effect of pulling all the broadcast +isolated subnets together into a single NetBIOS scope, across your LAN +or WAN, while avoiding the use of TCP/IP broadcast packets. + +When you have a WINS server on your LAN, WINS clients will be able to +contact the WINS server to resolve NetBIOS names. Note that only those +WINS clients that have registered with the same WINS server will be +visible. The WINS server _can_ have static NetBIOS entries added to its +database (usually for security reasons you might want to consider putting +your domain controllers or other important servers as static entries, +but you should not rely on this as your sole means of security), but for +the most part, NetBIOS names are registered dynamically. + +[It is important to mention that samba's browsing capabilities (as a WINS +client) must have access to a WINS server. if you are using samba also +as a WINS server, then it will have a direct short-cut into the WINS +database. + +This provides some confusion for lots of people, and is worth mentioning +here: a Browse Server is NOT a WINS Server, even if these services are +implemented in the same application. A Browse Server _needs_ a WINS server +because a Browse Server is a WINS client, which is _not_ the same thing]. + +Clients can claim names, and therefore offer services on successfully claimed +names, on their broadcast-isolated subnet. One way to get NetBIOS services +(such as browsing: see ftp.microsoft.com/drg/developr/CIFS/browdiff.txt; and +SMB file/print sharing: see cifs6.txt) working on a LAN or WAN is to make +your routers forward all broadcast packets from TCP/IP ports 137, 138 and 139. +You will find, however, if you do this on a large LAN or a WAN, that your +network is completely swamped by NetBIOS and browsing packets, which is why +WINS was developed to minimise the necessity of broadcast traffic. + +WINS Clients therefore claim names from the WINS server. If the WINS +server allows them to register a name, the client's NetBIOS session service +can then offer services on this name. Other WINS clients will then +contact the WINS server to resolve a NetBIOS name. + + +======================= +Samba WINS Capabilities +======================= + +To configure samba as a WINS server, you must add "wins support = yes" to +the [global] section of your smb.conf file. This will enable WINS server +capabilities in nmbd. + +To configure samba as a WINS client, you must add "wins server = x.x.x.x" +to the [global] section of your smb.conf file, where x.x.x.x is the TCP/IP +address of your WINS server. The browsing capabilities in nmbd will then +register (and resolve) WAN-wide NetBIOS names with this WINS server. + +Note that if samba has "wins support = yes", then the browsing capabilities +will _not_ use the "wins server" option to resolve NetBIOS names: it will +go directly to the internal WINS database for NetBIOS name resolution. It +is therefore invalid to have both "wins support = yes" and +"wins server = x.x.x.x". Note, in particular, that if you configure the +"wins server" parameter to be the ip address of your samba server itself +(as might one intuitively think), that you will run into difficulties. +Do not use both parameters! + + diff --git a/docs/textdocs/PROFILES.txt b/docs/textdocs/PROFILES.txt new file mode 100644 index 00000000000..1b9cf4213e3 --- /dev/null +++ b/docs/textdocs/PROFILES.txt @@ -0,0 +1,385 @@ +Contributors: Bruce Cook + Copyright (C) 1998 Bruce Cook + + John Terpstra + Copyright (C) 1998 John H. Terpstra + + Wolfgang Ratzka + Copyright (C) 1998 Wolfgang Ratzka + +Created: April 11, 1998 +Updated: April 11, 1998 + +Subject: User Profiles +=========================================================================== + +From BC3-AU@bigfoot.com Sat Apr 11 13:36:05 1998 +Date: Sat, 11 Apr 1998 17:13:49 +1000 +From: Bruce Cook +To: Multiple recipients of list +Subject: RE: A question about NT Domains + +Luke Kenneth Casson Leighton writes: + > On Fri, 10 Apr 1998, Jean-Francois Micouleau wrote: + > + > > On Fri, 10 Apr 1998, Luke Kenneth Casson Leighton wrote: + > > + > > > ah, then i need to explain better. two or more users have identical + > > > profiles. say only one user installs a program which adds additional keys + > > > into the registry. those keys, as i understand it, will *not* be removed + > > > from HKEY_LOCAL_USER when subsequent users log in. + > > + > > under W95 or NT ? + > + > my experience is with Win95, but i expect the same for NT, and have been + > told that it is so by someone who runs NT admin training courses. + > + > > and why do you want to have one profile shared between multiples users ? + > + > you don't. how did you get that impression? i said multiple users with + > identical profiles, not multiple users sharing one profile. + +In my experience with both Win95 and NT, is that the HKEY_LOCAL_USER information +is stored in USER.dat or NTuser.DAT for NT. ALL of this branch is in this file +and there is no overlap between any two users (Unless you have '95 set up +to use a single common profile). + +[** lkcl: see jht's message for conditions under which an overlap can occur **] + +The HKEY_LOCAL_MACHINE branch is machine based, and shared by all users of that +machine. + + +[And now for a whole stack of caveats] + +1. User start menu paths are not stored in the registry (obviously) they're + a directory structure that located by settings in HKEY_LOCAL_USER. + + If you want start menues / desktop / favorites to be individual to a user + you must set up your user registry so these can be located individually. + The easiest tool to manage this is the policy editor. + +2. When you log onto 'Doze 95, it has to find the user registry. + + + If you have specified a common profile, a "default user" USER.DAT is used. + + If you have specified individualised profiles, then USER.DAT will be found + by the following formula: + + 1. if NET USE x: /HOME was used at startup, try for x:\USER.DAT (where + x: is any drive letter from A to Z. + if no USER.DAT is found go to step 3 + + 2. if no home is specified in a mapping, + ...\windows\profiles\username\USER.DAT is used. If no USER.DAT exists + go to step 3. + + 3. If neither of the previous two found a USER.DAT, then it will use + a prototype USER.DAT which it will later save to the above specified + path when the user logs out. + + The interesting thing here is that the prototype USER.DAT used here + is actually a copy of the last USER.DAT used on this machine. (This + may be the effect that the original poster is seeing) + + 4. As discussed above the start menu and desktop are specified in the + registry contained within USER.DAT. When a new USER.DAT is created + from a prototype, new directories are created for the start menu and + desktop ACCORDING TO HOW THE COPIED PROTOTYPE DEFINES THEM. + + So if the prototype USER.DAT says that start menu is in H:\Start Menu + but programs folder is C:\windows\start menu\programs, then the + H:\start menu will be created, and the existing machine programs + folder used. + + This means that is is important when creating roving profiles to get + your prototype USER.DAT and general user directory structure set up + exactly as you want it, and then make a copy of it that you know will + be safe from modification. When creating a new user you then copy + this prototype into the new user area, so that the new user doesn't + just inherit what the previous user had. + + +3. When you log onto 'Doze NT, it has to find the user registry. + + + NT is easier to see what's going on, but follows much the same rules as + '95. The big difference being that 'NT gets its profile location from + the login server when it's logged in. (On an NT system have a look at user + manager/user/profile - you will see that you can specify the user profile + path) Under NT3.51 this profile path was a path to NTuser.DAT, on 4.0 this + seems to be a path to a directory structure (haven't played with many NT4 + servers) + + I'm not sure how this works in samba, as I haven't yet tried the NT_DOM stuff + yet (Luke: I assume you have a keyword for this?) + +[lkcl: nt workstations should look in exactly the same places for things on + samba or other SMB servers as they do on an NT server, as long as that + SMB server looks like NT. if anyone finds that something fails, alert + us on samba@samba.org and we'll look into it]. + + When an NT system find a user without a NTuser.DAT, it copies from a + prototype that it stores especially for this purpose, so while unlike '95 + the user doesn't get whatever happened last on the machine, the user will + get a fairly minimalist configuration. + +[[jht: +When a Win95 machine logs onto a Windows NT Domain the Win95 machine looks +for the presence of a file called Config.Pol in the following location: + \\"Authenticating Server"\NETLOGON +It reads this file and uses it to ammend both the desktop environment as well +as the file %WinDir%\Profiles\%USERNAME%\User.DAT. As with Windows NT, on log +out this file gets written back to the profile server into the %USERNAME% +directory in the profile share. + +It is thus possible to share a common desktop profile between Windows NT and +Windows 9x. +:jht]] + + +4. There are a *LOT* of reasons that the 'doze machine might not find USER.DAT + and therefore default to a prototype. + + 1. Can't execute logon script & therefore no /HOME mapping (Most common) + .Make sure the script exists + .that you have your logon script set right + .Netlogon share must exist + .Protection/ownership of the script and share + + 2. no /HOME mapping in the logon script + + 3. no home path specified in /etc/smb.conf (Or no home mapping set + up for that user in NT's user manager) + + 4. Protection/ownership of the user directory + + 5. protection/ownership of USER.DAT + + 6. basic networking problems + .Is the networking available (Test it by manually mapping + to both the user share and netlogon share) + .Was the networking working during logon ? + + 7. Has it defaulted to a prototype, and then had you map the home + directory afterwards ? - This will result in the bad prototype + being written into the users home, and them being stuck with it, + (Just replace USER.DAT again) + + +5. Interesting NOTE + + When '95 is performing the logon script, the HKEY_LOCAL_USERS has + NOT been mapped from the USER.DAT. What has been mapped at this stage + is the prototype registry (last one used). + + I assume the reason for this is that '95 is waiting for the logon + script to complete so that it can identify where the user's home + directory is. + + If at this point you attempt to do anything that uses the USER registry, + (installing something for example or reading something from the user + registry) you will actually be operating on the machine stored prototype + profile not the user profile. This means that nothing will realy + happen to the user setup (No menu items, no settings etc). + + To get around this you can name a process in the "run once" entries in + the HKEY_LOCAL_MACHINE branch, and these "run once" processes will be + executed once the USER.DAT is loaded, and all the user directories are + accessible. + + +To sum up: + + NET USE H: /HOME + is the key to getting your user profiles loaded from a server. + NET USE H: \\server\homes + Won't get it right without a lot of stuffing about. + + Windoze '95 goes through a lot to bring you your user profile and + if anything goes wrong during this process, it will drop back to + using whatever profile was last used on the machine. + + +From samba@aquasoft.com.au Sat Apr 11 13:48:54 1998 +Date: Sat, 11 Apr 1998 09:34:08 +1000 +From: Samba Bugs +To: Multiple recipients of list +Subject: Re: A question about NT Domains + +Just for the sake of completeness I thought I'd add a bit to this. +Let's be clear about which files affect registry changes (or contents). + +Under NT, open a command prompt interface: +cd %SystemRoot%\System32\config +dir + +The standard registry files are: + Default - all component default settings + System - all HKLM\System entries + Software - all HKLM\Software entries + Security - Domain/Machine releated User Rights & Privs. + SAM - the Security Access Manager database (ie:Passwords etc.) + +[[jht: +The SAM and Security files are the only files that get synchronised between +Windows NT Domain Controllers. +:jht]] + +These are used by EVERYTHING!! + +When a user logs in the following files get checked: + 1) \\"Authenticating Server"\NETLOGON\NTConfig.Pol + 2) %SystemRoot%\Profiles\Policies\NTConfig.Pol + this one is a copy of the last NTConfig.Pol downloaded + from (1) above - if available. + 3) %SystemRoot%\Policies\%UserName%\NTUser.DAT + +[[jht: +The System Policy Editor on Windows NT can be used to create both the +Windows 95 "Config.Pol" file, as well as the Windows NT "NTConfig.Pol" +file. To create the Windows 95 policy file you MUST load the Windows 95 +policy template BEFORE creating the Config.Pol file. +:jht]] + +The later, is first obtained from a profile server if the User_Init_Info +passed from the Domain Logon Server specifies use of a roaming profile. +If item (3) does NOT exist and/or NO default profile is available one gets +created from the system default settings PLUS the last loaded file at item +(2) above. + +The HKCU is always unique to the currently logged in user, BUT if the +currently logged in user is using a shared profile that has NOT been made +exclusive then on logout the HKCU will be written over the top of the +source files. That is why Mandatory profiles are essential when sharing a +roaming profile. + +On Sat, 11 Apr 1998, Wolfgang Ratzka wrote: + +> Luke Kenneth Casson Leighton wrote: +> +> > my experience is with Win95, but i expect the same for NT, and have been +> > told that it is so by someone who runs NT admin training courses. +> +> On NT it is quite definitely not so. HKCU will always be loaded completely from +> the user's NTuser.dat file and unloaded again after logout. +> In fact HKCU is not a proper registry hive but a symbolic reference to the subkey of +> HKEY_USERS that corresponds to the current user. If more than one user +> is active on an NT machine (on plain vanilla NT this *is* possible if you have +> services running as a non-system user; on WinFrame or Hydra multiple users +> can be logged in) you will see several subkeys of HKU that correspond to +> the active users and don't interfere with each other. +> +> Of course some settings that a user can change do not go into the HKCU hive +> but into HKLM, most notably the screen resolution and the number of colours +> (you can use policies to prevent user's from changing these). +> Some applications put information that should go into HKCU into HKLM instead. +> (Hall of Shame: Netscape Communicator, Microsoft Office 97 [User dictionaries!]...). +> Others just use plain good old INI files in their program directory or even +> in \WINNT\SYSTEM32. Those changes will not be user specific but machine +> specific and those programs will cause trouble, when one tries to run them +> on WinFrame or Hydra... :-). +> +> Summarizing: +> +> Q: Will the next user inherit a previous user's additions +> to the HKCU registry hive? +> A: Quite definitely not. + +Correct. + +> +> Q: Can a user foul up the configuration for the next user? +> A: Quite definitely yes! + +See above. Yes, but not if correctly configured. + +> +> Q: Is this discussion out of place on the samba-ntdom list? +> A: Errr.... + +Errr... Really? I think it is. Do we, or do we not, want to help people to +gain stable and dependable use of samba? + +> -- +> Wolfgang Ratzka (dialing in from home) + +Cheers, +John H Terpstra (Also from home!!!!) + +============================================================================= +Further notes by Bruce Cook + +Date: Sun, 12 Apr 1998 14:12:22 +1000 +From: Bruce Cook +Subject: Re: Win95 / NT Profiles (was: RE: A question about NT Domains) + +Ah yes I knew there was something I forgot. +here it is for completeness. + +============================================================================= + +When a user logs into a specific machine for the first time, they will be +told that they've never logged into the machine, and would they like to +store the user setting for future use. + +If the user answers NO, they will be nagged about this every time they +log into the machine until they say YES. (How about it MS, could we +possible do something about this feature?) + +When the user answers YES, thereafter upon logging out of the machine, +a copy of the user's profile is also written onto the machines local disk +for later use. + +When a user logs into a machine where his/her profile has previously been +saved, a comparison is made between the date of the profile copy kept on +the machine, and the date of the profile stored on the server. In theory +the server date should be later or the same. + +If the local machine date is later than the server date, the client +machine will tell you the the settings on the local machine are more +recent than those of the server, and would you like to user them instead. + +This occurs for a couple of reasons: + 1. Server not available when the user logs out + 2. Date mismatch between the server and the client + (I always use NET TIME \\server /SET /YES in my logon scripts) + + +Logging in with NO server available. + +In some cases a client will want to log into a network with no server +available. (Portables away from the office, or a dead server) + +This can only happen if the administrator has NOT set the machine to +give access only upon password verification from the server. +(If the admin has done this, it can be circumvented by restarting + the machine in safe mode, and running poledit, or regedit and + disabling that feature) + +If you are able to log in while the server is unavailable, you have +two choices + 1. Log in as a user that previously stored a profile + (The password won't have to match unless the machine + is set up to store passwords) + + 2. log in as the default user (bit the cancel button or escape key) + +If you choose to use your profile stored on the local machine, there are +several things you should be wary of: + 1. the profile stored on the machine will be a copy of the last + profile used when you logged into THAT machine. You may get + quite an old profile. + 2. When you log out, that local profile is garunteed to be later + than the one on the server, and if the server is available, or + you later log into that machine when the server is available + you could overwrite the good server profile with a bogus profile. + + +Technique note: + I set portable computers up so that they don't use roaming profiles, + rather they have a single profile kept on the machine. This means + that a user has the same desktop look an feel regardless of where + they are. This follows the philosophy that laptops tend to be used + by only one person. diff --git a/docs/textdocs/Passwords.txt b/docs/textdocs/Passwords.txt index e06876fecae..25d4c816f05 100644 --- a/docs/textdocs/Passwords.txt +++ b/docs/textdocs/Passwords.txt @@ -1,5 +1,9 @@ -NOTE ABOUT PASSWORDS -==================== +Contributor: Unknown +Date: Updated April 19th 1999. +Status: Current + +Subject: NOTE ABOUT PASSWORDS +============================================================================= Unix systems use a wide variety of methods for checking the validity of a password. This is primarily controlled with the Makefile defines @@ -30,10 +34,10 @@ Unix password checking method you are using. Note that the AFS code is only written and tested for AFS 3.3 and later. -SECURITY = SERVER -================= +SECURITY = SERVER or DOMAIN +=========================== -Samba can use a remote server to do it's username/password +Samba can use a remote server to do its username/password validation. This allows you to have one central machine (for example a NT box) control the passwords for the Unix box. diff --git a/docs/textdocs/Printing.txt b/docs/textdocs/Printing.txt new file mode 100644 index 00000000000..b47120eaba9 --- /dev/null +++ b/docs/textdocs/Printing.txt @@ -0,0 +1,255 @@ +Contributor: Unknown +Revised by: Patrick Powell +Date: August 11, 2000 +Status: Current + +Subject: Dubugging Printing Problems +============================================================================= + +This is a short description of how to debug printing problems with +Samba. This describes how to debug problems with printing from a SMB +client to a Samba server, not the other way around. For the reverse +see the examples/printing directory. + +Please send enhancements to this file to samba@samba.org + +Ok, so you want to print to a Samba server from your PC. The first +thing you need to understand is that Samba does not actually do any +printing itself, it just acts as a middleman between your PC client +and your Unix printing subsystem. Samba receives the file from the PC +then passes the file to a external "print command". What print command +you use is up to you. + +The whole things is controlled using options in smb.conf. The most +relevant options (which you should look up in the smb.conf man page) +are: + [global] + print command - send a file to a spooler + lpq command - get spool queue status + lprm command - remove a job + [printers] + path = /var/spool/lpd/samba + +The following are nice to know about: + + queuepause command - stop a printer or print queue + queueresume command - start a printer or print queue + +Example: + print command = /usr/bin/lpr -r -P%p %s + lpq command = /usr/bin/lpq -P%p %s + lprm command = /usr/bin/lprm -P%p %j + queuepause command = /usr/sbin/lpc -P%p stop + queuepause command = /usr/sbin/lpc -P%p start + +Samba should set reasonable defaults for these depending on your +system type, but it isn't clairvoyant. It is not uncommon that you +have to tweak these for local conditions. The commands should +always have fully specified pathnames, as the smdb may not have +the correct PATH values. + +When you send a job to Samba to be printed, it will make a temporary +copy of it in the directory specified in the [printers] section. +and it should be periodically cleaned out. The lpr -r option +requests that the temporary copy be removed after printing; If +printing fails then you might find leftover files in this directory, +and it should be periodically cleaned out. Samba used the lpq +command to determine the "job number" assigned to your print job +by the spooler. + +The % are "macros" that get dynamically replaced with appropriate +values when they are used. The %s gets replaced with the name of the spool +file that Samba creates and the %p gets replaced with the name of the +printer. The %j gets replaced with the "job number" which comes from +the lpq output. + +DEBUGGING PRINTER PROBLEMS + +One way to debug printing problems is to start by replacing these +command with shell scripts that record the arguments and the contents +of the print file. A simple example of this kind of things might +be: + + print command = /tmp/saveprint %p %s + + #!/bin/saveprint + # we make sure that we are the right user + /usr/bin/id -p >/tmp/tmp.print + # we run the command and save the error messages + # replace the command with the one appropriate for your system + /usr/bin/lpr -r -P$1 $2 2>>&/tmp/tmp.print + +Then you print a file and try removing it. You may find that the +print queue needs to be stopped in order to see the queue status +and remove the job: + +h4: {42} % echo hi >/tmp/hi +h4: {43} % smbclient //localhost/lw4 +added interface ip=10.0.0.4 bcast=10.0.0.255 nmask=255.255.255.0 +Password: +Domain=[ASTART] OS=[Unix] Server=[Samba 2.0.7] +smb: \> print /tmp/hi +putting file /tmp/hi as hi-17534 (0.0 kb/s) (average 0.0 kb/s) +smb: \> queue +1049 3 hi-17534 +smb: \> cancel 1049 +Error cancelling job 1049 : code 0 +smb: \> cancel 1049 +Job 1049 cancelled +smb: \> queue +smb: \> exit + +The 'code 0' indicates that the job was removed. The comment +by the smbclient is a bit misleading on this. +You can observe the command output and then and look at the +/tmp/tmp.print file to see what the results are. You can quickly +find out if the problem is with your printing system. Often people +have problems with their /etc/printcap file or permissions on +various print queues. + +WHAT PRINTERS DO I HAVE + +You can use the 'testprns' program to check to see if the printer +name you are using is recognized by Samba. For example, you can +use: + + testprns printer /etc/printcap + +Samba can get its printcap information from a file or from a program. +You can try the following to see the format of the extracted +information: + + testprns -a printer /etc/printcap + + testprns -a printer '|/bin/cat printcap' + +SETTING UP PRINTCAP AND PRINT SERVERS + +You may need to set up some printcaps for your Samba system to use. +It is strongly recommended that you use the facilities provided by +the print spooler to set up queues and printcap information. + +Samba requires either a printcap or program to deliver printcap +information. This printcap information has the format: + + name|alias1|alias2...:option=value:... + +For almost all printing systems, the printer 'name' must be composed +only of alphanumeric or underscore '_' characters. Some systems also +allow hyphens ('-') as well. An alias is an alternative name for the +printer, and an alias with a space in it is used as a 'comment' +about the printer. The printcap format optionally uses a \ at the end of lines +to extend the printcap to multiple lines. + + +Here are some examples of printcap files: + +pr just printer name +pr|alias printer name and alias +pr|My Printer printer name, alias used as comment +pr:sh:\ Same as pr:sh:cm= testing + :cm= \ + testing +pr:sh Same as pr:sh:cm= testing + :cm= testing + +Samba reads the printcap information when first started. If you make +changes in the printcap information, then you must do the following: + +a) make sure that the print spooler is aware of these changes. + The LPRng system uses the 'lpc reread' command to do this. + +b) make sure that the spool queues, etc., exist and have the + correct permissions. The LPRng system uses the 'checkpc -f' + command to do this. + +c) You now should send a SIGHUP signal to the smbd server to have + it reread the printcap information. + +JOB SENT, NO OUTPUT + +This is the most frustrating part of printing. You may have sent the +job, verified that the job was forwarded, set up a wrapper around +the command to send the file, but there was no output from the printer. + +First, check to make sure that the job REALLY is getting to the +right print queue. If you are using a BSD or LPRng print spooler, +you can temporarily stop the printing of jobs. Jobs can still be +submitted, but they will not be printed. Use: + + lpc -Pprinter stop + +Now submit a print job and then use 'lpq -Pprinter' to see if the +job is in the print queue. If it is not in the print queue then +you will have to find out why it is not being accepted for printing. + +Next, you may want to check to see what the format of the job really +was. With the assistance of the system administrator you can view +the submitted jobs files. You may be surprised to find that these +are not in what you would expect to call a printable format. +You can use the UNIX 'file' utitily to determine what the job +format actually is: + + cd /var/spool/lpd/printer # spool directory of print jobs + ls # find job files + file dfA001myhost + +You should make sure that your printer supports this format OR that +your system administrator has installed a 'print filter' that will +convert the file to a format appropriate for your printer. + +JOB SENT, STRANGE OUTPUT + +Once you have the job printing, you can then start worrying about +making it print nicely. + +The most common problem is extra pages of output: banner pages +OR blank pages at the end. + +If you are getting banner pages, check and make sure that the +printcap option or printer option is configured for no banners. +If you have a printcap, this is the :sh (suppress header or banner +page) option. You should have the following in your printer. + + printer: ... :sh + +If you have this option and are still getting banner pages, there +is a strong chance that your printer is generating them for you +automatically. You should make sure that banner printing is disabled +for the printer. This usually requires using the printer setup software +or procedures supplied by the printer manufacturer. + +If you get an extra page of output, this could be due to problems +with your job format, or if you are generating PostScript jobs, +incorrect setting on your printer driver on the MicroSoft client. +For example, under Win95 there is a option: + + Printers|Printer Name|(Right Click)Properties|Postscript|Advanced| + +that allows you to choose if a Ctrl-D is appended to all jobs. +This is a very bad thing to do, as most spooling systems will +automatically add a ^D to the end of the job if it is detected as +PostScript. The multiple ^D may cause an additional page of output. + +RAW POSTSCRIPT PRINTED + +This is a problem that is usually caused by either the print spooling +system putting information at the start of the print job that makes +the printer think the job is a text file, or your printer simply +does not support PostScript. You may need to enable 'Automatic +Format Detection' on your printer. + +ADVANCED PRINTING + +Note that you can do some pretty magic things by using your +imagination with the "print command" option and some shell scripts. +Doing print accounting is easy by passing the %U option to a print +command shell script. You could even make the print command detect +the type of output and its size and send it to an appropriate +printer. + +DEBUGGING + +If the above debug tips don't help, then maybe you need to bring in +the bug guns, system tracing. See Tracing.txt in this directory. +----------------------------------------------------------------------------- diff --git a/docs/textdocs/README.DCEDFS b/docs/textdocs/README.DCEDFS index f84b84bb686..da9bb2197da 100644 --- a/docs/textdocs/README.DCEDFS +++ b/docs/textdocs/README.DCEDFS @@ -1,9 +1,8 @@ -============================================================================= - - Basic DCE/DFS Support for SAMBA 1.9.13 - - Jim Doyle 06-02-95 +Contributor: Jim Doyle +Date: 06-02-95 +Status: Current but needs updating +Subject: Basic DCE/DFS Support for SAMBA 1.9.13 ============================================================================= Functionality: diff --git a/docs/textdocs/README.NOW b/docs/textdocs/README.NOW new file mode 100644 index 00000000000..1184a9d057f --- /dev/null +++ b/docs/textdocs/README.NOW @@ -0,0 +1,8 @@ +The files in the directory have either yet to +converted into SGML/DocBook format or are outdated. +To create ASCII versions of the documentation +in the ../htmldocs/ directory, run + + $ lynx -dump file.html > file.txt + + diff --git a/docs/textdocs/README.jis b/docs/textdocs/README.jis index 2ac6716a6f6..50ff0cced74 100644 --- a/docs/textdocs/README.jis +++ b/docs/textdocs/README.jis @@ -14,6 +14,10 @@ $B$rL\E*$H$7$F$$$^$9!#$=$N$?$a!"F|K\8lBP1~$O!"I,MW:G>.8B$7$+9T$J$C$F$*$j$^$;$s!#(B + $BF|K\8lBP1~$7$?(B samba $B$rMxMQ$9$k$?$a$K$O!"%3%s%Q%$%k$9$k;~$K!"I,$:!"(BKANJI $B$NDj5A$rDI(B + $B2C$7$F$/$@$5$$!#$3$N%*%W%7%g%s$r;XDj$7$F$$$J$$>l9g$O!"F|K\8l$N%U%!%$%kL>$r@5$7$/07(B + $B$&$3$H$O$G$-$^$;$s!#!J%3%s%Q%$%k$K$D$$$F$O!"2<5-(B 3. $B$r;2>H$7$F2<$5$$!K(B + 2. $BMxMQJ}K!(B (1) $BDI2C$7$?%Q%i%a!<%?(B @@ -34,6 +38,12 @@ $B$N(B16$B?J?t$rB3$1$k7A<0$K$J$j$^$9!#(B $B$3$3$G!"(B':' $B$rB>$NJ8;z$KJQ99$7$?$$>l9g$O!"(Bhex $B$N8e$m$K$=$NJ8;z$r;XDj$7$^$9!#(B $BNc$($P!"(B@$B$rJQ$o$j$K;H$$$?$$>l9g$O!"(B'hex@'$B$N$h$&$K;XDj$7$^$9!#(B + cap: 7 bits $B$N(B ASCII $B%3!<%I0J30$N%3!<%I$r0J2<$N7A<0$GI=$9J}<0$H$$$&E@$G$O(B + hex$B$HF1MM$G$9$,!"(BCAP (The Columbia AppleTalk Package)$B$H8_49@-$r;}$DJQ49(B + $BJ}<0$H$J$C$F$$$^$9!#(Bhex$B$H$N0c$$$O(B0x80$B0J>e$N%3!<%I$N$_(B':80'$B$N$h$&$KJQ49(B + $B$5$l!"$=$NB>$O(BASCII$B%3!<%I$G8=$5$l$^$9!#(B + $BNc$($P!"(B'$B%*%U%#%9(B'$B$H$$$&L>A0$O!"(B':83I:83t:83B:83X'$B$H$J$j$^$9!#(B + JIS $B%3!<%I$K$D$$$F$O!"0J2<$NI=$r;2>H$7$F2<$5$$!#(B $B(#(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(((!(!(!(!(!(!(!(!(!($(B $B(";XDj(B $B("4A;z3+;O("4A;z=*N;("%+%J3+;O("%+%J=*N;("1Q?t3+;O("Hw9M(B $B("(B @@ -90,6 +100,8 @@ $B%$%kL>$O!"(BEUC $B%3!<%I$K$J$j$^$9!#$3$3$G;XDj$7$?%3!<%I7O$O!"%5!<%P5Z$S%/%i%$%"%s%H(B $B%W%m%0%i%`$N%G%U%)%k%H$KCM$J$j$^$9!#(B + $B>0!"%*%W%7%g%sCf$N(B \ $B$d(B " $B$bK:$l$:$K;XDj$7$F2<$5$$!#(B + 3. $B@)8B;v9`(B (1) $B4A;z%3!<%I(B @@ -104,21 +116,34 @@ $B$A$c$s$H$7$?%9%Z%C%/$,$h$/$o$+$i$J$+$C$?$N$G$9$,!"0l1~!"(BDOS/V $B$NF0:n$HF1$8F0:n$r9T$J(B $B$&$h$&$K$J$C$F$$$^$9!#(B +(4) $B%m%s%0%U%!%$%kL>$K$D$$$F(B + Windows NT/95 $B$G$O!"%m%s%0%U%!%$%kL>$,07$($^$9!#%m%s%0%U%!%$%kL>$r(B 8.3 $B%U%)!<%^%C%H(B + $B$G07$&$?$a$K!"(Bmangling $B$7$F$$$^$9$,!"$3$NJ}K!$O!"(BNT $B$d(B 95 $B$,9T$J$C$F$$$k(B mangling $B$H(B + $B$O0[$J$j$^$9$N$GCm0U$7$F2<$5$$!#(B + 4. $B>c32Ey$N%l%]!<%H$K$D$$$F(B $BF|K\8l$N%U%!%$%kL>$K4X$7$F!"J8;z2=$1Ey$N>c32$,$"$l$P!";d$K%l%]!<%H$7$FD:$1$l$P9,$$$G(B $B$9!#$?$@$7!"%*%j%8%J%k$+$i$NLdBjE@$d@\Ld$$9g$o$;$k(B $B$+!"$b$7$/$O%a!<%j%s%0%j%9%H$J$I$X%l%]!<%H$9$k$h$&$K$7$F2<$5$$!#(B +$B%l%]!<%H$5$l$k>l9g!"MxMQ$5$l$F$$$k4D6-(B(UNIX $B5Z$S(B PC $BB&$N(BOS$B$J$I(B)$B$H$G$-$^$7$?$i@_Dj%U%!(B +$B%$%k$d%m%0$J$I$rE:IU$7$FD:$1$k$H9,$$$G$9!#(B + 5. $B$=$NB>(B - hex $B7A<0$NJQ49J}K!$O!"(B + $B%3!<%IJQ49$O0J2<$NJ}!9$,:n$i$l$?%W%m%0%i%`$rMxMQ$7$F$$$^$9!#(B - $BBgLZ!wBgDM!&C^GH(B $B;a(B + hex $B7A<0(B $BBgLZ!wBgDM!&C^GH(B $B;a(B + cap $B7A<0(B $BI%ED(B $BF;O:(B (michiro@po.iijnet.or.jp)(michiro@dms.toppan.co.jp)$B;a(B - $B$,:n$i$l$?%3!<%I$rMxMQ$7$F$$$^$9!#(B + $B$=$NB>!"$?$/$5$s$NJ}!9$+$i$$$m$$$m$H8f65<($$$?$@$-$"$j$,$H$&$4$6$$$^$7$?!#:#8e$H$b$h(B +$B$m$7$/$*4j$$CW$7$^$9!#(B 1994$BG/(B10$B7n(B28$BF|(B $BBh#1HG(B 1995$BG/(B 8$B7n(B16$BF|(B $BBh#2HG(B +1995$BG/(B11$B7n(B24$BF|(B $BBh#3HG(B +1996$BG/(B 5$B7n(B13$BF|(B $BBh#4HG(B + $BF#ED(B $B?r(B fujita@ainix.isac.co.jp diff --git a/docs/textdocs/README.sambatar b/docs/textdocs/README.sambatar index 26829952eb6..af7250c2a49 100644 --- a/docs/textdocs/README.sambatar +++ b/docs/textdocs/README.sambatar @@ -1,3 +1,11 @@ +Contributor/s: Martin.Kraemer + and Ricky Poulten (ricky@logcam.co.uk) +Date: Unknown - circa 1994 +Status: Obsoleted - smbtar has been a stable part of Samba + since samba-1.9.13 + +Subject: Sambatar (now smbtar) +============================================================================= This is version 1.4 of my small extension to samba that allows PC shares to be backed up directly to a UNIX tape. It only has been tested under diff --git a/docs/textdocs/Recent-FAQs.txt b/docs/textdocs/Recent-FAQs.txt new file mode 100644 index 00000000000..feed1278277 --- /dev/null +++ b/docs/textdocs/Recent-FAQs.txt @@ -0,0 +1,286 @@ +Contributor: Samba-bugs@samba.org +Date: July 5, 1998 +Status: Current + +============================================================================= +Subject: Recent FAQ answers to common questions / problems +============================================================================= +Contents: NetWkstaUserLogon + Not listening for calling name + System Error 1240 + Trapdoor UID + User Access Control + Using NT to Browse Samba Shares + setup.exe and 16 bit programs + smbclient -N + +NetWkstaUserLogon +================= +FAQ answer about the new password server code: + +In 1.9.18 you can disable the NetWkstaUserLogon call at compile time +in local.h and from 1.9.18p3 you can now disable it from an option in +your smb.conf. + +The password server behaviour changed because we discovered that bugs +in some NT servers allowed anyone to login with no password if they +chose an account name that did not exist on the password server. The +NT password server was saying "yes, it's OK to login" even when the +account didn't exist at all! Adding the NetWkstaUserLogon call fixed +the problem, and follows the "recommended" method that MS have +recently documented for pass through authentication. + +The problem now is that some NT servers (in particular NT +workstation?) don't support the NetWkstaUserLogon call. The call also +doesn't work for accounts in trust relationships. + +The eventual solution for this will be to replace the password server +code in Samba with NT domain code as that is developed. For now you +have the choice of compiling Samba either with or without the +NetWkstaUserLogon call in the password server code. + +In 1.9.18p3 the following was added (copied from the 1.9.18p3 release +notes): + +In the [global] section of smb.conf : + +networkstation user login + +This code (submitted by Rob Nielsen) allows the code many people +were having problems with that queries an NT password server to +be turned off at runtime rather than compile time. Please see the +documentation in the smb.conf manual page for details. This is a +security option - it must only be turned off after checks have been +made to ensure that your NT password server does not suffer from the +bug this code was meant to protect against ! + +In 1.9.18 you can enable/disable this call in local.h. In 1.9.17p5 +you could apply the following patch. Applying this patch will make +the password server code behave like the code in earlier versions +of Samba. If you do this then please ensure that you test to see +that users are prevented from logging in if they give a bogus +username/password. You may have a NT server that is affected by the +bug that this code is designed to avoid. + + +--- password.c 1997/10/21 10:09:28 1.25.2.4 ++++ password.c 1997/12/31 06:43:06 +@@ -1619,6 +1619,7 @@ + } + + ++#if 0 + if (!cli_NetWkstaUserLogon(&cli,user,local_machine)) { + DEBUG(1,("password server %s failed NetWkstaUserLogon\n", cli.desthost)); + cli_tdis(&cli); +@@ -1638,6 +1639,7 @@ + cli_tdis(&cli); + return False; + } ++#endif + + DEBUG(3,("password server %s accepted the password\n", cli.desthost)); +=============================================================================== + +Not listening for calling name +============================== + +> Session request failed (131,129) with myname=HOBBES destname=CALVIN +> Not listening for calling name + +If you get this when talking to a Samba box then it means that your +global "hosts allow" or "hosts deny" settings are causing the Samba +server to refuse the connection. + +Look carefully at your "hosts allow" and "hosts deny" lines in the +global section of smb.conf. + +It can also be a problem with reverse DNS lookups not functioning +correctly, leading to the remote host identity not being able to +be confirmed, but that is less likely. +=============================================================================== + +System Error 1240 +================= +System error 1240 means that the client is refusing to talk +to a non-encrypting server. Microsoft changed WinNT in service +pack 3 to refuse to connect to servers that do not support +SMB password encryption. + +There are two main solutions: + +1) enable SMB password encryption in Samba. See ENCRYPTION.txt in the +Samba docs + +2) disable this new behaviour in NT. See WinNT.txt in the +Samba docs +=============================================================================== + +Trapdoor UID +============ +> Log message "you appear to have a trapdoor uid system" + +This can have several causes. It might be because you are using a uid +or gid of 65535 or -1. This is a VERY bad idea, and is a big security +hole. Check carefully in your /etc/passwd file and make sure that no +user has uid 65535 or -1. Especially check the "nobody" user, as many +broken systems are shipped with nobody setup with a uid of 65535. + +It might also mean that your OS has a trapdoor uid/gid system :-) + +This means that once a process changes effective uid from root to +another user it can't go back to root. Unfortunately Samba relies on +being able to change effective uid from root to non-root and back +again to implement its security policy. If your OS has a trapdoor uid +system this won't work, and several things in Samba may break. Less +things will break if you use user or server level security instead of +the default share level security, but you may still strike +problems. + +The problems don't give rise to any security holes, so don't panic, +but it does mean some of Samba's capabilities will be unavailable. +In particular you will not be able to connect to the Samba server as +two different uids at once. This may happen if you try to print as a +"guest" while accessing a share as a normal user. It may also affect +your ability to list the available shares as this is normally done as +the guest user. + +Complain to your OS vendor and ask them to fix their system. + +Note: the reason why 65535 is a VERY bad choice of uid and gid is that +it casts to -1 as a uid, and the setreuid() system call ignores (with +no error) uid changes to -1. This means any daemon attempting to run +as uid 65535 will actually run as root. This is not good! +=============================================================================== + +User Access Control +=================== +> In windows when i set up a share in "user mode" i get the message: +> "You cannot view the list of users at this time. Please try again later." +> +> I know you have lists of users for access and aliasing purposes, but i +> have read nothing to support the idea that these lists control the Domain +> Users List... + +Samba does NOT at this time support user mode access control for Window 9x +of for NT. This is a priority item and requires full implementation of the NT SMB +protocol calls. Samba-1.9.19 will go into alpha in about 2 months time and will +have a more full implementation of the NT SMB protocols to support Domain Client +interoperability. When we can see that this has been succesful we wil then implement +the NT SMB Server components. This will probably be released as Samba-2.0 + +Samba-1.9.18p5 is scheduled to go out within 14 days. This will close off the 1.9.18 +branch and then opens the way to progress 1.9.19. + +I hope this answers your concerns adequately. +=============================================================================== + +Using NT to Browse Samba Shares +=============================== +> WIN-NT workstations (nt4.0, service pack 3) +> samba with +> security = user +> encrypt passwords = yes +> guest account = guest +> +> start the explorer on a win-nt workstation and select network. I find +> my unix server running samba, but I can not see the list of shares +> unless I am a user, who is known in the smbpasswd of the unix machine. +> The guest account "guest" exists on my unix machine. For testing I even +> made him a regular user with a password. +> +> With my network monitor I can see, that the win-nt workstation uses the +> current login, to connect to IPC$ on the samba server +> (for example "administrator"), not the guest account. + +This is exactly how Windows NT works. You MUST have a valid account on the Windows +NT box you are trying to see the resource list on. If your currently logged in +account details do NOT match an account on the NT machine you are trying to access +then you will be presented with a logon box for that machine. When you enter the +name of an account on that machine / domain, together with a valid password then +the resource list is made available. If the account details are not correct then +no resource list is shown. + +Samba follows the behaviour of Windows NT exactly. + +Warning:Warning:Warning: +======================== +Samba can be compiled with the GUEST_SESSION_SETUP option at 0,1 or 2. +The default is 0. If this is set to 1 or 2 then Windows NT machines that DO NOT +have an account on the Samba server will see the resource list. The down side of this +is that legitimate users may then be refused access to their legitimate resources. +Setting this option creates serious security holes. DO NOT DO IT. Samba has the +value of this option set at 0 - NOT WITHOUT REASON!!!! + +******> Warning:Warning:Warning: ****> Do not tamper with this setting!!! +=============================================================================== + +setup.exe and 16 bit programs +============================= +Running 16 bit programs from Windows NT on a Samba mapped drive +--------------------------------------------------------------- + +The Windows NT redirector has a bug when running against a +Samba or Windows 95 mapped drive and attempting to run a +16 bit executable. + +The problem occurs when the pathname to a 16 bit executable +contains a non 8.3 filename complient directory component, +Windows NT will fail to load the program and complain it +cannot find the path to the program. + +It can be verified that this is a bug in Windows NT and +not Samba as the same problem can be reproduced exactly +when attempting to run the same program with the same +pathname from a Windows 95 server (ie. the problem still +exists even with no Samba server involved). + +Microsoft have been made aware of this problem, it is +unknown if they regard it as serious enough to provide +a fix for this. + +One of the reasons this problem is reported frequently +is that InstallShield setup.exe executables are frequently +written as 16 bit programs, and so hit this problem. + +As a workaround, you may create (on a Samba server at +least) a symbolic link with an 8.3 complient name to +the non 8.3 complient directory name, and then the 16 +bit program will run. Alternatively, use the 8.3 +complient mangled name to specify the path to run +the binary. + +This will be fixed when Samba adds the NT-specific +SMB calls (currently targeted for the next major +Samba release), as once the NT SMB calls are used +this problem no longer occurs (which is why the +problem doesn't occur when running against a drive +mapped to a Windows NT server). + +Regards, + + Jeremy Allison. + Samba Team. +=============================================================================== + +smbclient -N +============ +> When getting the list of shares available on a host using the command +> smbclient -N -L +> the program always prompts for the password if the server is a Samba server. +> It also ignores the "-N" argument when querying some (but not all) of our +> NT servers. + +No, it does not ignore -N, it is just that your server rejected the +null password in the connection, so smbclient prompts for a password +to try again. + +To get the behaviour that you probably want use + smbclient -L host -U% + +this will set both the username and password to null, which is +an anonymous login for SMB. Using -N would only set the password +to null, and this is not accepted as an anonymous login for most +SMB servers. +=============================================================================== + diff --git a/docs/textdocs/RoutedNetworks.txt b/docs/textdocs/RoutedNetworks.txt new file mode 100644 index 00000000000..fb55f9f9bf0 --- /dev/null +++ b/docs/textdocs/RoutedNetworks.txt @@ -0,0 +1,63 @@ +#NOFNR Flag in LMHosts to Communicate Across Routers + + Last reviewed: May 5, 1997 + Article ID: Q103765 + The information in this article applies to: + + Microsoft Windows NT operating system version 3.1 + Microsoft Windows NT Advanced Server version 3.1 + + SUMMARY + + Some of the LAN Manager for UNIX and Pathworks servers may have +problems in communicating across routers with + Windows NT workstations. The use of #NOFNR flag in the LMHosts +file solves the problem. + + MORE INFORMATION + + When you are communicating with a server across a router in a IP +routed environment, the LMHosts file is used to + resolve Workstation name-to-IP address mapping. The LMHosts +entry for a remote machine name provides the IP + address for the remote machine. In Lan Manager 2.x, providing +the LMHosts entry eliminates the need to do a Name + Query broadcast to the local domain and instead a TCP session is +established with the remote machine. Windows NT + performs the same function in a different way. + + When an LMHosts entry exists for a remote server, Windows NT +will not send a Name Query broadcast to the local + subnet and instead send a directed Name Query to the remote +server. If the remote server does not respond to the Name + Query, further communications (TCP SYN, and so on) will not take +place. This was done to eliminate the performance + issues when trying to connect to a remote machine when it was +not available (down). + + Some of the older LAN Manager for UNIX and DEC Pathworks servers +do not respond to directed Name Queries sent + by Windows NT. In that case, the users will see an error 53 +(Path not found), even though they have specified the + LMHosts entries correctly. A new LMHosts flag #NOFNR was added +to solve this problem. By specifying the + #NOFNR flag on the same line where the name resolution +information for the server is provided, the directed Name + Query can be avoided. For example: + + 130.20.1.1 mylmxserver #PRE #NOFNR + + + Note that this will only apply to mylmxserver and not to any +other entries in the LMHosts file. To set + a global flag, an entry could be added in the registry. To +completely remove any directed Name + Queries sent from a Windows NT machine, create the following +value in + +HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Nbt\Parameters: + + NoDirectedFNR REG_DWORD 1 + + + This will cause the directed Name Queries to not go out for any diff --git a/docs/textdocs/SCO.txt b/docs/textdocs/SCO.txt index 1b3801471f7..7c01aa57c6c 100644 --- a/docs/textdocs/SCO.txt +++ b/docs/textdocs/SCO.txt @@ -1,4 +1,11 @@ -There is an annoying TCPIP bug in SCO Unix. This causes orruption when +Contributor: Geza Makay +Date: Unknown +Status: Obsolete - Dates to SCO Unix v3.2.4 approx. + +Subject: TCP/IP Bug in SCO Unix +============================================================================ + +There is an annoying TCPIP bug in SCO Unix. This causes corruption when transferring files with Samba. Geza Makay (makayg@math.u-szeged.hu) sends this information: diff --git a/docs/textdocs/SMBTAR.notes b/docs/textdocs/SMBTAR.notes index a23cbf2b325..679d776f56c 100644 --- a/docs/textdocs/SMBTAR.notes +++ b/docs/textdocs/SMBTAR.notes @@ -1,3 +1,9 @@ +Contributor: Unknown +Date: 1994 +Status: Mostly Current - refer man page + +Subject: Smbtar +============================================================================ Intro ----- @@ -37,4 +43,4 @@ newer filename into its own with sambatar. This causes tar (or get, mget, etc) to only copy files newer than the specified file name. Could be used against the previous nights (or whatever) log file to implement incremental -backups. \ No newline at end of file +backups. diff --git a/docs/textdocs/Samba-OpenSSL.txt b/docs/textdocs/Samba-OpenSSL.txt new file mode 100644 index 00000000000..e1b54b1a032 --- /dev/null +++ b/docs/textdocs/Samba-OpenSSL.txt @@ -0,0 +1,405 @@ +Contributor: Christian Starkjohann +Date: May 29, 1998 +Status: + +Comment: Updated by Lutz Jaenicke +Date: July 16, 2001 + +Subject: Compiling and using samba with SSL support +============================================================================ + +What is SSL and SSLeay/OpenSSL? +=============================== +SSL (Secure Socket Layer) is a protocol for encrypted and authenticated data +transport. It is used by secure web servers for shopping malls, telebanking +and things like that. + +SSLeay is a free implementation of the SSL protocol. The successor of it is +OpenSSL, available from + + http://www.openssl.org/ + +The current version while these lines are written is 0.9.6b. In some countries +encryption is plagued by legal problems, even though things have relaxed a +lot in the last years. + +To compile samba with SSL support, you must first compile and install OpenSSL. +At least version 0.9.5 of OpenSSL is required. Version 0.9.6b is the latest +version and is strongly recommended. +OpenSSL consists of a library (which can be linked to other applications like +samba) and several utility programs needed for key generation, certification +etc. OpenSSL installs to /usr/local/ssl/ by default. + + +Compiling samba with OpenSSL +============================ +1. Get and install OpenSSL. The rest of this documentation assumes that you + have installed it at the default location, which is /usr/local/ssl/. +2. Call "configure" with the "--with-ssl" flag. If OpenSSL is not installed in + the default directory, you can use the "--with-sslinc" and "--with-ssllib" + flags to specify the location. +3. Compile and install as usual. + + +Configuring SSL in samba +======================== +Before you configure SSL, you should know the basics of cryptography and how +SSL relates to all of this. A basic introduction can be found further down in +this document. The following variables in the "[global]" section of the +configuration file are used to configure SSL: + +ssl = yes + This variable enables or disables the entire SSL mode. If it is set to + "no", the SSL enabled samba behaves exactly like the non-SSL samba. If set + to "yes", it depends on the variables "ssl hosts" and "ssl hosts resign" + whether an SSL connection will be required. +ssl hosts = +ssl hosts resign = 192.168. + These two variables define whether samba will go into SSL mode or not. If + none of them is defined, samba will allow only SSL connections. If the + "ssl hosts" variable lists hosts (by IP-address, IP-address range, net + group or name), only these hosts will be forced into SSL mode. If the + "ssl hosts resign" variable lists hosts, only these hosts will NOT be + forced into SSL mode. The syntax for these two variables is the same as + for the "hosts allow" and "hosts deny" pair of variables, only that the + subject of the decision is different: It's not the access right but + whether SSL is used or not. See the man page of smb.conf (section about + "allow hosts") for details. The above example requires SSL connections + from all hosts outside the local net (which is 192.168.*.*). +ssl CA certDir = /usr/local/ssl/certs + This variable defines where to look up the Certification Autorities. The + given directory should contain one file for each CA that samba will trust. + The file name must be the hash value over the "Distinguished Name" of the + CA. How this directory is set up is explained later in this document. All + files within the directory that don't fit into this naming scheme are + ignored. You don't need this variable if you don't verify client + certificates. +ssl CA certFile = /usr/local/ssl/certs/trustedCAs.pem + This variable is a second way to define the trusted CAs. The certificates + of the trusted CAs are collected in one big file and this variable points + to the file. You will probably only use one of the two ways to define your + CAs. The first choice is preferable if you have many CAs or want to be + flexible, the second is perferable if you only have one CA and want to + keep things simple (you won't need to create the hashed file names). You + don't need this variable if you don't verify client certificates. +ssl server cert = /usr/local/ssl/certs/samba.pem + This is the file containing the server's certificate. The server _must_ + have a certificate. The file may also contain the server's private key. + See later for how certificates and private keys are created. +ssl server key = /usr/local/ssl/private/samba.pem + This file contains the private key of the server. If this variable is not + defined, the key is looked up in the certificate file (it may be appended + to the certificate). The server _must_ have a private key and the + certificate _must_ match this private key. +ssl client cert = /usr/local/ssl/certs/smbclient.pem + The certificate in this file is used by smbclient if it exists. It's needed + if the server requires a client certificate. +ssl client key = /usr/local/ssl/private/smbclient.pem + This is the private key for smbclient. It's only needed if the client + should have a certificate. +ssl require clientcert = yes + If this variable is set to "yes", the server will not tolerate connections + from clients that don't have a valid certificate. The directory/file + given in "ssl CA certDir" and "ssl CA certFile" will be used to look up + the CAs that issued the client's certificate. If the certificate can't be + verified positively, the connection will be terminated. + If this variable is set to "no", clients don't need certificates. Contrary + to web applications you really _should_ require client certificates. In + the web environment the client's data is sensitive (credit card numbers) + and the server must prove to be trustworthy. In a file server environment + the server's data will be sensitive and the clients must prove to be + trustworthy. +ssl require servercert = yes + If this variable is set to "yes", the smbclient will request a certificate + from the server. Same as "ssl require clientcert" for the server. +ssl ciphers = ??? + This variable defines the ciphers that should be offered during SSL + negotiation. You should not set this variable unless you know what you do. +ssl version = ssl2or3 + This enumeration variable defines the versions of the SSL protocol that + will be used. "ssl2or3" allows dynamic negotiation of SSL v2 or v3, "ssl2" + results SSL v2, "ssl3" results in SSL v3 and "tls1" results in TLS v1. TLS + (Transport Layer Security) is the (proposed?) new standard for SSL. The + default value is "ssl2or3". +ssl compatibility = no + This variable defines whether SSLeay should be configured for bug + compatibility with other SSL implementations. This is probably not + desirable because currently no clients with SSL implementations other than + SSLeay exist. +ssl entropy file = + Specifies a file from which processes will read "random bytes" on startup. + In order to seed the internal pseudo random number generator, entropy + must be provided. On system with a /dev/urandom device file, the processes + will retrieve its entropy from the kernel. On systems without kernel + entropy support, a file can be supplied that will be read on startup + and that will be used to seed the PRNG. +ssl entropy bytes = 256 + Number of bytes that will be read from entropy file. If -1 is given, the + complete file will be read. +ssl egd socket = + Location of the communiation socket of an EGD or PRNGD daemon, from which + entropy can be retrieved. This option can be used instead of or together + with the "ssl entropy file" directive. 255bytes of entropy will be + retrieved from the daemon. + + +Running samba with OpenSSL +========================== +Samba is started as usual. The daemon will ask for the private key's pass +phrase before it goes to background if the private key has been encrypted. +If you start smbd from inetd, this won't work. Therefore you must not encrypt +your private key if you run smbd from inetd. + +Windows clients will try to connect to the SSL enabled samba daemon and they +will fail. This can fill your log with failed SSL negotiation messages. To +avoid this, you can either not run nmbd (if all clients use DNS to look up +the server), which will leave the Windows machine unaware of the server, or +list all (local) Windows machines in the "ssl hosts resign" variable. + + +About certificates +================== +Secure samba servers will not be set up for public use as it is the case with +secure web servers. Most installations will probably use it for distributed +offices that use parts of the internet for their intranet, for access to a +web server that's physically hosted by the provider or simply for teleworking. +All these applications work with a known group of users that can easily agree +on a certification authority. The CA can be operated by the company and the +policy for issuing certificates can be determined by the company. If samba is +configured to verify client certificates, it (currently) only verifies +whether a valid certificate exists. It does not verify any of the data within +the certificate (although it prints some of the data to the log file). + + +Which clients are available that support SSL? +============================================= +Currently there are only smbclient which is part of the samba package and +Sharity. Shariy versions newer than 0.14 in the beta branch and 1.01 in the +main branch can be compiled with SSLeay. Sharity is a CIFS/SMB client +implementation for Unix. It is a commercial product, but it is available in +source code and the demo-mode allows access to the first three layers of the +mounted directory hierarchy. Licenses for universities and students are free. +Sharity is available at + + http://www.obdev.at/Products/Sharity.html + + + +########################################################################### +Basics about Cryptography and SSL(eay) +########################################################################### + +There are many good introductions to cryptography. I assume that the reader +is familiar with the words "encryption", "digital signature" and RSA. If you +don't know these terms, please read the cryptography FAQ part 6 and 7, which +is posted to the usenet newsgroup sci.crypt. It is also available from + + ftp://rtfm.mit.edu/pub/usenet/news.answers/cryptography-faq +and + http://www.cis.ohio-state.edu/hypertext/faq/usenet/cryptography-faq + +I'll concentrate on the questions specific to SSL and samba here. + + +What is a certificate? +====================== +A certificate is issued by an issuer, usually a "Certification Authority" +(CA), who confirms something by issuing the certificate. The subject of this +confirmation depends on the CA's policy. CAs for secure web servers (used for +shopping malls etc.) usually only attest that the given public key belongs the +the given domain name. Company-wide CAs might attest that you are an employee +of the company, that you have permissions to use a server or whatever. + + +What is an X.509 certificate technically? +========================================= +Technically, the certificate is a block of data signed by the certificate +issuer (the CA). The relevant fields are: + - unique identifier (name) of the certificate issuer + - time range during that the certificate is valid + - unique identifier (name) of the certified subject + - public key of the certified subject + - the issuer's signature over all of the above +If this certificate should be verified, the verifier must have a table of the +names and public keys of trusted CAs. For simplicity, these tables are lists +of certificates issued by the respective CAs for themselves (self-signed +certificates). + + +What are the implications of this certificate structure? +======================================================== + - Because the certificate contains the subject's public key, the + certificate and the private key together are all that's needed to encrypt + and decrypt. + - To verify certificates, you need the certificates of all CAs you trust. + - The simplest form of a dummy-certificate is one that's signed by the + subject itself. + - A CA is needed. The client can't simply issue local certificates for + servers it trusts because the server determines which certificate it + presents. + + + +########################################################################### +Setting up files and directories for OpenSSL +########################################################################### + +The first thing you should do is to change your PATH environment variable to +include the bin directory of OpenSSL. E.g.: + + PATH=$PATH:/usr/local/ssl/bin + +If your system's kernel supports a /dev/urandom device, all OpenSSL operations +will automatically retrieve its entropy from it. If your system does not +support /dev/urandom, you may install an EGD/PRNGD daemon for entropy +supply or can generate seed from reading files (that should contain information +unpredictable/unknown to attackers). Use the "-rand" option to the openssl +commands to specify the entropy source (if /dev/urandom is not available). + +OpenSSL additionally keeps random seed in the $HOME/.rnd file. You can +initialize this file using: + + openssl rand -rand /tmp/rfile.txt > $HOME/.rnd + rm -f /tmp/rfile.txt # nobody must know!! + +or + + openssl rand -rand /path/to/egd-socket > $HOME/.rnd + +How to create a keypair +======================= +This is done with 'genrsa' for RSA keys and 'gendsa' for DSA keys. For an RSA +key with 1024 bits which is written to the file "key.pem" type: + + openssl genrsa -des3 -rand /path/to/source 1024 > key.pem + +You will be asked for a pass phrase to protect this key. If you don't want to +protect your private key with a pass phrase, just omit the parameter "-des3". +If you want a different key size, replace the parameter "1024". You really +should use a pass phrase. + +If you want to remove the pass phrase from a key use: + + openssl rsa -in key.pem -out newkey.pem + +And to add or change a pass phrase: + + openssl rsa -des3 -in key.pem -out newkey.pem + + +How to create a dummy certificate +================================= +If you still have your keypair in the file "key.pem", the command + + openssl req -new -x509 -key key.pem -out cert.pem + +will write a self-signed dummy certificate to the file "cert.pem". This can +be used for testing or if only encryption and no certification is needed. +Please bear in mind that encryption without authentication (certification) +can never be secure. It's open to (at least) "man-in-the-middle" attacks. + + +How to create a certificate signing request +=========================================== +You must not simply send your keypair to the CA for signing because it +contains the private key which _must_ be kept secret. A signing request +consists of your public key and some additional information you want to have +bound to that key by the certificate. If you operate a secure web server, +this additional information will (among other things) contain the URL of +your server in the field "Common Name". The certificate signing request is +created from the keypair with the following command (assuming that the key +pair is still in "key.pem"): + + openssl req -new -key key.pem -out csr.pem + +This command will ask you for the information which must be included in the +certificate and will write the signing request to the file "csr.pem". This +signing request is all the CA needs for signing, at least technically. Most +CAs will demand bureaucratic material and money, too. + + +How to set up a Certification Authority (CA) +============================================ +Being a certification authority requires a database that holds the CA's +keypair, the CA's certificate, a list of all signed certificates and other +information. This database is kept in a directory hierarchy below a +configurable starting point. The starting point must be configured in the +ssleay.conf file. This file is at /usr/local/ssl/lib/ssleay.conf if you have +not changed the default installation path. + +The first thing you should do is to edit this file according to your needs. +Let's assume that you want to hold the CA's database at the directory +"/usr/local/ssl/CA". Change the variable "dir" in section "CA_default" to +this path. You may also want to edit the default settings for some variables, +but the values given should be OK. This path is also contained in the shell +script CA.sh, which should be at "/usr/local/ssl/bin/CA.sh". Change the path +in the shell script: + + CATOP=/usr/local/ssl/CA + CAKEY=./cakey.pem # relative to $CATOP/ + CACERT=./cacert.pem # relative to $CATOP/private/ + +Then create the directory "/usr/local/ssl/CA" and make it writable for the +user that operates the CA. You should also initialize SSLeay as CA user (set +up the random number generator). Now you should call the shell script CA.sh +to set up the initial database: + + CA.sh -newca + +This command will ask you whether you want to use an existing certificate or +create one. Just press enter to create a new key pair and certificate. You +will be asked the usual questions for certificates: the country, state, city, +"Common Name", etc. Enter the appropriate values for the CA. When CA.sh +finishes, it has set up a bunch of directories and files. A CA must publish +it's certificate, which is in the file "/usr/local/ssl/CA/cacert.pem". + + +How to sign a certificate request +================================= +After setting up the CA stuff, you can start signing certificate requests. +Make sure that the SSLeay utilities know where the configuration file is. +The default is compiled in, if you don't use the default location, add the +parameter "-config ". Make also sure that the configuration file +contains the correct path to the CA database. If all this is set up properly, +you can sign the request in the file "csr.pem" with the command: + + openssl ca -policy policy_anything -days 365 -infiles csr.pem >cert.pem + +The resulting certificate (and additional information) will be in "cert.pem". +If you want the certificate to be valid for a period different from 365 days, +simply change the "-days" parameter. + + +How to install a new CA certificate +=================================== +Whereever a certificate must be checked, the CA's certificate must be +available. Let's take the common case where the client verifies the server's +certificate. The case where the server verfies the client's certificate works +the same way. The client receives the server's certificate, which contains +the "Distinguished Name" of the CA. To verify whether the signature in this +certificate is OK, it must look up the public key of that CA. Therefore each +client must hold a database of CAs, indexed by CA name. This database is best +kept in a directory where each file contains the certificate of one CA and is +named after the hashvalue (checksum) of the CA's name. This section describes +how such a database is managed technically. Whether or not to install (and +thereby trust) a CA is a totally different matter. + +The client must know the directory of the CA database. This can be configured. +There may also be a configuration option to set up a CA database file which +contains all CA certs in one file. Let's assume that the CA database is kept +in the directory "/usr/local/ssl/certs". The following example assumes that +the CA's certificate is in the file "cacert.pem" and the CA is known as +"myCA". To install the certificate, do the following: + + cp cacert.pem /usr/local/ssl/cers/myCA.pem + cd /usr/local/ssl/certs + ln -s myCA.pem `openssl x509 -noout -hash < myCA.pem`.0 + +The last command creates a link from the hashed name to the real file. + +From now on all certificates signed by the myCA authority will be accepted by +clients that use the directory "/usr/local/ssl/certs/" as their CA certificate +database. + + + diff --git a/docs/textdocs/Speed.txt b/docs/textdocs/Speed.txt index 5dfd70323b1..b82db8f8f4d 100644 --- a/docs/textdocs/Speed.txt +++ b/docs/textdocs/Speed.txt @@ -1,8 +1,8 @@ -This file tries to outline the ways to improve the speed of a Samba server. -Andrew Tridgell -January 1995 +Subject: Samba performance issues +============================================================================ +This file tries to outline the ways to improve the speed of a Samba server. COMPARISONS ----------- @@ -30,6 +30,62 @@ hardware Samba should certainly be competitive in speed with other systems. +OPLOCKS +------- + +Oplocks are the way that SMB clients get permission from a server to +locally cache file operations. If a server grants an oplock +(opportunistic lock) then the client is free to assume that it is the +only one accessing the file and it will agressively cache file +data. With some oplock types the client may even cache file open/close +operations. This can give enormous performance benefits. + +With the release of Samba 1.9.18 we now correctly support opportunistic +locks. This is turned on by default, and can be turned off on a share- +by-share basis by setting the parameter : + +oplocks = False + +We recommend that you leave oplocks on however, as current benchmark +tests with NetBench seem to give approximately a 30% improvement in +speed with them on. This is on average however, and the actual +improvement seen can be orders of magnitude greater, depending on +what the client redirector is doing. + +Previous to Samba 1.9.18 there was a 'fake oplocks' option. This +option has been left in the code for backwards compatibility reasons +but it's use is now deprecated. A short summary of what the old +code did follows. + +LEVEL2 OPLOCKS +-------------- + +With Samba 2.0.5 a new capability - level2 (read only) oplocks is +supported (although the option is off by default - see the smb.conf +man page for details). Turning on level2 oplocks (on a share-by-share basis) +by setting the parameter : + +level2 oplocks = true + +should speed concurrent access to files that are not commonly written +to, such as application serving shares (ie. shares that contain common +.EXE files - such as a Microsoft Office share) as it allows clients to +read-ahread cache copies of these files. + +Old 'fake oplocks' option - deprecated. +--------------------------------------- + +Samba can also fake oplocks, by granting a oplock whenever a client +asks for one. This is controlled using the smb.conf option "fake +oplocks". If you set "fake oplocks = yes" then you are telling the +client that it may agressively cache the file data for all opens. + +Enabling 'fake oplocks' on all read-only shares or shares that you know +will only be accessed from one client at a time you will see a big +performance improvement on many operations. If you enable this option +on shares where multiple clients may be accessing the files read-write +at the same time you can get data corruption. + SOCKET OPTIONS -------------- @@ -80,7 +136,10 @@ MAX XMIT At startup the client and server negotiate a "maximum transmit" size, which limits the size of nearly all SMB commands. You can set the maximum size that Samba will negotiate using the "max xmit = " option -in smb.conf. +in smb.conf. Note that this is the maximum size of SMB request that +Samba will accept, but not the maximum size that the *client* will accept. +The client maximum receive size is sent to Samba by the client and Samba +honours this limit. It defaults to 65536 bytes (the maximum), but it is possible that some clients may perform better with a smaller transmit unit. Trying values @@ -111,7 +170,20 @@ no". This will gain you a lot in opening and closing files but will mean that (in some cases) the system won't force a second user of a file to open the file read-only if the first has it open read-write. For many applications that do their own locking this -doesn't matter, but for some it may. +doesn't matter, but for some it may. Most Windows applications +depend heavily on "share modes" working correctly and it is +recommended that the Samba share mode support be left at the +default of "on". + +The share mode code in Samba has been re-written in the 1.9.17 +release following tests with the Ziff-Davis NetBench PC Benchmarking +tool. It is now believed that Samba 1.9.17 implements share modes +similarly to Windows NT. + +NOTE: In the most recent versions of Samba there is an option to use +shared memory via mmap() to implement the share modes. This makes +things much faster. See the Makefile for how to enable this. + LOG LEVEL --------- @@ -187,7 +259,7 @@ Samba supports reading files via memory mapping them. One some machines this can give a large boost to performance, on others it makes not difference at all, and on some it may reduce performance. -To enable you you have to recompile Samba with the -DUSE_MMAP=1 option +To enable you you have to recompile Samba with the -DUSE_MMAP option on the FLAGS line of the Makefile. Note that memory mapping is only used on files opened read only, and @@ -239,6 +311,7 @@ person even reported a speed drop of a factor of 30 when he went from It probably depends a lot on your hardware, and the type of unix box you have at the other end of the link. + MY RESULTS ---------- @@ -263,10 +336,3 @@ smbclient running on another linux box. Maybe I'll add those results here someday ... -COMMENTS --------- - -If you've read this far then please give me some feedback! Which of -the above suggestions worked for you? - -Mail the samba mailing list or samba-bugs@anu.edu.au diff --git a/docs/textdocs/Speed2.txt b/docs/textdocs/Speed2.txt new file mode 100644 index 00000000000..a8c3e7381fd --- /dev/null +++ b/docs/textdocs/Speed2.txt @@ -0,0 +1,57 @@ +Contributor: Paul Cochrane +Organization: Dundee Limb Fitting Centre +Date: Fri, 10 Apr 1998 +Subject: Samba SPEED.TXT comment +============================================================================= + +This might be relevant to Client Tuning. I have been trying various methods +of getting win95 to talk to Samba quicker. The results I have come up with +are: + +1. Install the W2setup.exe file from www.microsoft.com. This is an +update for the winsock stack and utilities which improve performance. + +2. Configure the win95 TCPIP registry settings to give better +perfomance. I use a program called MTUSPEED.exe which I got off the +net. There are various other utilities of this type freely available. +The setting which give the best performance for me are: + +(a) MaxMTU Remove +(b) RWIN Remove +(c) MTUAutoDiscover Disable +(d) MTUBlackHoleDetect Disable +(e) Time To Live Enabled +(f) Time To Live - HOPS 32 +(g) NDI Cache Size 0 + +3. I tried virtually all of the items mentioned in the document and +the only one which made a difference to me was the socket options. It +turned out I was better off without any!!!!! + +In terms of overall speed of transfer, between various win95 clients +and a DX2-66 20MB server with a crappy NE2000 compatible and old IDE +drive (Kernel 2.0.30). The transfer rate was reasonable for 10 baseT. + +The figures are: Put Get +P166 client 3Com card: 420-440kB/s 500-520kB/s +P100 client 3Com card: 390-410kB/s 490-510kB/s +DX4-75 client NE2000: 370-380kB/s 330-350kB/s + +I based these test on transfer two files a 4.5MB text file and a 15MB +textfile. The results arn't bad considering the hardware Samba is +running on. It's a crap machine!!!! + +The updates mentioned in 1 and 2 brought up the transfer rates from +just over 100kB/s in some clients. + +A new client is a P333 connected via a 100MB/s card and hub. The +transfer rates from this were good: 450-500kB/s on put and 600+kB/s +on get. + +Looking at standard FTP throughput, Samba is a bit slower (100kB/s +upwards). I suppose there is more going on in the samba protocol, but +if it could get up to the rate of FTP the perfomance would be quite +staggering. + +Paul Cochrane + diff --git a/docs/textdocs/Support.txt b/docs/textdocs/Support.txt deleted file mode 100644 index d71bdaf7b3e..00000000000 --- a/docs/textdocs/Support.txt +++ /dev/null @@ -1,376 +0,0 @@ -The Samba Consultants List -========================== - -This is a list of people who are prepared to install and support Samba. -Note that in most countries nobody should admit to "supplying" Samba, since -there is then an implied warranty with possibly onerous legal obligations. -Just downloading and installing it isn't supply in this sense, but advertising -"run our Samba for best results" may be so. - -Being on this list does not imply any sort of endorsement by anyone, it is just -provided in the hope that it will be useful. - -If you want to be added to the list, or want your entry modified then -contact the address below. They are currently listed in the -order that they were received. If it gets too big we may organise it -by region. Please make sure to include a header line giving the region -and country, eg CANBERRA - AUSTRALIA. - -You can contact the maintainers at samba-bugs@anu.edu.au - - ------------------------------------------------------------------------------- -BRISBANE - AUSTRALIA - -Brett Worth -Select Computer Technology - Brisbane -431 Logan Road -Stones Corner QLD 4120 -E-Mail: brett@sct.com.au ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CANBERRA - AUSTRALIA - -Paul Blackman (ictinus@lake.canberra.edu.au, Ph. 06 2012518) is -available for consultation. Paul's Samba background is with -Solaris 2.3/4 and WFWG/Win95 machines. Paul is also the maintainer -of the SAMBA Web Pages. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -READING - ENGLAND - -Philip Hands | E-Mail: info@hands.com -Philip Hands Computing Ltd. | Tel: +44 1734 476287 Fax: 1734 474655 -Unit 1, Cherry Close, Caversham, Reading RG4 8UP UK - -Samba experience: SVR4,SVR3.2 & Linux <--> WfWg, W3.1, OS2 and MS-LanMan ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ILLONOIS - USA - -Information One, Inc. -736 Hinman Ave, Suite 2W -Evanston, IL 60202 -708-328-9137 708-328-0117 FAX -info@info1.com - -Providing custom Internet and networking solutions. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -Olympic Peninsula Consulting; 1241 Lansing Ave W., Bremerton, WA 98312-4343 -telephone 1+ 360 792 6938; mailto:opc@aa.net; http://www.aa.net/~opc; -Unix Systems and TCP/IP Network design, programming, and administration. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SolutionS R Us has been in business for 3+ years providing viable 3rd -party support in system/network administration. With our own Linux -distribution which we're constantly improving to make it the best and -using it to provide total solutions for companies which are open to -using Linux. - -Mauro DePalma ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -BIELEFELD - GERMANY - -I am located in Bielefeld/Germany and have been doing Unix consultancy -work for the past 8 years throughout Germany and the rest of Europe. I -can be contacted by email at or via phone at +49 521 -9225922 or telefax at +49 521 9225924. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CANBERRA - AUSTRALIA - -Ben Elliston -Faculty of Information Sciences and Engineering -University of Canberra AUSTRALIA -E-mail: ben@ise.canberra.edu.au (Uni) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -PALERMO - ITALY - -Francesco Cardinale -E-Mail: cardinal@palermo.italtel.it -Samba experience: SVR3.2, SOLARIS, ULTRIX, LINUX <--> DOS LAN-MAN, WFW ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -John Terpstra - Aquasoft (jht@aquasoft.com.au) -Business: +612 524 4040 -Home: +612 540 3154 -Shoephone: +612 414 334422 (aka 0414 334422) ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -ONTARIO - CANADA - -Strata Software Limited, Kanata Ontario CANADA -Tel: +1 (613) 591-1922 Fax: +1 (613) 591-3485 -Email: sales@strataware.com WWW: http://www.strataware.com/ - -Strata Software Limited is a software development and consulting group -specializing in data communications (TCP/IP and OSI), X.400, X.500 and -LDAP, and X.509-based security. We have Samba experience with Windows NT, -Windows 95, and Windows for Workgroups clients with Linux, Unixware -(SVR4), and HP-UX servers. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------ -SYDNEY - AUSTRALIA - -We are a Unix & Windows developer with a consulting & support component. -In business since 1981 with experience on Sun, hp, sgi, IBM rs6000 plus -Windows, NT and Win95, Using Samba since September 94. -CodeSmiths, 22 Darley Road, MANLY 2095 NSW; 977 1979; fax: 977 2116 -philm@esi.com.au (Australia; New South Wales; SYDNEY; North East) ------------------------------------------------------------------------ - ------------------------------------------------------------------------------- -EDINBUGH - SCOTLAND - -Charlie Hussey email charlie@edina.demon.co.uk -Edina Software Limited tel 0131 657 1129 -4 James Street fax 0131 669 9092 -Edinburgh EH15 2DS - -SAMBA experience: SCO UNIX <=> WfWg ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -LONDON - ENGLAND - -Mark H. Preston, -Network Analyst, | Email : mpreston@sghms.ac.uk -Computer Unit, | Tel : +44 (0)181 725-5434 -St. George's Hospital Med School, | Fax : +44 (0)181 725-3583 -London SW17 ORE. | WWW : http://www.sghms.ac.uk - -Samba Experience: -Server: Solaris 2.3 & 2.4, Irix 5.2 & 5.3 -Client: WinNT, Win95, WfWg, Win3.1, Ms-LanMan, DHCP support ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -SYDNEY - AUSTRALIA - -Pacific ESI has used and installed Samba since 1.6 on a range -of machines running SunOS, BSD/OS, SCO/UNIX, HP/UX, and Solaris, -and WfWG and Windows95. The largest system worked on to date -involved an Australia wide network of machines with PCs and SUNs -at the various nodes. The in-house testing site is a wide area -network with three sites, remotely connected with PPP and with -SUN servers at each site to all of which are connected several -PCs running mainly WfWG. - -Stefan Kjellberg Pacific Engineering Systems -International -info@eram.esi.com.au Voice:+61-2-9063377 -... Fax:+61-2-9063468 ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -CHANTILLY - USA - -Intelligent Decisions, Inc. -ATTN: Richard Bullington -14121 Parke Long Ct. #104 -Chantilly, VA 22021 -U.S.A. -(703) 803-8070 -rbullington@intdec.com - -Samba experience: Linux, DEC ULTRIX <=> WFWG 3.11, Windows NT 3.5 -Specializing in World Wide Web related UNIX-to-PC connectivity. ------------------------------------------------------------------------------- - ------------------------------------------------------------------------------- -FORT COLLINS, CO - USA - -Granite Computing Solutions -ATTN: Brian Grossman -Box 270103 -Fort Collins, CO 80527-0103 -U.S.A. -(970) 225-2370 -granite@fortnet.org - -Information services, including WfWG, NT, Apple <=> Unix interoperability. - -Our standard advertisement says: - -> Unix workstations, servers and custom systems < ->> WWW and Unix education << ->>> Enterprise and departmental computing solutions <<< ->>> Backup & restore <<< ->> Software forensics << -> Data translation < ------------------------------------------------------------------------------- - ----------------------------------------------------------- -Adelaide, Australia - -NS Computer Software and Services P/L -PO Box 86 -Ingle Farm -SA 5098 - -Contact: Richard Sharpe - Ph: +61-8-281-0063 (08-281-0063) AH - FAX:+61-8-250-2080 (08-250-2080) - -Experience with: ULTRIX, Digital UNIX, SunOS, WfW 3.11, Win95, WNT 3.51 - ----------------------------------------------------------- - ----------------------------------------------------------- -TECTONIC LIMITED -WESTWOOD -78 LOUGHBOROUGH ROAD -QUORN -LEICESTERSHIRE -LE12 8DX - -TELEPHONE 01509-620922 -FAX 01509-620933 - -CONTACT DAVID ROBINSON - -WE ARE UNIX ORIENTATED BUT ALSO SPECIALISE IN PC TO UNIX COMMUNICATIONS, WE -KNOW AND UNDERSTAND PC-NFS, (HENCE OUR INTEREST IN SAMBA). -WE SUPPORT SUNOS, SOLARIS 1.X AND 2.X, HP-UX 9.0 AND 10.0, OSF (or DEC UNIX, -whichever you prefer), WinNT, WfWG and Win95. - -WE ARE ALREADY TALKING TO A COUPLE OF VERY LARGE SAMBA USERS HERE IN THE UK. -WE WOULD LIKE TO SUPPORT THEM (AND MANY MORE), WOULD YOU PLEASE CONTACT ME ON: -david@tectonic.demon.co.uk ----------------------------------------------------------- - ----------------------------------------------------------- -MIAMI, FL - USA - -Swaney & Associates, Inc. -ATTN: Stephen Swaney - 2543 Lincoln Avenue - Miami, Florida 33133 - U.S.A - (305) 860-0570 - -Specializing in: - High Availability system & networks - UNIX to PC connectivity - Market Data systems - Messaging Systems (Sendmail & Microsoft Exchange) ----------------------------------------------------------- - ------------------------------------------------------------------------------- -NEW JERSEY - USA - -William J. Maggio -LAN & Computer Integrators, Inc. -242 Old New Brunswick Road Email: bmaggio@lci.com -Suite 440 Voice: 908-981-1991 -Piscataway, NJ 08855 Fax : 908-981-1858 - - Specializing in Internet connectivity and security, Sun integration and - high speed, enterprise network design and deployment. ------------------------------------------------------------------------------- - -FAREHAM - ENGLAND - -High Field Technology Ltd -Little Park Farm Road, Segensworth West, -Fareham, Hants PO15 5SJ, UK. -sales@hft.co.uk tel +44 148 957 0111 fax +44 148 957 0555 - -Company skills: Real time hardware and software systems - -Samba experience: BSD/OS, Linux, LynxOS <==> WFWG, NT - ------------------------------------------------------------------------------- - ------------------------------------------------------------------------ -QUEBEC - CANADA - -Dataden Computer Systems -Attn: Danny Arseneau -arseneau@parkmed.com -895 2nd Avenue -Ile Bizard, Quebec -Canada, H9C 1K3 -Tel: (514)891-2293 -Fax: (514)696-0848 - -Dataden is company that specializes in Unix--TCP/IP networking. -We have over 15 years of experience. We have been installing, -configuring and maintaining Samba for clients for 1-1/2 years now. We -have samba installations on Linx, SunOS and DEC OSF. Our biggest site -has 4 Suns and 3 Linux servers running Samba which are serving a network -of about 50 PC's running WFWg and Win95. ------------------------------------------------------------------------ - ------------------------------------------------------------------------ -CALIFORNIA - USA - -Ron Halstead -Open Systems Consulting -3098-4 Lakemont Drive -San Ramon, CA 94583 (San Francisco Bay Area) -(510) 735-7529 -halstead@ix.netcom.com ------------------------------------------------------------------------ - - ------------------------------------------------------------------------ -MELBOURNE - AUSTRALIA - -Michael Ciavarella -Cybersoruce Pty Ltd. -8/140 Queen Street -Melbourne VIC 3000 -Phone: +61-3-9642-5997 -Fax: +61-3-9642-5998 -Email: mikec@cyber.com.au -WWW: http://www.cyber.com.au - -Cybersource specialises in TCP/IP network integration and Open Systems -administration. Cybersource is an Australian-owned and operated -company, with clients including some of Australia's largest financial, -petrochemical and state government organisations. ------------------------------------------------------------------------ - ------------------------------------------------------------------------ -SOUTHERN CALIFORNIA - USA - -Michael St. Laurent -Serving Los Angeles and Orange Counties. Please contact via email. -rowl@earthlink.net -Michael St. Laurent -Hartwell Corporation ------------------------------------------------------------------------------- -WASHINGTON DC METRO - USA - -Asset Software, Inc. has been running Samba since the 1.6 release on various -platforms, including SunOS 4.x, Solaris 2.x, IRIX 4.x and 5.x, Linux 1.1x, -1.2x, and 1.3x, and BSD UNIX 4.3 and above. We specialize in small office -network solutions and provide services to enhance a small office's -operations. Primarily a custom software operation, our vast knowledge of -Windows, DOS, Unix, Windows NT, MacOS, and OS/2 enable us to provide quality -technical assistance to the small office environment at a reasonable price. -Our upcoming multi-mailbox mail client, IQ Mail, enables users with more -than one mailbox to send and retrieve their mail from a single, consistent -mail client running in Windows. - -David J. Fenwick Asset Software, Inc. -President djf@assetsw.com ------------------------------------------------------------------------------- - diff --git a/docs/textdocs/Tracing.txt b/docs/textdocs/Tracing.txt new file mode 100644 index 00000000000..fd65045abdb --- /dev/null +++ b/docs/textdocs/Tracing.txt @@ -0,0 +1,93 @@ +Contributor: Andrew Tridgell +Date: Old +Status: Questionable + +Subject: How to trace samba system calls for debugging purposes +============================================================================= + +This file describes how to do a system call trace on Samba to work out +what its doing wrong. This is not for the faint of heart, but if you +are reading this then you are probably desperate. + +Actually its not as bad as the the above makes it sound, just don't +expect the output to be very pretty :-) + +Ok, down to business. One of the big advantages of unix systems is +that they nearly all come with a system trace utility that allows you +to monitor all system calls that a program is making. This is +extremely using for debugging and also helps when trying to work out +why something is slower than you expect. You can use system tracing +without any special compilation options. + +The system trace utility is called different things on different +systems. On Linux systems its called strace. Under SunOS 4 its called +trace. Under SVR4 style systems (including solaris) its called +truss. Under many BSD systems its called ktrace. + +The first thing you should do is read the man page for your native +system call tracer. In the discussion below I'll assume its called +strace as strace is the only portable system tracer (its available for +free for many unix types) and its also got some of the nicest +features. + +Next, try using strace on some simple commands. For example, "strace +ls" or "strace echo hello". + +You'll notice that it produces a LOT of output. It is showing you the +arguments to every system call that the program makes and the +result. Very little happens in a program without a system call so you +get lots of output. You'll also find that it produces a lot of +"preamble" stuff showing the loading of shared libraries etc. Ignore +this (unless its going wrong!) + +For example, the only line that really matters in the "strace echo +hello" output is: + +write(1, "hello\n", 6) = 6 + +all the rest is just setting up to run the program. + +Ok, now you're famialiar with strace. To use it on Samba you need to +strace the running smbd daemon. The way I tend ot use it is to first +login from my Windows PC to the Samba server, then use smbstatus to +find which process ID that client is attached to, then as root I do +"strace -p PID" to attach to that process. I normally redirect the +stderr output from this command to a file for later perusal. For +example, if I'm using a csh style shell: + + strace -f -p 3872 >& strace.out + +or with a sh style shell: + + strace -f -p 3872 > strace.out 2>&1 + +Note the "-f" option. This is only available on some systems, and +allows you to trace not just the current process, but any children it +forks. This is great for finding printing problems caused by the +"print command" being wrong. + +Once you are attached you then can do whatever it is on the client +that is causing problems and you will capture all the system calls +that smbd makes. + +So how do you interpret the results? Generally I search thorugh the +output for strings that I know will appear when the problem +happens. For example, if I am having touble with permissions on a file +I would search for that files name in the strace output and look at +the surrounding lines. Another trick is to match up file descriptor +numbers and "follow" what happens to an open file until it is closed. + +Beyond this you will have to use your initiative. To give you an idea +of wehat you are looking for here is a piece of strace output that +shows that /dev/null is not world writeable, which causes printing to +fail with Samba: + +[pid 28268] open("/dev/null", O_RDWR) = -1 EACCES (Permission denied) +[pid 28268] open("/dev/null", O_WRONLY) = -1 EACCES (Permission denied) + +the process is trying to first open /dev/null read-write then +read-only. Both fail. This means /dev/null has incorrect permissions. + +Have fun! + +(please send updates/fixes to this file to samba@samba.org) diff --git a/docs/textdocs/UNIX-SMB.txt b/docs/textdocs/UNIX-SMB.txt index b2c064215cf..c3d7643cbcb 100644 --- a/docs/textdocs/UNIX-SMB.txt +++ b/docs/textdocs/UNIX-SMB.txt @@ -1,3 +1,9 @@ +Contributor: Andrew Tridgell +Date: April 1995 + +Subject: Discussion of NetBIOS in a Unix World +============================================================================ + This is a short document that describes some of the issues that confront a SMB implementation on unix, and how Samba copes with them. They may help people who are looking at unix<->PC @@ -6,9 +12,6 @@ interoperability. It was written to help out a person who was writing a paper on unix to PC connectivity. -Andrew Tridgell -April 1995 - Usernames ========= @@ -85,19 +88,17 @@ passwords they are in trouble. Samba can try to cope with this by either using the "password level" option which causes Samba to try the offered password with up to the specified number of case changes, or by using the "password server" -option which allows Samba to do it's validation via another machine +option which allows Samba to do its validation via another machine (typically a WinNT server). -Samba also doesn't support the password encryption method used by SMB -clients. This is because the spec isn't sufficiently detailed for an -implementation (although Jeremy Allison is working on it, to try and -work it out). Also, there is a fundamental problem with what we -understand so far in the algorithm, as it seems that the server would -need to store somewhere on disk a reversibly encrypted (effectively -plaintext) copy of the users password in order to use the -algorithm. This goes against the unix policy that "even the super-user -doesn't know your password" which comes from the use of a one-way hash -function. +Samba supports the password encryption method used by SMB +clients. Note that the use of password encryption in Microsoft +networking leads to password hashes that are "plain text equivalent". +This means that it is *VERY* important to ensure that the Samba +smbpasswd file containing these password hashes is only readable +by the root user. See the documentation ENCRYPTION.txt for more +details. + Locking ======= @@ -127,7 +128,7 @@ The second major problem is the "opportunistic locking" requested by some clients. If a client requests opportunistic locking then it is asking the server to notify it if anyone else tries to do something on the same file, at which time the client will say if it is willing to -give up it's lock. Unix has no simple way of implementing +give up its lock. Unix has no simple way of implementing opportunistic locking, and currently Samba has no support for it. Deny Modes @@ -140,10 +141,12 @@ allowed by anyone else who tries to use the file at the same time. If DENY_READ is placed on the file, for example, then any attempt to open the file for reading should fail. -Unix has no equivalent notion. To implement these Samba uses lock +Unix has no equivalent notion. To implement this Samba uses either lock files based on the files inode and placed in a separate lock -directory. These are clumsy and consume processing and file resources, -so they are optional and off by default. +directory or a shared memory implementation. The lock file method +is clumsy and consumes processing and file resources, +the shared memory implementation is vastly prefered and is turned on +by default for those systems that support it. Trapdoor UIDs ============= @@ -155,6 +158,9 @@ within the one process. On some unixes (such as SCO) this is not possible. This means that on those unixes the client is restricted to a single uid. +Note that you can also get the "trapdoor uid" message for other +reasons. Please see the FAQ for details. + Port numbers ============ @@ -216,5 +222,10 @@ this protocol level much easier. There is also a problem with the SMB specications. SMB is a X/Open spec, but the X/Open book is far from ideal, and fails to cover many -important issues, leaving much to the imagination. +important issues, leaving much to the imagination. Microsoft recently +renamed the SMB protocol CIFS (Common Internet File System) and have +published new specifications. These are far superior to the old +X/Open documents but there are still undocumented calls and features. +This specification is actively being worked on by a CIFS developers +mailing list hosted by Microsft. diff --git a/docs/textdocs/UNIX_SECURITY.txt b/docs/textdocs/UNIX_SECURITY.txt new file mode 100644 index 00000000000..d6a0a01acc5 --- /dev/null +++ b/docs/textdocs/UNIX_SECURITY.txt @@ -0,0 +1,54 @@ +Contributor: John H Terpstra +Date: July 5, 1998 +Status: Current + +Subject: SETTING UNIX FILE SYSTEM SECURITY +=============================================================================== +The following excerpt from a bug report demonstrates the need to +understand Unix file system security and to manage it correctly. + +Quote: +====== +> We are unable to keep individual users from mapping to any other user's +> home directory once they have supplied a valid password! They only need +> to enter their own password. I have not found *any* method that I can +> use to configure samba to enforce that only a user may map their own +> home directory. +> +> User xyzzy can map his home directory. Once mapped user xyzzy can also map +> *anyone* elses home directory! + +ANSWER: +======= +This is not a security flaw, it is by design. Samba allows +users to have *exactly* the same access to the UNIX filesystem +as they would if they were logged onto the UNIX box, except +that it only allows such views onto the file system as are +allowed by the defined shares. + +This means that if your UNIX home directories are set up +such that one user can happily cd into another users +directory and do an ls, the UNIX security solution is to +change the UNIX file permissions on the users home directories +such that the cd and ls would be denied. + +Samba tries very had not to second guess the UNIX administrators +security policies, and trusts the UNIX admin to set +the policies and permissions he or she desires. + +Samba does allow the setup you require when you have set the +"only user = yes" option on the share, is that you have not set the +valid users list for the share. + +Note that only user works in conjunction with the users= list, +so to get the behavior you require, add the line : + +users = %S + +this is equivalent to: + +valid users = %S + +to the definition of the [homes] share, as recommended in +the smb.conf man page. + diff --git a/docs/textdocs/Win95.txt b/docs/textdocs/Win95.txt new file mode 100644 index 00000000000..69330c512d4 --- /dev/null +++ b/docs/textdocs/Win95.txt @@ -0,0 +1,74 @@ +Copyright (C) 1997 - Samba-Team +Contributed Date: August 20, 1997 +Last Update: August 20, 1997 + +Subject: Windows 95 and Samba Interoperability +=============================================================================== + +Password Handling: +------------------ +Microsoft periodically release updates to all their operating systems. Some of +these are welcomed while others cause us to change the way we do things. Few +people like change, particularly if the change is unexpected. The best advice +always is to read the documentation provided BEFORE applying an update. + +One of the recent Win95 updates (VRDRUPD.EXE) disables plain text (also called +clear text) password authentication. The effects of this updates are desirable +where MS Windows NT is providing the password authentication service. This +update is most undesirable where Samba must provide the authentication service +unless Samba has been specifically configured to use encrypted passwords _AND_ +has been linked with the libdes library. + +If the above conditions have not been complied with, and you are using Samba, +then Windows 95 clients will NOT be able to authenticate to a Samba server. + +To re-enable plain text password capabilities AFTER applying this update +you must create a new value in the Windows 95 registry. + +Either foillow the following procedure or just double click on the +file Win95_PlainPassword.reg for an easier way to do this. + +Procedure: +1) Launch the Registry Editor as follows: + Click on: /Start/Run + Type "regedit" and press enter. + +2) Double click on: HKEY_LOCAL_MACHINE + +3) Locate the following Key: + /HKEY_LOCAL_MACHINE/System/CurrentControlSet/Services/VxD/VNETSUP + +4) From the menu bar select Edit/New/DWORD Value + +5) Rename the entry from "New Value #1" to: + EnablePlainTextPassword + +6) Press Enter, then double click on the new entry. + A dialog box will pop up and enable you to set a value. + You must set this value to 1. + +------------------------------------------------------------------------------- + +Windows 95 Updates: +------------------- +When using Windows 95 OEM SR2 the following updates are recommended where Samba +is being used. Please NOTE that the above change will affect you once these +updates have been installed. + +There are more updates than the ones mentioned here. You are referred to the +Microsoft Web site for all currently available updates to your specific version +of Windows 95. + +Kernel Update: KRNLUPD.EXE +Ping Fix: PINGUPD.EXE +RPC Update: RPCRTUPD.EXE +TCP/IP Update: VIPUPD.EXE +Redirector Update: VRDRUPD.EXE + +Also, if using MS OutLook it is desirable to install the OLEUPD.EXE fix. This +fix may stop your machine from hanging for an extended period when exiting +OutLook and you may also notice a significant speedup when accessing network +neighborhood services. + +------------------------------------------------------------------------------- +The above password information was provided by: Jochen Huppertz diff --git a/docs/textdocs/WinNT.txt b/docs/textdocs/WinNT.txt index b57abb7742e..5c72fb08aa7 100644 --- a/docs/textdocs/WinNT.txt +++ b/docs/textdocs/WinNT.txt @@ -1,6 +1,17 @@ -There are some particular issues with Samba and Windows NT +Contributors: Various + Password Section - Copyright (C) 1997 - John H Terpstra + Printing Section - Copyright (C) 1997 - Matthew Harrell + Priting Info - Copyright (C) 1997 - Frank Varnavas +Updated: October 16, 1997 +Status: Current -===================================================================== +Subject: Samba and Windows NT Password Handling +============================================================================= + +There are some particular issues with Samba and Windows NT. + +Passwords: +========== One of the most annoying problems with WinNT is that NT refuses to connect to a server that is in user level security mode and that doesn't support password encryption unless it first prompts the user @@ -8,21 +19,34 @@ for a password. This means even if you have the same password on the NT box and the Samba server you will get prompted for a password. Entering the -correct password will get you connected. +correct password will get you connected only if Windows NT can +communicate with Samba using a compatible mode of password security. + +All versions of Windows NT prior to 4.0 Service Pack 3 could negotiate +plain text (clear text) passwords. Windows NT 4.0 Service Pack 3 changed +this default behaviour so it now will only handle encrypted passwords. +The following registry entry change will re-enable clear text password +handling: + +Run regedt32.exe and locate the hive key entry: +HKEY_LOCAL_MACHINE\system\CurrentControlSet\Services\Rdr\Parameters\ + +Add the following value: + EnablePlainTextPassword:REG_DWORD=1 + +Alternatively, use the NT4_PlainPassword.reg file in this directory (either +by double clicking on it, or run regedt32.exe and select "Import Registry +File" from the "Registry" Menu). The other major ramification of this feature of NT is that it can't browse a user level non-encrypted server unless it already has a connection open. This is because there is no spot for a password prompt in the browser window. It works fine if you already have a drive mounted (for example, one auto mounted on startup). - -Samba should support encrypted passwords soon, which will solve this -problem. ===================================================================== - - -===================================================================== +Printing: +========= When you mount a printer using the print manager in NT you may find the following info from Matthew Harrell useful: @@ -49,8 +73,32 @@ time for the NT machine to get verification that the printer queue actually exists. I hope this helped in some way... ------------ + ===================================================================== +Printing Info: +-------------- + +From: Frank Varnavas +Subject: RE: Samba as a print server + +When an NT client attempts to connect to a printer on a non-NT print +server the attempt is failed with an error, something like: + + "You have insufficient access to your computer to perform the + operation because a driver needs to be installed" + +This is because domain users must have 'Power User' status on the +desktop to connect to printers on a non-NT print server. +This error occurs regardless of whether the driver in question is +already installed or not. What it really means is that the server is +a non-NT server and the client does not have permission to create +printers locally. Apparently when a connection to a non-NT print +server is made the printer is defined locally. Such an action can be +performed by either a local administrator or a Power User. +Unfortunately there is no way to limit the powers of a Power User, nor +is there any way to grant the Printer Creation right to another group. +This permission policy is documented in PSS database WINNT, ID Q101874 +Frank Varnavas (varnavas@ny.ubs.com) diff --git a/docs/textdocs/cifsntdomain.txt b/docs/textdocs/cifsntdomain.txt new file mode 100644 index 00000000000..643b8957c9f --- /dev/null +++ b/docs/textdocs/cifsntdomain.txt @@ -0,0 +1,1498 @@ +NT Domain Authentication +------------------------ + +Authors: - Luke Kenneth Casson Leighton (lkcl@switchboard.net) +-------- - Paul Ashton (paul@argo.demon.co.uk) + - Duncan Stansfield (duncans@sco.com) + + Copyright (C) 1997 Luke Kenneth Casson Leighton + Copyright (C) 1997 Paul Ashton + Copyright (C) 1997 Duncan Stansfield + +Version: 0.024 (01Nov97) +-------- + +Distribution: Unlimited and encouraged, for the purposes of implementation +------------- and comments. Feedback welcomed by the authors. + +Liability: Absolutely none accepted implicitly or explicitly, direct +---------- or consequentially, for use, abuse, misuse, lack of use, + misunderstandings, mistakes, omissions, mis-information for + anything in or not in, related to or not related to, or + pertaining to this document, or anything else that a lawyer + can think of or not think of. + +Warning: Please bear in mind that an incorrect implementation of this +-------- protocol can cause NT workstation to fail irrevocably, for + which the authors accept no liability (see above). Please + contact your vendor if you have any problems. + +Sources: - Packet Traces from Netmonitor (Service Pack 1 and above) +-------- - Paul Ashton and Luke Leighton's other "NT Domain" doc. + - CIFS documentation - cifs6.txt + - CIFS documentation - cifsrap2.txt + +Original: http://mailhost.cb1.com/~lkcl/cifsntdomain.txt. +--------- (Controlled copy maintained by lkcl@switchboard.net) + +Credits: - Paul Ashton: loads of work with Net Monitor; +-------- understanding the NT authentication system; + reference implementation of the NT domain support on which + this document is originally based. + - Duncan Stansfield: low-level analysis of MSRPC Pipes. + - Linus Nordberg: producing c-code from Paul's crypto spec. + - Windows Sourcer development team + + +Contents: +--------- + + 1) Introduction + + 2) Structures and notes + + 2.1) Notes + 2.3) Enumerations + 2.3) Structures + + 3) Transact Named Pipe Header/Tail + + 3.1) MSRPC Pipes + 3.2) Header + 3.3) Tail + + 4) NTLSA Transact Named Pipe + + 4.1) LSA Open Policy + 4.2) LSA Query Info Policy + 4.3) LSA Enumerate Trusted Domains + 4.4) LSA Open Secret + 4.5) LSA Close + 4.6) LSA Lookup SIDS + 4.7) LSA Lookup Names + + 5) NETLOGON rpc Transact Named Pipe + + 5.1) LSA Request Challenge + 5.2) LSA Authenticate 2 + 5.3) LSA Server Password Set + 5.4) LSA SAM Logon + 5.5) LSA SAM Logoff + + 6) \\MAILSLOT\NET\NTLOGON + + 6.1) Query for PDC + 6.2) SAM Logon + + 7) SRVSVC Transact Named Pipe + + 7.1) Net Share Enum + 7.2) Net Server Get Info + + +Appendix: +--------- + + A1) Cryptographic side of NT Domain Authentication + + A1.1) Definitions + A1.2) Protocol + A1.3) Comments + + A2) SIDs and RIDs + + A2.1) Well-known SIDs + + A2.1.1) Universal well-known SIDs + A2.1.2) NT well-known SIDs + + A2.2) Well-known RIDS + + A2.2.1) Well-known RID users + A2.2.2) Well-known RID groups + A2.2.3) Well-known RID aliases + + + +1) Introduction +--------------- + + +This document contains information to provide an NT workstation with login +services, without the need for an NT server. + +It should be possible to select a domain instead of a workgroup (in the NT +workstation's TCP/IP settings) and after the obligatory reboot, type in a +username, password, select a domain and successfully log in. I would +appreciate any feedback on your experiences with this process, and any +comments, corrections and additions to this document. + + +The packets described here can be easily derived from (and are probably +better understood using) Netmon.exe. You will need to use the version +of Netmon that matches your system, in order to correctly decode the +NETLOGON, lsarpc and srvsvc Transact pipes. This document is derived from +NT Service Pack 1 and its corresponding version of Netmon. It is intended +that an annotated packet trace be produced, which will likely be more +instructive than this document. + +Also needed, to fully implement NT Domain Login Services, is the +document describing the cryptographic part of the NT authentication. +This document is available from comp.protocols.smb; from the ntsecurity.net +digest and from the samba digest, amongst other sources. + +A copy is available from: + +http://ntbugtraq.rc.on.ca/SCRIPTS/WA.EXE?A2=ind9708&L=ntbugtraq&O=A&P=2935 +http://mailhost.cb1.com/~lkcl/crypt.html + + +A c-code implementation, provided by Linus Nordberg +of this protocol is available from: + +http://samba.org/cgi-bin/mfs/01/digest/1997/97aug/0391.html +http://mailhost.cb1.com/~lkcl/crypt.txt + + +Also used to provide debugging information is the Check Build version of +NT workstation, and enabling full debugging in NETLOGON. This is +achieved by setting the following REG_SZ registry key to 0x1ffffff: + +HKLM\SYSTEM\CurrentControlSet\Services\Netlogon\Parameters + +- Incorrect direct editing of the registry can cause your machine to fail. + Then again, so can incorrect implementation of this protocol. + See "Liability:" above. + + +Bear in mind that each packet over-the-wire will have its origin in an +API call. Therefore, there are likely to be structures, enumerations +and defines that are usefully documented elsewhere. + + +This document is by no means complete or authoritative. Missing sections +include, but are not limited to: + +- the meaning (and use by NT) of SIDs and RIDs. + +- mappings of RIDs to usernames (and vice-versa). + +- what a User ID is and what a Group ID is. + +- the exact meaning/definition of various magic constants or enumerations. + +- the reply error code and use of that error code when a workstation + becomes a member of a domain (to be described later). Failure to + return this error code will make the workstation report that it is + already a member of the domain. + +- the cryptographic side of the NetrServerPasswordSet command, which would + allow the workstation to change its password. This password is used to + generate the long-term session key. [It is possible to reject this + command, and keep the default workstation password]. + + +2) Notes and Structures +----------------------- + + +2.1) Notes +---------- + +- In the SMB Transact pipes, some "Structures", described here, appear to be + 4-byte aligned with the SMB header, at their start. Exactly which + "Structures" need aligning is not precisely known or documented. + +- In the UDP NTLOGON Mailslots, some "Structures", described here, appear to be + 2-byte aligned with the start of the mailslot, at their start. + +- Domain SID is of the format S-revision-version-auth1-auth2...authN. + e.g S-1-5-123-456-789-123-456. the 5 could be a sub-revision. + +- any undocumented buffer pointers must be non-zero if the string buffer it + refers to contains characters. exactly what value they should be is unknown. + 0x0000 0002 seems to do the trick to indicate that the buffer exists. a + NULL buffer pointer indicates that the string buffer is of zero length. + If the buffer pointer is NULL, then it is suspected that the structure it + refers to is NOT put into (or taken out of) the SMB data stream. This is + empirically derived from, for example, the LSA SAM Logon response packet, + where if the buffer pointer is NULL, the user information is not inserted + into the data stream. Exactly what happens with an array of buffer pointers + is not known, although an educated guess can be made. + +- an array of structures (a container) appears to have a count and a pointer. + if the count is zero, the pointer is also zero. no further data is put + into or taken out of the SMB data stream. if the count is non-zero, then + the pointer is also non-zero. immediately following the pointer is the + count again, followed by an array of container sub-structures. the count + appears a third time after the last sub-structure. + + +2.2) Enumerations +----------------- + +- MSRPC Header type. command number in the msrpc packet header + + MSRPC_Request: 0x00 + MSRPC_Response: 0x02 + MSRPC_Bind: 0x0B + MSRPC_BindAck: 0x0C + +- MSRPC Packet info. the meaning of these flags is undocumented + + FirstFrag: 0x01 + LastFrag: 0x02 + NotaFrag: 0x04 + RecRespond: 0x08 + NoMultiplex: 0x10 + NotForIdemp: 0x20 + NotforBcast: 0x40 + NoUuid: 0x80 + + +2.3) Structures +--------------- + +- sizeof VOID* is 32 bits. + +- sizeof char is 8 bits. + +- UTIME is 32 bits, indicating time in seconds since 01jan1970. documented + in cifs6.txt (section 3.5 page, page 30). + +- NTTIME is 64 bits. documented in cifs6.txt (section 3.5 page, page 30). + +- DOM_SID (domain SID structure) : + + UINT32 num of sub-authorities in domain SID + UINT8 SID revision number + UINT8 num of sub-authorities in domain SID + UINT8[6] 6 bytes for domain SID - Identifier Authority. + UINT16[n_subauths] domain SID sub-authorities + + Note: the domain SID is documented elsewhere. + +- STR (string) : + + char[] null-terminated string of ascii characters. + +- UNIHDR (unicode string header) : + + UINT16 length of unicode string + UINT16 max length of unicode string + UINT32 4 - undocumented. + +- UNIHDR2 (unicode string header plus buffer pointer) : + + UNIHDR unicode string header + VOID* undocumented buffer pointer + +- UNISTR (unicode string) : + + UINT16[] null-terminated string of unicode characters. + +- NAME (length-indicated unicode string) : + + UINT32 length of unicode string + UINT16[] null-terminated string of unicode characters. + +- UNISTR2 (aligned unicode string) : + + UINT8[] padding to get unicode string 4-byte aligned + with the start of the SMB header. + UINT32 max length of unicode string + UINT32 0 - undocumented + UINT32 length of unicode string + UINT16[] string of uncode characters. + +- OBJ_ATTR (object attributes) : + + UINT32 0x18 - length (in bytes) including the length field. + VOID* 0 - root directory (pointer) + VOID* 0 - object name (pointer) + UINT32 0 - attributes (undocumented) + VOID* 0 - security descriptior (pointer) + UINT32 0 - security quality of service + +- POL_HND (LSA policy handle) : + + char[20] policy handle + +- DOM_SID2 (domain SID structure, SIDS stored in unicode) : + + UINT32 5 - SID type + UINT32 0 - undocumented + UNIHDR2 domain SID unicode string header + UNISTR domain SID unicode string + + Note: there is a conflict between the unicode string header and the + unicode string itself as to which to use to indicate string + length. this will need to be resolved. + + Note: the SID type indicates, for example, an alias; a well-known group etc. + this is documented somewhere. + +- DOM_RID (domain RID structure) : + + UINT32 5 - well-known SID. 1 - user SID (see ShowACLs) + UINT32 5 - undocumented + UINT32 domain RID + UINT32 0 - domain index out of above reference domains + + +- LOG_INFO (server, account, client structure) : + + Note: logon server name starts with two '\' characters and is upper case. + + Note: account name is the logon client name from the LSA Request Challenge, + with a $ on the end of it, in upper case. + + VOID* undocumented buffer pointer + UNISTR2 logon server unicode string + UNISTR2 account name unicode string + UINT16 sec_chan - security channel type + UNISTR2 logon client machine unicode string + +- CLNT_SRV (server, client names structure) : + + Note: logon server name starts with two '\' characters and is upper case. + + VOID* undocumented buffer pointer + UNISTR2 logon server unicode string + VOID* undocumented buffer pointer + UNISTR2 logon client machine unicode string + +- CREDS (credentials + time stamp) + + char[8] credentials + UTIME time stamp + +- CLNT_INFO2 (server, client structure, client credentials) : + + Note: whenever this structure appears in a request, you must take a copy + of the client-calculated credentials received, because they will be + used in subsequent credential checks. the presumed intention is to + maintain an authenticated request/response trail. + + CLNT_SRV client and server names + UINT8[] ???? padding, for 4-byte alignment with SMB header. + VOID* pointer to client credentials. + CREDS client-calculated credentials + client time + +- CLNT_INFO (server, account, client structure, client credentials) : + + Note: whenever this structure appears in a request, you must take a copy + of the client-calculated credentials received, because they will be + used in subsequent credential checks. the presumed intention is to + maintain an authenticated request/response trail. + + LOG_INFO logon account info + CREDS client-calculated credentials + client time + +- ID_INFO_1 (id info structure, auth level 1) : + + VOID* ptr_id_info_1 + UNIHDR domain name unicode header + UINT32 param control + UINT64 logon ID + UNIHDR user name unicode header + UNIHDR workgroup name unicode header + char[16] arc4 LM OWF Password + char[16] arc4 NT OWF Password + UNISTR2 domain name unicode string + UNISTR2 user name unicode string + UNISTR2 workstation name unicode string + +- SAM_INFO (sam logon/logoff id info structure) : + + Note: presumably, the return credentials is supposedly for the server to + verify that the credential chain hasn't been compromised. + + CLNT_INFO2 client identification/authentication info + VOID* pointer to return credentials. + CRED return credentials - ignored. + UINT16 logon level + UINT16 switch value + + switch (switch_value) + case 1: + { + ID_INFO_1 id_info_1; + } + +- GID (group id info) : + + UINT32 group id + UINT32 user attributes (only used by NT 3.1 and 3.51) + +- DOM_REF (domain reference info) : + + VOID* undocumented buffer pointer. + UINT32 num referenced domains? + VOID* undocumented domain name buffer pointer. + UINT32 32 - max number of entries + UINT32 4 - num referenced domains? + + UNIHDR2 domain name unicode string header + UNIHDR2[num_ref_doms-1] referenced domain unicode string headers + + UNISTR domain name unicode string + DOM_SID[num_ref_doms] referenced domain SIDs + +- DOM_INFO (domain info, levels 3 and 5 are the same)) : + + UINT8[] ??? padding to get 4-byte alignment with start of SMB header + UINT16 domain name string length * 2 + UINT16 domain name string length * 2 + VOID* undocumented domain name string buffer pointer + VOID* undocumented domain SID string buffer pointer + UNISTR2 domain name (unicode string) + DOM_SID domain SID + +- USER_INFO (user logon info) : + + Note: it would be nice to know what the 16 byte user session key is for. + + NTTIME logon time + NTTIME logoff time + NTTIME kickoff time + NTTIME password last set time + NTTIME password can change time + NTTIME password must change time + + UNIHDR username unicode string header + UNIHDR user's full name unicode string header + UNIHDR logon script unicode string header + UNIHDR profile path unicode string header + UNIHDR home directory unicode string header + UNIHDR home directory drive unicode string header + + UINT16 logon count + UINT16 bad password count + + UINT32 User ID + UINT32 Group ID + UINT32 num groups + VOID* undocumented buffer pointer to groups. + + UINT32 user flags + char[16] user session key + + UNIHDR logon server unicode string header + UNIHDR logon domain unicode string header + VOID* undocumented logon domain id pointer + char[40] 40 undocumented padding bytes. future expansion? + + UINT32 0 - num_other_sids? + VOID* NULL - undocumented pointer to other domain SIDs. + + UNISTR2 username unicode string + UNISTR2 user's full name unicode string + UNISTR2 logon script unicode string + UNISTR2 profile path unicode string + UNISTR2 home directory unicode string + UNISTR2 home directory drive unicode string + + UINT32 num groups + GID[num_groups] group info + + UNISTR2 logon server unicode string + UNISTR2 logon domain unicode string + + DOM_SID domain SID + DOM_SID[num_sids] other domain SIDs? + +- SH_INFO_1_PTR (pointers to level 1 share info strings): + +Note: see cifsrap2.txt section5, page 10. + + 0 for shi1_type indicates a Disk. + 1 for shi1_type indicates a Print Queue. + 2 for shi1_type indicates a Device. + 3 for shi1_type indicates an IPC pipe. + 0x8000 0000 (top bit set in shi1_type) indicates a hidden share. + + VOID* shi1_netname - pointer to net name + UINT32 shi1_type - type of share. 0 - undocumented. + VOID* shi1_remark - pointer to comment. + +- SH_INFO_1_STR (level 1 share info strings) : + + UNISTR2 shi1_netname - unicode string of net name + UNISTR2 shi1_remark - unicode string of comment. + +- SHARE_INFO_1_CTR : + + share container with 0 entries: + + UINT32 0 - EntriesRead + UINT32 0 - Buffer + + share container with > 0 entries: + + UINT32 EntriesRead + UINT32 non-zero - Buffer + UINT32 EntriesRead + + SH_INFO_1_PTR[EntriesRead] share entry pointers + SH_INFO_1_STR[EntriesRead] share entry strings + + UINT8[] padding to get unicode string 4-byte + aligned with start of the SMB header. + UINT32 EntriesRead + UINT32 0 - padding + +- SERVER_INFO_101 : + +Note: see cifs6.txt section 6.4 - the fields described therein will be + of assistance here. for example, the type listed below is the + same as fServerType, which is described in 6.4.1. + + SV_TYPE_WORKSTATION 0x00000001 All workstations + SV_TYPE_SERVER 0x00000002 All servers + SV_TYPE_SQLSERVER 0x00000004 Any server running with SQL + server + SV_TYPE_DOMAIN_CTRL 0x00000008 Primary domain controller + SV_TYPE_DOMAIN_BAKCTRL 0x00000010 Backup domain controller + SV_TYPE_TIME_SOURCE 0x00000020 Server running the timesource + service + SV_TYPE_AFP 0x00000040 Apple File Protocol servers + SV_TYPE_NOVELL 0x00000080 Novell servers + SV_TYPE_DOMAIN_MEMBER 0x00000100 Domain Member + SV_TYPE_PRINTQ_SERVER 0x00000200 Server sharing print queue + SV_TYPE_DIALIN_SERVER 0x00000400 Server running dialin service. + SV_TYPE_XENIX_SERVER 0x00000800 Xenix server + SV_TYPE_NT 0x00001000 NT server + SV_TYPE_WFW 0x00002000 Server running Windows for + + SV_TYPE_SERVER_NT 0x00008000 Windows NT non DC server + SV_TYPE_POTENTIAL_BROWSER 0x00010000 Server that can run the browser + service + SV_TYPE_BACKUP_BROWSER 0x00020000 Backup browser server + SV_TYPE_MASTER_BROWSER 0x00040000 Master browser server + SV_TYPE_DOMAIN_MASTER 0x00080000 Domain Master Browser server + SV_TYPE_LOCAL_LIST_ONLY 0x40000000 Enumerate only entries marked + "local" + SV_TYPE_DOMAIN_ENUM 0x80000000 Enumerate Domains. The pszServer + and pszDomain parameters must be + NULL. + + UINT32 500 - platform_id + VOID* pointer to name + UINT32 5 - major version + UINT32 4 - minor version + UINT32 type (SV_TYPE_... bit field) + VOID* pointer to comment + + UNISTR2 sv101_name - unicode string of server name + UNISTR2 sv_101_comment - unicode string of server comment. + + UINT8[] padding to get unicode string 4-byte + aligned with start of the SMB header. + + + +3) MSRPC over Transact Named Pipe +--------------------------------- + +For details on the SMB Transact Named Pipe, see cifs6.txt + + +3.1) MSRPC Pipes +---------------- + +The MSRPC is conducted over an SMB Transact Pipe with a name of "\PIPE\". +You must first obtain a 16 bit file handle, by sending a SMBopenX with the +pipe name "\PIPE\srvsvc" for example. You can then perform an SMB Trans, +and must carry out an SMBclose on the file handle once you are finished. + +Trans Requests must be sent with two setup UINT16s, no UINT16 params (none +known about), and UINT8 data parameters sufficient to contain the MSRPC +header, and MSRPC data. The first UINT16 setup parameter must be either +0x0026 to indicate an RPC, or 0x0001 to indicate Set Named Pipe Handle +state. The second UINT16 parameter must be the file handle for the pipe, +obtained above. + +The Data section for an API Command of 0x0026 (RPC pipe) in the Trans +Request is the RPC Header, followed by the RPC Data. The Data section for +an API Command of 0x0001 (Set Named Pipe Handle state) is two bytes. The +only value seen for these two bytes is 0x00 0x43. + + +MSRPC Responses are sent as response data inside standard SMB Trans +responses, with the MSRPC Header, MSRPC Data and MSRPC tail. + + +It is suspected that the Trans Requests will need to be at least 2-byte +aligned (probably 4-byte). This is standard practice for SMBs. It is also +independent of the observed 4-byte alignments with the start of the MSRPC +header, including the 4-byte alignment between the MSRPC header and the +MSRPC data. + + +First, an SMBtconX connection is made to the IPC$ share. The connection +must be made using encrypted passwords, not clear-text. Then, an SMBopenX +is made on the pipe. Then, a Set Named Pipe Handle State must be sent, +after which the pipe is ready to accept API commands. Lastly, and SMBclose +is sent. + + +To be resolved: + + lkcl/01nov97 there appear to be two additional bytes after the null- + terminated \PIPE\ name for the RPC pipe. Values seen so far are + listed below: + + initial SMBopenX request: RPC API command 0x26 params: + + "\\PIPE\\lsarpc" 0x65 0x63; 0x72 0x70; 0x44 0x65; + "\\PIPE\\srvsvc" 0x73 0x76; 0x4E 0x00; 0x5C 0x43; + + +3.2) Header +----------- + +[section to be rewritten, following receipt of work by Duncan Stansfield] + + +Interesting note: if you set packed data representation to 0x0100 0000 +then all 4-byte and 2-byte word ordering is turned around! + +The start of each of the NTLSA and NETLOGON named pipes begins with: + +00 UINT8 5 - RPC major version +01 UINT8 0 - RPC minor version +02 UINT8 2 - RPC response packet +03 UINT8 3 - (FirstFrag bit-wise or with LastFrag) +04 UINT32 0x1000 0000 - packed data representation +08 UINT16 fragment length - data size (bytes) inc header and tail. +0A UINT16 0 - authentication length +0C UINT32 call identifier. matches 12th UINT32 of incoming RPC data. +10 UINT32 allocation hint - data size (bytes) minus header and tail. +14 UINT16 0 - presentation context identifier +16 UINT8 0 - cancel count +17 UINT8 in replies: 0 - reserved; in requests: opnum - see #defines. +18 ...... start of data (goes on for allocation_hint bytes) + + +RPC_Packet for request, response, bind and bind acknowledgement. +{ + + UINT8 versionmaj # reply same as request (0x05) + UINT8 versionmin # reply same as request (0x00) + UINT8 type # one of the MSRPC_Type enums + UINT8 flags # reply same as request (0x00 for Bind, 0x03 for Request) + UINT32 representation # reply same as request (0x00000010) + UINT16 fraglength # the length of the data section of the SMB trans packet + UINT16 authlength + UINT32 callid # call identifier. (e.g. 0x00149594) + + * stub USE TvPacket # the remainder of the packet depending on the "type" +} + + +# the interfaces are numbered. as yet I haven't seen more than one interface +# used on the same pipe name +# srvsvc +# abstract (0x4B324FC8, 0x01D31670, 0x475A7812, 0x88E16EBF, 0x00000003) +# transfer (0x8A885D04, 0x11C91CEB, 0x0008E89F, 0x6048102B, 0x00000002) +RPC_Iface RW +{ + UINT8 byte[16] # 16 bytes of number + UINT32 version # the interface number +} + + +# the remainder of the packet after the header if "type" was Bind +# in the response header, "type" should be BindAck +RPC_ReqBind RW +{ + UINT16 maxtsize # maximum transmission fragment size (0x1630) + UINT16 maxrsize # max receive fragment size (0x1630) + UINT32 assocgid # associated group id (0x0) + UINT32 numelements # the number of elements (0x1) + UINT16 contextid # presentation context identifier (0x0) + UINT8 numsyntaxes # the number of syntaxes (has always been 1?)(0x1) + UINT8[] # 4-byte alignment padding, against SMB header + + * abstractint USE RPC_Iface # num and vers. of interface client is using + * transferint USE RPC_Iface # num and vers. of interface to use for replies +} + + +RPC_Address RW +{ + UINT16 length # length of the string including null terminator + * port USE string # the string above in single byte, null terminated form +} + + +# the response to place after the header in the reply packet +RPC_ResBind RW +{ + UINT16 maxtsize # same as request + UINT16 maxrsize # same as request + UINT32 assocgid # zero + + * secondaddr USE RPC_Address # the address string, as described earlier + + UINT8[] # 4-byte alignment padding, against SMB header + + UINT8 numresults # the number of results (0x01) + + UINT8[] # 4-byte alignment padding, against SMB header + UINT16 result # result (0x00 = accept) + UINT16 reason # reason (0x00 = no reason specified) + + * transfersyntax USE RPC_Iface # the transfer syntax from the request +} + + +# the remainder of the packet after the header for every other other +# request +RPC_ReqNorm RW +{ + UINT32 allochint # the size of the stub data in bytes + UINT16 prescontext # presentation context identifier (0x0) + UINT16 opnum # operation number (0x15) + + * stub USE TvPacket # a packet dependent on the pipe name + # (probably the interface) and the op number) +} + + +# response to a request +RPC_ResNorm RW +{ + UINT32 allochint # size of the stub data in bytes + UINT16 prescontext # presentation context identifier (same as request) + UINT8 cancelcount # cancel count? (0x0) + UINT8 reserved # 0 - one byte padding + + * stub USE TvPacket # the remainder of the reply +} + + +3.3) Tail +--------- + +The end of each of the NTLSA and NETLOGON named pipes ends with: + + ...... end of data + UINT32 return code + + + +3.4 RPC Bind / Bind Ack +----------------------- + +RPC Binds are the process of associating an RPC pipe (e.g \PIPE\lsarpc) +with a "transfer syntax" (see RPC_Iface structure). The purpose for doing +this is unknown. + +Note: The RPC_ResBind SMB Transact request is sent with two uint16 setup + parameters. The first is 0x0026; the second is the file handle + returned by the SMBopenX Transact response. + +Note: The RPC_ResBind members maxtsize, maxrsize and assocgid are the + same in the response as the same members in the RPC_ReqBind. The + RPC_ResBind member transfersyntax is the same in the response as + the + +Note: The RPC_ResBind response member secondaddr contains the name + of what is presumed to be the service behind the RPC pipe. The + mapping identified so far is: + + initial SMBopenX request: RPC_ResBind response: + + "\\PIPE\\srvsvc" "\\PIPE\\ntsvcs" + "\\PIPE\\samr" "\\PIPE\\lsass" + "\\PIPE\\lsarpc" "\\PIPE\\lsass" + "\\PIPE\\wkssvc" "\\PIPE\\wksvcs" + "\\PIPE\\NETLOGON" "\\PIPE\\NETLOGON" + +Note: The RPC_Packet fraglength member in both the Bind Request and Bind + Acknowledgment must contain the length of the entire RPC data, + including the RPC_Packet header. + +Request: + + RPC_Packet + RPC_ReqBind + +Response: + + RPC_Packet + RPC_ResBind + + + +4) NTLSA Transact Named Pipe +---------------------------- + +The sequence of actions taken on this pipe are: + +- Establish a connection to the IPC$ share (SMBtconX). use encrypted passwords. +- Open an RPC Pipe with the name "\\PIPE\\lsarpc". Store the file handle. +- Using the file handle, send a Set Named Pipe Handle state to 0x4300. +- Send an LSA Open Policy request. Store the Policy Handle. +- Using the Policy Handle, send LSA Query Info Policy requests, etc. +- Using the Policy Handle, send an LSA Close. +- Close the IPC$ share. + + +Defines for this pipe, identifying the query are: + +- LSA Open Policy: 0x2c +- LSA Query Info Policy: 0x07 +- LSA Enumerate Trusted Domains: 0x0d +- LSA Open Secret: 0xff +- LSA Lookup SIDs: 0xfe +- LSA Lookup Names: 0xfd +- LSA Close: 0x00 + + +4.1) LSA Open Policy +-------------------- + +Note: The policy handle can be anything you like. + +Request: + + VOID* buffer pointer + UNISTR2 server name - unicode string starting with two '\'s + OBJ_ATTR object attributes + UINT32 1 - desired access + +Response: + + POL_HND LSA policy handle + + return 0 - indicates success + + +4.2) LSA Query Info Policy +-------------------------- + +Note: The info class in response must be the same as that in the request. + +Request: + + POL_HND LSA policy handle + UINT16 info class (also a policy handle?) + +Response: + + VOID* undocumented buffer pointer + UINT16 info class (same as info class in request). + + switch (info class) + case 3: + case 5: + { + DOM_INFO domain info, levels 3 and 5 (are the same). + } + + return 0 - indicates success + + +4.3) LSA Enumerate Trusted Domains +---------------------------------- + +Request: + + no extra data + +Response: + + UINT32 0 - enumeration context + UINT32 0 - entries read + UINT32 0 - trust information + + return 0x8000 001a - "no trusted domains" success code + + +4.4) LSA Open Secret +-------------------- + +Request: + + no extra data + +Response: + + UINT32 0 - undocumented + UINT32 0 - undocumented + UINT32 0 - undocumented + UINT32 0 - undocumented + UINT32 0 - undocumented + + return 0x0C00 0034 - "no such secret" success code + + +4.5) LSA Close +-------------- + +Request: + + POL_HND policy handle to be closed + +Response: + + POL_HND 0s - closed policy handle (all zeros) + + return 0 - indicates success + + +4.6) LSA Lookup SIDS +-------------------- + +Note: num_entries in response must be same as num_entries in request. + +Request: + + POL_HND LSA policy handle + UINT32 num_entries + VOID* undocumented domain SID buffer pointer + VOID* undocumented domain name buffer pointer + VOID*[num_entries] undocumented domain SID pointers to be looked up. + DOM_SID[num_entries] domain SIDs to be looked up. + char[16] completely undocumented 16 bytes. + +Response: + + DOM_REF domain reference response + + UINT32 num_entries (listed above) + VOID* undocumented buffer pointer + + UINT32 num_entries (listed above) + DOM_SID2[num_entries] domain SIDs (from Request, listed above). + + UINT32 num_entries (listed above) + + return 0 - indicates success + + +4.7) LSA Lookup Names +--------------------- + +Note: num_entries in response must be same as num_entries in request. + +Request: + + POL_HND LSA policy handle + UINT32 num_entries + UINT32 num_entries + VOID* undocumented domain SID buffer pointer + VOID* undocumented domain name buffer pointer + NAME[num_entries] names to be looked up. + char[] undocumented bytes - falsely translated SID structure? + +Response: + + DOM_REF domain reference response + + UINT32 num_entries (listed above) + VOID* undocumented buffer pointer + + UINT32 num_entries (listed above) + DOM_RID[num_entries] domain SIDs (from Request, listed above). + + UINT32 num_entries (listed above) + + return 0 - indicates success + + + +5) NETLOGON rpc Transact Named Pipe +----------------------------------- + +The sequence of actions taken on this pipe are: + +- Establish a connection to the IPC$ share (SMBtconX). use encrypted passwords. +- Open an RPC Pipe with the name "\\PIPE\\NETLOGON". Store the file handle. +- Using the file handle, send a Set Named Pipe Handle state to 0x4300. +- Create Client Challenge. Send LSA Request Challenge. Store Server Challenge. +- Calculate Session Key. Send an LSA Auth 2 Challenge. Store Auth2 Challenge. +- Calc/Verify Client Creds. Send LSA Srv PW Set. Calc/Verify Server Creds. +- Calc/Verify Client Creds. Send LSA SAM Logon . Calc/Verify Server Creds. +- Calc/Verify Client Creds. Send LSA SAM Logoff. Calc/Verify Server Creds. +- Close the IPC$ share. + + +Defines for this pipe, identifying the query are: + +- LSA Request Challenge: 0x04 +- LSA Server Password Set: 0x06 +- LSA SAM Logon: 0x02 +- LSA SAM Logoff: 0x03 +- LSA Auth 2: 0x0f +- LSA Logon Control: 0x0e + + +5.1) LSA Request Challenge +-------------------------- + +Note: logon server name starts with two '\' characters and is upper case. + +Note: logon client is the machine, not the user. + +Note: the initial LanManager password hash, against which the challenge + is issued, is the machine name itself (lower case). there will be + calls issued (LSA Server Password Set) which will change this, later. + refusing these calls allows you to always deal with the same password + (i.e the LM# of the machine name in lower case). + +Request: + + VOID* undocumented buffer pointer + UNISTR2 logon server unicode string + UNISTR2 logon client unicode string + char[8] client challenge + +Response: + + char[8] server challenge + + return 0 - indicates success + + + +5.2) LSA Authenticate 2 +----------------------- + +Note: in between request and response, calculate the client credentials, + and check them against the client-calculated credentials (this + process uses the previously received client credentials). + +Note: neg_flags in the response is the same as that in the request. + +Note: you must take a copy of the client-calculated credentials received + here, because they will be used in subsequent authentication packets. + +Request: + + LOG_INFO client identification info + + char[8] client-calculated credentials + UINT8[] padding to 4-byte align with start of SMB header. + UINT32 neg_flags - negotiated flags (usual value is 0x0000 01ff) + +Response: + + char[8] server credentials. + UINT32 neg_flags - same as neg_flags in request. + + return 0 - indicates success. failure value unknown. + + +5.3) LSA Server Password Set +---------------------------- + +Note: the new password is suspected to be a DES encryption using the old + password to generate the key. + +Note: in between request and response, calculate the client credentials, + and check them against the client-calculated credentials (this + process uses the previously received client credentials). + +Note: the server credentials are constructed from the client-calculated + credentials and the client time + 1 second. + +Note: you must take a copy of the client-calculated credentials received + here, because they will be used in subsequent authentication packets. + +Request: + + CLNT_INFO client identification/authentication info + char[] new password - undocumented. + +Response: + + CREDS server credentials. server time stamp appears to be ignored. + + return 0 - indicates success; 0xC000 006a indicates failure + + +5.4) LSA SAM Logon +------------------ + +Note: valid_user is True iff the username and password hash are valid for + the requested domain. + +Request: + + SAM_INFO sam_id structure + +Response: + + VOID* undocumented buffer pointer + CREDS server credentials. server time stamp appears to be ignored. + + if (valid_user) + { + UINT16 3 - switch value indicating USER_INFO structure. + VOID* non-zero - pointer to USER_INFO structure + USER_INFO user logon information + + UINT32 1 - Authoritative response; 0 - Non-Auth? + + return 0 - indicates success + } + else + { + UINT16 0 - switch value. value to indicate no user presumed. + VOID* 0x0000 0000 - indicates no USER_INFO structure. + + UINT32 1 - Authoritative response; 0 - Non-Auth? + + return 0xC000 0064 - NT_STATUS_NO_SUCH_USER. + } + + +5.5) LSA SAM Logoff +-------------------- + +Note: presumably, the SAM_INFO structure is validated, and a (currently + undocumented) error code returned if the Logoff is invalid. + +Request: + + SAM_INFO sam_id structure + +Response: + + VOID* undocumented buffer pointer + CREDS server credentials. server time stamp appears to be ignored. + + return 0 - indicates success. undocumented failure indication. + + +6) \\MAILSLOT\NET\NTLOGON +------------------------- + +Note: mailslots will contain a response mailslot, to which the response + should be sent. the target NetBIOS name is REQUEST_NAME<20>, where + REQUEST_NAME is the name of the machine that sent the request. + + +6.1) Query for PDC +------------------ + +Note: NTversion, LMNTtoken, LM20token in response are the same as those + given in the request. + +Request: + + UINT16 0x0007 - Query for PDC + STR machine name + STR response mailslot + UINT8[] padding to 2-byte align with start of mailslot. + UNISTR machine name + UINT32 NTversion + UINT16 LMNTtoken + UINT16 LM20token + +Response: + + UINT16 0x000A - Respose to Query for PDC + STR machine name (in uppercase) + UINT8[] padding to 2-byte align with start of mailslot. + UNISTR machine name + UNISTR domain name + UINT32 NTversion (same as received in request) + UINT16 LMNTtoken (same as received in request) + UINT16 LM20token (same as received in request) + + +6.2) SAM Logon +-------------- + +Note: machine name in response is preceded by two '\' characters. + +Note: NTversion, LMNTtoken, LM20token in response are the same as those + given in the request. + +Note: user name in the response is presumably the same as that in the request. + +Request: + + UINT16 0x0012 - SAM Logon + UINT16 request count + UNISTR machine name + UNISTR user name + STR response mailslot + UINT32 alloweable account + UINT32 domain SID size + char[sid_size] domain SID, of sid_size bytes. + UINT8[] ???? padding to 4? 2? -byte align with start of mailslot. + UINT32 NTversion + UINT16 LMNTtoken + UINT16 LM20token + +Response: + + UINT16 0x0013 - Response to SAM Logon + UNISTR machine name + UNISTR user name - workstation trust account + UNISTR domain name + UINT32 NTversion + UINT16 LMNTtoken + UINT16 LM20token + + + +7) SRVSVC Transact Named Pipe +----------------------------- + + +Defines for this pipe, identifying the query are: + +- Net Share Enum : 0x0f +- Net Server Get Info : 0x15 + + +7.1) Net Share Enum +------------------ + +Note: share level and switch value in the response are presumably the + same as those in the request. + +Note: cifsrap2.txt (section 5) may be of limited assistance here. + +Request: + + VOID* pointer (to server name?) + UNISTR2 server name + + UINT8[] padding to get unicode string 4-byte aligned + with the start of the SMB header. + + UINT32 share level + UINT32 switch value + + VOID* pointer to SHARE_INFO_1_CTR + SHARE_INFO_1_CTR share info with 0 entries + + UINT32 preferred maximum length (0xffff ffff) + +Response: + + UINT32 share level + UINT32 switch value + + VOID* pointer to SHARE_INFO_1_CTR + SHARE_INFO_1_CTR share info (only added if share info ptr is non-zero) + + return 0 - indicates success + + +7.2) Net Server Get Info +------------------ + +Note: level is the same value as in the request. + +Request: + + UNISTR2 server name + UINT32 switch level + +Response: + + UINT32 switch level + VOID* pointer to SERVER_INFO_101 + + SERVER_INFO_101 server info (only added if server info ptr is non-zero) + + return 0 - indicates success + + + +Appendix +-------- + +A1) Cryptographic side of NT Domain Authentication +-------------------------------------------------- + + +A1.1) Definitions +----------------- + +Add(A1,A2): Intel byte ordered addition of corresponding 4 byte words +in arrays A1 and A2 + +E(K,D): DES ECB encryption of 8 byte data D using 7 byte key K + +lmowf(): Lan man hash + +ntowf(): NT hash + +PW: md4(machine_password) == md4(lsadump $machine.acc) == +pwdump(machine$) (initially) == md4(lmowf(unicode(machine))) + +ARC4(K,Lk,D,Ld): ARC4 encryption of data D of length Ld with key K of +length Lk + +v[m..n(,l)]: subset of v from bytes m to n, optionally padded with +zeroes to length l + +Cred(K,D): E(K[7..7,7],E(K[0..6],D)) computes a credential + +Time(): 4 byte current time + +Cc,Cs: 8 byte client and server challenges Rc,Rs: 8 byte client and +server credentials + + +A1.2) Protocol +-------------- + +C->S ReqChal,Cc S->C Cs + +C & S compute session key Ks = E(PW[9..15],E(PW[0..6],Add(Cc,Cs))) + +C: Rc = Cred(Ks,Cc) C->S Authenticate,Rc S: Rs = Cred(Ks,Cs), +assert(Rc == Cred(Ks,Cc)) S->C Rs C: assert(Rs == Cred(Ks,Cs)) + +On joining the domain the client will optionally attempt to change its +password and the domain controller may refuse to update it depending +on registry settings. This will also occur weekly afterwards. + +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S ServerPasswordSet,Rc',Tc, +arc4(Ks[0..7,16],lmowf(randompassword()) C: Rc = Cred(Ks,Rc+Tc+1) S: +assert(Rc' == Cred(Ks,Rc+Tc)), Ts = Time() S: Rs' = Cred(Ks,Rs+Tc+1) +S->C Rs',Ts C: assert(Rs' == Cred(Ks,Rs+Tc+1)) S: Rs = Rs' + +User: U with password P wishes to login to the domain (incidental data +such as workstation and domain omitted) + +C: Tc = Time(), Rc' = Cred(Ks,Rc+Tc) C->S NetLogonSamLogon,Rc',Tc,U, +arc4(Ks[0..7,16],16,ntowf(P),16), arc4(Ks[0..7,16],16,lmowf(P),16) S: +assert(Rc' == Cred(Ks,Rc+Tc)) assert(passwords match those in SAM) S: +Ts = Time() + +S->C Cred(Ks,Cred(Ks,Rc+Tc+1)),userinfo(logon script,UID,SIDs,etc) C: +assert(Rs == Cred(Ks,Cred(Rc+Tc+1)) C: Rc = Cred(Ks,Rc+Tc+1) + + +A1.3) Comments +-------------- + +On first joining the domain the session key could be computed by +anyone listening in on the network as the machine password has a well +known value. Until the machine is rebooted it will use this session +key to encrypt NT and LM one way functions of passwords which are +password equivalents. Any user who logs in before the machine has been +rebooted a second time will have their password equivalent exposed. Of +course the new machine password is exposed at this time anyway. + +None of the returned user info such as logon script, profile path and +SIDs *appear* to be protected by anything other than the TCP checksum. + +The server time stamps appear to be ignored. + +The client sends a ReturnAuthenticator in the SamLogon request which I +can't find a use for. However its time is used as the timestamp +returned by the server. + +The password OWFs should NOT be sent over the network reversibly +encrypted. They should be sent using ARC4(Ks,md4(owf)) with the server +computing the same function using the owf values in the SAM. + + +A2) SIDs and RIDs +----------------- + +SIDs and RIDs are well documented elsewhere. + +A SID is an NT Security ID (see DOM_SID structure). They are of the form: + + S-revision-NN-SubAuth1-SubAuth2-SubAuth3... + S-revision-0xNNNNNNNNNNNN-SubAuth1-SubAuth2-SubAuth3... + +currently, the SID revision is 1. +The Sub-Authorities are known as Relative IDs (RIDs). + + +A2.1) Well-known SIDs +--------------------- + + +A2.1.1) Universal well-known SIDs +--------------------------------- + + Null SID S-1-0-0 + World S-1-1-0 + Local S-1-2-0 + Creator Owner ID S-1-3-0 + Creator Group ID S-1-3-1 + Creator Owner Server ID S-1-3-2 + Creator Group Server ID S-1-3-3 + + (Non-unique IDs) S-1-4 + + +A2.1.2) NT well-known SIDs +-------------------------- + + NT Authority S-1-5 + Dialup S-1-5-1 + + Network S-1-5-2 + Batch S-1-5-3 + Interactive S-1-5-4 + Service S-1-5-6 + AnonymousLogon S-1-5-7 (aka null logon session) + Proxy S-1-5-8 + ServerLogon S-1-5-8 (aka domain controller account) + + (Logon IDs) S-1-5-5-X-Y + + (NT non-unique IDs) S-1-5-0x15-... + + (Built-in domain) s-1-5-0x20 + + + +A2.2) Well-known RIDS +--------------------- + +A RID is a sub-authority value, as part of either a SID, or in the case +of Group RIDs, part of the DOM_GID structure, in the USER_INFO_1 +structure, in the LSA SAM Logon response. + + +A2.2.1) Well-known RID users +---------------------------- + + DOMAIN_USER_RID_ADMIN 0x0000 01F4 + DOMAIN_USER_RID_GUEST 0x0000 01F5 + + + +A2.2.2) Well-known RID groups +---------------------------- + + DOMAIN_GROUP_RID_ADMINS 0x0000 0200 + DOMAIN_GROUP_RID_USERS 0x0000 0201 + DOMAIN_GROUP_RID_GUESTS 0x0000 0202 + + + +A2.2.3) Well-known RID aliases +------------------------------ + + DOMAIN_ALIAS_RID_ADMINS 0x0000 0220 + DOMAIN_ALIAS_RID_USERS 0x0000 0221 + DOMAIN_ALIAS_RID_GUESTS 0x0000 0222 + DOMAIN_ALIAS_RID_POWER_USERS 0x0000 0223 + + DOMAIN_ALIAS_RID_ACCOUNT_OPS 0x0000 0224 + DOMAIN_ALIAS_RID_SYSTEM_OPS 0x0000 0225 + DOMAIN_ALIAS_RID_PRINT_OPS 0x0000 0226 + DOMAIN_ALIAS_RID_BACKUP_OPS 0x0000 0227 + + DOMAIN_ALIAS_RID_REPLICATOR 0x0000 0228 + + diff --git a/docs/textdocs/outdated/NTDOMAIN.txt b/docs/textdocs/outdated/NTDOMAIN.txt new file mode 100644 index 00000000000..8408acb979a --- /dev/null +++ b/docs/textdocs/outdated/NTDOMAIN.txt @@ -0,0 +1,51 @@ +!== +!== NTDOMAIN.txt for Samba release 2.0.4 18 May 1999 +!== +Contributor: Luke Kenneth Casson Leighton (samba-bugs@samba.org) + Copyright (C) 1997 Luke Kenneth Casson Leighton +Created: October 20, 1997 +Updated: February 25, 1999 (Jerry Carter) + +Subject: NT Domain Logons +=========================================================================== + +As of 1.9.18alpha1, Samba supports logins for NT 3.51 and 4.0 Workstations, +without the need, use or intervention of NT Server. This document describes +how to set this up. Over the continued development of the 1.9.18alpha +series, this process (and therefore this document) should become simpler. + +One useful thing to do is to get this version of Samba up and running +with Win95 profiles, as you would for the current stable version of +Samba (currently at 1.9.17p4), and is fully documented. You will need +to set up encrypted passwords. Even if you don't have any Win95 machines, +using your Samba Server to store the profile for one of your NT Workstation +users is a good test that you have 1.9.18alpha1 correctly configured *prior* +to attempting NT Domain Logons. + +The support is still experimental, so should be used at your own risk. + +NT is not as robust as you might have been led to believe: during the +development of the Domain Logon Support, one person reported having to +reinstall NT from scratch: their workstation had become totally unuseable. + +[further reports on ntsec@iss.net by independent administrators showing + similar symptoms lead us to believe that the SAM database file may be + corruptible. this _is_ recoverable (or, at least the machine is accessible), + by deleting the SAM file, under which circumstances all user account details + are lost, but at least the Administrator can log in with a blank password. + this is *not* possible except if the NT system is installed in a FAT + partition.] + +This *has* been reported to the NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM digest. + +========================================================================== +Please note that Samba 2.0 does not **officially** support domain logons +for Windows NT clients. Of course, domain logon support for Windows 9x +clients is complete and official. These are two different issues. + +Samba's capability to act as a Primary Domain Controller for Windows NT +domains is not advertised as it is not completed yet. For more information +regarding how to obtain the latest development (HEAD branch) source code +and what features are available, please refer to the NT Domain FAQ on-line +at the Samba web site under the documentation page. + diff --git a/docs/textdocs/outdated/PRINTER_DRIVER.txt b/docs/textdocs/outdated/PRINTER_DRIVER.txt new file mode 100644 index 00000000000..5bf82e0cfe4 --- /dev/null +++ b/docs/textdocs/outdated/PRINTER_DRIVER.txt @@ -0,0 +1,240 @@ +!== +!== PRINTER_DRIVER.txt for Samba release 2.0.4 18 May 1999 +!== +========================================================================== + Supporting the famous PRINTER$ share + + Jean-Francois.Micouleau@utc.fr, 10/26/97 + modified by herb@sgi.com 1/2/98 + +=========================================================================== + +Disclaimer: + + This ONLY works with Windows 95 + It does NOT work with Windows NT 4 + + +Goal: + + When you click on a samba shared printer, you can now install the driver + automatically onto the Windows 95 machine, as you would from an NT server. + +How To: + + It's a three step config. + + First, create a new directory, where you will put the driver files, and + make a share in smb.conf pointing to it. + + Example: + + [printer$] + path=/usr/local/samba/printer + public=yes + writable=no + browseable=yes + + Second, you have to build the list of drivers required for a specific + printer. This is the most complicated thing to do. Get the files + 'msprint.inf' and 'msprint2.inf' from Windows 95, the easiest way is to + grab them from a working Windows 95 computer. They are usually located + in 'c:\windows\inf'. Look in them for the printer you have. Run the new + program 'make_printerdef' with the file name and the printer name as + parameters. If you have drivers for an unsupported or updated printer, + first install these drivers on an Windows 95 system. There will be a + file created in your inf directory named 'oem?.inf' (where the ? is some + number). Use this file instead of msprint.inf. + + Example: (from the /usr/local/samba/lib directory) + + make_printerdef msprint.inf "Apple LaserWriter" >> printers.def + + The program will print out a list of required files to stderr. + Copy all the files listed into the directory you created in step 1. + If you have "preserve case = yes" make sure your files names match + EXACTLY the names listed. + + Third, you need to add 2 new parameters in smb.conf. One is in the + [global] section, called 'printer driver file' pointing to the printer + description file you just created, and the other in each printer share, + called 'printer driver location' pointing to where the client will get + the drivers. Don't forget to set correctly the printer driver parameter + to the Windows printer name. + + Example: + + [global] + printer driver file=/usr/local/samba/lib/printers.def + + [lp] + comment = My old printer laser + browseable = yes + printable = yes + public = yes + writable = no + create mode = 0700 + printer driver=Apple LaserWriter + printer driver location=\\%h\PRINTER$ + + %h will expand to the computer name, and PRINTER$ is the name of the + share created in step one. + + +If it doesn't work for you, don't send flame ! It worked for me. In case of +trouble don't hesitate to send me a mail with your smb.conf file and +printers.def + + +******* added by herb@sgi.com + +For those of you who like to know the details, and in case I have guessed +wrong on some of the fields - The following is the format of the entries +in the printers.def file: (entries are 1 single line - they are split here +for readability) + +:::: +:: + +The and the can be empty. +If no or are specified in the inf file, +these will default to the section name for the printer. + +The following is an excerpt from the MSPRINT2.INF file on a WIN95 machine. +I have deleted all but the entries relating to installing a driver for the +"QMS ColorScript 100 Model 30" printer. Using this "file" I'll try to +explain how the printers.def file is created. + +make_printerdef is run with the first argument being the name of this +file (MSPRINT2.INF in this case) and the second argument being the +name of the printer ("QMS ColorScript 100 Model 30" in this case). + +The printer name is first found in the "Model section" to obtain the +name of the "Installer Section" (this is the name after the equal sign). +We ignore the alternate name. + +The "Installer Section" contains entries for "CopyFiles" and "DataSection". +The "CopyFiles" line gives a list of all the required files for this +printer. If the name begins with an @ it is the name of a file (after +you strip off the @), otherwise it is the name of a "Copy Section" which +in turn is a list of files required. This printer has one file listed +"QCS30503.SPD" and two sections "COLOR_QMS_100_30" and "PSCRIPT". The +"COLOR_QMS_100_30" section is listed in the "[DestinationDirs]" as +having a value of 23. This means that all files listed in this section +should go into the "color" subdirectory. The list of files to copy for +this printer is thus: + +QCS30503.SPD,color\QMS10030.ICM,PSCRIPT.DRV,PSCRIPT.HLP,PSCRIPT.INI, +TESTPS.TXT,APPLE380.SPD,FONTS.MFM,ICONLIB.DLL,PSMON.DLL + +From the "Data Section" we obtain values for "DriverFile", "HelpFile", +and "LanguageMonitor". The % around the value for "LanguageMonitor" +indicates that it is a string that can be localized so its actual value +is obtained from the "[Strings]" section. The "Data Section" could also +have contained an entry for "DefaultDataType". + +Using the information we have obtained we can now construct the entry +for the printers.def file. + + -> QMS ColorScript 100 Model 30 (name given + on the command line) + -> PSCRIPT.DRV (given in Data Section) + -> QCS30503.SPD (defaults to Install Section name) + -> PSCRIPT.HLP (given in Data Section) + -> PostScript Language Monitor (given in Data Section) + -> RAW (default if not specified) + + +So.... the enty (actually one line but split here for readability) would +be: + +QMS ColorScript 100 Model 30:PSCRIPT.DRV:QCS30503.SPD: +PSCRIPT.HLP:PostScript Language Monitor:RAW: +QCS30503.SPD,color\QMS10030.ICM,PSCRIPT.DRV,PSCRIPT.HLP,PSCRIPT.INI, +TESTPS.TXT,APPLE380.SPD,FONTS.MFM,ICONLIB.DLL,PSMON.DLL + +---------------------- Info from MSPRINT2.INF ------------------------ +; +; The Manufacturer section lists all of the manufacturers that we will +; display in the Dialog box + +[Manufacturer] +"QMS" + + +; +; Model sections. Each section here corresponds with an entry listed in the +; [Manufacturer] section, above. The models will be displayed in the order +; that they appear in the INF file. +; +; Each model lists a variation of its own name as a compatible ID. This +; is done primarily as an optimization during upgrade. +; +[QMS] +"QMS ColorScript 100 Model 30" = QCS30503.SPD,QMS_ColorScript_100_Model_30 + + +; +; Installer Sections +; +; These sections control file installation, and reference all files that +; need to be copied. The section name will be assumed to be the driver +; file, unless there is an explicit DriverFile section listed. +; +[QCS30503.SPD] +CopyFiles=@QCS30503.SPD,COLOR_QMS_100_30,PSCRIPT +DataSection=PSCRIPT_DATA + +; Copy Sections +; +; Lists of files that are actually copied. These sections are referenced +; from the installer sections, above. Only create a section if it contains +; two or more files (if we only copy a single file, identify it in the +; installer section, using the @filename notation) or if it's a color +; profile (since the DestinationDirs can only handle sections, and not +; individual files). +; +[COLOR_QMS_100_30] +QMS10030.ICM + +[PSCRIPT] +PSCRIPT.DRV +PSCRIPT.HLP +PSCRIPT.INI +TESTPS.TXT +APPLE380.SPD +FONTS.MFM +ICONLIB.DLL +PSMON.DLL + + +; +; Data Sections +; +; These sections contain data that is shared between devices. +; +[PSCRIPT_DATA] +DriverFile=PSCRIPT.DRV +HelpFile=PSCRIPT.HLP +LanguageMonitor=%PS_MONITOR% + + +; +; Color profiles go to the colors directory. All other files go to the +; system directory +; + +[DestinationDirs] +DefaultDestDir=11 +COLOR_QMS_100_30=23 +COLOR_TEKTRONIX_200I=23 +COLOR_TEKTRONIX_III_PXI=23 + + +; +; Localizable Strings +; +[Strings] +MS="Microsoft" +PS_MONITOR="PostScript Language Monitor,PSMON.DLL" + diff --git a/docs/textdocs/PROJECTS b/docs/textdocs/outdated/PROJECTS similarity index 65% rename from docs/textdocs/PROJECTS rename to docs/textdocs/outdated/PROJECTS index cf903f2c6dd..3008bea430d 100644 --- a/docs/textdocs/PROJECTS +++ b/docs/textdocs/outdated/PROJECTS @@ -14,35 +14,37 @@ then please let me know! Also, if you are listed below and you have any corrections or updates then please let me know. Email contact: -samba-bugs@anu.edu.au +samba-bugs@samba.org ======================================================================== Documentation and FAQ Docs and FAQ files for the Samba suite of software. -Contact Karl.Auer@anu.edu.au +Contact samba-bugs@samba.org with the diffs. These are urgently +required. -Mark Preston is now working on a set of formatted docs for Samba. -Contact mpreston@sghms.ac.uk +The FAQ is being added to on an ad hoc basis, see the web pages for info. -Docs are currently up to date with version, 1.7.07. FAQ being added to -as questions arise. +Mark Preston was working on a set of formatted docs for Samba. Is this +still happening? Contact mpreston@sghms.ac.uk -Status last updated 27th September 1994 +Status last updated 2nd October 1996 ======================================================================== ======================================================================== Netbeui support -This aims to produce patches so that Samba can be used with clients +This aimed to produce patches so that Samba can be used with clients that do not have TCP/IP. It will try to remain as portable as possible. - -Contact Brian.Onn@Canada.Sun.COM (Brian Onn) - -The project is just startup up. - -Status last updated 4th October 1994 +Contact Brian.Onn@Canada.Sun.COM (Brian Onn) Unfortunately it died, and +although a lot of people have expressed interest nobody has come forward +to do it. The Novell port (see Samba web pages) includes NetBEUI +functionality in a proprietrary library which should still be helpful as +we have the interfaces. Alan Cox (a.cox@li.org) has the information +required to write the state machine if someone is going to do the work. + +Status last updated 2nd October 1996 ======================================================================== ======================================================================== @@ -52,21 +54,11 @@ A mountable smb filesystem for Linux using the userfs userspace filesystem Contact lendecke@namu01.gwdg.de (Volker Lendecke) -Currently this is at version 0.2. It works but is really only for -people with some knowledge and experience of Linux kernel hacking. - -Status last updated 23rd August 1994 -======================================================================== - -======================================================================== -Nmbd - -Aims to produce a complete rfc1001/1002 implementation. The current -nmbd is a partial implementation. - -Contact Fabrice Cetre (cetre@ifhpserv.insa-lyon.fr) +This works really well, and is measurably more efficient than commercial +client software. It is now part of the Linux kernel. Long filename support +is in use. -Status last updated 23rd August 1994 +Status last updated June 1997 ======================================================================== ======================================================================== diff --git a/docs/textdocs/security_level.txt b/docs/textdocs/security_level.txt new file mode 100644 index 00000000000..f4e0df7139c --- /dev/null +++ b/docs/textdocs/security_level.txt @@ -0,0 +1,100 @@ +Contributor: Andrew Tridgell +Updated: June 27, 1997 +Status: Current + +Subject: Description of SMB security levels. +=========================================================================== + +Samba supports the following options to the global smb.conf parameter +"security =": + share, user, server + +Note: Samba-2.0.0 now adds the "domain" security mode. Please refer to +the smb.conf man page for usage information and to the document +docs/textdocs/DOMAIN_MEMBER.txt for further background details. + +Of the above, "security = server" means that Samba reports to clients that +it is running in "user mode" but actually passes off all authentication +requests to another "user mode" server. This requires an additional +parameter "password server =" that points to the real authentication server. +That real authentication server can be another Samba server or can be a +Windows NT server, the later natively capable of encrypted password support. + +Below is a more complete description of security levels. +=========================================================================== + +A SMB server tells the client at startup what "security level" it is +running. There are two options "share level" and "user level". Which +of these two the client receives affects the way the client then tries +to authenticate itself. It does not directly affect (to any great +extent) the way the Samba server does security. I know this is +strange, but it fits in with the client/server approach of SMB. In SMB +everything is initiated and controlled by the client, and the server +can only tell the client what is available and whether an action is +allowed. + +I'll describe user level security first, as its simpler. In user level +security the client will send a "session setup" command directly after +the protocol negotiation. This contains a username and password. The +server can either accept or reject that username/password +combination. Note that at this stage the server has no idea what +share the client will eventually try to connect to, so it can't base +the "accept/reject" on anything other than: + +- the username/password +- the machine that the client is coming from + +If the server accepts the username/password then the client expects to +be able to mount any share (using a "tree connection") without +specifying a password. It expects that all access rights will be as +the username/password specified in the "session setup". + +It is also possible for a client to send multiple "session setup" +requests. When the server responds it gives the client a "uid" to use +as an authentication tag for that username/password. The client can +maintain multiple authentication contexts in this way (WinDD is an +example of an application that does this) + + +Ok, now for share level security. In share level security the client +authenticates itself separately for each share. It will send a +password along with each "tree connection" (share mount). It does not +explicitly send a username with this operation. The client is +expecting a password to be associated with each share, independent of +the user. This means that samba has to work out what username the +client probably wants to use. It is never explicitly sent the +username. Some commercial SMB servers such as NT actually associate +passwords directly with shares in share level security, but samba +always uses the unix authentication scheme where it is a +username/password that is authenticated, not a "share/password". + +Many clients send a "session setup" even if the server is in share +level security. They normally send a valid username but no +password. Samba records this username in a list of "possible +usernames". When the client then does a "tree connection" it also adds +to this list the name of the share they try to connect to (useful for +home directories) and any users listed in the "user =" smb.conf +line. The password is then checked in turn against these "possible +usernames". If a match is found then the client is authenticated as +that user. + +Finally "server level" security. In server level security the samba +server reports to the client that it is in user level security. The +client then does a "session setup" as described earlier. The samba +server takes the username/password that the client sends and attempts +to login to the "password server" by sending exactly the same +username/password that it got from the client. If that server is in +user level security and accepts the password then samba accepts the +clients connection. This allows the samba server to use another SMB +server as the "password server". + +You should also note that at the very start of all this, where the +server tells the client what security level it is in, it also tells +the client if it supports encryption. If it does then it supplies the +client with a random "cryptkey". The client will then send all +passwords in encrypted form. You have to compile samba with encryption +enabled to support this feature, and you have to maintain a separate +smbpasswd file with SMB style encrypted passwords. It is +cryptographically impossible to translate from unix style encryption +to SMB style encryption, although there are some fairly simple management +schemes by which the two could be kept in sync. diff --git a/docs/yodldocs/README-NOW b/docs/yodldocs/README-NOW new file mode 100644 index 00000000000..592d38c1351 --- /dev/null +++ b/docs/yodldocs/README-NOW @@ -0,0 +1,14 @@ +!== +!== Notice of change of documentation format +!== + +Samba is no longer using yodl as the source markup +language for our documentation. As of release 2.2.0, +we are using DocBook V4.1 exclusively (assuming you are not +counting the ASCII files yet to be converted). + +Please see ../docbook/docbook.txt for more information +on this. + +jerry carter +SAMBA Team diff --git a/examples/LDAP/README b/examples/LDAP/README new file mode 100644 index 00000000000..281a66e65aa --- /dev/null +++ b/examples/LDAP/README @@ -0,0 +1,114 @@ +!== +!== README File for storing smbpasswd in LDAP +!== +!== written by Gerald Carter +!== + +This is a quick and dirty means of storing smbpasswd entries +in smbpasswd. Samba 2.2.x does not have any ability to grab +this information directly from LDAP so you will need to +periodically generate an smbpasswd from an ldapsearch +"(objectclass=smbPasswordEntry)". + +Be aware of search limits on your client or server which prevent +all entries from being returned in the search result. + + +Pre-requisites for import_smbpasswd.pl & export_smbpasswd.pl +------------------------------------------------------------ +You must install Mozilla PerLDAP which is available at: + + http://www.mozilla.org/directory + +PerLDAP depends on the Netscape (aka iPlanet) C-SDK which is +available for download at: + + http:// www.iplanet.com/downloads/developer/ + + +Pre-requisites for import2_smbpasswd.pl & export2_smbpasswd.pl +-------------------------------------------------------------- +These two scripts are modified versions of +[import|export]_smbpasswd.pl rewritten to use the Net::LDAP +perl module available from + + http://perl-ldap.sourceforge.net + + + +OpenLDAP 2.0.x +-------------- + +A sample schema file (samba.schema) has been included for use +with OpenLDAP 2.0.x. The OIDs used in this file are owned by +the Samba team and generated from its own Enterprise number +of 7165 (as issued by IANA). + +Copy the samba.schema file into your /etc/openldap/schema directory, +and add an include for it in the /etc/openldap/slapd.conf file. +Note that samba.schema relies upon the uid and uidNumber attributes +from the RFC2307 schema (i.e. nis.schema) + +If you choose to import /etc/passwd, nis, or nisplus tables +into ldap, you can use migration tools provided by PADL Software +which are located at + + http://www.padl.com/tools.html + +It is not a requirement that a user's /etc/passwd account +is stored in LDAP for the samba.schema file to work (although +the whole point of storing smbpasswd in LDAP is to have a +single location for user accounts, right?) + +The padl tools will leave you with LDIF files which you can import +into OpenLDAP. Before you can import them, you need to include +nis.schema and cosine.schema in your slapd.conf file. + +You must restart the LDAP server for these new included schema files +to become active. + + +import[2]_smbpasswd.pl +---------------------- + +Make sure you customize the local site variable in the perl script +(i.e. ldapserver, rootdn, rootpw, etc...). The script reads from +standard input and requires that user entries already exist +in your directories containing the 'objectclass: posixAccount' +value pair. For more information on this object and related schema, +refer to RFC2307 and http://www.padl.com/software.html). + +The following will import an smbpasswd file into an LDAP directory + + $ cat smbpasswd | import[2]_smbpasswd.pl + + +export[2]_smbpasswd.pl +---------------------- + +Make sure you customize the local site variable in the perl script +(i.e. ldapserver, rootdn, rootpw, etc...). You can then generate +an smbpasswd file by executing + + $ export[2]_smbpasswd.pl > smbpasswd + +NOTE: Server side (or client side) search limites may prevent +all users from being listed. Check you directory server documentation +for details. + + + +ldapsync.pl & ldapchgpasswd.pl +------------------------------ +For more information on these scripts, see + + http://www.mami.net/univr/tng-ldap/howto/ + + +The ldapsync.pl script requires a small command (smbencrypt) +for generating LanMan and NT password hashes which +can be found at ftp://samba.org/pub/samba/contributed/ + +!== +!== end of README +!== diff --git a/examples/LDAP/export2_smbpasswd.pl b/examples/LDAP/export2_smbpasswd.pl new file mode 100644 index 00000000000..90f5805e55f --- /dev/null +++ b/examples/LDAP/export2_smbpasswd.pl @@ -0,0 +1,64 @@ +#!/usr/bin/perl +## +## Example script to export ldap entries into an smbpasswd file format +## using the Mozilla PerLDAP module. +## +## writen by jerry@samba.org +## +## ported to Net::LDAP by dkrovich@slackworks.com + +use Net::LDAP; + +###################################################### +## Set these values to whatever you need for your site +## + +$DN="dc=samba,dc=my-domain,dc=com"; +$ROOTDN="cn=Manager,dc=my-domain,dc=com"; +$rootpw = "secret"; +$LDAPSERVER="localhost"; + +## +## end local site variables +###################################################### + +$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER"; + +print "##\n"; +print "## Autogenerated smbpasswd file via ldapsearch\n"; +print "## from $LDAPSERVER ($DN)\n"; +print "##\n"; + +## scheck for the existence of the posixAccount first +$result = $ldap->search ( base => "$DN", + scope => "sub", + filter => "(objectclass=smbpasswordentry)" + ); + + + +## loop over the entries we found +while ( $entry = $result->shift_entry() ) { + + @uid = $entry->get_value("uid"); + @uidNumber = $entry->get_value("uidNumber"); + @lm_pw = $entry->get_value("lmpassword"); + @nt_pw = $entry->get_value("ntpassword"); + @acct = $entry->get_value("acctFlags"); + @pwdLastSet = $entry->get_value("pwdLastSet"); + + if (($#uid+1) && ($#uidNumber+1)) { + + $lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1)); + $nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1)); + $acct[0] = "[DU ]" if (! ($#acct+1)); + $pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1)); + + print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n"; + } + +} + +$ldap->unbind(); +exit 0; + diff --git a/examples/LDAP/export_smbpasswd.pl b/examples/LDAP/export_smbpasswd.pl new file mode 100644 index 00000000000..3f67dc62427 --- /dev/null +++ b/examples/LDAP/export_smbpasswd.pl @@ -0,0 +1,63 @@ +#!/usr/bin/perl +## +## Example script to export ldap entries into an smbpasswd file format +## using the Mozilla PerLDAP module. +## +## writen by jerry@samba.org +## + +use Mozilla::LDAP::Conn; +use Mozilla::LDAP::Entry; + +###################################################### +## Set these values to whatever you need for your site +## + +$DN="ou=people,dc=plainjoe,dc=org"; +$ROOTDN="cn=Manager,dc=plainjoe,dc=org"; +$rootpw = "secret"; +$LDAPSERVER="localhost"; + +## +## end local site variables +###################################################### + + +$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw ); +die "Unable to connect to LDAP server $LDAPSERVER" unless $conn; + +print "##\n"; +print "## Autogenerated smbpasswd file via ldapsearch\n"; +print "## from $LDAPSERVER ($DN)\n"; +print "##\n"; + +## scheck for the existence of the posixAccount first +$result = $conn->search ("$DN", "sub", "(objectclass=smbPasswordEntry)"); + + +## loop over the entries we found +while ($result) { + + @uid = $result->getValue("uid"); + @uidNumber = $result->getValue("uidNumber"); + @lm_pw = $result->getValue("lmpassword"); + @nt_pw = $result->getValue("ntpassword"); + @acct = $result->getValue("acctFlags"); + @pwdLastSet = $result->getValue("pwdLastSet"); + + if (($#uid+1) && ($#uidNumber+1)) { + + $lm_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#lm_pw+1)); + $nt_pw[0] = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX" if (! ($#nt_pw+1)); + $acct[0] = "[DU ]" if (! ($#acct+1)); + $pwdLastSet[0] = "FFFFFFFF" if (! ($#pwdLastSet+1)); + + print "$uid[0]:$uidNumber[0]:$lm_pw[0]:$nt_pw[0]:$acct[0]:LCT-$pwdLastSet[0]\n"; + } + + $result = $conn->nextEntry(); + +} + +$conn->close(); +exit 0; diff --git a/examples/LDAP/import2_smbpasswd.pl b/examples/LDAP/import2_smbpasswd.pl new file mode 100644 index 00000000000..bf643391a7e --- /dev/null +++ b/examples/LDAP/import2_smbpasswd.pl @@ -0,0 +1,108 @@ +#!/usr/bin/perl +## +## Example script of how you could import a smbpasswd file into an LDAP +## directory using the Mozilla PerLDAP module. +## +## writen by jerry@samba.org +## +## ported to Net::LDAP by dkrovich@slackworks.com + +use Net::LDAP; + +################################################# +## set these to a value appropriate for your site +## + +$DN="dc=samba,dc=my-domain,dc=com"; +$ROOTDN="cn=Manager,dc=my-domain,dc=com"; +$rootpw = "secret"; +$LDAPSERVER="localhost"; + +## +## end local site variables +################################################# + +$ldap = Net::LDAP->new($LDAPSERVER) or die "Unable to connect to LDAP server $LDAPSERVER"; + +## Bind as $ROOTDN so you can do updates +$mesg = $ldap->bind($ROOTDN, password => $rootpw); + +while ( $string = ) { + chop ($string); + + ## Get the account info from the smbpasswd file + @smbentry = split (/:/, $string); + + ## Check for the existence of a system account + @getpwinfo = getpwnam($smbentry[0]); + if (! @getpwinfo ) { + print STDERR "$smbentry[0] does not have a system account... skipping\n"; + next; + } + + ## check and see if account info already exists in LDAP. + $result = $ldap->search ( base => "$DN", + scope => "sub", + filter => "(&(|(objectclass=posixAccount)(objectclass=smbPasswordEntry))(uid=$smbentry[0]))" + ); + + ## If no LDAP entry exists, create one. + if ( $result->count == 0 ) { + $entry = $ldap->add ( dn => "uid=$smbentry[0]\,$DN", + attrs => [ + uid => $smbentry[0], + uidNumber => @getpwinfo[2], + lmPassword => $smbentry[2], + ntPassword => $smbentry[3], + acctFlags => $smbentry[4], + pwdLastSet => substr($smbentry[5],4), + objectclass => [ 'top', 'smbPasswordEntry' ] + ] + ); + print "Adding [uid=" . $smbentry[0] . "," . $DN . "]\n"; + + ## Otherwise, supplement/update the existing entry. + } elsif ($result->count == 1) { + # Put the search results into an entry object + $entry = $result->shift_entry; + + print "Updating [" . $entry->dn . "]\n"; + + ## Add the objectclass: smbPasswordEntry attribute if it's not there + @values = $entry->get_value( "objectclass" ); + $flag = 1; + foreach $item (@values) { + if ( lc($item) eq "smbpasswordentry" ) { + print $item . "\n"; + $flag = 0; + } + } + if ( $flag ) { + $entry->add(objectclass => "smbPasswordEntry"); + } + + ## Set the other attribute values + $entry->replace(lmPassword => $smbentry[2], + ntPassword => $smbentry[3], + acctFlags => $smbentry[4], + pwdLastSet => substr($smbentry[5],4) + ); + + ## Apply changes to the LDAP server + $updatemesg = $entry->update($ldap); + if ( $updatemesg->code ) { + print "Error updating $smbentry[0]!\n"; + } + + ## If we get here, the LDAP search returned more than one value + ## which shouldn't happen under normal circumstances. + } else { + print STDERR "LDAP search returned more than one entry for $smbentry[0]... skipping!\n"; + next; + } +} + +$ldap->unbind(); +exit 0; + + diff --git a/examples/LDAP/import_smbpasswd.pl b/examples/LDAP/import_smbpasswd.pl new file mode 100644 index 00000000000..14aeff967f1 --- /dev/null +++ b/examples/LDAP/import_smbpasswd.pl @@ -0,0 +1,65 @@ +#!/usr/bin/perl +## +## Example script of how you could import and smbpasswd file into an LDAP +## directory using the Mozilla PerLDAP module. +## +## writen by jerry@samba.org +## + +use Mozilla::LDAP::Conn; +use Mozilla::LDAP::Entry; + +################################################# +## set these to a value appropriate for your site +## + +$DN="ou=people,dc=plainjoe,dc=org"; +$ROOTDN="cn=Manager,dc=plainjoe,dc=org"; +$rootpw = "secret"; +$LDAPSERVER="localhost"; + +## +## end local site variables +################################################# + +$conn = new Mozilla::LDAP::Conn ("$LDAPSERVER", "389", $ROOTDN, $rootpw ); +die "Unable to connect to LDAP server $LDAPSERVER" unless $conn; + + +while ( $string = ) { + chop ($string); + + ## get the account information + @smbentry = split (/:/, $string); + + ## check for the existence of the posixAccount first + + ## FIXME!! Should do a getownam() and let the NSS modules lookup the account + ## This way you can have a UNIX account in /etc/passwd and the smbpasswd i + ## entry in LDAP. + $result = $conn->search ("$DN", "sub", "(&(uid=$smbentry[0])(objectclass=posixAccount))"); + if ( ! $result ) { + print STDERR "uid=$smbentry[0] does not have a posixAccount entry in the directory!\n"; + next; + } + + print "Updating [" . $result->getDN() . "]\n"; + + ## Do we need to add the 'objectclass: smbPasswordEntry' attribute? + if (! $result->hasValue("objectclass", "smbPasswordEntry")) { + $result->addValue("objectclass", "smbPasswordEntry"); + } + + ## Set other attribute values + $result->setValues ("lmPassword", $smbentry[2]); + $result->setValues ("ntPassword", $smbentry[3]); + $result->setValues ("acctFlags", $smbentry[4]); + $result->setValues ("pwdLastSet", substr($smbentry[5],4)); + + if (! $conn->update($result)) { + print "Error updating!\n"; + } +} + +$conn->close(); +exit 0; diff --git a/examples/LDAP/ldapchpasswd b/examples/LDAP/ldapchpasswd new file mode 100644 index 00000000000..0776d9bed1a --- /dev/null +++ b/examples/LDAP/ldapchpasswd @@ -0,0 +1,152 @@ +#!/usr/bin/perl -w + +# LDAP to unix password sync script for samba-tng +# originally by Jody Haynes +# 2000/12/12 milos@interactivesi.com +# modified for use with MD5 passwords +# 2000/12/16 mami@arena.sci.univr.it +# modified to change lmpassword and ntpassword for samba +# 2001/01/05 mami@arena.sci.univr.it +# modified for being also a /bin/passwd replacement +# 2001/01/29 mami@arena.sci.univr.it +# now there are two small programs: ldapchpasswd to +# change password from unix and ldapsync.pl to sync +# from NT/2000. ldapchpasswd do not need clear password. +# 2001/01/31 mami@arena.sci.univr.it +# add server parameter to ldap commands +# 2001/06/20 mami@arena.sci.univr.it +# add pwdlastset and shadowlastchange update + +$basedn = "ou=Students,dc=univr, dc=it"; +$binddn = "uid=root,dc=univr,dc=it"; +$scope = "sub"; +$server = "my_server"; + +foreach $arg (@ARGV) { + if ($< != 0) { + die "Only root can specify parameters\n"; + } else { + if ( ($arg eq '-?') || ($arg eq '--help') ) { + print "Usage: $0 [-o] [username]\n"; + print " -o, --without-old-password do not ask for old password (root only)\n"; + print " -?, --help show this help message\n"; + exit (-1); + } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { + $oldpass = 1; + } elsif (substr($arg,0) ne '-') { + $user = $arg; + if (!defined(getpwnam($user))) { + die "$0: Unknown user name '$user'\n"; ; + } + } + } +} + +if (!defined($user)) { + $user=$ENV{"USER"}; +} + +# current user's dn +my $dn = ''; + +if ($< == 0) { + system "stty -echo"; + print "LDAP password for root DN: "; + chomp($passwd=); + print "\n"; + system "stty echo"; + # Find dn for user $user binding as root's dn + chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$binddn' -w '$passwd' '(uid=$user)'|head -1`); + if ( ($dn eq '') || ($passwd eq '') ) { + print "Wrong LDAP password for root DN!\n"; + exit (-1); + } +} else { + if (!defined($oldpass)) { + system "stty -echo"; + print "Old password for user $user: "; + chomp($oldpass=); + print "\n"; + system "stty echo"; + + # Find path to uid + chomp($path_to_uid=`ldapsearch -h '$server' -b '$basedn' -s '$scope' '(uid=$user)'|head -1`); + # Find old password for user $user binding as self + chomp($dn=`ldapsearch -h '$server' -b '$basedn' -s '$scope' -D '$path_to_uid' -w '$oldpass' '(uid=$user)'|head -1`); + + if ( ($dn eq '') || ($oldpass eq '') ) { + print "Wrong password for user $user!\n"; + exit (-1); + } + } +} + +system "stty -echo"; +print "New password for user $user: "; +chomp($pass=); +print "\n"; +system "stty echo"; + +system "stty -echo"; +print "Retype new password for user $user: "; +chomp($pass2=); +print "\n"; +system "stty echo"; + +if ( ($pass ne $pass2) || (length($pass)<1) ) { + die "Wrong password!\n"; +} else { +# MD5 password +$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]; +$bsalt = "\$1\$"; $esalt = "\$"; +$modsalt = $bsalt.$random.$esalt; +$password = crypt($pass, $modsalt); + +# LanManager and NT clear text passwords +$ntpwd = `/usr/local/sbin/mkntpwd '$pass'`; +chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); +chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); + +#$FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w $passwd"; +if ($< != 0) { + $FILE="|/usr/bin/ldapmodify -h '$server' -D '$dn' -w '$oldpass'"; +} else { + $FILE="|/usr/bin/ldapmodify -h '$server' -D '$binddn' -w '$passwd'"; +} + +# Chenge time +$shadowlastchange=int(time/24/3600); +$pwdlastset=sprintf('%x',time); + +open FILE or die; + +print FILE < +# 12/12/2000 milos@interactivesi.com +# modified for use with MD5 passwords +# 12/16/2000 mami@arena.sci.univr.it +# modified to change lmpassword and ntpassword for samba +# 05/01/2001 mami@arena.sci.univr.it +# modified for being also a /bin/passwd replacement + +$basedn = "ou=Students,dc=univr, dc=it"; +$binddn = "uid=root,dc=univr,dc=it"; +$scope = "sub"; +$passwd = "mysecret"; + +foreach $arg (@ARGV) { + if ($< != 0) { + die "Only root can specify parameters\n"; + } else { + if ( ($arg eq '-?') || ($arg eq '--help') ) { + print "Usage: $0 [-o] [username]\n"; + print " -o, --without-old-password do not ask for old password (root only)\n"; + print " -?, --help show this help message\n"; + exit (-1); + } elsif ( ($arg eq '-o') || ($arg eq '--without-old-password') ) { + $oldpass = 1; + } elsif (substr($arg,0) ne '-') { + $user = $arg; + if (!defined(getpwnam($user))) { + die "$0: Unknown user name '$user'\n"; ; + } + } + } +} + +if (!defined($user)) { + $user=$ENV{"USER"}; +} + +if (!defined($oldpass)) { + system "stty -echo"; + print "Old password for user $user: "; + chomp($oldpass=); + print "\n"; + system "stty echo"; + + $ntpwd = `/usr/local/sbin/smbencrypt '$oldpass'`; + $lmpassword = substr($ntpwd, 0, index($ntpwd, ':')); chomp $lmpassword; + $ntpassword = substr($ntpwd, index($ntpwd, ':')+1); chomp $ntpassword; + + # Find dn for user $user (maybe check unix password too?) + $dn=`ldapsearch -b '$basedn' -s '$scope' '(&(uid=$user)(lmpassword=$lmpassword)(ntpassword=$ntpassword))'|head -1`; + chomp $dn; + + if ($dn eq '') { + print "Wrong password for user $user!\n"; + exit (-1); + } +} else { + # Find dn for user $user + $dn=`ldapsearch -b '$basedn' -s '$scope' '(uid=$user)'|head -1`; + chomp $dn; +} + +system "stty -echo"; +print "New password for user $user: "; +chomp($pass=); +print "\n"; +system "stty echo"; + +system "stty -echo"; +print "Retype new password for user $user: "; +chomp($pass2=); +print "\n"; +system "stty echo"; + +if ($pass ne $pass2) { + die "Wrong password!\n"; +} else { +# MD5 password +$random = join '', ('.', '/', 0..9, 'A'..'Z', 'a'..'z')[rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64, rand 64]; +$bsalt = "\$1\$"; $esalt = "\$"; +$modsalt = $bsalt.$random.$esalt; +$password = crypt($pass, $modsalt); + +# LanManager and NT clear text passwords +$ntpwd = `/usr/local/sbin/smbencrypt '$pass'`; +chomp($lmpassword = substr($ntpwd, 0, index($ntpwd, ':'))); +chomp($ntpassword = substr($ntpwd, index($ntpwd, ':')+1)); + +$FILE="|/usr/bin/ldapmodify -D '$binddn' -w $passwd"; + +open FILE or die; + +print FILE < +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include + +#ifndef SYSLOG_FACILITY +#define SYSLOG_FACILITY LOG_USER +#endif + +#ifndef SYSLOG_PRIORITY +#define SYSLOG_PRIORITY LOG_NOTICE +#endif + +/* Function prototypes */ + +int audit_connect(struct connection_struct *conn, const char *svc, const char *user); +void audit_disconnect(struct connection_struct *conn); +DIR *audit_opendir(struct connection_struct *conn, const char *fname); +int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode); +int audit_rmdir(struct connection_struct *conn, const char *path); +int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode); +int audit_close(struct files_struct *fsp, int fd); +int audit_rename(struct connection_struct *conn, const char *old, const char *new); +int audit_unlink(struct connection_struct *conn, const char *path); +int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode); +int audit_chmod_acl(struct connection_struct *conn, const char *name, mode_t mode); +int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode); +int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode); + +/* VFS operations */ + +extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ + +struct vfs_ops audit_ops = { + + /* Disk operations */ + + audit_connect, + audit_disconnect, + NULL, /* disk free */ + + /* Directory operations */ + + audit_opendir, + NULL, /* readdir */ + audit_mkdir, + audit_rmdir, + NULL, /* closedir */ + + /* File operations */ + + audit_open, + audit_close, + NULL, /* read */ + NULL, /* write */ + NULL, /* lseek */ + audit_rename, + NULL, /* fsync */ + NULL, /* stat */ + NULL, /* fstat */ + NULL, /* lstat */ + audit_unlink, + audit_chmod, + audit_fchmod, + NULL, /* chown */ + NULL, /* fchown */ + NULL, /* chdir */ + NULL, /* getwd */ + NULL, /* utime */ + NULL, /* ftruncate */ + NULL, /* lock */ + NULL, /* symlink */ + NULL, /* readlink */ + NULL, /* link */ + NULL, /* mknod */ + NULL, /* realpath */ + NULL, /* fget_nt_acl */ + NULL, /* get_nt_acl */ + NULL, /* fset_nt_acl */ + NULL, /* set_nt_acl */ + + audit_chmod_acl, /* chmod_acl */ + audit_fchmod_acl, /* fchmod_acl */ + + NULL, /* sys_acl_get_entry */ + NULL, /* sys_acl_get_tag_type */ + NULL, /* sys_acl_get_permset */ + NULL, /*sys_acl_get_qualifier */ + NULL, /* sys_acl_get_file */ + NULL, /* sys_acl_get_fd */ + NULL, /* sys_acl_clear_perms */ + NULL, /* sys_acl_add_perm */ + NULL, /* sys_acl_to_text */ + NULL, /* sys_acl_init */ + NULL, /* sys_acl_create_entry */ + NULL, /* sys_acl_set_tag_type */ + NULL, /* sys_acl_set_qualifier */ + NULL, /* sys_acl_set_permset */ + NULL, /* sys_acl_valid */ + NULL, /* sys_acl_set_file */ + NULL, /* sys_acl_set_fd */ + NULL, /* sys_acl_delete_def_file */ + NULL, /* sys_acl_get_perm */ + NULL, /* sys_acl_free_text */ + NULL, /* sys_acl_free_acl */ + NULL /* sys_acl_free_qualifier */ +}; + +/* VFS initialisation function. Return initialised vfs_ops structure + back to SAMBA. */ + +struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) +{ + struct vfs_ops tmp_ops; + + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + tmp_ops.connect = audit_connect; + tmp_ops.disconnect = audit_disconnect; + tmp_ops.opendir = audit_opendir; + tmp_ops.mkdir = audit_mkdir; + tmp_ops.rmdir = audit_rmdir; + tmp_ops.open = audit_open; + tmp_ops.close = audit_close; + tmp_ops.rename = audit_rename; + tmp_ops.unlink = audit_unlink; + tmp_ops.chmod = audit_chmod; + tmp_ops.chmod_acl = audit_chmod_acl; + tmp_ops.fchmod = audit_fchmod; + tmp_ops.fchmod_acl = audit_fchmod_acl; + + memcpy(&audit_ops, &tmp_ops, sizeof(struct vfs_ops)); + + openlog("smbd_audit", LOG_PID, SYSLOG_FACILITY); + syslog(SYSLOG_PRIORITY, "VFS_INIT: vfs_ops loaded\n"); + return &audit_ops; +} + +/* Implementation of vfs_ops. Pass everything on to the default + operation but log event first. */ + +int audit_connect(struct connection_struct *conn, const char *svc, const char *user) +{ + syslog(SYSLOG_PRIORITY, "connect to service %s by user %s\n", + svc, user); + + return default_vfs_ops.connect(conn, svc, user); +} + +void audit_disconnect(struct connection_struct *conn) +{ + syslog(SYSLOG_PRIORITY, "disconnected\n"); + default_vfs_ops.disconnect(conn); +} + +DIR *audit_opendir(struct connection_struct *conn, const char *fname) +{ + DIR *result = default_vfs_ops.opendir(conn, fname); + + syslog(SYSLOG_PRIORITY, "opendir %s %s%s\n", + fname, + (result == NULL) ? "failed: " : "", + (result == NULL) ? strerror(errno) : ""); + + return result; +} + +int audit_mkdir(struct connection_struct *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.mkdir(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "mkdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_rmdir(struct connection_struct *conn, const char *path) +{ + int result = default_vfs_ops.rmdir(conn, path); + + syslog(SYSLOG_PRIORITY, "rmdir %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode) +{ + int result = default_vfs_ops.open(conn, fname, flags, mode); + + syslog(SYSLOG_PRIORITY, "open %s (fd %d) %s%s%s\n", + fname, result, + ((flags & O_WRONLY) || (flags & O_RDWR)) ? "for writing " : "", + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_close(struct files_struct *fsp, int fd) +{ + int result = default_vfs_ops.close(fsp, fd); + + syslog(SYSLOG_PRIORITY, "close fd %d %s%s\n", + fd, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_rename(struct connection_struct *conn, const char *old, const char *new) +{ + int result = default_vfs_ops.rename(conn, old, new); + + syslog(SYSLOG_PRIORITY, "rename %s -> %s %s%s\n", + old, new, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_unlink(struct connection_struct *conn, const char *path) +{ + int result = default_vfs_ops.unlink(conn, path); + + syslog(SYSLOG_PRIORITY, "unlink %s %s%s\n", + path, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_chmod(struct connection_struct *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.chmod(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_chmod_acl(struct connection_struct *conn, const char *path, mode_t mode) +{ + int result = default_vfs_ops.chmod_acl(conn, path, mode); + + syslog(SYSLOG_PRIORITY, "chmod_acl %s mode 0x%x %s%s\n", + path, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_fchmod(struct files_struct *fsp, int fd, mode_t mode) +{ + int result = default_vfs_ops.fchmod(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} + +int audit_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) +{ + int result = default_vfs_ops.fchmod_acl(fsp, fd, mode); + + syslog(SYSLOG_PRIORITY, "fchmod_acl %s mode 0x%x %s%s\n", + fsp->fsp_name, mode, + (result < 0) ? "failed: " : "", + (result < 0) ? strerror(errno) : ""); + + return result; +} diff --git a/examples/VFS/block/Makefile b/examples/VFS/block/Makefile new file mode 100644 index 00000000000..dcc7c077936 --- /dev/null +++ b/examples/VFS/block/Makefile @@ -0,0 +1,37 @@ +# +# Makefile for samba-vfs examples +# +# + +# Variables + +CC = gcc +LIBTOOL = libtool + +SAMBA_SRC = /usr/local/src/samba/samba-2.2.0-ron/source +SAMBA_INCL = ${SAMBA_SRC}/include +UBIQX_SRC = ${SAMBA_SRC}/ubiqx +SMBWR_SRC = ${SAMBA_SRC}/smbwrapper +CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g -D_LARGEFILE63_SOURCE -D_GNU_SOURCE -fno-builtin + + +VFS_OBJS = block.so + +# Default target + +default: $(VFS_OBJS) + +# Pattern rules + +%.so: %.lo + $(LIBTOOL) $(CC) -shared -o $@ $< $(LDFLAGS) + +%.lo: %.c + $(LIBTOOL) $(CC) $(CPPFLAGS) $(CFLAGS) -c $< + +# Misc targets + +clean: + rm -rf .libs + rm -f core *~ *% *.bak \ + $(VFS_OBJS) $(VFS_OBJS:.so=.o) $(VFS_OBJS:.so=.lo) diff --git a/examples/VFS/block/block.c b/examples/VFS/block/block.c new file mode 100644 index 00000000000..f83ab6e07e0 --- /dev/null +++ b/examples/VFS/block/block.c @@ -0,0 +1,502 @@ +/* + * + * Block access from links to dev mount points specified in PARAMCONF file + * + * Copyright (C) Ronald Kuetemeier, 2001 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include +#include +#include +#include +#include +#include +#include +#include + + +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif + + +#include +#include + + + +DIR *block_opendir(struct connection_struct *conn, char *fname); +int block_connect(struct connection_struct *conn, const char *service, const char *user); +void block_disconnect(struct connection_struct *conn); + + +/* VFS operations */ + + +extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ + +struct vfs_ops execute_vfs_ops = { + + /* Disk operations */ + + block_connect, + block_disconnect, + NULL, /* disk free */ + + /* Directory operations */ + + block_opendir, + NULL, /* readdir */ + NULL, /* mkdir */ + NULL, /* rmdir */ + NULL, /* closedir */ + + /* File operations */ + + NULL, /* open */ + NULL, /* close */ + NULL, /* read */ + NULL, /* write */ + NULL, /* lseek */ + NULL, /* rename */ + NULL, /* fsync */ + NULL, /* stat */ + NULL, /* fstat */ + NULL, /* lstat */ + NULL, /* unlink */ + NULL, /* chmod */ + NULL, /* fchmod */ + NULL, /* chown */ + NULL, /* fchown */ + NULL, /* chdir */ + NULL, /* getwd */ + NULL, /* utime */ + NULL, /* ftruncate */ + NULL, /* lock */ + NULL, /* symlink */ + NULL, /* readlink */ + NULL, /* link */ + NULL, /* mknod */ + NULL, /* realpath */ + + /* NT ACL operations */ + + NULL, /* fget_nt_acl */ + NULL, /* get_nt_acl */ + NULL, /* fset_nt_acl */ + NULL, /* set_nt_acl */ + + /* POSIX ACL operations. */ + + NULL, /* chmod_acl */ + NULL, /* fchmod_acl */ + NULL, /* sys_acl_get_entry */ + NULL, /* sys_acl_get_tag_type */ + NULL, /* sys_acl_get_permset */ + NULL, /* sys_acl_get_qualifier */ + NULL, /* sys_acl_get_file */ + NULL, /* sys_acl_get_fd */ + NULL, /* sys_acl_clear_perms */ + NULL, /* sys_acl_add_perm */ + NULL, /* sys_acl_to_text */ + NULL, /* sys_acl_init */ + NULL, /* sys_acl_create_entry */ + NULL, /* sys_acl_set_tag_type */ + NULL, /* sys_acl_set_qualifier */ + NULL, /* sys_acl_set_permset */ + NULL, /* sys_acl_valid */ + NULL, /* sys_acl_set_file */ + NULL, /* sys_acl_set_fd */ + NULL, /* sys_acl_delete_def_file */ + NULL, /* sys_acl_get_perm */ + NULL, /* sys_acl_free_text */ + NULL, /* sys_acl_free_acl */ + NULL /* sys_acl_free_qualifier */ +}; + + +#ifndef PARAMCONF +#define PARAMCONF "/etc/samba-block.conf" +#endif + +extern BOOL pm_process(char *FileName, BOOL (*sfunc)(char *), BOOL(*pfunc)(char * , char *)); + +//functions + +BOOL enter_pblock_mount(char *dir); +BOOL get_section(char *sect); +BOOL get_parameter_value(char *param, char *value); +BOOL load_param(void); +BOOL search(struct stat *stat_buf); +BOOL dir_search(char *link, char *dir); +BOOL enter_pblock_dir(char *dir); + + + +typedef struct block_dir +{ + dev_t st_dev; + int str_len; + char *dir_name; + struct block_dir *next; +} block_dir; + + +static char *params[] = {"mount_point","dir_name"}; +enum { MOUNT_POINT , DIR_NAME }; + +static struct block_dir *pblock_mountp = NULL; +static struct block_dir *pblock_dir = NULL; + + + +/* + * Load the conf file into a table + */ + +BOOL load_param(void) +{ + + if ((pm_process(PARAMCONF,&get_section,&get_parameter_value)) == TRUE) + { + return TRUE; + + } + return FALSE; +} + + + +/* + * Enter the key and data into the list + * + */ + +BOOL enter_pblock_mount(char *dir) +{ + struct stat stat_buf; + static struct block_dir *tmp_pblock; + + + if((stat(dir,&stat_buf)) != 0) + { + return FALSE; + } + + if(pblock_mountp == NULL) + { + pblock_mountp = calloc(1, sizeof(block_dir)); + if( pblock_mountp == NULL) + { + return FALSE; + } + tmp_pblock = pblock_mountp; + tmp_pblock->next = NULL; + + }else + { + tmp_pblock->next = calloc(1, sizeof(block_dir)); + if(tmp_pblock->next == NULL) + { + return FALSE; + } + tmp_pblock = tmp_pblock->next; + tmp_pblock->next = NULL; + + } + + + tmp_pblock->st_dev = stat_buf.st_dev; + tmp_pblock->dir_name = strdup(dir); + + + return TRUE; + +} + + +/* + * Enter the key and data into the list + * + */ + +BOOL enter_pblock_dir(char *dir) +{ + static struct block_dir *tmp_pblock; + + + if(pblock_dir == NULL) + { + pblock_dir = calloc(1, sizeof(block_dir)); + if( pblock_dir == NULL) + { + return FALSE; + } + tmp_pblock = pblock_dir; + tmp_pblock->next = NULL; + + }else + { + tmp_pblock->next = calloc(1, sizeof(block_dir)); + if(tmp_pblock->next == NULL) + { + return FALSE; + } + tmp_pblock = tmp_pblock->next; + tmp_pblock->next = NULL; + + } + + + tmp_pblock->dir_name = strdup(dir); + tmp_pblock->str_len = strlen(dir); + + + return TRUE; + +} + + + + +/* + * Function callback for config section names + */ + +BOOL get_section(char *sect) +{ + return TRUE; +} + + + +/* + * Function callback for config parameter value pairs + * + */ + +BOOL get_parameter_value(char *param, char *value) +{ + int i = 0, maxargs = sizeof(params) / sizeof(char *); + + + for( i= 0; i < maxargs; i++) + { + if (strcmp(param,params[i]) == 0) + { + switch(i) + { + case MOUNT_POINT : + enter_pblock_mount(value); + break; + case DIR_NAME : + enter_pblock_dir(value); + break; + default : + break; + } + } + } + + return TRUE; + +} + + + + +/* VFS initialisation function. Return initialised vfs_ops structure + back to SAMBA. */ + +struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) +{ + struct vfs_ops tmp_ops; + + *vfs_version = SMB_VFS_INTERFACE_VERSION; + + memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + /* Override the ones we want. */ + tmp_ops.connect = block_connect; + tmp_ops.disconnect = block_disconnect; + tmp_ops.opendir = block_opendir; + + memcpy(&execute_vfs_ops, &tmp_ops, sizeof(struct vfs_ops)); + return(&execute_vfs_ops); +} + + +/* + * VFS connect and param file loading + */ + +int block_connect(struct connection_struct *conn, char *service, char *user) +{ + if((load_param()) == FALSE) + { + + return -1; + + } + + DEBUG(0,("%s connecting \n",conn->user)); + + return (default_vfs_ops.connect(conn, service,user)); +} + +/* + * Free allocated structures and disconnect + * + */ + + +void block_disconnect(struct connection_struct *conn) +{ + + struct block_dir *tmp_pblock = (pblock_mountp == NULL ? pblock_dir : pblock_mountp); + struct block_dir *free_pblock = NULL; + + while(tmp_pblock != NULL) + { + free(tmp_pblock->dir_name); + free_pblock = tmp_pblock; + tmp_pblock = tmp_pblock->next; + free(free_pblock); + + if(tmp_pblock == NULL && pblock_dir != NULL) + { + tmp_pblock = (pblock_mountp == NULL ? pblock_dir : NULL); + pblock_dir = NULL; + + } + + } + + + + default_vfs_ops.disconnect(conn); +} + +/* + * VFS opendir + */ + +DIR *block_opendir(struct connection_struct *conn, char *fname) +{ + + char *dir_name = NULL; + struct stat stat_buf; + + dir_name = alloca((strlen(conn->origpath) + strlen(fname) + 2) * sizeof(char)); + + pstrcpy(dir_name,conn->origpath); + pstrcat(dir_name, "/"); + strncat(dir_name, fname, strcspn(fname,"/")); + + if((lstat(dir_name,&stat_buf)) == 0) + { + if((S_ISLNK(stat_buf.st_mode)) == 1) + { + stat(dir_name,&stat_buf); + if((search(&stat_buf) || dir_search(dir_name, fname) ) == TRUE) + { + DEBUG(0,("%s used link to blocked dir: %s \n", conn->user, dir_name)); + errno = EACCES; + return NULL; + } + } + } + + return (default_vfs_ops.opendir(conn, fname)); +} + + +/* + * Find mount point to block in list + */ + +BOOL search(struct stat *stat_buf) +{ + struct block_dir *tmp_pblock = pblock_mountp; + + while(tmp_pblock != NULL) + { + + if(tmp_pblock->st_dev == stat_buf->st_dev) + { + return TRUE; + } + tmp_pblock = tmp_pblock->next; + } + + return FALSE; + +} + +/* + * Find dir in list to block id the starting point is link from a share + */ + +BOOL dir_search(char *link, char *dir) +{ + char buf[PATH_MAX +1], *ext_path; + int len = 0; + struct block_dir *tmp_pblock = pblock_dir; + + if((len = readlink(link,buf,sizeof(buf))) == -1) + { + return TRUE; + + }else + { + buf[len] = '\0'; + } + + + if((ext_path = strchr(dir,'/')) != NULL) + { + pstrcat(buf,&ext_path[1]); + len = strlen(buf); + } + + while(tmp_pblock != NULL) + { + if(len < tmp_pblock->str_len) + { + tmp_pblock = tmp_pblock->next; + continue; + } + + if((strstr(buf,tmp_pblock->dir_name)) != NULL) + { + return TRUE; + } + tmp_pblock = tmp_pblock->next; + } + + + return FALSE; + +} diff --git a/examples/VFS/block/samba-block.conf b/examples/VFS/block/samba-block.conf new file mode 100644 index 00000000000..7a137980b73 --- /dev/null +++ b/examples/VFS/block/samba-block.conf @@ -0,0 +1,6 @@ +[ blocked ] +mount_point = / +mount_point = /boot +mount_point = /proc +dir_name = /usr/local/src/samba +dir_name = /usr/bin diff --git a/examples/VFS/block/smb.conf b/examples/VFS/block/smb.conf new file mode 100644 index 00000000000..368155f1f83 --- /dev/null +++ b/examples/VFS/block/smb.conf @@ -0,0 +1,13 @@ +[homes] + comment = Home Directories + vfs object = /usr/local/samba/lib/block.so + browseable = yes + writable = yes + + + + + + + + diff --git a/examples/VFS/recycle.c b/examples/VFS/recycle.c new file mode 100644 index 00000000000..74d3657895a --- /dev/null +++ b/examples/VFS/recycle.c @@ -0,0 +1,287 @@ +/* + * Auditing VFS module for samba. Log selected file operations to syslog + * facility. + * + * Copyright (C) 2001, Brandon Stone, Amherst College, . + * Copyright (C) 2002, Jeremy Allison - modified to make a VFS module. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" +#include +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#include +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include +#include +#include + +/* VFS operations */ + +extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ + +static int recycle_unlink(connection_struct *, const char *); +static int recycle_connect(struct connection_struct *conn, const char *service, const char *user); +static void recycle_disconnect(struct connection_struct *conn); + +struct vfs_ops recycle_ops = { + + /* Disk operations */ + + recycle_connect, /* connect */ + recycle_disconnect, /* disconnect */ + NULL, /* disk free */ + + /* Directory operations */ + + NULL, /* opendir */ + NULL, /* readdir */ + NULL, /* mkdir */ + NULL, /* rmdir */ + NULL, /* closedir */ + + /* File operations */ + + NULL, /* open */ + NULL, /* close */ + NULL, /* read */ + NULL, /* write */ + NULL, /* lseek */ + NULL, /* rename */ + NULL, /* fsync */ + NULL, /* stat */ + NULL, /* fstat */ + NULL, /* lstat */ + recycle_unlink, + NULL, /* chmod */ + NULL, /* fchmod */ + NULL, /* chown */ + NULL, /* fchown */ + NULL, /* chdir */ + NULL, /* getwd */ + NULL, /* utime */ + NULL, /* ftruncate */ + NULL, /* lock */ + NULL, /* symlink */ + NULL, /* readlink */ + NULL, /* link */ + NULL, /* mknod */ + NULL, /* realpath */ + NULL, /* fget_nt_acl */ + NULL, /* get_nt_acl */ + NULL, /* fset_nt_acl */ + NULL, /* set_nt_acl */ + + NULL, /* chmod_acl */ + NULL, /* fchmod_acl */ + + NULL, /* sys_acl_get_entry */ + NULL, /* sys_acl_get_tag_type */ + NULL, /* sys_acl_get_permset */ + NULL, /* sys_acl_get_qualifier */ + NULL, /* sys_acl_get_file */ + NULL, /* sys_acl_get_fd */ + NULL, /* sys_acl_clear_perms */ + NULL, /* sys_acl_add_perm */ + NULL, /* sys_acl_to_text */ + NULL, /* sys_acl_init */ + NULL, /* sys_acl_create_entry */ + NULL, /* sys_acl_set_tag_type */ + NULL, /* sys_acl_set_qualifier */ + NULL, /* sys_acl_set_permset */ + NULL, /* sys_acl_valid */ + NULL, /* sys_acl_set_file */ + NULL, /* sys_acl_set_fd */ + NULL, /* sys_acl_delete_def_file */ + NULL, /* sys_acl_get_perm */ + NULL, /* sys_acl_free_text */ + NULL, /* sys_acl_free_acl */ + NULL /* sys_acl_free_qualifier */ +}; + +/* VFS initialisation function. Return initialised vfs_ops structure + back to SAMBA. */ + +struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) +{ + struct vfs_ops tmp_ops; + + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); + tmp_ops.unlink = recycle_unlink; + tmp_ops.connect = recycle_connect; + tmp_ops.disconnect = recycle_disconnect; + memcpy(&recycle_ops, &tmp_ops, sizeof(struct vfs_ops)); + return &recycle_ops; +} + +static int recycle_connect(struct connection_struct *conn, const char *service, const char *user) +{ + pstring opts_str; + fstring recycle_bin; + char *p; + + DEBUG(3,("recycle_connect: called for service %s as user %s\n", service, user)); + + pstrcpy(opts_str, (const char *)lp_vfs_options(SNUM(conn))); + if (!*opts_str) { + DEBUG(3,("recycle_connect: No options listed (%s).\n", lp_vfs_options(SNUM(conn)) )); + return 0; /* No options. */ + } + + p = opts_str; + if (next_token(&p,recycle_bin,"=",sizeof(recycle_bin))) { + if (!strequal("recycle", recycle_bin)) { + DEBUG(3,("recycle_connect: option %s is not recycle\n", recycle_bin )); + return -1; + } + } + + if (!next_token(&p,recycle_bin," \n",sizeof(recycle_bin))) { + DEBUG(3,("recycle_connect: no option after recycle=\n")); + return -1; + } + + DEBUG(10,("recycle_connect: recycle name is %s\n", recycle_bin )); + + conn->vfs_private = (void *)strdup(recycle_bin); + return 0; +} + +static void recycle_disconnect(struct connection_struct *conn) +{ + SAFE_FREE(conn->vfs_private); +} + +static BOOL recycle_XXX_exist(connection_struct *conn, const char *dname, BOOL isdir) +{ + SMB_STRUCT_STAT st; + + if (default_vfs_ops.stat(conn,dname,&st) != 0) + return(False); + + if (isdir) + return S_ISDIR(st.st_mode) ? True : False; + else + return S_ISREG(st.st_mode) ? True : False; +} + +static BOOL recycle_directory_exist(connection_struct *conn, const char *dname) +{ + return recycle_XXX_exist(conn, dname, True); +} + +static BOOL recycle_file_exist(connection_struct *conn, const char *fname) +{ + return recycle_XXX_exist(conn, fname, False); +} + +static SMB_OFF_T recycle_get_file_size(connection_struct *conn, const char *fname) +{ + SMB_STRUCT_STAT st; + + if (default_vfs_ops.stat(conn,fname,&st) != 0) + return (SMB_OFF_T)-1; + + return(st.st_size); +} + +/******************************************************************** + Check if file should be recycled +*********************************************************************/ + +static int recycle_unlink(connection_struct *conn, const char *inname) +{ + fstring recycle_bin; + pstring fname; + char *base, *ext; + pstring bin; + int i=1, len, addlen; + int dir_mask=0770; + SMB_BIG_UINT dfree,dsize,bsize; + + *recycle_bin = '\0'; + pstrcpy(fname, inname); + + if (conn->vfs_private) + fstrcpy(recycle_bin, (const char *)conn->vfs_private); + + if(!*recycle_bin) { + DEBUG(3, ("recycle bin: share parameter not set, purging %s...\n", fname)); + return default_vfs_ops.unlink(conn,fname); + } + + if(recycle_get_file_size(conn, fname) == 0) { + DEBUG(3, ("recycle bin: file %s is empty, purging...\n", fname)); + return default_vfs_ops.unlink(conn,fname); + } + + base = strrchr(fname, '/') + 1; + if(base == (char*)1) + ext = strrchr(fname, '.'); + else + ext = strrchr(base, '.'); + + pstrcpy(bin, recycle_bin); + pstrcat(bin, "/"); + pstrcat(bin, base); + + if(strcmp(fname,bin) == 0) { + DEBUG(3, ("recycle bin: file %s exists, purging...\n", fname)); + return default_vfs_ops.unlink(conn,fname); + } + + len = strlen(bin); + addlen = sizeof(pstring)-len-1; + while(recycle_file_exist(conn,bin)) { + slprintf(bin+len, addlen, " (Copy #%d)", i++); + pstrcat(bin, ext); + } + + DEBUG(3, ("recycle bin: moving source=%s to dest=%s\n", fname, bin)); + default_vfs_ops.disk_free(conn,".",True,&bsize,&dfree,&dsize); + if((unsigned int)dfree > 0) { + int ret; + if(!recycle_directory_exist(conn,recycle_bin)) { + DEBUG(3, ("recycle bin: directory %s nonexistant, creating...\n", recycle_bin)); + if (default_vfs_ops.mkdir(conn,recycle_bin,dir_mask) == -1) { + DEBUG(3, ("recycle bin: unable to create directory %s. Error was %s\n", + recycle_bin, strerror(errno) )); + } + } + DEBUG(3, ("recycle bin: move %s -> %s\n", fname, bin)); + + ret = default_vfs_ops.rename(conn, fname, bin); + if (ret == -1) { + DEBUG(3, ("recycle bin: move error %d (%s)\n", errno, strerror(errno) )); + DEBUG(3, ("recycle bin: move failed, purging...\n")); + return default_vfs_ops.unlink(conn,fname); + } + return ret; + } else { + DEBUG(3, ("recycle bin: move failed, purging...\n")); + return default_vfs_ops.unlink(conn,fname); + } +} diff --git a/examples/VFS/skel.c b/examples/VFS/skel.c new file mode 100644 index 00000000000..bb5486e690b --- /dev/null +++ b/examples/VFS/skel.c @@ -0,0 +1,520 @@ +/* + * Skeleton VFS module. Implements passthrough operation of all VFS + * calls to disk functions. + * + * Copyright (C) Tim Potter, 1999-2000 + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "config.h" + +#include +#include +#ifdef HAVE_UTIME_H +#include +#endif +#ifdef HAVE_DIRENT_H +#include +#endif +#ifdef HAVE_FCNTL_H +#include +#endif +#include +#include + +#include +#include + +extern struct vfs_ops default_vfs_ops; /* For passthrough operation */ +extern struct vfs_ops skel_ops; + +static int skel_connect(struct connection_struct *conn, const char *service, const char *user) +{ + return default_vfs_ops.connect(conn, service, user); +} + +static void skel_disconnect(struct connection_struct *conn) +{ + default_vfs_ops.disconnect(conn); +} + +static SMB_BIG_UINT skel_disk_free(struct connection_struct *conn, const char *path, + BOOL small_query, SMB_BIG_UINT *bsize, + SMB_BIG_UINT *dfree, SMB_BIG_UINT *dsize) +{ + return default_vfs_ops.disk_free(conn, path, small_query, bsize, + dfree, dsize); +} + +static DIR *skel_opendir(struct connection_struct *conn, const char *fname) +{ + return default_vfs_ops.opendir(conn, fname); +} + +static struct dirent *skel_readdir(struct connection_struct *conn, DIR *dirp) +{ + return default_vfs_ops.readdir(conn, dirp); +} + +static int skel_mkdir(struct connection_struct *conn, const char *path, mode_t mode) +{ + return default_vfs_ops.mkdir(conn, path, mode); +} + +static int skel_rmdir(struct connection_struct *conn, const char *path) +{ + return default_vfs_ops.rmdir(conn, path); +} + +static int skel_closedir(struct connection_struct *conn, DIR *dir) +{ + return default_vfs_ops.closedir(conn, dir); +} + +static int skel_open(struct connection_struct *conn, const char *fname, int flags, mode_t mode) +{ + return default_vfs_ops.open(conn, fname, flags, mode); +} + +static int skel_close(struct files_struct *fsp, int fd) +{ + return default_vfs_ops.close(fsp, fd); +} + +static ssize_t skel_read(struct files_struct *fsp, int fd, void *data, size_t n) +{ + return default_vfs_ops.read(fsp, fd, data, n); +} + +static ssize_t skel_write(struct files_struct *fsp, int fd, const void *data, size_t n) +{ + return default_vfs_ops.write(fsp, fd, data, n); +} + +static SMB_OFF_T skel_lseek(struct files_struct *fsp, int filedes, SMB_OFF_T offset, int whence) +{ + return default_vfs_ops.lseek(fsp, filedes, offset, whence); +} + +static int skel_rename(struct connection_struct *conn, const char *old, const char *new) +{ + return default_vfs_ops.rename(conn, old, new); +} + +static int skel_fsync(struct files_struct *fsp, int fd) +{ + return default_vfs_ops.fsync(fsp, fd); +} + +static int skel_stat(struct connection_struct *conn, const char *fname, SMB_STRUCT_STAT *sbuf) +{ + return default_vfs_ops.stat(conn, fname, sbuf); +} + +static int skel_fstat(struct files_struct *fsp, int fd, SMB_STRUCT_STAT *sbuf) +{ + return default_vfs_ops.fstat(fsp, fd, sbuf); +} + +static int skel_lstat(struct connection_struct *conn, const char *path, SMB_STRUCT_STAT *sbuf) +{ + return default_vfs_ops.lstat(conn, path, sbuf); +} + +static int skel_unlink(struct connection_struct *conn, const char *path) +{ + return default_vfs_ops.unlink(conn, path); +} + +static int skel_chmod(struct connection_struct *conn, const char *path, mode_t mode) +{ + return default_vfs_ops.chmod(conn, path, mode); +} + +static int skel_fchmod(struct files_struct *fsp, int fd, mode_t mode) +{ + return default_vfs_ops.fchmod(fsp, fd, mode); +} + +static int skel_chown(struct connection_struct *conn, const char *path, uid_t uid, gid_t gid) +{ + return default_vfs_ops.chown(conn, path, uid, gid); +} + +static int skel_fchown(struct files_struct *fsp, int fd, uid_t uid, gid_t gid) +{ + return default_vfs_ops.fchown(fsp, fd, uid, gid); +} + +static int skel_chdir(struct connection_struct *conn, const char *path) +{ + return default_vfs_ops.chdir(conn, path); +} + +static char *skel_getwd(struct connection_struct *conn, char *buf) +{ + return default_vfs_ops.getwd(conn, buf); +} + +static int skel_utime(struct connection_struct *conn, const char *path, struct utimbuf *times) +{ + return default_vfs_ops.utime(conn, path, times); +} + +static int skel_ftruncate(struct files_struct *fsp, int fd, SMB_OFF_T offset) +{ + return default_vfs_ops.ftruncate(fsp, fd, offset); +} + +static BOOL skel_lock(struct files_struct *fsp, int fd, int op, SMB_OFF_T offset, SMB_OFF_T count, int type) +{ + return default_vfs_ops.lock(fsp, fd, op, offset, count, type); +} + +static BOOL skel_symlink(struct connection_struct *conn, const char *oldpath, const char *newpath) +{ + return default_vfs_ops.symlink(conn, oldpath, newpath); +} + +static BOOL skel_readlink(struct connection_struct *conn, const char *path, char *buf, size_t bufsiz) +{ + return default_vfs_ops.readlink(conn, path, buf, bufsiz); +} + +static int skel_link(struct connection_struct *conn, const char *oldpath, const char *newpath) +{ + return default_vfs_ops.link(conn, oldpath, newpath); +} + +static int skel_mknod(struct connection_struct *conn, const char *path, mode_t mode, SMB_DEV_T dev) +{ + return default_vfs_ops.mknod(conn, path, mode, dev); +} + +static char *skel_realpath(struct connection_struct *conn, const char *path, char *resolved_path) +{ + return default_vfs_ops.realpath(conn, path, resolved_path); +} + +static size_t skel_fget_nt_acl(struct files_struct *fsp, int fd, struct security_descriptor_info **ppdesc) +{ + return default_vfs_ops.fget_nt_acl(fsp, fd, ppdesc); +} + +static size_t skel_get_nt_acl(struct files_struct *fsp, const char *name, struct security_descriptor_info **ppdesc) +{ + return default_vfs_ops.get_nt_acl(fsp, name, ppdesc); +} + +static BOOL skel_fset_nt_acl(struct files_struct *fsp, int fd, uint32 security_info_sent, struct security_descriptor_info *psd) +{ + return default_vfs_ops.fset_nt_acl(fsp, fd, security_info_sent, psd); +} + +static BOOL skel_set_nt_acl(struct files_struct *fsp, const char *name, uint32 security_info_sent, struct security_descriptor_info *psd) +{ + return default_vfs_ops.set_nt_acl(fsp, name, security_info_sent, psd); +} + +static BOOL skel_chmod_acl(struct connection_struct *conn, const char *name, mode_t mode) +{ + return default_vfs_ops.chmod_acl(conn, name, mode); +} + +static BOOL skel_fchmod_acl(struct files_struct *fsp, int fd, mode_t mode) +{ + return default_vfs_ops.fchmod_acl(fsp, fd, mode); +} + +static int skel_sys_acl_get_entry(struct connection_struct *conn, SMB_ACL_T theacl, int entry_id, SMB_ACL_ENTRY_T *entry_p) +{ + return default_vfs_ops.sys_acl_get_entry(conn, theacl, entry_id, entry_p); +} + +static int skel_sys_acl_get_tag_type(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_TAG_T *tag_type_p) +{ + return default_vfs_ops.sys_acl_get_tag_type(conn, entry_d, tag_type_p); +} + +static int skel_sys_acl_get_permset(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d, SMB_ACL_PERMSET_T *permset_p) +{ + return default_vfs_ops.sys_acl_get_permset(conn, entry_d, permset_p); +} + +static void *skel_sys_acl_get_qualifier(struct connection_struct *conn, SMB_ACL_ENTRY_T entry_d) +{ + return default_vfs_ops.sys_acl_get_qualifier(conn, entry_d); +} + +static SMB_ACL_T skel_sys_acl_get_file(struct connection_struct *conn, const char *path_p, SMB_ACL_TYPE_T type) +{ + return default_vfs_ops.sys_acl_get_file(conn, path_p, type); +} + +static SMB_ACL_T skel_sys_acl_get_fd(struct files_struct *fsp, int fd) +{ + return default_vfs_ops.sys_acl_get_fd(fsp, fd); +} + +static int skel_sys_acl_clear_perms(struct connection_struct *conn, SMB_ACL_PERMSET_T permset) +{ + return default_vfs_ops.sys_acl_clear_perms(conn, permset); +} + +static int skel_sys_acl_add_perm(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return default_vfs_ops.sys_acl_add_perm(conn, permset, perm); +} + +static char *skel_sys_acl_to_text(struct connection_struct *conn, SMB_ACL_T theacl, ssize_t *plen) +{ + return default_vfs_ops.sys_acl_to_text(conn, theacl, plen); +} + +static SMB_ACL_T skel_sys_acl_init(struct connection_struct *conn, int count) +{ + return default_vfs_ops.sys_acl_init(conn, count); +} + +static int skel_sys_acl_create_entry(struct connection_struct *conn, SMB_ACL_T *pacl, SMB_ACL_ENTRY_T *pentry) +{ + return default_vfs_ops.sys_acl_create_entry(conn, pacl, pentry); +} + +static int skel_sys_acl_set_tag_type(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_TAG_T tagtype) +{ + return default_vfs_ops.sys_acl_set_tag_type(conn, entry, tagtype); +} + +static int skel_sys_acl_set_qualifier(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, void *qual) +{ + return default_vfs_ops.sys_acl_set_qualifier(conn, entry, qual); +} + +static int skel_sys_acl_set_permset(struct connection_struct *conn, SMB_ACL_ENTRY_T entry, SMB_ACL_PERMSET_T permset) +{ + return default_vfs_ops.sys_acl_set_permset(conn, entry, permset); +} + +static int skel_sys_acl_valid(struct connection_struct *conn, SMB_ACL_T theacl ) +{ + return default_vfs_ops.sys_acl_valid(conn, theacl ); +} + +static int skel_sys_acl_set_file(struct connection_struct *conn, const char *name, SMB_ACL_TYPE_T acltype, SMB_ACL_T theacl) +{ + return default_vfs_ops.sys_acl_set_file(conn, name, acltype, theacl); +} + +static int skel_sys_acl_set_fd(struct files_struct *fsp, int fd, SMB_ACL_T theacl) +{ + return default_vfs_ops.sys_acl_set_fd(fsp, fd, theacl); +} + +static int skel_sys_acl_delete_def_file(struct connection_struct *conn, const char *path) +{ + return default_vfs_ops.sys_acl_delete_def_file(conn, path); +} + +static int skel_sys_acl_get_perm(struct connection_struct *conn, SMB_ACL_PERMSET_T permset, SMB_ACL_PERM_T perm) +{ + return default_vfs_ops.sys_acl_get_perm(conn, permset, perm); +} + +static int skel_sys_acl_free_text(struct connection_struct *conn, char *text) +{ + return default_vfs_ops.sys_acl_free_text(conn, text); +} + +static int skel_sys_acl_free_acl(struct connection_struct *conn, SMB_ACL_T posix_acl) +{ + return default_vfs_ops.sys_acl_free_acl(conn, posix_acl); +} + +static int skel_sys_acl_free_qualifier(struct connection_struct *conn, void *qualifier, SMB_ACL_TAG_T tagtype) +{ + return default_vfs_ops.sys_acl_free_qualifier(conn, qualifier, tagtype); +} + +/* VFS initialisation - return vfs_ops function pointer structure */ + +struct vfs_ops *vfs_init(int *vfs_version, struct vfs_ops *def_vfs_ops) +{ + struct vfs_ops tmp_ops; + + DEBUG(3, ("Initialising default vfs hooks\n")); + + *vfs_version = SMB_VFS_INTERFACE_VERSION; + memcpy(&tmp_ops, def_vfs_ops, sizeof(struct vfs_ops)); + + tmp_ops.connect = skel_connect; + tmp_ops.disconnect = skel_disconnect; + tmp_ops.disk_free = skel_disk_free; + + /* Directory operations */ + + tmp_ops.opendir = skel_opendir; + tmp_ops.readdir = skel_readdir; + tmp_ops.mkdir = skel_mkdir; + tmp_ops.rmdir = skel_rmdir; + tmp_ops.closedir = skel_closedir; + + /* File operations */ + + tmp_ops.open = skel_open; + tmp_ops.close = skel_close; + tmp_ops.read = skel_read; + tmp_ops.write = skel_write; + tmp_ops.lseek = skel_lseek; + tmp_ops.rename = skel_rename; + tmp_ops.fsync = skel_fsync; + tmp_ops.stat = skel_stat; + tmp_ops.fstat = skel_fstat; + tmp_ops.lstat = skel_lstat; + tmp_ops.unlink = skel_unlink; + tmp_ops.chmod = skel_chmod; + tmp_ops.fchmod = skel_fchmod; + tmp_ops.chown = skel_chown; + tmp_ops.fchown = skel_fchown; + tmp_ops.chdir = skel_chdir; + tmp_ops.getwd = skel_getwd; + tmp_ops.utime = skel_utime; + tmp_ops.ftruncate = skel_ftruncate; + tmp_ops.lock = skel_lock; + tmp_ops.symlink = skel_symlink; + tmp_ops.readlink = skel_readlink; + tmp_ops.link = skel_link; + tmp_ops.mknod = skel_mknod; + tmp_ops.realpath = skel_realpath; + + tmp_ops.fget_nt_acl = skel_fget_nt_acl; + tmp_ops.get_nt_acl = skel_get_nt_acl; + tmp_ops.fset_nt_acl = skel_fset_nt_acl; + tmp_ops.set_nt_acl = skel_set_nt_acl; + + /* POSIX ACL operations. */ + + tmp_ops.chmod_acl = skel_chmod_acl; + tmp_ops.fchmod_acl = skel_fchmod_acl; + tmp_ops.sys_acl_get_entry = skel_sys_acl_get_entry; + tmp_ops.sys_acl_get_tag_type = skel_sys_acl_get_tag_type; + tmp_ops.sys_acl_get_permset = skel_sys_acl_get_permset; + tmp_ops.sys_acl_get_qualifier = skel_sys_acl_get_qualifier; + tmp_ops.sys_acl_get_file = skel_sys_acl_get_file; + tmp_ops.sys_acl_get_fd = skel_sys_acl_get_fd; + tmp_ops.sys_acl_clear_perms = skel_sys_acl_clear_perms; + tmp_ops.sys_acl_add_perm = skel_sys_acl_add_perm; + tmp_ops.sys_acl_to_text = skel_sys_acl_to_text; + tmp_ops.sys_acl_init = skel_sys_acl_init; + tmp_ops.sys_acl_create_entry = skel_sys_acl_create_entry; + tmp_ops.sys_acl_set_tag_type = skel_sys_acl_set_tag_type; + tmp_ops.sys_acl_set_qualifier = skel_sys_acl_set_qualifier; + tmp_ops.sys_acl_set_permset = skel_sys_acl_set_permset; + tmp_ops.sys_acl_valid = skel_sys_acl_valid; + tmp_ops.sys_acl_set_file = skel_sys_acl_set_file; + tmp_ops.sys_acl_set_fd = skel_sys_acl_set_fd; + tmp_ops.sys_acl_delete_def_file = skel_sys_acl_delete_def_file; + tmp_ops.sys_acl_get_perm = skel_sys_acl_get_perm; + tmp_ops.sys_acl_free_text = skel_sys_acl_free_text; + tmp_ops.sys_acl_free_acl = skel_sys_acl_free_acl; + tmp_ops.sys_acl_free_qualifier = skel_sys_acl_free_qualifier; + + memcpy(&skel_ops, &tmp_ops, sizeof(struct vfs_ops)); + + return &skel_ops; +} + +/* VFS operations structure */ + +struct vfs_ops skel_ops = { + + /* Disk operations */ + + skel_connect, + skel_disconnect, + skel_disk_free, + + /* Directory operations */ + + skel_opendir, + skel_readdir, + skel_mkdir, + skel_rmdir, + skel_closedir, + + /* File operations */ + + skel_open, + skel_close, + skel_read, + skel_write, + skel_lseek, + skel_rename, + skel_fsync, + skel_stat, + skel_fstat, + skel_lstat, + skel_unlink, + skel_chmod, + skel_fchmod, + skel_chown, + skel_fchown, + skel_chdir, + skel_getwd, + skel_utime, + skel_ftruncate, + skel_lock, + skel_symlink, + skel_readlink, + skel_link, + skel_mknod, + skel_realpath, + + /* NT File ACL operations */ + + skel_fget_nt_acl, + skel_get_nt_acl, + skel_fset_nt_acl, + skel_set_nt_acl, + + /* POSIX ACL operations */ + + skel_chmod_acl, + skel_fchmod_acl, + + skel_sys_acl_get_entry, + skel_sys_acl_get_tag_type, + skel_sys_acl_get_permset, + skel_sys_acl_get_qualifier, + skel_sys_acl_get_file, + skel_sys_acl_get_fd, + skel_sys_acl_clear_perms, + skel_sys_acl_add_perm, + skel_sys_acl_to_text, + skel_sys_acl_init, + skel_sys_acl_create_entry, + skel_sys_acl_set_tag_type, + skel_sys_acl_set_qualifier, + skel_sys_acl_set_permset, + skel_sys_acl_valid, + skel_sys_acl_set_file, + skel_sys_acl_set_fd, + skel_sys_acl_delete_def_file, + skel_sys_acl_get_perm, + skel_sys_acl_free_text, + skel_sys_acl_free_acl, + skel_sys_acl_free_qualifier +}; diff --git a/examples/appliance/Makefile b/examples/appliance/Makefile new file mode 100644 index 00000000000..c49451add86 --- /dev/null +++ b/examples/appliance/Makefile @@ -0,0 +1,68 @@ +PREFIX=/usr/local/samba +CONFIGOPTS=--with-pam --prefix=$(PREFIX) --with-smbmount + + +all: headb tngb + +config: + (cd head/source; CFLAGS="-Wall -O2 -g" ./configure $(CONFIGOPTS)) + (cd tng; CFLAGS="-Wall -O2 -g" ./configure $(CONFIGOPTS) --enable-shared=no) + +headb: + (cd head/source; make) + +tngb: + (cd tng; make bin/samedit bin/winbindd nsswitch) + +clean: + (cd head/source; make clean) + (cd tng; make clean) + +proto: + (cd head/source; make proto) + (cd tng; make proto) + +distclean: + (cd head/source; make clean; rm -f config.cache; rm -f Makefile) + (cd tng; make clean; rm -f config.cache; rm -f Makefile) + +install: installhead installtng + +installbin: installheadbin installtng + +installhead: + (cd head/source; make install) + +installheadbin: + (cd head/source; make installbin) + +installtng: tngb + (cd tng; \ + rm -f $(PREFIX)/bin/samedit $(PREFIX)/bin/winbindd; \ + cp bin/samedit bin/winbindd $(PREFIX)/bin; \ + rm -f /lib/libnss_winbind.so.2 /lib/security/pam_winbind.so; \ + cp nsswitch/libnss_winbind.so /lib/libnss_winbind.so.2; \ + cp nsswitch/pam_winbind.so /lib/security/) + +stop: + -killall winbindd smbd nmbd + +start: + $(PREFIX)/bin/smbd + $(PREFIX)/bin/nmbd + $(PREFIX)/bin/winbindd + +restart: stop start + +updatehead: + (cd head; cvs -z9 update -d) + +updatetng: + (cd tng; cvs -z9 update -d) + +update: updatehead updatetng + +checkout: + -mkdir head tng + (cd head ; cvs -z9 co samba; mv samba head) + (cd head ; cvs -z9 co -r SAMBA_TNG samba/source; mv source tng) diff --git a/examples/appliance/README b/examples/appliance/README new file mode 100644 index 00000000000..3c9028fd89a --- /dev/null +++ b/examples/appliance/README @@ -0,0 +1,52 @@ +This directory provides build tools for building a Samba based domain +appliance. + +A appliance is a box that gets its username and group database from a +domain controller, and does its authentication via a domain +controller. Right now this is only supported by combining two CVS +branches of Samba, which is what the files in this directory do. + +SETUP +----- + +To setup an appliance do the following: + +1) build and install Samba using the .spec file or Makefile in this + directory. + +2) setup winbindd by following the directions in the winbindd man + page. + +3) test winbindd, validating that domain users and groups are visible + and that domain authentication works, both using unix tools and + smbclient. + +for appliance printing support also do this: + +4) create a print$ share with write permission for print + administrators. + +4) create the "nt printer driver" directory (by default + /usr/local/samba/lib/ntprinters) and make it writable by print + adminisrators. + +5) populate your /etc/printcap printer database + +6) add printers using the NT "add printer wizard" in the Printers + network folder. + + +PACKAGING +--------- + +- Checkout the Samba CVS head branch into a directory call + samba-appliance-0.2/head + +- Checkout the source subdirectory of the Samba CVS SAMBA_TNG branch + into a directory call samba-appliance-0.2/tng + +- Copy Makefile and smb.conf-appliance to samba-appliance-0.2/ + +- run build.sh + +That should build source and binary RPMs in /usr/src/redhat/{RPMS,SRPMS} diff --git a/examples/appliance/appliance.spec b/examples/appliance/appliance.spec new file mode 100644 index 00000000000..6fb631b4e2f --- /dev/null +++ b/examples/appliance/appliance.spec @@ -0,0 +1,389 @@ +Summary: Samba SMB client and server +Name: samba-appliance +Version: 0.2 +Release: 1 +Copyright: GNU GPL version 2 +Group: Networking +Source: %{name}-%{version}-src.tar.gz +Packager: John H Terpstra [Samba-Team] +Requires: pam >= 0.64 +Prereq: chkconfig fileutils +BuildRoot: /var/tmp/samba +Provides: winbind + +%define prefix /usr/local/samba + +%define tng_build_dir $RPM_BUILD_DIR/%{name}-%{version}/tng +%define head_build_dir $RPM_BUILD_DIR/%{name}-%{version}/head + +%description +Samba provides an SMB server which can be used to provide +network services to SMB (sometimes called "Lan Manager") +clients, including various versions of MS Windows, OS/2, +and other Linux machines. Samba also provides some SMB +clients, which complement the built-in SMB filesystem +in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols +and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) +protocol. + +Samba-2 features an almost working NT Domain Control +capability and includes the new SWAT (Samba Web Administration +Tool) that allows samba's smb.conf file to be remotely managed +using your favourite web browser. For the time being this is +being enabled on TCP port 901 via inetd. + +Please refer to the WHATSNEW.txt document for fixup information. +This binary release includes encrypted password support. +Please read the smb.conf file and ENCRYPTION.txt in the +docs directory for implementation details. + +NOTE: Red Hat Linux 5.X Uses PAM which has integrated support +for Shadow passwords. Do NOT recompile with the SHADOW_PWD option +enabled. Red Hat Linux has built in support for quotas in PAM. + +%changelog +* Mon Jun 5 2000 Tim Potter + - Modified to use prefix=/usr/local/samba everywhere + +* Sat Nov 29 1999 Matthew Vanecek + - Added a Prefix and changed "/usr" to "%{prefix}" + +* Sat Nov 11 1999 Tridge + - changed from mount.smb to mount.smbfs + +* Sat Oct 9 1999 Tridge + - removed smbwrapper + - added smbmnt and smbmount + +* Sun Apr 25 1999 John H Terpstra + - added smbsh.1 man page + +* Fri Mar 26 1999 Andrew Tridgell + - added --with-pam as pam is no longer used by default + +* Sat Jan 27 1999 Jeremy Allison + - Removed smbrun binary and tidied up some loose ends + +* Sun Oct 25 1998 John H Terpstra + - Added parameters to /config to ensure smb.conf, lmhosts, + and smbusers never gets over-written. + +* Sat Oct 24 1998 John H Terpstra + - removed README.smbsh file from docs area + +* Mon Oct 05 1998 John H Terpstra + - Added rpcclient to binaries list + - Added smbwrapper stuff + +* Fri Aug 21 1998 John H Terpstra + - Updated for Samba version 2.0 building + +* Tue Jul 07 1998 Erik Troan + - updated postun triggerscript to check $0 + - clear /etc/codepages from %preun instead of %postun + +* Sat Jul 04 1998 John H Terpstra + - fixed codepage preservation during update via -Uvh + +* Mon Jun 08 1998 Erik Troan + - made the %postun script a tad less agressive; no reason to remove + the logs or lock file + - the %postun and %preun should only exectute if this is the final + removal + - migrated %triggerpostun from Red Hat's samba package to work around + packaging problems in some Red Hat samba releases + +* Sun Apr 26 1998 John H Terpstra + - Tidy up for early alpha releases + - added findsmb from SGI packaging + +* Thu Apr 09 1998 John H Terpstra + - Updated spec file + - Included new codepage.936 + +* Sat Mar 20 1998 John H Terpstra + - Added swat facility + +* Sat Jan 24 1998 John H Terpstra + - Many optimisations (some suggested by Manoj Kasichainula + - Use of chkconfig in place of individual symlinks to /etc/rc.d/init/smb + - Compounded make line + - Updated smb.init restart mechanism + - Use compound mkdir -p line instead of individual calls to mkdir + - Fixed smb.conf file path for log files + - Fixed smb.conf file path for incoming smb print spool directory + - Added a number of options to smb.conf file + - Added smbadduser command (missed from all previous RPMs) - Doooh! + - Added smbuser file and smb.conf file updates for username map + +%prep +%setup + +%build +make config +make + +%install +rm -rf $RPM_BUILD_ROOT + +# Install stuff for tng + +mkdir -p $RPM_BUILD_ROOT%{prefix}/bin +mkdir -p $RPM_BUILD_ROOT/lib/security +cp %{tng_build_dir}/bin/samedit $RPM_BUILD_ROOT%{prefix}/bin +cp %{tng_build_dir}/bin/winbindd $RPM_BUILD_ROOT%{prefix}/bin +cp %{tng_build_dir}/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib +cp %{tng_build_dir}/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security + +# Install stuff for head + +mkdir -p $RPM_BUILD_ROOT%{prefix}/lib/codepages/src +mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d} +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/{init.d,rc0.d,rc1.d,rc2.d,rc3.d,rc5.d,rc6.d} +mkdir -p $RPM_BUILD_ROOT%{prefix}/bin +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include} +mkdir -p $RPM_BUILD_ROOT%{prefix}/man/{man1,man5,man7,man8} +mkdir -p $RPM_BUILD_ROOT%{prefix}/var/locks +mkdir -p $RPM_BUILD_ROOT%{prefix}/private + +# Install standard binary files +for i in nmblookup smbclient smbspool smbpasswd smbstatus testparm testprns \ + make_smbcodepage make_printerdef +do +install -m755 -s %{head_build_dir}/source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin +done +for i in addtosmbpass mksmbpasswd.sh smbtar +do +install -m755 %{head_build_dir}/source/script/$i $RPM_BUILD_ROOT%{prefix}/bin +done + +# Install secure binary files +for i in smbd nmbd swat smbmount smbmnt smbumount +do +install -m755 -s %{head_build_dir}/source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin +done + +# we need a symlink for mount to recognise the smb filesystem type +#ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT%{prefix}/bin/mount.smbfs + +# Install level 1 man pages +for i in smbclient.1 smbrun.1 smbstatus.1 smbtar.1 testparm.1 testprns.1 make_smbcodepage.1 nmblookup.1 +do +install -m644 %{head_build_dir}/docs/manpages/$i $RPM_BUILD_ROOT%{prefix}/man/man1 +done + +# Install codepage source files +for i in 437 737 850 852 861 866 932 936 949 950 +do +install -m644 %{head_build_dir}/source/codepages/codepage_def.$i $RPM_BUILD_ROOT%{prefix}/lib/codepages/src +done + +# Install SWAT helper files +for i in %{head_build_dir}/swat/help/*.html %{head_build_dir}/docs/htmldocs/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help +done +for i in %{head_build_dir}/swat/images/*.gif +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images +done +for i in %{head_build_dir}/swat/include/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include +done + +# Install the miscellany +install -m644 %{head_build_dir}/swat/README $RPM_BUILD_ROOT%{prefix}/share/swat +install -m644 %{head_build_dir}/docs/manpages/smb.conf.5 $RPM_BUILD_ROOT%{prefix}/man/man5 +install -m644 %{head_build_dir}/docs/manpages/lmhosts.5 $RPM_BUILD_ROOT%{prefix}/man/man5 +install -m644 %{head_build_dir}/docs/manpages/smbpasswd.5 $RPM_BUILD_ROOT%{prefix}/man/man5 +install -m644 %{head_build_dir}/docs/manpages/samba.7 $RPM_BUILD_ROOT%{prefix}/man/man7 +install -m644 %{head_build_dir}/docs/manpages/smbd.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 %{head_build_dir}/docs/manpages/nmbd.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 %{head_build_dir}/docs/manpages/swat.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 %{head_build_dir}/docs/manpages/smbmnt.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 %{head_build_dir}/docs/manpages/smbmount.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 %{head_build_dir}/docs/manpages/smbpasswd.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 %{head_build_dir}/docs/manpages/smbspool.8 $RPM_BUILD_ROOT%{prefix}/man/man8 +install -m644 $RPM_BUILD_DIR/%{name}-%{version}/smb.conf-appliance $RPM_BUILD_ROOT%{prefix}/lib/smb.conf +install -m644 %{head_build_dir}/packaging/RedHat/smbusers $RPM_BUILD_ROOT/etc/smbusers +install -m755 %{head_build_dir}/packaging/RedHat/smbprint $RPM_BUILD_ROOT%{prefix}/bin +install -m755 %{head_build_dir}/packaging/RedHat/findsmb $RPM_BUILD_ROOT%{prefix}/bin +install -m755 %{head_build_dir}/packaging/RedHat/smbadduser $RPM_BUILD_ROOT%{prefix}/bin +install -m755 %{head_build_dir}/packaging/RedHat/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb +install -m755 %{head_build_dir}/packaging/RedHat/smb.init $RPM_BUILD_ROOT%{prefix}/bin/samba +install -m644 %{head_build_dir}/packaging/RedHat/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba +install -m644 %{head_build_dir}/packaging/RedHat/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba +echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/lmhosts + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +#/sbin/chkconfig --add smb + +# Build codepage load files +for i in 437 737 850 852 861 866 932 936 949 950 +do +%{prefix}/bin/make_smbcodepage c $i %{prefix}/lib/codepages/src/codepage_def.$i %{prefix}/lib/codepages/codepage.$i +done + +# Add swat entry to /etc/services if not already there +if !( grep ^[:space:]*swat /etc/services > /dev/null ) then + echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services +fi + +# Add swat entry to /etc/inetd.conf if needed +if !( grep ^[:space:]*swat /etc/inetd.conf > /dev/null ) then + echo 'swat stream tcp nowait.400 root %{prefix}/sbin/swat swat' >> /etc/inetd.conf +killall -1 inetd || : +fi + +%preun +if [ $1 = 0 ] ; then + /sbin/chkconfig --del smb + + for n in %{prefix}/lib/codepages/*; do + if [ $n != %{prefix}/lib/codepages/src ]; then + rm -rf $n + fi + done + # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba! + if [ -e %{prefix}/var/locks/browse.dat ]; then + rm -f %{prefix}/var/locks/browse.dat + fi + if [ -e %{prefix}/var/locks/wins.dat ]; then + rm -f %{prefix}/var/locks/wins.dat + fi +fi + +%postun +# Only delete remnants of samba if this is the final deletion. +if [ $1 = 0 ] ; then + if [ -x /etc/pam.d/samba ]; then + rm -f /etc/pam.d/samba + fi + if [ -e /var/log/samba ]; then + rm -rf /var/log/samba + fi + if [ -e /var/lock/samba ]; then + rm -rf /var/lock/samba + fi + + # Remove swat entries from /etc/inetd.conf and /etc/services + cd /etc + tmpfile=/etc/tmp.$$ + sed -e '/^[:space:]*swat.*$/d' /etc/inetd.conf > $tmpfile + mv $tmpfile inetd.conf + sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile + mv $tmpfile services +fi + +%triggerpostun -- samba < samba-2.0.0 +if [ $0 != 0 ]; then + /sbin/chkconfig --add smb +fi + + +%files +%doc %{head_build_dir}/README %{head_build_dir}/COPYING +%doc %{head_build_dir}/Manifest %{head_build_dir}/Read-Manifest-Now +%doc %{head_build_dir}/WHATSNEW.txt %{head_build_dir}/Roadmap +%doc %{head_build_dir}/docs +%doc %{head_build_dir}/swat/README +%doc %{head_build_dir}/examples +%attr(-,root,root) %{prefix}/bin/smbd +%attr(-,root,root) %{prefix}/bin/nmbd +%attr(-,root,root) %{prefix}/bin/swat +%attr(-,root,root) %{prefix}/bin/smbmnt +%attr(-,root,root) %{prefix}/bin/smbmount +%attr(-,root,root) %{prefix}/bin/smbumount +%attr(0750,root,root) %{prefix}/bin/samba +%attr(-,root,root) %{prefix}/bin/addtosmbpass +%attr(-,root,root) %{prefix}/bin/mksmbpasswd.sh +%attr(-,root,root) %{prefix}/bin/smbclient +%attr(-,root,root) %{prefix}/bin/smbspool +%attr(-,root,root) %{prefix}/bin/testparm +%attr(-,root,root) %{prefix}/bin/testprns +%attr(-,root,root) %{prefix}/bin/findsmb +%attr(-,root,root) %{prefix}/bin/smbstatus +%attr(-,root,root) %{prefix}/bin/nmblookup +%attr(-,root,root) %{prefix}/bin/make_smbcodepage +%attr(-,root,root) %{prefix}/bin/make_printerdef +%attr(-,root,root) %{prefix}/bin/smbpasswd +%attr(-,root,root) %{prefix}/bin/smbtar +%attr(-,root,root) %{prefix}/bin/smbprint +%attr(-,root,root) %{prefix}/bin/smbadduser +%attr(-,root,root) %{prefix}/share/swat/help/welcome.html +%attr(-,root,root) %{prefix}/share/swat/help/DOMAIN_MEMBER.html +%attr(-,root,root) %{prefix}/share/swat/help/NT_Security.html +%attr(-,root,root) %{prefix}/share/swat/help/lmhosts.5.html +%attr(-,root,root) %{prefix}/share/swat/help/make_smbcodepage.1.html +%attr(-,root,root) %{prefix}/share/swat/help/nmbd.8.html +%attr(-,root,root) %{prefix}/share/swat/help/nmblookup.1.html +%attr(-,root,root) %{prefix}/share/swat/help/samba.7.html +%attr(-,root,root) %{prefix}/share/swat/help/smb.conf.5.html +%attr(-,root,root) %{prefix}/share/swat/help/smbclient.1.html +%attr(-,root,root) %{prefix}/share/swat/help/smbspool.8.html +%attr(-,root,root) %{prefix}/share/swat/help/smbd.8.html +%attr(-,root,root) %{prefix}/share/swat/help/smbpasswd.5.html +%attr(-,root,root) %{prefix}/share/swat/help/smbpasswd.8.html +%attr(-,root,root) %{prefix}/share/swat/help/smbrun.1.html +%attr(-,root,root) %{prefix}/share/swat/help/smbstatus.1.html +%attr(-,root,root) %{prefix}/share/swat/help/smbtar.1.html +%attr(-,root,root) %{prefix}/share/swat/help/swat.8.html +%attr(-,root,root) %{prefix}/share/swat/help/testparm.1.html +%attr(-,root,root) %{prefix}/share/swat/help/testprns.1.html +%attr(-,root,root) %{prefix}/share/swat/images/globals.gif +%attr(-,root,root) %{prefix}/share/swat/images/home.gif +%attr(-,root,root) %{prefix}/share/swat/images/passwd.gif +%attr(-,root,root) %{prefix}/share/swat/images/printers.gif +%attr(-,root,root) %{prefix}/share/swat/images/shares.gif +%attr(-,root,root) %{prefix}/share/swat/images/samba.gif +%attr(-,root,root) %{prefix}/share/swat/images/status.gif +%attr(-,root,root) %{prefix}/share/swat/images/viewconfig.gif +%attr(-,root,root) %{prefix}/share/swat/include/header.html +%attr(-,root,root) %{prefix}/share/swat/include/footer.html +%attr(-,root,root) %config(noreplace) /etc/lmhosts +%attr(-,root,root) %config(noreplace) %{prefix}/lib/smb.conf +%attr(-,root,root) %config(noreplace) /etc/smbusers +%attr(-,root,root) /etc/rc.d/init.d/smb +%attr(-,root,root) /etc/logrotate.d/samba +%attr(-,root,root) /etc/pam.d/samba +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.437 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.737 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.850 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.852 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.861 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.866 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.932 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.936 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.949 +%attr(-,root,root) %{prefix}/lib/codepages/src/codepage_def.950 +%attr(-,root,root) %{prefix}/man/man1/smbstatus.1 +%attr(-,root,root) %{prefix}/man/man1/smbclient.1 +%attr(-,root,root) %{prefix}/man/man1/make_smbcodepage.1 +%attr(-,root,root) %{prefix}/man/man1/smbrun.1 +%attr(-,root,root) %{prefix}/man/man1/smbtar.1 +%attr(-,root,root) %{prefix}/man/man1/testparm.1 +%attr(-,root,root) %{prefix}/man/man1/testprns.1 +%attr(-,root,root) %{prefix}/man/man1/nmblookup.1 +%attr(-,root,root) %{prefix}/man/man5/smb.conf.5 +%attr(-,root,root) %{prefix}/man/man5/lmhosts.5 +%attr(-,root,root) %{prefix}/man/man5/smbpasswd.5 +%attr(-,root,root) %{prefix}/man/man7/samba.7 +%attr(-,root,root) %{prefix}/man/man8/smbd.8 +%attr(-,root,root) %{prefix}/man/man8/nmbd.8 +%attr(-,root,root) %{prefix}/man/man8/smbpasswd.8 +%attr(-,root,root) %{prefix}/man/man8/swat.8 +%attr(-,root,root) %{prefix}/man/man8/smbmnt.8 +%attr(-,root,root) %{prefix}/man/man8/smbmount.8 +%attr(-,root,root) %{prefix}/man/man8/smbspool.8 +%attr(-,root,root) %dir %{prefix}/lib/codepages +%attr(-,root,root) %dir %{prefix}/lib/codepages/src +%attr(-,root,root) %dir %{prefix}/var/locks +%attr(-,root,root) %dir %{prefix}/private +%attr(-,root,root) %{prefix}/bin/winbindd +%attr(-,root,root) %{prefix}/bin/samedit +%attr(-,root,root) /lib/libnss_winbind.so +%attr(-,root,root) /lib/security/pam_winbind.so diff --git a/examples/appliance/build.sh b/examples/appliance/build.sh new file mode 100755 index 00000000000..ad7a4eb5fb3 --- /dev/null +++ b/examples/appliance/build.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +tar --exclude=CVS -czf /usr/src/redhat/SOURCES/samba-appliance-0.2-src.tar.gz samba-appliance-0.2 +rpm -ba appliance.spec diff --git a/examples/appliance/smb.conf-appliance b/examples/appliance/smb.conf-appliance new file mode 100644 index 00000000000..a3c62256c5a --- /dev/null +++ b/examples/appliance/smb.conf-appliance @@ -0,0 +1,8 @@ +[global] + workgroup = DOMAIN + security = domain + encrypt passwords = true + stat cache = false + winbind uid = 10000-20000 + winbind gid = 10000-20000 + password server = PDC diff --git a/examples/autofs/auto.a b/examples/autofs/auto.a new file mode 100644 index 00000000000..0fa8f4efc30 --- /dev/null +++ b/examples/autofs/auto.a @@ -0,0 +1,15 @@ +# automount points below /a + +# This is an automounter map and it has the following format +# key [ -mount-options-separated-by-comma ] location +# Details may be found in the autofs(5) manpage + +# nfs servers +valepp -fstype=nfs,rsize=8192,wsize=8192 valepp:/ +galaun -fstype=nfs,rsize=8192,wsize=8192 galaun:/ + +# smb-servers +supra_andreas -fstype=smb,username=andreas,password=foo ://supra/aheinrich +supra_cspiel -fstype=smb,username=cspiel ://supra/cspiel +phonon_andreas -fstype=smb,username=andreas ://phonon/andreas +helium_cspiel -fstype=smb,username=cspiel ://helium/cspiel diff --git a/examples/libsmbclient/Makefile b/examples/libsmbclient/Makefile new file mode 100644 index 00000000000..8c1def8a162 --- /dev/null +++ b/examples/libsmbclient/Makefile @@ -0,0 +1,25 @@ +# +CC = gcc + +SAMBA_INCL = ../../source/include + +CFLAGS = -I$(SAMBA_INCL) + +LDFLAGS = -L/usr/lib + +all: testsmbc tree + +testsmbc: testsmbc.o + @echo Linking testsmbc + @$(CC) $(CFLAGS) $(LDFLAGS) -o $@ $< -lsmbclient + +testsmbc-static: testsmbc.o + @echo Linking testsmbc + @$(CC) $(CFLAGS) -static $(LDFLAGS) -o $@ $< -lsmbclient -ldl -lnsl + +tree: tree.o + @echo Linking tree + @$(CC) `gtk-config --cflags` $(CFLAGS) $(LDFLAGS) -o $@ `gtk-config --libs` -lsmbclient $< + +clean: + @rm -f *.o *~ diff --git a/examples/libsmbclient/README b/examples/libsmbclient/README new file mode 100644 index 00000000000..d9a9f829174 --- /dev/null +++ b/examples/libsmbclient/README @@ -0,0 +1,8 @@ +Some simple example programs for libsmbclient ... + +testsmbc.c is kinda broken as it has many hardcoded bits in it + +tree.c is an example of how you might do some of these things with GTK+ +It needs lots of work but shows you some ways to use libsmbclient. + +Richard Sharpe, 17-May-2001 ... diff --git a/examples/libsmbclient/testsmbc.c b/examples/libsmbclient/testsmbc.c new file mode 100644 index 00000000000..7aae9d85616 --- /dev/null +++ b/examples/libsmbclient/testsmbc.c @@ -0,0 +1,456 @@ +/* + Unix SMB/Netbios implementation. + Version 2.0 + SMB client library test program + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Richard Sharpe 2000 + Copyright (C) John Terpsra 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include +#include +#include +#include +#include +#include +#include + +void auth_fn(const char *server, const char *share, + char *workgroup, int wgmaxlen, char *username, int unmaxlen, + char *password, int pwmaxlen) +{ + char temp[128]; + + fprintf(stdout, "Need password for //%s/%s\n", server, share); + + fprintf(stdout, "Enter workgroup: [%s] ", workgroup); + fgets(temp, sizeof(temp), stdin); + + if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */ + temp[strlen(temp) - 1] = 0x00; + + if (temp[0]) strncpy(workgroup, temp, wgmaxlen - 1); + + fprintf(stdout, "Enter username: [%s] ", username); + fgets(temp, sizeof(temp), stdin); + + if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */ + temp[strlen(temp) - 1] = 0x00; + + if (temp[0]) strncpy(username, temp, unmaxlen - 1); + + fprintf(stdout, "Enter password: [%s] ", password); + fgets(temp, sizeof(temp), stdin); + + if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */ + temp[strlen(temp) - 1] = 0x00; + + if (temp[0]) strncpy(password, temp, pwmaxlen - 1); + +} + +int global_id = 0; + +void print_list_fn(struct print_job_info *pji) +{ + + fprintf(stdout, "Print job: ID: %u, Prio: %u, Size: %u, User: %s, Name: %s\n", + pji->id, pji->priority, pji->size, pji->user, pji->name); + + global_id = pji->id; + +} + +int main(int argc, char *argv[]) +{ + int err, fd, dh1, dh2, dh3, dsize, dirc; + const char *file = "smb://samba/public/testfile.txt"; + const char *file2 = "smb://samba/public/testfile2.txt"; + char buff[256]; + char dirbuf[512]; + char *dirp; + struct stat st1, st2; + + err = smbc_init(auth_fn, 10); /* Initialize things */ + + if (err < 0) { + + fprintf(stderr, "Initializing the smbclient library ...: %s\n", strerror(errno)); + + } + + if (argc > 1) { + + /* Try to list the print jobs ... */ + + if (smbc_list_print_jobs("smb://samba/pclp", print_list_fn) < 0) { + + fprintf(stderr, "Could not list print jobs: %s, %d\n", strerror(errno), errno); + exit(1); + + } + + /* Try to delete the last job listed */ + + if (global_id > 0) { + + fprintf(stdout, "Trying to delete print job %u\n", global_id); + + if (smbc_unlink_print_job("smb://samba/pclp", global_id) < 0) { + + fprintf(stderr, "Failed to unlink job id %u, %s, %u\n", global_id, + strerror(errno), errno); + + exit(1); + + } + + } + + /* Try to print a file ... */ + + if (smbc_print_file("smb://samba/public/testfile2.txt", "smb://samba/pclp") < 0) { + + fprintf(stderr, "Failed to print job: %s %u\n", strerror(errno), errno); + exit(1); + + } + + /* Try to delete argv[1] as a file ... */ + + if (smbc_unlink(argv[1]) < 0) { + + fprintf(stderr, "Could not unlink: %s, %s, %d\n", + argv[1], strerror(errno), errno); + + exit(0); + + } + + if ((dh1 = smbc_opendir("smb://"))<1) { + + fprintf(stderr, "Could not open directory: smb://: %s\n", + strerror(errno)); + + exit(1); + + } + + if ((dh2 = smbc_opendir("smb://sambanet")) < 0) { + + fprintf(stderr, "Could not open directory: smb://sambanet: %s\n", + strerror(errno)); + + exit(1); + + } + + if ((dh3 = smbc_opendir("smb://samba")) < 0) { + + fprintf(stderr, "Could not open directory: smb://samba: %s\n", + strerror(errno)); + + exit(1); + + } + + fprintf(stdout, "Directory handles: %u, %u, %u\n", dh1, dh2, dh3); + + /* Now, list those directories, but in funny ways ... */ + + dirp = (char *)dirbuf; + + if ((dirc = smbc_getdents(dh1, (struct smbc_dirent *)dirp, + sizeof(dirbuf))) < 0) { + + fprintf(stderr, "Problems getting directory entries: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Now, process the list of names ... */ + + fprintf(stdout, "Directory listing, size = %u\n", dirc); + + while (dirc > 0) { + + dsize = ((struct smbc_dirent *)dirp)->dirlen; + fprintf(stdout, "Dir Ent, Type: %u, Name: %s, Comment: %s\n", + ((struct smbc_dirent *)dirp)->smbc_type, + ((struct smbc_dirent *)dirp)->name, + ((struct smbc_dirent *)dirp)->comment); + + dirp += dsize; + (char *)dirc -= dsize; + + } + + dirp = (char *)dirbuf; + + if ((dirc = smbc_getdents(dh2, (struct smbc_dirent *)dirp, + sizeof(dirbuf))) < 0) { + + fprintf(stderr, "Problems getting directory entries: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Now, process the list of names ... */ + + fprintf(stdout, "\nDirectory listing, size = %u\n", dirc); + + while (dirc > 0) { + + dsize = ((struct smbc_dirent *)dirp)->dirlen; + fprintf(stdout, "Dir Ent, Type: %u, Name: %s, Comment: %s\n", + ((struct smbc_dirent *)dirp)->smbc_type, + ((struct smbc_dirent *)dirp)->name, + ((struct smbc_dirent *)dirp)->comment); + + dirp += dsize; + (char *)dirc -= dsize; + + } + + dirp = (char *)dirbuf; + + if ((dirc = smbc_getdents(dh3, (struct smbc_dirent *)dirp, + sizeof(dirbuf))) < 0) { + + fprintf(stderr, "Problems getting directory entries: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Now, process the list of names ... */ + + fprintf(stdout, "Directory listing, size = %u\n", dirc); + + while (dirc > 0) { + + dsize = ((struct smbc_dirent *)dirp)->dirlen; + fprintf(stdout, "\nDir Ent, Type: %u, Name: %s, Comment: %s\n", + ((struct smbc_dirent *)dirp)->smbc_type, + ((struct smbc_dirent *)dirp)->name, + ((struct smbc_dirent *)dirp)->comment); + + (char *)dirp += dsize; + (char *)dirc -= dsize; + + } + + exit(1); + + } + + /* For now, open a file on a server that is hard coded ... later will + * read from the command line ... + */ + + fd = smbc_open(file, O_RDWR | O_CREAT | O_TRUNC, 0666); + + if (fd < 0) { + + fprintf(stderr, "Creating file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Opened or created file: %s\n", file); + + /* Now, write some date to the file ... */ + + bzero(buff, sizeof(buff)); + strcpy(buff, "Some test data for the moment ..."); + + err = smbc_write(fd, buff, sizeof(buff)); + + if (err < 0) { + + fprintf(stderr, "writing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Wrote %d bytes to file: %s\n", sizeof(buff), buff); + + /* Now, seek the file back to offset 0 */ + + err = smbc_lseek(fd, SEEK_SET, 0); + + if (err < 0) { + + fprintf(stderr, "Seeking file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Completed lseek on file: %s\n", file); + + /* Now, read the file contents back ... */ + + err = smbc_read(fd, buff, sizeof(buff)); + + if (err < 0) { + + fprintf(stderr, "Reading file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Read file: %s\n", buff); /* Should check the contents */ + + fprintf(stdout, "Now fstat'ing file: %s\n", file); + + err = smbc_fstat(fd, &st1); + + if (err < 0) { + + fprintf(stderr, "Fstat'ing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + + /* Now, close the file ... */ + + err = smbc_close(fd); + + if (err < 0) { + + fprintf(stderr, "Closing file: %s: %s\n", file, strerror(errno)); + + } + + /* Now, rename the file ... */ + + err = smbc_rename(file, file2); + + if (err < 0) { + + fprintf(stderr, "Renaming file: %s to %s: %s\n", file, file2, strerror(errno)); + + } + + fprintf(stdout, "Renamed file %s to %s\n", file, file2); + + /* Now, create a file and delete it ... */ + + fprintf(stdout, "Now, creating file: %s so we can delete it.\n", file); + + fd = smbc_open(file, O_RDWR | O_CREAT, 0666); + + if (fd < 0) { + + fprintf(stderr, "Creating file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Opened or created file: %s\n", file); + + err = smbc_close(fd); + + if (err < 0) { + + fprintf(stderr, "Closing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + /* Now, delete the file ... */ + + fprintf(stdout, "File %s created, now deleting ...\n", file); + + err = smbc_unlink(file); + + if (err < 0) { + + fprintf(stderr, "Deleting file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + /* Now, stat the file, file 2 ... */ + + fprintf(stdout, "Now stat'ing file: %s\n", file); + + err = smbc_stat(file2, &st2); + + if (err < 0) { + + fprintf(stderr, "Stat'ing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Stat'ed file: %s. Size = %d, mode = %04X\n", file2, + (int)st2.st_size, st2.st_mode); + fprintf(stdout, " time: %s\n", ctime(&st2.st_atime)); + fprintf(stdout, "Earlier stat: %s, Size = %d, mode = %04X\n", file, + (int)st1.st_size, st1.st_mode); + fprintf(stdout, " time: %s\n", ctime(&st1.st_atime)); + + /* Now, make a directory ... */ + + fprintf(stdout, "Making directory smb://samba/public/make-dir\n"); + + if (smbc_mkdir("smb://samba/public/make-dir", 0666) < 0) { + + fprintf(stderr, "Error making directory: smb://samba/public/make-dir: %s\n", + strerror(errno)); + + if (errno == EEXIST) { /* Try to delete the directory */ + + fprintf(stdout, "Trying to delete directory: smb://samba/public/make-dir\n"); + + if (smbc_rmdir("smb://samba/public/make-dir") < 0) { /* Error */ + + fprintf(stderr, "Error removing directory: smb://samba/public/make-dir: %s\n", strerror(errno)); + + exit(0); + + } + + fprintf(stdout, "Making directory: smb://samba/public/make-dir\n"); + + if (smbc_mkdir("smb://samba/public/make-dir", 666) < 0) { + + fprintf(stderr, "Error making directory: smb://samba/public/make-dir: %s\n", + strerror(errno)); + + fprintf(stderr, "I give up!\n"); + + exit(1); + + } + + } + + exit(0); + + } + + fprintf(stdout, "Made dir: make-dir\n"); + return 0; +} diff --git a/examples/libsmbclient/tree.c b/examples/libsmbclient/tree.c new file mode 100644 index 00000000000..da60236e601 --- /dev/null +++ b/examples/libsmbclient/tree.c @@ -0,0 +1,812 @@ +/* + Unix SMB/Netbios implementation. + Version 2.0 + SMB client GTK+ tree-based application + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Richard Sharpe 2001 + Copyright (C) John Terpstra 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* example-gtk+ application, ripped off from the gtk+ tree.c sample */ + +#include +#include +#include +#include "libsmbclient.h" + +static GtkWidget *clist; + +struct tree_data { + + guint32 type; /* Type of tree item, an SMBC_TYPE */ + char name[256]; /* May need to change this later */ + +}; + +void error_message(gchar *message) { + + GtkWidget *dialog, *label, *okay_button; + + /* Create the widgets */ + + dialog = gtk_dialog_new(); + gtk_window_set_modal(GTK_WINDOW(dialog), TRUE); + label = gtk_label_new (message); + okay_button = gtk_button_new_with_label("Okay"); + + /* Ensure that the dialog box is destroyed when the user clicks ok. */ + + gtk_signal_connect_object (GTK_OBJECT (okay_button), "clicked", + GTK_SIGNAL_FUNC (gtk_widget_destroy), dialog); + gtk_container_add (GTK_CONTAINER (GTK_DIALOG(dialog)->action_area), + okay_button); + + /* Add the label, and show everything we've added to the dialog. */ + + gtk_container_add (GTK_CONTAINER (GTK_DIALOG(dialog)->vbox), + label); + gtk_widget_show_all (dialog); +} + +/* + * We are given a widget, and we want to retrieve its URL so we + * can do a directory listing. + * + * We walk back up the tree, picking up pieces until we hit a server or + * workgroup type and return a path from there + */ + +static char path_string[1024]; + +char *get_path(GtkWidget *item) +{ + GtkWidget *p = item; + struct tree_data *pd; + char *comps[1024]; /* We keep pointers to the components here */ + int i = 0, j, level,type; + + /* Walk back up the tree, getting the private data */ + + level = GTK_TREE(item->parent)->level; + + /* Pick up this item's component info */ + + pd = (struct tree_data *)gtk_object_get_user_data(GTK_OBJECT(item)); + + comps[i++] = pd->name; + type = pd->type; + + while (level > 0 && type != SMBC_SERVER && type != SMBC_WORKGROUP) { + + /* Find the parent and extract the data etc ... */ + + p = GTK_WIDGET(p->parent); + p = GTK_WIDGET(GTK_TREE(p)->tree_owner); + + pd = (struct tree_data *)gtk_object_get_user_data(GTK_OBJECT(p)); + + level = GTK_TREE(item->parent)->level; + + comps[i++] = pd->name; + type = pd->type; + + } + + /* + * Got a list of comps now, should check that we did not hit a workgroup + * when we got other things as well ... Later + * + * Now, build the path + */ + + snprintf(path_string, sizeof(path_string), "smb:/"); + + for (j = i - 1; j >= 0; j--) { + + strncat(path_string, "/", sizeof(path_string) - strlen(path_string)); + strncat(path_string, comps[j], sizeof(path_string) - strlen(path_string)); + + } + + fprintf(stdout, "Path string = %s\n", path_string); + + return path_string; + +} + +struct tree_data *make_tree_data(guint32 type, const char *name) +{ + struct tree_data *p = (struct tree_data *)malloc(sizeof(struct tree_data)); + + if (p) { + + p->type = type; + strncpy(p->name, name, sizeof(p->name)); + + } + + return p; + +} + +/* Note that this is called every time the user clicks on an item, + whether it is already selected or not. */ +static void cb_select_child (GtkWidget *root_tree, GtkWidget *child, + GtkWidget *subtree) +{ + gint dh, err, dirlen; + char dirbuf[512]; + struct smbc_dirent *dirp; + struct stat st1; + char path[1024], path1[1024]; + + g_print ("select_child called for root tree %p, subtree %p, child %p\n", + root_tree, subtree, child); + + /* Now, figure out what it is, and display it in the clist ... */ + + gtk_clist_clear(GTK_CLIST(clist)); /* Clear the CLIST */ + + /* Now, get the private data for the subtree */ + + strncpy(path, get_path(child), 1024); + + if ((dh = smbc_opendir(path)) < 0) { /* Handle error */ + + g_print("cb_select_child: Could not open dir %s, %s\n", path, + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { + + g_print("cb_select_child: Could not read dir %s, %s\n", path, + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + dirp = (struct smbc_dirent *)dirbuf; + + while (err > 0) { + gchar col1[128], col2[128], col3[128], col4[128]; + gchar *rowdata[4] = {col1, col2, col3, col4}; + + dirlen = dirp->dirlen; + + /* Format each of the items ... */ + + strncpy(col1, dirp->name, 128); + + col2[0] = col3[0] = col4[0] = (char)0; + + switch (dirp->smbc_type) { + + case SMBC_WORKGROUP: + + break; + + case SMBC_SERVER: + + strncpy(col2, (dirp->comment?dirp->comment:""), 128); + + break; + + case SMBC_FILE_SHARE: + + strncpy(col2, (dirp->comment?dirp->comment:""), 128); + + break; + + case SMBC_PRINTER_SHARE: + + strncpy(col2, (dirp->comment?dirp->comment:""), 128); + break; + + case SMBC_COMMS_SHARE: + + break; + + case SMBC_IPC_SHARE: + + break; + + case SMBC_DIR: + case SMBC_FILE: + + /* Get stats on the file/dir and see what we have */ + + if ((strcmp(dirp->name, ".") != 0) && + (strcmp(dirp->name, "..") != 0)) { + + strncpy(path1, path, sizeof(path1)); + strncat(path1, "/", sizeof(path) - strlen(path)); + strncat(path1, dirp->name, sizeof(path) - strlen(path)); + + if (smbc_stat(path1, &st1) < 0) { + + if (errno != EBUSY) { + + g_print("cb_select_child: Could not stat file %s, %s\n", path1, + strerror(errno)); + + gtk_main_quit(); + + return; + + } + else { + + strncpy(col2, "Device or resource busy", sizeof(col2)); + + } + } + else { + /* Now format each of the relevant things ... */ + + snprintf(col2, sizeof(col2), "%c%c%c%c%c%c%c%c%c(%0X)", + (st1.st_mode&S_IRUSR?'r':'-'), + (st1.st_mode&S_IWUSR?'w':'-'), + (st1.st_mode&S_IXUSR?'x':'-'), + (st1.st_mode&S_IRGRP?'r':'-'), + (st1.st_mode&S_IWGRP?'w':'-'), + (st1.st_mode&S_IXGRP?'x':'-'), + (st1.st_mode&S_IROTH?'r':'-'), + (st1.st_mode&S_IWOTH?'w':'-'), + (st1.st_mode&S_IXOTH?'x':'-'), + st1.st_mode); + snprintf(col3, sizeof(col3), "%u", st1.st_size); + snprintf(col4, sizeof(col4), "%s", ctime(&st1.st_mtime)); + } + } + + break; + + default: + + break; + } + + gtk_clist_append(GTK_CLIST(clist), rowdata); + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + +} + +/* Note that this is never called */ +static void cb_unselect_child( GtkWidget *root_tree, + GtkWidget *child, + GtkWidget *subtree ) +{ + g_print ("unselect_child called for root tree %p, subtree %p, child %p\n", + root_tree, subtree, child); +} + +/* for all the GtkItem:: and GtkTreeItem:: signals */ +static void cb_itemsignal( GtkWidget *item, + gchar *signame ) +{ + GtkWidget *real_tree, *aitem, *subtree; + gchar *name; + GtkLabel *label; + gint dh, err, dirlen, level; + char dirbuf[512]; + struct smbc_dirent *dirp; + + label = GTK_LABEL (GTK_BIN (item)->child); + /* Get the text of the label */ + gtk_label_get (label, &name); + + level = GTK_TREE(item->parent)->level; + + /* Get the level of the tree which the item is in */ + g_print ("%s called for item %s->%p, level %d\n", signame, name, + item, GTK_TREE (item->parent)->level); + + real_tree = GTK_TREE_ITEM_SUBTREE(item); /* Get the subtree */ + + if (strncmp(signame, "expand", 6) == 0) { /* Expand called */ + char server[128]; + + if ((dh = smbc_opendir(get_path(item))) < 0) { /* Handle error */ + gchar errmsg[256]; + + g_print("cb_itemsignal: Could not open dir %s, %s\n", get_path(item), + strerror(errno)); + + snprintf(errmsg, sizeof(errmsg), "cb_itemsignal: Could not open dir %s, %s\n", get_path(item), strerror(errno)); + + error_message(errmsg); + + /* gtk_main_quit();*/ + + return; + + } + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { /* An error, report it */ + gchar errmsg[256]; + + g_print("cb_itemsignal: Could not read dir smbc://, %s\n", + strerror(errno)); + + snprintf(errmsg, sizeof(errmsg), "cb_itemsignal: Could not read dir smbc://, %s\n", strerror(errno)); + + error_message(errmsg); + + /* gtk_main_quit();*/ + + return; + + } + + dirp = (struct smbc_dirent *)dirbuf; + + while (err > 0) { + struct tree_data *my_data; + + dirlen = dirp->dirlen; + + my_data = make_tree_data(dirp->smbc_type, dirp->name); + + if (!my_data) { + + g_print("Could not allocate space for tree_data: %s\n", + dirp->name); + + gtk_main_quit(); + return; + + } + + aitem = gtk_tree_item_new_with_label(dirp->name); + + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(aitem), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(aitem), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(aitem), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(aitem), "expand", + GTK_SIGNAL_FUNC(cb_itemsignal), "expand"); + gtk_signal_connect (GTK_OBJECT(aitem), "collapse", + GTK_SIGNAL_FUNC(cb_itemsignal), "collapse"); + /* Add it to the parent tree */ + gtk_tree_append (GTK_TREE(real_tree), aitem); + + gtk_widget_show (aitem); + + gtk_object_set_user_data(GTK_OBJECT(aitem), (gpointer)my_data); + + fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen); + + if (dirp->smbc_type != SMBC_FILE && + dirp->smbc_type != SMBC_IPC_SHARE && + (strcmp(dirp->name, ".") != 0) && + (strcmp(dirp->name, "..") !=0)){ + + subtree = gtk_tree_new(); + gtk_tree_item_set_subtree(GTK_TREE_ITEM(aitem), subtree); + + gtk_signal_connect(GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect(GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + } + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + + smbc_closedir(dh); + + } + else if (strncmp(signame, "collapse", 8) == 0) { + GtkWidget *subtree = gtk_tree_new(); + + gtk_tree_remove_items(GTK_TREE(real_tree), GTK_TREE(real_tree)->children); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + } + +} + +static void cb_selection_changed( GtkWidget *tree ) +{ + GList *i; + + g_print ("selection_change called for tree %p\n", tree); + g_print ("selected objects are:\n"); + + i = GTK_TREE_SELECTION(tree); + while (i){ + gchar *name; + GtkLabel *label; + GtkWidget *item; + + /* Get a GtkWidget pointer from the list node */ + item = GTK_WIDGET (i->data); + label = GTK_LABEL (GTK_BIN (item)->child); + gtk_label_get (label, &name); + g_print ("\t%s on level %d\n", name, GTK_TREE + (item->parent)->level); + i = i->next; + } +} + +/* + * Expand or collapse the whole network ... + */ +static void cb_wholenet(GtkWidget *item, gchar *signame) +{ + GtkWidget *real_tree, *aitem, *subtree; + gchar *name; + GtkLabel *label; + gint dh, err, dirlen; + char dirbuf[512]; + struct smbc_dirent *dirp; + + label = GTK_LABEL (GTK_BIN (item)->child); + gtk_label_get (label, &name); + g_print ("%s called for item %s->%p, level %d\n", signame, name, + item, GTK_TREE (item->parent)->level); + + real_tree = GTK_TREE_ITEM_SUBTREE(item); /* Get the subtree */ + + if (strncmp(signame, "expand", 6) == 0) { /* Expand called */ + + if ((dh = smbc_opendir("smb://")) < 0) { /* Handle error */ + + g_print("cb_wholenet: Could not open dir smbc://, %s\n", + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { /* An error, report it */ + + g_print("cb_wholenet: Could not read dir smbc://, %s\n", + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + dirp = (struct smbc_dirent *)dirbuf; + + while (err > 0) { + struct tree_data *my_data; + + dirlen = dirp->dirlen; + + my_data = make_tree_data(dirp->smbc_type, dirp->name); + + aitem = gtk_tree_item_new_with_label(dirp->name); + + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(aitem), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(aitem), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(aitem), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(aitem), "expand", + GTK_SIGNAL_FUNC(cb_itemsignal), "expand"); + gtk_signal_connect (GTK_OBJECT(aitem), "collapse", + GTK_SIGNAL_FUNC(cb_itemsignal), "collapse"); + + gtk_tree_append (GTK_TREE(real_tree), aitem); + /* Show it - this can be done at any time */ + gtk_widget_show (aitem); + + gtk_object_set_user_data(GTK_OBJECT(aitem), (gpointer)my_data); + + fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen); + + subtree = gtk_tree_new(); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(aitem), subtree); + + gtk_signal_connect(GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect(GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + + smbc_closedir(dh); + + } + else { /* Must be collapse ... FIXME ... */ + GtkWidget *subtree = gtk_tree_new(); + + gtk_tree_remove_items(GTK_TREE(real_tree), GTK_TREE(real_tree)->children); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + + } + +} + +/* Should put up a dialog box to ask the user for username and password */ + +static void +auth_fn(const char *server, const char *share, + char *workgroup, int wgmaxlen, char *username, int unmaxlen, + char *password, int pwmaxlen) +{ + + strncpy(username, "test", unmaxlen); + strncpy(password, "test", pwmaxlen); + +} + +static char *col_titles[] = { + "Name", "Attributes", "Size", "Modification Date", +}; + +int main( int argc, + char *argv[] ) +{ + GtkWidget *window, *scrolled_win, *scrolled_win2, *tree; + GtkWidget *subtree, *item, *main_hbox, *r_pane, *l_pane; + gint err, dh; + gint i; + char dirbuf[512]; + struct smbc_dirent *dirp; + + gtk_init (&argc, &argv); + + /* Init the smbclient library */ + + err = smbc_init(auth_fn, 10); + + /* Print an error response ... */ + + if (err < 0) { + + fprintf(stderr, "smbc_init returned %s (%i)\nDo you have a ~/.smb/smb.conf file?\n", strerror(errno), errno); + exit(1); + + } + + /* a generic toplevel window */ + window = gtk_window_new (GTK_WINDOW_TOPLEVEL); + gtk_widget_set_name(window, "main browser window"); + gtk_signal_connect (GTK_OBJECT(window), "delete_event", + GTK_SIGNAL_FUNC (gtk_main_quit), NULL); + gtk_window_set_title(GTK_WINDOW(window), "The Linux Windows Network Browser"); + gtk_widget_set_usize(GTK_WIDGET(window), 750, -1); + gtk_container_set_border_width (GTK_CONTAINER(window), 5); + + gtk_widget_show (window); + + /* A container for the two panes ... */ + + main_hbox = gtk_hbox_new(FALSE, 1); + gtk_container_border_width(GTK_CONTAINER(main_hbox), 1); + gtk_container_add(GTK_CONTAINER(window), main_hbox); + + gtk_widget_show(main_hbox); + + l_pane = gtk_hpaned_new(); + gtk_paned_gutter_size(GTK_PANED(l_pane), (GTK_PANED(l_pane))->handle_size); + r_pane = gtk_hpaned_new(); + gtk_paned_gutter_size(GTK_PANED(r_pane), (GTK_PANED(r_pane))->handle_size); + gtk_container_add(GTK_CONTAINER(main_hbox), l_pane); + gtk_widget_show(l_pane); + + /* A generic scrolled window */ + scrolled_win = gtk_scrolled_window_new (NULL, NULL); + gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (scrolled_win), + GTK_POLICY_AUTOMATIC, + GTK_POLICY_AUTOMATIC); + gtk_widget_set_usize (scrolled_win, 150, 200); + gtk_container_add (GTK_CONTAINER(l_pane), scrolled_win); + gtk_widget_show (scrolled_win); + + /* Another generic scrolled window */ + scrolled_win2 = gtk_scrolled_window_new (NULL, NULL); + gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (scrolled_win2), + GTK_POLICY_AUTOMATIC, + GTK_POLICY_AUTOMATIC); + gtk_widget_set_usize (scrolled_win2, 150, 200); + gtk_paned_add2 (GTK_PANED(l_pane), scrolled_win2); + gtk_widget_show (scrolled_win2); + + /* Create the root tree */ + tree = gtk_tree_new(); + g_print ("root tree is %p\n", tree); + /* connect all GtkTree:: signals */ + gtk_signal_connect (GTK_OBJECT(tree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), tree); + gtk_signal_connect (GTK_OBJECT(tree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), tree); + gtk_signal_connect (GTK_OBJECT(tree), "selection_changed", + GTK_SIGNAL_FUNC(cb_selection_changed), tree); + /* Add it to the scrolled window */ + gtk_scrolled_window_add_with_viewport (GTK_SCROLLED_WINDOW(scrolled_win), + tree); + /* Set the selection mode */ + gtk_tree_set_selection_mode (GTK_TREE(tree), + GTK_SELECTION_MULTIPLE); + /* Show it */ + gtk_widget_show (tree); + + /* Now, create a clist and attach it to the second pane */ + + clist = gtk_clist_new_with_titles(4, col_titles); + + gtk_container_add (GTK_CONTAINER(scrolled_win2), clist); + + gtk_widget_show(clist); + + /* Now, build the top level display ... */ + + if ((dh = smbc_opendir("smb:///")) < 0) { + + fprintf(stderr, "Could not list default workgroup: smb:///: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Create a tree item for Whole Network */ + + item = gtk_tree_item_new_with_label ("Whole Network"); + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(item), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(item), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(item), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(item), "expand", + GTK_SIGNAL_FUNC(cb_wholenet), "expand"); + gtk_signal_connect (GTK_OBJECT(item), "collapse", + GTK_SIGNAL_FUNC(cb_wholenet), "collapse"); + /* Add it to the parent tree */ + gtk_tree_append (GTK_TREE(tree), item); + /* Show it - this can be done at any time */ + gtk_widget_show (item); + + subtree = gtk_tree_new(); /* A subtree for Whole Network */ + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), tree); + + /* Now, get the items in smb:/// and add them to the tree */ + + dirp = (struct smbc_dirent *)dirbuf; + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { /* Handle the error */ + + fprintf(stderr, "Could not read directory for smbc:///: %s\n", + strerror(errno)); + + exit(1); + + } + + fprintf(stdout, "Dir len: %u\n", err); + + while (err > 0) { /* Extract each entry and make a sub-tree */ + struct tree_data *my_data; + int dirlen = dirp->dirlen; + + my_data = make_tree_data(dirp->smbc_type, dirp->name); + + item = gtk_tree_item_new_with_label(dirp->name); + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(item), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(item), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(item), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(item), "expand", + GTK_SIGNAL_FUNC(cb_itemsignal), "expand"); + gtk_signal_connect (GTK_OBJECT(item), "collapse", + GTK_SIGNAL_FUNC(cb_itemsignal), "collapse"); + /* Add it to the parent tree */ + gtk_tree_append (GTK_TREE(tree), item); + /* Show it - this can be done at any time */ + gtk_widget_show (item); + + gtk_object_set_user_data(GTK_OBJECT(item), (gpointer)my_data); + + fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen); + + subtree = gtk_tree_new(); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), tree); + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + + smbc_closedir(dh); /* FIXME, check for error :-) */ + + /* Show the window and loop endlessly */ + gtk_main(); + return 0; +} +/* example-end */ diff --git a/examples/misc/extra_smbstatus b/examples/misc/extra_smbstatus index b018f3dcce9..7f77d07d00c 100644 --- a/examples/misc/extra_smbstatus +++ b/examples/misc/extra_smbstatus @@ -10,28 +10,31 @@ added things at source level, script was quick&easy. if ($1 == "-p") then smbstatus -p |sort -u else if ($1 == "-c") then - echo There are `smbstatus -p |sort -u |grep -n -v z |grep -c :` unique -smbd processes running. + echo There are `smbstatus -p |sort -u |grep -n -v z |grep -c :` unique smbd processes running. else if ($1 == "-l") then - echo `date '+ %d/%m/%y %H:%M:%S'` `smbstatus -p |sort -u |grep -n -v z -|grep -c :` >>$2 + echo `date '+ %d/%m/%y %H:%M:%S'` `smbstatus -p |sort -u |grep -n -v z |grep -c :` >>$2 +else if ($1 == "-cs") then + echo There are `smbstatus |awk '$1==share {n++;} END {print n}' share=$2` concurrent connections to share: $2 +else if ($1 == "-csl") then + echo `date '+ %d/%m/%y %H:%M:%S'` `smbstatus |awk '$1==share {n++;} END {print n}' share=$2` >>$3 else - smbstatus |sort +3 -4 -u + echo "'smbstat -c' ==> Count unique smbd processes." + echo "'smbstat -p' ==> List unique smbd processes." + echo "'smbstat -l logfile' ==> Append a log entry for the number of" + echo " concurrent and unique processes to logfile." + echo "'smbstat -cs sharename'" + echo " ==> Count processes connected to sharename (assumed unique)" + echo "'smbstat -csl sharename logfile'" + echo " ==> Append a log entry for the number of concurrent" + echo " processes connected to sharename (assumed unique)" endif ****** -The '-p' option was just to show unique PIDs. +Run this script from cron eg. -The more important ones are the '-c' and '-l' options '-c' just counts -the number of unique smbd's, While '-l' logs this count with date and -time to a log file specified on the command line. I'm using '-l' at -the moment with cron to give me an idea of usage/max connections etc. -I was also thinking of doing a log for individual/specified services. +0,5,10,15,20,25,30,35,40,50,55 * * * * /usr/local/samba/bin/smbstat -l /usr/local/samba/var/smbdcount.log -The default (last) option was to show unique PIDs with user names. -Unfortunately this still lists all file locks etc. This would be -better with a 'no locked files' option from smbstatus (or is there one -that I didn't see) +and you get a good idea of usage over time. Cheers, ~^ MIME OK ^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~^~ @@ -43,5 +46,5 @@ Cheers, | | "Spend a little love and get high" _/ \_ | - Lenny Kravitz ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -~~~~ SAMBA Web Pages: http://samba.canberra.edu.au/pub/samba/samba.html ~~~~~ +~~~~~~~~~~~~~~ SAMBA Web Pages: http://samba.org/samba/ ~~~~~~~~~~~~~~ diff --git a/examples/misc/swat.pl b/examples/misc/swat.pl new file mode 100644 index 00000000000..f6414b63497 --- /dev/null +++ b/examples/misc/swat.pl @@ -0,0 +1,122 @@ +#! /usr/bin/perl5 +## +## This is a simple script written by Herb Lewis @ SGI +## for reporting which parameters are supported by loadparm.c but +## not by SWAT I just thought it looked fun and might be of interest to others +## --jerry@samba.org +## +## Here is a little info on the usage and output format so you don't have +## to dig through the code to understand what is printed. +## +## Useage: swat.pl [path_to_loadparm.c] +## +## The output consists of 4 columns of information +## Option Name, Global Page, Share Page, Printer Page +## The section separaters will also be printed (preceded by 16 *) to show +## which options are grouped in the various sections. +## +## If the option name is preceded by an * it means this is a deprecated option. +## If the option name is preceded by 5 spaces it means this is an alias for the +## previous option. +## +## Under the Global Page, Share Page, and Printer Page columns there will be +## one of 3 entries, BASIC, ADVANCED, or no. "BASIC" indicates this option will +## show in the Basic View of that page in SWAT. "ADVANCED" indicates this +## option will show in the Advanced View of that page in SWAT. "No" indicates +## that this option is not available on that page in SWAT. +## +## Under the Global Page column, if an entry begins with an * it indicates that +## this is actually specified in Samba as a "service parameter" not a "global +## parameter" but you can set a default value for this on the Global Page in +## SWAT. +## +## --herb@samba.org + +$lastone = "nothing"; + +if (@ARGV[0]) { + $filename = @ARGV[0]; +} else { + $filename = "/usr3/samba20/samba/source/param/loadparm.c"; +} + +open (INFILE,$filename) || die "unable to open $filename\n"; +while (not eof(INFILE)) +{ + $_ = ; + last if ( /^static struct parm_struct parm_table/) ; +} +print "Option Name Global Page Share Page Printer Page\n"; +print "---------------------------------------------------------------------"; +while (not eof(INFILE)) +{ + $_ = ; + last if (/};/); + @fields = split(/,/,$_); + next if not ($fields[0] =~ /^.*{"/); + $fields[0] =~ s/.*{"//; + $fields[0] =~ s/"//; + if ($fields[3] eq $lastone) { + print " $fields[0]\n"; + next; + } + $lastone = $fields[3]; + $fields[2] =~ s/^\s+//; + $fields[2] =~ s/\s+$//; + $fields[2] =~ s/}.*$//; + $fields[6] =~ s/^\s+//; + $fields[6] =~ s/\s+$//; + $fields[6] =~ s/}.*$//; + if ($fields[2] =~ /P_SEPARATOR/) { + print "\n****************$fields[0]\n"; + next; + } + else { + if ($fields[6] =~ /FLAG_DEPRECATED/) { + print "*$fields[0]".' 'x(31-length($fields[0])); + } + else { + print "$fields[0]".' 'x(32-length($fields[0])); + } + } + if (($fields[2] =~ /P_GLOBAL/) || ($fields[6] =~ /FLAG_GLOBAL/)) { + if ($fields[6] =~ /FLAG_GLOBAL/) { + print "*"; + } + else { + print " "; + } + if ($fields[6] =~ /FLAG_BASIC/) { + print "BASIC "; + } + else { + print "ADVANCED "; + } + } + else { + print " no "; + } + if ($fields[6] =~ /FLAG_SHARE/) { + if ($fields[6] =~ /FLAG_BASIC/) { + print "BASIC "; + } + else { + print "ADVANCED "; + } + } + else { + print "no "; + } + if ($fields[6] =~ /FLAG_PRINT/) { + if ($fields[6] =~ /FLAG_BASIC/) { + print "BASIC"; + } + else { + print "ADVANCED"; + } + } + else { + print "no"; + } + print "\n"; +} diff --git a/examples/misc/wall.perl b/examples/misc/wall.perl index fc3dc2e2c05..9303658ce14 100644 --- a/examples/misc/wall.perl +++ b/examples/misc/wall.perl @@ -6,40 +6,64 @@ #@(#) ...using "smbclient -M" message to winpopup service. #@(#) Default usage is to message every connected PC. #@(#) Alternate usage is to message every pc on the argument list. -#@(#) Hacked up by Keith Farrar +#@(#) Hacked up by Keith Farrar # +# Cleanup and corrections by +# Michal Jaegermann +# Message to send can be now also fed (quietly) from stdin; a pipe will do. #============================================================================= -$smbstatus = "/usr/local/bin/smbstatus"; -$smbclient = "/usr/local/bin/smbclient"; -print STDOUT "\nEnter message for Samba clients of this host\n"; -print STDOUT "(terminated with single '.' or end of file):\n"; +$smbstatus = "/usr/local/bin/smbstatus"; +$smbshout = "/usr/local/bin/smbclient -M"; -while ( ) { - /^\.$/ && last; - push(@message, $_); +if (@ARGV) { + @clients = @ARGV; + undef @ARGV; } +else { # no clients specified explicitly + open(PCLIST, "$smbstatus |") || die "$smbstatus failed!.\n$!\n"; + while() { + last if /^Locked files:/; + split(' ', $_, 6); + # do not accept this line if less then six fields + next unless $_[5]; + # if you have A LOT of clients you may speed things up by + # checking pid - no need to look further if this pid was already + # seen; left as an exercise :-) + $client = $_[4]; + next unless $client =~ /^\w+\./; # expect 'dot' in a client name + next if grep($_ eq $client, @clients); # we want this name once + push(@clients, $client); + } + close(PCLIST); +} + +if (-t) { + print <<'EOT'; -if ( $ARGV[0] ne "" ) { - $debug && print STDOUT "Was given args: \n\t @ARGV\n"; - foreach $client ( @ARGV ) { - $pcclient{$client} = $client; - } -} else { - open( PCLIST, "$smbstatus | /bin/awk '/^[a-z]/ {print $5}' | /bin/sort | /bin/uniq|"); - while ( ) { - /^[a-z]+[a-z0-9A-Z-_]+.+/ || next; - ($share, $user, $group, $pid, $client, @junk) = split; - $pcclient{$client} = $client; - } - close(PCLIST); +Enter message for Samba clients of this host +(terminated with single '.' or end of file): +EOT + + while (<>) { + last if /^\.$/; + push(@message, $_); + } +} +else { # keep quiet and read message from stdin + @message = <>; } -foreach $pc ( keys(%pcclient) ) { - print STDOUT "Sending message "; - $debug && print STDOUT " <@message> \n"; - print STDOUT "To <$pc>\n"; - open(SENDMSG,"|$smbclient -M $pc") || next; +foreach(@clients) { +## print "To $_:\n"; + if (open(SENDMSG,"|$smbshout $_")) { print SENDMSG @message; close(SENDMSG); + } + else { + warn "Cannot notify $_ with $smbshout:\n$!\n"; + } } + +exit 0; + diff --git a/examples/pdb/Makefile b/examples/pdb/Makefile new file mode 100644 index 00000000000..115fd3c87e7 --- /dev/null +++ b/examples/pdb/Makefile @@ -0,0 +1,31 @@ +# Makefile for samba-pdb examples +# Variables + +CC = gcc +LIBTOOL = libtool + +SAMBA_SRC = ../../source +SAMBA_INCL = ../../source/include +UBIQX_SRC = ../../source/ubiqx +SMBWR_SRC = ../../source/smbwrapper +CFLAGS = -I$(SAMBA_SRC) -I$(SAMBA_INCL) -I$(UBIQX_SRC) -I$(SMBWR_SRC) -Wall -g +PDB_OBJS = pdb_test.so + +# Default target + +default: $(PDB_OBJS) + +# Pattern rules + +%.so: %.lo + $(LIBTOOL) $(CC) -shared -o $@ $< $(LDFLAGS) + +%.lo: %.c + $(LIBTOOL) $(CC) $(CPPFLAGS) $(CFLAGS) -c $< + +# Misc targets + +clean: + rm -rf .libs + rm -f core *~ *% *.bak \ + $(PDB_OBJS) $(PDB_OBJS:.so=.o) $(PDB_OBJS:.so=.lo) diff --git a/examples/pdb/README b/examples/pdb/README new file mode 100644 index 00000000000..ccc39248aac --- /dev/null +++ b/examples/pdb/README @@ -0,0 +1,9 @@ +README for Samba Password Database (PDB) examples +==================================================== +15-2-2002 Jelmer Vernooij + +The pdb_test.c file in this directory contains a very basic example of +a pdb plugin. It just prints the name of the function that is executed using +DEBUG. Maybe it's nice to include some of the arguments to the function in the +future too.. + diff --git a/examples/pdb/pdb_test.c b/examples/pdb/pdb_test.c new file mode 100644 index 00000000000..4b4189e9d57 --- /dev/null +++ b/examples/pdb/pdb_test.c @@ -0,0 +1,121 @@ +/* + * Test password backend for samba + * Copyright (C) Jelmer Vernooij 2002 + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +static BOOL testsam_setsampwent(struct pdb_context *context, BOOL update) +{ + DEBUG(0, ("testsam_setsampwent called\n")); + return True; +} + +/*************************************************************** + End enumeration of the passwd list. +****************************************************************/ + +static void testsam_endsampwent(struct pdb_context *context) +{ + DEBUG(0, ("testsam_endsampwent called\n")); +} + +/***************************************************************** + Get one SAM_ACCOUNT from the list (next in line) +*****************************************************************/ + +static BOOL testsam_getsampwent(struct pdb_context *context, SAM_ACCOUNT *user) +{ + DEBUG(0, ("testsam_getsampwent called\n")); + return False; +} + +/****************************************************************** + Lookup a name in the SAM database +******************************************************************/ + +static BOOL testsam_getsampwnam (struct pdb_context *context, SAM_ACCOUNT *user, const char *sname) +{ + DEBUG(0, ("testsam_getsampwnam called\n")); + return False; +} + +/*************************************************************************** + Search by rid + **************************************************************************/ + +static BOOL testsam_getsampwrid (struct pdb_context *context, SAM_ACCOUNT *user, uint32 rid) +{ + DEBUG(0, ("testsam_getsampwrid called\n")); + return False; +} + +/*************************************************************************** + Delete a SAM_ACCOUNT +****************************************************************************/ + +static BOOL testsam_delete_sam_account(struct pdb_context *context, const SAM_ACCOUNT *sam_pass) +{ + DEBUG(0, ("testsam_delete_sam_account called\n")); + return False; +} + +/*************************************************************************** + Modifies an existing SAM_ACCOUNT +****************************************************************************/ + +static BOOL testsam_update_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +{ + DEBUG(0, ("testsam_update_sam_account called\n")); + return False; +} + +/*************************************************************************** + Adds an existing SAM_ACCOUNT +****************************************************************************/ + +static BOOL testsam_add_sam_account (struct pdb_context *context, const SAM_ACCOUNT *newpwd) +{ + DEBUG(0, ("testsam_add_sam_account called\n")); + return False; +} + +NTSTATUS pdb_init(PDB_CONTEXT *pdb_context, PDB_METHODS **pdb_method, const char *location) +{ + NTSTATUS nt_status; + + if (!NT_STATUS_IS_OK(nt_status = make_pdb_methods(pdb_context->mem_ctx, pdb_method))) { + return nt_status; + } + + (*pdb_method)->name = "testsam"; + + (*pdb_method)->setsampwent = testsam_setsampwent; + (*pdb_method)->endsampwent = testsam_endsampwent; + (*pdb_method)->getsampwent = testsam_getsampwent; + (*pdb_method)->getsampwnam = testsam_getsampwnam; + (*pdb_method)->getsampwrid = testsam_getsampwrid; + (*pdb_method)->add_sam_account = testsam_add_sam_account; + (*pdb_method)->update_sam_account = testsam_update_sam_account; + (*pdb_method)->delete_sam_account = testsam_delete_sam_account; + + DEBUG(0, ("Initializing testsam\n")); + if (location) + DEBUG(0, ("Location: %s\n", location)); + + return NT_STATUS_OK; +} diff --git a/examples/printer-accounting/README b/examples/printer-accounting/README new file mode 100644 index 00000000000..b7ab42acb96 --- /dev/null +++ b/examples/printer-accounting/README @@ -0,0 +1,63 @@ +These are just a few examples of what you can do for printer accounting; +they are really just hacks to show a manager how may pages were being +printed out on his new hp5n :) + +acct-all will run acct-sum and read the log files to generate some +stats. + +Here is a sample output of the raw stats : + +1996-06-10.15:02:15 pkelly master.fcp.oypi.com 538 0 +1996-06-10.15:06:40 pkelly master.fcp.oypi.com 537 0 +1996-06-10.15:32:12 ted master.fcp.oypi.com 547 0 +1996-06-11.09:06:15 violet master.fcp.oypi.com 2667 0 +1996-06-11.09:48:02 violet master.fcp.oypi.com 66304 5 +1996-06-11.09:50:04 violet master.fcp.oypi.com 116975 9 +1996-06-11.09:57:20 violet master.fcp.oypi.com 3013 1 +1996-06-11.10:13:17 pkelly master.fcp.oypi.com 3407 1 +1996-06-11.12:37:06 craig master.fcp.oypi.com 13639 2 +1996-06-11.12:42:23 pkelly master.fcp.oypi.com 13639 2 +1996-06-11.12:45:11 marlene master.fcp.oypi.com 515 0 +1996-06-11.14:17:10 lucie master.fcp.oypi.com 1405 1 +1996-06-11.14:36:03 laura master.fcp.oypi.com 45486 5 +1996-06-11.15:08:21 violet master.fcp.oypi.com 1923 1 +1996-06-11.15:09:42 laura master.fcp.oypi.com 4821 1 +1996-06-11.15:12:28 laura master.fcp.oypi.com 46277 5 +1996-06-11.15:19:38 violet master.fcp.oypi.com 3503 1 +1996-06-11.15:21:49 lucie master.fcp.oypi.com 493 0 +1996-06-11.15:43:36 al master.fcp.oypi.com 3067 1 + +And the output after the acct-sum is done on a full set of files +in /var/log/lp/* + +master[1072] /var/log/lp$ /etc/conf/acct-all + +Sun Jul 21 23:03:16 EDT 1996 + +Pages are approximate ... + +User Jobs Pages Size +al 1 1 2 KB +craig 1 2 13 KB +jack 68 235 1995 KB +laura 88 328 3050 KB +lucie 221 379 3529 KB +marlene 12 151 1539 KB +melanie 83 365 3691 KB +michelle 68 219 1987 KB +mike 2 10 81 KB +neil 111 225 2753 KB +operator 44 137 1132 KB +pkelly 368 984 11154 KB +root 8 0 29 KB +ted 158 257 2337 KB +tony 244 368 2455 KB +violet 419 1002 10072 KB + + +Printer Jobs Pages +hp2p 3 4 +hp5 915 2135 +lp 978 2524 + + diff --git a/examples/printer-accounting/acct-all b/examples/printer-accounting/acct-all new file mode 100644 index 00000000000..dc8f175b3cb --- /dev/null +++ b/examples/printer-accounting/acct-all @@ -0,0 +1,9 @@ +#!/bin/sh + +echo "" +date +echo "" +echo "Pages are approximate ..." +echo "" +/etc/conf/acct-sum /var/log/lp/* +echo "" diff --git a/examples/printer-accounting/acct-sum b/examples/printer-accounting/acct-sum new file mode 100644 index 00000000000..ffbfc8d8801 --- /dev/null +++ b/examples/printer-accounting/acct-sum @@ -0,0 +1,29 @@ +#!/usr/bin/perl + +while (<>) { + ($date, $user, $machine, $size, $pages) = split(' '); + + $Printer{$ARGV}++; + $PrinterPages{$ARGV} += $pages; + + $Jobs{$user}++; + $Size{$user}+= $size; + $Pages{$user}+= $pages; +} + +printf "%-15s %5s %8s %8s\n", qw(User Jobs Pages Size); +foreach $user (sort keys %Jobs) { + printf "%-15s %5d %8d %8d \KB\n", + $user, $Jobs{$user}, $Pages{$user}, $Size{$user}/1024; +} + + +print "\n\n"; +printf "%-15s %5s %8s %8s\n", qw(Printer Jobs Pages); +foreach $prn (sort keys %Printer) { + ($name = $prn) =~ s=.*/==; + printf "%-15s %5d %8d\n", + $name, $Printer{$prn}, $PrinterPages{$prn}; +} + + diff --git a/examples/printer-accounting/hp5-redir b/examples/printer-accounting/hp5-redir new file mode 100644 index 00000000000..ea1299068a3 --- /dev/null +++ b/examples/printer-accounting/hp5-redir @@ -0,0 +1,40 @@ +#!/usr/bin/perl +# +# 0 == stdin == docuement +# 1 == stdout == printer +# 2 == stderr == logging +# +# With redirection to another valid /etc/printcap entry +# + +umask(002); + +# -w132 -l66 -i0 -n pkelly -h master.fcp.oypi.com /var/log/lp-acct +require "getopts.pl"; +&Getopts("w:l:i:n:h:"); + +chomp($date = `date '+%Y-%m-%d.%T'`); + +($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, + $atime,$mtime,$ctime,$blksize,$blocks) + = stat(STDIN); + +# send to the real printer now. +open(P, "|lpr -Pmgmt0") || die "Can't print to hp5-real ($!)\n"; +$cnt = 0; +while (sysread(STDIN, $buf, 10240)) { + print P $buf; + # this is ugly, but it gives the approx in pages. We + # don't print graphics, so ... There must be a better way :) + $cnt += ($buf =~ /^L/g); +} +close(P); + +$acct = shift; +if (open(ACCT, ">>$acct")) { + print ACCT "$date $opt_n $opt_h $size $cnt\n"; + close(ACCT); +} else { + warn "Err: Can't account for it ($!)\n"; + warn "Log: $date $opt_n $opt_h $size $cnt\n"; +} diff --git a/examples/printer-accounting/lp-acct b/examples/printer-accounting/lp-acct new file mode 100644 index 00000000000..91a3def08f8 --- /dev/null +++ b/examples/printer-accounting/lp-acct @@ -0,0 +1,35 @@ +#!/usr/bin/perl +# +# 0 == stdin == docuement +# 1 == stdout == printer +# 2 == stderr == logging +# +# Regular, with no redirection +# + +umask(002); + +# -w132 -l66 -i0 -n pkelly -h master.fcp.oypi.com /var/log/lp-acct +require "getopts.pl"; +&Getopts("w:l:i:n:h:"); + +chomp($date = `date '+%Y-%m-%d.%T'`); + +($dev,$ino,$mode,$nlink,$uid,$gid,$rdev,$size, + $atime,$mtime,$ctime,$blksize,$blocks) + = stat(STDIN); + +$cnt = 0; +while (sysread(STDIN, $buf, 10240)) { + print $buf; + $cnt += ($buf =~ /^L/g); +} + +$acct = shift; +if (open(ACCT, ">>$acct")) { + print ACCT "$date $opt_n $opt_h $size $cnt\n"; + close(ACCT); +} else { + warn "Err: Can't account for it ($!)\n"; + warn "Log: $date $opt_n $opt_h $size $cnt\n"; +} diff --git a/examples/printer-accounting/printcap b/examples/printer-accounting/printcap new file mode 100644 index 00000000000..976005a097c --- /dev/null +++ b/examples/printer-accounting/printcap @@ -0,0 +1,22 @@ +# HP5N - Accounting entry +# +# This file calls the filter, hp5-redir to do the numbers and then +# is redirected to the real entry, mgmt0, which is a remote HP5N +# on the LAN with it's own IP number. +# +hp5:lp=/dev/lp1:\ + :sd=/usr/spool/lpd/hp5-acct:\ + :lf=/var/log/lp-err:\ + :af=/var/log/lp/hp5:\ + :if=/usr/local/bin/lp/hp5-redir:\ + :sh:sf:\ + :mx#0: + +# HP5N - Real printer location +mgmt0:\ + :rm=hp5.fcp.oypi.com:\ + :rp=hp5.fcp.oypi.com:\ + :sd=/usr/spool/lpd/mgmt0:\ + :sh:sf:\ + :mx#0: + diff --git a/examples/printing/smbprint b/examples/printing/smbprint index a80d60ce4fa..5a00a2a8aa8 100755 --- a/examples/printing/smbprint +++ b/examples/printing/smbprint @@ -1,4 +1,4 @@ -#!/bin/sh -x +#!/bin/sh # This script is an input filter for printcap printing on a unix machine. It # uses the smbclient program to print the file to the specified smb-based @@ -20,6 +20,11 @@ # so that the server, service, and password can be read from # a /usr/var/spool/lpd/PRINTNAME/.config file. # +# Script further modified by Richard Sharpe to fix some things. +# Get rid of the -x on the first line, and add parameters +# +# -t now causes translate to be used when sending files +# # In order for this to work the /etc/printcap entry must include an # accounting file (af=...): # @@ -53,7 +58,8 @@ logfile=/tmp/smb-print.log # Extract the directory name from the file name. # Concat this with /.config to get the config file. # -eval acct_file=\$$# +TRANS=0 +eval acct_file=\${$#} spool_dir=`dirname $acct_file` config_file=$spool_dir/.config @@ -63,6 +69,16 @@ config_file=$spool_dir/.config # password eval `cat $config_file` +while getopts t c; do + case $c in + t) + TRANS=1 + ;; + + '?') # Bad parameters, ignore it ... + ;; + esac +done # # Some debugging help, change the >> to > if you want to same space. # @@ -71,7 +87,9 @@ echo "server $server, service $service" >> $logfile ( # NOTE You may wish to add the line `echo translate' if you want automatic # CR/LF translation when printing. -# echo translate + if [ $TRANS -eq 1 ]; then + echo translate + fi echo "print -" cat ) | /usr/local/samba/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile diff --git a/examples/printing/smbprint-new.sh b/examples/printing/smbprint-new.sh new file mode 100644 index 00000000000..68bd66a13fe --- /dev/null +++ b/examples/printing/smbprint-new.sh @@ -0,0 +1,145 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /usr/var/spool/lpd/PRINTNAME/.config file. +# +# Script further modified by Richard Sharpe to fix some things. +# Get rid of the -x on the first line, and add parameters +# +# -t now causes translate to be used when sending files +# +# Further modifications by Alfred Perlstein to fix some problems and +# improve the quality of the code (3-Dec-2001). +# +# More hacking by Richard Sharpe to improve portability. 9-Dec-2001. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +#smbclient=/usr/pkg/bin/smbclient +# Assume that smbclient will be in the same place as smbprint + +smbclient="`dirname $0`/smbclient" + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +TRANS=0 +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +# username (optional) +# IP (optional) +# debug (optional) +# debugsmb (optional) +# debugfile (optional) +. $config_file + +if [ "x$password" = "x" ] ; then + password="-N" +fi + +if [ "x$username" == "x" ] ; then + username="$server"; +fi + +while test $# -gt 0; do + case "$1" in + -t) + TRANS=1 + ;; + + *) # Bad Parameters, ignore them ... + ;; + esac + shift +done + +command="print - ;" +if [ $TRANS -eq 1 ]; then + command="translate;$command"; +fi + +debugfile="/tmp/smb-print.log" +if [ "x$debug" = "x" ] ; then + debugfile=/dev/null debugargs= +else + if [ $debug -eq 0 ] ; then + debugfile=/dev/null debugargs= + else + set -x; exec >>$debugfile 2>&1 + debugargs="$debugfile." + #[ "x$debugsmb" == "x" ] || debugargs="$debugargs -d $debugsmb" + fi +fi + +if [ "x$smbconf" != "x" ]; then + + smbconf="-s $smbconf" + +fi + +if [ "x$IP" != "x" ]; then + + IP="-I $IP" + +fi + +if [ "x$debugargs" != "x" ]; then + + debugargs="-l $debugargs" + +fi + +$smbclient \ + "\\\\$server\\$service" \ + $password \ + $smbconf \ + $IP \ + $debugargs \ + -U $username \ + -P \ + -c "$command" +# diff --git a/examples/simple/smb.conf b/examples/simple/smb.conf index cdf65b337f7..786bf49057c 100644 --- a/examples/simple/smb.conf +++ b/examples/simple/smb.conf @@ -80,11 +80,13 @@ writable = no create mode = 0700 -; you might also want this one +; you might also want this one, notice that it is read only so as not to give +; people without an account write access. +; ; [tmp] ; comment = Temporary file space ; path = /tmp -; read only = no +; read only = yes ; public = yes ; diff --git a/examples/smb.conf.default b/examples/smb.conf.default new file mode 100644 index 00000000000..f0c86cc6eed --- /dev/null +++ b/examples/smb.conf.default @@ -0,0 +1,254 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not many any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name, eg: REDHAT4 + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# If you want to automatically load your printer list rather +# than setting them up individually then you'll need this + load printers = yes + +# you may wish to override the location of the printcap file +; printcap name = /etc/printcap + +# on SystemV system setting printcap name to lpstat should allow +# you to automatically obtain a printer list from the SystemV spool +# system +; printcap name = lpstat + +# It should not be necessary to specify the print system type unless +# it is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx +; printing = bsd + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /usr/local/samba/var/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting. +# Note: Consider carefully the location in the configuration file of +# this line. The included file is read at that point. +; include = /usr/local/samba/lib/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details +# You may want to add the following on a Linux system: +# SO_RCVBUF=8192 SO_SNDBUF=8192 + socket options = TCP_NODELAY + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /usr/local/samba/lib/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /usr/local/samba/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /usr/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = yes +; printable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %U option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/examples/svr4-startup/README b/examples/svr4-startup/README new file mode 100644 index 00000000000..8ed9f744770 --- /dev/null +++ b/examples/svr4-startup/README @@ -0,0 +1,24 @@ +Hi and thanks for this great software. + +Solaris (and other sysv) machines have a standardized way of +starting and shutting down services (you may well know that already). + +Here's a piece of code one could place under /etc/init.d +and create appropriate link from, say + + /etc/rc2.d/S99samba.server + +to make smbd start and stop automatically with system bootups and +shutdowns. Each one should edit the lines containing the +daemon calls to agree with his/her installation (the code below +works with the defaults) and workgroup setup (we use the -G and -n +options). + + +I hope this will be of use --- at least it is for me. + +Yours, + +Timo Knuutila +knuutila@cs.utu.fi + diff --git a/examples/svr4-startup/samba.server b/examples/svr4-startup/samba.server new file mode 100755 index 00000000000..0a47fdb10ce --- /dev/null +++ b/examples/svr4-startup/samba.server @@ -0,0 +1,38 @@ +#!/bin/sh +#ident "@(#)samba.server 1.0 96/06/19 TK" /* SVr4.0 1.1.13.1*/ +# +# Please send info on modifications to knuutila@cs.utu.fi +# +# This file should have uid root, gid sys and chmod 744 +# +if [ ! -d /usr/bin ] +then # /usr not mounted + exit +fi + +killproc() { # kill the named process(es) + pid=`/usr/bin/ps -e | + /usr/bin/grep -w $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid +} + +# Start/stop processes required for samba server + +case "$1" in + +'start') +# +# Edit these lines to suit your installation (paths, workgroup, host) +# + /opt/samba/bin/smbd -D -s/opt/samba/smb.conf + /opt/samba/bin/nmbd -D -l/opt/samba/log -s/opt/samba/smb.conf + ;; +'stop') + killproc nmbd + killproc smbd + ;; +*) + echo "Usage: /etc/init.d/samba.server { start | stop }" + ;; +esac diff --git a/examples/thoralf/smb.conf b/examples/thoralf/smb.conf new file mode 100644 index 00000000000..f9f147474a8 --- /dev/null +++ b/examples/thoralf/smb.conf @@ -0,0 +1,152 @@ +; Configuration file for smbd (Samba 1.9.15p8) +; created by Thoralf Freitag. Send comments to: +; or +; +; last edit 24.04.1995 01:11 +; +; + +[global] + + protocol = NT1 + ;long filenames for win95 + mangle case = yes + ;lower and upper letters + mangled names = yes + default case = lower + case sensitive = no + preserve case = yes + short preserve case = yes + + printing = bsd + printcap name = /etc/printcap + lpq cache time = 0 + workgroup = WORKGROUP + admin users = su + ;su is allowed to do all !!! + guest account = ftp + ;guest is same as user ftp + default service = reference + ;is possibly helpful to browsing under win 95 + os level = 2 + log file = /var/adm/log.smb + max log size = 10 + debug level = 1 + share modes = yes + lock directory = /var/adm + +[JP_360_raw] + comment = Networkprinter queue for Olivetti JP 360 (untreated RAW format) + browseable = yes + available = yes + public = no + force user = root + writable = no + printable = yes + printer name = samba + ;samba is an alias name for an raw_printer in your /etc/printcap + path = /samba/tmp + create mode = 0700 + +[JP_360_mono] + comment = Networkprinter queue for Olivetti JP 360 Mono (with apsfilter) + browseable = yes + available = yes + public = no + force user = root + writable = no + printable = yes + printer name = lp + ;lp means the standard printer in your /etc/printcap + path = /samba/tmp + create mode = 0700 + +[JP_360_color] + comment = Networkprinter queue for Olivetti JP 360 Color (with apsfilter) + browseable = yes + available = yes + public = no + force user = root + writable = no + printable = yes + printer name = lp4 + ;my printer need this to print with his color cartridge + ;--> the lpd is drive to the printer as an color printer + path = /samba/tmp + create mode = 0700 + +[tmp] + comment = the garbage dump + browseable = yes + available = yes + public = yes + read only = no + printable = no + path = /samba/tmp + create mask = 0777 + +[transfer] + comment = the market place + browseable = yes + available = yes + public = yes + read only = no + printable = no + path = /samba/transfer + create mask = 0777 + +[homes] + comment = home directories + browseable = no + ;ONLY the home-dirs are visible, not the service itself + available = yes + guest ok = no + read only = no + printable = no + create mode = 0700 + +[install] + comment = all of the many install files + browsable = yes + available = yes + public = no + username = @root, @users + writable = yes + read list = @users + printable = no + path = /samba/install + create mode = 0755 + +[doc-help] + comment = documentations, helpfiles, FAQ's + browsable = yes + available = yes + public = no + username = @root, @users + writable = yes + read list = @users + printable = no + path = /samba/doc + create mode = 0755 + +[cd_rom_2] + comment = the CD in the CD-ROM drive on PANDORA + browsable = yes + available = yes + public = yes + writable = no + printable = no + path = /cdrom + +[reference] + ;the default, if invalid accesses + comment = PANDORA: Samba LAN manager + browsable = yes + ;only as an hint + available = no + ;however no access possible + public = yes + writable = no + printable = no + path = /samba/tmp + diff --git a/examples/validchars/msdos70.out b/examples/validchars/msdos70.out new file mode 100644 index 00000000000..a722b83604f --- /dev/null +++ b/examples/validchars/msdos70.out @@ -0,0 +1,257 @@ +255: ok +254: ok +253: ok +252: ok +251: ok +250: ok +249: ok +248: ok +247: ok +246: ok +245: ok +244: ok +243: ok +242: ok +241: ok +240: ok +239: ok +238: ok +237: ok +236: 237 +235: ok +234: ok +233: ok +232: ok +231: 232 +230: ok +229: ok +228: 229 +227: ok +226: ok +225: ok +224: ok +223: ok +222: ok +221: ok +220: ok +219: ok +218: ok +217: ok +216: ok +215: ok +214: ok +213: 73 +212: ok +211: ok +210: ok +209: ok +208: 209 +207: ok +206: ok +205: ok +204: ok +203: ok +202: ok +201: ok +200: ok +199: ok +198: 199 +197: ok +196: ok +195: ok +194: ok +193: ok +192: ok +191: ok +190: ok +189: ok +188: ok +187: ok +186: ok +185: ok +184: ok +183: ok +182: ok +181: ok +180: ok +179: ok +178: ok +177: ok +176: ok +175: ok +174: ok +173: ok +172: ok +171: ok +170: ok +169: ok +168: ok +167: ok +166: ok +165: ok +164: 165 +163: 233 +162: 224 +161: 214 +160: 181 +159: ok +158: ok +157: ok +156: ok +155: 157 +154: ok +153: ok +152: length 0 +151: 235 +150: 234 +149: 227 +148: 153 +147: 226 +146: ok +145: 146 +144: ok +143: ok +142: ok +141: 222 +140: 215 +139: 216 +138: 212 +137: 211 +136: 210 +135: 128 +134: 143 +133: 183 +132: 142 +131: 182 +130: 144 +129: 154 +128: ok +127: ok +126: ok +125: ok +124: open unlink 0 +123: ok +122: 90 +121: 89 +120: 88 +119: 87 +118: 86 +117: 85 +116: 84 +115: 83 +114: 82 +113: 81 +112: 80 +111: 79 +110: 78 +109: 77 +108: 76 +107: 75 +106: 74 +105: 73 +104: 72 +103: 71 +102: 70 +101: 69 +100: 68 +99: 67 +98: 66 +97: 65 +96: ok +95: ok +94: ok +93: open unlink 0 +92: open unlink 0 +91: open unlink 0 +90: ok +89: ok +88: ok +87: ok +86: ok +85: ok +84: ok +83: ok +82: ok +81: ok +80: ok +79: ok +78: ok +77: ok +76: ok +75: ok +74: ok +73: ok +72: ok +71: ok +70: ok +69: ok +68: ok +67: ok +66: ok +65: ok +64: ok +63: open unlink 0 +62: open unlink 0 +61: open unlink 0 +60: open unlink 0 +59: open unlink 0 +58: open unlink 0 +57: ok +56: ok +55: ok +54: ok +53: ok +52: ok +51: ok +50: ok +49: ok +48: ok +47: open unlink 0 +46: open unlink 0 +45: ok +44: open unlink 0 +43: open unlink 0 +42: open unlink 0 +41: ok +40: ok +39: ok +38: ok +37: ok +36: ok +35: ok +34: open unlink 0 +33: ok +32: open unlink 0 +31: open unlink 0 +30: open unlink 0 +29: open unlink 0 +28: open unlink 0 +27: open unlink 0 +26: open unlink 0 +25: open unlink 0 +24: open unlink 0 +23: open unlink 0 +22: open unlink 0 +21: open unlink 0 +20: open unlink 0 +19: open unlink 0 +18: open unlink 0 +17: open unlink 0 +16: open unlink 0 +15: open unlink 0 +14: open unlink 0 +13: open unlink 0 +12: open unlink 0 +11: open unlink 0 +10: open unlink 0 +9: open unlink 0 +8: open unlink 0 +7: open unlink 0 +6: open unlink 0 +5: open unlink 0 +4: open unlink 0 +3: open unlink 0 +2: open unlink 0 +1: open unlink 0 + + valid chars = 73:213 213:73 73:73 33 35 36 37 38 39 40 41 45 48 49 50 51 52 53 54 55 56 57 64 97:65 98:66 99:67 100:68 101:69 102:70 103:71 104:72 105:73 106:74 107:75 108:76 109:77 110:78 111:79 112:80 113:81 114:82 115:83 116:84 117:85 118:86 119:87 120:88 121:89 122:90 94 95 96 123 125 126 127 135:128 132:142 134:143 130:144 145:146 148:153 129:154 156 155:157 158 159 164:165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 160:181 131:182 133:183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198:199 200 201 202 203 204 205 206 207 208:209 136:210 137:211 138:212 161:214 140:215 139:216 217 218 219 220 221 141:222 223 162:224 225 147:226 149:227 228:229 230 231:232 163:233 150:234 151:235 236:237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 diff --git a/examples/validchars/nwdos70.out b/examples/validchars/nwdos70.out new file mode 100644 index 00000000000..b0dbf628531 --- /dev/null +++ b/examples/validchars/nwdos70.out @@ -0,0 +1,257 @@ +255: ok +254: ok +253: ok +252: ok +251: ok +250: ok +249: ok +248: ok +247: ok +246: ok +245: ok +244: ok +243: ok +242: ok +241: ok +240: ok +239: ok +238: ok +237: ok +236: ok +235: ok +234: ok +233: ok +232: ok +231: ok +230: ok +229: ok +228: ok +227: ok +226: ok +225: ok +224: ok +223: ok +222: ok +221: ok +220: ok +219: ok +218: ok +217: ok +216: ok +215: ok +214: ok +213: ok +212: ok +211: ok +210: ok +209: ok +208: ok +207: ok +206: ok +205: ok +204: ok +203: ok +202: ok +201: ok +200: ok +199: ok +198: ok +197: ok +196: ok +195: ok +194: ok +193: ok +192: ok +191: ok +190: ok +189: ok +188: ok +187: ok +186: ok +185: ok +184: ok +183: ok +182: ok +181: ok +180: ok +179: ok +178: ok +177: ok +176: ok +175: ok +174: ok +173: ok +172: ok +171: ok +170: ok +169: ok +168: ok +167: ok +166: ok +165: ok +164: 165 +163: 85 +162: 79 +161: 73 +160: 65 +159: ok +158: ok +157: ok +156: ok +155: ok +154: ok +153: ok +152: 89 +151: 85 +150: 85 +149: 79 +148: 153 +147: 79 +146: ok +145: 146 +144: ok +143: ok +142: ok +141: 73 +140: 73 +139: 73 +138: 69 +137: 69 +136: 69 +135: 128 +134: 143 +133: 65 +132: 142 +131: 65 +130: 69 +129: 154 +128: ok +127: ok +126: ok +125: ok +124: open unlink 0 +123: ok +122: 90 +121: 89 +120: 88 +119: 87 +118: 86 +117: 85 +116: 84 +115: 83 +114: 82 +113: 81 +112: 80 +111: 79 +110: 78 +109: 77 +108: 76 +107: 75 +106: 74 +105: 73 +104: 72 +103: 71 +102: 70 +101: 69 +100: 68 +99: 67 +98: 66 +97: 65 +96: ok +95: ok +94: ok +93: open unlink 0 +92: open unlink 0 +91: open unlink 0 +90: ok +89: ok +88: ok +87: ok +86: ok +85: ok +84: ok +83: ok +82: ok +81: ok +80: ok +79: ok +78: ok +77: ok +76: ok +75: ok +74: ok +73: ok +72: ok +71: ok +70: ok +69: ok +68: ok +67: ok +66: ok +65: ok +64: ok +63: open unlink 0 +62: open unlink 0 +61: open unlink 0 +60: open unlink 0 +59: open unlink 0 +58: open unlink 0 +57: ok +56: ok +55: ok +54: ok +53: ok +52: ok +51: ok +50: ok +49: ok +48: ok +47: open unlink 0 +46: open unlink 0 +45: ok +44: open unlink 0 +43: open unlink 0 +42: open unlink 0 +41: ok +40: ok +39: ok +38: ok +37: ok +36: ok +35: ok +34: open unlink 0 +33: ok +32: length 0 +31: open unlink 0 +30: open unlink 0 +29: open unlink 0 +28: open unlink 0 +27: open unlink 0 +26: open unlink 0 +25: open unlink 0 +24: open unlink 0 +23: open unlink 0 +22: open unlink 0 +21: open unlink 0 +20: open unlink 0 +19: open unlink 0 +18: open unlink 0 +17: open unlink 0 +16: open unlink 0 +15: open unlink 0 +14: open unlink 0 +13: open unlink 0 +12: open unlink 0 +11: open unlink 0 +10: open unlink 0 +9: open unlink 0 +8: open unlink 0 +7: open unlink 0 +6: open unlink 0 +5: open unlink 0 +4: open unlink 0 +3: open unlink 0 +2: open unlink 0 +1: open unlink 0 + + valid chars = 69:130 130:69 69:69 65:131 131:65 65:65 65:133 133:65 65:65 69:136 136:69 69:69 69:137 137:69 69:69 69:138 138:69 69:69 73:139 139:73 73:73 73:140 140:73 73:73 73:141 141:73 73:73 79:147 147:79 79:79 79:149 149:79 79:79 85:150 150:85 85:85 85:151 151:85 85:85 89:152 152:89 89:89 65:160 160:65 65:65 73:161 161:73 73:73 79:162 162:79 79:79 85:163 163:85 85:85 33 35 36 37 38 39 40 41 45 48 49 50 51 52 53 54 55 56 57 64 97:65 98:66 99:67 100:68 101:69 102:70 103:71 104:72 105:73 106:74 107:75 108:76 109:77 110:78 111:79 112:80 113:81 114:82 115:83 116:84 117:85 118:86 119:87 120:88 121:89 122:90 94 95 96 123 125 126 127 135:128 132:142 134:143 144 145:146 148:153 129:154 155 156 157 158 159 164:165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 diff --git a/examples/validchars/readme b/examples/validchars/readme new file mode 100644 index 00000000000..6487fbd766a --- /dev/null +++ b/examples/validchars/readme @@ -0,0 +1,101 @@ +Note: All files in this directory are DOS formatted (CRLF line terminator). + +!!! VIRUS WARNING !!! I do not know if VALIDCHR.COM is virus free !!! +I think that my system is virus free here because I do not run any games +or other copied software. I only run Shareware/Freeware etc. from CD-ROMs +or from registered disks, however I do not use viral scanners because +I have not registered any (I consider `having no sex' is better than +`testing for AIDS on a regular basis', if you know what I mean). + +This is VALIDCHR, a little DOS program I wrote to create +an apropriate `valid chars =' config parameter. +It is freeware and is thought to be distributed freely with Samba. + +WARNING: + Your SMB driver may use another character map as the one VALIDCHR + sees. The only way you can tell this is that some file names fail. + Under Win95 everything is fine, though. + +Usage: + c: + mkdir junk_dir + cd junk_dir + a:validchr > a:output.log + cd .. + rmdir junk_dir + +Siedeffects: + Files named *.TST may be deleted. + +Verification: + For diagnostic purpose you can run VALIDCHR on a Samba mounted drive. + Then you can use unix diff to compare the output of the network and + the hard drive. These two outputs usually differ! However there + should be few differences. I get following on Win95 (c: visa e:) + 104c104 + < 152: length 0 + --- + > 152: 95 + (diff line for `valid chars =' deleted because it's uninteresting) + You can see, `y diaresis' can be mapped on the network drive while + it cannot be mapped on the hard drive. Everything else is identical. + However this gives a hint that one can improve the mapping. + +Bugs: + Yes, probably some. + + +VALIDCHR must be run on the system which character mapping should be probed. +It must be run on the hard drive for this. VALIDCHR ALTERS THE CURRENT +DIRECTORY AND REMOVES SOME FILES, SO ALWAYS RUN IT IN A junk DIRECTORY !!! +You should redirect the output of VALIDCHR. At the end of the output is a +line like + valid chars = x:y y:x x:x ... a:b c ... +which is suitable for your smb.conf file. (you should remove the DOS CR +character, because DOS uses CRLF while Unix uses LF only.) + +Note that some mappings at the beginning of the `valid chars =' line like +A:B B:A B:B +might look a little bit strange to you, however sometimes character A +has to be mapped to character B independently of a default mapping +to uppercase or lowercase while character B must not be touched. I found +this out the hard way ... Consider it a crude workaround, because Samba +lacks the possibility to map characters in one direction only! + +VALIDCHR usually issues one warning for character 32. +You may ignore these and any other warnings. + +VALIDCHR does not test for character NUL (this is the directory end marker). + +validchr.c is the source code to validchr.com + You may do anything with the source code (copy, change, sell, burn) +validchr.com is a Borland C compiled binary. + Beware, it may contain a virus (if my system contains one). +nwdos70.out is the output of an VALIDCHR-run under Novell DOS 7.0 + while no codepage (no display.sys) was active. +msdos70.out is the output of an VALIDCHR-run under MS-DOS 7.0 (Win95 DOS) + while codepage 850 was active. + +I have no other MS-DOS systems at home currently. +(I have access to MS-DOS 3.0, 3.2, 3.3, 5.0 and 6.22, however I have no time + to run VALIDCHR there) + +Some words to the output +(for people not fammiliar with programming language C): + +probed_char: [text] mapped_char + +probed_char is the character probed to be written to disk +text may be empty or contain: + open File could not be opened. + close File could not be closed (should not happen) + length File name was shortened (usually occurs on SPC) + unlink File cannot be unlinked (usually when open fails) +mapped_char is the character which is used by MS-DOS in the directory + This is usually the uppercase character. + The mapped character is 0 if something failed (you may say + that the character is not supported) + +The last line in the output is documented in the smb.conf manual page ;) + +tino@augsburg.net diff --git a/examples/validchars/validchr.c b/examples/validchars/validchr.c new file mode 100644 index 00000000000..415546cb841 --- /dev/null +++ b/examples/validchars/validchr.c @@ -0,0 +1,123 @@ +/* by tino@augsburg.net + */ + +#include +#include + +#include + +unsigned char +test(void) +{ + DIR *dir; + struct dirent *dp; + unsigned char c; + + if ((dir=opendir("."))==0) + { + perror("open ."); + return 0; + } + c = 0; + while ((dp=readdir(dir))!=0) + { + size_t len; + + len = strlen(dp->d_name); + if (len<4) + continue; + if (strcmp(dp->d_name+len-4, ".TST")) + continue; + if (len!=5) + { + fprintf(stderr, "warning: %s\n", dp->d_name); + printf(" length"); + continue; + } + if (c) + printf(" double%d\n", c); + c = dp->d_name[0]; + } + if (closedir(dir)) + perror("close ."); + return c; +} + +int +main(void) +{ + char name[256]; + unsigned char map[256], upper[256], lower[256]; + int i, j, c; + FILE *fd; + + if (test()) + { + printf("There are *.TST files, please remove\n"); + return 0; + } + for (i=0; ++i<256; ) + { + lower[i] = i; + upper[i] = 0; + } + for (i=256; --i; ) + { + map[i] = i; + strcpy(name, "..TST"); + name[0] = i; + printf("%d:", i); + if ((fd=fopen(name, "w"))==0) + printf(" open"); + else + fclose(fd); + c = test(); + if (unlink(name)) + printf(" unlink"); + if (c==i) + printf(" ok"); + else + printf(" %d", c); + printf("\n"); + if (c!=i) + { + upper[c]++; + lower[c] = i; + } + map[i] = c; + } + + /* Uppercase characters are detected above on: + * The character is mapped to itself and there is a + * character which maps to it. + * Lowercase characters are the lowest character pointing to another one. + * Else it is a one way character. + * + * For this reason we have to process the list + * 1) for 'one way' characters + * 'one way' is something which is no upper and no lower character. + * This is an awful, crude and ugly hack due to missing Samba support. + * 2) for true uppercase/lowercase characters + * 3) for standalone characters + * Note that there might be characters which do not fall into 1 to 3. + */ + printf("\n valid chars ="); + for (i=0; ++i<256; ) + if (map[i] && map[i]!=i && lower[map[i]]!=i) + { + if (!upper[i]) + printf(" %d:%d %d:%d %d:%d", /*1*/ + map[i], i, i, map[i], map[i], map[i]); + else + fprintf(stderr, "ignoring map %d->%d because of %d->%d\n", + lower[i], i, i, map[i]); + } + for (i=0; ++i<256; ) + if (map[i] && map[i]==i) + if (upper[i]) + printf(" %d:%d", lower[i], i); /*2*/ + else + printf(" %d", i); /*3*/ + printf("\n"); + return 0; +} diff --git a/examples/validchars/validchr.com b/examples/validchars/validchr.com new file mode 100644 index 00000000000..a5dbb39bedf --- /dev/null +++ b/examples/validchars/validchr.com @@ -0,0 +1,77 @@ +ŒÊ.‰–´0Í!‹.‹,ŽÚ£é Œç ‰㠉.ÿ è]¡ã ŽÀ3À‹Ø‹ø¹ÿüò®ãaC&8uö€Í€÷ىá ¹ÓãƒÃƒãø‰å ŒÚ+ê‹>º#ÿs¿‰>º#Ç>'r(>R#r"±ÓïG;ïrƒ>º#tƒ>R#u¿;ïw‹ýëéã‹ßډ÷ ‰û ¡ç +؎À´JWÍ!_ÓçúŽÒ‹çû3À.Ž–¿î&¹>'+Ïüóªƒ>$#vG€>é r@w€>ê r7¸X»Í!r*´g‹$#Í!r ´H»Í!r@£ÿ HŽÀ´IÍ!r +¸X»Í!séb´Í‰í ‰ï +Àt ¸@ŽÀ»p&Æ3í.Ž–¾è&¿î&è©ÿ6ß ÿ6Ý ÿ6Û èóPèy.Ž–VW¾î&¿î&èÊ_^ÃËì´LŠFÍ!¹ºŸ é¸5Í!‰Ë ŒÍ ¸5Í!‰Ï ŒÑ ¸5Í!‰Ó ŒÕ ¸5Í!‰× ŒÙ ¸%ŒÊŽÚº{Í!ø%ÅË Í!¸%ÅÏ Í!¸%ÅÓ Í!¸%Å× Í!ø‹×‹Þ;ßt&€?ÿt&ŠO2í;Ès‹Á‹ÓƒÃëã;×t‹Ú&€?&Æÿt&ÿ_ëÄ&ÿWë½Ã´‹×‹Þ;ßt&€?ÿt &8gr&Šg‹ÓƒÃëå;×t‹Ú&€?&Æÿt&ÿ_ëÇ&ÿWëÀô@»Í!ùº­ .Ž–èêÿ¸PèPU‹ìƒìVW¸!Pè6Y‰Fþ Àu ¸!PèƒY°é‰ÆFýë]VèúY‹øƒÿsëO¸ !P‹ÆÇüÿPèYY Àtë8ƒÿtV¸!P¸"Pèƃĸ!PèmYë€~ýtŠFý´P¸%!PèWYYŠˆFýÿvþètY‹ð Àu–ÿvþè›Y Àt¸0!PèûYŠFýétÿ_^‹å]ÃU‹ììèCÿ +Àt ¸8!PèY3ÀéaÇFþ덆úû‹^þ؊Fþˆ†úü‹^þØÆÿFþ‹Fþ=|ÛÇFþéƍ†úý‹^þ؊Fþˆ¸^!P†úþPèêYYŠFþˆ†úþÿvþ¸d!Pè¨YY¸h!P†úþPèÊYY‰Fú Àu ¸j!PèŠëÿvúèYè§þ´‰Fü†úþPèJY Àt¸p!PèeY‹Fü;Fþu +¸x!PèUYë ÿvü¸|!PèHYY¸€!Pè?Y‹Fü;Fþt†úü‹^üØþ†úû‹^ü؊Fþˆ†úý‹^þ؊FüˆÿNþté2ÿ¸‚!PèYÇFþéҍ†úý‹^þ؀?uéÁ†úý‹^þ؊´;Fþu鬍†úý‹^þ؊´–úû‹؊´;Fþu鋍†úü‹^þ؊´ ÀuJ†úý‹^þ؊´P†úý‹^þ؊´P†úý‹^þ؊´Pÿvþÿvþ†úý‹^þ؊´P¸”!PèZƒÄë0†úý‹^þ؊´Pÿvþÿvþ†úû‹^þ؊´P¸§!P¸"PèwƒÄ ÿFþ‹Fþ=}é ÿÇFþëW†úý‹^þ؀?tI†úý‹^þ؊´;Fþu7†úü‹^þ؀?tÿvþ†úû‹^þ؊´P¸Î!PèʃÄë ÿvþ¸Õ!Pè»YYÿFþ‹Fþ=|ž¸Ù!é•ý‹å]ÃU‹ìƒ>Ü! u¸ë‹Ü!Ñã‹F‰‡î&ÿÜ!3À]ÃU‹ì´C2À‹VÍ!r ‹^‰3ÀëPè?]ÃU‹ì´C°‹V‹NÍ!r3ÀëPè$]ÃU‹ì´/Í!S´‹VÍ!´N‹N‹VÍ!œY“´ZÍ!Qr3ÀëSèñ]ÃU‹ì´/Í!S´‹VÍ!´OÍ!œY“´ZÍ!Qr3ÀëSèÄ]ÃÃU‹ìV‹v öuëÿÜ!‹Ü!Ñãÿ—î&ƒ>Ü!uëè¯úÿÞ!èûè¸úƒ~u öuÿà!ÿâ!ÿvè¡úY^]ÂU‹ì3ÀPPÿvè¦ÿ]ÃU‹ì¸P3ÀPÿvè”ÿ]Ã3ÀP¸P3ÀPè…ÿøPP3ÀPèyÿÃU‹ìV‹v ö|ƒþX~¾W‰6T#Š„V#˜‹ðë ÷ރþ0éÇT#ÿÿ‰6ë ¸ÿÿ^]ÂU‹ìV‹vVè¼ÿ‹Æ^]ÂU‹ì¸D‹^Í!’%€]ÃU‹ìƒì"VW‹~ +‹^ƒû$wX€ûrS‹F ‹N É}€~t Æ-G÷Ù÷؃ٍvÞã‘+Ò÷ó‘÷óˆFã ëñ+Ò÷óˆF ÀuõNÞ÷ÙÎüNŠ, +s:ëFªâï°ª‹F +_^‹å] U‹ì3ÀPÿvÿv¸ +P°P°aPèjÿ]ÂU‹ì‹^Ñで&#ÿý´BŠF +‹^‹N‹VÍ!rëPèäþ™]ÃU‹ìV‹v‹V öu¾.'ÿv Òu¸°#ë‹ÂPVèÖYYPèÿ¸´#PVèÕYY‹Æ^]ÂU‹ìƒìVW‹v‹~V3ÀPƒ=ÿu¸ë¸‹Pèžÿ‹ðFþPVèTýYY Àt׋Æ_^‹å]º;$#s+‹ÚÑãLJ&#‹Ú±ÓãƇè!ÿ‹ÂÓàä!‹ÚÓ㉇ò!B;$#rÕ è!˜PètþY Àu&æ!ÿý¸P÷æ!t¸ë3ÀP3ÀP¸ä!PèZƒÄ ø!˜Pè@þY Àu&ö!ÿý¸P÷ö!t¸ë3ÀP3ÀP¸ô!Pè&ƒÄÃU‹ì´A‹VÍ!r3ÀëPè´ý]ÊÆèŠÂÔ†àè†à'@'ªÃU‹ìì–VWÇFîÇFìPÇFêëFW¹ÿÿ2Àò®÷ÑI_Ã6ˆGþNìu/SQR†jÿ+ø†jÿPWÿvÿV + ÀuÇFêÇFìP~jÿZY[Ãü¾jÿ‰~ü‹~ü‹v¬ +Àt<%t6ˆGþNìîè¬ÿëééÚ‰vð¬<%tç‰~ü3ɉNò‰NþˆNõÇFøÿÿÇFöÿÿë¬2ä‹Ð‹Ø€ë €û`sŠŸÃ#ƒûvéÑã.ÿ§û郀ýwøƒNþëЀýwíƒNþëŀýwâ€~õ+tˆVõ뵃fþßëƒNþ µ맀ýwM÷Fþu)ƒNþµë“é8‹~6‹ƒF€ýs Ày÷؃Nþ‰Føµéoÿ€ýu׉FöþÅébÿ€ýsʵÿFöéUÿ’,0˜€ýwµ‡Fø À|ÑÑà‹ÐÑàÑàÂFøé3ÿ€ýu›‡Fö ÀtµÑà‹ÐÑàÑàÂFöéÿƒNþéeÿNþƒfþïéYÿ·ë +· +ë +·³éÚÆFõˆVû3҈Vú‹~6‹ë· +ÆFúˆVû‹~6‹™GG‰v÷Fþt6‹GG‰~~» Àu Òuƒ~öu 6Æ‹ÇëƒNþRPWŠÇ˜PŠFúPSèÝû‹Vö Ò}éòéýˆVû‰v~º‹^6ÿ7CC‰^÷Fþ t6‹CC‰^è˜ý°:ªZèý6ÆÆFúƒfþûNº+ù‡Ï‹Vö;Ñ‹Ñ韉vˆVû‹~6‹ƒF~»2ä6‰¹é‰vˆVû‹~÷Fþ u 6‹=ƒF ÿë 6Ä=ƒFŒÀ Çu¿¼#èPý;Növ‹Nö酉vˆVû‹~‹Nö É}¹WQ^»SR¸#FþP‹Fþ©t ¸ƒF +ëƒF¸Pèò~»÷Fþt‹Vø Ò~èòü&€=-uI+Ñ~‰Vò&€=-t ŠFõ +ÀtO&ˆƒ~ò~ +‹Nö É}ÿNòèÀü‹÷‹~ü‹^ø¸#Fþ=uŠfû€üou ƒ~òÇFòë€üxt€üXuƒNþ@KKƒnò}ÇFòNò÷Fþu ë° èyüK;Ùö÷Fþ@t °0èhüŠFûèbü‹Vò Ò~'+Ê+Ú&Š<-t< t<+u&¬èCüIK‡Êã°0è8üâù‡Êã+Ù&¬6ˆGþNìè+üâð Û~ ‹Ë° èüâùéUü‰v‹~÷Fþ u 6‹=ƒFë6Ä=ƒF¸P*FìFî&‰÷FþtGG&Çéü‹vð‹~ü°%èÉû¬ +Àuø€~ìP}èÄûƒ~êt¸ÿÿë‹Fî_^‹å]Â^ H “ S Á Î   | A  # '   M ð  ËËËn t U‹ìVW‹~ÿvè‰Y‹ð@PÿvWè ƒÄ‹ÇÆ_^]ÃU‹ì‹F‹Ôê;Âs£ó 3Àë Çë ¸ÿÿ]ÃU‹ì‹F‹Vó ƒÒ‹È ÒuÁr +;Ìs‡ó ë Çë ¸ÿÿ]ÃU‹ìÿvè¤ÿY]ÃU‹ì‹F™RPè·ÿYY]ú$$ëº)$¹´@»Í!¹'º.$´@Í!é£óU‹ì‹V´DŠF‹^‹N +Í!r ƒ~u‹ÂëëPèø]ÃVW‹ô‹\ƒër;X$tèBëè_^Ã9V$t#‹wöt‰6X$ë ;6V$t ‹ÞèT‹G£X$ë ‹Þ3À£V$£X$£Z$Sèöþ[Ãÿ;V$t‹w‹¨u‰‹?û‰u‹Þëè2‹?û‹¨tË÷ð‰\‹ß‹;ßt‰>Z$‹w‰u‰|ÃÇZ$Ë6Z$ öt‹|‰\‰]‰‰wÉZ$‰_‰_ÃVW‹ô‹D ÀtRr6%þÿ=s¸ƒ>V$t‹Z$ Ût ‹Ó9s‹_;Úuõèfë!èŠëèë3Àë‹ðƒÆ97séèkÿÿ‹Ã_^ÃP3ÀPPè6þ[[%t 3ÒRPè(þ[[XP3ÛSPèþ[[=ÿÿt‹Ø‰V$‰X$X@‰ƒÃ‹ÃÃ[3ÀÃP3ÛSPèöý[[=ÿÿt‹Ø¡X$‰G‰X$X@‰ƒÃ‹ÃÃX3ÀÃ)‹ó7‹þø@‰‰\‰uƒÆ‹ÆËìSPQPèÿ[‹Ø Àtü‹ø‹vþ‹ ƒÆVƒéÑéó¥‰Fþè$þ[‹^þƒÄ˃Â;Ñw5‹Ñ;X$u‰ÿÃSPèKý[[ë‹ûø‰]+Ð)‹÷ò‰|B‰‹Ë‹ßè7þ‹ÙƒÃÃVWU‹ì‹^‹F + Àt7 Ût-ƒë‹I‹ÐƒÂƒâþƒúsº;Êr wƒÃëè‡ÿëèOÿ‹Ãë PèeþëSèý3À[]_^Ãÿ&à&U‹ì‹N´CŠF‹VÍ!r‘ëPèyõ]ÃU‹ì‹V;$#r ¸Pèdõë‹ÚÑãLJ&#RèY]ÃU‹ì´>‹^Í!r ÑãLJÀëPè5õ]ÃU‹ìVWÿvèØ Y‹øPèàýY‹ð Àu +Çë 3ÀëpÿvVè” YY‹ÇO Àt‹ß€8:t€8\t +€8/t¸\$ë¸a$PVè YY¸/Pè˜ýY‹ø Àu Çë VëW¸PVèÔóƒÄ Àt Vè¥üYWè üY뙉u+ÆE-ÆE.݋Ç_^]ÃU‹ìV‹v€|.ÝuV¸Pÿt+è˜óƒÄÆD-^]ÃU‹ìV‹v€|.Ýt +Çë 3ÀëŠD-˜ Àu VèžóY ÀuëÆD-‹Æ^]ÃU‹ìV‹v öt€|.Ýt Çë ¸ÿÿëÆD.ÿt+èüYVè üY3À^]ÃU‹ìVW‹~¾ÿÿ ÿtd9}u_ƒ}tƒ=} WèVY ÀuK÷EtÿuèÐûY€}| ŠE˜PèWþY‹ðÇEÇEÇÆEÿƒ} t3ÀPPÿu èÈôPèÝõYÇE ‹Æ_^]ÃU‹ìVW‹~ ÿuènëf9}t¸ÿÿë^ƒ=|)÷Eu +‹Ç9E +uFÇ‹Ç9E +u8‹E‰E +ë0ë.‹E@‹ð)5P‹E‰E +PŠE˜Pè +ƒÄ;Æt ÷EuƒMëŸ3À_^]ÃU‹ìƒìVWÇFþ‹>$#¾ä!ë÷DtVèbÿYÿFþƒÆ‹ÇO Àuç‹Fþ_^‹å]ÃU‹ìƒìVW‹vÇFþ‹ÞFŠŠÁP#‹Ç©€u¸Pè.ïƒ~þÿu#ƒ>T#t +ÿ6T#èïéí÷ǀt3À븉Fþë ÷Æt7¸PPëÜ÷Æðtÿv3ÀPèOÿ‹ø À}éµWèŒùYëÿvÿvþè6ÿ‹ø À}léœVÿvèYY‹ø À|Z3ÀPWè~öYY‰Fü©€tÎ ÷ƀt%ÿ P¸PWè[öƒÄë +÷ÆtWèþþ÷Fþt÷Æt÷Æðt¸PPÿvèÐøƒÄ ÿ|/÷Æt¸ë3À‹Öâÿø ÐR÷Fþt3Àë¸Z ЋßÑ㉗&#‹Ç_^‹å]ÃU‹ìƒì°‹N÷Áu +°÷Áu°‹V±ð"N +Á´=Í!r‰Fþ‹F%ÿ¸ €‹^þÑ㉇&#‹FþëPèÛí‹å]ÃU‹ì¡ë ;Æ$}ƒ>ë | ‹ë Ñ㋗f$ëºÃ&Rÿv¸Ñ&P¸"PèTüƒÄ]ÃU‹ì¸×P¸ô!PÿvFPèòï]ÃU‹ìV‹vÿ VŠF˜PèYY^]ÃU‹ìVW‹~ŠF¢<'ƒ=ÿ}:ÿ‹] +ÿE +ˆ÷Eué÷€><' +t +€><' téæWèžùY ÀuéÚ¸ÿÿéÙéÑ÷Eu÷EuƒMëãMƒ}tEƒ=t WèeùY ÀuʋE÷؉‹] +ÿE + <'ˆ÷Eu鈀><' +t€><' uzWè2ùY Àtqë•ëmŠE˜Ñà‹Ø÷‡&#t¸P3À3ÒPRŠE˜Pè–íƒÄ€><' +u÷E@u¸P¸Ú&PŠE˜PèOƒÄ=u¸P¸<'PŠE˜Pè7ƒÄ=t +÷Eué=ÿ <'´_^]ÃU‹ì¸ô!PÿvèÌþYY]ÃU‹ìƒìVW‹~‹F‰Fþ÷Et)ëW‹^ÿFŠ˜Pè þYY=ÿÿu3ÀéY‹FÿN ÀuÜéI÷E@uéãƒ}u隋E;FsQƒ=t Wè=øY ÀuŊE˜Ñà‹Ø÷‡&#t¸P3À3ÒPRŠE˜Pè¥ìƒÄÿvÿvŠE˜PènƒÄ;Fuéâë…é݋F|ƒ=u +¸ÿÿ+E‰ë WèÛ÷Y Àté`ÿÿvÿvÿu +è¦ûƒÄ‹F‰‹FE +霊E˜Ñà‹Ø÷‡&#t¸P3À3ÒPRŠE˜Pè!ìƒÄÿvÿvŠE˜PèêƒÄ;Ftaéÿë\ƒ}t=ë/ÿ}‹] +ÿE +‹vÿFŠˆ´ëW‹^ÿFŠPèVýYY=ÿÿuéÊþ‹FÿN ÀuÇëÿvÿvŠE˜P膃Ä;Fté¥þ‹Fþ_^‹å]ÂU‹ìVW‹v‹~ +9tu ƒ~ÿÿv¸ÿÿ馃>Þ&uþô!uÇÞ&ëƒ>Ü&u þä!uÇÜ&ƒ ÿv:ÇÞ!B ƒ~uWèÌòY‰F ÀuéuÿƒLëélÿ‹F‰D +‰D‰|ƒ~uƒL3À_^]ÃU‹ìVWü‹~‹×2À¹ÿÿò®uÿ‹~¹ÿÿò®÷Ñ+ù‡÷÷Æt¤IÑéó¥s¤’_^]ÃU‹ìVWŒØŽÀü3À‹Ø‹~‹÷2À¹ÿÿò®÷ыþ‹vó¦ŠDÿŠ]ÿ+Ã_^]ÃU‹ìVWü‹~‹÷2À¹ÿÿò®÷ы~ó¤‹F_^]ÃU‹ìWŒØŽÀ‹~3Àü¹ÿÿò®‘÷ÐH_]ÃU‹ììˆVW‹~‹v;>$#r +¸Pèééá‹F@=s3ÀéӋßÑã÷‡&#t¸P3À3ÒPRWèåéƒÄ‹ßÑã÷‡&#@uÿvVW訃Ä霋ßÑで&#ÿý‰vú‹F‰FþëMÿNþ‹^úÿFúŠˆFý< +uÆ FŠFýˆF†xÿ‹Ö+Ёú€|'+ðVPWè[ƒÄ‹Ð;Ætƒúÿu¸ÿÿë=‹F+Fþë1¶xÿƒ~þu©†xÿ+ð‹Æ Àv!V†xÿPWè ƒÄ‹Ð;ÆtƒúÿtŋFÂ+Æë‹F_^‹å]ÃU‹ì‹^Ñã÷‡&#t¸Pë´@‹^‹N‹VÍ!rP‹^Ñく&#XëPèøç]ÃVW3ÿ¾ä!;>$#s÷DtVèÌóYƒÆG;>$#rê_^ÃVW¿¾ä!ë÷DtVè"ôYOƒÆ ÿuì_^ÃBorland C++ - Copyright 1991 Borland Intl.Divide error +Abnormal program termination +>'>'.open ..TSTwarning: %s + length double%d +close .There are *.TST files, please remove +..TST%d:w open unlink ok %d + + valid chars = %d:%d %d:%d %d:%dignoring map %d->%d because of %d->%d + %d:%d %d +‰‰‰ ä! +ô!"C"B$"```  @ÿÿ),(((((),(((),#,*((((**#(#%(TMP.$$$(null)   + +   print scanf : floating point formats not linked +\*.**.*È$Ð$è$%%%%7%G%\%n%‹%Ÿ%®%Â%Ï%Ð%ß%&&#&4&E&W&i&j&k&l&m&n&o&p&q&r&s&&’&¦&¸&¹&º&»&¼&½&¾&¿&À&Á&Â&0Error 0Invalid function numberNo such file or directoryPath not foundToo many open filesPermission deniedBad file numberMemory arena trashedNot enough memoryInvalid memory block addressInvalid environmentInvalid formatInvalid access codeInvalid dataNo such deviceAttempted to remove current directoryNot same deviceNo more filesInvalid argumentArg list too bigExec format errorCross-device linkMath argumentResult too largeFile already existsPossible deadlockUnknown error%s: %s diff --git a/packaging/Caldera/OpenLinux/.cvsignore b/packaging/Caldera/OpenLinux/.cvsignore new file mode 100644 index 00000000000..062afa2b04f --- /dev/null +++ b/packaging/Caldera/OpenLinux/.cvsignore @@ -0,0 +1,6 @@ +convertsmbpasswd.perl +make_smbpasswd.perl +makerpms.sh +samba2.spec +samba2.spec-lsb +samba3.spec diff --git a/packaging/Caldera/OpenLinux/README.Public b/packaging/Caldera/OpenLinux/README.Public new file mode 100644 index 00000000000..00f41f37382 --- /dev/null +++ b/packaging/Caldera/OpenLinux/README.Public @@ -0,0 +1,9 @@ +This directory is exported to any windows computer, if the daemon +"SMB server processes (samba)" is started and the distributed +configuration is used. So be careful about any data you put into +this directory. + +The default configuration restricts the access rights to read only +access. + +2000-03-13, Klaus Singvogel, Caldera (Deutschland) GmbH. diff --git a/packaging/Caldera/OpenLinux/README.home b/packaging/Caldera/OpenLinux/README.home new file mode 100644 index 00000000000..5a893eb0e12 --- /dev/null +++ b/packaging/Caldera/OpenLinux/README.home @@ -0,0 +1,15 @@ +This directory $HOME/Samba is exported to any windows computer, if +the daemon "SMB server processes (samba)" is started and the distributed +configuration is used. So be careful about the data you put into this +directory. + +Note: Only the user of this account can connect to this share. The +shares name is equal to the users Linux account, e.g. +\\your_linuxmachine\\your_linuxaccount + +If you want to have the files public accessible use the public browseable +share instead. It's currently /srv/samba/Public, but have a look at file +/etc/samba.d/smb.conf to get the latest name. + + +2000-03-13, Klaus Singvogel, Caldera (Deutschland) GmbH. diff --git a/packaging/Caldera/OpenLinux/README.profiles b/packaging/Caldera/OpenLinux/README.profiles new file mode 100644 index 00000000000..b629e10966b --- /dev/null +++ b/packaging/Caldera/OpenLinux/README.profiles @@ -0,0 +1,10 @@ +This directory is used to store the roaming Profiles of your Windows +users. For more information install the package samba-doc and read the +file /usr/share/doc/packages/samba-2.0.7/docs/textdocs/DOMAIN.txt + +The default configuration sets the access rights to read/write for +anyone. If you see a problem in this, disable the Profiles support in +your samba configuration: either edit file /etc/samba.d/smb.conf or +use swat (http://localhost:901/). + +2000-03-13, Klaus Singvogel, Caldera (Deutschland) GmbH. diff --git a/packaging/Caldera/OpenLinux/findsmb b/packaging/Caldera/OpenLinux/findsmb new file mode 100755 index 00000000000..986c2481779 --- /dev/null +++ b/packaging/Caldera/OpenLinux/findsmb @@ -0,0 +1,141 @@ +#!/usr/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00>/,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/Caldera/OpenLinux/makerpms.sh.tmpl b/packaging/Caldera/OpenLinux/makerpms.sh.tmpl new file mode 100644 index 00000000000..3b8eda4d5c3 --- /dev/null +++ b/packaging/Caldera/OpenLinux/makerpms.sh.tmpl @@ -0,0 +1,54 @@ +#!/bin/sh +# Copyright (C) 1998 John H Terpstra, 2000 Klaus Singvogel +# +SPECDIR=${SPECDIR:-/usr/src/OpenLinux/SPECS} +SRCDIR=${SRCDIR:-/usr/src/OpenLinux/SOURCES} +USERID=`id -u` +GRPID=`id -g` +devel=0; +old=0; + +# Do some argument parsing... +if [ z$1 = z"devel" ]; then + devel=1; + shift +fi +if [ z$1 = z"old" ]; then + old=1; + shift +fi +if [ z$1 = z"team" ]; then + team=1; + shift +fi + +# Start preparing the packages... +if [ $devel -ne 0 ]; then + ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba3; mv samba3 samba-PVERSION ) + ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba-PVERSION; mv samba-PVERSION samba3 ) +else + ( cd ../../../.. ; chown -R ${USERID}.${GRPID} samba-PVERSION ) + ( cd ../../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba-PVERSION ) +fi + +cp -af *.spec *.spec-lsb $SPECDIR +#if [ $team -ne 0 ]; then +# cp *.spec-team $SPECDIR +#fi +for i in `ls *.patch` +do + cp $i $SRCDIR/ +done +# Start building the package +cd $SPECDIR +#if [ $old -eq 0 ]; then +#mv -f samba2.spec samba2.spec-nonlsb +#ln -f samba2.spec-lsb samba3.spec +#fi +if [ $team -ne 0 ]; then +# mv -f samba3.spec samba3.spec-lsb +# ln -f samba3.spec-team samba3.spec + rpm -ba -v samba3.spec +else + rpm -ba -v --rmsource --clean samba3.spec +fi diff --git a/packaging/Caldera/OpenLinux/samba-3.0.0.pre-install.patch b/packaging/Caldera/OpenLinux/samba-3.0.0.pre-install.patch new file mode 100644 index 00000000000..f6571a2763e --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba-3.0.0.pre-install.patch @@ -0,0 +1,12 @@ +--- samba/source/script/installbin.sh.orig Mon Dec 13 14:27:43 1999 ++++ samba/source/script/installbin.sh Fri Jun 16 15:06:13 2000 +@@ -34,7 +34,8 @@ + + # this is a special case, mount needs this in a specific location + if [ $p2 = smbmount ]; then +- ln -sf $BINDIR/$p2 /sbin/mount.smbfs ++ cp -p $BINDIR/$p2 /sbin/mount.smbfs ++ ln -s /sbin/mount.smbfs $BINDIR/$p2 + fi + done + diff --git a/packaging/Caldera/OpenLinux/samba.daemon b/packaging/Caldera/OpenLinux/samba.daemon new file mode 100644 index 00000000000..78c357005e9 --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba.daemon @@ -0,0 +1,7 @@ +IDENT=samba +DESCRIPTIVE="SMB server processes (samba)" +CONFIGURED="no" +ONBOOT="no" +OPTIONS_SMB="-D" +OPTIONS_NMB="-D" +OPTIONS_WINBD="" diff --git a/packaging/Caldera/OpenLinux/samba.init b/packaging/Caldera/OpenLinux/samba.init new file mode 100755 index 00000000000..37955e15558 --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba.init @@ -0,0 +1,66 @@ +#!/bin/sh +# +# description: Starts and stops the Samba smbd and nmbd daemons +# used to provide SMB network services. + +NAME_S=smbd +DAEMON_S=/usr/sbin/$NAME_S +NAME_N=nmbd +DAEMON_N=/usr/sbin/$NAME_N +NAME_W=winbindd +DAEMON_W=/usr/sbin/winbindd + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# See how we were called. +case "$1" in + start) + [ -e $SVIlock ] && exit 1 + [ ${NETWORKING} = "no" ] && exit 2 + [ -x $DAEMON_S -a -x $DAEMON_N ] || exit 2 + + #[ "$CONFIGURED" != "no" -a "$CONFIGURED" != "false" ] || { + SVIemptyConfig /etc/samba.d/smb.conf && { + echo "$DESCRIPTIVE: not configured! Skipped..." + exit 2 + } + + echo -n "Starting $IDENT: " + ssd -S -n $NAME_S -x $DAEMON_S -- $OPTIONS_SMB + ssd -S -n $NAME_N -x $DAEMON_N -- $OPTIONS_NMB + ssd -S -n $NAME_W -x $DAEMON_W -- $OPTIONS_WINBD + + echo "." + touch $SVIlock + ;; + + stop) + [ -e $SVIlock ] || exit 0 + + echo -n "Stopping $IDENT: " + ssd -K -p /var/lock/samba.d/$NAME_W.pid -n $NAME_W #-x $DAEMON_W + ssd -K -p /var/lock/samba.d/$NAME_N.pid -n $NAME_N #-x $DAEMON_N + ssd -K -p /var/lock/samba.d/$NAME_S.pid -n $NAME_S #-x $DAEMON_S + + echo "." + rm -f $SVIlock + ;; + + restart) + echo -n "Restarting $IDENT: " + $0 stop + $0 start + exit $? + ;; + + *) + echo "Usage: $SVIscript {start|restart|stop}" + exit 1 + ;; +esac + +exit 0 diff --git a/packaging/Caldera/OpenLinux/samba.init-lsb b/packaging/Caldera/OpenLinux/samba.init-lsb new file mode 100755 index 00000000000..615e17b21fc --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba.init-lsb @@ -0,0 +1,145 @@ +#!/bin/bash +# +# +### BEGIN INIT INFO +# Provides: $samba +# Required-Start: $network +# Required-Stop: $network +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Description: samba +# Starts and stops the Samba smbd and nmbd daemons +# used to provide SMB network services. +### END INIT INFO +# +# Written by Miquel van Smoorenburg . +# Modified for Debian GNU/Linux by Ian Murdock . +# Modified for OpenLinux by Raymund Will +# Adapted for samba by Klaus Singvogel + +NAME_S=smbd +DAEMON_S=/usr/sbin/$NAME_S +NAME_N=nmbd +DAEMON_N=/usr/sbin/$NAME_N +NAME_W=winbindd +DAEMON_W=/usr/sbin/$NAME_W + +config_file=/etc/samba.d/smb.conf + +# Source function library (and set vital variables). +. @SVIdir@/functions + +status() { + [ -e $1 ] || return 3; # lock / pid file doesn't exist, seems to be stopped + + i=`cat "$1"` + state=`egrep '^State' /proc/$i/status 2>/dev/null| sed 's#.* \(.\).*#\1#'` + if [ x$state = x -o x$state = xZ ]; then + return 2 # no such process (or zombie) --> dead + fi + return 0 # seems to be up and running +} + +# this function is dedicated to Jan Terpstra. -- Klaus Singvogel, Sep. 2001. +WinbdConfig() { + # returns 0 if winbindd is not configured, + # and 1 if winbindd is configured. + + local config_file=$1; shift # file to check + + # check if "winbind uid" is set in samba config file + egrep -q '[^#]*winbind uid' $config_file || return 0 + + found=0; + # We also need to check if least one PAM module control file does + # NOT have pam_winbind.so commented out + for i in /etc/pam.d/*; do + if [ ! -f $i ]; then next; fi + egrep -q '[^#]*pam_winbind.so' $i && found=1 && break; + done + + if [ $found != 0 ]; then + # if so, ensure that in /etc/nsswitch.conf we have for + # "passwd", "shadow", "group" an entry for "winbind" + egrep -q '^passwd:.*winbind' /etc/nsswitch.conf && return 1 + egrep -q '^shadow:.*winbind' /etc/nsswitch.conf && return 1 + egrep -q '^group:.*winbind' /etc/nsswitch.conf && return 1 + fi + + return 0 +} + +case "$1" in + start) + [ ! -e $SVIlock ] || exit 0 + [ -x $DAEMON_S -a -x $DAEMON_N ] || exit 5 + SVIemptyConfig $config_file && exit 6 + + echo -n "Starting $SVIsubsys services: " + ssd -S -n $NAME_S -x $DAEMON_S -- $OPTIONS_SMB + WinbdConfig $config_file || ssd -S -n $NAME_W -x $DAEMON_W -- $OPTIONS_WINBD + ssd -S -n $NAME_N -x $DAEMON_N -- $OPTIONS_NMB + ret=$? + + echo "." + touch $SVIlock + ;; + + stop) + [ -e $SVIlock ] || exit 0 + + echo -n "Stopping $SVIsubsys services: " + ssd -K -p /var/lock/samba.d/$NAME_S.pid -n $NAME_S #-x $DAEMON_S + ssd -K -p /var/lock/samba.d/$NAME_W.pid -n $NAME_W #-x $DAEMON_W + ssd -K -p /var/lock/samba.d/$NAME_N.pid -n $NAME_N #-x $DAEMON_N + + ret=$? + + echo "." + rm -f $SVIlock + ;; + + force-reload) + [ -e $SVIlock ] || exit 0 + $0 restart + ret=$? + ;; + + reload) + echo -n "Reloading $SVIsubsys service configuration: " + # nmbd has no config file to reload + ssd -K --signal 1 -p /var/lock/samba.d/$NAME_N.pid -n $NAME_N #-x $DAEMON_N + ssd -K --signal 1 -p /var/lock/samba.d/$NAME_W.pid -n $NAME_W #-x $DAEMON_W + ssd -K --signal 1 -p /var/lock/samba.d/$NAME_S.pid -n $NAME_S #-x $DAEMON_S + ret=$? + echo "." + ;; + + restart) + $0 stop + $0 start + ret=$? + ;; + + status) + echo -n "Checking status of $SVIsubsys service: " + status /var/lock/samba.d/$NAME_N.pid + ret=$? + if [ $ret -eq 0 ]; then + echo -n "$NAME_N " + status /var/lock/samba.d/$NAME_S.pid + ret=$? + [ $ret -eq 0 ] && echo -n "$NAME_S" + fi + echo "." + ;; + + *) + echo "Usage: $SVIscript {start|stop|restart|force-reload|reload|status}" + ret=2 + ;; + +esac + +exit $ret + diff --git a/packaging/Caldera/OpenLinux/samba.logrotate b/packaging/Caldera/OpenLinux/samba.logrotate new file mode 100644 index 00000000000..46611f83d8f --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba.logrotate @@ -0,0 +1,12 @@ +/var/log/samba.d/nmbd { + postrotate + /usr/bin/killall -HUP nmbd + endscript +} + +/var/log/samba.d/smbd { + postrotate + /usr/bin/killall -HUP smbd + endscript +} + diff --git a/packaging/Caldera/OpenLinux/samba.pam b/packaging/Caldera/OpenLinux/samba.pam new file mode 100644 index 00000000000..821c9046a6f --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba.pam @@ -0,0 +1,49 @@ +#%PAM-1.0 +#[For version 1.0 syntax, the above header is optional] +# +# The PAM configuration file for the `samba' service +# +# Note: Only one section should be active at a time. +# Uncomment only those features needed. The default is a minimal implementation. +# +# -------------------------------------------------------------------------------- +# This example uses the standard System Files (/etc/passwd,/etc/shadow,/etc/group) +# and uses a very vanila PAM configuration +# +# auth requisite pam_securetty.so +# auth requisite pam_nologin.so +# auth optional pam_env.so +auth required pam_pwdb.so nullok nodelay # audit +account required pam_pwdb.so nodelay # audit +# session required pam_mkhomedir.so +session required pam_pwdb.so nodelay +password required pam_pwdb.so nodelay # shadow md5 audit +# +# -------------------------------------------------------------------------------- +# This example uses PAM smbpass +# +# auth requisite pam_securetty.so +# auth requisite pam_nologin.so +# auth optional pam_env.so +# auth required pam_smbpass.so nodelay +# account required pam_pwdb.so nodelay # audit +# account sufficient pam_winbind.so +# session required pam_mkhomedir.so +# session required pam_pwdb.so nodelay +# password required pam_pwdb.so shadow md5 +# password required pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf +# +# -------------------------------------------------------------------------------- +# This example uses PAM WinBind +# +# auth requisite pam_securetty.so +# auth requisite pam_nologin.so +# auth optional pam_env.so +# auth sufficient pam_winbind.so +# auth sufficient pam_pwdb.so shadow nullok use_first_pass +# account required pam_pwdb.so nodelay # audit +# account sufficient pam_winbind.so +# session required pam_mkhomedir.so +# session required pam_pwdb.so nodelay +# password required pam_pwdb.so shadow md5 +# diff --git a/packaging/Caldera/OpenLinux/samba3.spec.tmpl b/packaging/Caldera/OpenLinux/samba3.spec.tmpl new file mode 100644 index 00000000000..d48d860e0be --- /dev/null +++ b/packaging/Caldera/OpenLinux/samba3.spec.tmpl @@ -0,0 +1,475 @@ +%define Version PVERSION +%define date PRELEASE +%define Vendor Caldera +%define Dist OpenLinux +%define EtcSamba /etc/samba.d + +Name : samba +Version : %{Version} +Release : %{date} +Group : Server/Network + +Summary : Samba SMB client and server. + +Copyright : Andrew Tridgell, John H Terpstra; GPL Version 2 +Packager : Klaus Singvogel +#Icon : Caldera-daemon.gif +URL : http://samba.org/samba + +Requires : libpam >= 0.66, SysVinit-scripts >= 1.04-6 + + +BuildRoot : /tmp/%{Name}-%{Version} + +Source: ftp://ftp.samba.org/pub/samba/%{Name}-%{Version}.tar.gz +#Patch0: %{Name}-%{Version}-smbmount.patch +#Patch1: %{Name}-%{Version}-install.patch +#Patch2: %{Name}-%{Version}-smbconf.patch + + +%Package doc +Group : Server/Network + +Summary : Documentation on SAMBA. + + +%Package -n smbfs +Group : System/Network + +Summary : Mount and unmount commands for SMB filesystems (smbfs). + + +%Package -n swat +Group : Administration/Network +Requires : setup >= 2.0-2, tcp_wrappers + +Summary : Samba Web Adminsitration Tool. + +%Package -n libsmbclient +Group : System/Network + +Summary : Samba Client Library. + +%Description +Samba provides an SMB server which can be used to provide network +services to SMB (sometimes called "Lan Manager") clients, including +various versions of MS Windows, OS/2, and other Linux machines. + +%Description -l de +Samba stellt einen SMB Server zur Verfügung, mit dem Netzwerkdienste für SMB +(auch "Lan Manager" genannt) Clients bereitgestellt werden können. Dies +schließt verschiedene Versionen von MS Windows, OS/2 und andere Linux +Maschinen ein. + +%Description -l es +Samba dispone de un servidor SMB que puede utilizarse para proporcionar +servicios de red a clientes SMB (a veces conocido como "Lan Manager"), +incluyendo varias versiones de MS Windows, OS/2 y otras máquinas Linux. + +%Description -l fr +Samba fournit un serveur SMB qui peut être utilisé pour fournir des services +de réseau aux clients SMB (parfois appelés "Lan Manager"), comportant +diverses versions de MS Windows, OS/2 et d'autres machines Linux. + +%Description -l it +Samba fornisce un server SMB che può essere usato per fornire servizi +di rete a client SMB (talvolta chiamato "Lan Manager"), comprese varie +versioni di MS Windows, OS/2 e altre macchine Linux. + +%Description -l pt +O Samba fornece um servidor de SMB que pode ser usado para fornecer serviços de +rede aos clientes de SMB (denominado por vezes como "Lan Manager"), incluindo +várias versões do Windows, OS/2 e outras máquinas Linux. + +%Description doc +This package contains extensive SAMBA documentation, including a FAQ, +comprehensive usage documentation, and a number of examples. + +%Description -l de doc +Dieses Paket enthält eine ausführliche SAMBA Dokumentation, inklusive +einer FAQ, umfassender Gebrauchsdokumentation und einer Reihe von +Beispielen. + +%Description -l es doc +Este paquete contiene una extensa documentación sobre SAMBA, incluyendo +FAQ (Preguntas de Uso Frecuente), documentación sobre el uso y algunos +ejemplos. + +%Description -l fr doc +Ce paquetage contient une documentation complète sur Samba, y compris +une FAQ détaillée de son utilisation et un certain nombre d'exemples. + +%Description -l it doc +Questo pacchetto contiene la documentazione su SAMBA tra cui una FAQ +una esaustiva documentazione d'uso e un certo numero di esempi. + +%Description -l pt doc +Este pacote contém alguma documentação extensa sobre o SAMBA, incluindo a FAQ, +alguma documentação compreensiva sobre a utilização e alguns exemplos. + +%Description -n smbfs +This package includes the tools necessary to mount filesystems from +SMB servers. + +%Description -l de -n smbfs +Dieses Paket enthält die nötigen Tools, um Dateisysteme von SMB-Servern +zu mounten. + +%Description -l es -n smbfs +este paqeute incluye las herramientas necesarias para montar sistemas de +ficheros de servidores SMB. + +%Description -l fr -n smbfs +Ce paquetage contient les outils nécessaires pour monter des systèmes +de fichiers sur des serveurs SMB. + +%Description -l it -n smbfs +Questo pacchetto contiene gli strumenti necessari per montare filesystem +da server SMB. + +%Description -l pt -n smbfs +Este pacote contém as ferramentas necessárias para montar sistema de +ficheiros de servidores SMB. + +%Description -n swat +SWAT allows a Samba administrator to configure the complex smb.conf +file via a Web browser. It also provides links to all the configurable +options in the smb.conf file allowing an administrator to easily look +up the effects of any change. + +%Description -l de -n swat +Mit SWAT kann ein Samba-Administrator die komplexe smb.conf +Datei mit Hilfe eines Web-Browsers konfigurieren. Es stellt auch Links zu +allen konfigurierbaren Optionen in der smb.conf Datei bereit, wodurch ein +Administrator die Auswirkungen einer Änderung leicht nachvollziehen kann. + +%Description -l es -n swat +SWAT permite a un administrador de Samba configurar el complejo fichero +smb.conf mediante una navegador web. También proporciona enlaces a todas las +opciones configurables en el fichero smb.conf, permitiendo al administrador +comprobar fácilmente los efectos de cualquier cambio. + +%Description -l fr -n swat +SWAT permet à un administrateur Samba de configurer le fichier smb.conf +complexe via un navigateur Web. Il fournit également des liens d'aide pour +toutes les options configurables dans le fichier smb.conf permettant à un +administrateur de consulter aisément les effets d'une modification. + +%Description -l it -n swat +SWAT permette ad un amministratore Samba di configurare il complesso file +smb.conf attraverso un browser Web. SWAT ha anche dei link di aiuto per +tutte le opzioni di configurazione del file smb.conf. + +%Description -l pt -n swat +O SWAT permite a um administrador de Samba configurar o complexo ficheiro +smb.conf através de uma interface Web. Fornece também referências para +todas as opções configuraveis no smb.conf, permitindo a um admnistrador +verificar rapidamente o efeite de qualquer alteração. + +%Description -n libsmbclient +SMB Client Library allows for POSIX like SMB client calls providing developers +a clean and stable API for SMB client application development. + + +%Prep +%setup +#%patch0 -p1 +#%patch1 -p1 +#%patch2 -p1 + +# The commented out fixUP below should be best known as screwUP! +# instead of patch (to help configuration) ... ;^) +#%{fixUP} -vbT source/Makefile.in -e ' +# s:we don.t use sbindir because we want:if you want : + +# s:(the previous releases of Samba):$1, please use: + +# s:(SBINDIR\s*=\s*\@)b:# ./configure --sbindir=\\\$(BINDIR)\n${1}sb: + +# s:/log\.(\S+):/log/samba.d/${1}d: + +# s:(PASSWD_PROGRAM\s*=\s*)(/bin):$1/usr$2: + +# s:^(LIBS\s*=):AUTH_$1: + +# s:((SMBD|SWAT|RPCCLIENT|SMBPASSWD)_OBJ\) )(\$\(LDF):$1\$(AUTH_LIBS) $3: +#' + +for i in {cvs.,change-}log; do [ ! -f ../$i ] || mv ../$i source; done + +mv swat/help/welcome.html docs +%{fixUP} -vT docs -e ' + s:/usr/local/samba/bin/(smb(client|run)):/usr/bin/$1:g + + s:/usr/local/samba/bin/((s|n)mbd|swat):/usr/sbin/$1:g + + s:/usr/local/samba/var/locks:/var/lock/samba.d: + + s:/usr/local/samba/(var|lib)/log:/var/log/samba.d/smb: + + s:/usr/local/samba/swat:/usr/share/samba/swat:g + + s:/usr/local/samba/lib:%{EtcSamba}:g; +' +mv docs/welcome.html swat/help +for i in docs/*/smb.conf.5*; do + %{fixUP} -vT $i -e ' + s:users\.map:smbusers:g + + s:SAMBA_INSTALL_DIRECTORY/lib:%{EtcSamba}: + + s:None \(set in compile\)\.:(see above).: + + s:/usr/local/:/usr/:g; + ' +done +%{fixUP} -vT docs/textdocs/Faxing.txt -e ' + s:/usr/local/etc/:/etc/: + + s:/usr/local/:/usr/:; +' +# End of DirtyHack(TM) + + +%Build +cd source +rm configure +autoconf + +CFLAGS="$RPM_OPT_FLAGS" LDFLAGS="-s" ./configure \ + --prefix='$(DESTDIR)/usr' \ + --localstatedir='$(DESTDIR)/var' \ + --libdir='$(DESTDIR)%{EtcSamba}' \ + --sbindir='$(DESTDIR)/usr/sbin' \ + --with-privatedir='$(LIBDIR)' \ + --with-lockdir='$(DESTDIR)/var/lock/samba.d' \ + --with-swatdir='$(DESTDIR)/usr/share/swat' \ + --with-smbmount \ + --with-pam \ + --with-tdbsam \ + --with-ldapsam \ + --with-krb5=/usr/athena \ + --with-winbind \ + --with-utmp \ + --with-quotas \ + --with-vfs \ + --with-msdfs \ + --with-profile \ + --with-syslog \ + --with-netatalk \ + --with-smbwrapper \ + --with-libsmbclient \ + --with-sambabook=$(DESTDIR)/usr/share/swat/using_samba + +# Temp disabled - add later - JHT +# --with-pam_smbpass \ +# --with-nisplus-home \ +# --with-acl-support \ + +make all nsswitch/libnss_wins.so nsswitch/libnss_winbind.so torture nsswitch/pam_winbind.so everything +(cd tdb; make tdbdump tdbtest tdbtorture tdbtool) + + +%Install +%{mkDESTDIR} +VVS=packaging/%{Vendor}/%{Dist} + +mkdir -p $DESTDIR/etc/{{rc.d/init,logrotate,pam}.d,sysconfig/daemons} +mkdir -p $DESTDIR%{EtcSamba}/codepages/src +mkdir -p $DESTDIR/etc/skel/Samba +mkdir -p $DESTDIR/home/samba +mkdir -p $DESTDIR/lib/security +mkdir -p $DESTDIR/%{LSBservedir}/{netlogon,profiles,Public} +mkdir -p $DESTDIR%{NKinetdir} +mkdir -p $DESTDIR/{sbin,bin,usr/{sbin,bin}} +mkdir -p $DESTDIR/%{SVIdir} +mkdir -p $DESTDIR/usr/{include,lib} +mkdir -p $DESTDIR/usr/share/samba/codepages/src +mkdir -p $DESTDIR/usr/share/swat/using_samba/{gifs,figs} +mkdir -p $DESTDIR/var/{lo{ck,g}/samba.d,spool/samba} + +make -C source install installclientlib + +strip $DESTDIR/usr/bin/smb{mount,mnt,umount} +# Add links for mount.smbfs +( cd $DESTDIR/sbin; ln -s /usr/bin/smbmount mount.smbfs; \ + ln -s /usr/bin/smbumount umount.smbfs ) + +# First install /usr/bin progs +for i in smbfilter make_printerdef debug2html +do + install -m 755 source/bin/$i $DESTDIR/usr/bin +done +# Next install /usr/sbin progs +for i in talloctort samsync locktest locktest2 masktest msgtest smbtorture +do + install -m 755 source/bin/$i $DESTDIR/usr/sbin +done +for i in tdbdump tdbtest tdbtorture tdbtool +do + install -m 755 source/tdb/$i $DESTDIR/usr/sbin +done + +#mv $DESTDIR/usr/bin/{make,add,conv}* $DESTDIR/usr/sbin + +#cp -p source/codepages/codepage_def.??? $DESTDIR%{EtcSamba}/codepages/src + +# Install the nsswitch library extension file +cp -p source/nsswitch/libnss_wins.so $DESTDIR/lib +cp -p source/nsswitch/libnss_winbind.so $DESTDIR/lib +cp -p source/nsswitch/pam_winbind.so $DESTDIR/lib/security +# Make link for wins resolver +( cd $DESTDIR/lib; ln -s libnss_wins.so libnss_wins.so.2 ) + +# Add libsmbclient.a support stuff +install -m 755 source/bin/libsmbclient.a $DESTDIR/usr/lib + +cp -p $VVS/samba.init $DESTDIR/etc/rc.d/init.d/samba +ln -s /etc/rc.d/init.d/samba $DESTDIR/usr/sbin + +cp -p $VVS/smb.conf.sample $DESTDIR%{EtcSamba}/smb.conf.sample +cp -p $VVS/smbusers $DESTDIR%{EtcSamba} +cp -p $VVS/findsmb $DESTDIR/usr/bin +cp -p $VVS/samba.daemon $DESTDIR/etc/sysconfig/daemons/samba +cp -p $VVS/samba.pam $DESTDIR/etc/pam.d/samba +cp -p $VVS/samba.logrotate $DESTDIR/etc/logrotate.d/samba + +cat <<-'EoH' > $DESTDIR%{EtcSamba}/lmhosts + 127.0.0.1 localhost +EoH + +# lsb has new way of inetd configuration +cat <$DESTDIR%{NKinetdir}/swat +swat stream tcp nowait.400 root /usr/sbin/tcpd swat +EoI + +pushd $DESTDIR/usr/sbin +rm -f *.so +popd + + +DOCD="$DESTDIR/%{_defaultdocdir}/samba-%{Version}"; mkdir -p $DOCD +ln -sf ../Copyrights/GPL-2.0 $DOCD/COPYING +cp -p README Manifest Read-Manifest-Now WHATSNEW.txt Roadmap $DOCD +cp -a docs examples $DOCD + +mv $DOCD/docs/htmldocs/wfw_slip.htm $DOCD/docs/wfw_slip.html + +rm -rf $DOCD/docs/{htmldocs,manpages,yodldocs} +rm -rf $DOCD/examples/{svr4-startup,printing} +rm -rf $DOCD/CVS $DOCD/*/CVS $DOCD/*/*/CVS $DOCD/*/*/*/CVS + +cp -p swat/README $DOCD/README.swat + +# This is the O'Reily Samba Book - on-line +for i in docs/htmldocs/using_samba/*.html +do +install -m644 $i $DESTDIR/usr/share/swat/using_samba +done +for i in docs/htmldocs/using_samba/figs/*.gif +do +install -m644 $i $DESTDIR/usr/share/swat/using_samba/figs +done +for i in docs/htmldocs/using_samba/gifs/*.gif +do +install -m644 $i $DESTDIR/usr/share/swat/using_samba/gifs +done + +%{fixUP} -vT $DOCD/examples -e 's:/usr/local/bin/:/usr/bin/:g;' +%{fixUP} -T $DESTDIR/%{SVIdir} -e 's:\@SVIdir\@:%{SVIdir}:' +%{fixUP} -vT $DOCD/examples -e 's:/usr/local/bin/:/usr/bin/:g;' +%{fixUP} -vT $DESTDIR/%{EtcSamba} -e 's:\@samba_home\@:%{LSBservedir}:' + +%{fixManPages} +( cd $DESTDIR/usr/share/man/lang; \ + cp -a . $DESTDIR/usr/share/man/en; \ + cd ..; \ + rm -rf lang ) + +%{mkLists} -c samba +cat << 'EOF' | %{mkLists} -d samba +Samba base +/lib/$ base +%{LSBservedir} config-IGNORED +^/(etc|var|home|tmp) config-IGNORED +swat swat +%{_defaultdocdir}/samba-[^/]+/$ base +%{_defaultdocdir}/samba- doc +tmp IGNORED +man IGNORED +/src/$ IGNORED +/usr/private/$ IGNORED +@default@ +EOF +cat << 'EOF' | %{mkLists} -f -a samba +\.old$ IGNORED +Samba/README.txt base +^/etc config-IGNORED +%{_defaultdocdir}/samba-[^/]+/(COPYING|README$) base +libnss_* base +pam_* base +%{_defaultdocdir}/samba-[^/]+/(COPYING|README$) base +%{_defaultdocdir}/samba- doc +smb(mount|mnt|umount) smbfs +mount.smbfs smbfs +swat swat +libsmbclient libsmbclient +@default@ +EOF + + +%Clean +%{rmDESTDIR} + + +%Post +/usr/lib/LSB/init-install %{Name} + +%Post -n swat +%{NKinetdReload} +perl -pi -e '$s=1 if /^swat/; + print "swat:ALL EXCEPT 127.0.0.1\n" if eof && ! $s' /etc/hosts.deny + + +%PostUn +test "$1" = "0" || exit 0 +/usr/lib/LSB/init-remove %{Name} +# We want to remove the browse.dat and wins.dat files so they can not +# interfer with a new version of samba! +rm -f /var/lock/samba/browse.dat +rm -f /var/lock/samba/{brlock,connections,locking,messages}.tdb +if [ -e /var/lock/samba.d/namelist.debug ]; then + rm -f /var/lock/samba.d/namelist.debug +fi +rm -f /var/lock/samba/unexpected.tdb +rm -f /var/lock/samba/{smbd,nmbd}.pid + +# Note: We MUST keep: +# winbindd_*, sshare_info*, printing*, ntdrivers* + + +%PostUn -n swat +#$no lsb: lisa --inetd disable swat $1 +test "$1" = "0" || exit 0 +%{SVIdir}/inet reload +[ -x /usr/sbin/swat ]||perl -ni -e '/^swat\s*\:/||print' /etc/hosts.deny + + +%Files -f files-samba-base +%defattr(-,root,root) +%config %attr(0755,root,root) %{SVIdir}/samba +%config %attr(644,root,root) /etc/sysconfig/daemons/samba +%config %attr(644,root,root) /etc/pam.d/samba +%config %attr(644,root,root) /etc/logrotate.d/samba +%config %attr(-,root,root) %{EtcSamba} +%dir %attr(755,root,root) /var/lock/samba.d +%dir %attr(755,root,root) /var/log/samba.d +%dir %attr(1777,root,root) /var/spool/samba +%dir %attr(755,root,root) %{LSBservedir} +%dir %attr(755,root,root) %{LSBservedir}/netlogon +%dir %attr(755,root,root) %{LSBservedir}/profiles +%dir %attr(755,root,root) %{LSBservedir}/Public + +%Files doc -f files-samba-doc +%defattr(-,root,root) + +%Files -n smbfs -f files-samba-smbfs +%defattr(-,root,root) + + +%Files -n swat -f files-samba-swat +%defattr(-,root,root) +%config %attr(644,root,root) %{NKinetdir}/swat + +%Files -n libsmbclient -f files-samba-libsmbclient +%defattr(-,root,root) + +%ChangeLog +* Mon Mar 11 2002 John H Terpstra +- Make this work + diff --git a/packaging/Caldera/OpenLinux/smb.conf b/packaging/Caldera/OpenLinux/smb.conf new file mode 100644 index 00000000000..e62c7bf1e4c --- /dev/null +++ b/packaging/Caldera/OpenLinux/smb.conf @@ -0,0 +1,51 @@ +# Samba config file created using SWAT +# from localhost (127.0.0.1) + +# Global parameters +[global] + workgroup = MYGROUP + server string = Samba Server on Caldera OpenLinux + encrypt passwords = Yes + username map = /etc/samba.d/smbusers + password level = 8 + username level = 8 + log file = /var/log/samba.d/smb.%m + max log size = 200 + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + logon path = \\%L\Profiles\%U + dns proxy = No + printing = cups + +[homes] + comment = Home Directories + path = %H/Samba + username = %S + valid users = %S + writeable = Yes + create mask = 0750 + only user = Yes + browseable = No + +[netlogon] + comment = Samba Network Logon Service + path = @samba_home@/netlogon + guest ok = Yes + share modes = No + +[profiles] + path = @samba_home@/profiles + writeable = Yes + guest ok = Yes + browseable = No + +[printers] + comment = All Printers + path = /var/spool/samba + create mask = 0700 + printable = Yes + browseable = No + +[public] + comment = Public Stuff + path = @samba_home@/Public + write list = @users diff --git a/packaging/Caldera/OpenLinux/smb.conf.sample b/packaging/Caldera/OpenLinux/smb.conf.sample new file mode 100644 index 00000000000..cec5a8a8b22 --- /dev/null +++ b/packaging/Caldera/OpenLinux/smb.conf.sample @@ -0,0 +1,315 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not many any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server on Caldera OpenLinux + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# If you want to automatically load your printer list rather +# than setting them up individually then you'll need this + load printers = yes + +# you may wish to override the location of the printcap file +; printcap name = /etc/printcap + +# It should not be necessary to specify the print system type unless +# it is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx + printing = cups + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba.d/smb.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 200 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. + password level = 8 + username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents + encrypt passwords = yes + smb passwd file = /etc/samba.d/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names + username map = /etc/samba.d/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/samba.d/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable + os level = 20 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below + logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories +; this gives access to a 'Public' sub-directory in each user's home... +; (it is named 'public' as it is intended to be used by other sharing +; technologies (like NetWare, appletalk) too and may get disclosed due +; to weak protocols! -- hmm, are there less secure protocols than NFS? :) + path = %H/Samba + valid users = %S + users = %S + only user = yes + browseable = no + writable = yes + create mask = 0750 + +# Un-comment the following and create the netlogon directory for Domain Logons +[netlogon] + comment = Samba Network Logon Service + path = @samba_home@/netlogon + guest ok = yes + writable = no + share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +[profiles] + path = @samba_home@/profiles + writeable = yes + browseable = no + guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + create mask = 0700 + +# A publicly accessible directory, but read only, except for people in +# the "users" group +[public] + comment = Public Stuff + path = @samba_home@/public + browseable = yes + read only = yes + public = no + printable = no +; writable = yes +# access may be controlled by these options +; read list = user1, user2, @group +; valid users = user1, user3 +; write list = @users + +# Other examples. +# +# This one is useful for people to share files, BUT +# access to '/tmp' or '/var/tmp' should *not* be given lightly, +# as this can (still) pose a security threat! +# Better use a dedicate sub-directory to /(var/)tmp or something +# like a [public] share! +[tmp] + comment = Temporary file space + path = /tmp + browseable = yes + read only = yes + public = no + printable = no + +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/Caldera/OpenLinux/smbadduser.perl b/packaging/Caldera/OpenLinux/smbadduser.perl new file mode 100755 index 00000000000..61bec2320d9 --- /dev/null +++ b/packaging/Caldera/OpenLinux/smbadduser.perl @@ -0,0 +1,146 @@ +#!/usr/bin/perl -w +# +# smbadduser - Written by Mike Zakharoff +# perl-rewrite by Raymund Will +# + +$smbpasswd = "/etc/samba.d/smbpasswd"; +$user_map = "/etc/samba.d/smbusers"; +# +# Set to site specific passwd command +# +$passwd = "cat /etc/passwd |"; +#$passwd = "niscat passwd.org_dir |"; +if ( -e "/var/run/ypbind.pid" ) { + $passwd = "(cat /etc/passwd; ypcat passwd ) |"; +} + +$line = "-" x 58; +if ($#ARGV < 0) { + print < ) { + next unless (/^[A-Za-z0-9_]+:/); + @t = split(/:/); + $U{$t[0]} = join( ":", ($t[0], $t[2], $X, $X, $t[4], $t[5], $t[6])); + } + close( IN); +} +# get all smb passwords (later skip already existent) +%S = (); +$Cs = ""; +if ( -r $smbpasswd ) { + open( IN, $smbpasswd) || die( "ERROR: open($smbpasswd): $!\n"); + while ( ) { + if ( /^\#/ ) { + $Cs .= $_; next; + } elsif ( ! /^([A-Za-z0-9_]+):/ ) { + chop; print STDERR "ERROR: $_: invalid smbpasswd entry!\n"; next; + } + $S{$1} = $_; + } + close( IN); +} +# get all map entries +%M = (); +$Cm = ""; +if ( -r $user_map ) { + open( IN, $user_map) || die( "ERROR: open($user_map): $!\n"); + while ( ) { + if ( /^\#/ ) { + $Cm .= $_; next; + } elsif ( ! /^([A-Za-z0-9_]+)\s*=\s*(\S.+\S)\s*/ ) { + chop; print STDERR "ERROR: $_: invalid user-map entry!\n"; next; + } + $M{$1} = $2; + } + close( IN); +} +# check parameter syntax +%N = (); +{ + foreach ( @ARGV ) { + my ( $u, $s, @R) = split(/:/); + if ( $#R >= 0 ) { + print STDERR "ERROR: $_: Must use unixid[:ntid] SKIPPING...\n"; + next; + } + $s = $u unless ( defined( $s) ); + if ( ! exists( $U{$u}) ) { + print STDERR "ERROR: $u: Not in passwd database SKIPPING...\n"; + next; + } + if ( exists( $S{$u}) ) { + print STDERR "ERROR: $u: Already in smbpasswd database SKIPPING...\n"; + next; + } + print "Adding: $u to $smbpasswd\n"; + $S{$u} = $U{$u}; + if ( $u ne $s ) { + if ( exists( $M{$u}) ) { + if ( $M{$u} !~ /\b$s\b/ ) { + print "Adding: $s to $u in $user_map\n"; + $M{$u} .= " $s"; + } + } else { + print "Mapping: $s to $u in $user_map\n"; + $M{$u} = $s; + } + } + $N{$u} = $s; + } +} +# rewrite $smbpasswd +{ + open( OUT, "> $smbpasswd.new") || die( "ERROR: open($smbpasswd.new): $!\n"); + $Cs = "#\n# SMB password file.\n#\n" unless ( $Cs ); + print OUT $Cs; + foreach ( sort( keys( %S)) ) { + print OUT $S{$_}; + } + close( OUT); + rename( $smbpasswd, $smbpasswd . "-"); + rename( $smbpasswd . ".new", $smbpasswd) || die; +} +# rewrite $user_map +{ + open( OUT, "> $user_map.new") || die( "ERROR: open($user_map.new): $!\n"); + $Cm = "# Unix_name = SMB_name1 SMB_name2 ...\n" unless ( $Cm ); + print OUT $Cm; + foreach ( sort( keys( %M)) ) { + print OUT "$_ = $M{$_}\n"; + } + close( OUT); + rename( $user_map, $user_map . "-"); + rename( $user_map . ".new", $user_map) || die; +} +# call 'smbpasswd' for each new +{ + foreach ( sort( keys( %N)) ) { + print $line . "\n"; + print "ENTER password for $_\n"; + system( "smbpasswd $_"); + } +} + diff --git a/packaging/Caldera/OpenLinux/smbprint b/packaging/Caldera/OpenLinux/smbprint new file mode 100755 index 00000000000..5d66aa13774 --- /dev/null +++ b/packaging/Caldera/OpenLinux/smbprint @@ -0,0 +1,77 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +# +# Debugging log file, change to /dev/null if you like. +# +# logfile=/tmp/smb-print.log +logfile=/dev/null + + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +eval `cat $config_file` + +# +# Some debugging help, change the >> to > if you want to save space. +# +echo "server $server, service $service" >> $logfile + +( +# NOTE You may wish to add the line `echo translate' if you want automatic +# CR/LF translation when printing. +# echo translate + echo "print -" + cat +) | /usr/bin/smbclient "//$server/$service" $password -U $server -N -P >> $logfile 2>&1 diff --git a/packaging/Caldera/OpenLinux/smbusers b/packaging/Caldera/OpenLinux/smbusers new file mode 100644 index 00000000000..ae3389f53f8 --- /dev/null +++ b/packaging/Caldera/OpenLinux/smbusers @@ -0,0 +1,3 @@ +# Unix_name = SMB_name1 SMB_name2 ... +root = administrator admin +nobody = guest pcguest smbguest diff --git a/packaging/Caldera/OpenLinux/updatesmbpasswd.perl b/packaging/Caldera/OpenLinux/updatesmbpasswd.perl new file mode 100755 index 00000000000..60f572b4905 --- /dev/null +++ b/packaging/Caldera/OpenLinux/updatesmbpasswd.perl @@ -0,0 +1,10 @@ +#!/usr/bin/perl -w +while ( <> ) { + print; + @V = split(/:/); + $_ = $V[3]; + if ( $V[0] !~ /^\#/ && !(/^[0-9A-F]{32}$/ || /^X{32}$/ || /^\*{32}$/) ) { + $V[3] = "X" x 32; + } + print( join( ':', @V)); +} diff --git a/packaging/Caldera/OpenServer/Clean b/packaging/Caldera/OpenServer/Clean new file mode 100755 index 00000000000..fe4eed25270 --- /dev/null +++ b/packaging/Caldera/OpenServer/Clean @@ -0,0 +1,22 @@ +#!/bin/sh +# +# Cleanup after having configured, compiled, installed and packaged. +# Careful - running this script attempts to restore this hierarchy to +# freshly unpacked source +# +# Invoke as "./Clean -n" to get this script to tell you what it would do +# without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +[ -d dist ] && $V rm -rf dist +[ -f ../../../source/Makefile ] && { + $V cd ../../../source + $V rm -f bin/locktest bin/masktest bin/smbsh bin/debug2html \ + bin/locktest2 bin/smbfilter bin/smbtorture + $V make clean + $V make distclean + $V rm -f mout* +} diff --git a/packaging/Caldera/OpenServer/Compile b/packaging/Caldera/OpenServer/Compile new file mode 100755 index 00000000000..cba414ec743 --- /dev/null +++ b/packaging/Caldera/OpenServer/Compile @@ -0,0 +1,48 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +CC="gcc -I/usr/local/include -L/usr/local/lib" +CFLAGS="-O3 -I/usr/local/include -L/usr/local/lib" +CXX="g++" +CXXFLAGS="-O3 -I/usr/local/include/stl -I/usr/local/include -L/usr/local/lib" +RANLIB=true +MAKE=/usr/local/bin/make +if [ "$V" = "echo" ] +then + echo "exporting the following shell variables:" + echo "CC=$CC" + echo "CXX=$CXX" + echo "RANLIB=$RANLIB" + echo "MAKE=$MAKE" + echo "CFLAGS=$CFLAGS" + echo "CXXFLAGS=$CXXFLAGS" +else + export CC CXX RANLIB MAKE CFLAGS CXXFLAGS +fi + +if [ "$V" = "echo" ] +then + echo "cd ../../../source" + echo "rm -f mout-1 mout-2 mout-3 mout-4" + echo "make all 2>&1 | tee mout-1" + echo "make smbfilter smbtorture debug2html 2>&1 | tee mout-2" + echo "make bin/smbspool smbwrapper bin/wbinfo 2>&1 | tee mout-3" + echo "make masktest locktest locktest2 2>&1 | tee mout-3" +else + cd ../../../source + rm -f mout-1 mout-2 mout-3 mout-4 + make all 2>&1 | tee mout-1 + make smbfilter smbtorture debug2html 2>&1 | tee mout-2 + make bin/smbspool smbwrapper bin/wbinfo 2>&1 | tee mout-3 + make masktest locktest locktest2 2>&1 | tee mout-3 +fi +# +# Not building : +# nsswitch - no +# rpctorture - improper use of client_info struct, dunno diff --git a/packaging/Caldera/OpenServer/Configure b/packaging/Caldera/OpenServer/Configure new file mode 100755 index 00000000000..65a4f1186fa --- /dev/null +++ b/packaging/Caldera/OpenServer/Configure @@ -0,0 +1,73 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +CC="gcc -I/usr/local/include -L/usr/local/lib" +CFLAGS="-O3 -I/usr/local/include -L/usr/local/lib" +CXX="g++" +CXXFLAGS="-O3 -I/usr/local/include/stl -I/usr/local/include -L/usr/local/lib" +RANLIB=true +MAKE=/usr/local/bin/make +PREFIX=/usr/local/samba +if [ "$V" = "echo" ] +then + echo "exporting the following shell variables:" + echo "CC=$CC" + echo "CXX=$CXX" + echo "RANLIB=$RANLIB" + echo "MAKE=$MAKE" + echo "CFLAGS=$CFLAGS" + echo "CXXFLAGS=$CXXFLAGS" + echo "PREFIX=$PREFIX" +else + export CC CXX RANLIB MAKE CFLAGS CXXFLAGS PREFIX +fi + +cd ../../../source +[ -f mout-config ] && { + if [ "$V" = "echo" ] + then + echo "mv mout-config mout-config$$" + else + mv mout-config mout-config$$ + fi +} +if [ "$V" = "echo" ] +then + echo "./configure \ + --prefix=${PREFIX} \ + --with-profile \ + --with-syslog \ + --with-utmp \ + --with-vfs \ + --with-msdfs \ + --with-netatalk \ + --with-sambabook=${PREFIX}/swat/using_samba \ + 2>&1 | tee mout-config" +else + ./configure \ + --prefix=${PREFIX} \ + --with-profile \ + --with-syslog \ + --with-utmp \ + --with-vfs \ + --with-msdfs \ + --with-netatalk \ + --with-sambabook=${PREFIX}/swat/using_samba \ + 2>&1 | tee mout-config +fi + +cat >> include/config.h < /tmp/nouser$$ +cp /tmp/nouser$$ include/local.h +rm -f /tmp/nouser$$ diff --git a/packaging/Caldera/OpenServer/Install b/packaging/Caldera/OpenServer/Install new file mode 100755 index 00000000000..ab27b6f67fa --- /dev/null +++ b/packaging/Caldera/OpenServer/Install @@ -0,0 +1,156 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +# Make sure we pick up the install binary from /usr/local/bin +# rather than /etc/install +PATH=/usr/local/bin:$PATH +export PATH + +PREFIX=/usr/local/samba +HERE=`pwd` +PKGDIR=packaging/Caldera/OpenServer + +BUILD_ROOT=${HERE}/dist +BLDFIX=${BUILD_ROOT}/${PREFIX} +$V rm -rf $BUILD_ROOT +$V mkdir -p $BUILD_ROOT/etc/init.d +$V mkdir -p ${BLDFIX}/bin +$V mkdir -p ${BLDFIX}/sbin +$V mkdir -p ${BLDFIX}/swat/using_samba/gifs +$V mkdir -p ${BLDFIX}/swat/using_samba/figs +$V mkdir -p ${BLDFIX}/swat/images +$V mkdir -p ${BLDFIX}/swat/help +$V mkdir -p ${BLDFIX}/swat/include +$V mkdir -p ${BLDFIX}/man/man.1 +$V mkdir -p ${BLDFIX}/man/man.5 +$V mkdir -p ${BLDFIX}/man/man.7 +$V mkdir -p ${BLDFIX}/man/man.8 +$V mkdir -p ${BLDFIX}/var/locks +$V mkdir -p ${BLDFIX}/lib/codepages/src + +# Copy into the dist tree the custom data files +for i in Clean Install MakeSSO Packem Remove cdmt.config +do + $V cp pkg/$i ${BUILD_ROOT} +done +for i in cntl input +do + $V rm -rf ${BUILD_ROOT}/$i + $V cp -r pkg/$i ${BUILD_ROOT}/$i +done + +cd ../../.. + +# Install standard binary files +for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \ + make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool \ + smbsh +do +$V install -m755 -s source/bin/$i ${BLDFIX}/bin +done +for i in mksmbpasswd.sh smbtar +do +$V install -m755 source/script/$i ${BLDFIX}/bin +done + +# Install secure binary files +for i in smbd nmbd swat debug2html smbtorture smbfilter locktest2 masktest +do +$V install -m755 -s source/bin/$i ${BLDFIX}/sbin +done + + +# Install level 1 man pages +for i in *.1 +do +$V install -m644 docs/manpages/$i ${BLDFIX}/man/man.1 +done + +# Install codepage source files +for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +do +$V install -m644 source/codepages/codepage_def.$i ${BLDFIX}/lib/codepages/src +done +for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +do +$V install -m644 source/codepages/CP$i.TXT ${BLDFIX}/lib/codepages/src +done + +# Install SWAT helper files +for i in swat/help/*.html docs/htmldocs/*.html +do +$V install -m644 $i ${BLDFIX}/swat/help +done +for i in swat/images/*.gif +do +$V install -m644 $i ${BLDFIX}/swat/images +done +for i in swat/include/*.html +do +$V install -m644 $i ${BLDFIX}/swat/include +done + +# This is the O'Reily Samba Book - on-line +for i in docs/htmldocs/using_samba/*.html +do +$V install -m644 $i ${BLDFIX}/swat/using_samba +done +for i in docs/htmldocs/using_samba/figs/*.gif +do +$V install -m644 $i ${BLDFIX}/swat/using_samba/figs +done +for i in docs/htmldocs/using_samba/gifs/*.gif +do +$V install -m644 $i ${BLDFIX}/swat/using_samba/gifs +done + +# Install the miscellany +$V install -m644 swat/README ${BLDFIX}/swat +$V install -m644 docs/manpages/smb.conf.5 ${BLDFIX}/man/man.5 +$V install -m644 docs/manpages/lmhosts.5 ${BLDFIX}/man/man.5 +$V install -m644 docs/manpages/smbpasswd.5 ${BLDFIX}/man/man.5 +$V install -m644 docs/manpages/samba.7 ${BLDFIX}/man/man.7 +$V install -m644 docs/manpages/smbd.8 ${BLDFIX}/man/man.8 +$V install -m644 docs/manpages/nmbd.8 ${BLDFIX}/man/man.8 +$V install -m644 docs/manpages/smbpasswd.8 ${BLDFIX}/man/man.8 +$V install -m644 docs/manpages/swat.8 ${BLDFIX}/man/man.8 +$V install -m644 docs/manpages/smbmount.8 ${BLDFIX}/man/man.8 +$V install -m644 docs/manpages/smbmnt.8 ${BLDFIX}/man/man.8 +$V install -m644 docs/manpages/smbumount.8 ${BLDFIX}/man/man.8 +$V install -m644 ${PKGDIR}/smb.conf ${BLDFIX}/lib/smb.conf +$V install -m644 ${PKGDIR}/smbusers $BUILD_ROOT/etc/smbusers +$V install -m755 ${PKGDIR}/smbprint ${BLDFIX}/bin +$V install -m755 ${PKGDIR}/findsmb ${BLDFIX}/bin +$V install -m755 ${PKGDIR}/smbadduser ${BLDFIX}/bin +$V install -m755 ${PKGDIR}/smb.init $BUILD_ROOT/etc/init.d/samba + +# The following is now done in the postinstall script +# +# if [ "$V" = "echo" ] +# then +# echo "echo 127.0.0.1 localhost > $BUILD_ROOT/etc/lmhosts" +# else +# echo 127.0.0.1 localhost > $BUILD_ROOT/etc/lmhosts +# fi +# +# Build codepage load files +# $V cd ${BLDFIX}/lib/codepages +# for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +# do +# $V ${PREFIX}/bin/make_smbcodepage c $i \ +# ${BLDFIX}/lib/codepages/src/codepage_def.$i \ +# ${BLDFIX}/lib/codepages/codepage.$i +# done +# for i in 437 737 850 852 861 866 932 936 949 950 \ +# ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +# do +# $V ${PREFIX}/bin/make_unicodemap $i \ +# ${BLDFIX}/lib/codepages/src/CP$i.TXT \ +# ${BLDFIX}/lib/codepages/unicode_map.$i +# done diff --git a/packaging/Caldera/OpenServer/Makevol b/packaging/Caldera/OpenServer/Makevol new file mode 100755 index 00000000000..dc57b246ef5 --- /dev/null +++ b/packaging/Caldera/OpenServer/Makevol @@ -0,0 +1,10 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +./Configure $* +./Compile $* +./Install $* +./Package $* diff --git a/packaging/Caldera/OpenServer/Package b/packaging/Caldera/OpenServer/Package new file mode 100755 index 00000000000..c954e55e1e8 --- /dev/null +++ b/packaging/Caldera/OpenServer/Package @@ -0,0 +1,13 @@ +#!/bin/ksh +# +# Now create the actual custom installable media images +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +$V cd dist +$V ./MakeSSO diff --git a/packaging/Caldera/OpenServer/README b/packaging/Caldera/OpenServer/README new file mode 100644 index 00000000000..794bf546049 --- /dev/null +++ b/packaging/Caldera/OpenServer/README @@ -0,0 +1,44 @@ +Preparation Date: April 13, 2001 +Preparer: Ronald Joe Record + +Instructions: Preparing Samba Packages for SCO OpenServer +=============================================================== + +We provide support only for current versions of SCO OpenServer + +The file samba-2.2-osr5.patch is a patch file suitable for use +with the patch command as follows: + + # cd ../../../source + # patch -p 0 -i ../packaging/Caldera/OpenServer/samba-2.2-osr5.patch + +The files modified by this patch are: + utils/torture.c + utils/locktest.c + utils/locktest2.c + +This patch should only be necessary until these changes are accepted +back into the 2.2 source tree. Until then, this patch must be applied +prior to building Samba 2.2 on SCO OpenServer 5. + +To produce the custom installable media images simply type (in this directory): + # ./Makevol + +The resultant samba media images should reside in the ./dist subdirectory. +To install from the media images, issue the command (as root): + + # cd dist + # ./Install + +Alternately, each of the steps in building the media images may be performed +individually by invoking each of the following: + + # ./Configure + # ./Compile + # ./Install + # ./Package + +If files are added or deleted from the SCO OpenServer Samba distribution then +the prototype file in the pkg directory should be appropriately modified. +The files in the pkg subdirectory were initially created using the mkpkg +package from SCO Skunkware (see http://www.sco.com/skunkware). diff --git a/packaging/Caldera/OpenServer/findsmb b/packaging/Caldera/OpenServer/findsmb new file mode 100755 index 00000000000..bb91c784b89 --- /dev/null +++ b/packaging/Caldera/OpenServer/findsmb @@ -0,0 +1,141 @@ +#!/usr/local/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/local/samba/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00>/,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/Caldera/OpenServer/pkg/Clean b/packaging/Caldera/OpenServer/pkg/Clean new file mode 100755 index 00000000000..fa68f18118c --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/Clean @@ -0,0 +1,3 @@ +#!/bin/sh + +rm -rf archives sso usr diff --git a/packaging/Caldera/OpenServer/pkg/Install b/packaging/Caldera/OpenServer/pkg/Install new file mode 100755 index 00000000000..ef0f61f33e1 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/Install @@ -0,0 +1 @@ +custom -p SKUNK2000:Samba -i -z `pwd`/archives/FLOPPY diff --git a/packaging/Caldera/OpenServer/pkg/MakeSSO b/packaging/Caldera/OpenServer/pkg/MakeSSO new file mode 100755 index 00000000000..538aaf58f77 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/MakeSSO @@ -0,0 +1,25 @@ +: +# MakeSSO +# + +rm -rf archives sso + + CDMT_DIR=`pwd`; export CDMT_DIR + Samba_DIR=`pwd`; export Samba_DIR + cdmtParse + if test $? != 0 + then + exit 1 + fi + + cdmtCompress + if test $? != 0 + then + exit 1 + fi + + cdmtArchive + if test $? != 0 + then + exit 1 + fi diff --git a/packaging/Caldera/OpenServer/pkg/Packem b/packaging/Caldera/OpenServer/pkg/Packem new file mode 100755 index 00000000000..a1b67e972d9 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/Packem @@ -0,0 +1,15 @@ +#!/bin/sh + +P=`pwd` +PKGTAR=`basename $P`-VOLS.tar +PKGDIST=`basename $P`-dist.tar.gz + +DIRS=usr +[ -d etc ] && DIRS="etc usr" +cd archives/FLOPPY +tar cf ../../$PKGTAR VOL* +cd ../.. +tar cf - $DIRS | /usr/local/bin/gzip -9 > $PKGDIST +[ -f $PKGTAR ] && rm -rf archives +[ -f $PKGDIST ] && rm -rf $DIRS +rm -rf sso diff --git a/packaging/Caldera/OpenServer/pkg/Remove b/packaging/Caldera/OpenServer/pkg/Remove new file mode 100755 index 00000000000..ea6102ac38a --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/Remove @@ -0,0 +1,16 @@ +#!/bin/sh +# +# Generic command-line Software Manger (custom) removal from +# media images. Based on the installation script by Phil Hollenback +# (philiph@sco.com) and Ron Record (rr@sco.com) +# + +# Set this to be the full pathname to the directory +# where your media images are: +VDIR=`pwd`/archives/FLOPPY +VOLS=$VDIR/VOL.000.000 + +component=`grep "component" < $VOLS | head -1 | cut -d= -f2 | cut -d: -f1` +package=`grep "component" < $VOLS | head -1 | cut -d= -f2 | cut -d: -f2` + +custom -p $component:$package -r diff --git a/packaging/Caldera/OpenServer/pkg/cdmt.config b/packaging/Caldera/OpenServer/pkg/cdmt.config new file mode 100644 index 00000000000..e11c1961f22 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/cdmt.config @@ -0,0 +1,34 @@ +MACROS: + +DEFAULT_EXEC_MODE = 0755 + +DEFAULT_FILE_MODE = 0644 +DEFAULT_FILE_OWNER = bin +DEFAULT_FILE_GROUP = bin + +DEFAULT_DIR_MODE = 0755 +DEFAULT_DIR_OWNER = bin +DEFAULT_DIR_GROUP = bin + +DEFAULT_FIFO_MODE = 0644 +DEFAULT_FIFO_OWNER = bin +DEFAULT_FIFO_GROUP = bin + +DEFAULT_DISTTREEROOT_SHARED = $CDMT_DIR +DEFAULT_DISTTREEROOT_CLIENT = $CDMT_DIR + +CONFIG: + removeFiles = FALSE + removalPrompt = FALSE + archiveMedia = FLOPPY + compress = TRUE + ssoDir = sso + +FLOPPY_MEDIA: + device = /dev/rfd0 + volumeSize = 8000 + distVendor = SCO + distVersion = 2.2 + distCode = SKUNK2000 + paperLabel = "SCO Skunkware Samba 2.2" + diff --git a/packaging/Caldera/OpenServer/pkg/cntl/ccs b/packaging/Caldera/OpenServer/pkg/cntl/ccs new file mode 100755 index 00000000000..0cb22490e47 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/cntl/ccs @@ -0,0 +1,108 @@ +#!/bin/sh +# +# Postinstallscript written by Ron Record (rr@sco.com) +# + +scriptname="$0" +step="$1" +keywords="$2" +pkglist="$3" + +# Source in the standard functions library, ccsSetup.sh +. ccsSetup.sh + +ccs_return_value=0 + +SPOOL=/var/spool/samba +SVCS=/etc/services +INET=/etc/inetd.conf +LMHOST=/etc/lmhosts +PREFIX=/usr/local/samba + +# +# Create /var/spool/samba, create an initial /etc/lmhosts, build the +# codepages and setup swat to be run out of inetd on port 901 +# +PostExport() +{ + [ -d $SPOOL ] || { + mkdir -p $SPOOL + chmod 1777 $SPOOL + } + if [ -f $LMHOST ] + then + grep localhost $LMHOST > /dev/null || { + echo 127.0.0.1 localhost >> $LMHOST + } + else + echo 127.0.0.1 localhost > $LMHOST + fi + + cd ${PREFIX}/lib/codepages + for i in 437 737 775 850 852 861 866 932 936 949 950 1251 + do + ${PREFIX}/bin/make_smbcodepage c $i \ + ${PREFIX}/lib/codepages/src/codepage_def.$i \ + ${PREFIX}/lib/codepages/codepage.$i + done + for i in 437 737 850 852 861 866 932 936 949 950 \ + ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R + do + ${PREFIX}/bin/make_unicodemap $i \ + ${PREFIX}/lib/codepages/src/CP$i.TXT \ + ${PREFIX}/lib/codepages/unicode_map.$i + done + + grep swat $SVCS > /dev/null || { + echo "swat 901/tcp # Samba Web Administration Tool " >> $SVCS + } + + grep swat $INET > /dev/null || { + echo "swat stream tcp nowait root /usr/local/samba/bin/swat swat " >> $INET + } + + kill -1 `ps -e | grep inetd | awk ' { print $1 } '` +} + +DisableStop() +{ + /etc/init.d/samba disable > /dev/null 2>&1 + /etc/init.d/samba stop > /dev/null 2>&1 +} + +# +# Remove /var/spool/samba and delete inetd entries for swat +# +PostUnexport() +{ + [ -d $SPOOL ] && { + rm -rf $SPOOL + } + + grep swat $SVCS > /dev/null && { + B=`basename $SVCS` + T=$B$$ + grep -v swat $SVCS > /tmp/$T + cp /tmp/$T $SVCS + rm -f /tmp/$T + } + + grep swat $INET > /dev/null || { + B=`basename $INET` + T=$B$$ + grep -v swat $INET > /tmp/$T + cp /tmp/$T $INET + rm -f /tmp/$T + } + + kill -1 `ps -e | grep inetd | awk ' { print $1 } '` +} + +case "$step" in + POST_EXPORT) PostExport ;; + PRE_UNEXPORT) DisableStop ;; + POST_UNEXPORT) PostUnexport ;; +esac + +exit $ccs_return_value + diff --git a/packaging/Caldera/OpenServer/pkg/input/Samba.cmpnt b/packaging/Caldera/OpenServer/pkg/input/Samba.cmpnt new file mode 100644 index 00000000000..245f6d12ce8 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/input/Samba.cmpnt @@ -0,0 +1,25 @@ + +COMP:SKUNK2000:Samba: +description = "Samba - A Windows SMB/CIFS fileserver for UNIX" +version = 2.2 +subpackages = Samba +required = Samba +dependencies = +distTreeRootSHARED = $Samba_DIR +distTreeRootCLIENT = $Samba_DIR +pkgFiles = $Samba_DIR/input/Samba.pkg + +FILE_DEFAULT: +mode = $DEFAULT_FILE_MODE +owner = $DEFAULT_FILE_OWNER +group = $DEFAULT_FILE_GROUP + +DIR_DEFAULT: +mode = $DEFAULT_DIR_MODE +owner = $DEFAULT_DIR_OWNER +group = $DEFAULT_DIR_GROUP + +FIFO_DEFAULT: +mode = $DEFAULT_FIFO_MODE +owner = $DEFAULT_FIFO_OWNER +group = $DEFAULT_FIFO_GROUP diff --git a/packaging/Caldera/OpenServer/pkg/input/Samba.pkg b/packaging/Caldera/OpenServer/pkg/input/Samba.pkg new file mode 100644 index 00000000000..ea76e74a610 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/input/Samba.pkg @@ -0,0 +1,1905 @@ + +PKG:Control: +description = "Control package" +dependencies = +distTreeRootSHARED = $Samba_DIR +distTreeRootCLIENT = $Samba_DIR + +DIR:Control:SHARED:cntl: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Control:SHARED:cntl/ccs: +mode = 0755 +owner = root +group = sys +flags = + +PKG:Samba: +description = "Samba - A Windows SMB/CIFS fileserver for UNIX" +dependencies = +distTreeRootSHARED = $Samba_DIR +distTreeRootCLIENT = $Samba_DIR + +DIR:Samba:SHARED:etc: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:etc/init.d: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:etc/init.d/samba: +mode = 0755 +owner = root +group = sys +flags = +exportPath = /etc/init.d/samba + +FILE:Samba:SHARED:etc/smbusers: +mode = 0644 +owner = root +group = sys +flags = +exportPath = /etc/smbusers + +DIR:Samba:SHARED:usr: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba: +mode = 0755 +owner = root +group = sys +flags = +exportPath = /usr/local/samba + +DIR:Samba:SHARED:usr/local/samba/bin: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/nmblookup: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbclient: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbpasswd: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbstatus: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/testparm: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/testprns: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/make_smbcodepage: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/make_unicodemap: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/make_printerdef: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/rpcclient: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbspool: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbsh: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/mksmbpasswd.sh: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbtar: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbprint: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/findsmb: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/bin/smbadduser: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/sbin: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/smbd: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/nmbd: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/swat: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/debug2html: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/smbtorture: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/smbfilter: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/locktest2: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/sbin/masktest: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat/using_samba: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat/using_samba/gifs: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/gifs/index.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/gifs/samba.s.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/gifs/txthome.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/gifs/txtnexta.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/gifs/txtpreva.gif: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat/using_samba/figs: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0101.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0102.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0103.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0104.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0105.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0106.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0107.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0108.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0109.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0110.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0111.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0112.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0113.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0114.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0201.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0202.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0203.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0204.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0301.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0302.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0303.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0304.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0305.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0306.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0307.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0308.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0309.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0310.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0311.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0312.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0313.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0314.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0315.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0316.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0317.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0318.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0319.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0320.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0321.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0322.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0323.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0324.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0325.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0326.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0327.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0328.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0401.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0402.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0403.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0404.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0405.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0406.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0407.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0501.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0502.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0503.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0504.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0505.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0506.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0507.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0508.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0601.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0602.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0603.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0604.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0605.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0606.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0701.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0702.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0703.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0704.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0705.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0706.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0707.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0708.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0709.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0801.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0802.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0803.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0804.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0805.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0901.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0902.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0903.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0904.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.0905.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.aa01.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.ab01.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/figs/sam.ab02.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appa_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appa_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appa_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appa_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appa_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appb_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appb_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appb_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appc_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appd_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appe_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/appf_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_06.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_07.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch01_08.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch02_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch02_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch02_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch02_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch02_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch02_06.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch03_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch03_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch03_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_06.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_07.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch04_08.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch05_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch05_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch05_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch05_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch05_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch06_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch06_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch06_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch06_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch06_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch06_06.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch07_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch07_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch07_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_04.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_05.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_06.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch08_07.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch09_01.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch09_02.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/ch09_03.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/index.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/inx.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/licenseinfo.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/using_samba/this_edition.html: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat/images: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/globals.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/home.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/passwd.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/printers.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/samba.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/shares.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/status.gif: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/images/viewconfig.gif: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat/help: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/welcome.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/DOMAIN_MEMBER.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/NT_Security.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/OS2-Client-HOWTO.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/Samba-HOWTO-Collection.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/UNIX_INSTALL.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/findsmb.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/lmhosts.5.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/make_smbcodepage.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/msdfs_setup.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/nmbd.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/nmblookup.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/printer_driver2.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/rpcclient.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/samba-pdc-faq.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/samba-pdc-howto.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/samba.7.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smb.conf.5.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbcacls.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbclient.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbcontrol.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbd.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbmnt.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbmount.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbpasswd.5.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbpasswd.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbrun.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbsh.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbspool.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbstatus.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbtar.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/smbumount.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/swat.8.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/testparm.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/testprns.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/wbinfo.1.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/winbind.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/help/winbindd.8.html: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/swat/include: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/include/footer.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/include/header.html: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/swat/README: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/man: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/man/man.1: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/findsmb.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/make_smbcodepage.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/make_unicodemap.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/nmblookup.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/rpcclient.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbcacls.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbclient.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbcontrol.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbrun.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbsh.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbstatus.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/smbtar.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/testparm.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/testprns.1: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.1/wbinfo.1: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/man/man.5: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.5/smb.conf.5: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.5/lmhosts.5: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.5/smbpasswd.5: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/man/man.7: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.7/samba.7: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/man/man.8: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/smbd.8: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/nmbd.8: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/smbpasswd.8: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/swat.8: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/smbmount.8: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/smbmnt.8: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/man/man.8/smbumount.8: +mode = 0644 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/var: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/var/locks: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/lib: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/lib/codepages: +mode = 0755 +owner = root +group = sys +flags = + +DIR:Samba:SHARED:usr/local/samba/lib/codepages/src: +mode = 0755 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.437: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.737: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.775: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.850: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.852: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.861: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.866: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.932: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.936: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.949: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.950: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/codepage_def.1251: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP437.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP737.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP850.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP852.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP861.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP866.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP932.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP936.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP949.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CP950.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CPISO8859-1.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CPISO8859-2.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CPISO8859-5.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CPISO8859-7.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/codepages/src/CPKOI8-R.TXT: +mode = 0644 +owner = root +group = sys +flags = + +FILE:Samba:SHARED:usr/local/samba/lib/smb.conf: +mode = 0644 +owner = root +group = sys +flags = diff --git a/packaging/Caldera/OpenServer/pkg/input/Samba.prd b/packaging/Caldera/OpenServer/pkg/input/Samba.prd new file mode 100644 index 00000000000..e31c8bfe8e8 --- /dev/null +++ b/packaging/Caldera/OpenServer/pkg/input/Samba.prd @@ -0,0 +1,6 @@ +PROD:SKUNK2000:Samba: +description = "Samba - A Windows SMB/CIFS fileserver for UNIX" +version = 2.2 +packages = SKUNK2000:Samba +required = SKUNK2000:Samba +cmpntFiles = Samba.cmpnt diff --git a/packaging/Caldera/OpenServer/samba-2.2-osr5.patch b/packaging/Caldera/OpenServer/samba-2.2-osr5.patch new file mode 100644 index 00000000000..fb71d9298b4 --- /dev/null +++ b/packaging/Caldera/OpenServer/samba-2.2-osr5.patch @@ -0,0 +1,29 @@ +--- utils/torture.c.00 Fri Mar 30 13:53:26 2001 ++++ utils/torture.c Fri Apr 13 15:06:04 2001 +@@ -2703,7 +2703,11 @@ + + dbf = stdout; + ++#if defined(_SCO_DS) /* SCO OpenServer */ ++ setvbuf(stdout, NULL, _IONBF, 0); ++#else + setbuffer(stdout, NULL, 0); ++#endif + + charset_initialise(); + +--- utils/locktest.c.00 Fri Sep 29 13:18:14 2000 ++++ utils/locktest.c Fri Apr 13 17:54:11 2001 +@@ -384,8 +384,12 @@ + recorded[n].conn = random() % NCONNECTIONS; + recorded[n].f = random() % NFILES; + recorded[n].start = LOCKBASE + ((unsigned)random() % (LOCKRANGE-1)); ++#if defined(_SCO_DS) /* OpenServer */ ++ recorded[n].len = 1; ++#else + recorded[n].len = 1 + + random() % (LOCKRANGE-(recorded[n].start-LOCKBASE)); ++#endif + recorded[n].start *= RANGE_MULTIPLE; + recorded[n].len *= RANGE_MULTIPLE; + recorded[n].r1 = random() % 100; diff --git a/packaging/Caldera/OpenServer/smb.conf b/packaging/Caldera/OpenServer/smb.conf new file mode 100644 index 00000000000..717c4efb174 --- /dev/null +++ b/packaging/Caldera/OpenServer/smb.conf @@ -0,0 +1,291 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not many any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this + printcap name = lpstat + load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx + printing = sysv + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nouser" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /usr/local/samba/var/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = yes +; printable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/Caldera/OpenServer/smb.init b/packaging/Caldera/OpenServer/smb.init new file mode 100755 index 00000000000..ce6c6fa4b38 --- /dev/null +++ b/packaging/Caldera/OpenServer/smb.init @@ -0,0 +1,76 @@ +#!/bin/sh +#ident "@(#)samba.server 1.0 96/06/19 TK" /* SVr4.0 1.1.13.1*/ +# +# Please send info on modifications to knuutila@cs.utu.fi +# +# This file should have uid root, gid sys and chmod 744 +# +# Modified 17-Jul-99 by Ron Record (rr@sco.com) for use in SCO Skunkware +# + +SAMBADIR=/usr/local/samba +RCSCRIPT=/etc/rc2.d/S99samba + +if [ ! -d /usr/bin ] +then # /usr not mounted + exit +fi + +killproc() { # kill the named process(es) + if [ -f $SAMBADIR/var/locks/$1.pid ] + then + kill `cat $SAMBADIR/var/locks/$1.pid` + else + pid=`/usr/bin/ps -e | + /usr/bin/grep $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid + fi +} + +start() { +# +# Edit these lines to suit your installation (paths, workgroup, host) +# + $SAMBADIR/sbin/smbd -D -s $SAMBADIR/lib/smb.conf + $SAMBADIR/sbin/nmbd -D -s $SAMBADIR/lib/smb.conf +} + +stop() { + killproc nmbd + killproc smbd +} + +# Start/stop processes required for samba server + +case "$1" in + +'start') + start + ;; +'stop') + stop + ;; +'restart') + stop + start + ;; +'enable') + if [ -h $RCSCRIPT ] ; then + echo "Samba is already enabled." + else + echo "Enabling Samba ... \c" + rm -f $RCSCRIPT + ln -s /etc/init.d/samba $RCSCRIPT + echo "Done" + fi + ;; +'disable') + echo "Disabling Samba ... \c" + rm -f $RCSCRIPT + echo "Done" + ;; +*) + echo "Usage: /etc/init.d/samba { start | stop | restart | enable | disable }" + ;; +esac diff --git a/packaging/Caldera/OpenServer/smbadduser b/packaging/Caldera/OpenServer/smbadduser new file mode 100755 index 00000000000..2f38bf28f1a --- /dev/null +++ b/packaging/Caldera/OpenServer/smbadduser @@ -0,0 +1,73 @@ +#!/bin/csh +# +# smbadduser - Written by Mike Zakharoff +# +unalias * +set path = ($path) + +set smbpasswd = /etc/smbpasswd +set user_map = /etc/smbusers +# +# Set to site specific passwd command +# +set passwd = "cat /etc/passwd" +#set passwd = "niscat passwd.org_dir" +#set passwd = "ypcat passwd" + +set line = "----------------------------------------------------------" +if ($#argv == 0) then + echo $line + echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com" + echo "" + echo " 1) Updates $smbpasswd" + echo " 2) Updates $user_map" + echo " 3) Executes smbpasswd for each new user" + echo "" + echo "smbadduser unixid:ntid unixid:ntid ..." + echo "" + echo "Example: smbadduser zak:zakharoffm johns:smithj" + echo $line + exit 1 +endif + +touch $smbpasswd $user_map +set new = () +foreach one ($argv) + echo $one | grep ':' >& /dev/null + if ($status != 0) then + echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm" + continue + endif + set unix = `echo $one | awk -F: '{print $1}'` + set ntid = `echo $one | awk -F: '{print $2}'` + + set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#usr != 1) then + echo "ERROR: $unix Not in passwd database SKIPPING..." + continue + endif + set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#tmp != 0) then + echo "ERROR: $unix is already in $smbpasswd SKIPPING..." + continue + endif + + echo "Adding: $unix to $smbpasswd" + eval $passwd | \ + awk -F: '$1==USR { \ + printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd + if ($unix != $ntid) then + echo "Adding: {$unix = $ntid} to $user_map" + echo "$unix = $ntid" >> $user_map + endif + set new = ($new $unix) +end + +# +# Enter password for new users +# +foreach one ($new) + echo $line + echo "ENTER password for $one" + smbpasswd $one +end diff --git a/packaging/Caldera/OpenServer/smbprint b/packaging/Caldera/OpenServer/smbprint new file mode 100755 index 00000000000..ec083eede62 --- /dev/null +++ b/packaging/Caldera/OpenServer/smbprint @@ -0,0 +1,77 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +# +# Debugging log file, change to /dev/null if you like. +# +# logfile=/tmp/smb-print.log +logfile=/dev/null + + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +eval `cat $config_file` + +# +# Some debugging help, change the >> to > if you want to same space. +# +echo "server $server, service $service" >> $logfile + +( +# NOTE You may wish to add the line `echo translate' if you want automatic +# CR/LF translation when printing. +# echo translate + echo "print -" + cat +) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile diff --git a/packaging/Caldera/OpenServer/smbusers b/packaging/Caldera/OpenServer/smbusers new file mode 100644 index 00000000000..08f611826ab --- /dev/null +++ b/packaging/Caldera/OpenServer/smbusers @@ -0,0 +1,3 @@ +# Unix_name = SMB_name1 SMB_name2 ... +root = administrator admin +nouser = guest pcguest smbguest diff --git a/packaging/Caldera/UnixWare/Clean b/packaging/Caldera/UnixWare/Clean new file mode 100755 index 00000000000..fe4eed25270 --- /dev/null +++ b/packaging/Caldera/UnixWare/Clean @@ -0,0 +1,22 @@ +#!/bin/sh +# +# Cleanup after having configured, compiled, installed and packaged. +# Careful - running this script attempts to restore this hierarchy to +# freshly unpacked source +# +# Invoke as "./Clean -n" to get this script to tell you what it would do +# without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +[ -d dist ] && $V rm -rf dist +[ -f ../../../source/Makefile ] && { + $V cd ../../../source + $V rm -f bin/locktest bin/masktest bin/smbsh bin/debug2html \ + bin/locktest2 bin/smbfilter bin/smbtorture + $V make clean + $V make distclean + $V rm -f mout* +} diff --git a/packaging/Caldera/UnixWare/Compile b/packaging/Caldera/UnixWare/Compile new file mode 100755 index 00000000000..2867e4d5ad5 --- /dev/null +++ b/packaging/Caldera/UnixWare/Compile @@ -0,0 +1,52 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +CC="cc -Kthread -Kalloca -I/usr/local/include -L/usr/local/lib" +CPP="$CC -E" +CFLAGS="-Xa -Dasm=__asm -DANSICPP -O3" +LDFLAGS="-L/usr/local/lib" +CXX="CC -I/usr/local/include" +CXXFLAGS="-O3 -I/usr/local/include/stl -L/usr/local/lib" +RANLIB=true +MAKE=/usr/local/bin/make +if [ "$V" = "echo" ] +then + echo "exporting the following shell variables:" + echo "CC=$CC" + echo "CPP=$CPP" + echo "CXX=$CXX" + echo "RANLIB=$RANLIB" + echo "MAKE=$MAKE" + echo "CFLAGS=$CFLAGS" + echo "CXXFLAGS=$CXXFLAGS" + echo "LDFLAGS=$LDFLAGS" +else + export CC CPP CXX RANLIB MAKE CFLAGS CXXFLAGS LDFLAGS +fi + +if [ "$V" = "echo" ] +then + echo "cd ../../../source" + echo "rm -f mout-1 mout-2 mout-3 mout-4" + echo "make all 2>&1 | tee mout-1" + echo "make smbfilter smbtorture debug2html 2>&1 | tee mout-2" + echo "make bin/smbspool smbwrapper bin/wbinfo 2>&1 | tee mout-3" + echo "make masktest locktest locktest2 2>&1 | tee mout-3" +else + cd ../../../source + rm -f mout-1 mout-2 mout-3 mout-4 + make all 2>&1 | tee mout-1 + make smbfilter smbtorture debug2html 2>&1 | tee mout-2 + make bin/smbspool smbwrapper bin/wbinfo 2>&1 | tee mout-3 + make masktest locktest locktest2 2>&1 | tee mout-3 +fi +# +# Not building : +# nsswitch - no +# rpctorture - improper use of client_info struct, dunno diff --git a/packaging/Caldera/UnixWare/Configure b/packaging/Caldera/UnixWare/Configure new file mode 100755 index 00000000000..e5a7fbba4dc --- /dev/null +++ b/packaging/Caldera/UnixWare/Configure @@ -0,0 +1,67 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +CC="cc -Kthread -Kalloca -I/usr/local/include -L/usr/local/lib" +CPP="$CC -E" +CFLAGS="-Xa -Dasm=__asm -DANSICPP -O3" +LDFLAGS="-L/usr/local/lib" +CXX="CC -I/usr/local/include" +CXXFLAGS="-O3 -I/usr/local/include/stl -L/usr/local/lib" +RANLIB=true +MAKE=/usr/local/bin/make +PREFIX=/usr/local/samba +if [ "$V" = "echo" ] +then + echo "exporting the following shell variables:" + echo "CC=$CC" + echo "CPP=$CPP" + echo "CXX=$CXX" + echo "RANLIB=$RANLIB" + echo "MAKE=$MAKE" + echo "CFLAGS=$CFLAGS" + echo "CXXFLAGS=$CXXFLAGS" + echo "LDFLAGS=$LDFLAGS" + echo "PREFIX=$PREFIX" +else + export CC CPP CXX RANLIB MAKE CFLAGS CXXFLAGS LDFLAGS PREFIX +fi + +cd ../../../source +[ -f mout-config ] && { + if [ "$V" = "echo" ] + then + echo "mv mout-config mout-config$$" + else + mv mout-config mout-config$$ + fi +} +if [ "$V" = "echo" ] +then + echo "./configure \ + --prefix=${PREFIX} \ + --with-profile \ + --with-syslog \ + --with-utmp \ + --with-vfs \ + --with-msdfs \ + --with-netatalk \ + --with-sambabook=${PREFIX}/swat/using_samba \ + 2>&1 | tee mout-config" +else + ./configure \ + --prefix=${PREFIX} \ + --with-profile \ + --with-syslog \ + --with-utmp \ + --with-vfs \ + --with-msdfs \ + --with-netatalk \ + --with-sambabook=${PREFIX}/swat/using_samba \ + 2>&1 | tee mout-config +fi diff --git a/packaging/Caldera/UnixWare/Install b/packaging/Caldera/UnixWare/Install new file mode 100755 index 00000000000..3fffc37d25a --- /dev/null +++ b/packaging/Caldera/UnixWare/Install @@ -0,0 +1,146 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +PREFIX=/usr/local/samba +HERE=`pwd` +PKGDIR=packaging/Caldera/UnixWare + +BUILD_ROOT=${HERE}/dist +BLDFIX=${BUILD_ROOT}/${PREFIX} +$V rm -rf $BUILD_ROOT +$V mkdir -p $BUILD_ROOT/etc/init.d +$V mkdir -p ${BLDFIX}/bin +$V mkdir -p ${BLDFIX}/sbin +$V mkdir -p ${BLDFIX}/swat/using_samba/gifs +$V mkdir -p ${BLDFIX}/swat/using_samba/figs +$V mkdir -p ${BLDFIX}/swat/images +$V mkdir -p ${BLDFIX}/swat/help +$V mkdir -p ${BLDFIX}/swat/include +$V mkdir -p ${BLDFIX}/man/man1 +$V mkdir -p ${BLDFIX}/man/man5 +$V mkdir -p ${BLDFIX}/man/man7 +$V mkdir -p ${BLDFIX}/man/man8 +$V mkdir -p ${BLDFIX}/var/locks +$V mkdir -p ${BLDFIX}/lib/codepages/src + +# Copy into the dist tree the pkg data files +for i in pkg/* +do + [ -f $i ] && $V cp $i ${BUILD_ROOT} +done + +cd ../../.. + +# Install standard binary files +for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \ + make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool \ + smbsh smbwrapper.so +do +$V install -m755 -s source/bin/$i ${BLDFIX}/bin +done +for i in mksmbpasswd.sh smbtar +do +$V install -m755 source/script/$i ${BLDFIX}/bin +done + +# Install secure binary files +for i in smbd nmbd swat debug2html smbtorture smbfilter locktest2 masktest +do +$V install -m755 -s source/bin/$i ${BLDFIX}/sbin +done + + +# Install level 1 man pages +for i in *.1 +do +$V install -m644 docs/manpages/$i ${BLDFIX}/man/man1 +done + +# Install codepage source files +for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +do +$V install -m644 source/codepages/codepage_def.$i ${BLDFIX}/lib/codepages/src +done +for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +do +$V install -m644 source/codepages/CP$i.TXT ${BLDFIX}/lib/codepages/src +done + +# Install SWAT helper files +for i in swat/help/*.html docs/htmldocs/*.html +do +$V install -m644 $i ${BLDFIX}/swat/help +done +for i in swat/images/*.gif +do +$V install -m644 $i ${BLDFIX}/swat/images +done +for i in swat/include/*.html +do +$V install -m644 $i ${BLDFIX}/swat/include +done + +# This is the O'Reily Samba Book - on-line +for i in docs/htmldocs/using_samba/*.html +do +$V install -m644 $i ${BLDFIX}/swat/using_samba +done +for i in docs/htmldocs/using_samba/figs/*.gif +do +$V install -m644 $i ${BLDFIX}/swat/using_samba/figs +done +for i in docs/htmldocs/using_samba/gifs/*.gif +do +$V install -m644 $i ${BLDFIX}/swat/using_samba/gifs +done + +# Install the miscellany +$V install -m644 swat/README ${BLDFIX}/swat +$V install -m644 docs/manpages/smb.conf.5 ${BLDFIX}/man/man5 +$V install -m644 docs/manpages/lmhosts.5 ${BLDFIX}/man/man5 +$V install -m644 docs/manpages/smbpasswd.5 ${BLDFIX}/man/man5 +$V install -m644 docs/manpages/samba.7 ${BLDFIX}/man/man7 +$V install -m644 docs/manpages/smbd.8 ${BLDFIX}/man/man8 +$V install -m644 docs/manpages/nmbd.8 ${BLDFIX}/man/man8 +$V install -m644 docs/manpages/smbpasswd.8 ${BLDFIX}/man/man8 +$V install -m644 docs/manpages/swat.8 ${BLDFIX}/man/man8 +$V install -m644 docs/manpages/smbmount.8 ${BLDFIX}/man/man8 +$V install -m644 docs/manpages/smbmnt.8 ${BLDFIX}/man/man8 +$V install -m644 docs/manpages/smbumount.8 ${BLDFIX}/man/man8 +$V install -m644 ${PKGDIR}/smb.conf ${BLDFIX}/lib/smb.conf +$V install -m644 ${PKGDIR}/smbusers $BUILD_ROOT/etc/smbusers +$V install -m755 ${PKGDIR}/smbprint ${BLDFIX}/bin +$V install -m755 ${PKGDIR}/findsmb ${BLDFIX}/bin +$V install -m755 ${PKGDIR}/smbadduser ${BLDFIX}/bin +$V install -m755 ${PKGDIR}/smb.init $BUILD_ROOT/etc/init.d/samba + +# The following is now done in the postinstall script +# +# if [ "$V" = "echo" ] +# then +# echo "echo 127.0.0.1 localhost > $BUILD_ROOT/etc/lmhosts" +# else +# echo 127.0.0.1 localhost > $BUILD_ROOT/etc/lmhosts +# fi +# +# Build codepage load files +# $V cd ${BLDFIX}/lib/codepages +# for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +# do +# $V ${PREFIX}/bin/make_smbcodepage c $i \ +# ${BLDFIX}/lib/codepages/src/codepage_def.$i \ +# ${BLDFIX}/lib/codepages/codepage.$i +# done +# for i in 437 737 850 852 861 866 932 936 949 950 \ +# ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +# do +# $V ${PREFIX}/bin/make_unicodemap $i \ +# ${BLDFIX}/lib/codepages/src/CP$i.TXT \ +# ${BLDFIX}/lib/codepages/unicode_map.$i +# done diff --git a/packaging/Caldera/UnixWare/Makepkg b/packaging/Caldera/UnixWare/Makepkg new file mode 100755 index 00000000000..dc57b246ef5 --- /dev/null +++ b/packaging/Caldera/UnixWare/Makepkg @@ -0,0 +1,10 @@ +#!/bin/ksh +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +./Configure $* +./Compile $* +./Install $* +./Package $* diff --git a/packaging/Caldera/UnixWare/Package b/packaging/Caldera/UnixWare/Package new file mode 100755 index 00000000000..f225b8eb7ea --- /dev/null +++ b/packaging/Caldera/UnixWare/Package @@ -0,0 +1,40 @@ +#!/bin/ksh +# +# Now create the actual pkgadd installable datastream +# +# invoke with -n as the first argument to get this script to tell +# you what it would do without doing anything +# + +V= +[ "$1" = "-n" ] && V=echo + +$V cd dist +PKGNAME=samba +PKGBLD=`pwd` +[ "$V" = "echo" ] && PKGBLD=$PKGBLD/dist + +PKGCOMPRESS="-c" +#PKGBLOCKLIM=2876 +PKGBLOCKLIM=6200 + +############################################################################## +# +# make filesystem-type package in directory ./$PKGNAME/ +# (source files reside in ./root) +# +# don't use PKGBLOCKLIM for now +# +$V pkgmk -o $PKGCOMPRESS -d $PKGBLD -r $PKGBLD +#pkgmk -o $PKGCOMPRESS -l $PKGBLOCKLIM -d $PKGBLD -r $PKGBLD +#pkgmk -o $PKGCOMPRESS -l $PKGBLOCKLIM -d $PKGBLD -r $PKGBLD/root + +# +# make $PKGNAME.pkg datastream-type package +# +$V pkgtrans -s $PKGBLD $PKGBLD/$PKGNAME.pkg $PKGNAME + +# +# remove filesystem-type package +# +#rm -rf $PKGBLD/$PKGNAME diff --git a/packaging/Caldera/UnixWare/README b/packaging/Caldera/UnixWare/README new file mode 100644 index 00000000000..74f8dc53d5d --- /dev/null +++ b/packaging/Caldera/UnixWare/README @@ -0,0 +1,54 @@ +Preparation Date: December 28, 2000 +Preparer: Ronald Joe Record + +Instructions: Preparing Samba Packages for UnixWare +=============================================================== + +We provide support only for current versions of UnixWare. + +The file samba-2.2-uw7.patch is a patch file suitable for use +with the patch command as follows: + + # cd ../../../source + # patch -p 0 -i ../packaging/Caldera/UnixWare/samba-2.2-uw7.patch + +The files modified by this patch are: + smbwrapper/smbw.c + tdb/tdb.c + utils/torture.c + utils/locktest.c + utils/locktest2.c + utils/masktest.c + utils/smbcacls.c + ltconfig + configure.in + +This patch should only be necessary until these changes are accepted +back into the 2.2 source tree. Until then, this patch must be applied +prior to building Samba 2.2 on UnixWare 7. After applying the patch it +is then necessary to run autoconf again and regenerate the configure file: + + # cd ../../../source + # autoconf + +To produce the pkgadd installable datastream simply type (in this directory): + # ./Makepkg + +The resultant samba.pkg should reside in the ./dist subdirectory. +To install from this pkgadd datastream, issue the command (as root): + + # cd dist + # pkgadd -d `pwd`/samba.pkg all + +Alternately, each of the steps in building the datastream may be performed +individually by invoking each of the following: + + # ./Configure + # ./Compile + # ./Install + # ./Package + +If files are added or deleted from the UnixWare Samba distribution then +the prototype file in the pkg directory should be appropriately modified. +The files in the pkg subdirectory were initially created using the mkpkg +package from SCO Skunkware (see http://www.sco.com/skunkware). diff --git a/packaging/Caldera/UnixWare/findsmb b/packaging/Caldera/UnixWare/findsmb new file mode 100755 index 00000000000..bb91c784b89 --- /dev/null +++ b/packaging/Caldera/UnixWare/findsmb @@ -0,0 +1,141 @@ +#!/usr/local/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/local/samba/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00>/,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/Caldera/UnixWare/pkg/admin b/packaging/Caldera/UnixWare/pkg/admin new file mode 100644 index 00000000000..fe2438c770c --- /dev/null +++ b/packaging/Caldera/UnixWare/pkg/admin @@ -0,0 +1 @@ +basedir=ask diff --git a/packaging/Caldera/UnixWare/pkg/pkginfo b/packaging/Caldera/UnixWare/pkg/pkginfo new file mode 100644 index 00000000000..c4d8bff0bb9 --- /dev/null +++ b/packaging/Caldera/UnixWare/pkg/pkginfo @@ -0,0 +1,10 @@ +PKG="samba" +NAME="Samba - A Windows SMB/CIFS fileserver for UNIX" +VERSION="2.2" +VENDOR="SCO" +HOTLINE="1-800-SCO-UNIX" +EMAIL="rr@sco.com" +CATEGORY="skunkware" +CLASSES="samba" +ARCH="i386" +BASEDIR=/ diff --git a/packaging/Caldera/UnixWare/pkg/postinstall b/packaging/Caldera/UnixWare/pkg/postinstall new file mode 100755 index 00000000000..4e202ae3543 --- /dev/null +++ b/packaging/Caldera/UnixWare/pkg/postinstall @@ -0,0 +1,56 @@ +#!/bin/sh +# +# Create /var/spool/samba, setup swat to be run out of inetd on port 901, +# initialize the lmhosts file and create the codepage load files +# +# Written 10-Aug-1999 by Ronald Joe Record (rr@sco.com) +# + +SPOOL=/var/spool/samba +SVCS=/etc/services +INET=/etc/inetd.conf +PREFIX=/usr/local/samba +LMHOST=/etc/lmhosts + +[ -d $SPOOL ] || { + mkdir -p $SPOOL + chmod 1777 $SPOOL +} + +grep swat $SVCS > /dev/null || { + echo "swat 901/tcp # Samba Web Administration Tool " >> $SVCS +} + +grep swat $INET > /dev/null || { + echo "swat stream tcp nowait root /usr/local/samba/bin/swat swat " >> $INET +} + +if [ -f $LMHOST ] +then + grep localhost $LMHOST > /dev/null || { + echo 127.0.0.1 localhost >> $LMHOST + } +else + echo 127.0.0.1 localhost > $LMHOST +fi + +# +# Build codepage load files +# + +cd ${PREFIX}/lib/codepages +for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +do + ${PREFIX}/bin/make_smbcodepage c $i \ + ${PREFIX}/lib/codepages/src/codepage_def.$i \ + ${PREFIX}/lib/codepages/codepage.$i +done +for i in 437 737 850 852 861 866 932 936 949 950 \ + ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +do + ${PREFIX}/bin/make_unicodemap $i \ + ${PREFIX}/lib/codepages/src/CP$i.TXT \ + ${PREFIX}/lib/codepages/unicode_map.$i +done + +kill -1 `ps -e | grep inetd | awk ' { print $1 } '` diff --git a/packaging/Caldera/UnixWare/pkg/postremove b/packaging/Caldera/UnixWare/pkg/postremove new file mode 100755 index 00000000000..dc81d6fa85f --- /dev/null +++ b/packaging/Caldera/UnixWare/pkg/postremove @@ -0,0 +1,30 @@ +#!/bin/sh +# +# Remove /var/spool/samba and delete inetd entries for swat +# + +SPOOL=/var/spool/samba +SVCS=/etc/services +INET=/etc/inetd.conf + +[ -d $SPOOL ] && { + rm -rf $SPOOL +} + +grep swat $SVCS > /dev/null && { + B=`basename $SVCS` + T=$B$$ + grep -v swat $SVCS > /tmp/$T + cp /tmp/$T $SVCS + rm -f /tmp/$T +} + +grep swat $INET > /dev/null || { + B=`basename $INET` + T=$B$$ + grep -v swat $INET > /tmp/$T + cp /tmp/$T $INET + rm -f /tmp/$T +} + +kill -1 `ps -e | grep inetd | awk ' { print $1 } '` diff --git a/packaging/Caldera/UnixWare/pkg/prototype b/packaging/Caldera/UnixWare/pkg/prototype new file mode 100644 index 00000000000..13a64b6feb1 --- /dev/null +++ b/packaging/Caldera/UnixWare/pkg/prototype @@ -0,0 +1,310 @@ +i admin=admin +i pkginfo=pkginfo +i postinstall=postinstall +i postremove=postremove + +d samba etc 0755 root sys +d samba etc/init.d 0755 root sys +f samba etc/init.d/samba 0755 root sys +f samba etc/smbusers 0644 root sys +d samba usr 0755 root sys +d samba usr/local 0755 root sys +d samba usr/local/samba 0755 root sys +d samba usr/local/samba/bin 0755 root sys +f samba usr/local/samba/bin/nmblookup 0755 root sys +f samba usr/local/samba/bin/smbclient 0755 root sys +f samba usr/local/samba/bin/smbpasswd 0755 root sys +f samba usr/local/samba/bin/smbstatus 0755 root sys +f samba usr/local/samba/bin/testparm 0755 root sys +f samba usr/local/samba/bin/testprns 0755 root sys +f samba usr/local/samba/bin/make_smbcodepage 0755 root sys +f samba usr/local/samba/bin/make_unicodemap 0755 root sys +f samba usr/local/samba/bin/make_printerdef 0755 root sys +f samba usr/local/samba/bin/rpcclient 0755 root sys +f samba usr/local/samba/bin/smbspool 0755 root sys +f samba usr/local/samba/bin/smbsh 0755 root sys +f samba usr/local/samba/bin/smbwrapper.so 0755 root sys +f samba usr/local/samba/bin/mksmbpasswd.sh 0755 root sys +f samba usr/local/samba/bin/smbtar 0755 root sys +f samba usr/local/samba/bin/smbprint 0755 root sys +f samba usr/local/samba/bin/findsmb 0755 root sys +f samba usr/local/samba/bin/smbadduser 0755 root sys +d samba usr/local/samba/sbin 0755 root sys +f samba usr/local/samba/sbin/smbd 0755 root sys +f samba usr/local/samba/sbin/nmbd 0755 root sys +f samba usr/local/samba/sbin/swat 0755 root sys +f samba usr/local/samba/sbin/debug2html 0755 root sys +f samba usr/local/samba/sbin/smbtorture 0755 root sys +f samba usr/local/samba/sbin/smbfilter 0755 root sys +f samba usr/local/samba/sbin/locktest2 0755 root sys +f samba usr/local/samba/sbin/masktest 0755 root sys +d samba usr/local/samba/swat 0755 root sys +d samba usr/local/samba/swat/using_samba 0755 root sys +d samba usr/local/samba/swat/using_samba/gifs 0755 root sys +f samba usr/local/samba/swat/using_samba/gifs/index.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/gifs/samba.s.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/gifs/txthome.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/gifs/txtnexta.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/gifs/txtpreva.gif 0644 root sys +d samba usr/local/samba/swat/using_samba/figs 0755 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0101.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0102.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0103.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0104.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0105.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0106.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0107.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0108.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0109.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0110.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0111.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0112.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0113.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0114.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0201.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0202.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0203.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0204.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0301.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0302.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0303.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0304.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0305.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0306.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0307.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0308.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0309.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0310.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0311.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0312.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0313.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0314.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0315.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0316.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0317.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0318.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0319.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0320.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0321.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0322.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0323.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0324.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0325.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0326.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0327.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0328.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0401.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0402.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0403.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0404.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0405.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0406.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0407.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0501.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0502.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0503.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0504.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0505.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0506.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0507.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0508.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0601.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0602.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0603.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0604.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0605.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0606.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0701.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0702.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0703.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0704.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0705.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0706.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0707.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0708.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0709.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0801.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0802.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0803.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0804.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0805.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0901.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0902.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0903.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0904.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.0905.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.aa01.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.ab01.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/figs/sam.ab02.gif 0644 root sys +f samba usr/local/samba/swat/using_samba/appa_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appa_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appa_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appa_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appa_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appb_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appb_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appb_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appc_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appd_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appe_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/appf_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_06.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_07.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch01_08.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch02_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch02_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch02_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch02_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch02_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch02_06.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch03_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch03_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch03_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_06.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_07.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch04_08.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch05_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch05_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch05_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch05_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch05_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch06_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch06_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch06_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch06_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch06_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch06_06.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch07_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch07_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch07_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_04.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_05.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_06.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch08_07.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch09_01.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch09_02.html 0644 root sys +f samba usr/local/samba/swat/using_samba/ch09_03.html 0644 root sys +f samba usr/local/samba/swat/using_samba/index.html 0644 root sys +f samba usr/local/samba/swat/using_samba/inx.html 0644 root sys +f samba usr/local/samba/swat/using_samba/licenseinfo.html 0644 root sys +f samba usr/local/samba/swat/using_samba/this_edition.html 0644 root sys +d samba usr/local/samba/swat/images 0755 root sys +f samba usr/local/samba/swat/images/globals.gif 0644 root sys +f samba usr/local/samba/swat/images/home.gif 0644 root sys +f samba usr/local/samba/swat/images/passwd.gif 0644 root sys +f samba usr/local/samba/swat/images/printers.gif 0644 root sys +f samba usr/local/samba/swat/images/samba.gif 0644 root sys +f samba usr/local/samba/swat/images/shares.gif 0644 root sys +f samba usr/local/samba/swat/images/status.gif 0644 root sys +f samba usr/local/samba/swat/images/viewconfig.gif 0644 root sys +d samba usr/local/samba/swat/help 0755 root sys +f samba usr/local/samba/swat/help/welcome.html 0644 root sys +f samba usr/local/samba/swat/help/DOMAIN_MEMBER.html 0644 root sys +f samba usr/local/samba/swat/help/NT_Security.html 0644 root sys +f samba usr/local/samba/swat/help/findsmb.1.html 0644 root sys +f samba usr/local/samba/swat/help/lmhosts.5.html 0644 root sys +f samba usr/local/samba/swat/help/make_smbcodepage.1.html 0644 root sys +f samba usr/local/samba/swat/help/nmbd.8.html 0644 root sys +f samba usr/local/samba/swat/help/nmblookup.1.html 0644 root sys +f samba usr/local/samba/swat/help/rpcclient.1.html 0644 root sys +f samba usr/local/samba/swat/help/samba-pdc-faq.html 0644 root sys +f samba usr/local/samba/swat/help/samba-pdc-howto.html 0644 root sys +f samba usr/local/samba/swat/help/samba.7.html 0644 root sys +f samba usr/local/samba/swat/help/smb.conf.5.html 0644 root sys +f samba usr/local/samba/swat/help/smbclient.1.html 0644 root sys +f samba usr/local/samba/swat/help/smbcontrol.1.html 0644 root sys +f samba usr/local/samba/swat/help/smbd.8.html 0644 root sys +f samba usr/local/samba/swat/help/smbpasswd.5.html 0644 root sys +f samba usr/local/samba/swat/help/smbpasswd.8.html 0644 root sys +f samba usr/local/samba/swat/help/smbrun.1.html 0644 root sys +f samba usr/local/samba/swat/help/smbsh.1.html 0644 root sys +f samba usr/local/samba/swat/help/smbspool.8.html 0644 root sys +f samba usr/local/samba/swat/help/smbstatus.1.html 0644 root sys +f samba usr/local/samba/swat/help/smbtar.1.html 0644 root sys +f samba usr/local/samba/swat/help/swat.8.html 0644 root sys +f samba usr/local/samba/swat/help/testparm.1.html 0644 root sys +f samba usr/local/samba/swat/help/testprns.1.html 0644 root sys +f samba usr/local/samba/swat/help/wbinfo.1.html 0644 root sys +f samba usr/local/samba/swat/help/winbindd.8.html 0644 root sys +d samba usr/local/samba/swat/include 0755 root sys +f samba usr/local/samba/swat/include/footer.html 0644 root sys +f samba usr/local/samba/swat/include/header.html 0644 root sys +f samba usr/local/samba/swat/README 0644 root sys +d samba usr/local/samba/man 0755 root sys +d samba usr/local/samba/man/man1 0755 root sys +f samba usr/local/samba/man/man1/findsmb.1 0644 root sys +f samba usr/local/samba/man/man1/make_smbcodepage.1 0644 root sys +f samba usr/local/samba/man/man1/make_unicodemap.1 0644 root sys +f samba usr/local/samba/man/man1/nmblookup.1 0644 root sys +f samba usr/local/samba/man/man1/smbclient.1 0644 root sys +f samba usr/local/samba/man/man1/smbcontrol.1 0644 root sys +f samba usr/local/samba/man/man1/smbrun.1 0644 root sys +f samba usr/local/samba/man/man1/smbsh.1 0644 root sys +f samba usr/local/samba/man/man1/smbstatus.1 0644 root sys +f samba usr/local/samba/man/man1/smbtar.1 0644 root sys +f samba usr/local/samba/man/man1/testparm.1 0644 root sys +f samba usr/local/samba/man/man1/testprns.1 0644 root sys +f samba usr/local/samba/man/man1/wbinfo.1 0644 root sys +d samba usr/local/samba/man/man5 0755 root sys +f samba usr/local/samba/man/man5/smb.conf.5 0644 root sys +f samba usr/local/samba/man/man5/lmhosts.5 0644 root sys +f samba usr/local/samba/man/man5/smbpasswd.5 0644 root sys +d samba usr/local/samba/man/man7 0755 root sys +f samba usr/local/samba/man/man7/samba.7 0644 root sys +d samba usr/local/samba/man/man8 0755 root sys +f samba usr/local/samba/man/man8/smbd.8 0644 root sys +f samba usr/local/samba/man/man8/nmbd.8 0644 root sys +f samba usr/local/samba/man/man8/smbpasswd.8 0644 root sys +f samba usr/local/samba/man/man8/swat.8 0644 root sys +f samba usr/local/samba/man/man8/smbmount.8 0644 root sys +f samba usr/local/samba/man/man8/smbmnt.8 0644 root sys +f samba usr/local/samba/man/man8/smbumount.8 0644 root sys +d samba usr/local/samba/var 0755 root sys +d samba usr/local/samba/var/locks 0755 root sys +d samba usr/local/samba/lib 0755 root sys +d samba usr/local/samba/lib/codepages 0755 root sys +d samba usr/local/samba/lib/codepages/src 0755 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.437 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.737 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.775 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.850 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.852 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.861 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.866 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.932 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.936 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.949 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.950 0644 root sys +f samba usr/local/samba/lib/codepages/src/codepage_def.1251 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP437.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP737.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP850.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP852.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP861.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP866.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP932.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP936.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP949.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CP950.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CPISO8859-1.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CPISO8859-2.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CPISO8859-5.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CPISO8859-7.TXT 0644 root sys +f samba usr/local/samba/lib/codepages/src/CPKOI8-R.TXT 0644 root sys +f samba usr/local/samba/lib/smb.conf 0644 root sys +d samba usr/local/man 0755 root sys +d samba usr/local/man/html 0755 root sys +s samba usr/local/man/html/samba=/usr/local/samba/swat/using_samba diff --git a/packaging/Caldera/UnixWare/samba-2.2-uw7-prototype.patch b/packaging/Caldera/UnixWare/samba-2.2-uw7-prototype.patch new file mode 100644 index 00000000000..7678379b063 --- /dev/null +++ b/packaging/Caldera/UnixWare/samba-2.2-uw7-prototype.patch @@ -0,0 +1,11 @@ +--- packaging/Caldera/UnixWare/pkg/prototype.00 Tue Jan 9 05:40:47 2001 ++++ packaging/Caldera/UnixWare/pkg/prototype Fri Apr 13 14:44:33 2001 +@@ -220,7 +220,7 @@ + f samba usr/local/samba/swat/help/make_smbcodepage.1.html 0644 root sys + f samba usr/local/samba/swat/help/nmbd.8.html 0644 root sys + f samba usr/local/samba/swat/help/nmblookup.1.html 0644 root sys +-f samba usr/local/samba/swat/help/rpcclient.8.html 0644 root sys ++f samba usr/local/samba/swat/help/rpcclient.1.html 0644 root sys + f samba usr/local/samba/swat/help/samba-pdc-faq.html 0644 root sys + f samba usr/local/samba/swat/help/samba-pdc-howto.html 0644 root sys + f samba usr/local/samba/swat/help/samba.7.html 0644 root sys diff --git a/packaging/Caldera/UnixWare/samba-2.2-uw7.patch b/packaging/Caldera/UnixWare/samba-2.2-uw7.patch new file mode 100644 index 00000000000..c4412e542ee --- /dev/null +++ b/packaging/Caldera/UnixWare/samba-2.2-uw7.patch @@ -0,0 +1,200 @@ +--- smbwrapper/smbw.c.orig Mon Jan 8 12:37:48 2001 ++++ smbwrapper/smbw.c Fri Apr 13 13:09:00 2001 +@@ -22,6 +22,11 @@ + #include "includes.h" + #include "realcalls.h" + ++#if defined(__USLC__) && defined(HAVE_SYS_ACL_H) ++#define GETACL ACL_GET ++#define GETACLCNT ACL_CNT ++#endif ++ + pstring smbw_cwd; + + static struct smbw_file *smbw_files; +@@ -1462,7 +1467,11 @@ + /***************************************************** + say no to acls + *******************************************************/ ++#if defined(__USLC__) ++ int smbw_acl(const char *pathp, int cmd, int nentries, void *aclbufp) ++#else + int smbw_acl(const char *pathp, int cmd, int nentries, aclent_t *aclbufp) ++#endif + { + if (cmd == GETACL || cmd == GETACLCNT) return 0; + errno = ENOSYS; +@@ -1474,7 +1483,11 @@ + /***************************************************** + say no to acls + *******************************************************/ ++#if defined(__USLC__) ++ int smbw_facl(int fd, int cmd, int nentries, void *aclbufp) ++#else + int smbw_facl(int fd, int cmd, int nentries, aclent_t *aclbufp) ++#endif + { + if (cmd == GETACL || cmd == GETACLCNT) return 0; + errno = ENOSYS; +--- tdb/tdb.c.orig Fri Apr 13 05:58:34 2001 ++++ tdb/tdb.c Fri Apr 13 13:34:18 2001 +@@ -856,7 +856,11 @@ + { + TDB_DATA key, dbuf; + struct list_struct rec; ++#if defined(__USLC__) ++ struct tdb_traverse_lock tl = { (struct tdb_traverse_lock *)0, 0, 0 }; ++#else + struct tdb_traverse_lock tl = { NULL, 0, 0 }; ++#endif + int ret, count = 0; + + /* This was in the initializaton, above, but the IRIX compiler +--- utils/torture.c.orig Fri Mar 30 13:53:26 2001 ++++ utils/torture.c Fri Apr 13 13:09:01 2001 +@@ -2703,7 +2703,11 @@ + + dbf = stdout; + ++#if defined(__USLC__) ++ setbuf(stdout, NULL); ++#else + setbuffer(stdout, NULL, 0); ++#endif + + charset_initialise(); + +--- utils/locktest.c.orig Fri Sep 29 13:18:14 2000 ++++ utils/locktest.c Fri Apr 13 13:09:01 2001 +@@ -34,7 +34,7 @@ + + #define FILENAME "\\locktest.dat" + #define LOCKRANGE 1000 +-#define LOCKBASE 0; ++#define LOCKBASE 0 + + /* + #define LOCKBASE (0x40000000 - 50) +@@ -59,6 +59,7 @@ + char needed; + }; + ++#ifndef __USLC__ + static struct record preset[] = { + #if 0 + {36, 5, 0, 0, 0, 8, 1}, +@@ -67,6 +68,7 @@ + {99, 11, 0, 0, 7, 1, 1}, + #endif + }; ++#endif /* __USLC__) */ + + static struct record *recorded; + +@@ -378,20 +380,23 @@ + recorded = (struct record *)malloc(sizeof(*recorded) * numops); + + for (n=0; n + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = yes +; printable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/Caldera/UnixWare/smb.init b/packaging/Caldera/UnixWare/smb.init new file mode 100755 index 00000000000..ce6c6fa4b38 --- /dev/null +++ b/packaging/Caldera/UnixWare/smb.init @@ -0,0 +1,76 @@ +#!/bin/sh +#ident "@(#)samba.server 1.0 96/06/19 TK" /* SVr4.0 1.1.13.1*/ +# +# Please send info on modifications to knuutila@cs.utu.fi +# +# This file should have uid root, gid sys and chmod 744 +# +# Modified 17-Jul-99 by Ron Record (rr@sco.com) for use in SCO Skunkware +# + +SAMBADIR=/usr/local/samba +RCSCRIPT=/etc/rc2.d/S99samba + +if [ ! -d /usr/bin ] +then # /usr not mounted + exit +fi + +killproc() { # kill the named process(es) + if [ -f $SAMBADIR/var/locks/$1.pid ] + then + kill `cat $SAMBADIR/var/locks/$1.pid` + else + pid=`/usr/bin/ps -e | + /usr/bin/grep $1 | + /usr/bin/sed -e 's/^ *//' -e 's/ .*//'` + [ "$pid" != "" ] && kill $pid + fi +} + +start() { +# +# Edit these lines to suit your installation (paths, workgroup, host) +# + $SAMBADIR/sbin/smbd -D -s $SAMBADIR/lib/smb.conf + $SAMBADIR/sbin/nmbd -D -s $SAMBADIR/lib/smb.conf +} + +stop() { + killproc nmbd + killproc smbd +} + +# Start/stop processes required for samba server + +case "$1" in + +'start') + start + ;; +'stop') + stop + ;; +'restart') + stop + start + ;; +'enable') + if [ -h $RCSCRIPT ] ; then + echo "Samba is already enabled." + else + echo "Enabling Samba ... \c" + rm -f $RCSCRIPT + ln -s /etc/init.d/samba $RCSCRIPT + echo "Done" + fi + ;; +'disable') + echo "Disabling Samba ... \c" + rm -f $RCSCRIPT + echo "Done" + ;; +*) + echo "Usage: /etc/init.d/samba { start | stop | restart | enable | disable }" + ;; +esac diff --git a/packaging/Caldera/UnixWare/smbadduser b/packaging/Caldera/UnixWare/smbadduser new file mode 100755 index 00000000000..2f38bf28f1a --- /dev/null +++ b/packaging/Caldera/UnixWare/smbadduser @@ -0,0 +1,73 @@ +#!/bin/csh +# +# smbadduser - Written by Mike Zakharoff +# +unalias * +set path = ($path) + +set smbpasswd = /etc/smbpasswd +set user_map = /etc/smbusers +# +# Set to site specific passwd command +# +set passwd = "cat /etc/passwd" +#set passwd = "niscat passwd.org_dir" +#set passwd = "ypcat passwd" + +set line = "----------------------------------------------------------" +if ($#argv == 0) then + echo $line + echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com" + echo "" + echo " 1) Updates $smbpasswd" + echo " 2) Updates $user_map" + echo " 3) Executes smbpasswd for each new user" + echo "" + echo "smbadduser unixid:ntid unixid:ntid ..." + echo "" + echo "Example: smbadduser zak:zakharoffm johns:smithj" + echo $line + exit 1 +endif + +touch $smbpasswd $user_map +set new = () +foreach one ($argv) + echo $one | grep ':' >& /dev/null + if ($status != 0) then + echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm" + continue + endif + set unix = `echo $one | awk -F: '{print $1}'` + set ntid = `echo $one | awk -F: '{print $2}'` + + set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#usr != 1) then + echo "ERROR: $unix Not in passwd database SKIPPING..." + continue + endif + set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#tmp != 0) then + echo "ERROR: $unix is already in $smbpasswd SKIPPING..." + continue + endif + + echo "Adding: $unix to $smbpasswd" + eval $passwd | \ + awk -F: '$1==USR { \ + printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd + if ($unix != $ntid) then + echo "Adding: {$unix = $ntid} to $user_map" + echo "$unix = $ntid" >> $user_map + endif + set new = ($new $unix) +end + +# +# Enter password for new users +# +foreach one ($new) + echo $line + echo "ENTER password for $one" + smbpasswd $one +end diff --git a/packaging/Caldera/UnixWare/smbprint b/packaging/Caldera/UnixWare/smbprint new file mode 100755 index 00000000000..ec083eede62 --- /dev/null +++ b/packaging/Caldera/UnixWare/smbprint @@ -0,0 +1,77 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +# +# Debugging log file, change to /dev/null if you like. +# +# logfile=/tmp/smb-print.log +logfile=/dev/null + + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +eval `cat $config_file` + +# +# Some debugging help, change the >> to > if you want to same space. +# +echo "server $server, service $service" >> $logfile + +( +# NOTE You may wish to add the line `echo translate' if you want automatic +# CR/LF translation when printing. +# echo translate + echo "print -" + cat +) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile diff --git a/packaging/Caldera/UnixWare/smbusers b/packaging/Caldera/UnixWare/smbusers new file mode 100644 index 00000000000..ae3389f53f8 --- /dev/null +++ b/packaging/Caldera/UnixWare/smbusers @@ -0,0 +1,3 @@ +# Unix_name = SMB_name1 SMB_name2 ... +root = administrator admin +nobody = guest pcguest smbguest diff --git a/packaging/Debian/README b/packaging/Debian/README new file mode 100644 index 00000000000..042499b46fa --- /dev/null +++ b/packaging/Debian/README @@ -0,0 +1,42 @@ +Building Samba Packages for Debian GNU/Linux +-------------------------------------------- + +If you want to build Samba packages for Debian and you just want to use +upstream sources, i.e. you don't want to wait for us to put official +packages out, or you want packages for a Debian version for which we +don't provide deb's, or you don't want to use official packages, or +you want to add --this-cool-switch to configure, or whatever, follow +these instructions: + +0) Make sure you have the following packages installed: + debhelper + libpam0g-dev + libreadline4-dev + libcupsys2-dev + + the minimum Debian development stuff (dpkg-dev, libc6-dev, etc.) + Note: libcupsys2-dev is not available for Potato. It's safe + to not install it if you don't need CUPS support. +1) cd samba[-] +2) cp -a packaging/Debian/debian/ debian + It's important that you copy instead of symlink because the build + tools in Potato have a problem that prevents the build to work with + a symlink. +3) dch -i + - Edit the changelog and make sure the version is right. For example, + for Samba 2.2.3, the version number should be 2.2.3-0.1 (use + a number less than 1 like 0.1, 0.2, etc. so there is no conflict + with future upgrades to the official Debian packages.) +4) Run 'debian/rules binary'. + - It is better that you prefix the above command with 'fakeroot'. + If you have problems you might try building as root. +5) That's it. Your new packages should be in ../. Install with dpkg. + +Please e-mail samba@packages.debian.org with comments, question or +usggestions. Please talk to us and not to the Samba Team. They have +better things to do and know nothing about the Debian packaging system. + +Eloy A. Paris +Steve Langasek + +Sat Feb 2 00:44:42 CET 2002 + diff --git a/packaging/Debian/debian/README.build b/packaging/Debian/debian/README.build new file mode 100644 index 00000000000..0a11a1f6ea6 --- /dev/null +++ b/packaging/Debian/debian/README.build @@ -0,0 +1,397 @@ +From: Steve Langasek +To: "Eloy A. Paris" +Date: Thu, 23 Aug 2001 21:20:05 -0500 (CDT) +Subject: Re: autobuilder failure on arm for samba-2.2.1a-3 +In-Reply-To: <20010823100906.A1092@antenas> +Message-ID: +MIME-Version: 1.0 +Content-Type: TEXT/PLAIN; charset=US-ASCII + +On Thu, 23 Aug 2001, Eloy A. Paris wrote: + +> On Wed, Aug 22, 2001 at 03:01:01PM -0500, Steve Langasek wrote: + +> > Hmm. Maybe the thing to do is to focus on getting config.cache (not log, +> > cache) support into the package. Issues like this are frequent enough with +> > Samba, and the configure tests add enough time to the build process, that I +> > think there'd be much benefit in being able to step past a lot of these. + +> Uhhmmm... I don't know, I guess I don't like much the idea of +> maintaining a config.cache. It looks like extra work plus a +> compilation process that is "synthetic" or atificial. What happens if +> the Samba Team adds a new test, or modifies the configure script, will +> the config.cache pick those up? + +> In any case, you are the expert, so if you think that's the way to go, +> and the burden far exceeds the problems we have right now I say let's +> go for it. I am not well versed on autoconf and the configure process, +> that's all... + +Well, I'll attach my work to the bottom of this message and let you judge it +for yourself. + +The config.cache I'm trying to generate here is not equivalent to what +a configure script outputs. The only values I'm including are those which 1) +are no-brainers on any glibc-based platform, 2) are questions we need to force +a particular value for regardless of the kernel being built against, or 3) are +questions about specific bizarre features of proprietary Unices that we'll +always get an answer of 'no' to. + +I've removed all of the config.cache variables related to headers, or to +checks for particular libraries; I think it's pretty safe to assert that glibc +provides basic C functions like select(), setenv(), and waitpid() on all our +build targets, but I think it's less safe to assert that they'll always be +provided by particular header files. + +So the config.cache won't automatically be updated with answers to new +configure tests, but it also doesn't need to in order to be useful. There's +really only a handful of variables in there that we /need/ in order to +guarantee correctly-built packages, and if you want to leave out everything +else, that's perfectly ok too. Everything from the fifth stanza on down is +just a build-time speed-up for some of the slower architectures. Well, it +also has the fringe benefit that the packages will FAIL to build if someone +tries rebuilding for a really bizarre (non-Linux, non-glibc) architecture. I +see that as a plus :), you may disagree, but in any case my next trick would +be to add a global variable developers can set to bypass the provided +config.cache. + + +It is a little artificial, but the whole point of .debs is to be able to build +binaries in a controlled environment. Right now, we don't really have control +over what happens in the autobuilders. We have even /less/ control over what +happens in a stable release: it's been two weeks now since I built binaries +for bug #94380, and they haven't been uploaded to security.d.o yet. I'm +guessing they won't be uploaded until Wichert is back from vacation, either -- +which is fine, but it would be nice if we didn't have to worry about +mis-builds by the security team, or about putting the security team to extra +trouble after the fact to get packages fixed. + +With a pre-loaded config.cache, we can ensure that bugs of this kind don't +happen in woody. We can take the arm autobuilder problem into our own hands, +and not have to worry about quirkiness in the build environment. We can even +close bug #109773, since we no longer have to worry about detecting the +setuid() routines. + + +So to me, it definitely seems worth it. But you're the maintainer, and I +won't ask you to put anything in the package that you're not comfortable with. + + +> By the way, I think I remember someone was able to build 2.2.x succesfully on +> the ARM. If this is the case, could it be that there's something weird +> with Phillip's setup? + +It could be. There are arm packages for 2.2.1a-1, so at /some/ point the +autobuilder was able to pass the locking test. + + +> P.S. How did you know about the ARM build problems? I don't see any +> bugs about this... + +, follow the links for samba... The +exact reference for the arm autobuilder is at +. + +Regards, +Steve Langasek +postmodern programmer + + +diff -uNrw samba-2.2.1a-bak/debian/changelog samba-2.2.1a/debian/changelog +--- samba-2.2.1a-bak/debian/changelog Thu Aug 23 10:27:54 2001 ++++ samba-2.2.1a/debian/changelog Thu Aug 23 10:28:08 2001 +@@ -1,3 +1,12 @@ ++samba (2.2.1a-4.1) unstable; urgency=low ++ ++ * Fix up the build system to avoid needing to run configure as root to ++ answer questions we already know the answers to. ++ * In the process, make surprising progress towards being able to ++ cross-compile the samba packages. ++ ++ -- Steve Langasek Wed, 22 Aug 2001 23:35:00 -0500 ++ + samba (2.2.1a-4) unstable; urgency=low + + * Fixed typo in smbmount's mount page. +diff -uNrw samba-2.2.1a-bak/debian/config.cache samba-2.2.1a/debian/config.cache +--- samba-2.2.1a-bak/debian/config.cache Wed Dec 31 18:00:00 1969 ++++ samba-2.2.1a/debian/config.cache Thu Aug 23 10:28:08 2001 +@@ -0,0 +1,231 @@ ++# ++# 22 August 2001 Steve Langasek ++# ++# This file is a shell script that caches the results of configure ++# tests run on this system so they can be shared between configure ++# scripts and configure runs. It is not useful on other systems. ++# If it contains results you don't want to keep, you may remove or edit it. ++# ++# By default, configure uses ./config.cache as the cache file, ++# creating it if it does not exist already. You can give configure ++# the --cache-file=FILE option to use a different cache file; that is ++# what configure does when it calls configure scripts in ++# subdirectories, so they share the cache. ++# Giving --cache-file=/dev/null disables caching, for debugging configure. ++# config.status only pays attention to the cache file if you give it the ++# --recheck option to rerun configure. ++# ++# ++# This config.cache file contains a list of acceptable autoconf ++# values which can be used in compiling Samba for Debian woody/sid. ++# ++# Autoconf sorts options alphabetically in its output. This file ++# groups options logically. ++ ++ ++# Load any architecture-specific settings ++if [ -n "$DEB_HOST_GNU_TYPE" \ ++ -a -f ../debian/config.cache.${DEB_HOST_GNU_TYPE} ]; then ++ . ../debian/config.cache.${DEB_HOST_GNU_TYPE} ++fi ++ ++ ++# This is at the top because it's most in need of regular tweaking. ++# These are options which are supported on 2.4 kernels, but not on 2.2 ++# kernels. ++ ++samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=${samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no} ++samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=${samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no} ++samba_cv_HAVE_KERNEL_SHARE_MODES=${samba_cv_HAVE_KERNEL_SHARE_MODES=no} ++ ++ ++# These are present in 2.2 kernels, but not in 2.0... ++ ++samba_cv_have_setresuid=${samba_cv_have_setresuid=yes} ++samba_cv_have_setresgid=${samba_cv_have_setresgid=yes} ++samba_cv_USE_SETRESUID=${samba_cv_USE_SETRESUID=yes} ++ ++ ++# POSIX ACL support not present in Linux 2.2; not allowed in the ++# Debian packages, even if present on the build machine. ++ ++ac_cv_header_sys_acl_h=${ac_cv_header_sys_acl_h=no} ++ ++ ++# Various basic libc/compiler stuff that it's blindingly obvious that ++# Linux supports (now watch me get bitten for saying that) ++ ++ac_cv_c_const=${ac_cv_c_const=yes} ++ac_cv_c_inline=${ac_cv_c_inline=inline} ++samba_cv_volatile=${samba_cv_volatile=yes} ++ac_cv_dirent_d_off=${ac_cv_dirent_d_off=yes} ++ac_cv_func_bzero=${ac_cv_func_bzero=yes} ++ac_cv_func_chmod=${ac_cv_func_chmod=yes} ++ac_cv_func_chown=${ac_cv_func_chown=yes} ++ac_cv_func_chroot=${ac_cv_func_chroot=yes} ++ac_cv_func_connect=${ac_cv_func_connect=yes} ++ac_cv_func_dup2=${ac_cv_func_dup2=yes} ++ac_cv_func_execl=${ac_cv_func_execl=yes} ++ac_cv_func_fchmod=${ac_cv_func_fchmod=yes} ++ac_cv_func_fchown=${ac_cv_func_fchown=yes} ++ac_cv_func_fstat=${ac_cv_func_fstat=yes} ++ac_cv_func_fsync=${ac_cv_func_fsync=yes} ++ac_cv_func_ftruncate=${ac_cv_func_ftruncate=yes} ++ac_cv_func_getcwd=${ac_cv_func_getcwd=yes} ++ac_cv_func_getgrent=${ac_cv_func_getgrent=yes} ++ac_cv_func_getgrnam=${ac_cv_func_getgrnam=yes} ++ac_cv_func_getspnam=${ac_cv_func_getspnam=yes} ++ac_cv_func_glob=${ac_cv_func_glob=yes} ++ac_cv_func_grantpt=${ac_cv_func_grantpt=yes} ++ac_cv_func_initgroups=${ac_cv_func_initgroups=yes} ++ac_cv_func_llseek=${ac_cv_func_llseek=yes} ++ac_cv_func_memcmp_clean=${ac_cv_func_memcmp_clean=yes} ++ac_cv_func_memmove=${ac_cv_func_memmove=yes} ++ac_cv_func_memset=${ac_cv_func_memset=yes} ++ac_cv_func_mktime=${ac_cv_func_mktime=yes} ++ac_cv_func_pipe=${ac_cv_func_pipe=yes} ++ac_cv_func_poll=${ac_cv_func_poll=yes} ++ac_cv_func_pread=${ac_cv_func_pread=yes} ++ac_cv_func_pwrite=${ac_cv_func_pwrite=yes} ++ac_cv_func_rand=${ac_cv_func_rand=yes} ++ac_cv_func_random=${ac_cv_func_random=yes} ++ac_cv_func_readlink=${ac_cv_func_readlink=yes} ++ac_cv_func_rename=${ac_cv_func_rename=yes} ++ac_cv_func_select=${ac_cv_func_select=yes} ++ac_cv_func_setenv=${ac_cv_func_setenv=yes} ++ac_cv_func_setgroups=${ac_cv_func_setgroups=yes} ++ac_cv_func_setsid=${ac_cv_func_setsid=yes} ++ac_cv_func_sigaction=${ac_cv_func_sigaction=yes} ++ac_cv_func_sigblock=${ac_cv_func_sigblock=yes} ++ac_cv_func_sigprocmask=${ac_cv_func_sigprocmask=yes} ++ac_cv_func_snprintf=${ac_cv_func_snprintf=yes} ++ac_cv_func_srand=${ac_cv_func_srand=yes} ++ac_cv_func_srandom=${ac_cv_func_srandom=yes} ++ac_cv_func_strcasecmp=${ac_cv_func_strcasecmp=yes} ++ac_cv_func_strchr=${ac_cv_func_strchr=yes} ++ac_cv_func_strdup=${ac_cv_func_strdup=yes} ++ac_cv_func_strerror=${ac_cv_func_strerror=yes} ++ac_cv_func_strftime=${ac_cv_func_strftime=yes} ++ac_cv_func_strpbrk=${ac_cv_func_strpbrk=yes} ++ac_cv_func_strtoul=${ac_cv_func_strtoul=yes} ++ac_cv_func_symlink=${ac_cv_func_symlink=yes} ++ac_cv_func_usleep=${ac_cv_func_usleep=yes} ++ac_cv_func_utime=${ac_cv_func_utime=yes} ++ac_cv_func_utimes=${ac_cv_func_utimes=yes} ++ac_cv_func_vsnprintf=${ac_cv_func_vsnprintf=yes} ++ac_cv_func_waitpid=${ac_cv_func_waitpid=yes} ++ac_cv_type_ino_t=${ac_cv_type_ino_t=yes} ++ac_cv_type_mode_t=${ac_cv_type_mode_t=yes} ++ac_cv_type_pid_t=${ac_cv_type_pid_t=yes} ++ac_cv_type_size_t=${ac_cv_type_size_t=yes} ++ac_cv_type_uid_t=${ac_cv_type_uid_t=yes} ++samba_cv_socklen_t=${samba_cv_socklen_t=yes} ++ ++# Yes, we know Linux supports fcntl locking. Just ignore ++# any errors caused by building on an NFS mount. ++samba_cv_HAVE_FCNTL_LOCK=${samba_cv_HAVE_FCNTL_LOCK=yes} ++ ++ ++# smbwrapper doesn't work because the glibc maintainers don't want ++# to support transparent userland VFS. We might as well preempt ++# any checks for shadowed symbols that are only useful for smbwrapper. ++ ++ac_cv_func___acl=${ac_cv_func___acl=no} ++ac_cv_func__acl=${ac_cv_func__acl=no} ++ac_cv_func___chdir=${ac_cv_func___chdir=no} ++ac_cv_func__chdir=${ac_cv_func__chdir=no} ++ac_cv_func___close=${ac_cv_func___close=no} ++ac_cv_func__close=${ac_cv_func__close=no} ++ac_cv_func___closedir=${ac_cv_func___closedir=no} ++ac_cv_func__closedir=${ac_cv_func__closedir=no} ++ac_cv_func___dup=${ac_cv_func___dup=no} ++ac_cv_func__dup=${ac_cv_func__dup=no} ++ac_cv_func___dup2=${ac_cv_func___dup2=no} ++ac_cv_func__dup2=${ac_cv_func__dup2=no} ++ac_cv_func___facl=${ac_cv_func___facl=no} ++ac_cv_func__facl=${ac_cv_func__facl=no} ++ac_cv_func___fchdir=${ac_cv_func___fchdir=no} ++ac_cv_func__fchdir=${ac_cv_func__fchdir=no} ++ac_cv_func___fcntl=${ac_cv_func___fcntl=no} ++ac_cv_func__fcntl=${ac_cv_func__fcntl=no} ++ac_cv_func___fork=${ac_cv_func___fork=no} ++ac_cv_func__fork=${ac_cv_func__fork=no} ++ac_cv_func___fstat=${ac_cv_func___fstat=no} ++ac_cv_func__fstat=${ac_cv_func__fstat=no} ++ac_cv_func___fstat64=${ac_cv_func___fstat64=no} ++ac_cv_func__fstat64=${ac_cv_func__fstat64=no} ++ac_cv_func___fxstat=${ac_cv_func___fxstat=no} ++ac_cv_func___getcwd=${ac_cv_func___getcwd=no} ++ac_cv_func__getcwd=${ac_cv_func__getcwd=no} ++ac_cv_func___getdents=${ac_cv_func___getdents=no} ++ac_cv_func__getdents=${ac_cv_func__getdents=no} ++ac_cv_func___llseek=${ac_cv_func___llseek=no} ++ac_cv_func___sys_llseek=${ac_cv_func___sys_llseek=no} ++ac_cv_func__llseek=${ac_cv_func__llseek=no} ++ac_cv_func___lseek=${ac_cv_func___lseek=no} ++ac_cv_func__lseek=${ac_cv_func__lseek=no} ++ac_cv_func___lstat=${ac_cv_func___lstat=no} ++ac_cv_func__lstat=${ac_cv_func__lstat=no} ++ac_cv_func___lstat64=${ac_cv_func___lstat64=no} ++ac_cv_func__lstat64=${ac_cv_func__lstat64=no} ++ac_cv_func___lxstat=${ac_cv_func___lxstat=no} ++ac_cv_func___open=${ac_cv_func___open=no} ++ac_cv_func__open=${ac_cv_func__open=no} ++ac_cv_func___open64=${ac_cv_func___open64=no} ++ac_cv_func__open64=${ac_cv_func__open64=no} ++ac_cv_func___opendir=${ac_cv_func___opendir=no} ++ac_cv_func__opendir=${ac_cv_func__opendir=no} ++ac_cv_func___pread=${ac_cv_func___pread=no} ++ac_cv_func__pread=${ac_cv_func__pread=no} ++ac_cv_func___pread64=${ac_cv_func___pread64=no} ++ac_cv_func__pread64=${ac_cv_func__pread64=no} ++ac_cv_func___pwrite=${ac_cv_func___pwrite=no} ++ac_cv_func__pwrite=${ac_cv_func__pwrite=no} ++ac_cv_func___pwrite64=${ac_cv_func___pwrite64=no} ++ac_cv_func__pwrite64=${ac_cv_func__pwrite64=no} ++ac_cv_func___read=${ac_cv_func___read=no} ++ac_cv_func__read=${ac_cv_func__read=no} ++ac_cv_func___readdir=${ac_cv_func___readdir=no} ++ac_cv_func__readdir=${ac_cv_func__readdir=no} ++ac_cv_func___readdir64=${ac_cv_func___readdir64=no} ++ac_cv_func__readdir64=${ac_cv_func__readdir64=no} ++ac_cv_func___seekdir=${ac_cv_func___seekdir=no} ++ac_cv_func__seekdir=${ac_cv_func__seekdir=no} ++ac_cv_func___stat=${ac_cv_func___stat=no} ++ac_cv_func__stat=${ac_cv_func__stat=no} ++ac_cv_func___stat64=${ac_cv_func___stat64=no} ++ac_cv_func__stat64=${ac_cv_func__stat64=no} ++ac_cv_func___telldir=${ac_cv_func___telldir=no} ++ac_cv_func__telldir=${ac_cv_func__telldir=no} ++ac_cv_func___write=${ac_cv_func___write=no} ++ac_cv_func__write=${ac_cv_func__write=no} ++ac_cv_func___xstat=${ac_cv_func___xstat=no} ++ ++ ++ ++# Miscellaneous stuff that isn't, and shouldn't be, available ++# in Debian. Those interested in building debs for other systems may ++# need to remove some of these defines. ++ ++ac_cv_func_bigcrypt=${ac_cv_func_bigcrypt=no} ++ac_cv_func_crypt16=${ac_cv_func_crypt16=no} ++ac_cv_func_getauthuid=${ac_cv_func_getauthuid=no} ++ac_cv_func_getprpwnam=${ac_cv_func_getprpwnam=no} ++ac_cv_func_getpwanam=${ac_cv_func_getpwanam=no} ++ac_cv_func_putprpwnam=${ac_cv_func_putprpwnam=no} ++ac_cv_func_rdchk=${ac_cv_func_rdchk=no} ++ac_cv_func_set_auth_parameters=${ac_cv_func_set_auth_parameters=no} ++ac_cv_func_setgidx=${ac_cv_func_setgidx=no} ++ac_cv_func_setluid=${ac_cv_func_setluid=no} ++ac_cv_func_setpriv=${ac_cv_func_setpriv=no} ++ac_cv_func_setuidx=${ac_cv_func_setuidx=no} ++ac_cv_lib_sec_bigcrypt=${ac_cv_lib_sec_bigcrypt=no} ++ac_cv_lib_sec_getprpwnam=${ac_cv_lib_sec_getprpwnam=no} ++ac_cv_lib_sec_getspnam=${ac_cv_lib_sec_getspnam=no} ++ac_cv_lib_sec_putprpwnam=${ac_cv_lib_sec_putprpwnam=no} ++ac_cv_lib_sec_set_auth_parameters=${ac_cv_lib_sec_set_auth_parameters=no} ++ac_cv_lib_security_bigcrypt=${ac_cv_lib_security_bigcrypt=no} ++ac_cv_lib_security_getprpwnam=${ac_cv_lib_security_getprpwnam=no} ++ac_cv_lib_security_getspnam=${ac_cv_lib_security_getspnam=no} ++ac_cv_lib_security_putprpwnam=${ac_cv_lib_security_putprpwnam=no} ++ac_cv_lib_security_set_auth_parameters=${ac_cv_lib_security_set_auth_parameters=no} +diff -uNrw samba-2.2.1a-bak/debian/config.cache.alpha-linux samba-2.2.1a/debian/config.cache.alpha-linux +--- samba-2.2.1a-bak/debian/config.cache.alpha-linux Wed Dec 31 18:00:00 1969 ++++ samba-2.2.1a/debian/config.cache.alpha-linux Thu Aug 23 10:28:08 2001 +@@ -0,0 +1,12 @@ ++# 22 Aug 2001 Steve Langasek ++ ++# This file contains autoconf settings specific to the alpha-linux ++# platform that should be preloaded when building for this architecture. ++ ++ ++# Linux 2.2 on Alpha doesn't have a functional setresgid() call, but ++# Linux 2.4 does. Ensure that packages compiled for woody remain ++# compatible with 2.2 kernels, even if the build machine is running 2.4. ++samba_cv_have_setresgid=${samba_cv_have_setresgid=no} ++samba_cv_USE_SETRESUID=${samba_cv_USE_SETRESUID=no} ++samba_cv_USE_SETREUID=${samba_cv_USE_SETREUID=yes} +diff -uNrw samba-2.2.1a-bak/debian/rules samba-2.2.1a/debian/rules +--- samba-2.2.1a-bak/debian/rules Thu Aug 23 10:27:54 2001 ++++ samba-2.2.1a/debian/rules Thu Aug 23 10:28:08 2001 +@@ -15,6 +15,14 @@ + # This has to be exported to make some magic below work. + export DH_OPTIONS + ++# Set the host and build architectures for use with config.cache loading, ++# cross-building, etc. ++DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) ++DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) ++ ++export DEB_HOST_GNU_TYPE ++export DEB_BUILD_GNU_TYPE ++ + BVARS = SMBLOGFILE=/var/log/smb NMBLOGFILE=/var/log/nmb + + DESTDIR=`pwd`/debian/samba +@@ -48,8 +56,11 @@ + # ./configure --with-fhs --prefix=/usr --sysconfdir=/etc \ + # --localstatedir=/var + ++ if [ -f debian/config.cache ]; then \ ++ cp -f debian/config.cache source/config.cache; \ ++ fi + # [ -f source/Makefile ] || (cd source && ./configure --with-fhs --prefix=/usr --exec-prefix=/usr --with-netatalk --with-smbmount --with-pam --with-syslog --with-sambabook --with-utmp) +- [ -f source/Makefile ] || (cd source && ./configure --with-fhs --prefix=/usr --sysconfdir=/etc --with-privatedir=/etc/samba --with-lockdir=/var/state/samba --localstatedir=/var --with-netatalk --with-smbmount --with-pam --with-syslog --with-sambabook --with-utmp --with-readline --with-pam_smbpass) ++ [ -f source/Makefile ] || (cd source && ./configure --host=$(DEB_HOST_GNU_TYPE)-gnu --build=$(DEB_BUILD_GNU_TYPE)-gnu --with-fhs --prefix=/usr --sysconfdir=/etc --with-privatedir=/etc/samba --with-lockdir=/var/state/samba --localstatedir=/var --with-netatalk --with-smbmount --with-pam --with-syslog --with-sambabook --with-utmp --with-readline --with-pam_smbpass) + + touch configure-stamp + diff --git a/packaging/Debian/debian/README.debian b/packaging/Debian/debian/README.debian new file mode 100644 index 00000000000..82be3f4df4a --- /dev/null +++ b/packaging/Debian/debian/README.debian @@ -0,0 +1,71 @@ +Samba for Debian +---------------- + +This package was built by Eloy Paris and Steve +Langasek , current maintainers of the Samba packages +for Debian, based on work from Bruce Perens , Andrew +Howell , Klee Dienes and Michael +Meskes , all previous maintainers of the packages +samba and sambades (now merged together - see below). + +As of Samba 2.0.6-1, the Debian version of Samba is compiled with +Pluggable Authentication Modules (PAM) support. PAM support was +discontinued during the libc5 -> libc6 migration process and I never +brought it back until 2.0.6-1. + +The smbfs package does not support the 2.0.x Linux kernels anymore. +This has been the case since the very first packages of the CVS sources +that eventually became Samba 2.2. To use the smbfs package you need to +run a 2.2.x kernel or later. + +Starting with the Debian packages for Samba 2.2, the Samba log files (for +nmbd and smbd) have been moved to a new location: /var/log/samba/. The +files also have new names: log.nmbd and log.smbd. The old files +(/var/log/{nmb,smb} were moved to the new location. + +As of Samba 2.2.2-11, the Samba sources produce the following binary +packages: + +samba: A LanManager like file and printer server for Unix. +samba-common: Samba common files used by both the server and the client. +smbclient: A LanManager like simple client for Unix. +swat: Samba Web Administration Tool +samba-doc: Samba documentation. +smbfs: Mount and umount commands for the smbfs (works with 2.2.x and + above kernels, not with 2.0.x kernels.) +libpam-smbpass: pluggable authentication module for SMB password + database. +libsmbclient: Shared library that allows applications to talk to SMB servers. +libsmbclient-dev: libsmbclient shared libraries. + + +Please note that the package smbwrapper (a shared library that provides +SMB client services that existed between Samba 2.0.0-1 and Samba-2.0.5a-4 +does not exist any more. The reason is that starting with Samba 2.0.6-1, that +code does not even compile, and the upstream author (Andrew Tridgell) +recommended to disable the compilation of smbwrapper until some issues +with glibc2.1 get cleared out (the problem is with glibc, not with Samba +itself). + +Support for NT Domains +---------------------- + +Samba 2.2 includes preliminary support for NT domains. A Samba server +can now be part of a Windows NT domain whose Primary Domain Controller +is a Windows NT server. This feature is supposed to be stable although I +haven't tried it myself. Read the documentation in the samba-doc package +for help on how to do this (hint: "security = domain" in the smb.conf +file). + +Samba 2.2 has also experimental support for Primary Domain +Controller. This means that a Samba server can act now as a PDC. There +are no special flags needed to compile Samba with NT domain PDC +support. Please read the NTDOM PDC FAQ at www.samba.org (Documentation +section). + +Please note that NT domain PDC support is far from complete and is still +experimental. + +Eloy A. Paris +Steve Langasek +January 14, 2002 diff --git a/packaging/Debian/debian/TODO b/packaging/Debian/debian/TODO new file mode 100644 index 00000000000..95bcd64e2bc --- /dev/null +++ b/packaging/Debian/debian/TODO @@ -0,0 +1,10 @@ +In no particular order: + +- New packages for winbind stuff. +- Fix stuff in packaging/Debian/ (add infrastructure for stable + builds) +- Compile with LDAP support. +- Finish debconf support. +- Test debconf support. +- Review /etc/init.d/samba (Brian White reports problems, should add + --oknodo to start-stop-daemon) diff --git a/packaging/Debian/debian/changelog b/packaging/Debian/debian/changelog new file mode 100644 index 00000000000..93bb6d4f042 --- /dev/null +++ b/packaging/Debian/debian/changelog @@ -0,0 +1,1559 @@ +samba (2.2.2.cvs20020201-1) unstable; urgency=low + + * Getting ready for Samba 2.2.3. + * Using a poor's man build system to keep our patches to upstream + under the debian/ directory. + + -- Eloy A. Paris Fri, 1 Feb 2002 16:10:58 -0500 + +samba (2.2.2-12) unstable; urgency=high + + * (Steve) Patch for source/client/client.c. + Closes: #86438 smbclient: Transfering several GB causes the average + speed to be messed up. + * Uploading with urgency=high to expedite the move from unstable + to testing because of the security problem fixed in -11. + + -- Eloy A. Paris Fri, 25 Jan 2002 22:31:12 -0500 + +samba (2.2.2-11) unstable; urgency=low + + * Building with --with-libsmbclient. We have created two new + packages: libsmbclient and libsmbclient-dev. Hopefully this + will help some people that want to add the capability of + speaking SMB to their applications. + Closes: #117132 - libsmbclient support library? + * (Steve) Make swat do the right thing when reading (parsing) + the saved preferences in smb.conf. + Closes: #55617 swat mutilates the linpopup message command. + * Updated README.Debian. Updated descriptions in debian/control. + * Remembered to bump up version number in source/include/version.h + (need to automate this or else I'll keep forgetting.) + * (Steve) one liner for source/web/diagnose.c. + Closes: #106976 - smbd/nmbd not running message with swat/linuxconf. + * Added '|| true' to the post-rotate script so logrotate doesn't + fail if either nmbd or smbd is not running. + Closes: #127897 - /etc/logrotate.d/samba fails if there is no smbd process. + * Fixed incorrect file locations in swat's man page and added a + Debian-specific note to /usr/share/doc/swat/README. + Closes: #71586 swat: needs documentation fixes for debian. + * smbmount in the smbfs package does not have the setuid bit set. + Apparently, smbmount uses libsmb without checking the environment. + Thanks to Christian Jaeger for + finding the local root exploit. + * Applied old patch from Jerry) Carter" to correct + the following two problems in Samba 2.2.2: + - %U and %G could not be used in services names + in smb.conf. + - %G would fail to be expanded in an "include = ..." + line. + + -- Eloy A. Paris Sat, 19 Jan 2002 21:35:26 -0500 + +samba (2.2.2-10) unstable; urgency=low + + * (Steve) Add missing manual pages. + Closes: Bug#128928: missing manpages in smbfs. + + -- Eloy A. Paris Sun, 13 Jan 2002 14:39:55 -0500 + +samba (2.2.2-9) unstable; urgency=low + + * (Steve) Fix broken URL's in HTML docs. + Closes: Bug#17741: bad links in html docs (at last!!!) + + -- Eloy A. Paris Fri, 11 Jan 2002 13:37:07 -0500 + +samba (2.2.2-8) unstable; urgency=low + + * Added "Replaces: samba (<= 2.2.2-5)" to the smbclient section in + debian/control so rpcclient.1, which was in samba-2.2.2-5, does not + cause problems now that it is part of smbclient (>= 2.2.2-6). Closes: + Closes: Bug#128684: error upgrading smbclient in sid. + + -- Eloy A. Paris Fri, 11 Jan 2002 11:42:40 -0500 + +samba (2.2.2-7) unstable; urgency=low + + * (Steve) Patch to make behavior honor what the docs. say about "hosts allow" + taking precedence over "hosts deny". + Closes: Bug#49249: swat: error with host deny ?! + + -- Eloy A. Paris Thu, 10 Jan 2002 12:36:58 -0500 + +samba (2.2.2-6) unstable; urgency=low + + * (Steve) Adds manpage for rpcclient to the proper file, + removes smbtorture from the distro because this tool isn't intended for + widespread consumption. + Closes: #63057 - no manual page for smbtorture. + * (Steve) Removed -gnu from the configure arguments (--build, --host) in + debian/rules so config.sub is able to properly create the host and target + tuples. + + -- Eloy A. Paris Wed, 9 Jan 2002 14:39:51 -0500 + +samba (2.2.2-5) unstable; urgency=low + + * Fixes from vorlon: + * Use /usr/bin/pager instead of more. + Closes: #125603: smbclient violates pager policy. + * Make /etc/logrotate.d/samba a conffile, send smbd and nmbd + a SIGHUP to have the log files reopened, fixes to + /etc/logrotate.d/samba. + Closes: #127897: log file rotation. + Closes: #118277: /etc/logrotate.d/samba not listed in conffiles. + * s/covert/convert/. + Closes: #121653 probable typo in install message. + + -- Eloy A. Paris Sun, 6 Jan 2002 03:14:58 -0500 + +samba (2.2.2-4) unstable; urgency=low + + * Applied patch from Steve to work around problem in glibc that affects the + HPPA architecure. The patch detects the error condition at configure time + and compiles without LFS support if necessary. + Closes: Bug#126763: samba completely broken on hppa. + * Including unicode_map.1251. + Closes: Bug#126719: samba-common: unicode_map.1251 missing. + * Updated smbd daemon version to match Debian package version. + Closes: Bug#127199: Package version and smbd daemon version don't match. + + -- Eloy A. Paris Mon, 31 Dec 2001 14:32:47 -0500 + +samba (2.2.2-3) unstable; urgency=low + + * Added some spaces in package description in debian/control. + Closes: #120730 - missing spaces in package description for nice + alignment. + * Spelling fixes. + Closes: #125328, #125329, #125330, #125367, #125365, #125403. + * Steve Langasek is the co-maintainer of the Debian + Samba packages!!! Added him to the uploaders field in debian/control. + + -- Eloy A. Paris Tue, 18 Dec 2001 00:54:25 -0500 + +samba (2.2.2-2) unstable; urgency=low + + * Backed out changes to source/filename.c per Andrew Tridgell's request. + This changes were introduced in 2.2.1a-7 as an attempt to fix #47493. + Tridge found out that they break smbd. + * Changed version number in source/includes/version.h so it is clear that + this is a version of Samba packaged for Debian. This is another request from + Tridge and will help the Samba Team to get bogus bug reports. + * Added Samba-HOWTO-Collection.pdf and other README files to the + /usr/share/doc// directories. + * Installing libnss_winbind.so and pam_winbind.so. + Closes: #116790: nss and pam modules for winbind missing. + * Removed user-emacs-settings from changelog. + + -- Eloy A. Paris Mon, 29 Oct 2001 19:16:26 -0500 + +samba (2.2.2-1) unstable; urgency=low + + * New upstream version. + * Temporary fix for #113763 (Steve Langasek) + * Quick hack to avoid smbmount reveal password length. Please note + that even with this hack there is a small window when password is + completely visible with 'ps aux'. There are other methods that should + be used to automate mounting of SMB shares. + Closes: #112195: smbmount-2.2.x reveals password length. + * Applied patch from Steve Langasek to prevent + forcing use of setresuid() in Sparc. + Closes: #112779: samba build forces use of setresuid, which causes + smbd to fail on Sparc. + + -- Eloy A. Paris Mon, 15 Oct 2001 10:26:10 -0400 + +samba (2.2.1a-9) unstable; urgency=low + + * Replaced $(LD) with $(CC) all the way through source/Makefile. + Closes: #111036: ld shouldn't be used to link shlibs. + * s/\/bin\/mail/\/usr\/bin\/mail/ in smb.conf's man page (HTML and + sgml as well.) + Closes: #110963: smb.conf: mail should be /usr/bin/mail. + * Documented better smbclient's -W behavior. Patch from Steve + Langasek. + Closes: #53672: smbclient: -W flag is interpreted as domain, not + workgroup. + + -- Eloy A. Paris Tue, 4 Sep 2001 23:10:41 -0400 + +samba (2.2.1a-8) unstable; urgency=low + + * Set some reasonable default perms for the samba logdir (again, + thanks to vorlon :-) + Closes: #72529: insecure permissions on log files. + + -- Eloy A. Paris Sun, 26 Aug 2001 15:40:47 -0400 + +samba (2.2.1a-7) unstable; urgency=low + + * Another attempt at fixing #47493. Patch from Steve Langasek + . Let's keep our fingers crossed Steve! + + -- Eloy A. Paris Sun, 26 Aug 2001 13:37:06 -0400 + +samba (2.2.1a-6) unstable; urgency=low + + * Backed out fix to #47493 introduced in 2.2.1a-4 as it is causing + smbd to die with signal 11 under some unidentified situations. + Closes: #109774: Latest debian version breaks printer driver download. + Closes: #109946: not all files appear in samba-exported directories. + * Another patch from Steve Langasek. This one adds quotes around + printer names for print systems it's reasonable for Debian to + support. Together with the patch in #29957 (see changelog for + 2.2.1a-4), this should take care of the problems with multi-word + printer names in Samba. + + -- Eloy A. Paris Fri, 24 Aug 2001 21:12:27 -0400 + +samba (2.2.1a-5) unstable; urgency=low + + * Important changes that affect how Samba is built on Debian + machines are implemented in this release. All of this changes + were suggested by the energetic Steve Langasek , + and his arguments were so sound and reasonable that I decided + to implement them. Here's Steve's original changelog: + + * Fix up the build system to avoid needing to run configure + as root to answer questions we already know the answers to. + * In the process, make surprising progress towards being able to + cross-compile the samba packages. + + -- Eloy A. Paris Fri, 24 Aug 2001 01:08:06 -0400 + +samba (2.2.1a-4) unstable; urgency=low + + * Fixed typo in smbmount's mount page. + Closes: #109317: smbfs: mistype in smbmount manpage. + * Included symlink to smbspool to better support CUPS printing. + Closes: #109509: include symlink for cups samba support. + * Applied patch from Steve Langasek to + fix bug #29957. + Closes: #29957: samba strips trailing " from strings in smb.conf. + * First attempt at fixing #47493. Another patch from Steve "I want + a bug-free Samba" Langasek. + Closes: #47493: Samba doesn't handle ':' in dir names right. + + -- Eloy A. Paris Tue, 21 Aug 2001 23:26:38 -0400 + +samba (2.2.1a-3) unstable; urgency=low + + * Steve Langasek has been hard at work in + the last few days looking at the long list of open bugs filed + against the Samba packages. I don't know how to thank him. It's been + a pleasure working with Steve, and all the fixes, patches, etc. in + this release come from him. The bug list is greatly reduced thanks + to Steve's efforts. + * Steve's additions/modifications/patches/etc. are: + - New package that (libpam-smbpass) provides pam_smbpass. Before, this + was provided in another package but now the sources are part of + the Samba sources so we can start providing it from here. + Closes: #107043 - pam_smbpass now present in Samba source, + should be built from there + - Patch to source/smbd/service.c that allows admins to call + /bin/umount from the root postexec of a Samba share. + Closes: #40561 - samba pre/postexec commands do not work. + - Clear TMPDIR before starting smbd in /etc/init.d/samba. + Closes: #51295 - Problems with Samba and TMPDIR. + - Correction to documentation of "guest only". + Closes #38282 - "guest only" share still requires a password. + * Applied patch from Santiago Vila to convert + /usr/sbin/mksmbpasswd from a shell script into a real awk script. + Sorry it took so long, Santiago; I hadn't realized you even + provided a patch :-) + Closes: #77891 - mksmbpasswd could be a real awk script. + * Updated description of the smbfs and smbclient packages. Also have + each package recommend the other. + Closes: #108650: Should suggest or recommend smbfs. + + -- Eloy A. Paris Mon, 13 Aug 2001 22:21:55 -0400 + +samba (2.2.1a-2) unstable; urgency=low + + * Build-depends: depend on debhelper (>=2.0.103). + Closes: #105795: Build-Depends are wrong. + * Run samba's preinst and postinst scripts without -e so failed commands + do not abort installation. + Closes: #106384: postinstall crashes abnormally. (And really closes + #104471.) + + -- Eloy A. Paris Thu, 26 Jul 2001 00:30:37 -0400 + +samba (2.2.1a-1) unstable; urgency=low + + * New upstream version. + * Make sure samba's postinst script exits with a zero status. + Closes: #104471: Samba postinst problem. + + -- Eloy A. Paris Thu, 12 Jul 2001 21:55:21 -0400 + +samba (2.2.1-1) unstable; urgency=low + + * New upstream version. + Closes: #103339: config.guess and config.sub update required. + Closes: #98518: Samba 2.2 can't act as PDC for NT4/W2K due to + incompatibility with PAM. + Closes: #97447: nmbd crashes due to bugs in DAVE 2.5.2. + Closes: #95777: Samba 2.2 is unable to join or authenticate against + Samba 2.2 PDC domain. + Closes: #68842: samba should use PAM for password changing (I + haven't personally tried this one, but it's been + advertised this works.) + Closes: #102506: PAM account checking fails. + Closes: #102518: Complains about unknown paramter "obey pam + restrictions" + Closes: #94774: Build failure on PARISC machines. + * Moved away from /etc/cron.weekly/samba for log file rotation. + Now using logrotate. + Closes: #95548: typo in /etc/cron.weekly/samba. + Closes: #74951: nmbd does not rename its log file. + * Removed Debian-specific addtosmbpass.8 man page since this script + is not longer provided upstream. Users should use the smbpasswd + program instead. + * Updated sample /etc/samba/smb.conf to reflect the recent changes + affecting handling of PAM authentication. Also updated + /etc/pam.d/samba. + + -- Eloy A. Paris Wed, 11 Jul 2001 00:44:14 -0400 + +samba (2.2.0.final.a-1) unstable; urgency=high + + * New upstream version (contains security fix from DSA-065-1.) + Closes: #97241: samba 2.2.0 fails to process hostnames in + "hosts allow" config line. + * Removed Debian-specific addtosmbpass.8 man page since this script + is not longer provided upstream. Users should use the smbpasswd + program instead. + Closes: #98365: addtosmbpass is missing from 2.2.0.final-2. + * Updated sample /etc/samba/smb.conf to reflect the recent changes + affecting handling of PAM authentication. Also updated + /etc/pam.d/samba. + + -- Eloy A. Paris Sun, 24 Jun 2001 11:11:59 -0400 + +samba (2.2.0.final-2) unstable; urgency=low + + * Added libcupsys2-dev to Build-Depends. + * Samba depends now (again) on netbase so update-inetd is always + available for the Samba maintainer scripts. + Closes: #86063: Fails to uninstall if inetd is not installed. + * Updated source/config.{sub,guess} so ARM built doesn't fail. + Closes: #94480: config.sub out of date; can't build on arm. + Closes: #85801: config.sub/guess out of date. + * Not using brace expansion, i.e. {foo,bar} in any of the maintainers + scripts nor in debian/rules. + Closes: #88007: samba postrm has is not POSIX sh compliant. + + -- Eloy A. Paris Sat, 21 Apr 2001 17:27:18 -0400 + +samba (2.2.0.final-1) unstable; urgency=low + + * New upstream release. Lots of new things. See WHATSNEW.txt. + * Goofy version number because of my stupidity when assigning version + numbers to the CVS packages I have been uploading to experimental. + Will be fixed when 2.2.1 is released. I've no doubts a 2.2.1 release + will follow soon. + + -- Eloy A. Paris Tue, 17 Apr 2001 22:58:14 -0400 + +samba (2.2.0.cvs20010416-1) experimental; urgency=low + + * CVS update. + + -- Eloy A. Paris Mon, 16 Apr 2001 21:25:15 -0400 + +samba (2.2.0.cvs20010410-1) experimental; urgency=low + + * CVS update. + * Added libreadline4-dev to Build-Depends. + + -- Eloy A. Paris Tue, 10 Apr 2001 16:53:45 -0400 + +samba (2.2.0.cvs20010407-1) experimental; urgency=low + + * CVS update. Includes what is in 2.2.0alpha3. + + -- Eloy A. Paris Sat, 7 Apr 2001 16:00:33 -0400 + +samba (2.2.0.cvs20010316-1) experimental; urgency=low + + * Started working on Samba 2.2.0. Using the SAMBA_2_2_0 branch + from Samba CVS. + * Not compiling rpctorture as it has compile errors. Change in + debian/rules. + * Removed Linux kernel 2.0.x and smbfs compatibility baggage. Now + the smbfs does not support 2.0.x kernels; a kernel > 2.2.x is + needed to use smbfs. Updated debian/control, debian/rules and + README.Debian to reflect this change. + * Added to swat a versioned dependency on samba (so a user is forced to + install a new version of swat each time a new version of samba is + installed.) + + -- Eloy A. Paris Sun, 18 Mar 2001 14:21:14 -0500 + +samba (2.0.7-5) unstable; urgency=medium + + * Transition from suidmanager to dpkg-statoverride. + + -- Eloy A. Paris Thu, 18 Jan 2001 23:51:56 -0500 + +samba (2.0.7-4) unstable; urgency=medium + + * Applied Urban Widmark fixes to smbmount. Urban + is the maintainer of the smbfs in the kernel and of the userland + utilities. + * Links to HTML documents are correct now. + Closes: #69439: swat: Broken help file symlinks + Closes: #72615: samba-doc directory changed: removed htmldocs from path + Closes: #75847: swat: Wrong symlink + Closes: #66857: Wrong links to html documents. + Closes: #77912: misplaced documentation symlinks for swat + * Building Samba with CUPS support. For this I reverted the change to + source/configure.in that I did in 2.0.7-3 and re-ran autoconf. + Closes: #59038: samba: not compiled with cups support. + * Fix against previous known/unknown user time difference patch to swat + (make username / password lookups take the same time.) Remove CGI + logging code in Swat. + Closes: #76341 - Security holes in swat + * Updated Build-depends. + * Updated debian/copyright to refer to the correct location of the GPL. + * debian/rules: changed DESTDIR to `pwd`/debian/samba (was + `pwd`/debian/tmp.) + * debian/rules: added '--sourcedir=debian/samba' to dh_movefiles (for some + strange reason dh_installdirs is not creating debian/tmp/ so I needed + to tweak everything to install stuff in debian/samba rather than in + debian/tmp.) + * debian/control: changed section of samba-docs to 'doc' (was 'docs') + * Using relative symlinks in /usr/share/samba/swat/ (changed debian/rules + and source/scripts/installswat.sh.) + * Fixed (by tweaking debian/rules) + /usr/bin/{smbmnt,smbumount-2.*,smbmount-2.*} to be suid. + * Added "Provides: samba-client" to smbclient's section in control. + Closes: #71143: smbclient: Smbclient should provide samba-client. + * Fix for desired_access being zero in map_share_mode() (patch to + source/smbd/nttrans.c.) Thanks to Gary Wilson + for bringing this patch to my + attention. + * Hacked source/lib/util_sec.c so smbd works fine in both 2.0.x and + 2.2.x kernels even when the build is done in a system running + a 2.2.x kernel. + Closes: #78858: samba-common: samba2.0.7 needs kernel 2.2.x but + doesnt depend on it. + Closes: #72758: README.Debian should comment on 2.0.x kernels. + Closes: #56935: Samba 2.0.6 and Kernel 2.0.x. + Closes: #58126: Samba 2.0.6 and Kernel 2.0.x -- more info. + Closes: #60580: samba: failed to set gid. + Closes: #64280: Samba panics, can't set gid. + Closes: #66816: Must deal with brokenness under 2.0.x. + Closes: #67682: potatoe samba 2.0.7-3 out of order, 2.0.5a-1 OK. + Closes: #69735: PANIC: failed to set gid + Closes: #66122: "smbclient -L localhost -U%" returns with "tree + connect failed: code 0". + Closes: #57637: Samba says tree connect error. + Closes: #58015: potato samba wins support is broken. + * Fixed comments in sample smb.conf to point to the correct location. + Closes: #69578: comments in smb.conf points to wrong path. + * Move codepages from /etc/samba/codepages/ to + /usr/share/samba/codepages/. + Closes: #63813: samba; codepages should go in /usr/lib. + * Moved /var/samba/ to /var/state/samba/. + Closes: #49011: samba package not FHS compliant. + * Hacked source/configure.in (and re-ran autoconf) so yp_get_default_domain() + is found. + Closes: #44558: netgroup support missing in samba 2.0.5a-1. + * /etc/init.d/samba was calling start-stop-daemon with both --pidfile and + --exec. Got rid of --exec so --pidfile works. + + -- Eloy A. Paris Thu, 11 Jan 2001 00:15:57 -0500 + +samba (2.0.7-3) frozen unstable; urgency=high + + * Release manager: this closes a RC bug. + * Commented out the section in source/configure.in that auto-detects + CUPS support and then ran autoconf to generate a new configure + script. This was done to prevent machines that have libcupsys-dev + installed from detecting CUPS support and adding an unwanted + dependency on libcupsys. This way the whole printing system + won't break on upgrades. CUPS support should be added after + Potato is released. + Closes: #65185: samba-common: Upgrading removes printing system. + Closes: #64496: smbfs: smbfs on powerpc has a dependency on cupsys. + * Updated README.debian. + Closes: #64594: Old README.Debian in /usr/share/doc/samba. + + -- Eloy A. Paris Tue, 20 Jun 2000 19:16:04 -0400 + +samba (2.0.7-2) frozen unstable; urgency=high + + * Release manager: this closes RC bug #63839 that prevents Samba + to be built from source. + * Fixed a stupid typo in debian/rules that was preventing Samba + to be built from source. + Closes: #63839: samba_2.0.7-1(frozen): build error (SAMBABOOK dir) + * I forgot to mention that O'Reilly's book "Using Samba" was donated + to the Open Source community. The book was included in Samba 2.0.7 + in HTML format and is part of the Debian Samba package since + Samba 2.0.7-1. + * In Samba 2.0.7-1, the "Using Samba" book and a number of HTML help + files were supposed to be provided in both the swat and the samba-doc + packages. This duplication was a waste of space. Starting with + Samba 2.0.7-2, swat recommends samba-doc and the book and the HTML + files are included only in samba-doc, and are accessed via symlinks + from within swat. + Closes: #58810: superfluous files in swat? + * Added a 'echo "."' to /etc/init.d/samba in the reload) section. + Closes: #63394: "echo ." missing in reload section of init.d script + * Fixed typo in docs/htmldocs/using_samba/ch06_05.html. + Closes: #64344: typo "encrypted passwords" + * Cleaned up samba's postrm script so important common files aren't + deleted when samba is purged. Created a samba-common.postrm script. + Closes: #62675: purging samba removes /etc/samba/smb.conf. + Closes: #63386: samba --purge removes /etc/samba dir even though + smbclient/smbfs/samba-common packages are still installed + + -- Eloy A. Paris Wed, 3 May 2000 02:42:07 -0400 + +samba (2.0.7-1) frozen unstable; urgency=low + + * New upstream version. Dear Release Manager: please allow this + package to go to frozen as it contains fixes to a _lot_ of problems. + You can take a look at all the problems fixed by this release in + the official upstream announcement at + http://us1.samba.org/samba/whatsnew/samba-2.0.7.html. + * Added --with-utmp to add utmp support to smbd (this is new in Samba + 2.0.7) + * Closes: #62148 - samba not rotating filled logs. + * Closes: #56711: Samba doesn't manage well long share name (please note + that it's possible to connect to shares with names longer than + 14 characters but the share will be listed with a name truncated to + 13 characters.) + * Closes: #51752 - NT DOMAIN - NET USE * /HOME not mapping (error 67). + Closes: #50907 - logon path not working. + This is not a bug, it's just Samba doing the same thing an NT server + does. See WHATSNEW.txt and smb.conf's man page for details. + * Closes: #48497 - error executing smbsh in debian-potato. (smbwrapper + is not supported anymore.) + * Closes: #58994 swat: typo in swat description. + * Closes: #45931 - Samba dies with SIGILL on startup. (Hardware + problems, person that reported the bug never came back.) + Closes: #54398 - smbadduser fails, looks for ypcat. + * Fixed swat's man page to include Debian specific installation + instructions. There's not necessary to edit /etc/services or + /etc/inetd.conf. + (Closes: #58616 - incomplete install config && incorrect installation + instructions.) + * s/SBINDIR/\"/usr/sbin\"/g in source/web/startstop.c to prevent swat + to look for smbd and nmbd in the wrong place when requested to start or + stop smbd or nmbd. + (Closes: #55028 - swat can't start samba servers.) + * Closes: #37274: smbclient does not honour pot. (Tested and seems to be + working now.) + * Not confirmed, but should fix #56699, #62185, #56247, #52218, #43492, + #50479, #39818, #54383, #59411. + (please re-open any of this if the problem still exists - I was unable + to confirm any of this because I could never reproduce them.) + Closes: #56699 - Samba's nmbd causes random kernel oops several + times in a row. + Closes: #62185 - nmbd's forking until no more file descriptors are + available. + Closes: #56247 - session setup failed: ERRSRV - ERRbadpw. + Closes: #52218 - Either wins proxy does not work, or I don't understand + it. + Closes: #43492 - intermittent problem changing password. + Closes: #50479 - Can't access windows 2000 shares with samba. + Closes: #39818 - samba-common: Upgrading Samba from the Slink version. + Closes: #54383 - samba-common: Missing /etc/smb.conf. + Closes: #59411 - smbclient: cannot browse Win2k shares. + + -- Eloy A. Paris Thu, 27 Apr 2000 16:07:45 -0400 + +samba (2.0.6-5) frozen unstable; urgency=low + + * Oppsss! samba-common doesn't depend on libcupsys1 so the binaries + in this package are broken unless libcupsys1 is installed. + samba-common has a "grave" bug because of this. Instead of adding + libcupsys1 to the Depends: list of each package in debian/control + I investigated why dh_shlibs was not picking the dependency + automatically. It turns out that it's probably a bug in libcupsys1 + because the format of its shlibs file is not correct. I fixed that + file (/var/lib/dpkg/info/libcupsys1.shlibs) and now dependencies are + picked correctly. I'll talk to the libcupsys1 maintainer. + + I think the addition of CUPS support to Samba is a big change that + should not go into Frozen. So, I decided to back up the addition + of CUPS support I did in 2.0.6-4 to minimize problems. I'll add + CUPS support again when I start working on Samba for Woody. + (Closes: #59337 - samba-common has a missing dependency) + + -- Eloy A. Paris Wed, 1 Mar 2000 08:40:02 -0500 + +samba (2.0.6-4) frozen unstable; urgency=low + + * It seems that sometimes nmbd or smbd are not killed when upgrading. + I think it is because in samba's prerm script I was calling + start-stop-daemon with the --pidfile switch and in old versions of + Samba the nmbd and smbd daemons did not store their PIDs in a file in + /var/samba/. I changed debian/samba.prerm so the existence of the + PID files is checked before calling "start-stop-daemon --pidfile ..." + If the PID files do not exist then start-stop-daemon is called + without the --pidfile parameter. + (Closes: #58058 - upgrade from slink went badly) + * Fixed typo in description of swat package in debian/control. + * Installed libcupsys1-dev so the configure script picks up CUPS + and Samba is compiled with CUPS support. Also added libcupsys1 to + the Depends: list of package samba in debian/control. + (Closes: #59038 - samba not compiled with cups support) + * Added a small paragraph to debian/README.debian warning about possible + problems with the WINS code in Samba 2.0.6. + + -- Eloy A. Paris Mon, 28 Feb 2000 14:00:42 -0500 + +samba (2.0.6-3) frozen unstable; urgency=low + + * Applied patch posted by Jeremy Allison to the samba mailing list + that should take care of the internal errors reported in bug #52698 + (release-critical). Wichert: please test as I never could reproduce + it here. + (Closes: #52698 - samba gets interbal errors) + * Moved samba-docs to the 'docs' section. + (Closes: #51077 - samba-doc: wrong section) + * Added reload capability to /etc/init.d/samba (only for smbd because + nmbd does not support reloading after receiving a signal). + (Closes: #50954 - patch to add reload support to /etc/init.d/samba) + * Corrected "passwd chat" parameter in sample /etc/samba/smb.conf so + Unix password syncronization works with the passwd program currently + in Potato. Thanks to Augustin Luton for + the correct chat script. + * Stole source/lib/util_sec.c from the CVS tree of what will become + Samba 2.0.7 or whatever so we can use the same binaries under + both 2.0.x and 2.2.x kernels. + (Closes: #51331 - PANIC: failed to set gid) + * smbadduser is now provided as an example and it's customized for Debian. + I am not providing this script in /usr/sbin/ because then I would need + a dependency on csh, something that I don't want to do. + (Closes: #51697, #54052) + * Fixed the short description of the smbfs package in debian/control. + (Closes: 53534 - one-line description out of date). + + -- Eloy A. Paris Tue, 23 Nov 1999 16:32:12 -0500 + +samba (2.0.6-2) unstable; urgency=low + + * samba-common now depends on libpam-modules (not on libpam-pwdb, which + I have been told is obsolete). I modified /etc/pam.d/samba accordingly + to reflect the change. + (Closes: Bug#50722: pam pwdb dependence?). + * The old /etc/pam.d/samba file which had references to pam_pwdb caused + smbd to die with a signal 11. The new /etc/pam.d/samba file fixes + this problem. + (Closes: #50876, #50838, #50698) + * Compiled with syslog support (use at your own risk: syslog support + is still experimental in Samba). I added the parameters "syslog = 0" + and "syslog only = no" to the sample smb.conf to avoid pestering + users that do not want Samba to log through syslog. + (Closes: Bug#50703 - syslog only option doesn't work) + * Removed the stupid code in the smbmount wrapper script that tries + to load the smbfs module if smbfs is not listed in /proc/filesystems. + (Closes: Bug#50759 - Non-root can't run smbmount if SMBFS is compiled + as a module in the kernel) + * Added /bin/mount.smb as a symlink pointing to /usr/bin/smbmount so + 'mount -t smb ...' works just as 'mount -t smbfs ...'. + (Closes: Bug#50763 - 'mount -t smb' doesn't work) + + -- Eloy A. Paris Sat, 20 Nov 1999 18:53:35 -0500 + +samba (2.0.6-1) unstable; urgency=low + + * Samba 2.0.6 has been released. This is the first try of the Debian + Samba packages. I know for sure that smbd won't work properly on + 2.0.x kernels because the patch that Wichert sent me does not apply + to the new source/lib/util_sec.c in Samba 2.0.6. That file was + completely re-written by Tridge. + * Updated README.Debian. + * A new client utility called smbspool appeared in Samba 2.0.6. I added + this utility to the smbclient package, although I haven't tried it yet. + * Added the symlink /sbin/mount.smbfs that points to /usr/bin/smbmount. + This is to be able to type "mouont -t smbfs ...". This symlink goes + in the smbfs package, of course. + * This new release should close the following bugs (some of these + are fixed for sure in this new upstream release, some others I could + not reproduce but I believe they are fixed if they were real bugs. + As always, please feel free to re-open the bugs if the problem is not + solved). + Closes: Bug#33240: icmp mask needs a bug workaround. + Closes: Bug#37692: samba: Has problems detecting interfaces. + Closes: Bug#38988: samba: Truly bizzare behavour from nmbd. + Closes: Bug#46432: samba-2.0.5a-2: nmbd does not appear to broadcast + properly. + Closes: Bug#44131: smbfs: no longer possible to set file and + directory-modes. + Closes: Bug#46992: smbmount-2.2.x manpage wrong. + Closes: Bug#42335: smbfs: missing options from the new 2.2.x commandline. + Closes: Bug#46605: smbmnt segfaults. + Closes: Bug#48186: smbmount. + Closes: Bug#38040: smbfs: Please add /sbin/mount.smb [included]. + Closes: Bug#47332: smbmount: could -f and -P be added back? + * Samba has been compiled with PAM support (closes: Bug#39512 - samba PAM + module). To succesfully add PAM support, I created /etc/pam.d/samba and + added this file as a conffile for the samba-common package. I also made + samba-common depend on libpam-pwdb. + * Added simple man pages for the wrapper scripts smbmount and smbmount. + (Closes: Bug#44705 - Missing smbmount man page) + * Installed libreadlineg2-dev in my system so smbclient now has a + "history" command and libreadline support :-) + * This time I did add a check to the smbmount wrapper script to see if + the kernel has support for smbfs, as suggested by Jeroen Schaap + . I mentioned in the changelog + for samba-2.0.5a-3 that I did this but I forgot at the end. + + -- Eloy A. Paris Thu, 11 Nov 1999 12:08:15 -0500 + +samba (2.0.5a-5) unstable; urgency=low + + * I am sorry to report that the smbwrapper package is gone for the + moment. The reason for this is twofold: first of all, smbwrapper + is completely broken in Samba-2.0.5a (it compiles but it doesn't + run) and in the upcoming Samba-2.0.6 it doesn't even compile. Second, + when I asked Andrew Tridgell (father of Samba) about the state of + smbwrapper he told me that Ulrich Drepper (head of the glibc project) + broke on purpose the glibc stuff in which smbwrapper is based. + Consequently, Tridge recommended me to compile Samba without + support for smbwrapper. When, I have no idea. Sorry folks. Here is + the original message I received from Andrew: + + > 1) 2.0.5a's smbwrapper doesn't work under glibc2.1, and pre-2.0.6's + > smbwrapper doesn't even compile under glibc2.1. + + yep, Ulrich deliberately broke it. It won't get fixed till glibc + allows the sorts of games it plays to work again. I suggest you turn + it off in your build scripts until that gets sorted out. + + * Swat's file are now in /usr/share/samba/ instead of + /usr/lib/samba/ (bug #49011). + * Man pages now in /usr/share/man/ instead of /usr/man/ (bug #49011). + + -- Eloy A. Paris Tue, 2 Nov 1999 12:59:13 -0500 + +samba (2.0.5a-4) unstable; urgency=low + + * Applied patch from our fearless leader (Wichert) to fix the darn bug + that prevents Samba to work on 2.0.x kernels if it was compiled + in a system running a 2.2.x kernel. This closes #40645 (build uses + setresuid which doesn't work under 2.0.34 (does apparently under + 2.2.x) ). + * Fixed the entry that swat's postinst script adds to /etc/inetd.conf + so it is '## swat\t\tstream\ttcp\tnowait.400 ...' instead of + '##swat\t\tstream\ttcp\tnowait.400 ...'. The old way caused + 'update-inetd --enable swat' to leave the entry for swat disabled. + Thanks to Dave Burchell for finding out + this problem. This closes #48762 (swat uses non-standard syntax to + comment out inetd.conf entry). + * /usr/sbin/swat does not think anymore that the smbd daemon lives + in /usr/local/samba/bin/. To fix this I am running now source/configure + with "--prefix=/usr --exec-prefix=/usr". This closes #47716 (samba + 'swat' fails: incorrect hardwired path in the binary). + + -- Eloy A. Paris Sun, 31 Oct 1999 03:42:38 -0500 + +samba (2.0.5a-3) unstable; urgency=low + + * I am pretty darn busy with my MBA, I apologize for the long time it's + taking to squash bugs in the Samba packages. + * Built with debhelper v2 for FHS compliancy. Changed a couple of + things in debian/rules to accomodate for the new place for the docs. + I also had to change debian/{samba.postinst,samba.prerm,swat.postinst} + to make sure that the symlink from /usr/doc/xxx exists and points to + /usr/share/doc/xxx (the reason for this is that I am not letting + debhelper to create these scripts for me automatically). + * Built with latest libc6. + * smbfs: finally, the nasty bug that causes smbmount to die after + a while is gone thanks to Ben Tilly . + The problem was just a typo in source/client/smbmount.c. + This closes grave bug #42764 (smbmount dies) and #43341 + (smbfs-2.2.x won't function after a while). + * Fixed the smbmount wrapper script to eliminate a bashism (closes + #45202 - "wrapper scripts use $* instead of "$@") and to recognize + 2.3.x and 2.4.x kernels (closes #47688 - "smbfs: does not recognize + kernel 2.3.x"). + * Added a check to the smbmount wrapper script to see if the + kernel has support for smbfs, as suggested by Jeroen Schaap + . + * swat's man page is now part of the swat package, not of the samba + package. This closes #44808 (Samba has a man page for swat, but + the binary is not included). + * The interface program smbrun is not longer needed by smbd because + of the availability of execl() under Linux. Because of this, the + smbrun is not even being compiled. Since there is no need for smbrun + now, the smbrun man page was taken out of the samba package. This + closes #45266 (/usr/bin/smbrun missing). + * smbpasswd is now part of the samba-common package, and not part of + the samba package. This is to let administrators that do not want + to install a full Samba server administer passwords in remote + machines. This closes bug #42624 (smbpasswd should be included in + smbclient). This bug report also suggests that swat becomes part of + the samba package, that smbfs becomes part of the smbclient package, + and that the binary smbpasswd becomes part of the smbclient package. + I moved smbpasswd to the samba-common package but I am reluctant to + do the other things the bug report suggests. + * In order to keep dpkg happy when moving smbpasswd from the samba + package to samba-common, I had to add a "Replaces: samba (<= 2.0.5a-2)" + in the control section of the samba-common package and a + "Replaces: samba-common (<= 2.0.5a-2)" in the control section of the + samba package (in debian.control). + * Samba is now being compiled with the "--with-netatalk" option. This + closes #47480 (Could samba be compiled with the --with-netatalk option). + * All packages that depend on samba-common have a versioned dependency + now. This was accomplished by adding "(= ${Source-Version})" to the + relevant sections of debian/control. Thanks t Antti-Juhani Kaijanaho + for the hint. This closes #42985 (samba should probably + have a versioned depends on samba-common). + * Made sure the file docs/textdocs/DIAGNOSIS.txt gets installed in all + the Samba packages. This closes bug #42049 (no DIAGNOSTICS.txt file). + * Added the smbadduser helper script to the samba package. This closes + #44480 (Samba doesn't come with the smbadduser program). + * Applied patch from szasz@triton.sch.bme.hu that prevents smbmount + to leave an entry in /etc/mtab for a share that could not be mounted + because of invalid user of password. The patch also allows smbumount + to unmount the share in the event that something goes wrong with the + smbmount process. This closes bug #48613 (Mount/umount problems + + patch) as well as #44130 (failed mount is still mounted). + * smbmount-2.2.x is now setuid root. This is needed for the patch + applied above to be effective. If smbmount-2.2.x is not setuid root + then an entry will be left in /etc/mtab even when the mount + fails. I had to add "usr/bin/smbmount-2.2.x" to debian/smbfs.suid + for this to work. + + -- Eloy A. Paris Wed, 27 Oct 1999 10:36:13 -0400 + +samba (2.0.5a-2) unstable; urgency=low + + * This version is basically the same as 2.0.5a-1 but it was compiled + on a Potato system with glibc2.1. See below the change log for 2.0.5a-1 + for more information. + + -- Eloy A. Paris Tue, 27 Jul 1999 02:25:29 -0400 + +samba (2.0.5a-1) stable; urgency=high + + * I'm back from the Honey Moon. We are pretty busy because we are moving + to Pittsburgh (from Caracas, Venezuela) in aprox. 24 hours and we still + have plenty of things to pack and to do. Samba 2.0.5 was released + while I was in the Honey Moon and it is just now (almost 3 AM) when + I have time to package it. + * Because of the security problems fixed in 2.0.5, this upload goes + to both stable and unstable (the Security Team asked for this). + * This release (2.0.5a-1) was compiled on a Slink system. 2.0.5a-2 will + be compiled on a Potato system. + * Added a "Replaces: samba (<= 1.9.18p10-7)" to the samba-common + section in debian/control (as suggested by Steve Haslam + ) to fix the problems that appear when upgrading + from the Samba package in Slink. Please test this as I am completely + unable to do so. This should fix bug #39818 (Upgrading Samba from the + Slink version). + * Removed the hacks to the autoconf stuff that I added to 2.0.4b-2 in + order to have defined several socket options when compiling with + Linux 2.2.x kernel headers - the fix is now upstream. + * Finally!!! smbmount was re-written (thanks Tridge :-) to use a command + line syntax similar to the one used by the old smbmount (for 2.0.x + kernels). This means that the wrapper script is no longer necessary + so I removed it. In its place there is a simple wrapper script that + calls smbmount-2.0.x or smbmount-2.2.x depending on the kernel that is + running. + * Because of the wedding, the Honey Moon, and our move to Pittsburgh, + I can't work on fixing other bugs in this release. + + -- Eloy A. Paris Tue, 27 Jul 1999 02:18:51 -0400 + +samba (2.0.4b-3) unstable; urgency=low + + * Stupid mistake: I forgot to add /usr/bin/smbumount to debian/smbfs.files + and because of this /usr/bin/smbumount was part of the samba package + instead of part of the smbfs package. + + -- Eloy A. Paris Thu, 1 Jul 1999 01:51:24 -0400 + +samba (2.0.4b-2) unstable; urgency=low + + * Dark (and archive maintainers): please remove from Potato the smbfsx + binary package and also the old source package for smbfs. smbfs and + smbfsx have been merged starting with this version. + * Merged the old smbfs package with Samba. Now there is only one package + for the smbfs utilities and is called "smbfs". The package smbfsx + does not exist any more and this new smbfs package must be used + for both 2.0.x and > 2.1.x kernels. + * A wrapper script was added to handle the syntax change in smbmount + in the new smbfs utilities (required for kernels > 2.1.70). The + home page for this script is http://www.wittsend.com/mhw/smbmount.html. + Please _note_ that this will change (for good) in Samba 2.0.5 :-) + * Added debian/smbumount.sh. It's another wrapper that calls smbumount-2.2.x + or smbumount-2.0.x depending on the kernel currently running. + * Not using -t for savelog in cron.weekly script. + * Recompiled without libreadlineg-dev (Samba does not seem to be using + it so unnecessary dependencies are produced). + * glibc2.1 build. + * Removed smbpasswd.8 man page from the debian/ directory because it is + now being provided upstream. + * Got rid of the ugly hack I put in source/lib/util_sock.c to have + IPTOS_LOWDELAY and IPTOS_THROUGHPUT defined. Now I patched the + autoconf stuff to #include . I've sent the patch to + Jeremy Allison so we have this upstream. + + -- Eloy A. Paris Mon, 28 Jun 1999 17:47:19 -0400 + +samba (2.0.4b-1) unstable; urgency=low + + * New upstream release. This release fixes the following Debian bugs: + #33838 (Amanda/ Samba 2.0.2 and backing up large filesystems) and + #33867 (Amanda 2.4.1 and Samba 2.0.2 and large filesystems). Jeremy + Allison released Samba 2.0.4 and found out that there were a couple + of minor bugs so he released 2.0.4a. Then he found out about more + serious bugs and released 2.0.4b. I have built this package several + times between yesterday and today because of this. Now I am releasing + the Debian packages for Samba with what I believe will be the latest + release the Samba Team will make at least in the next 4 days (Jeremy + is taking a short vacation). + * Still compiling against glibc2.0 (sorry about that :-) + * Hacked source/smbwrapper/smbsh.c to fix the problem + of smbsh not finding the shared library smbwrapper.so. It looks + now in /usr/lib/samba/ for this file. This fixes #32971, #32989, + #33278, #34911 and #36317. + * Made smbfsx depend on samba-common because smbfsx uses /etc/samba/smb.conf + and /etc/samba/codepages/. This fixes #33128 (smbmount complains about + missing /etc/smb.conf). + * Package swat does not depend on httpd anymore (there's no need to). + This fixes #35795 (swat requires httpd). + * Renamed smbmount-2.1.x and smbumount-2.1.x to smbmount-2.2.x and + smbumount-2.2.x. Same applies to the man pages. + * Changed minor type in smbmount's man page (changed "\"" by "\'"). This + fixes #34070 (wrong quotes in manpage). + * Used Fabrizio Polacco's procedure to create the + Debian package for Samba. This closes #35781 (samba has no pristine + source). + * Changes to /etc/cron.weely/samba: rotate /var/log/{nmb,smb}.old only + if the size of either is different than 0. Also, added comments at the + beginning of this script to explain how rotation of log files works in + Samba. Thanks to ujr@physik.phy.tu-dresden.de (Ulf Jaenicke-Roessler) + for the suggestions. This closes #37490 (cron.weekly script rotates not + used [sn]mb.old files). As I side effect, this should also close + #31462 (still trouble with /etc/cron.weekly/samba). + * Check for old /etc/pam.d/samba file which is not provided by this version + of the Debian Samba package but was provided in older versions. If this + file exists we delete it. We check for this in the postinst. This closes + #37356 (samba put stuff in pam.d that pam complains about) and #34312 + (libpam0g: questions during upgrade). + * Make sure the mode of /etc/samba/smbpasswd is set to 600. This is done + in the postinst script. This closes #35730 (Security problem with + /etc/samba/smbpasswd when upgrading from samba 1.9.18p8-2 to 2.0.3-1). + * I have just checked and it looks like #28748 (smbfsx doesn't "return ") + has been fixed. This might have been fixed since a long time ago. + * Long long standing bug #18488 (smbclient: internal tar is broken) is + closed in this release of Samba. The bug might have been closed for a + long long time, but I did not check for this before. + * Temporary fix to the annoying "Unknown socket option IPTOS_LOWDELAY" + message. This fixes #33698 (socket option IPTOS_LOWDELAY no longer works), + #34148 (warnings from smbd) and #35333 (samba warnings). + + -- Eloy A. Paris Thu, 20 May 1999 00:35:57 -0400 + +samba (2.0.3-1) unstable; urgency=low + + * New upstream version. + * Removed the convert_smbpasswd.pl program I created and put in + /usr/doc/samba/ because there's a convert_smbpasswd script in the + upstream sources that does the same thing. I modified the postinst + script to use this script instead of the one I created. + + -- Eloy A. Paris Sun, 28 Feb 1999 01:35:37 -0400 + +samba (2.0.2-2) unstable; urgency=low + + * Updated the README.Debian file. + * Updated the description of the samba package in the control file. + * The binaries smbmnt and smbumount-2.1.x in the smbfsx package are now + installed setuid root as they should be. This was done by doing a + a "chmod u+s" for each binary in debian/rules and by creating the + file debian/smbfsx.suid. + * Minor patch to source/client/smbumount.c to allow normal users + to umount what they have mounted (problem was a kernel vs. libc6 + size mismatch). I sent the patch upstream. + * Created debian/smbwrapper.dirs so the directory /usr/lib/samba/ is + created. + * Modified debian/rules to move smbwrapper.so from debian/tmp/usr/bin/ to + debian/smbwrapper/usr/lib/samba/. + * Hacked source/smbwrapper/smbsh.c to fix the problem + of smbsh not finding the shared library smbwrapper.so. + + -- Eloy A. Paris Thu, 11 Feb 1999 18:11:34 -0400 + +samba (2.0.2-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris Thu, 11 Feb 1999 01:35:51 -0400 + +samba (2.0.1-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris Sat, 6 Feb 1999 06:51:18 -0400 + +samba (2.0.0final-4) unstable; urgency=low + + * The samba postinst made an unwarranted assumption that the file + /etc/samba/smbpasswd exists. If the file did not exist (which is + perfectly valid) the postinst will fail. This fixes #32953. + + -- Eloy A. Paris Fri, 5 Feb 1999 23:32:46 -0400 + +samba (2.0.0final-3) unstable; urgency=low + + * Added to debian/control a "Depends: ${shlibs:Depends}" line for the + samba-common package so dependencies for this package are set + correctly (thanks to Dark for pointing this out). + + -- Eloy A. Paris Thu, 4 Feb 1999 09:45:21 -0400 + +samba (2.0.0final-2) unstable; urgency=low + + * Finally!!! The first upload to unstable. Sorry for the delay folks + but I have been quite busy lately :-) Another reason for the delay + is that I wanted to ease the migration from Samba 1.9.18p10 and + before to Samba 2.0.0. I changed the location of the config. files + from /etc/ to /etc/samba/ and this made things a little bit harder. + * This package needs 2.2 kernel headers to compile (well, this is + true for the smbfsx package, all others compile fine with 2.0 kernel + headers). + * Created a preinst script for the samba package to take care of the + location migration of smb.conf (from /etc/ to /etc/samba/). The + preinst script also takes care of moving /etc/smbpasswd to its new + location (/etc/samba/). + * Created postinst and postrm scripts to add/remove an entry for swat + in /etc/inetd.conf. + * I had forgotten to install the sambaconfig script so I changed + debian/rules to install this script. + * Added a postrm script for the samba package (I had forgotten to add + this script to the new Samba packages after the migration from 1.9.18 + to 2.0.0). + * Created a small Perl script that is called from the samba postinst + to convert the smbpasswd from the old format used in version prior + to 2.0.0 to the new one used in 2.0.0 and beyond. + * The upgrade process should be automatically now. Please let me know + of any problems you encounter. + + -- Eloy A. Paris Sat, 23 Jan 1999 09:34:10 -0400 + +samba (2.0.0final-1) experimental; urgency=low + + * Finally!!! Samba 2.0.0 is here! I am not uploading to unstable + because I still have to work out the migration from the old + samba packages to the new ones. I also need to work more on the + new swat package. + + -- Eloy A. Paris Thu, 14 Jan 1999 22:40:02 -0400 + +samba (2.0.0beta5-1) experimental; urgency=low + + * New upstream version. + + -- Eloy A. Paris Tue, 5 Jan 1999 00:37:57 -0400 + +samba (2.0.0beta4-1) experimental; urgency=low + + * New upstream version. + + -- Eloy A. Paris Wed, 23 Dec 1998 18:37:45 -0400 + +samba (2.0.0beta3-1) experimental; urgency=low + + * New upstream version. + * I have just realized that the documentation patches (for man pages) + that I used for the 1.9.18 release are not longer necessary because + there was a major re-write of all the Samba documentation that added + the missing bits of information. So, I have just removed these minor + patches. + + -- Eloy A. Paris Tue, 8 Dec 1998 12:00:30 -0400 + +samba (2.0.0beta2-1) experimental; urgency=low + + * New upstream version. + * This new version fixes the potential security problem that + was posted to debian-private (using the "message command" parameter + to execute arbitrary commands from messages sent from LinPopUp). + * Changed /etc/init.d/samba to use one of the variables stored in + /etc/samba/debian_config to know how Samba is being run (from inetd or + as daemons) instead of grepping /etc/inetd.conf which may not exist + if the user is running xinetd (this fixes bug #29687 - assumes using + vanilla inetd) + + -- Eloy A. Paris Mon, 23 Nov 1998 23:32:03 -0400 + +samba (2.0.0beta1-1) experimental; urgency=low + + * First beta release of the samba-2.0.0 code. Before the beta I was + working with sources downloaded directly from the CVS server. This + package goes into experimental and I plan to release the new + samba to unstable as soon as it gets out of beta. + * Created several packages out of the Samba sources. They are: + samba (nmbd and smbd daemons + related programs), smbclient (FTP + like command line utility to retrieve files from SMB servers), + swat (Samba Web Administration Tool), samba-common (common files + used by samba, smbclient and swat), smbfsx (smbfs utilities for + kernels >= 2.1.70), smbwrapper and samba-doc (Samba documentation). + * Refreshed debian/samba-doc.docs so recently added docs. are + installed in the samba-doc package. New additions include man + pages in the /usr/doc/samba-doc/htmldocs/ directory. + * Deleted Debian specific nmblookup(1) man page as it is now upstream. + * Added smbtorture to smbclient package. + * Moved rpcclient from the samba package to the smbclient package. + * The Samba daemons (nmbd and smbd) now create a PID file so I changed + all calls to start-stop-daemon to use the PID file. + * Fixed debian/rules to install mksmbpasswd (fixes #27655). + * Modified /etc/init.d/samba so nmbd is started without the -a (append + to the log file instead of overwrite) switch. The new behavior of + nmbd is to NOT overwrite log files, so the -a switch can be deleted + safely. + * Moved from debstd to debhelper. + + -- Eloy A. Paris Thu, 1 Oct 1998 08:37:41 -0400 + +samba (1.9.18p10-5) frozen unstable; urgency=high + + * Oppsss!!! While fixing bug #26884 I introduced a bug even worse than + the one I was trying to fix: in /etc/init.d/samba I got rid of the test + that tells us whether the Samba daemons are running from inetd or as + standalone daemons. I corrected the problem by editing again + /etc/init.d/samba to uncomment the test. + * Wishlist bug #28298 (typos in samba) was fixed. + * Wishlist bug #28309 (typos in smb.conf) was fixed. + + -- Eloy A. Paris Wed, 28 Oct 1998 09:11:47 -0400 + +samba (1.9.18p10-4) unstable; urgency=low + + * Minor patch to debian/rules to delete *substvars instead of only + substvars when doing a "debian/rules clean" (thanks to Daniel Jacobowitz + for this). + * Small patch to source/shmem_sysv.c that eases compilation under + glibc-2.1 (thanks to Daniel for this). + + -- Eloy A. Paris Thu, 17 Sep 1998 15:33:49 -0400 + +samba (1.9.18p10-3) unstable; urgency=low + + * Patched smbclient again to fix minor formatting problem introduced + by Magosanyi Arpad's smbclient patch. + + -- Eloy A. Paris Thu, 3 Sep 1998 11:03:23 -0400 + +samba (1.9.18p10-2) unstable; urgency=low + + * Sync'ed include files for the smbfs utilities with the ones in + kernel 2.1.119. + * Added to the /usr/doc/samba/examples/ directory a new script called + wins2dns (courtesy of Jason Gunthorpe ) that + generates BIND sonze files for hosts in the WINS database. + * Patched smbclient to include enhancements by Magosanyi Arpad + that make scripting easier. + + -- Eloy A. Paris Fri, 28 Aug 1998 13:34:54 -0400 + +samba (1.9.18p10-1) stable unstable; urgency=low + + * New upstream version (see /usr/doc/samba/WHATSNEW.txt for a + description of what has changed). I built a 1.9.18p9-1 but I + never released it because an obscure bug was found just a couple + of days before the official release, so the Samba Team stopped + the rollover of 1.9.18p9. + * Updated documentation (new files were added to the docs/ directory + that were not installed in /usr/doc/samba/). + * Fixed long standing bug #7695 (smb.conf's man page doesn't document + 'printing=lprng') - I made a couple of changes to the man page to + include references to lprng. + * Fixes bug #24930 (samba needs to suggest psmisc?). I don't think it + is necessary to make samba suggest psmisc just because the postinst + script mentions to call killall. So, I removed all references to + "killall" in the scripts. + * Fixes bug #25999 (Samba does not by default work with unix password + sync): I added the "passwd program" and "passwd chat" parameters to + the sample smb.conf to reflect the Debian environment. + + -- Eloy A. Paris Fri, 21 Aug 1998 08:59:18 -0400 + +samba (1.9.18p9-1) unstable; urgency=low + + * New upstream version (see /usr/doc/samba/WHATSNEW.txt for a + description of what has changed). + * Removed Jeremy Allison's patch applied to 1.9.18p8-2 because it is + now part of the new upstream version. + * Corrected small typo in addtosmbpass' man page (fixes #25629). + + -- Eloy A. Paris Tue, 11 Aug 1998 08:53:08 -0400 + +samba (1.9.18p8-2) frozen unstable; urgency=medium + + * Applied patch received from Jeremy Allison (Samba Team) that fixes + "grave" bug #23903 (samba maps username before authenicating with + NT password server). + * Added a "sleep 2" between "start-stop-daemon --stop" and + "start-stop-daemon --start" in /etc/init.d/samba so when this script + is called with the "restart" parameter the Samba daemons are restarted + properly. This fixes bug #24211 (init.d script doesn't restart). + * Sent start-stop-daemon output in /etc/init.d/samba to /dev/null to + avoid annoying warning messages. + * Added perfomance tune parameters to sample /etc/smb.conf (SO_SNDBUF=4096 + and SO_RCVBUF=4096 to "socket options" in /etc/smb.conf). I can't + find who sent this suggestion to me. If you are listening, drop me a + note and I'll put your name here :-) + + -- Eloy A. Paris Mon, 29 Jun 1998 08:45:01 -0400 + +samba (1.9.18p8-1) frozen unstable; urgency=low + + * New upstream release that fixes _lots_ of "ugly" bugs. The list of + fixed bugs is too long to include here (see /usr/doc/samba/WHATSNEW.txt). + * Fixed postinst to quote arguments to if [ arg .. ] constructs + (fixes #22881). + * Applied Jeremy Allison's patch (posted to the samba-ntdom mailing + list) that solves a problem with username maps (the Samba Team did + not catch this problem before final 1.9.18p8). + * Made /etc/init.d/samba to print out a warning when Samba is running + from inetd and the user runs /etc/init.d/samba to start|stop|restart + Samba (there's no point on doing this because inetd will start the + daemons again when there is traffic on UDP port 137-139). + + -- Eloy A. Paris Sat, 13 Jun 1998 00:18:25 -0400 + +samba (1.9.18p7-4) frozen unstable; urgency=medium + + * Fixes the serious problem of having the WINS name server + database getting deleted at boot time. That happened because the + WINS database was being stored under /var/lock/samba/ and all files + under /var/lock/ are deleted at boot time. The place where the WINS + database is stored was moved to /var/samba/. + + -- Eloy A. Paris Mon, 18 May 1998 20:24:29 -0400 + +samba (1.9.18p7-3) stable; urgency=high + + * Libc5 version for Bo (stable) that fixes the recently reported + security hole. + + -- Eloy A. Paris Mon, 18 May 1998 20:19:33 -0400 + +samba (1.9.18p7-2) frozen unstable; urgency=low + + * Added patches from the non-mantainer upload that make us able + to compile Samba on Alpha systems. This fixes bug #22379. + + -- Eloy A. Paris Wed, 13 May 1998 20:38:51 -0400 + +samba (1.9.18p7-1) frozen unstable; urgency=low + + * New upstream release (just bug fixes, no new functionality). + + -- Eloy A. Paris Wed, 13 May 1998 11:47:32 -0400 + +samba (1.9.18p6-2) frozen unstable; urgency=low + + * Uploaded to frozen (I forgot to upload last version to frozen + so it got installed only in unstable). + + -- Eloy A. Paris Tue, 12 May 1998 18:10:17 -0400 + +samba (1.9.18p6-1.1) unstable; urgency=low + + * non-maintainer upload for Alpha + * patch needed for source/quota.c (_syscall4() confusion) + + -- Paul Slootman Tue, 12 May 1998 20:39:13 +0200 + +samba (1.9.18p6-1) unstable; urgency=low + + * New upstream release that fixes a possible buffer overflow. + This security hole was reported on BugTraq by Drago. The + previous Debian version (1.9.18p5-1) was not released because + 1.9.18p5 and 1.9.18p6 were released very closely. + + -- Eloy A. Paris Mon, 11 May 1998 20:28:33 -0400 + +samba (1.9.18p5-1) unstable; urgency=low + + * New upstream release (no new funcionality, just bug fixes - see + /usr/doc/samba/WHATSNEW.txt.gz). + * Backed off Debian patches that were added upstream. + + -- Eloy A. Paris Mon, 11 May 1998 08:43:53 -0400 + +samba (1.9.18p4-2) frozen unstable; urgency=low + + * Patched smbclient(1) man page to not reference the unsopported + -A parameter (fixes #6863). + * Changes to start nmbd with the -a option (in /etc/init.d/samba + and in the entry added to /etc/inetd.conf). + * Fixed typo in sample smb.conf (fixes #21484). + * Fixed yet another typo in sample smb.conf (fixes #21447). + + -- Eloy A. Paris Fri, 17 Apr 1998 22:19:23 -0400 + +samba (1.9.18p4-1) frozen unstable; urgency=low + + * New upstream version that fixes several bugs. + * New scheme for keeping track of Debian specific configuration. + This new scheme fixes bug #18624 (Samba always asks the user about + configuration options). New scheme stores Debian specific + configuration information in /etc/samba/debian_config. + * Changes to /usr/sbin/sambaconfig, prerm and postinst to support the + new configuration scheme. + * Moved required kernel 2.1.x include files inside the source tree + so I don't have to do very nasty things like creating crazy + symlinks in /usr/include to make this package compile. This + allows non-root users to build the package and fixes bug + #20104. + * Fixed address of the FSF in /usr/doc/samba/copyright (problem + reported by lintian). + * The /etc/init.d/samba script now supports the force-reload + argument, as required by the policy (problem reported by lintian). + * Added a "rm /etc/cron.weekly/samba" at the end of the postinst. + * Now the samba package can be installed even if no nmbd or smbd processes + are running. This fixes the following bugs: #8917, #9334, #10268, + #10411, #11146 and #13387. + * Provides the original README in /usr/doc/samba. This fixes bug #9693. + * Added a --no-reload option to sambaconfig to not reload Samba + after configuration. + * Created man pages for sambaconfig(8), addtosmbpass(8), + mksmbpasswd(8) and nmblookup(1). + * Corrected small typo in sample /etc/smb.conf. + * Added two new parameters to /etc/smb.conf: "preserver case" and + "short preserve case". + * "rm -Rf /var/lock/samba" in postrm when package is being purged. + * Patched upstream source (nmbd.c) to not overwrite log files when + nmbd is called with the -a parameter (fixes #17704: nmbd ignores + -a option). + * /etc/init.d/samba now starts the nmbd daemon with the -a parameter + to not overwrite log files. + + -- Eloy A. Paris Mon, 23 Mar 1998 21:22:03 -0400 + +samba (1.9.18p3-1) unstable; urgency=low + + * New upstream version. + * Oppsss!!! I really screwed it up (actually, debstd did). + 1.9.18p2-2 still contained man pages (smbmount and smbumount) part + of other packages. This version does have this corrected. If not, + I no longer deserve to be a Debian developer! So, this version + fixes bug #18438 and some of the bugs I claimed to fix in + 1.9.18p2-2. Oh, by the way, I fixed the problem by running debstd + with -m in debian/rules (man pages are installed by "make install" + so it's a bad idea to re-install man pages with debstd). + + -- Eloy A. Paris Mon, 23 Feb 1998 17:32:42 -0400 + +samba (1.9.18p2-2) unstable; urgency=low + + * Fixes bugs #18017, #17999, #17961, #17932: old 1.9.18p2-1 provided + a man page for smbmount, which conflicts with package smbfs. This + was solved by creating a multi-binary package that produces + package samba and new package smbfsx. + * Fixes bug #18000 (typo in postinst). + * Fixes bug #17958 (postinst asks obsolete question). Actually, + the question is still asked, but only if Samba is run as daemons. + * Created a multi-binary package from the Samba sources: package + samba and new package smbfsx which provides SMB mount utilities + for kernels > 2.1.70. + + -- Eloy A. Paris Mon, 9 Feb 1998 19:47:05 -0400 + +samba (1.9.18p2-1) unstable; urgency=low + + * New upstream version. + * Removed /etc/cron.weekly/samba because Samba does not handle well + rotation of log files (if the log file is rotated Samba will + continue to log to the rotated file, instead of the just created + one). In any case, Samba will rotate log files after an specific + file size. + + -- Eloy A. Paris Tue, 27 Jan 1998 22:34:27 -0400 + +samba (1.9.18p1-2) unstable; urgency=low + + * Created a multi-binary package out of the Samba sources to provide + packages samba and smbfsx (userland utilities to work with + smbfs with kernels > 2.1.x. + + -- Eloy A. Paris Sat, 17 Jan 1998 09:23:48 -0400 + +samba (1.9.18p1-1) unstable; urgency=low + + * New upstream version. + * Created /etc/cron.daily/samba to save a copy of /etc/smbpasswd in + /var/backups/smbpasswd.bak. + + -- Eloy A. Paris Wed, 14 Jan 1998 13:40:56 -0400 + +samba (1.9.18alpha14-1) unstable; urgency=low + + * New upstream version. + * Added a note to the postinst script telling the user that he/she + needs to run smbpasswd manually after creating a new /etc/smbpasswd + from /etc/passwd. + + -- Eloy A. Paris Tue, 23 Dec 1997 23:44:37 -0400 + +samba (1.9.18alpha13-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris Tue, 16 Dec 1997 13:02:32 -0400 + +samba (1.9.18alpha12-1) unstable; urgency=low + + * New upstream version. + * Conflicts with the sambades package because the new Samba 1.9.18 + series do not depend on the DES libraries to support encrypted + passwords. + * Added parameter "encrypt passwords = yes" to /etc/smb.conf. + * Compiled with support for quotas in disk_free(). + * Home directories are now exported read only by default. + * Re-worked debian/rules. + * Re-worked sample smb.conf. + + -- Eloy A. Paris Thu, 4 Dec 1997 22:50:34 -0400 + +samba (1.9.17p4-1) unstable; urgency=low + + * New upstream version. + * Made /etc/smb.conf readable by everybody because some Samba utilities + will fail otherwise when run by non-root users. + * Dropped PAM support while the PAM libraries are ported to libc6. + + -- Eloy A. Paris Tue, 21 Oct 1997 18:08:49 -0400 + +samba (1.9.17p3-1) unstable; urgency=low + + * New upstream version. + * Made /etc/smb.conf readable only by root as suggested by smbd's man page. + + -- Eloy A. Paris Wed, 15 Oct 1997 09:21:25 -0400 + +samba (1.9.17p2-2) unstable; urgency=low + + * Running Samba as daemons instead of from inetd. + * Removing netbios entries in /etc/inetd.conf. + + -- Eloy A. Paris Thu, 9 Oct 1997 23:37:25 -0400 + +samba (1.9.17p2-1) unstable; urgency=low + + * New upstream version that fixes a serious security hole. + * Removed Debian patches added in 1.9.17-1 and 1.9.17p1-1 because + these patches are now part of the upstream release. + + -- Eloy A. Paris Sun, 28 Sep 1997 22:54:33 -0400 + +samba (1.9.17p1-1) unstable; urgency=low + + * New upstream version. + * Defined symbol _LINUX_C_LIB_VERSION_MAJOR as 6 in includes.h to shut up + compiler warnings. + * Included rpcsvc/ypclnt.h in includes.h to shut up compiler warnings. + * Included crypt.h to have function prototype for crypt(). + * Included netinet/tcp.h to have some socket options included. + * Included netinet/ip.h to have some socket options included. + * Linking with libcrypt (LIBM='... -lcrypt'). Without including this + library smbd generates a seg. fault when authenticating users (?). + + -- Eloy A. Paris Wed, 10 Sep 1997 22:09:18 -0400 + +samba (1.9.17-1) unstable; urgency=low + + * New upstream version (called the "Browse Fix Release") + * Added the option --oknodo to the start-stop-daemon invocation in prerm + script. This was because the prerm was failing because start-stop-daemon + was returning an error code if no nmbd or smbd daemons were found + to kill. + * The function yp_get_default_domain(), referenced in three source + files was part of libc5 but with libc6 (glibc2) it has been moved + to libnss_nis. Since the linker was unable to find the function + I had to add LIBSM='-lnss_nis' to debian/rules. + * Added -DNO_ASMSIGNALH and -DGLIBC2 to FLAGSM in debian/rules + because compiling was failing because of conflicts with glibc2. + * Patched source/includes.h to include termios.h if GLIBC2 is defined. + + -- Eloy A. Paris Wed, 27 Aug 1997 08:39:32 -0400 + +samba (1.9.17alpha5-1) unstable; urgency=low + + * New upstream version. + + -- Eloy A. Paris Thu, 14 Aug 1997 18:05:02 -0400 + +samba (1.9.16p11-3) unstable; urgency=low + + * Fixed accidental omission of /etc/pam.d/samba. + + -- Klee Dienes Sat, 15 Mar 1997 22:31:26 -0500 + +samba (1.9.16p11-2) unstable; urgency=low + + * Recompiled against newer PAM libraries. + * Added /etc/pam.d/samba. + + -- Klee Dienes Sat, 8 Mar 1997 01:16:28 -0500 + +samba (1.9.16p11-1) unstable; urgency=low + + * New upstream release. + * Added PAM support. + + -- Klee Dienes Tue, 25 Feb 1997 18:00:12 -0500 + +samba (1.9.16p9-2) unstable; urgency=low + + * minor packaging changes + + -- Klee Dienes Sun, 3 Nov 1996 11:45:37 -0700 + +samba (1.9.16p9-1) unstable; urgency=low + + * upgraded to new upstream version + + -- Klee Dienes Sat, 26 Oct 1996 21:38:20 -0700 + +1.9.16alpha10-1: + 960714 + * Removed Package_Revision from control file. + * Removed -m486 compiler option. + * Added Architecture, Section and Priority fields to control file. + * Upgraded to latest upstream version. + * Uses update-inetd now. + * Added shadow passwords support. + * Fixed Bug#1946: nmbd won't browse + +1.9.15p4-1: + 951128 + * Upgraded to latest upstream version. + * Fixed many bugs. + * Adds Master Browsing support. + * Converted to ELF. + * Fixed bug #1825 - nmbd is now killed when removing samba. + +1.9.14-1: + 950926 Andrew Howell + * Upgraded to latest version. + * Fixed Bug #1139 - samba won't print + +1.9.14alpha5-1: + * Fixes killing of inetd problem in debian.postint and debian.postrm + +1.9.14alpha5-0: + 950704 Andrew Howell + * Taken over samba package from Bruce Perens. + * Upgraded to newest version of samba. + +1.9.02-1: + 9-January-1994 Bruce Perens + * Added Debian GNU/Linux package maintenance system files, and + configured for Debian systems. diff --git a/packaging/Debian/debian/config.cache b/packaging/Debian/debian/config.cache new file mode 100644 index 00000000000..c0a70a5b19b --- /dev/null +++ b/packaging/Debian/debian/config.cache @@ -0,0 +1,231 @@ +# +# 22 August 2001 Steve Langasek +# +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +# +# This config.cache file contains a list of acceptable autoconf +# values which can be used in compiling Samba for Debian woody/sid. +# +# Autoconf sorts options alphabetically in its output. This file +# groups options logically. + + +# Load any architecture-specific settings +if [ -n "$DEB_HOST_GNU_TYPE" \ + -a -f ../debian/config.cache.${DEB_HOST_GNU_TYPE} ]; then + . ../debian/config.cache.${DEB_HOST_GNU_TYPE} +fi + + +# This is at the top because it's most in need of regular tweaking. +# These are options which are supported on 2.4 kernels, but not on 2.2 +# kernels. + +samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=${samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no} +samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=${samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no} +samba_cv_HAVE_KERNEL_SHARE_MODES=${samba_cv_HAVE_KERNEL_SHARE_MODES=no} + + +# These are present in 2.2 kernels, but not in 2.0... + +samba_cv_have_setresuid=${samba_cv_have_setresuid=yes} +samba_cv_have_setresgid=${samba_cv_have_setresgid=yes} +samba_cv_USE_SETRESUID=${samba_cv_USE_SETRESUID=yes} + + +# POSIX ACL support not present in Linux 2.2; not allowed in the +# Debian packages, even if present on the build machine. + +ac_cv_header_sys_acl_h=${ac_cv_header_sys_acl_h=no} + + +# Various basic libc/compiler stuff that it's blindingly obvious that +# Linux supports (now watch me get bitten for saying that) + +ac_cv_c_const=${ac_cv_c_const=yes} +ac_cv_c_inline=${ac_cv_c_inline=inline} +samba_cv_volatile=${samba_cv_volatile=yes} +ac_cv_dirent_d_off=${ac_cv_dirent_d_off=yes} +ac_cv_func_bzero=${ac_cv_func_bzero=yes} +ac_cv_func_chmod=${ac_cv_func_chmod=yes} +ac_cv_func_chown=${ac_cv_func_chown=yes} +ac_cv_func_chroot=${ac_cv_func_chroot=yes} +ac_cv_func_connect=${ac_cv_func_connect=yes} +ac_cv_func_dup2=${ac_cv_func_dup2=yes} +ac_cv_func_execl=${ac_cv_func_execl=yes} +ac_cv_func_fchmod=${ac_cv_func_fchmod=yes} +ac_cv_func_fchown=${ac_cv_func_fchown=yes} +ac_cv_func_fstat=${ac_cv_func_fstat=yes} +ac_cv_func_fsync=${ac_cv_func_fsync=yes} +ac_cv_func_ftruncate=${ac_cv_func_ftruncate=yes} +ac_cv_func_getcwd=${ac_cv_func_getcwd=yes} +ac_cv_func_getgrent=${ac_cv_func_getgrent=yes} +ac_cv_func_getgrnam=${ac_cv_func_getgrnam=yes} +ac_cv_func_getspnam=${ac_cv_func_getspnam=yes} +ac_cv_func_glob=${ac_cv_func_glob=yes} +ac_cv_func_grantpt=${ac_cv_func_grantpt=yes} +ac_cv_func_initgroups=${ac_cv_func_initgroups=yes} +ac_cv_func_llseek=${ac_cv_func_llseek=yes} +ac_cv_func_memcmp_clean=${ac_cv_func_memcmp_clean=yes} +ac_cv_func_memmove=${ac_cv_func_memmove=yes} +ac_cv_func_memset=${ac_cv_func_memset=yes} +ac_cv_func_mktime=${ac_cv_func_mktime=yes} +ac_cv_func_pipe=${ac_cv_func_pipe=yes} +ac_cv_func_poll=${ac_cv_func_poll=yes} +ac_cv_func_pread=${ac_cv_func_pread=yes} +ac_cv_func_pwrite=${ac_cv_func_pwrite=yes} +ac_cv_func_rand=${ac_cv_func_rand=yes} +ac_cv_func_random=${ac_cv_func_random=yes} +ac_cv_func_readlink=${ac_cv_func_readlink=yes} +ac_cv_func_rename=${ac_cv_func_rename=yes} +ac_cv_func_select=${ac_cv_func_select=yes} +ac_cv_func_setenv=${ac_cv_func_setenv=yes} +ac_cv_func_setgroups=${ac_cv_func_setgroups=yes} +ac_cv_func_setsid=${ac_cv_func_setsid=yes} +ac_cv_func_sigaction=${ac_cv_func_sigaction=yes} +ac_cv_func_sigblock=${ac_cv_func_sigblock=yes} +ac_cv_func_sigprocmask=${ac_cv_func_sigprocmask=yes} +ac_cv_func_snprintf=${ac_cv_func_snprintf=yes} +ac_cv_func_srand=${ac_cv_func_srand=yes} +ac_cv_func_srandom=${ac_cv_func_srandom=yes} +ac_cv_func_strcasecmp=${ac_cv_func_strcasecmp=yes} +ac_cv_func_strchr=${ac_cv_func_strchr=yes} +ac_cv_func_strdup=${ac_cv_func_strdup=yes} +ac_cv_func_strerror=${ac_cv_func_strerror=yes} +ac_cv_func_strftime=${ac_cv_func_strftime=yes} +ac_cv_func_strpbrk=${ac_cv_func_strpbrk=yes} +ac_cv_func_strtoul=${ac_cv_func_strtoul=yes} +ac_cv_func_symlink=${ac_cv_func_symlink=yes} +ac_cv_func_usleep=${ac_cv_func_usleep=yes} +ac_cv_func_utime=${ac_cv_func_utime=yes} +ac_cv_func_utimes=${ac_cv_func_utimes=yes} +ac_cv_func_vsnprintf=${ac_cv_func_vsnprintf=yes} +ac_cv_func_waitpid=${ac_cv_func_waitpid=yes} +ac_cv_type_ino_t=${ac_cv_type_ino_t=yes} +ac_cv_type_mode_t=${ac_cv_type_mode_t=yes} +ac_cv_type_pid_t=${ac_cv_type_pid_t=yes} +ac_cv_type_size_t=${ac_cv_type_size_t=yes} +ac_cv_type_uid_t=${ac_cv_type_uid_t=yes} +samba_cv_socklen_t=${samba_cv_socklen_t=yes} + +# Yes, we know Linux supports fcntl locking. Just ignore +# any errors caused by building on an NFS mount. +samba_cv_HAVE_FCNTL_LOCK=${samba_cv_HAVE_FCNTL_LOCK=yes} + + +# smbwrapper doesn't work because the glibc maintainers don't want +# to support transparent userland VFS. We might as well preempt +# any checks for shadowed symbols that are only useful for smbwrapper. + +ac_cv_func___acl=${ac_cv_func___acl=no} +ac_cv_func__acl=${ac_cv_func__acl=no} +ac_cv_func___chdir=${ac_cv_func___chdir=no} +ac_cv_func__chdir=${ac_cv_func__chdir=no} +ac_cv_func___close=${ac_cv_func___close=no} +ac_cv_func__close=${ac_cv_func__close=no} +ac_cv_func___closedir=${ac_cv_func___closedir=no} +ac_cv_func__closedir=${ac_cv_func__closedir=no} +ac_cv_func___dup=${ac_cv_func___dup=no} +ac_cv_func__dup=${ac_cv_func__dup=no} +ac_cv_func___dup2=${ac_cv_func___dup2=no} +ac_cv_func__dup2=${ac_cv_func__dup2=no} +ac_cv_func___facl=${ac_cv_func___facl=no} +ac_cv_func__facl=${ac_cv_func__facl=no} +ac_cv_func___fchdir=${ac_cv_func___fchdir=no} +ac_cv_func__fchdir=${ac_cv_func__fchdir=no} +ac_cv_func___fcntl=${ac_cv_func___fcntl=no} +ac_cv_func__fcntl=${ac_cv_func__fcntl=no} +ac_cv_func___fork=${ac_cv_func___fork=no} +ac_cv_func__fork=${ac_cv_func__fork=no} +ac_cv_func___fstat=${ac_cv_func___fstat=no} +ac_cv_func__fstat=${ac_cv_func__fstat=no} +ac_cv_func___fstat64=${ac_cv_func___fstat64=no} +ac_cv_func__fstat64=${ac_cv_func__fstat64=no} +ac_cv_func___fxstat=${ac_cv_func___fxstat=no} +ac_cv_func___getcwd=${ac_cv_func___getcwd=no} +ac_cv_func__getcwd=${ac_cv_func__getcwd=no} +ac_cv_func___getdents=${ac_cv_func___getdents=no} +ac_cv_func__getdents=${ac_cv_func__getdents=no} +ac_cv_func___llseek=${ac_cv_func___llseek=no} +ac_cv_func___sys_llseek=${ac_cv_func___sys_llseek=no} +ac_cv_func__llseek=${ac_cv_func__llseek=no} +ac_cv_func___lseek=${ac_cv_func___lseek=no} +ac_cv_func__lseek=${ac_cv_func__lseek=no} +ac_cv_func___lstat=${ac_cv_func___lstat=no} +ac_cv_func__lstat=${ac_cv_func__lstat=no} +ac_cv_func___lstat64=${ac_cv_func___lstat64=no} +ac_cv_func__lstat64=${ac_cv_func__lstat64=no} +ac_cv_func___lxstat=${ac_cv_func___lxstat=no} +ac_cv_func___open=${ac_cv_func___open=no} +ac_cv_func__open=${ac_cv_func__open=no} +ac_cv_func___open64=${ac_cv_func___open64=no} +ac_cv_func__open64=${ac_cv_func__open64=no} +ac_cv_func___opendir=${ac_cv_func___opendir=no} +ac_cv_func__opendir=${ac_cv_func__opendir=no} +ac_cv_func___pread=${ac_cv_func___pread=no} +ac_cv_func__pread=${ac_cv_func__pread=no} +ac_cv_func___pread64=${ac_cv_func___pread64=no} +ac_cv_func__pread64=${ac_cv_func__pread64=no} +ac_cv_func___pwrite=${ac_cv_func___pwrite=no} +ac_cv_func__pwrite=${ac_cv_func__pwrite=no} +ac_cv_func___pwrite64=${ac_cv_func___pwrite64=no} +ac_cv_func__pwrite64=${ac_cv_func__pwrite64=no} +ac_cv_func___read=${ac_cv_func___read=no} +ac_cv_func__read=${ac_cv_func__read=no} +ac_cv_func___readdir=${ac_cv_func___readdir=no} +ac_cv_func__readdir=${ac_cv_func__readdir=no} +ac_cv_func___readdir64=${ac_cv_func___readdir64=no} +ac_cv_func__readdir64=${ac_cv_func__readdir64=no} +ac_cv_func___seekdir=${ac_cv_func___seekdir=no} +ac_cv_func__seekdir=${ac_cv_func__seekdir=no} +ac_cv_func___stat=${ac_cv_func___stat=no} +ac_cv_func__stat=${ac_cv_func__stat=no} +ac_cv_func___stat64=${ac_cv_func___stat64=no} +ac_cv_func__stat64=${ac_cv_func__stat64=no} +ac_cv_func___telldir=${ac_cv_func___telldir=no} +ac_cv_func__telldir=${ac_cv_func__telldir=no} +ac_cv_func___write=${ac_cv_func___write=no} +ac_cv_func__write=${ac_cv_func__write=no} +ac_cv_func___xstat=${ac_cv_func___xstat=no} + + + +# Miscellaneous stuff that isn't, and shouldn't be, available +# in Debian. Those interested in building debs for other systems may +# need to remove some of these defines. + +ac_cv_func_bigcrypt=${ac_cv_func_bigcrypt=no} +ac_cv_func_crypt16=${ac_cv_func_crypt16=no} +ac_cv_func_getauthuid=${ac_cv_func_getauthuid=no} +ac_cv_func_getprpwnam=${ac_cv_func_getprpwnam=no} +ac_cv_func_getpwanam=${ac_cv_func_getpwanam=no} +ac_cv_func_putprpwnam=${ac_cv_func_putprpwnam=no} +ac_cv_func_rdchk=${ac_cv_func_rdchk=no} +ac_cv_func_set_auth_parameters=${ac_cv_func_set_auth_parameters=no} +ac_cv_func_setgidx=${ac_cv_func_setgidx=no} +ac_cv_func_setluid=${ac_cv_func_setluid=no} +ac_cv_func_setpriv=${ac_cv_func_setpriv=no} +ac_cv_func_setuidx=${ac_cv_func_setuidx=no} +ac_cv_lib_sec_bigcrypt=${ac_cv_lib_sec_bigcrypt=no} +ac_cv_lib_sec_getprpwnam=${ac_cv_lib_sec_getprpwnam=no} +ac_cv_lib_sec_getspnam=${ac_cv_lib_sec_getspnam=no} +ac_cv_lib_sec_putprpwnam=${ac_cv_lib_sec_putprpwnam=no} +ac_cv_lib_sec_set_auth_parameters=${ac_cv_lib_sec_set_auth_parameters=no} +ac_cv_lib_security_bigcrypt=${ac_cv_lib_security_bigcrypt=no} +ac_cv_lib_security_getprpwnam=${ac_cv_lib_security_getprpwnam=no} +ac_cv_lib_security_getspnam=${ac_cv_lib_security_getspnam=no} +ac_cv_lib_security_putprpwnam=${ac_cv_lib_security_putprpwnam=no} +ac_cv_lib_security_set_auth_parameters=${ac_cv_lib_security_set_auth_parameters=no} diff --git a/packaging/Debian/debian/config.cache.alpha-linux b/packaging/Debian/debian/config.cache.alpha-linux new file mode 100644 index 00000000000..6d171920263 --- /dev/null +++ b/packaging/Debian/debian/config.cache.alpha-linux @@ -0,0 +1,12 @@ +# 22 Aug 2001 Steve Langasek + +# This file contains autoconf settings specific to the alpha-linux +# platform that should be preloaded when building for this architecture. + + +# Linux 2.2 on Alpha doesn't have a functional setresgid() call, but +# Linux 2.4 does. Ensure that packages compiled for woody remain +# compatible with 2.2 kernels, even if the build machine is running 2.4. +samba_cv_have_setresgid=${samba_cv_have_setresgid=no} +samba_cv_USE_SETRESUID=${samba_cv_USE_SETRESUID=no} +samba_cv_USE_SETREUID=${samba_cv_USE_SETREUID=yes} diff --git a/packaging/Debian/debian/config.cache.sparc-linux b/packaging/Debian/debian/config.cache.sparc-linux new file mode 100644 index 00000000000..a2a21b1d3ad --- /dev/null +++ b/packaging/Debian/debian/config.cache.sparc-linux @@ -0,0 +1,13 @@ +# 24 Spe 2001 Steve Langasek + +# This file contains autoconf settings specific to the sparc-linux +# platform that should be preloaded when building for this architecture. + + +# Linux 2.2 on Sparc doesn't have setresgid() or setresuid(), but +# Linux 2.4 does. Ensure that packages compiled for woody remain +# compatible with 2.2 kernels, even if the build machine is running 2.4. +samba_cv_have_setresuid=${samba_cv_have_setresuid=no} +samba_cv_have_setresgid=${samba_cv_have_setresgid=no} +samba_cv_USE_SETRESUID=${samba_cv_USE_SETRESUID=no} +samba_cv_USE_SETREUID=${samba_cv_USE_SETREUID=yes} diff --git a/packaging/Debian/debian/control b/packaging/Debian/debian/control new file mode 100644 index 00000000000..2054da9f188 --- /dev/null +++ b/packaging/Debian/debian/control @@ -0,0 +1,151 @@ +Source: samba +Section: net +Priority: optional +Maintainer: Eloy A. Paris +Uploaders: Steve Langasek +Build-Depends: debhelper (>=2.0.103), libpam0g-dev, libreadline4-dev, libcupsys2-dev +Standards-Version: 3.1.1 + +Package: samba +Architecture: any +Depends: samba-common (= ${Source-Version}), netbase, logrotate, ${shlibs:Depends} +Replaces: samba-common (<= 2.0.5a-2) +Suggests: samba-doc +Description: A LanManager like file and printer server for Unix. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or NetBIOS protocol. + . + This package contains all the components necessary to turn your + Debian GNU/Linux box into a powerful file and printer server. + . + As of Samba 2.2.1a-3, the Samba Debian packages consist of the following: + . + samba - A LanManager like file and printer server for Unix. + samba-common - Samba common files used by both the server and the client. + smbclient - A LanManager like simple client for Unix. + swat - Samba Web Administration Tool + samba-doc - Samba documentation. + smbfs - Mount and umount commands for the smbfs (kernels 2.0.x and above). + libpam-smbpass - pluggable authentication module for SMB password database + libsmbclient - Shared library that allows applications to talk to SMB servers + libsmbclient-dev - libsmbclient shared libraries + +Package: samba-common +Architecture: any +Depends: libpam-modules, ${shlibs:Depends} +Replaces: samba (<= 2.0.5a-2) +Description: Samba common files used by both the server and the client. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or NetBIOS protocol. + . + This package contains the common files that are used by both the server + (provided in the samba package) and the client (provided in the smbclient + package). + +Package: smbclient +Architecture: any +Depends: samba-common (= ${Source-Version}), ${shlibs:Depends} +Replaces: samba (<= 2.2.2-5) +Provides: samba-client +Suggests: smbfs +Description: A LanManager like simple client for Unix. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or NetBIOS protocol. + . + This package contains some client components of the Samba suite. In + particular it includes the command line utilities smbclient, smbtar, + and smbspool. If you want to mount shares exported from Microsoft + Windows machines or a Samba server you must install the smbfs package. + +Package: swat +Architecture: any +Depends: samba (= ${Source-Version}), ${shlibs:Depends} +Recommends: samba-doc +Description: Samba Web Administration Tool + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or NetBIOS protocol. + . + This package contains the components of the Samba suite that are needed + for Web administration of the Samba server. + +Package: samba-doc +Section: doc +Architecture: all +Description: Samba documentation. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or NetBIOS protocol. + . + This package contains all the documentation that comes in the original + tarball. + +Package: smbfs +Section: otherosfs +Priority: optional +Architecture: any +Depends: netbase (>= 2.02), samba-common (= ${Source-Version}), ${shlibs:Depends} +Suggests: smbclient +Replaces: smbfsx +Conflicts: smbfsx, suidmanager (<< 0.50) +Description: mount and umount commands for the smbfs (for kernels >= than 2.2.x) + Smbfs is a filesystem which understands the SMB protocol. + This is the protocol Windows for Workgroups, Windows NT or + LAN Manager use to talk to each other. It was inspired by + samba, the program by Andrew Tridgell that turns any unix + site into a file server for DOS or Windows clients. + . + If you want to use command-line utilities like smbclient, smbtar + and/or smbspool just need to install the smbclient package. + . + Starting with the Debian Samba packages version 2.2.0-1, the old smbfs + utilities for 2.0.x have been removed. There are no wrapper scripts + that call a specific smbmount/smbmount depending on the kernel version. + If you are using a 2.0.x kernel please upgrade or use the latest Samba + 2.0.7 Debian package. + +Package: libpam-smbpass +Section: admin +Priority: extra +Architecture: any +Depends: ${shlibs:Depends} +Suggests: samba +Description: pluggable authentication module for SMB password database + This is a stackable PAM module that allows a system administrator to easily + migrate to using encrypted passwords for Samba and to keep smb passwords in + sync with unix passwords. Unlike other solutions, it does this without + requiring users to change their existing passwords or login to Samba using + cleartext passwords. + +Package: libsmbclient +Section: libs +Priority: extra +Architecture: any +Depends: ${shlibs:Depends} +Description: Shared library that allows applications to talk to SMB servers + libsmbclient allows to write applications that use the SMB protocol. + This gives applications the ability to talk to Microsoft Windows servers + and Unix servers running Samba. + . + This package contains the libsmbclient shared library. + +Package: libsmbclient-dev +Section: devel +Priority: extra +Architecture: any +Depends: libsmbclient (= ${Source-Version}), ${shlibs:Depends} +Description: libsmbclient static libraries and headers + libsmbclient allows to write applications that use the SMB protocol. + This gives applications the ability to talk to Microsoft Windows servers + and Unix servers running Samba. + . + This package contains the libsmbclient static libraries and headers + needed to build applications that use SMB services. diff --git a/packaging/Debian/debian/control.smbwrapper b/packaging/Debian/debian/control.smbwrapper new file mode 100644 index 00000000000..70444ca5f58 --- /dev/null +++ b/packaging/Debian/debian/control.smbwrapper @@ -0,0 +1,111 @@ +Source: samba +Section: net +Priority: optional +Maintainer: Eloy A. Paris +Standards-Version: 2.4.0.0 + +Package: samba +Architecture: any +Depends: samba-common (= ${Source-Version}), ${shlibs:Depends} +Replaces: samba-common (<= 2.0.5a-2) +Suggests: samba-doc +Description: A LanManager like file and printer server for Unix. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or Netbios protocol. + . + This package contains all the components necessary to turn your + Debian GNU/Linux box into a powerful file and printer server. + . + As of Samba 2.0.0, the Samba Debian packages consist of the following: + . + samba - A LanManager like file and printer server for Unix. + samba-common - Samba common files used by both the server and the client. + smbclient - A LanManager like simple client for Unix. + swat - Samba Web Administration Tool + samba-doc - Samba documentation. + smbfsx - Mount and umount commands for the smbfs and kernels > 2.1.70. + smbwrapper - A shared library that provides SMB client services + +Package: samba-common +Architecture: any +Depends: ${shlibs:Depends} +Replaces: samba (<= 2.0.5a-2) +Description: Samba common files used by both the server and the client. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or Netbios protocol. + . + This package contains the common files that are used by both the server + (provided in the samba package) and the client (provided in the smbclient + package). + +Package: smbclient +Architecture: any +Depends: samba-common (= ${Source-Version}), ${shlibs:Depends} +Description: A LanManager like simple client for Unix. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or Netbios protocol. + . + This package contains the client components of the Samba suite. + +Package: swat +Architecture: any +Depends: samba, ${shlibs:Depends} +Description: Samba Web Administration Tool + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or Netbios protocol. + . + This package contains the components of the Samba suite that are needed + for Web administration fo the Samba server. + +Package: samba-doc +Architecture: all +Description: Samba documentation. + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or Netbios protocol. + . + This package contains all the documentation that comes in the original + tarball. + +Package: smbfs +Section: otherosfs +Priority: optional +Architecture: any +Depends: netbase (>= 2.02), samba-common (= ${Source-Version}), ${shlibs:Depends} +Replaces: smbfsx +Conflicts: smbfsx +Description: Mount and umount commands for the smbfs (2.0.x and 2.1.x kernels) + Smbfs is a filesystem which understands the SMB protocol. + This is the protocol Windows for Workgroups, Windows NT or + Lan Manager use to talk to each other. It was inspired by + samba, the program by Andrew Tridgell that turns any unix + site into a file server for DOS or Windows clients. + . + Starting with the Debian Samba packages version 2.0.4b-2, the old smbfs + utilities for 2.0.x and the new smbfs utilities for 2.2.x kernels have been + merged in a single package called smbfs. A wrapper script called smbmount.sh + identifies the version of the kernel running and calls the correct binary. + +Package: smbwrapper +Section: otherosfs +Priority: optional +Architecture: any +Depends: ${shlibs:Depends} +Description: A shared library that provides SMB client services + The Samba software suite is a collection of programs that + implements the SMB protocol for unix systems, allowing you to serve + files and printers to Windows, NT, OS/2 and DOS clients. This protocol + is sometimes also referred to as the LanManager or Netbios protocol. + . + This package contains prelodable shared library that provides SMB client + services for existing executables. Using this you can simulate a smb + filesystem. diff --git a/packaging/Debian/debian/copyright b/packaging/Debian/debian/copyright new file mode 100644 index 00000000000..95bac89a540 --- /dev/null +++ b/packaging/Debian/debian/copyright @@ -0,0 +1,36 @@ +This is the Debian Linux prepackaged version of the Samba SMB +(LAN-Manager) server. Samba was written by Andrew Tridgell + and many others. + +This package was put together by Eloy Paris +based on previous work by Klee Dienes , +Andrew Howell and Bruce Perens +from sources found at . + +As of early in the samba-2.0.0alpha series, the Samba package for Debian +was split into the following packages: + +- samba (the Samba server) +- smbclient (a LAN Manager client - like the ftp program) +- swat (Samba Web Administration Tool) +- smbfs (smbfs userland utilities for kernels > 2.0.x) +- samba-doc (Samba documentation). + +Copyright: + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; version 2 dated June, 1991. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, + MA 02111-1307, USA + +On Debian GNU/Linux systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. diff --git a/packaging/Debian/debian/libpam-smbpass.files b/packaging/Debian/debian/libpam-smbpass.files new file mode 100644 index 00000000000..4263df5c0f0 --- /dev/null +++ b/packaging/Debian/debian/libpam-smbpass.files @@ -0,0 +1 @@ +lib/security/pam_smbpass.so diff --git a/packaging/Debian/debian/libsmbclient-dev.files b/packaging/Debian/debian/libsmbclient-dev.files new file mode 100644 index 00000000000..3ca6033fe7b --- /dev/null +++ b/packaging/Debian/debian/libsmbclient-dev.files @@ -0,0 +1,2 @@ +usr/lib/libsmbclient.a +usr/include/libsmbclient.h diff --git a/packaging/Debian/debian/libsmbclient.files b/packaging/Debian/debian/libsmbclient.files new file mode 100644 index 00000000000..18b7f3b1654 --- /dev/null +++ b/packaging/Debian/debian/libsmbclient.files @@ -0,0 +1,2 @@ +usr/lib/libsmbclient.so.0.1 +usr/lib/libsmbclient.so.0 diff --git a/packaging/Debian/debian/libsmbclient.postinst b/packaging/Debian/debian/libsmbclient.postinst new file mode 100644 index 00000000000..76f61de067a --- /dev/null +++ b/packaging/Debian/debian/libsmbclient.postinst @@ -0,0 +1,10 @@ +#!/bin/sh +# +# postinst script for libsmbclient +# + +if [ "$1" = "configure" ]; then + ldconfig +fi + +#DEBHELPER# diff --git a/packaging/Debian/debian/libsmbclient.shlibs b/packaging/Debian/debian/libsmbclient.shlibs new file mode 100644 index 00000000000..74329f2c08d --- /dev/null +++ b/packaging/Debian/debian/libsmbclient.shlibs @@ -0,0 +1 @@ +libsmbclient 0.1 libsmbclient (>= 2.2.2-11) diff --git a/packaging/Debian/debian/mksmbpasswd.8 b/packaging/Debian/debian/mksmbpasswd.8 new file mode 100644 index 00000000000..0a500102e8a --- /dev/null +++ b/packaging/Debian/debian/mksmbpasswd.8 @@ -0,0 +1,28 @@ +.TH MKSMBPASSWD 8 12-Apr-1998 +.SH NAME +mksmbpasswd \- formats a /etc/passwd entry for a smbpasswd file +.SH SYNOPSIS +mksmbpasswd cat /etc/passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd +.SH DESCRIPTION +.B mksmbpasswd +should be used only once, the first time Samba is installed. The idea +is to ease accounts creation by transferring all user accounts from +/etc/passwd to /etc/samba/smbpasswd. +.PP +Please note that passwords are not transferred automatically from +/etc/passwd to the new /etc/samba/smbpasswd file. After running +.B mksmbpasswd +all accounts are disabled so the system administrator must run +smbpasswd for each account that needs to be enable. +.SH FILES +.TP +/etc/passwd +System wide accounts file +.TP +/etc/samba/smbpasswd +Encrypted passwords file for the Samba daemons +.SH SEE ALSO +samba(7), nmbd(8), smbd(8) +.SH AUTHOR +Eloy A. Paris (man page based on sendmailconfig's man page +by Robert Leslie ) diff --git a/packaging/Debian/debian/mksmbpasswd.awk b/packaging/Debian/debian/mksmbpasswd.awk new file mode 100644 index 00000000000..a7b41a725d3 --- /dev/null +++ b/packaging/Debian/debian/mksmbpasswd.awk @@ -0,0 +1,5 @@ +#!/usr/bin/awk -f +BEGIN {FS=":" + printf("#\n# SMB password file.\n#\n") + } +{ printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:[U ]:LCT-00000000:%s\n", $1, $3, $5) } diff --git a/packaging/Debian/debian/patches/Makefile.patch b/packaging/Debian/debian/patches/Makefile.patch new file mode 100644 index 00000000000..2b28da5c3a9 --- /dev/null +++ b/packaging/Debian/debian/patches/Makefile.patch @@ -0,0 +1,49 @@ +--- samba-2.2.2.cvs20020120.orig/source/Makefile.in ++++ samba-2.2.2.cvs20020120/source/Makefile.in +@@ -91,7 +91,7 @@ + + SPROGS = bin/smbd bin/nmbd bin/swat + PROGS1 = bin/smbclient bin/smbspool bin/testparm bin/testprns bin/smbstatus bin/smbcontrol bin/make_printerdef @RUNPROG@ +-PROGS2 = bin/smbpasswd bin/make_smbcodepage bin/rpcclient bin/make_unicodemap bin/smbcacls @WRAP@ @WRAP32@ @PAM_MOD@ @PDBEDIT@ @LIBSMBCLIENT@ ++PROGS2 = bin/smbpasswd bin/make_smbcodepage bin/rpcclient bin/make_unicodemap bin/smbcacls @WRAP@ @WRAP32@ @PAM_MOD@ @PDBEDIT@ @LIBSMBCLIENT_STATIC@ @LIBSMBCLIENT_SHARED@ + MPROGS = @MPROGS@ + LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS) + PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup +@@ -614,13 +614,15 @@ + @echo Linking shared library $@ + @$(SHLD) -32 @LDSHFLAGS@ -o $@ $(PICOBJS32) $(LIBS) + +-libsmbclient: $(LIBSMBCLIENT_PICOBJS) +- @echo Linking libsmbclient shared library bin/$@.@SHLIBEXT@ +- @$(SHLD) @LDSHFLAGS@ -o bin/$@.@SHLIBEXT@ \ ++bin/libsmbclient.so: $(LIBSMBCLIENT_PICOBJS) ++ @echo Linking libsmbclient shared library $@ ++ @$(SHLD) @LDSHFLAGS@ -o $@ \ + $(LIBSMBCLIENT_PICOBJS) $(LIBS) \ + @SONAMEFLAG@libsmbclient.so.$(LIBSMBCLIENT_MAJOR) +- @echo Linking libsmbclient non-shared library bin/$@.a +- @-$(AR) -rc bin/$@.a $(LIBSMBCLIENT_PICOBJS) ++ ++bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS) ++ @echo Linking libsmbclient non-shared library $@ ++ @-$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS) + + bin/smbsh: $(SMBSH_OBJ) bin/.dummy + @echo Linking $@ +@@ -673,10 +675,12 @@ + installswat: installdirs + @$(SHELL) $(srcdir)/script/installswat.sh $(SWATDIR) $(srcdir) + +-installclientlib: +- -$(INSTALLCMD) bin/libsmbclient.so +- -$(INSTALLCMD) -d ${prefix}/include +- -$(INSTALLCMD) include/libsmbclient.h ${prefix}/include ++installclientlib: bin/libsmbclient.so bin/libsmbclient.a ++ # Installed (in the wrong location, BTW) by installbin above (peloy@debian.org) ++ # -$(INSTALLCMD) bin/libsmbclient.so $(BASEDIR)/lib ++ # -$(INSTALLCMD) bin/libsmbclient.a $(BASEDIR)/lib ++ -$(INSTALLCMD) -d $(INCLUDEDIR) ++ -$(INSTALLCMD) include/libsmbclient.h $(INCLUDEDIR) + + # revert to the previously installed version + revert: diff --git a/packaging/Debian/debian/patches/configure.patch b/packaging/Debian/debian/patches/configure.patch new file mode 100644 index 00000000000..497455120d3 --- /dev/null +++ b/packaging/Debian/debian/patches/configure.patch @@ -0,0 +1,6044 @@ +--- samba-2.2.2.cvs20020120.orig/source/configure ++++ samba-2.2.2.cvs20020120/source/configure +@@ -1077,7 +1077,7 @@ + + test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +-for ac_prog in gawk mawk nawk awk ++for ac_prog in mawk gawk nawk awk + do + # Extract the first word of "$ac_prog", so it can be a program name with args. + set dummy $ac_prog; ac_word=$2 +@@ -1537,6 +1537,47 @@ + rm -fr conftest* + fi + ++ if test x$LINUX_LFS_SUPPORT = xyes ; then ++ if test "$cross_compiling" = yes; then ++ LINUX_LFS_SUPPORT=cross ++else ++ cat > conftest.$ac_ext < ++#include ++#include ++main() { ++ unsigned int *padding; ++ struct flock foo_lock = {F_WRLCK, SEEK_SET, 0, 1, 0}; ++ int fd = open("/dev/null", O_RDWR); ++ ++ /* Yes, we're depending on the internals of the Linux flock structure ++ here -- but this test is explicitly Linux-specific to begin with. */ ++ padding = (unsigned int *)&foo_lock; ++ padding[1] = 0xffffffff; ++ foo_lock.l_start = 0; ++ if (fcntl(fd, F_SETLK, &foo_lock) < 0) ++ exit(1); ++ ++ exit(0); ++} ++ ++EOF ++if { (eval echo configure:1569: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++then ++ LINUX_LFS_SUPPORT=yes ++else ++ echo "configure: failed program was:" >&5 ++ cat conftest.$ac_ext >&5 ++ rm -fr conftest* ++ LINUX_LFS_SUPPORT=no ++fi ++rm -fr conftest* ++fi ++ ++ fi + CPPFLAGS="$old_CPPFLAGS" + if test x$LINUX_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" +@@ -1546,14 +1587,14 @@ + + *hurd*) + echo $ac_n "checking for LFS support""... $ac_c" 1>&6 +-echo "configure:1550: checking for LFS support" >&5 ++echo "configure:1591: checking for LFS support" >&5 + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS" + if test "$cross_compiling" = yes; then + GLIBC_LFS_SUPPORT=cross + else + cat > conftest.$ac_ext < +@@ -1565,7 +1606,7 @@ + #endif + } + EOF +-if { (eval echo configure:1569: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1610: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + GLIBC_LFS_SUPPORT=yes + else +@@ -1587,21 +1628,21 @@ + esac + + echo $ac_n "checking for inline""... $ac_c" 1>&6 +-echo "configure:1591: checking for inline" >&5 ++echo "configure:1632: checking for inline" >&5 + if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_inline=no + for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1646: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break + else +@@ -1627,7 +1668,7 @@ + esac + + echo $ac_n "checking how to run the C preprocessor""... $ac_c" 1>&6 +-echo "configure:1631: checking how to run the C preprocessor" >&5 ++echo "configure:1672: checking how to run the C preprocessor" >&5 + # On Suns, sometimes $CPP names a directory. + if test -n "$CPP" && test -d "$CPP"; then + CPP= +@@ -1642,13 +1683,13 @@ + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1652: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1693: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1659,13 +1700,13 @@ + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1710: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1676,13 +1717,13 @@ + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < + Syntax Error + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1686: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1727: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + : +@@ -1707,12 +1748,12 @@ + echo "$ac_t""$CPP" 1>&6 + + echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +-echo "configure:1711: checking for ANSI C header files" >&5 ++echo "configure:1752: checking for ANSI C header files" >&5 + if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -1720,7 +1761,7 @@ + #include + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:1724: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:1765: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -1737,7 +1778,7 @@ + if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. + cat > conftest.$ac_ext < + EOF +@@ -1755,7 +1796,7 @@ + if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. + cat > conftest.$ac_ext < + EOF +@@ -1776,7 +1817,7 @@ + : + else + cat > conftest.$ac_ext < + #define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +@@ -1787,7 +1828,7 @@ + exit (0); } + + EOF +-if { (eval echo configure:1791: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:1832: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + : + else +@@ -1815,12 +1856,12 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 +-echo "configure:1819: checking for $ac_hdr that defines DIR" >&5 ++echo "configure:1860: checking for $ac_hdr that defines DIR" >&5 + if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include <$ac_hdr> +@@ -1828,7 +1869,7 @@ + DIR *dirp = 0; + ; return 0; } + EOF +-if { (eval echo configure:1832: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1873: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_header_dirent_$ac_safe=yes" + else +@@ -1853,7 +1894,7 @@ + # Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. + if test $ac_header_dirent = dirent.h; then + echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 +-echo "configure:1857: checking for opendir in -ldir" >&5 ++echo "configure:1898: checking for opendir in -ldir" >&5 + ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1861,7 +1902,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ldir $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1894,7 +1935,7 @@ + + else + echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 +-echo "configure:1898: checking for opendir in -lx" >&5 ++echo "configure:1939: checking for opendir in -lx" >&5 + ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -1902,7 +1943,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lx $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:1958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -1936,12 +1977,12 @@ + fi + + echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +-echo "configure:1940: checking whether time.h and sys/time.h may both be included" >&5 ++echo "configure:1981: checking whether time.h and sys/time.h may both be included" >&5 + if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -1950,7 +1991,7 @@ + struct tm *tp; + ; return 0; } + EOF +-if { (eval echo configure:1954: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:1995: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes + else +@@ -1971,12 +2012,12 @@ + fi + + echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 +-echo "configure:1975: checking for sys/wait.h that is POSIX.1 compatible" >&5 ++echo "configure:2016: checking for sys/wait.h that is POSIX.1 compatible" >&5 + if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -1992,7 +2033,7 @@ + s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; + ; return 0; } + EOF +-if { (eval echo configure:1996: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2037: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_sys_wait_h=yes + else +@@ -2016,17 +2057,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2020: checking for $ac_hdr" >&5 ++echo "configure:2061: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2030: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2071: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2056,17 +2097,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2060: checking for $ac_hdr" >&5 ++echo "configure:2101: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2070: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2111: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2096,17 +2137,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2100: checking for $ac_hdr" >&5 ++echo "configure:2141: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2110: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2151: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2136,17 +2177,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2140: checking for $ac_hdr" >&5 ++echo "configure:2181: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2150: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2191: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2176,17 +2217,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2180: checking for $ac_hdr" >&5 ++echo "configure:2221: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2190: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2231: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2216,17 +2257,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2220: checking for $ac_hdr" >&5 ++echo "configure:2261: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2230: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2271: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2256,17 +2297,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2260: checking for $ac_hdr" >&5 ++echo "configure:2301: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2270: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2311: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2296,17 +2337,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2300: checking for $ac_hdr" >&5 ++echo "configure:2341: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2310: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2351: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2340,14 +2381,14 @@ + case "$host_os" in + *hpux*) + cat > conftest.$ac_ext < + int main() { + struct spwd testme + ; return 0; } + EOF +-if { (eval echo configure:2351: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2392: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_shadow_h=yes + else +@@ -2369,17 +2410,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2373: checking for $ac_hdr" >&5 ++echo "configure:2414: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2383: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2424: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2409,17 +2450,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2413: checking for $ac_hdr" >&5 ++echo "configure:2454: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2423: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2464: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2449,17 +2490,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2453: checking for $ac_hdr" >&5 ++echo "configure:2494: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2463: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2504: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2489,17 +2530,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2493: checking for $ac_hdr" >&5 ++echo "configure:2534: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2503: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2544: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2529,17 +2570,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2533: checking for $ac_hdr" >&5 ++echo "configure:2574: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2543: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2584: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2571,17 +2612,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2575: checking for $ac_hdr" >&5 ++echo "configure:2616: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2585: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2626: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2613,17 +2654,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2617: checking for $ac_hdr" >&5 ++echo "configure:2658: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2627: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2668: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2655,17 +2696,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:2659: checking for $ac_hdr" >&5 ++echo "configure:2700: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:2669: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:2710: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -2693,7 +2734,7 @@ + + + echo $ac_n "checking size of int""... $ac_c" 1>&6 +-echo "configure:2697: checking size of int" >&5 ++echo "configure:2738: checking size of int" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2701,18 +2742,19 @@ + ac_cv_sizeof_int=cross + else + cat > conftest.$ac_ext < +-int main() ++#include ++main() + { + FILE *f=fopen("conftestval", "w"); +- if (!f) return(1); ++ if (!f) exit(1); + fprintf(f, "%d\n", sizeof(int)); +- return(0); ++ exit(0); + } + EOF +-if { (eval echo configure:2716: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2758: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_int=`cat conftestval` + else +@@ -2732,7 +2774,7 @@ + + + echo $ac_n "checking size of long""... $ac_c" 1>&6 +-echo "configure:2736: checking size of long" >&5 ++echo "configure:2778: checking size of long" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2740,18 +2782,19 @@ + ac_cv_sizeof_long=cross + else + cat > conftest.$ac_ext < +-int main() ++#include ++main() + { + FILE *f=fopen("conftestval", "w"); +- if (!f) return(1); ++ if (!f) exit(1); + fprintf(f, "%d\n", sizeof(long)); +- return(0); ++ exit(0); + } + EOF +-if { (eval echo configure:2755: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_long=`cat conftestval` + else +@@ -2771,7 +2814,7 @@ + + + echo $ac_n "checking size of short""... $ac_c" 1>&6 +-echo "configure:2775: checking size of short" >&5 ++echo "configure:2818: checking size of short" >&5 + if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -2779,18 +2822,19 @@ + ac_cv_sizeof_short=cross + else + cat > conftest.$ac_ext < +-int main() ++#include ++main() + { + FILE *f=fopen("conftestval", "w"); +- if (!f) return(1); ++ if (!f) exit(1); + fprintf(f, "%d\n", sizeof(short)); +- return(0); ++ exit(0); + } + EOF +-if { (eval echo configure:2794: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:2838: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_sizeof_short=`cat conftestval` + else +@@ -2811,12 +2855,12 @@ + + + echo $ac_n "checking for working const""... $ac_c" 1>&6 +-echo "configure:2815: checking for working const" >&5 ++echo "configure:2859: checking for working const" >&5 + if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2913: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes + else +@@ -2886,21 +2930,21 @@ + fi + + echo $ac_n "checking for inline""... $ac_c" 1>&6 +-echo "configure:2890: checking for inline" >&5 ++echo "configure:2934: checking for inline" >&5 + if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_inline=no + for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2948: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break + else +@@ -2926,14 +2970,14 @@ + esac + + echo $ac_n "checking whether byte ordering is bigendian""... $ac_c" 1>&6 +-echo "configure:2930: checking whether byte ordering is bigendian" >&5 ++echo "configure:2974: checking whether byte ordering is bigendian" >&5 + if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + ac_cv_c_bigendian=unknown + # See if sys/param.h defines the BYTE_ORDER macro. + cat > conftest.$ac_ext < + #include +@@ -2944,11 +2988,11 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:2948: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:2992: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. + cat > conftest.$ac_ext < + #include +@@ -2959,7 +3003,7 @@ + #endif + ; return 0; } + EOF +-if { (eval echo configure:2963: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3007: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes + else +@@ -2979,7 +3023,7 @@ + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:3040: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_bigendian=no + else +@@ -3016,14 +3060,14 @@ + fi + + echo $ac_n "checking whether char is unsigned""... $ac_c" 1>&6 +-echo "configure:3020: checking whether char is unsigned" >&5 ++echo "configure:3064: checking whether char is unsigned" >&5 + if eval "test \"`echo '$''{'ac_cv_c_char_unsigned'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + if test "$GCC" = yes; then + # GCC predefines this symbol on systems where it applies. + cat > conftest.$ac_ext <&2; exit 1; } + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:3103: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_c_char_unsigned=yes + else +@@ -3080,12 +3124,12 @@ + + + echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +-echo "configure:3084: checking return type of signal handlers" >&5 ++echo "configure:3128: checking return type of signal handlers" >&5 + if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -3102,7 +3146,7 @@ + int i; + ; return 0; } + EOF +-if { (eval echo configure:3106: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3150: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void + else +@@ -3121,12 +3165,12 @@ + + + echo $ac_n "checking for uid_t in sys/types.h""... $ac_c" 1>&6 +-echo "configure:3125: checking for uid_t in sys/types.h" >&5 ++echo "configure:3169: checking for uid_t in sys/types.h" >&5 + if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF +@@ -3155,12 +3199,12 @@ + fi + + echo $ac_n "checking for mode_t""... $ac_c" 1>&6 +-echo "configure:3159: checking for mode_t" >&5 ++echo "configure:3203: checking for mode_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3188,12 +3232,12 @@ + fi + + echo $ac_n "checking for off_t""... $ac_c" 1>&6 +-echo "configure:3192: checking for off_t" >&5 ++echo "configure:3236: checking for off_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3221,12 +3265,12 @@ + fi + + echo $ac_n "checking for size_t""... $ac_c" 1>&6 +-echo "configure:3225: checking for size_t" >&5 ++echo "configure:3269: checking for size_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3254,12 +3298,12 @@ + fi + + echo $ac_n "checking for pid_t""... $ac_c" 1>&6 +-echo "configure:3258: checking for pid_t" >&5 ++echo "configure:3302: checking for pid_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3287,12 +3331,12 @@ + fi + + echo $ac_n "checking for st_rdev in struct stat""... $ac_c" 1>&6 +-echo "configure:3291: checking for st_rdev in struct stat" >&5 ++echo "configure:3335: checking for st_rdev in struct stat" >&5 + if eval "test \"`echo '$''{'ac_cv_struct_st_rdev'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -3300,7 +3344,7 @@ + struct stat s; s.st_rdev; + ; return 0; } + EOF +-if { (eval echo configure:3304: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3348: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_struct_st_rdev=yes + else +@@ -3321,12 +3365,12 @@ + fi + + echo $ac_n "checking for d_off in dirent""... $ac_c" 1>&6 +-echo "configure:3325: checking for d_off in dirent" >&5 ++echo "configure:3369: checking for d_off in dirent" >&5 + if eval "test \"`echo '$''{'ac_cv_dirent_d_off'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < +@@ -3336,7 +3380,7 @@ + struct dirent d; d.d_off; + ; return 0; } + EOF +-if { (eval echo configure:3340: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3384: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_dirent_d_off=yes + else +@@ -3357,12 +3401,12 @@ + fi + + echo $ac_n "checking for ino_t""... $ac_c" 1>&6 +-echo "configure:3361: checking for ino_t" >&5 ++echo "configure:3405: checking for ino_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_ino_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3390,12 +3434,12 @@ + fi + + echo $ac_n "checking for loff_t""... $ac_c" 1>&6 +-echo "configure:3394: checking for loff_t" >&5 ++echo "configure:3438: checking for loff_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_loff_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3423,12 +3467,12 @@ + fi + + echo $ac_n "checking for offset_t""... $ac_c" 1>&6 +-echo "configure:3427: checking for offset_t" >&5 ++echo "configure:3471: checking for offset_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_offset_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3456,12 +3500,12 @@ + fi + + echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 +-echo "configure:3460: checking for ssize_t" >&5 ++echo "configure:3504: checking for ssize_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3489,12 +3533,12 @@ + fi + + echo $ac_n "checking for wchar_t""... $ac_c" 1>&6 +-echo "configure:3493: checking for wchar_t" >&5 ++echo "configure:3537: checking for wchar_t" >&5 + if eval "test \"`echo '$''{'ac_cv_type_wchar_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #if STDC_HEADERS +@@ -3526,7 +3570,7 @@ + # for cups support we need libcups, and a handful of header files + + echo $ac_n "checking for httpConnect in -lcups""... $ac_c" 1>&6 +-echo "configure:3530: checking for httpConnect in -lcups" >&5 ++echo "configure:3574: checking for httpConnect in -lcups" >&5 + ac_lib_var=`echo cups'_'httpConnect | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3534,7 +3578,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lcups $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3593: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3580,17 +3624,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:3584: checking for $ac_hdr" >&5 ++echo "configure:3628: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:3594: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:3638: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -3629,7 +3673,7 @@ + ############################################ + # we need libdl for PAM and the new VFS code + echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 +-echo "configure:3633: checking for dlopen in -ldl" >&5 ++echo "configure:3677: checking for dlopen in -ldl" >&5 + ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -3637,7 +3681,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-ldl $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:3696: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -3676,13 +3720,13 @@ + ############################################ + # check if the compiler can do immediate structures + echo $ac_n "checking for immediate structures""... $ac_c" 1>&6 +-echo "configure:3680: checking for immediate structures" >&5 ++echo "configure:3724: checking for immediate structures" >&5 + if eval "test \"`echo '$''{'samba_cv_immediate_structures'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < +@@ -3694,7 +3738,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:3698: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3742: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_immediate_structures=yes + else +@@ -3717,13 +3761,13 @@ + ############################################ + # check for unix domain sockets + echo $ac_n "checking for unix domain sockets""... $ac_c" 1>&6 +-echo "configure:3721: checking for unix domain sockets" >&5 ++echo "configure:3765: checking for unix domain sockets" >&5 + if eval "test \"`echo '$''{'samba_cv_unixsocket'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < +@@ -3738,7 +3782,7 @@ + + ; return 0; } + EOF +-if { (eval echo configure:3742: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3786: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_unixsocket=yes + else +@@ -3759,13 +3803,13 @@ + fi + + echo $ac_n "checking for socklen_t type""... $ac_c" 1>&6 +-echo "configure:3763: checking for socklen_t type" >&5 ++echo "configure:3807: checking for socklen_t type" >&5 + if eval "test \"`echo '$''{'samba_cv_socklen_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < +@@ -3778,7 +3822,7 @@ + socklen_t i = 0 + ; return 0; } + EOF +-if { (eval echo configure:3782: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3826: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_socklen_t=yes + else +@@ -3799,13 +3843,13 @@ + fi + + echo $ac_n "checking for sig_atomic_t type""... $ac_c" 1>&6 +-echo "configure:3803: checking for sig_atomic_t type" >&5 ++echo "configure:3847: checking for sig_atomic_t type" >&5 + if eval "test \"`echo '$''{'samba_cv_sig_atomic_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < +@@ -3818,7 +3862,7 @@ + sig_atomic_t i = 0 + ; return 0; } + EOF +-if { (eval echo configure:3822: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3866: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_sig_atomic_t=yes + else +@@ -3841,20 +3885,20 @@ + # stupid headers have the functions but no declaration. grrrr. + + echo $ac_n "checking for errno declaration""... $ac_c" 1>&6 +-echo "configure:3845: checking for errno declaration" >&5 ++echo "configure:3889: checking for errno declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_errno_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)errno + ; return 0; } + EOF +-if { (eval echo configure:3858: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3902: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_errno_decl=yes + else +@@ -3876,20 +3920,20 @@ + + + echo $ac_n "checking for setresuid declaration""... $ac_c" 1>&6 +-echo "configure:3880: checking for setresuid declaration" >&5 ++echo "configure:3924: checking for setresuid declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_setresuid_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)setresuid + ; return 0; } + EOF +-if { (eval echo configure:3893: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3937: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_setresuid_decl=yes + else +@@ -3911,20 +3955,20 @@ + + + echo $ac_n "checking for setresgid declaration""... $ac_c" 1>&6 +-echo "configure:3915: checking for setresgid declaration" >&5 ++echo "configure:3959: checking for setresgid declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_setresgid_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)setresgid + ; return 0; } + EOF +-if { (eval echo configure:3928: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:3972: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_setresgid_decl=yes + else +@@ -3946,20 +3990,20 @@ + + + echo $ac_n "checking for asprintf declaration""... $ac_c" 1>&6 +-echo "configure:3950: checking for asprintf declaration" >&5 ++echo "configure:3994: checking for asprintf declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_asprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)asprintf + ; return 0; } + EOF +-if { (eval echo configure:3963: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:4007: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_asprintf_decl=yes + else +@@ -3981,20 +4025,20 @@ + + + echo $ac_n "checking for vasprintf declaration""... $ac_c" 1>&6 +-echo "configure:3985: checking for vasprintf declaration" >&5 ++echo "configure:4029: checking for vasprintf declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_vasprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)vasprintf + ; return 0; } + EOF +-if { (eval echo configure:3998: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:4042: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_vasprintf_decl=yes + else +@@ -4016,20 +4060,20 @@ + + + echo $ac_n "checking for vsnprintf declaration""... $ac_c" 1>&6 +-echo "configure:4020: checking for vsnprintf declaration" >&5 ++echo "configure:4064: checking for vsnprintf declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_vsnprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)vsnprintf + ; return 0; } + EOF +-if { (eval echo configure:4033: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:4077: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_vsnprintf_decl=yes + else +@@ -4051,20 +4095,20 @@ + + + echo $ac_n "checking for snprintf declaration""... $ac_c" 1>&6 +-echo "configure:4055: checking for snprintf declaration" >&5 ++echo "configure:4099: checking for snprintf declaration" >&5 + if eval "test \"`echo '$''{'ac_cv_have_snprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + int i = (int)snprintf + ; return 0; } + EOF +-if { (eval echo configure:4068: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:4112: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_snprintf_decl=yes + else +@@ -4088,7 +4132,7 @@ + # and glibc has setresuid under linux but the function does + # nothing until kernel 2.1.44! very dumb. + echo $ac_n "checking for real setresuid""... $ac_c" 1>&6 +-echo "configure:4092: checking for real setresuid" >&5 ++echo "configure:4136: checking for real setresuid" >&5 + if eval "test \"`echo '$''{'samba_cv_have_setresuid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -4097,12 +4141,12 @@ + samba_cv_have_setresuid=cross + else + cat > conftest.$ac_ext < + main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);} + EOF +-if { (eval echo configure:4106: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:4150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_have_setresuid=yes + else +@@ -4127,7 +4171,7 @@ + # Do the same check for setresguid... + # + echo $ac_n "checking for real setresgid""... $ac_c" 1>&6 +-echo "configure:4131: checking for real setresgid" >&5 ++echo "configure:4175: checking for real setresgid" >&5 + if eval "test \"`echo '$''{'samba_cv_have_setresgid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -4136,13 +4180,13 @@ + samba_cv_have_setresgid=cross + else + cat > conftest.$ac_ext < + #include + main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);} + EOF +-if { (eval echo configure:4146: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:4190: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_have_setresgid=yes + else +@@ -4165,7 +4209,7 @@ + fi + + echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 +-echo "configure:4169: checking for 8-bit clean memcmp" >&5 ++echo "configure:4213: checking for 8-bit clean memcmp" >&5 + if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -4173,7 +4217,7 @@ + ac_cv_func_memcmp_clean=no + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:4231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + ac_cv_func_memcmp_clean=yes + else +@@ -4207,7 +4251,7 @@ + + # test for where we get readline() from + echo $ac_n "checking whether to use readline""... $ac_c" 1>&6 +-echo "configure:4211: checking whether to use readline" >&5 ++echo "configure:4255: checking whether to use readline" >&5 + # Check whether --with-readline or --without-readline was given. + if test "${with_readline+set}" = set; then + withval="$with_readline" +@@ -4219,17 +4263,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:4223: checking for $ac_hdr" >&5 ++echo "configure:4267: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4233: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4277: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -4259,17 +4303,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:4263: checking for $ac_hdr" >&5 ++echo "configure:4307: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4273: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4317: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -4300,17 +4344,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:4304: checking for $ac_hdr" >&5 ++echo "configure:4348: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4314: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4358: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -4333,7 +4377,7 @@ + + for termlib in ncurses curses termcap terminfo termlib; do + echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6 +-echo "configure:4337: checking for tgetent in -l${termlib}" >&5 ++echo "configure:4381: checking for tgetent in -l${termlib}" >&5 + ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4341,7 +4385,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-l${termlib} $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4400: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4374,7 +4418,7 @@ + + done + echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6 +-echo "configure:4378: checking for rl_callback_handler_install in -lreadline" >&5 ++echo "configure:4422: checking for rl_callback_handler_install in -lreadline" >&5 + ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4382,7 +4426,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lreadline $TERMLIBS $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4441: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4444,17 +4488,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:4448: checking for $ac_hdr" >&5 ++echo "configure:4492: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4458: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4502: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -4484,17 +4528,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:4488: checking for $ac_hdr" >&5 ++echo "configure:4532: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4498: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4542: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -4525,17 +4569,17 @@ + do + ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` + echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +-echo "configure:4529: checking for $ac_hdr" >&5 ++echo "configure:4573: checking for $ac_hdr" >&5 + if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + EOF + ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +-{ (eval echo configure:4539: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } ++{ (eval echo configure:4583: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } + ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` + if test -z "$ac_err"; then + rm -rf conftest* +@@ -4558,7 +4602,7 @@ + + for termlib in ncurses curses termcap terminfo termlib; do + echo $ac_n "checking for tgetent in -l${termlib}""... $ac_c" 1>&6 +-echo "configure:4562: checking for tgetent in -l${termlib}" >&5 ++echo "configure:4606: checking for tgetent in -l${termlib}" >&5 + ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4566,7 +4610,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-l${termlib} $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4625: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4599,7 +4643,7 @@ + + done + echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6 +-echo "configure:4603: checking for rl_callback_handler_install in -lreadline" >&5 ++echo "configure:4647: checking for rl_callback_handler_install in -lreadline" >&5 + ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4607,7 +4651,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lreadline $TERMLIBS $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4666: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4673,12 +4717,12 @@ + for ac_func in connect + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4677: checking for $ac_func" >&5 ++echo "configure:4721: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4729,7 +4773,7 @@ + case "$LIBS" in + *-lnsl*) ;; + *) echo $ac_n "checking for printf in -lnsl_s""... $ac_c" 1>&6 +-echo "configure:4733: checking for printf in -lnsl_s" >&5 ++echo "configure:4777: checking for printf in -lnsl_s" >&5 + ac_lib_var=`echo nsl_s'_'printf | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4737,7 +4781,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lnsl_s $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4796: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4779,7 +4823,7 @@ + case "$LIBS" in + *-lnsl*) ;; + *) echo $ac_n "checking for printf in -lnsl""... $ac_c" 1>&6 +-echo "configure:4783: checking for printf in -lnsl" >&5 ++echo "configure:4827: checking for printf in -lnsl" >&5 + ac_lib_var=`echo nsl'_'printf | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4787,7 +4831,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lnsl $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4846: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4829,7 +4873,7 @@ + case "$LIBS" in + *-lsocket*) ;; + *) echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 +-echo "configure:4833: checking for connect in -lsocket" >&5 ++echo "configure:4877: checking for connect in -lsocket" >&5 + ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4837,7 +4881,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsocket $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4896: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4879,7 +4923,7 @@ + case "$LIBS" in + *-linet*) ;; + *) echo $ac_n "checking for connect in -linet""... $ac_c" 1>&6 +-echo "configure:4883: checking for connect in -linet" >&5 ++echo "configure:4927: checking for connect in -linet" >&5 + ac_lib_var=`echo inet'_'connect | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -4887,7 +4931,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-linet $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:4946: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -4942,12 +4986,12 @@ + for ac_func in yp_get_default_domain + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:4946: checking for $ac_func" >&5 ++echo "configure:4990: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5018: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -4996,7 +5040,7 @@ + + if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then + echo $ac_n "checking for yp_get_default_domain in -lnsl""... $ac_c" 1>&6 +-echo "configure:5000: checking for yp_get_default_domain in -lnsl" >&5 ++echo "configure:5044: checking for yp_get_default_domain in -lnsl" >&5 + ac_lib_var=`echo nsl'_'yp_get_default_domain | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -5004,7 +5048,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lnsl $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5063: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -5045,12 +5089,12 @@ + for ac_func in execl + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5049: checking for $ac_func" >&5 ++echo "configure:5093: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5106,12 +5150,12 @@ + for ac_func in waitpid getcwd strdup strtoul strerror chown fchown chmod fchmod chroot link + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5110: checking for $ac_func" >&5 ++echo "configure:5154: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5182: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5161,12 +5205,12 @@ + for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset setpgid mknod mknod64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5165: checking for $ac_func" >&5 ++echo "configure:5209: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5237: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5216,12 +5260,12 @@ + for ac_func in memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5220: checking for $ac_func" >&5 ++echo "configure:5264: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5292: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5271,12 +5315,12 @@ + for ac_func in strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5275: checking for $ac_func" >&5 ++echo "configure:5319: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5347: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5326,12 +5370,12 @@ + for ac_func in initgroups select poll rdchk getgrnam getgrent pathconf realpath + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5330: checking for $ac_func" >&5 ++echo "configure:5374: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5402: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5381,12 +5425,12 @@ + for ac_func in setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5385: checking for $ac_func" >&5 ++echo "configure:5429: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5436,12 +5480,12 @@ + for ac_func in lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5440: checking for $ac_func" >&5 ++echo "configure:5484: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5512: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5491,12 +5535,12 @@ + for ac_func in fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5495: checking for $ac_func" >&5 ++echo "configure:5539: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5567: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5546,12 +5590,12 @@ + for ac_func in srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5550: checking for $ac_func" >&5 ++echo "configure:5594: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5601,12 +5645,12 @@ + for ac_func in syslog vsyslog + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5605: checking for $ac_func" >&5 ++echo "configure:5649: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5677: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5658,12 +5702,12 @@ + for ac_func in syscall + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5662: checking for $ac_func" >&5 ++echo "configure:5706: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5734: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5714,12 +5758,12 @@ + for ac_func in _dup _dup2 _opendir _readdir _seekdir _telldir _closedir + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5718: checking for $ac_func" >&5 ++echo "configure:5762: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5790: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5769,12 +5813,12 @@ + for ac_func in __dup __dup2 __opendir __readdir __seekdir __telldir __closedir + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5773: checking for $ac_func" >&5 ++echo "configure:5817: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5845: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5824,12 +5868,12 @@ + for ac_func in __getcwd _getcwd + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5828: checking for $ac_func" >&5 ++echo "configure:5872: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5900: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5879,12 +5923,12 @@ + for ac_func in __xstat __fxstat __lxstat + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5883: checking for $ac_func" >&5 ++echo "configure:5927: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:5955: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5934,12 +5978,12 @@ + for ac_func in _stat _lstat _fstat __stat __lstat __fstat + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5938: checking for $ac_func" >&5 ++echo "configure:5982: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6010: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -5989,12 +6033,12 @@ + for ac_func in _acl __acl _facl __facl _open __open _chdir __chdir + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:5993: checking for $ac_func" >&5 ++echo "configure:6037: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6044,12 +6088,12 @@ + for ac_func in _close __close _fchdir __fchdir _fcntl __fcntl + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6048: checking for $ac_func" >&5 ++echo "configure:6092: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6120: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6099,12 +6143,12 @@ + for ac_func in getdents _getdents __getdents _lseek __lseek _read __read + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6103: checking for $ac_func" >&5 ++echo "configure:6147: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6175: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6154,12 +6198,12 @@ + for ac_func in _write __write _fork __fork + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6158: checking for $ac_func" >&5 ++echo "configure:6202: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6230: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6209,12 +6253,12 @@ + for ac_func in _stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6213: checking for $ac_func" >&5 ++echo "configure:6257: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6285: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6264,12 +6308,12 @@ + for ac_func in __sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6268: checking for $ac_func" >&5 ++echo "configure:6312: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6319,12 +6363,12 @@ + for ac_func in pread _pread __pread pread64 _pread64 __pread64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6323: checking for $ac_func" >&5 ++echo "configure:6367: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6395: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6374,12 +6418,12 @@ + for ac_func in pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6378: checking for $ac_func" >&5 ++echo "configure:6422: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6450: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6429,12 +6473,12 @@ + for ac_func in open64 _open64 __open64 creat64 + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6433: checking for $ac_func" >&5 ++echo "configure:6477: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6505: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6488,9 +6532,9 @@ + + if test x$ac_cv_func_stat64 = xno ; then + echo $ac_n "checking for stat64 in ""... $ac_c" 1>&6 +-echo "configure:6492: checking for stat64 in " >&5 ++echo "configure:6536: checking for stat64 in " >&5 + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6550: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_func_stat64=yes + else +@@ -6521,9 +6565,9 @@ + + if test x$ac_cv_func_lstat64 = xno ; then + echo $ac_n "checking for lstat64 in ""... $ac_c" 1>&6 +-echo "configure:6525: checking for lstat64 in " >&5 ++echo "configure:6569: checking for lstat64 in " >&5 + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6583: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_func_lstat64=yes + else +@@ -6554,9 +6598,9 @@ + + if test x$ac_cv_func_fstat64 = xno ; then + echo $ac_n "checking for fstat64 in ""... $ac_c" 1>&6 +-echo "configure:6558: checking for fstat64 in " >&5 ++echo "configure:6602: checking for fstat64 in " >&5 + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6616: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_func_fstat64=yes + else +@@ -6593,7 +6637,7 @@ + + if test x$ac_cv_func_strcasecmp = xno ; then + echo $ac_n "checking for strcasecmp in -lresolv""... $ac_c" 1>&6 +-echo "configure:6597: checking for strcasecmp in -lresolv" >&5 ++echo "configure:6641: checking for strcasecmp in -lresolv" >&5 + ac_lib_var=`echo resolv'_'strcasecmp | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -6601,7 +6645,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lresolv $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6660: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -6648,12 +6692,12 @@ + *-lsecurity*) for ac_func in putprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6652: checking for $ac_func" >&5 ++echo "configure:6696: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6724: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6701,7 +6745,7 @@ + done + ;; + *) echo $ac_n "checking for putprpwnam in -lsecurity""... $ac_c" 1>&6 +-echo "configure:6705: checking for putprpwnam in -lsecurity" >&5 ++echo "configure:6749: checking for putprpwnam in -lsecurity" >&5 + ac_lib_var=`echo security'_'putprpwnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -6709,7 +6753,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsecurity $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6768: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -6750,12 +6794,12 @@ + for ac_func in putprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6754: checking for $ac_func" >&5 ++echo "configure:6798: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6826: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6809,12 +6853,12 @@ + *-lsec*) for ac_func in putprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6813: checking for $ac_func" >&5 ++echo "configure:6857: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6885: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6862,7 +6906,7 @@ + done + ;; + *) echo $ac_n "checking for putprpwnam in -lsec""... $ac_c" 1>&6 +-echo "configure:6866: checking for putprpwnam in -lsec" >&5 ++echo "configure:6910: checking for putprpwnam in -lsec" >&5 + ac_lib_var=`echo sec'_'putprpwnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -6870,7 +6914,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsec $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6929: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -6911,12 +6955,12 @@ + for ac_func in putprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6915: checking for $ac_func" >&5 ++echo "configure:6959: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:6987: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -6971,12 +7015,12 @@ + *-lsecurity*) for ac_func in set_auth_parameters + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:6975: checking for $ac_func" >&5 ++echo "configure:7019: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7047: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7024,7 +7068,7 @@ + done + ;; + *) echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 +-echo "configure:7028: checking for set_auth_parameters in -lsecurity" >&5 ++echo "configure:7072: checking for set_auth_parameters in -lsecurity" >&5 + ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -7032,7 +7076,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsecurity $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7091: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -7073,12 +7117,12 @@ + for ac_func in set_auth_parameters + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7077: checking for $ac_func" >&5 ++echo "configure:7121: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7149: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7132,12 +7176,12 @@ + *-lsec*) for ac_func in set_auth_parameters + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7136: checking for $ac_func" >&5 ++echo "configure:7180: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7208: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7185,7 +7229,7 @@ + done + ;; + *) echo $ac_n "checking for set_auth_parameters in -lsec""... $ac_c" 1>&6 +-echo "configure:7189: checking for set_auth_parameters in -lsec" >&5 ++echo "configure:7233: checking for set_auth_parameters in -lsec" >&5 + ac_lib_var=`echo sec'_'set_auth_parameters | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -7193,7 +7237,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsec $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7252: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -7234,12 +7278,12 @@ + for ac_func in set_auth_parameters + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7238: checking for $ac_func" >&5 ++echo "configure:7282: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7310: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7295,12 +7339,12 @@ + *-lgen*) for ac_func in getspnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7299: checking for $ac_func" >&5 ++echo "configure:7343: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7371: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7348,7 +7392,7 @@ + done + ;; + *) echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 +-echo "configure:7352: checking for getspnam in -lgen" >&5 ++echo "configure:7396: checking for getspnam in -lgen" >&5 + ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -7356,7 +7400,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lgen $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7415: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -7397,12 +7441,12 @@ + for ac_func in getspnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7401: checking for $ac_func" >&5 ++echo "configure:7445: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7473: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7457,12 +7501,12 @@ + *-lsecurity*) for ac_func in getspnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7461: checking for $ac_func" >&5 ++echo "configure:7505: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7533: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7510,7 +7554,7 @@ + done + ;; + *) echo $ac_n "checking for getspnam in -lsecurity""... $ac_c" 1>&6 +-echo "configure:7514: checking for getspnam in -lsecurity" >&5 ++echo "configure:7558: checking for getspnam in -lsecurity" >&5 + ac_lib_var=`echo security'_'getspnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -7518,7 +7562,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsecurity $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7577: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -7559,12 +7603,12 @@ + for ac_func in getspnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7563: checking for $ac_func" >&5 ++echo "configure:7607: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7635: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7618,12 +7662,12 @@ + *-lsec*) for ac_func in getspnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7622: checking for $ac_func" >&5 ++echo "configure:7666: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7694: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7671,7 +7715,7 @@ + done + ;; + *) echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 +-echo "configure:7675: checking for getspnam in -lsec" >&5 ++echo "configure:7719: checking for getspnam in -lsec" >&5 + ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -7679,7 +7723,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsec $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7738: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -7720,12 +7764,12 @@ + for ac_func in getspnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7724: checking for $ac_func" >&5 ++echo "configure:7768: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7796: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7780,12 +7824,12 @@ + *-lsecurity*) for ac_func in bigcrypt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7784: checking for $ac_func" >&5 ++echo "configure:7828: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7856: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7833,7 +7877,7 @@ + done + ;; + *) echo $ac_n "checking for bigcrypt in -lsecurity""... $ac_c" 1>&6 +-echo "configure:7837: checking for bigcrypt in -lsecurity" >&5 ++echo "configure:7881: checking for bigcrypt in -lsecurity" >&5 + ac_lib_var=`echo security'_'bigcrypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -7841,7 +7885,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsecurity $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7900: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -7882,12 +7926,12 @@ + for ac_func in bigcrypt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7886: checking for $ac_func" >&5 ++echo "configure:7930: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:7958: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7941,12 +7985,12 @@ + *-lsec*) for ac_func in bigcrypt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:7945: checking for $ac_func" >&5 ++echo "configure:7989: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8017: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -7994,7 +8038,7 @@ + done + ;; + *) echo $ac_n "checking for bigcrypt in -lsec""... $ac_c" 1>&6 +-echo "configure:7998: checking for bigcrypt in -lsec" >&5 ++echo "configure:8042: checking for bigcrypt in -lsec" >&5 + ac_lib_var=`echo sec'_'bigcrypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -8002,7 +8046,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsec $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8061: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -8043,12 +8087,12 @@ + for ac_func in bigcrypt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:8047: checking for $ac_func" >&5 ++echo "configure:8091: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8119: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -8103,12 +8147,12 @@ + *-lsecurity*) for ac_func in getprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:8107: checking for $ac_func" >&5 ++echo "configure:8151: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8179: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -8156,7 +8200,7 @@ + done + ;; + *) echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 +-echo "configure:8160: checking for getprpwnam in -lsecurity" >&5 ++echo "configure:8204: checking for getprpwnam in -lsecurity" >&5 + ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -8164,7 +8208,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsecurity $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8223: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -8205,12 +8249,12 @@ + for ac_func in getprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:8209: checking for $ac_func" >&5 ++echo "configure:8253: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8281: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -8264,12 +8308,12 @@ + *-lsec*) for ac_func in getprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:8268: checking for $ac_func" >&5 ++echo "configure:8312: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8340: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -8317,7 +8361,7 @@ + done + ;; + *) echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 +-echo "configure:8321: checking for getprpwnam in -lsec" >&5 ++echo "configure:8365: checking for getprpwnam in -lsec" >&5 + ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -8325,7 +8369,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lsec $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8384: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -8366,12 +8410,12 @@ + for ac_func in getprpwnam + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:8370: checking for $ac_func" >&5 ++echo "configure:8414: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:8442: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -8437,7 +8481,7 @@ + # Assume non-shared by default and override below + BLDSHARED="false" + echo $ac_n "checking ability to build shared libraries""... $ac_c" 1>&6 +-echo "configure:8441: checking ability to build shared libraries" >&5 ++echo "configure:8485: checking ability to build shared libraries" >&5 + + # and these are for particular systems + case "$host_os" in +@@ -8572,7 +8616,7 @@ + *dgux*) # Extract the first word of "groff", so it can be a program name with args. + set dummy groff; ac_word=$2 + echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +-echo "configure:8576: checking for $ac_word" >&5 ++echo "configure:8620: checking for $ac_word" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_ROFF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8626,15 +8670,15 @@ + esac + echo "$ac_t""$BLDSHARED" 1>&6 + echo $ac_n "checking linker flags for shared libraries""... $ac_c" 1>&6 +-echo "configure:8630: checking linker flags for shared libraries" >&5 ++echo "configure:8674: checking linker flags for shared libraries" >&5 + echo "$ac_t""$LDSHFLAGS" 1>&6 + echo $ac_n "checking compiler flags for position-independent code""... $ac_c" 1>&6 +-echo "configure:8633: checking compiler flags for position-independent code" >&5 ++echo "configure:8677: checking compiler flags for position-independent code" >&5 + echo "$ac_t""$PICFLAGS" 1>&6 + + # try to work out how to produce pic code with this compiler + echo $ac_n "checking whether ${CC-cc} accepts -fpic""... $ac_c" 1>&6 +-echo "configure:8638: checking whether ${CC-cc} accepts -fpic" >&5 ++echo "configure:8682: checking whether ${CC-cc} accepts -fpic" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_fpic'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8654,7 +8698,7 @@ + fi + if test x$PICFLAG = x; then + echo $ac_n "checking whether ${CC-cc} accepts -KPIC""... $ac_c" 1>&6 +-echo "configure:8658: checking whether ${CC-cc} accepts -KPIC" >&5 ++echo "configure:8702: checking whether ${CC-cc} accepts -KPIC" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_KPIC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8675,7 +8719,7 @@ + fi + if test x$PICFLAG = x; then + echo $ac_n "checking whether ${CC-cc} accepts -Kpic""... $ac_c" 1>&6 +-echo "configure:8679: checking whether ${CC-cc} accepts -Kpic" >&5 ++echo "configure:8723: checking whether ${CC-cc} accepts -Kpic" >&5 + if eval "test \"`echo '$''{'ac_cv_prog_cc_Kpic'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8698,7 +8742,7 @@ + ################ + + echo $ac_n "checking for long long""... $ac_c" 1>&6 +-echo "configure:8702: checking for long long" >&5 ++echo "configure:8746: checking for long long" >&5 + if eval "test \"`echo '$''{'samba_cv_have_longlong'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8707,12 +8751,12 @@ + samba_cv_have_longlong=cross + else + cat > conftest.$ac_ext < + main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); } + EOF +-if { (eval echo configure:8716: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:8760: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_have_longlong=yes + else +@@ -8739,20 +8783,20 @@ + # AIX needs this. + + echo $ac_n "checking for LL suffix on long long integers""... $ac_c" 1>&6 +-echo "configure:8743: checking for LL suffix on long long integers" >&5 ++echo "configure:8787: checking for LL suffix on long long integers" >&5 + if eval "test \"`echo '$''{'samba_cv_compiler_supports_ll'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + long long i = 0x8000000000LL + ; return 0; } + EOF +-if { (eval echo configure:8756: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:8800: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_compiler_supports_ll=yes + else +@@ -8774,7 +8818,7 @@ + + + echo $ac_n "checking for 64 bit off_t""... $ac_c" 1>&6 +-echo "configure:8778: checking for 64 bit off_t" >&5 ++echo "configure:8822: checking for 64 bit off_t" >&5 + if eval "test \"`echo '$''{'samba_cv_SIZEOF_OFF_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8783,13 +8827,13 @@ + samba_cv_SIZEOF_OFF_T=cross + else + cat > conftest.$ac_ext < + #include + main() { exit((sizeof(off_t) == 8) ? 0 : 1); } + EOF +-if { (eval echo configure:8793: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:8837: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_SIZEOF_OFF_T=yes + else +@@ -8812,7 +8856,7 @@ + fi + + echo $ac_n "checking for off64_t""... $ac_c" 1>&6 +-echo "configure:8816: checking for off64_t" >&5 ++echo "configure:8860: checking for off64_t" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_OFF64_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8821,7 +8865,7 @@ + samba_cv_HAVE_OFF64_T=cross + else + cat > conftest.$ac_ext < + main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } + EOF +-if { (eval echo configure:8835: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:8879: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_OFF64_T=yes + else +@@ -8854,7 +8898,7 @@ + fi + + echo $ac_n "checking for 64 bit ino_t""... $ac_c" 1>&6 +-echo "configure:8858: checking for 64 bit ino_t" >&5 ++echo "configure:8902: checking for 64 bit ino_t" >&5 + if eval "test \"`echo '$''{'samba_cv_SIZEOF_INO_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8863,13 +8907,13 @@ + samba_cv_SIZEOF_INO_T=cross + else + cat > conftest.$ac_ext < + #include + main() { exit((sizeof(ino_t) == 8) ? 0 : 1); } + EOF +-if { (eval echo configure:8873: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:8917: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_SIZEOF_INO_T=yes + else +@@ -8892,7 +8936,7 @@ + fi + + echo $ac_n "checking for ino64_t""... $ac_c" 1>&6 +-echo "configure:8896: checking for ino64_t" >&5 ++echo "configure:8940: checking for ino64_t" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_INO64_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8901,7 +8945,7 @@ + samba_cv_HAVE_INO64_T=cross + else + cat > conftest.$ac_ext < + main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } + EOF +-if { (eval echo configure:8915: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:8959: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_INO64_T=yes + else +@@ -8934,7 +8978,7 @@ + fi + + echo $ac_n "checking for dev64_t""... $ac_c" 1>&6 +-echo "configure:8938: checking for dev64_t" >&5 ++echo "configure:8982: checking for dev64_t" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_DEV64_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -8943,7 +8987,7 @@ + samba_cv_HAVE_DEV64_T=cross + else + cat > conftest.$ac_ext < + main() { struct stat64 st; dev64_t s; if (sizeof(dev_t) == sizeof(dev64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } + EOF +-if { (eval echo configure:8957: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9001: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_DEV64_T=yes + else +@@ -8976,13 +9020,13 @@ + fi + + echo $ac_n "checking for struct dirent64""... $ac_c" 1>&6 +-echo "configure:8980: checking for struct dirent64" >&5 ++echo "configure:9024: checking for struct dirent64" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_DIRENT64'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9042: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_STRUCT_DIRENT64=yes + else +@@ -9015,7 +9059,7 @@ + fi + + echo $ac_n "checking for major macro""... $ac_c" 1>&6 +-echo "configure:9019: checking for major macro" >&5 ++echo "configure:9063: checking for major macro" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MAJOR_FN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9024,7 +9068,7 @@ + samba_cv_HAVE_DEVICE_MAJOR_FN=cross + else + cat > conftest.$ac_ext < + main() { dev_t dev; int i = major(dev); return 0; } + EOF +-if { (eval echo configure:9037: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9081: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_DEVICE_MAJOR_FN=yes + else +@@ -9056,7 +9100,7 @@ + fi + + echo $ac_n "checking for minor macro""... $ac_c" 1>&6 +-echo "configure:9060: checking for minor macro" >&5 ++echo "configure:9104: checking for minor macro" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MINOR_FN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9065,7 +9109,7 @@ + samba_cv_HAVE_DEVICE_MINOR_FN=cross + else + cat > conftest.$ac_ext < + main() { dev_t dev; int i = minor(dev); return 0; } + EOF +-if { (eval echo configure:9078: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9122: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_DEVICE_MINOR_FN=yes + else +@@ -9097,7 +9141,7 @@ + fi + + echo $ac_n "checking for makedev macro""... $ac_c" 1>&6 +-echo "configure:9101: checking for makedev macro" >&5 ++echo "configure:9145: checking for makedev macro" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_MAKEDEV_FN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9106,7 +9150,7 @@ + samba_cv_HAVE_MAKEDEV_FN=cross + else + cat > conftest.$ac_ext < + main() { dev_t dev = makedev(1,2); return 0; } + EOF +-if { (eval echo configure:9119: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9163: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_MAKEDEV_FN=yes + else +@@ -9138,7 +9182,7 @@ + fi + + echo $ac_n "checking for unsigned char""... $ac_c" 1>&6 +-echo "configure:9142: checking for unsigned char" >&5 ++echo "configure:9186: checking for unsigned char" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UNSIGNED_CHAR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9147,12 +9191,12 @@ + samba_cv_HAVE_UNSIGNED_CHAR=cross + else + cat > conftest.$ac_ext < + main() { char c; c=250; exit((c > 0)?0:1); } + EOF +-if { (eval echo configure:9156: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9200: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_UNSIGNED_CHAR=yes + else +@@ -9175,13 +9219,13 @@ + fi + + echo $ac_n "checking for sin_len in sock""... $ac_c" 1>&6 +-echo "configure:9179: checking for sin_len in sock" >&5 ++echo "configure:9223: checking for sin_len in sock" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_SOCK_SIN_LEN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9190,7 +9234,7 @@ + struct sockaddr_in sock; sock.sin_len = sizeof(sock); + ; return 0; } + EOF +-if { (eval echo configure:9194: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9238: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_SOCK_SIN_LEN=yes + else +@@ -9211,13 +9255,13 @@ + fi + + echo $ac_n "checking whether seekdir returns void""... $ac_c" 1>&6 +-echo "configure:9215: checking whether seekdir returns void" >&5 ++echo "configure:9259: checking whether seekdir returns void" >&5 + if eval "test \"`echo '$''{'samba_cv_SEEKDIR_RETURNS_VOID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9226,7 +9270,7 @@ + return 0; + ; return 0; } + EOF +-if { (eval echo configure:9230: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9274: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_SEEKDIR_RETURNS_VOID=yes + else +@@ -9247,20 +9291,20 @@ + fi + + echo $ac_n "checking for __FILE__ macro""... $ac_c" 1>&6 +-echo "configure:9251: checking for __FILE__ macro" >&5 ++echo "configure:9295: checking for __FILE__ macro" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_FILE_MACRO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + printf("%s\n", __FILE__); + ; return 0; } + EOF +-if { (eval echo configure:9264: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9308: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_FILE_MACRO=yes + else +@@ -9281,20 +9325,20 @@ + fi + + echo $ac_n "checking for __FUNCTION__ macro""... $ac_c" 1>&6 +-echo "configure:9285: checking for __FUNCTION__ macro" >&5 ++echo "configure:9329: checking for __FUNCTION__ macro" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_FUNCTION_MACRO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + int main() { + printf("%s\n", __FUNCTION__); + ; return 0; } + EOF +-if { (eval echo configure:9298: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9342: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_FUNCTION_MACRO=yes + else +@@ -9315,7 +9359,7 @@ + fi + + echo $ac_n "checking if gettimeofday takes tz argument""... $ac_c" 1>&6 +-echo "configure:9319: checking if gettimeofday takes tz argument" >&5 ++echo "configure:9363: checking if gettimeofday takes tz argument" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_GETTIMEOFDAY_TZ'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9324,14 +9368,14 @@ + samba_cv_HAVE_GETTIMEOFDAY_TZ=cross + else + cat > conftest.$ac_ext < + #include + main() { struct timeval tv; exit(gettimeofday(&tv, NULL));} + EOF +-if { (eval echo configure:9335: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9379: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_GETTIMEOFDAY_TZ=yes + else +@@ -9354,7 +9398,7 @@ + fi + + echo $ac_n "checking for C99 vsnprintf""... $ac_c" 1>&6 +-echo "configure:9358: checking for C99 vsnprintf" >&5 ++echo "configure:9402: checking for C99 vsnprintf" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_C99_VSNPRINTF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9363,7 +9407,7 @@ + samba_cv_HAVE_C99_VSNPRINTF=cross + else + cat > conftest.$ac_ext < +@@ -9385,7 +9429,7 @@ + main() { foo("hello"); } + + EOF +-if { (eval echo configure:9389: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9433: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_C99_VSNPRINTF=yes + else +@@ -9408,7 +9452,7 @@ + fi + + echo $ac_n "checking for broken readdir""... $ac_c" 1>&6 +-echo "configure:9412: checking for broken readdir" >&5 ++echo "configure:9456: checking for broken readdir" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_READDIR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9417,7 +9461,7 @@ + samba_cv_HAVE_BROKEN_READDIR=cross + else + cat > conftest.$ac_ext < + #include +@@ -9425,7 +9469,7 @@ + if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 && + di->d_name[0] == 0) exit(0); exit(1);} + EOF +-if { (eval echo configure:9429: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:9473: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_BROKEN_READDIR=yes + else +@@ -9448,13 +9492,13 @@ + fi + + echo $ac_n "checking for utimbuf""... $ac_c" 1>&6 +-echo "configure:9452: checking for utimbuf" >&5 ++echo "configure:9496: checking for utimbuf" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UTIMBUF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9462,7 +9506,7 @@ + struct utimbuf tbuf; tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf)); + ; return 0; } + EOF +-if { (eval echo configure:9466: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9510: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UTIMBUF=yes + else +@@ -9486,12 +9530,12 @@ + for ac_func in pututline pututxline updwtmp updwtmpx getutmpx + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:9490: checking for $ac_func" >&5 ++echo "configure:9534: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:9562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -9540,13 +9584,13 @@ + + + echo $ac_n "checking for ut_name in utmp""... $ac_c" 1>&6 +-echo "configure:9544: checking for ut_name in utmp" >&5 ++echo "configure:9588: checking for ut_name in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_NAME'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9554,7 +9598,7 @@ + struct utmp ut; ut.ut_name[0] = 'a'; + ; return 0; } + EOF +-if { (eval echo configure:9558: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9602: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_NAME=yes + else +@@ -9575,13 +9619,13 @@ + fi + + echo $ac_n "checking for ut_user in utmp""... $ac_c" 1>&6 +-echo "configure:9579: checking for ut_user in utmp" >&5 ++echo "configure:9623: checking for ut_user in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_USER'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9589,7 +9633,7 @@ + struct utmp ut; ut.ut_user[0] = 'a'; + ; return 0; } + EOF +-if { (eval echo configure:9593: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9637: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_USER=yes + else +@@ -9610,13 +9654,13 @@ + fi + + echo $ac_n "checking for ut_id in utmp""... $ac_c" 1>&6 +-echo "configure:9614: checking for ut_id in utmp" >&5 ++echo "configure:9658: checking for ut_id in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9624,7 +9668,7 @@ + struct utmp ut; ut.ut_id[0] = 'a'; + ; return 0; } + EOF +-if { (eval echo configure:9628: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9672: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_ID=yes + else +@@ -9645,13 +9689,13 @@ + fi + + echo $ac_n "checking for ut_host in utmp""... $ac_c" 1>&6 +-echo "configure:9649: checking for ut_host in utmp" >&5 ++echo "configure:9693: checking for ut_host in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_HOST'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9659,7 +9703,7 @@ + struct utmp ut; ut.ut_host[0] = 'a'; + ; return 0; } + EOF +-if { (eval echo configure:9663: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9707: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_HOST=yes + else +@@ -9680,13 +9724,13 @@ + fi + + echo $ac_n "checking for ut_time in utmp""... $ac_c" 1>&6 +-echo "configure:9684: checking for ut_time in utmp" >&5 ++echo "configure:9728: checking for ut_time in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TIME'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9694,7 +9738,7 @@ + struct utmp ut; time_t t; ut.ut_time = t; + ; return 0; } + EOF +-if { (eval echo configure:9698: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9742: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_TIME=yes + else +@@ -9715,13 +9759,13 @@ + fi + + echo $ac_n "checking for ut_tv in utmp""... $ac_c" 1>&6 +-echo "configure:9719: checking for ut_tv in utmp" >&5 ++echo "configure:9763: checking for ut_tv in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TV'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9729,7 +9773,7 @@ + struct utmp ut; struct timeval tv; ut.ut_tv = tv; + ; return 0; } + EOF +-if { (eval echo configure:9733: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9777: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_TV=yes + else +@@ -9750,13 +9794,13 @@ + fi + + echo $ac_n "checking for ut_type in utmp""... $ac_c" 1>&6 +-echo "configure:9754: checking for ut_type in utmp" >&5 ++echo "configure:9798: checking for ut_type in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TYPE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9764,7 +9808,7 @@ + struct utmp ut; ut.ut_type = 0; + ; return 0; } + EOF +-if { (eval echo configure:9768: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9812: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_TYPE=yes + else +@@ -9785,13 +9829,13 @@ + fi + + echo $ac_n "checking for ut_pid in utmp""... $ac_c" 1>&6 +-echo "configure:9789: checking for ut_pid in utmp" >&5 ++echo "configure:9833: checking for ut_pid in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_PID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9799,7 +9843,7 @@ + struct utmp ut; ut.ut_pid = 0; + ; return 0; } + EOF +-if { (eval echo configure:9803: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9847: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_PID=yes + else +@@ -9820,13 +9864,13 @@ + fi + + echo $ac_n "checking for ut_exit in utmp""... $ac_c" 1>&6 +-echo "configure:9824: checking for ut_exit in utmp" >&5 ++echo "configure:9868: checking for ut_exit in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_EXIT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9834,7 +9878,7 @@ + struct utmp ut; ut.ut_exit.e_exit = 0; + ; return 0; } + EOF +-if { (eval echo configure:9838: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9882: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_EXIT=yes + else +@@ -9855,13 +9899,13 @@ + fi + + echo $ac_n "checking for ut_addr in utmp""... $ac_c" 1>&6 +-echo "configure:9859: checking for ut_addr in utmp" >&5 ++echo "configure:9903: checking for ut_addr in utmp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ADDR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9869,7 +9913,7 @@ + struct utmp ut; ut.ut_addr = 0; + ; return 0; } + EOF +-if { (eval echo configure:9873: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9917: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_ADDR=yes + else +@@ -9891,13 +9935,13 @@ + + if test x$ac_cv_func_pututline = xyes ; then + echo $ac_n "checking whether pututline returns pointer""... $ac_c" 1>&6 +-echo "configure:9895: checking whether pututline returns pointer" >&5 ++echo "configure:9939: checking whether pututline returns pointer" >&5 + if eval "test \"`echo '$''{'samba_cv_PUTUTLINE_RETURNS_UTMP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9905,7 +9949,7 @@ + struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg); + ; return 0; } + EOF +-if { (eval echo configure:9909: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9953: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_PUTUTLINE_RETURNS_UTMP=yes + else +@@ -9927,13 +9971,13 @@ + fi + + echo $ac_n "checking for ut_syslen in utmpx""... $ac_c" 1>&6 +-echo "configure:9931: checking for ut_syslen in utmpx" >&5 ++echo "configure:9975: checking for ut_syslen in utmpx" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UX_UT_SYSLEN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -9941,7 +9985,7 @@ + struct utmpx ux; ux.ut_syslen = 0; + ; return 0; } + EOF +-if { (eval echo configure:9945: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:9989: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UX_UT_SYSLEN=yes + else +@@ -9962,7 +10006,7 @@ + fi + + echo $ac_n "checking for Linux kernel oplocks""... $ac_c" 1>&6 +-echo "configure:9966: checking for Linux kernel oplocks" >&5 ++echo "configure:10010: checking for Linux kernel oplocks" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_LINUX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -9971,7 +10015,7 @@ + samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross + else + cat > conftest.$ac_ext < +@@ -9985,7 +10029,7 @@ + } + + EOF +-if { (eval echo configure:9989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10033: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes + else +@@ -10008,7 +10052,7 @@ + fi + + echo $ac_n "checking for kernel change notify support""... $ac_c" 1>&6 +-echo "configure:10012: checking for kernel change notify support" >&5 ++echo "configure:10056: checking for kernel change notify support" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_CHANGE_NOTIFY'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10017,7 +10061,7 @@ + samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross + else + cat > conftest.$ac_ext < +@@ -10031,7 +10075,7 @@ + } + + EOF +-if { (eval echo configure:10035: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10079: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes + else +@@ -10054,7 +10098,7 @@ + fi + + echo $ac_n "checking for kernel share modes""... $ac_c" 1>&6 +-echo "configure:10058: checking for kernel share modes" >&5 ++echo "configure:10102: checking for kernel share modes" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_SHARE_MODES'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10063,7 +10107,7 @@ + samba_cv_HAVE_KERNEL_SHARE_MODES=cross + else + cat > conftest.$ac_ext < +@@ -10079,7 +10123,7 @@ + } + + EOF +-if { (eval echo configure:10083: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10127: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_KERNEL_SHARE_MODES=yes + else +@@ -10105,13 +10149,13 @@ + + + echo $ac_n "checking for IRIX kernel oplock type definitions""... $ac_c" 1>&6 +-echo "configure:10109: checking for IRIX kernel oplock type definitions" >&5 ++echo "configure:10153: checking for IRIX kernel oplock type definitions" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_IRIX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -10119,7 +10163,7 @@ + oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1; + ; return 0; } + EOF +-if { (eval echo configure:10123: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10167: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes + else +@@ -10140,7 +10184,7 @@ + fi + + echo $ac_n "checking for irix specific capabilities""... $ac_c" 1>&6 +-echo "configure:10144: checking for irix specific capabilities" >&5 ++echo "configure:10188: checking for irix specific capabilities" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10149,7 +10193,7 @@ + samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross + else + cat > conftest.$ac_ext < + #include +@@ -10164,7 +10208,7 @@ + } + + EOF +-if { (eval echo configure:10168: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10212: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes + else +@@ -10192,13 +10236,13 @@ + # + + echo $ac_n "checking for int16 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +-echo "configure:10196: checking for int16 typedef included by rpc/rpc.h" >&5 ++echo "configure:10240: checking for int16 typedef included by rpc/rpc.h" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_INT16_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #if defined(HAVE_RPC_RPC_H) +@@ -10208,7 +10252,7 @@ + int16 testvar; + ; return 0; } + EOF +-if { (eval echo configure:10212: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10256: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes + else +@@ -10229,13 +10273,13 @@ + fi + + echo $ac_n "checking for uint16 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +-echo "configure:10233: checking for uint16 typedef included by rpc/rpc.h" >&5 ++echo "configure:10277: checking for uint16 typedef included by rpc/rpc.h" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UINT16_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #if defined(HAVE_RPC_RPC_H) +@@ -10245,7 +10289,7 @@ + uint16 testvar; + ; return 0; } + EOF +-if { (eval echo configure:10249: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10293: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes + else +@@ -10266,13 +10310,13 @@ + fi + + echo $ac_n "checking for int32 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +-echo "configure:10270: checking for int32 typedef included by rpc/rpc.h" >&5 ++echo "configure:10314: checking for int32 typedef included by rpc/rpc.h" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_INT32_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #if defined(HAVE_RPC_RPC_H) +@@ -10282,7 +10326,7 @@ + int32 testvar; + ; return 0; } + EOF +-if { (eval echo configure:10286: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10330: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes + else +@@ -10303,13 +10347,13 @@ + fi + + echo $ac_n "checking for uint32 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +-echo "configure:10307: checking for uint32 typedef included by rpc/rpc.h" >&5 ++echo "configure:10351: checking for uint32 typedef included by rpc/rpc.h" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_UINT32_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #if defined(HAVE_RPC_RPC_H) +@@ -10319,7 +10363,7 @@ + uint32 testvar; + ; return 0; } + EOF +-if { (eval echo configure:10323: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10367: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes + else +@@ -10341,13 +10385,13 @@ + + + echo $ac_n "checking for conflicting AUTH_ERROR define in rpc/rpc.h""... $ac_c" 1>&6 +-echo "configure:10345: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5 ++echo "configure:10389: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #ifdef HAVE_SYS_SECURITY_H +@@ -10361,7 +10405,7 @@ + int testvar; + ; return 0; } + EOF +-if { (eval echo configure:10365: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10409: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no + else +@@ -10382,16 +10426,16 @@ + fi + + echo $ac_n "checking for test routines""... $ac_c" 1>&6 +-echo "configure:10386: checking for test routines" >&5 ++echo "configure:10430: checking for test routines" >&5 + if test "$cross_compiling" = yes; then + echo "configure: warning: cannot run when cross-compiling" 1>&2 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10439: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + echo "$ac_t""yes" 1>&6 + else +@@ -10405,7 +10449,7 @@ + + + echo $ac_n "checking for ftruncate extend""... $ac_c" 1>&6 +-echo "configure:10409: checking for ftruncate extend" >&5 ++echo "configure:10453: checking for ftruncate extend" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_FTRUNCATE_EXTEND'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10414,11 +10458,11 @@ + samba_cv_HAVE_FTRUNCATE_EXTEND=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10466: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_FTRUNCATE_EXTEND=yes + else +@@ -10441,7 +10485,7 @@ + fi + + echo $ac_n "checking for broken getgroups""... $ac_c" 1>&6 +-echo "configure:10445: checking for broken getgroups" >&5 ++echo "configure:10489: checking for broken getgroups" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_GETGROUPS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10450,11 +10494,11 @@ + samba_cv_HAVE_BROKEN_GETGROUPS=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10502: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_BROKEN_GETGROUPS=yes + else +@@ -10477,7 +10521,7 @@ + fi + + echo $ac_n "checking whether getpass should be replaced""... $ac_c" 1>&6 +-echo "configure:10481: checking whether getpass should be replaced" >&5 ++echo "configure:10525: checking whether getpass should be replaced" >&5 + if eval "test \"`echo '$''{'samba_cv_REPLACE_GETPASS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10485,7 +10529,7 @@ + SAVE_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper" + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:10546: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_REPLACE_GETPASS=yes + else +@@ -10521,7 +10565,7 @@ + fi + + echo $ac_n "checking for broken inet_ntoa""... $ac_c" 1>&6 +-echo "configure:10525: checking for broken inet_ntoa" >&5 ++echo "configure:10569: checking for broken inet_ntoa" >&5 + if eval "test \"`echo '$''{'samba_cv_REPLACE_INET_NTOA'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10530,7 +10574,7 @@ + samba_cv_REPLACE_INET_NTOA=cross + else + cat > conftest.$ac_ext < +@@ -10544,7 +10588,7 @@ + strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } + exit(1);} + EOF +-if { (eval echo configure:10548: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10592: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_REPLACE_INET_NTOA=yes + else +@@ -10567,7 +10611,7 @@ + fi + + echo $ac_n "checking for secure mkstemp""... $ac_c" 1>&6 +-echo "configure:10571: checking for secure mkstemp" >&5 ++echo "configure:10615: checking for secure mkstemp" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_SECURE_MKSTEMP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10576,7 +10620,7 @@ + samba_cv_HAVE_SECURE_MKSTEMP=cross + else + cat > conftest.$ac_ext < + #include +@@ -10593,7 +10637,7 @@ + exit(0); + } + EOF +-if { (eval echo configure:10597: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10641: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_SECURE_MKSTEMP=yes + else +@@ -10616,7 +10660,7 @@ + fi + + echo $ac_n "checking for sysconf(_SC_NGROUPS_MAX)""... $ac_c" 1>&6 +-echo "configure:10620: checking for sysconf(_SC_NGROUPS_MAX)" >&5 ++echo "configure:10664: checking for sysconf(_SC_NGROUPS_MAX)" >&5 + if eval "test \"`echo '$''{'samba_cv_SYSCONF_SC_NGROUPS_MAX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10625,12 +10669,12 @@ + samba_cv_SYSCONF_SC_NGROUPS_MAX=cross + else + cat > conftest.$ac_ext < + main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); } + EOF +-if { (eval echo configure:10634: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10678: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_SYSCONF_SC_NGROUPS_MAX=yes + else +@@ -10653,7 +10697,7 @@ + fi + + echo $ac_n "checking for root""... $ac_c" 1>&6 +-echo "configure:10657: checking for root" >&5 ++echo "configure:10701: checking for root" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_ROOT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10662,11 +10706,11 @@ + samba_cv_HAVE_ROOT=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10714: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_ROOT=yes + else +@@ -10694,7 +10738,7 @@ + # look for a method of finding the list of network interfaces + iface=no; + echo $ac_n "checking for iface AIX""... $ac_c" 1>&6 +-echo "configure:10698: checking for iface AIX" >&5 ++echo "configure:10742: checking for iface AIX" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_AIX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10703,7 +10747,7 @@ + samba_cv_HAVE_IFACE_AIX=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10759: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_IFACE_AIX=yes + else +@@ -10735,7 +10779,7 @@ + + if test $iface = no; then + echo $ac_n "checking for iface ifconf""... $ac_c" 1>&6 +-echo "configure:10739: checking for iface ifconf" >&5 ++echo "configure:10783: checking for iface ifconf" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFCONF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10744,7 +10788,7 @@ + samba_cv_HAVE_IFACE_IFCONF=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10800: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_IFACE_IFCONF=yes + else +@@ -10777,7 +10821,7 @@ + + if test $iface = no; then + echo $ac_n "checking for iface ifreq""... $ac_c" 1>&6 +-echo "configure:10781: checking for iface ifreq" >&5 ++echo "configure:10825: checking for iface ifreq" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFREQ'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10786,7 +10830,7 @@ + samba_cv_HAVE_IFACE_IFREQ=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10842: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_IFACE_IFREQ=yes + else +@@ -10823,7 +10867,7 @@ + seteuid=no; + if test $seteuid = no; then + echo $ac_n "checking for setresuid""... $ac_c" 1>&6 +-echo "configure:10827: checking for setresuid" >&5 ++echo "configure:10871: checking for setresuid" >&5 + if eval "test \"`echo '$''{'samba_cv_USE_SETRESUID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10832,7 +10876,7 @@ + samba_cv_USE_SETRESUID=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10888: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_USE_SETRESUID=yes + else +@@ -10866,7 +10910,7 @@ + + if test $seteuid = no; then + echo $ac_n "checking for setreuid""... $ac_c" 1>&6 +-echo "configure:10870: checking for setreuid" >&5 ++echo "configure:10914: checking for setreuid" >&5 + if eval "test \"`echo '$''{'samba_cv_USE_SETREUID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10875,7 +10919,7 @@ + samba_cv_USE_SETREUID=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10931: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_USE_SETREUID=yes + else +@@ -10908,7 +10952,7 @@ + + if test $seteuid = no; then + echo $ac_n "checking for seteuid""... $ac_c" 1>&6 +-echo "configure:10912: checking for seteuid" >&5 ++echo "configure:10956: checking for seteuid" >&5 + if eval "test \"`echo '$''{'samba_cv_USE_SETEUID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10917,7 +10961,7 @@ + samba_cv_USE_SETEUID=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:10973: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_USE_SETEUID=yes + else +@@ -10950,7 +10994,7 @@ + + if test $seteuid = no; then + echo $ac_n "checking for setuidx""... $ac_c" 1>&6 +-echo "configure:10954: checking for setuidx" >&5 ++echo "configure:10998: checking for setuidx" >&5 + if eval "test \"`echo '$''{'samba_cv_USE_SETUIDX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -10959,7 +11003,7 @@ + samba_cv_USE_SETUIDX=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11015: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_USE_SETUIDX=yes + else +@@ -10992,7 +11036,7 @@ + + + echo $ac_n "checking for working mmap""... $ac_c" 1>&6 +-echo "configure:10996: checking for working mmap" >&5 ++echo "configure:11040: checking for working mmap" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_MMAP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -11001,11 +11045,11 @@ + samba_cv_HAVE_MMAP=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11053: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_MMAP=yes + else +@@ -11028,7 +11072,7 @@ + fi + + echo $ac_n "checking for ftruncate needs root""... $ac_c" 1>&6 +-echo "configure:11032: checking for ftruncate needs root" >&5 ++echo "configure:11076: checking for ftruncate needs root" >&5 + if eval "test \"`echo '$''{'samba_cv_FTRUNCATE_NEEDS_ROOT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -11037,11 +11081,11 @@ + samba_cv_FTRUNCATE_NEEDS_ROOT=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11089: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_FTRUNCATE_NEEDS_ROOT=yes + else +@@ -11064,7 +11108,7 @@ + fi + + echo $ac_n "checking for fcntl locking""... $ac_c" 1>&6 +-echo "configure:11068: checking for fcntl locking" >&5 ++echo "configure:11112: checking for fcntl locking" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_FCNTL_LOCK'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -11073,11 +11117,11 @@ + samba_cv_HAVE_FCNTL_LOCK=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11125: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_FCNTL_LOCK=yes + else +@@ -11100,7 +11144,7 @@ + fi + + echo $ac_n "checking for broken (glibc2.1/x86) 64 bit fcntl locking""... $ac_c" 1>&6 +-echo "configure:11104: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5 ++echo "configure:11148: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_FCNTL64_LOCKS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -11109,11 +11153,11 @@ + samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11161: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes + else +@@ -11138,7 +11182,7 @@ + + + echo $ac_n "checking for 64 bit fcntl locking""... $ac_c" 1>&6 +-echo "configure:11142: checking for 64 bit fcntl locking" >&5 ++echo "configure:11186: checking for 64 bit fcntl locking" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_FLOCK64'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -11147,7 +11191,7 @@ + samba_cv_HAVE_STRUCT_FLOCK64=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11219: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_STRUCT_FLOCK64=yes + else +@@ -11196,13 +11240,13 @@ + fi + + echo $ac_n "checking for st_blocks in struct stat""... $ac_c" 1>&6 +-echo "configure:11200: checking for st_blocks in struct stat" >&5 ++echo "configure:11244: checking for st_blocks in struct stat" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_STAT_ST_BLOCKS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -11211,7 +11255,7 @@ + struct stat st; st.st_blocks = 0; + ; return 0; } + EOF +-if { (eval echo configure:11215: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:11259: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_STAT_ST_BLOCKS=yes + else +@@ -11234,13 +11278,13 @@ + case "$host_os" in + *linux*) + echo $ac_n "checking for broken RedHat 7.2 system header files""... $ac_c" 1>&6 +-echo "configure:11238: checking for broken RedHat 7.2 system header files" >&5 ++echo "configure:11282: checking for broken RedHat 7.2 system header files" >&5 + if eval "test \"`echo '$''{'samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:11302: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no + else +@@ -11277,13 +11321,13 @@ + esac + + echo $ac_n "checking for broken nisplus include files""... $ac_c" 1>&6 +-echo "configure:11281: checking for broken nisplus include files" >&5 ++echo "configure:11325: checking for broken nisplus include files" >&5 + if eval "test \"`echo '$''{'samba_cv_BROKEN_NISPLUS_INCLUDE_FILES'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #if defined(HAVE_RPCSVC_NIS_H) +@@ -11293,7 +11337,7 @@ + int i; + ; return 0; } + EOF +-if { (eval echo configure:11297: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:11341: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no + else +@@ -11317,7 +11361,7 @@ + ################################################# + # check for smbwrapper support + echo $ac_n "checking whether to use smbwrapper""... $ac_c" 1>&6 +-echo "configure:11321: checking whether to use smbwrapper" >&5 ++echo "configure:11365: checking whether to use smbwrapper" >&5 + # Check whether --with-smbwrapper or --without-smbwrapper was given. + if test "${with_smbwrapper+set}" = set; then + withval="$with_smbwrapper" +@@ -11361,7 +11405,7 @@ + ################################################# + # check for the AFS filesystem + echo $ac_n "checking whether to use AFS""... $ac_c" 1>&6 +-echo "configure:11365: checking whether to use AFS" >&5 ++echo "configure:11409: checking whether to use AFS" >&5 + # Check whether --with-afs or --without-afs was given. + if test "${with_afs+set}" = set; then + withval="$with_afs" +@@ -11387,7 +11431,7 @@ + ################################################# + # check for the DFS auth system + echo $ac_n "checking whether to use DCE/DFS auth""... $ac_c" 1>&6 +-echo "configure:11391: checking whether to use DCE/DFS auth" >&5 ++echo "configure:11435: checking whether to use DCE/DFS auth" >&5 + # Check whether --with-dfs or --without-dfs was given. + if test "${with_dfs+set}" = set; then + withval="$with_dfs" +@@ -11412,7 +11456,7 @@ + ################################################# + # check for Kerberos IV auth system + echo $ac_n "checking whether to use Kerberos IV""... $ac_c" 1>&6 +-echo "configure:11416: checking whether to use Kerberos IV" >&5 ++echo "configure:11460: checking whether to use Kerberos IV" >&5 + # Check whether --with-krb4 or --without-krb4 was given. + if test "${with_krb4+set}" = set; then + withval="$with_krb4" +@@ -11424,7 +11468,7 @@ + EOF + + echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 +-echo "configure:11428: checking for dn_expand in -lresolv" >&5 ++echo "configure:11472: checking for dn_expand in -lresolv" >&5 + ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -11432,7 +11476,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lresolv $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:11491: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -11487,7 +11531,7 @@ + ################################################# + # check for Kerberos 5 auth system + echo $ac_n "checking whether to use Kerberos 5""... $ac_c" 1>&6 +-echo "configure:11491: checking whether to use Kerberos 5" >&5 ++echo "configure:11535: checking whether to use Kerberos 5" >&5 + # Check whether --with-krb5 or --without-krb5 was given. + if test "${with_krb5+set}" = set; then + withval="$with_krb5" +@@ -11515,7 +11559,7 @@ + ################################################# + # check for automount support + echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6 +-echo "configure:11519: checking whether to use AUTOMOUNT" >&5 ++echo "configure:11563: checking whether to use AUTOMOUNT" >&5 + # Check whether --with-automount or --without-automount was given. + if test "${with_automount+set}" = set; then + withval="$with_automount" +@@ -11540,7 +11584,7 @@ + ################################################# + # check for smbmount support + echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6 +-echo "configure:11544: checking whether to use SMBMOUNT" >&5 ++echo "configure:11588: checking whether to use SMBMOUNT" >&5 + # Check whether --with-smbmount or --without-smbmount was given. + if test "${with_smbmount+set}" = set; then + withval="$with_smbmount" +@@ -11577,7 +11621,7 @@ + # check for a PAM password database + with_pam_for_crypt=no + echo $ac_n "checking whether to use PAM password database""... $ac_c" 1>&6 +-echo "configure:11581: checking whether to use PAM password database" >&5 ++echo "configure:11625: checking whether to use PAM password database" >&5 + # Check whether --with-pam or --without-pam was given. + if test "${with_pam+set}" = set; then + withval="$with_pam" +@@ -11603,7 +11647,7 @@ + + # we can't build a pam module if we don't have pam. + echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6 +-echo "configure:11607: checking for pam_get_data in -lpam" >&5 ++echo "configure:11651: checking for pam_get_data in -lpam" >&5 + ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -11611,7 +11655,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lpam $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:11670: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -11649,7 +11693,7 @@ + ################################################# + # check for pam_smbpass support + echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6 +-echo "configure:11653: checking whether to use pam_smbpass" >&5 ++echo "configure:11697: checking whether to use pam_smbpass" >&5 + # Check whether --with-pam_smbpass or --without-pam_smbpass was given. + if test "${with_pam_smbpass+set}" = set; then + withval="$with_pam_smbpass" +@@ -11691,12 +11735,12 @@ + for ac_func in crypt + do + echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +-echo "configure:11695: checking for $ac_func" >&5 ++echo "configure:11739: checking for $ac_func" >&5 + if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:11767: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" + else +@@ -11745,7 +11789,7 @@ + + if test x"$ac_cv_func_crypt" = x"no"; then + echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 +-echo "configure:11749: checking for crypt in -lcrypt" >&5 ++echo "configure:11793: checking for crypt in -lcrypt" >&5 + ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -11753,7 +11797,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lcrypt $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:11812: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -11799,7 +11843,7 @@ + ## + if test $with_pam_for_crypt = no; then + echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6 +-echo "configure:11803: checking for a crypt that needs truncated salt" >&5 ++echo "configure:11847: checking for a crypt that needs truncated salt" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -11808,11 +11852,11 @@ + samba_cv_HAVE_TRUNCATED_SALT=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:11860: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + samba_cv_HAVE_TRUNCATED_SALT=no + else +@@ -11850,7 +11894,7 @@ + ################################################# + # check for a TDB password database + echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6 +-echo "configure:11854: checking whether to use TDB SAM database" >&5 ++echo "configure:11898: checking whether to use TDB SAM database" >&5 + # Check whether --with-tdbsam or --without-tdbsam was given. + if test "${with_tdbsam+set}" = set; then + withval="$with_tdbsam" +@@ -11876,7 +11920,7 @@ + ################################################# + # check for a LDAP password database + echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6 +-echo "configure:11880: checking whether to use LDAP SAM database" >&5 ++echo "configure:11924: checking whether to use LDAP SAM database" >&5 + # Check whether --with-ldapsam or --without-ldapsam was given. + if test "${with_ldapsam+set}" = set; then + withval="$with_ldapsam" +@@ -11903,7 +11947,7 @@ + ################################################# + # check for a NISPLUS password database + echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6 +-echo "configure:11907: checking whether to use NISPLUS SAM database" >&5 ++echo "configure:11951: checking whether to use NISPLUS SAM database" >&5 + # Check whether --with-nisplussam or --without-nisplussam was given. + if test "${with_nisplussam+set}" = set; then + withval="$with_nisplussam" +@@ -11931,7 +11975,7 @@ + # smbpasswd SAM is only used if another format + # has not been defined + echo $ac_n "checking whether to use traditional smbpasswd file""... $ac_c" 1>&6 +-echo "configure:11935: checking whether to use traditional smbpasswd file" >&5 ++echo "configure:11979: checking whether to use traditional smbpasswd file" >&5 + if test $with_smbpasswd_sam = yes; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +@@ -11953,7 +11997,7 @@ + ################################################# + # check for a NISPLUS_HOME support + echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6 +-echo "configure:11957: checking whether to use NISPLUS_HOME" >&5 ++echo "configure:12001: checking whether to use NISPLUS_HOME" >&5 + # Check whether --with-nisplus-home or --without-nisplus-home was given. + if test "${with_nisplus_home+set}" = set; then + withval="$with_nisplus_home" +@@ -11978,7 +12022,7 @@ + ################################################# + # check for the secure socket layer + echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 +-echo "configure:11982: checking whether to use SSL" >&5 ++echo "configure:12026: checking whether to use SSL" >&5 + # Check whether --with-ssl or --without-ssl was given. + if test "${with_ssl+set}" = set; then + withval="$with_ssl" +@@ -12052,7 +12096,7 @@ + ################################################# + # check for syslog logging + echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 +-echo "configure:12056: checking whether to use syslog logging" >&5 ++echo "configure:12100: checking whether to use syslog logging" >&5 + # Check whether --with-syslog or --without-syslog was given. + if test "${with_syslog+set}" = set; then + withval="$with_syslog" +@@ -12077,7 +12121,7 @@ + ################################################# + # check for a shared memory profiling support + echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6 +-echo "configure:12081: checking whether to use profiling" >&5 ++echo "configure:12125: checking whether to use profiling" >&5 + # Check whether --with-profiling-data or --without-profiling-data was given. + if test "${with_profiling_data+set}" = set; then + withval="$with_profiling_data" +@@ -12105,7 +12149,7 @@ + QUOTAOBJS=smbd/noquotas.o + + echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6 +-echo "configure:12109: checking whether to support disk-quotas" >&5 ++echo "configure:12153: checking whether to support disk-quotas" >&5 + # Check whether --with-quotas or --without-quotas was given. + if test "${with_quotas+set}" = set; then + withval="$with_quotas" +@@ -12117,13 +12161,13 @@ + *linux*) + # Check for kernel 2.4.x quota braindamage... + echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6 +-echo "configure:12121: checking for linux 2.4.x quota braindamage.." >&5 ++echo "configure:12165: checking for linux 2.4.x quota braindamage.." >&5 + if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -12135,7 +12179,7 @@ + struct mem_dqblk D; + ; return 0; } + EOF +-if { (eval echo configure:12139: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:12183: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_linux_2_4_quota_braindamage=yes + else +@@ -12179,7 +12223,7 @@ + # check for experimental utmp accounting + + echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6 +-echo "configure:12183: checking whether to support utmp accounting" >&5 ++echo "configure:12227: checking whether to support utmp accounting" >&5 + # Check whether --with-utmp or --without-utmp was given. + if test "${with_utmp+set}" = set; then + withval="$with_utmp" +@@ -12205,7 +12249,7 @@ + # check for MS Dfs support + + echo $ac_n "checking whether to support Microsoft Dfs""... $ac_c" 1>&6 +-echo "configure:12209: checking whether to support Microsoft Dfs" >&5 ++echo "configure:12253: checking whether to support Microsoft Dfs" >&5 + # Check whether --with-msdfs or --without-msdfs was given. + if test "${with_msdfs+set}" = set; then + withval="$with_msdfs" +@@ -12231,7 +12275,7 @@ + # check for Samba VFS support + + echo $ac_n "checking whether to support the experimental Samba vfs""... $ac_c" 1>&6 +-echo "configure:12235: checking whether to support the experimental Samba vfs" >&5 ++echo "configure:12279: checking whether to support the experimental Samba vfs" >&5 + # Check whether --with-vfs or --without-vfs was given. + if test "${with_vfs+set}" = set; then + withval="$with_vfs" +@@ -12258,9 +12302,9 @@ + # should we build libsmbclient? + + LIBSMBCLIENT_SHARED= +-LIBSMBCLIENT= ++LIBSMBCLIENT_STATIC= + echo $ac_n "checking whether to build the libsmbclient shared library""... $ac_c" 1>&6 +-echo "configure:12264: checking whether to build the libsmbclient shared library" >&5 ++echo "configure:12308: checking whether to build the libsmbclient shared library" >&5 + # Check whether --with-libsmbclient or --without-libsmbclient was given. + if test "${with_libsmbclient+set}" = set; then + withval="$with_libsmbclient" +@@ -12268,10 +12312,10 @@ + yes) + if test $BLDSHARED = true; then + LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT +- LIBSMBCLIENT=libsmbclient ++ LIBSMBCLIENT_STATIC=bin/libsmbclient.a + echo "$ac_t""yes" 1>&6 + else +- echo "$ac_t""no shared library support" 1>&6 ++ echo "$ac_t""no static or shared libsmbclient support" 1>&6 + fi + ;; + *) +@@ -12287,14 +12331,14 @@ + ################################################# + # these tests are taken from the GNU fileutils package + echo "checking how to get filesystem space usage" 1>&6 +-echo "configure:12291: checking how to get filesystem space usage" >&5 ++echo "configure:12335: checking how to get filesystem space usage" >&5 + space=no + + # Test for statvfs64. + if test $space = no; then + # SVR4 + echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6 +-echo "configure:12298: checking statvfs64 function (SVR4)" >&5 ++echo "configure:12342: checking statvfs64 function (SVR4)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -12302,7 +12346,7 @@ + fu_cv_sys_stat_statvfs64=cross + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:12364: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + fu_cv_sys_stat_statvfs64=yes + else +@@ -12349,12 +12393,12 @@ + if test $space = no; then + # SVR4 + echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 +-echo "configure:12353: checking statvfs function (SVR4)" >&5 ++echo "configure:12397: checking statvfs function (SVR4)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + cat > conftest.$ac_ext < + #include +@@ -12362,7 +12406,7 @@ + struct statvfs fsd; statvfs (0, &fsd); + ; return 0; } + EOF +-if { (eval echo configure:12366: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:12410: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + fu_cv_sys_stat_statvfs=yes + else +@@ -12387,7 +12431,7 @@ + if test $space = no; then + # DEC Alpha running OSF/1 + echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 +-echo "configure:12391: checking for 3-argument statfs function (DEC OSF/1)" >&5 ++echo "configure:12435: checking for 3-argument statfs function (DEC OSF/1)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -12395,7 +12439,7 @@ + fu_cv_sys_stat_statfs3_osf1=no + else + cat > conftest.$ac_ext < +@@ -12408,7 +12452,7 @@ + exit (statfs (".", &fsd, sizeof (struct statfs))); + } + EOF +-if { (eval echo configure:12412: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:12456: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + fu_cv_sys_stat_statfs3_osf1=yes + else +@@ -12435,7 +12479,7 @@ + if test $space = no; then + # AIX + echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 +-echo "configure:12439: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 ++echo "configure:12483: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -12443,7 +12487,7 @@ + fu_cv_sys_stat_statfs2_bsize=no + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:12510: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + fu_cv_sys_stat_statfs2_bsize=yes + else +@@ -12489,7 +12533,7 @@ + if test $space = no; then + # SVR3 + echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 +-echo "configure:12493: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 ++echo "configure:12537: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -12497,7 +12541,7 @@ + fu_cv_sys_stat_statfs4=no + else + cat > conftest.$ac_ext < + #include +@@ -12507,7 +12551,7 @@ + exit (statfs (".", &fsd, sizeof fsd, 0)); + } + EOF +-if { (eval echo configure:12511: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:12555: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + fu_cv_sys_stat_statfs4=yes + else +@@ -12534,7 +12578,7 @@ + if test $space = no; then + # 4.4BSD and NetBSD + echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 +-echo "configure:12538: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 ++echo "configure:12582: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -12542,7 +12586,7 @@ + fu_cv_sys_stat_statfs2_fsize=no + else + cat > conftest.$ac_ext < + #ifdef HAVE_SYS_PARAM_H +@@ -12558,7 +12602,7 @@ + exit (statfs (".", &fsd)); + } + EOF +-if { (eval echo configure:12562: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:12606: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + fu_cv_sys_stat_statfs2_fsize=yes + else +@@ -12585,7 +12629,7 @@ + if test $space = no; then + # Ultrix + echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 +-echo "configure:12589: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 ++echo "configure:12633: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else +@@ -12593,7 +12637,7 @@ + fu_cv_sys_stat_fs_data=no + else + cat > conftest.$ac_ext < + #ifdef HAVE_SYS_PARAM_H +@@ -12613,7 +12657,7 @@ + exit (statfs (".", &fsd) != 1); + } + EOF +-if { (eval echo configure:12617: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:12661: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + fu_cv_sys_stat_fs_data=yes + else +@@ -12646,9 +12690,9 @@ + # file support. + # + echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6 +-echo "configure:12650: checking if large file support can be enabled" >&5 ++echo "configure:12694: checking if large file support can be enabled" >&5 + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then ++if { (eval echo configure:12709: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes + else +@@ -12728,7 +12772,7 @@ + # check for ACL support + + echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6 +-echo "configure:12732: checking whether to support ACLs" >&5 ++echo "configure:12776: checking whether to support ACLs" >&5 + # Check whether --with-acl-support or --without-acl-support was given. + if test "${with_acl_support+set}" = set; then + withval="$with_acl_support" +@@ -12781,7 +12825,7 @@ + ;; + *) + echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6 +-echo "configure:12785: checking for acl_get_file in -lacl" >&5 ++echo "configure:12829: checking for acl_get_file in -lacl" >&5 + ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'` + if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +@@ -12789,7 +12833,7 @@ + ac_save_LIBS="$LIBS" + LIBS="-lacl $LIBS" + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:12848: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" + else +@@ -12828,13 +12872,13 @@ + fi + + echo $ac_n "checking for ACL support""... $ac_c" 1>&6 +-echo "configure:12832: checking for ACL support" >&5 ++echo "configure:12876: checking for ACL support" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -12842,7 +12886,7 @@ + acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p); + ; return 0; } + EOF +-if { (eval echo configure:12846: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:12890: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + samba_cv_HAVE_POSIX_ACLS=yes + else +@@ -12862,13 +12906,13 @@ + EOF + + echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6 +-echo "configure:12866: checking for acl_get_perm_np" >&5 ++echo "configure:12910: checking for acl_get_perm_np" >&5 + if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 + else + + cat > conftest.$ac_ext < + #include +@@ -12876,7 +12920,7 @@ + acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm); + ; return 0; } + EOF +-if { (eval echo configure:12880: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then ++if { (eval echo configure:12924: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + samba_cv_HAVE_ACL_GET_PERM_NP=yes + else +@@ -12931,7 +12975,7 @@ + # (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS). + + echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6 +-echo "configure:12935: checking whether to build winbind" >&5 ++echo "configure:12979: checking whether to build winbind" >&5 + + # Initially, the value of $host_os decides whether winbind is supported + +@@ -13010,11 +13054,11 @@ + : + else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null ++if { (eval echo configure:13062: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null + then + echo "configure OK"; + else +@@ -13184,7 +13228,7 @@ + s%@SHLIBEXT@%$SHLIBEXT%g + s%@BLDSHARED@%$BLDSHARED%g + s%@LIBSMBCLIENT_SHARED@%$LIBSMBCLIENT_SHARED%g +-s%@LIBSMBCLIENT@%$LIBSMBCLIENT%g ++s%@LIBSMBCLIENT_STATIC@%$LIBSMBCLIENT_STATIC%g + s%@CC@%$CC%g + s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g + s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g +--- samba-2.2.2.cvs20020120.orig/source/configure.in ++++ samba-2.2.2.cvs20020120/source/configure.in +@@ -145,7 +145,7 @@ + AC_SUBST(SHLIBEXT) + AC_SUBST(BLDSHARED) + AC_SUBST(LIBSMBCLIENT_SHARED) +-AC_SUBST(LIBSMBCLIENT) ++AC_SUBST(LIBSMBCLIENT_STATIC) + + # compile with optimization and without debugging by default + CFLAGS="-O ${CFLAGS}" +@@ -340,6 +340,28 @@ + #endif + } + ], [LINUX_LFS_SUPPORT=yes], [LINUX_LFS_SUPPORT=no], [LINUX_LFS_SUPPORT=cross]) ++ if test x$LINUX_LFS_SUPPORT = xyes ; then ++ AC_TRY_RUN([ ++#include ++#include ++#include ++main() { ++ unsigned int *padding; ++ struct flock foo_lock = {F_WRLCK, SEEK_SET, 0, 1, 0}; ++ int fd = open("/dev/null", O_RDWR); ++ ++ /* Yes, we're depending on the internals of the Linux flock structure ++ here -- but this test is explicitly Linux-specific to begin with. */ ++ padding = (unsigned int *)&foo_lock; ++ padding[1] = 0xffffffff; ++ foo_lock.l_start = 0; ++ if (fcntl(fd, F_SETLK, &foo_lock) < 0) ++ exit(1); ++ ++ exit(0); ++} ++], [LINUX_LFS_SUPPORT=yes], [LINUX_LFS_SUPPORT=no], [LINUX_LFS_SUPPORT=cross]) ++ fi + CPPFLAGS="$old_CPPFLAGS" + if test x$LINUX_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" +@@ -2232,7 +2254,7 @@ + # should we build libsmbclient? + + LIBSMBCLIENT_SHARED= +-LIBSMBCLIENT= ++LIBSMBCLIENT_STATIC= + AC_MSG_CHECKING(whether to build the libsmbclient shared library) + AC_ARG_WITH(libsmbclient, + [ --with-libsmbclient Build the libsmbclient shared library (default=no)], +@@ -2240,10 +2262,10 @@ + yes) + if test $BLDSHARED = true; then + LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT +- LIBSMBCLIENT=libsmbclient ++ LIBSMBCLIENT_STATIC=bin/libsmbclient.a + AC_MSG_RESULT(yes) + else +- AC_MSG_RESULT(no shared library support) ++ AC_MSG_RESULT(no static or shared libsmbclient support) + fi + ;; + *) diff --git a/packaging/Debian/debian/patches/loadparm.patch b/packaging/Debian/debian/patches/loadparm.patch new file mode 100644 index 00000000000..d7880a25146 --- /dev/null +++ b/packaging/Debian/debian/patches/loadparm.patch @@ -0,0 +1,78 @@ +--- samba-2.2.2.cvs20020201/source/param/loadparm.c.orig Fri Feb 1 17:03:50 2002 ++++ samba-2.2.2.cvs20020201/source/param/loadparm.c Fri Feb 1 18:45:41 2002 +@@ -1085,26 +1085,26 @@ + case PRINT_AIX: + case PRINT_LPRNT: + case PRINT_LPROS2: +- string_set(&sDefault.szLpqcommand, "lpq -P%p"); +- string_set(&sDefault.szLprmcommand, "lprm -P%p %j"); ++ string_set(&sDefault.szLpqcommand, "lpq -P'%p'"); ++ string_set(&sDefault.szLprmcommand, "lprm -P'%p' %j"); + string_set(&sDefault.szPrintcommand, +- "lpr -r -P%p %s"); ++ "lpr -r -P'%p' %s"); + break; + + case PRINT_LPRNG: + case PRINT_PLP: +- string_set(&sDefault.szLpqcommand, "lpq -P%p"); +- string_set(&sDefault.szLprmcommand, "lprm -P%p %j"); ++ string_set(&sDefault.szLpqcommand, "lpq -P'%p'"); ++ string_set(&sDefault.szLprmcommand, "lprm -P'%p' %j"); + string_set(&sDefault.szPrintcommand, +- "lpr -r -P%p %s"); ++ "lpr -r -P'%p' %s"); + string_set(&sDefault.szQueuepausecommand, +- "lpc stop %p"); ++ "lpc stop '%p'"); + string_set(&sDefault.szQueueresumecommand, +- "lpc start %p"); ++ "lpc start '%p'"); + string_set(&sDefault.szLppausecommand, +- "lpc hold %p %j"); ++ "lpc hold '%p' %j"); + string_set(&sDefault.szLpresumecommand, +- "lpc release %p %j"); ++ "lpc release '%p' %j"); + break; + + case PRINT_CUPS: +@@ -1120,19 +1120,19 @@ + string_set(&Globals.szPrintcapname, "cups"); + #else + string_set(&sDefault.szLpqcommand, +- "/usr/bin/lpstat -o %p"); ++ "/usr/bin/lpstat -o '%p'"); + string_set(&sDefault.szLprmcommand, +- "/usr/bin/cancel %p-%j"); ++ "/usr/bin/cancel '%p-%j'"); + string_set(&sDefault.szPrintcommand, +- "/usr/bin/lp -d %p %s; rm %s"); ++ "/usr/bin/lp -d '%p' %s; rm %s"); + string_set(&sDefault.szLppausecommand, +- "lp -i %p-%j -H hold"); ++ "lp -i '%p-%j' -H hold"); + string_set(&sDefault.szLpresumecommand, +- "lp -i %p-%j -H resume"); ++ "lp -i '%p-%j' -H resume"); + string_set(&sDefault.szQueuepausecommand, +- "/usr/bin/disable %p"); ++ "/usr/bin/disable '%p'"); + string_set(&sDefault.szQueueresumecommand, +- "/usr/bin/enable %p"); ++ "/usr/bin/enable '%p'"); + string_set(&Globals.szPrintcapname, "lpstat"); + #endif /* HAVE_CUPS */ + break; +@@ -1437,7 +1437,10 @@ + else + StrnCpy(ret, s, len); + +- trim_string(ret, "\"", "\""); ++ if (trim_string(ret, "\"", "\"")) { ++ if (strchr(ret,'"') != NULL) ++ StrnCpy(ret, s, len); ++ } + + standard_sub_basic(ret); + return (ret); diff --git a/packaging/Debian/debian/patches/samba.patch b/packaging/Debian/debian/patches/samba.patch new file mode 100644 index 00000000000..be251861cb1 --- /dev/null +++ b/packaging/Debian/debian/patches/samba.patch @@ -0,0 +1,199 @@ +--- samba-2.2.2.cvs20020120.orig/source/client/smbmount.c ++++ samba-2.2.2.cvs20020120/source/client/smbmount.c +@@ -719,7 +719,7 @@ + *lp = 0; + pstrcpy(password,lp+1); + got_pass = True; +- memset(strchr(opteq+1,'%')+1,'X',strlen(password)); ++ memset(strchr(opteq+1,'%')+1,'\0',strlen(password)); + } + if ((lp=strchr(username,'/'))) { + *lp = 0; +@@ -729,7 +729,7 @@ + !strcmp(opts, "password")) { + pstrcpy(password,opteq+1); + got_pass = True; +- memset(opteq+1,'X',strlen(password)); ++ memset(opteq+1,'\0',strlen(password)); + } else if(!strcmp(opts, "credentials")) { + pstrcpy(credentials,opteq+1); + } else if(!strcmp(opts, "netbiosname")) { +@@ -822,7 +822,7 @@ + *p = 0; + pstrcpy(password,p+1); + got_pass = True; +- memset(strchr(getenv("USER"),'%')+1,'X',strlen(password)); ++ memset(strchr(getenv("USER"),'%')+1,'\0',strlen(password)); + } + strupper(username); + } +--- samba-2.2.2.cvs20020120.orig/source/script/installbin.sh ++++ samba-2.2.2.cvs20020120/source/script/installbin.sh +@@ -11,7 +11,7 @@ + shift + shift + +-for d in $BASEDIR $BINDIR $LIBDIR $VARDIR $BASEDIR/private; do ++for d in $BASEDIR $BINDIR $LIBDIR $VARDIR; do + if [ ! -d $d ]; then + mkdir $d + if [ ! -d $d ]; then +@@ -33,9 +33,11 @@ + chmod $INSTALLPERMS $BINDIR/$p2 + + # this is a special case, mount needs this in a specific location +- if [ $p2 = smbmount ]; then +- ln -sf $BINDIR/$p2 /sbin/mount.smbfs +- fi ++# Commented out for the Debian Samba package. We take care of this ++# important symlink in debian/rules. (peloy@debian.org) ++# if [ $p2 = smbmount ]; then ++# ln -sf $BINDIR/$p2 /sbin/mount.smbfs ++# fi + done + + +--- samba-2.2.2.cvs20020120.orig/source/script/installswat.sh ++++ samba-2.2.2.cvs20020120/source/script/installswat.sh +@@ -48,8 +48,8 @@ + for f in $SRCDIR../docs/htmldocs/*.html; do + FNAME=$SWATDIR/help/`basename $f` + echo $FNAME +- cp $f $FNAME || echo Cannot install $FNAME. Does $USER have privileges? +- chmod 0644 $FNAME ++ ln -s ../../../../doc/samba-doc/htmldocs/`basename $f` $FNAME || echo Cannot install $FNAME. Does $USER have privileges? ++# chmod 0644 $FNAME + done + + # Install "server-side" includes +@@ -63,7 +63,10 @@ + + # Install Using Samba book + +-if [ "x$BOOKDIR" != "x" ]; then ++# For Debian we do not install anything here, we just create a symlink ++# pointing to /usr/share/doc/samba-doc/htmldocs/using_samba/ in ++# debian/rules (peloy@debian.org) ++if /bin/false; then + + # Create directories + +--- samba-2.2.2.cvs20020120.orig/source/web/diagnose.c ++++ samba-2.2.2.cvs20020120/source/web/diagnose.c +@@ -54,6 +54,7 @@ + static struct cli_state cli; + extern struct in_addr loopback_ip; + ++ loopback_ip.s_addr = htonl((127 << 24) + 1); + if (!cli_initialise(&cli)) + return False; + +--- samba-2.2.2.cvs20020120.orig/source/web/startstop.c ++++ samba-2.2.2.cvs20020120/source/web/startstop.c +@@ -37,7 +37,7 @@ + return; + } + +- slprintf(binfile, sizeof(pstring) - 1, "%s/smbd", SBINDIR); ++ slprintf(binfile, sizeof(pstring) - 1, "%s/smbd", "/usr/sbin"); + + become_daemon(); + +@@ -58,7 +58,7 @@ + return; + } + +- slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", SBINDIR); ++ slprintf(binfile, sizeof(pstring) - 1, "%s/nmbd", "/usr/sbin"); + + become_daemon(); + +--- samba-2.2.2.cvs20020120.orig/source/web/swat.c ++++ samba-2.2.2.cvs20020120/source/web/swat.c +@@ -49,6 +49,19 @@ + #define ENABLE_USER_FLAG "enable_user_flag" + #define RHOST "remote_host" + ++typedef struct html_conversion { ++ char src; ++ char *dest; ++} html_conversion; ++ ++static const html_conversion entities[] = { ++ { '"', """ }, ++ { '&', "&" }, ++ { '<', "<" }, ++ { '>', ">" }, ++ { '\0', NULL }, ++}; ++ + /* we need these because we link to locking*.o */ + void become_root(void) {} + void unbecome_root(void) {} +@@ -77,6 +90,51 @@ + return newstring; + } + ++static char *htmlentities(char *str) ++{ ++ int i,j, destlen = 0; ++ int length = strlen(str); ++ /* Feel free to use a pstring if appropriate -- I haven't ++ checked if it's guaranteed to be long enough, and suspect it ++ isn't. -SRL */ ++ char *dststr = NULL; ++ char *p; ++ ++ for (i = 0; i < length; i++) { ++ for (j = 0; entities[j].src; j++) { ++ if (str[i] == entities[j].src) { ++ destlen += strlen(entities[j].dest); ++ break; ++ } ++ } ++ if (!entities[j].src) { ++ destlen++; ++ } ++ } ++ if (length == destlen) { ++ return(strdup(str)); ++ } ++ p = dststr = malloc(destlen + 1); ++ if (!dststr) { ++ return(NULL); ++ } ++ dststr[destlen] = '\0'; ++ for (i = 0; i < length; i++) { ++ for (j = 0; entities[j].src; j++) { ++ if (str[i] == entities[j].src) { ++ strncpy(p, entities[j].dest, ++ strlen(entities[j].dest)); ++ p += strlen(entities[j].dest); ++ break; ++ } ++ } ++ if (!entities[j].src) { ++ *p++ = str[i]; ++ } ++ } ++ return(dststr); ++} ++ + static char *stripspace(char *str) + { + static char newstring[1024]; +@@ -182,8 +240,12 @@ + + case P_STRING: + case P_USTRING: +- printf("", +- make_parm_name(parm->label), *(char **)ptr); ++ str = htmlentities(*(char **)ptr); ++ printf("", ++ make_parm_name(parm->label), str); ++ if (str != NULL) { ++ free(str); ++ } + printf("", + make_parm_name(parm->label),fix_backslash((char *)(parm->def.svalue))); + break; diff --git a/packaging/Debian/debian/patches/smbadduser.patch b/packaging/Debian/debian/patches/smbadduser.patch new file mode 100644 index 00000000000..9bfb4573012 --- /dev/null +++ b/packaging/Debian/debian/patches/smbadduser.patch @@ -0,0 +1,22 @@ +--- samba-2.2.2.cvs20020120.orig/source/script/smbadduser ++++ samba-2.2.2.cvs20020120/source/script/smbadduser +@@ -2,13 +2,14 @@ + # + # smbadduser - Written by Mike Zakharoff + # ++# Customized for Debian by Eloy A. Paris ++# + unalias * +-set path = ($path /usr/local/samba/bin) ++# No need to set a path in Debian ++#set path = ($path /usr/local/samba/bin) + +-set smbpasswd = /usr/local/samba/private/smbpasswd +-#set smbpasswd = /etc/samba.d/smbpasswd +-set user_map = /usr/local/samba/lib/users.map +-#set user_map = /etc/samba.d/smbusers ++set smbpasswd = /etc/samba/smbpasswd ++set user_map = /etc/samba/users.map + # + # Set to site specific passwd command + # diff --git a/packaging/Debian/debian/patches/smbclient-pager.patch b/packaging/Debian/debian/patches/smbclient-pager.patch new file mode 100644 index 00000000000..d600c1bd9c2 --- /dev/null +++ b/packaging/Debian/debian/patches/smbclient-pager.patch @@ -0,0 +1,11 @@ +--- samba-2.2.2.cvs20020120.orig/source/include/local.h ++++ samba-2.2.2.cvs20020120/source/include/local.h +@@ -105,7 +105,7 @@ + /* the default pager to use for the client "more" command. Users can + override this with the PAGER environment variable */ + #ifndef PAGER +-#define PAGER "more" ++#define PAGER "/usr/bin/pager" + #endif + + /* the size of the uid cache used to reduce valid user checks */ diff --git a/packaging/Debian/debian/patches/smbclient-xfer-speed.patch b/packaging/Debian/debian/patches/smbclient-xfer-speed.patch new file mode 100644 index 00000000000..3ff8b600691 --- /dev/null +++ b/packaging/Debian/debian/patches/smbclient-xfer-speed.patch @@ -0,0 +1,17 @@ +--- samba-2.2.2.cvs20020120/source/client/client.c.orig Wed Jan 23 23:32:44 2002 ++++ samba-2.2.2.cvs20020120/source/client/client.c Wed Jan 23 23:33:50 2002 +@@ -92,10 +92,10 @@ + extern file_info def_finfo; + + /* timing globals */ +-int get_total_size = 0; +-int get_total_time_ms = 0; +-int put_total_size = 0; +-int put_total_time_ms = 0; ++SMB_BIG_UINT get_total_size = 0; ++unsigned int get_total_time_ms = 0; ++SMB_BIG_UINT put_total_size = 0; ++unsigned int put_total_time_ms = 0; + + /* totals globals */ + static double dir_total; diff --git a/packaging/Debian/debian/rules b/packaging/Debian/debian/rules new file mode 100755 index 00000000000..1083a10f466 --- /dev/null +++ b/packaging/Debian/debian/rules @@ -0,0 +1,274 @@ +#!/usr/bin/make -f +# +# Important modifications (introduction of a saved config.cache to +# solve build problems) we introduced in Samba 2.2.1a-5. These +# modification were made by Steve Langasek . +# + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This is the debhelper compatability version to use. +export DH_COMPAT=2 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + +# Set the host and build architectures for use with config.cache loading, +# cross-building, etc. +DEB_HOST_GNU_TYPE := $(shell dpkg-architecture -qDEB_HOST_GNU_TYPE) +DEB_BUILD_GNU_TYPE := $(shell dpkg-architecture -qDEB_BUILD_GNU_TYPE) + +export DEB_HOST_GNU_TYPE +export DEB_BUILD_GNU_TYPE + +BVARS = SMBLOGFILE=/var/log/smb NMBLOGFILE=/var/log/nmb + +DESTDIR=`pwd`/debian/samba +SWATDIR=`pwd`/debian/swat +SAMBABOOK=`pwd`/debian/swat + +IVARS = BASEDIR=$(DESTDIR)/usr \ + BINDIR=$(DESTDIR)/usr/bin \ + SBINDIR=$(DESTDIR)/usr/sbin \ + MANDIR=$(DESTDIR)/usr/share/man \ + LIBDIR=$(DESTDIR)/etc/samba \ + VARDIR=$(DESTDIR)/var/state/samba \ + INCLUDEDIR=$(DESTDIR)/usr/include \ + SWATDIR=$(SWATDIR)/usr/share/samba/swat \ + SAMBABOOK=$(SAMBABOOK)/usr/share/samba/swat/using_samba \ + CODEPAGEDIR=$(DESTDIR)/usr/share/samba/codepages + +patch: patch-stamp +patch-stamp: + dh_testdir + if [ ! -f patch-stamp ]; then debian/scripts/patch-source; fi + touch patch-stamp + +unpatch: + dh_testdir + if [ -f patch-stamp ]; then debian/scripts/unpatch-source; fi + rm -f patch-stamp + +configure: patch-stamp configure-stamp +configure-stamp: + dh_testdir + + # Add here commands to configure the package. +# > +# > Does the --with-fhs option work in configure? I tried it with +# > alpha3, but everything was stored in /usr/local. Is that correct? +# > ... +# +# Yes - the default prefix is still /usr/local; --with-fhs just +# changes the default paths for the config, etc. files to match +# the GNU/FHS specs. To get a complete FHS directory spec, use: +# +# ./configure --with-fhs --prefix=/usr --sysconfdir=/etc \ +# --localstatedir=/var + + if [ -f debian/config.cache ]; then \ + cp -f debian/config.cache source/config.cache; \ + fi + +# [ -f source/Makefile ] || (cd source && ./configure --with-fhs --prefix=/usr --exec-prefix=/usr --with-netatalk --with-smbmount --with-pam --with-syslog --with-sambabook --with-utmp) + [ -f source/Makefile ] || (cd source && ./configure \ + --host=$(DEB_HOST_GNU_TYPE) \ + --build=$(DEB_BUILD_GNU_TYPE) \ + --with-fhs \ + --prefix=/usr \ + --sysconfdir=/etc \ + --with-privatedir=/etc/samba \ + --with-lockdir=/var/state/samba \ + --localstatedir=/var \ + --with-netatalk \ + --with-smbmount \ + --with-pam \ + --with-syslog \ + --with-sambabook \ + --with-utmp \ + --with-readline \ + --with-pam_smbpass \ + --with-libsmbclient) + + touch configure-stamp + +build: patch-stamp configure-stamp build-stamp +build-stamp: + dh_testdir + + # Compile the Samba package first +# $(MAKE) -C source $(BVARS) all smbtorture rpctorture debug2html + $(MAKE) -C source all + + touch build-stamp + +clean: unpatch + dh_testdir + dh_testroot + rm -f build-stamp configure-stamp + + # Clean first the Samba package +# -$(MAKE) -C source realclean +# -$(MAKE) -C source clean + -$(MAKE) -C source distclean + + # Delete stuff left after a build that is not deleted by 'make clean' + rm -f source/bin/wbinfo source/bin/winbindd source/bin/rpctorture \ + source/bin/debug2html + + dh_clean + +install: DH_OPTIONS= +install: build + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) -C source install $(IVARS) + + # libsmbclient is installed in usr/bin/. Move to usr/lib/. + mv $(DESTDIR)/usr/bin/libsmbclient.so $(DESTDIR)/usr/lib/libsmbclient.so.0.1 + mv $(DESTDIR)/usr/bin/libsmbclient.a $(DESTDIR)/usr/lib/ + + # This is to comply with policy (the symlink that ldconfig would + # produce must exist in the package). + /sbin/ldconfig -n $(DESTDIR)/usr/lib/ + + # libsmbclient include file is not installed by standard + # 'make install' - do it manually. + $(MAKE) -C source installclientlib $(IVARS) + + # Install other stuff not installed by "make install" + install -m 0755 debian/mksmbpasswd.awk $(DESTDIR)/usr/sbin/mksmbpasswd + install -m 0755 debian/sambaconfig $(DESTDIR)/usr/sbin/ + install -m 0755 source/bin/pam_smbpass.so $(DESTDIR)/lib/security/ + + # This is only temporary, while we create new packages for winbind and friends + install -m 0644 source/nsswitch/libnss_winbind.so $(DESTDIR)/lib/libnss_winbind.so.2 + install -m 0644 source/nsswitch/pam_winbind.so $(DESTDIR)/lib/security/ + + # Create the symlink that will allow us to do "mount -t smbfs ...". + # Create also a symlink that will allow "mount -t smb ..." to + # work too. The symlink is created in $(DESTDIR)/sbin/ but + # will be moved by dh_movefiles to the smbfs package later on. + ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smbfs + ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smb + ln -s smbmount.8 $(DESTDIR)/usr/share/man/man8/mount.smb.8 + ln -s smbmount.8 $(DESTDIR)/usr/share/man/man8/mount.smbfs.8 + + # For CUPS to support printing to samba printers, it's necessary + # to make the following symlink (according to + # Erich Schubert in #109509): + ln -s /usr/bin/smbspool $(DESTDIR)/usr/lib/cups/backend/smb + + # To avoid duplication of a large number of files, the swat package + # does not contain the "Using Samba" book nor the HTML docs. + # Instead, these are provided by the samba-doc package and + # are accessed through symlinks provided in the swat package. + # Here we create the symlink for the book, and the symlinks + # for the HTML files are created by the script installswat.sh. + ln -s ../../../doc/samba-doc/htmldocs/using_samba $(SAMBABOOK)/usr/share/samba/swat/using_samba + + # Install man pages for files without man pages in the upstream sources + install -m 0644 debian/sambaconfig.8 $(DESTDIR)/usr/share/man/man8/sambaconfig.8 + install -m 0644 debian/mksmbpasswd.8 $(DESTDIR)/usr/share/man/man8/mksmbpasswd.8 + + # Delete unwanted stuff leftover from "make install" + + # The smbwrapper package is not being generated anymore, so we must + # delete the related man pages. + rm $(DESTDIR)/usr/share/man/man1/smbsh.1 + + # Install samba-common's conffiles - they'll get moved later to their + # correct place by dh_movefiles. + cp debian/smb.conf $(DESTDIR)/etc/samba/ + cp debian/samba.pamd $(DESTDIR)/etc/pam.d/samba + + dh_movefiles --sourcedir=debian/samba/ + + # Remove empty directories that will never be used. + rmdir $(DESTDIR)/sbin + +# Build architecture-independent files here. +# Pass -i to all debhelper commands in this target to reduce clutter. +binary-indep: DH_OPTIONS=-i +binary-indep: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testversion 1.1.17 + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs -A docs/textdocs/DIAGNOSIS.txt debian/README.build docs/README* docs/Samba-HOWTO-Collection.pdf + # dh_installexamples is not available in Debian Potato... + [ -x /usr/bin/dh_installexamples ] && dh_installexamples +# dh_installmenu +# dh_installemacsen +# dh_installpam +# dh_installinit +# dh_installcron +# dh_installmanpages +# dh_installinfo +# dh_undocumented + dh_installchangelogs + dh_link + dh_compress + dh_fixperms + dh_installdeb +# dh_perl + dh_gencontrol + dh_md5sums + dh_builddeb + +# Build architecture-dependent files here. +# Pass -a to all debhelper commands in this target to reduce clutter. +binary-arch: DH_OPTIONS=-a +binary-arch: build install + # Need this version of debhelper for DH_OPTIONS to work. + dh_testversion 1.1.17 + dh_testdir + dh_testroot +# dh_installdebconf + dh_installdocs -A docs/textdocs/DIAGNOSIS.txt debian/README.build docs/README* docs/Samba-HOWTO-Collection.pdf + # dh_installexamples is not available in Debian Potato... + [ -x /usr/bin/dh_installexamples ] && dh_installexamples +# dh_installmenu + # dh_installlogrotate is not available in Debian Potato... + if [ -x /usr/bin/dh_installlogrotate ]; then dh_installlogrotate; else mkdir debian/samba/etc/logrotate.d; cp debian/samba.logrotate debian/samba/etc/logrotate.d/samba; fi +# dh_installemacsen +# dh_installpam + dh_installinit + dh_installcron +# dh_installmanpages +# dh_installinfo + dh_undocumented + dh_installchangelogs + dh_strip + dh_link + dh_compress + dh_fixperms + + # You may want to make some executables suid here. + # The smbmnt and smbumount binaries should be setuid-root. This + # has security implications because these programs haven't had + # a thorough security audit. smbmount _does not_ have to have + # the setuid bit set. In fact, it is a security hole. + chmod u+s debian/smbfs/usr/bin/smbmnt + chmod u+s debian/smbfs/usr/bin/smbumount + + # Set some reasonable default perms for the samba logdir. + chmod 0750 $(DESTDIR)/var/log/samba/ + chown root.adm $(DESTDIR)/var/log/samba/ + + dh_installdeb +# dh_makeshlibs +# dh_perl + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary install configure diff --git a/packaging/Debian/debian/rules.old b/packaging/Debian/debian/rules.old new file mode 100644 index 00000000000..ac322185a9d --- /dev/null +++ b/packaging/Debian/debian/rules.old @@ -0,0 +1,194 @@ +#!/usr/bin/make -f +# Made with the iad of dh_make, by Craig Small +# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. +# Also some stuff taken from debmake scripts, by Cristopt Lameter. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +BVARS = BASEDIR=/usr \ + LIBDIR=/etc/samba \ + SMB_PASSWD_FILE=/etc/samba/smbpasswd \ + SMBLOGFILE=/var/log/smb NMBLOGFILE=/var/log/nmb \ + LOCKDIR=/var/samba \ + SWATDIR=/usr/share/samba/swat + +DESTDIR=`pwd`/debian/tmp +SWATDIR=`pwd`/debian/swat +SAMBABOOK=`pwd`/debian/swat + +IVARS = BASEDIR=$(DESTDIR)/usr \ + BINDIR=$(DESTDIR)/usr/bin \ + SBINDIR=$(DESTDIR)/usr/sbin \ + MANDIR=$(DESTDIR)/usr/share/man \ + LIBDIR=$(DESTDIR)/etc/samba \ + VARDIR=$(DESTDIR)/var/samba \ + SWATDIR=$(SWATDIR)/usr/share/samba/swat \ + SAMBABOOK=$(SAMBABOOK)/usr/share/samba/swat/using_samba + +build: build-stamp +build-stamp: + dh_testdir + + # Compile the Samba package first + [ -f source/Makefile ] || (cd source && ./configure --prefix=/usr --exec-prefix=/usr --with-netatalk --with-smbmount --with-pam --with-syslog --with-sambabook --with-utmp) + $(MAKE) -C source $(BVARS) all smbtorture rpctorture debug2html + + # Now compile the old smbfs package + $(MAKE) -C source/smbfs-2.0.x + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp install-stamp + + # Clean first the Samba package +# -$(MAKE) -C source realclean + -$(MAKE) -C source distclean +# -$(MAKE) -C source clean + rm -f source/bin/{rpctorture,smbtorture,debug2html} + + # Now clean the old smbfs-2.0.x package + -$(MAKE) -C source/smbfs-2.0.x clean + + dh_clean + +install: install-stamp +install-stamp: build-stamp + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) -C source install $(IVARS) + + # Install other stuff not installed by "make install" + install -m 0755 source/script/mksmbpasswd.sh $(DESTDIR)/usr/sbin/mksmbpasswd + install -m 0755 source/bin/smbtorture $(DESTDIR)/usr/bin/ + install -m 0755 debian/sambaconfig $(DESTDIR)/usr/sbin/ + + # Create the symlink that will allow us to do "mount -t smbfs ...". + # Create also a symlink that will allow "mount -t smb ..." to + # work too. The symlink is created in $(DESTDIR)/sbin/ but + # will be moved by dh_movefiles to the smbfs package later on. + ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smbfs + ln -s /usr/bin/smbmount $(DESTDIR)/sbin/mount.smb + + # To avoid duplication of a large number of files, the swat package + # does not contain the "Using Samba" book nor the HTML docs. + # Instead, these are provided by the samba-doc package and + # are accessed through symlinks provided in the swat package. + # Here we create the symlink for the book, and the symlinks + # for the HTML files are created by the script installswat.sh. + ln -s /usr/share/doc/samba-doc/htmldocs/using_samba $(SAMBABOOK)/usr/share/samba/swat/using_samba + + # Install man pages for files without man pages in the upstream dist. + install -m 0644 debian/sambaconfig.8 $(DESTDIR)/usr/share/man/man8/sambaconfig.8 + install -m 0644 debian/addtosmbpass.8 $(DESTDIR)/usr/share/man/man8/addtosmbpass.8 + install -m 0644 debian/mksmbpasswd.8 $(DESTDIR)/usr/share/man/man8/mksmbpasswd.8 + + # Delete unwanted stuff leftover from "make install" + + # smbrun is not longer needed by smbd, so delete its man page + rm $(DESTDIR)/usr/share/man/man1/smbrun.1 + + # The smbwrapper package is not being generated anymore, so we must + # delete the related man pages. + rm $(DESTDIR)/usr/share/man/man1/smbsh.1 + + # We need to rename the SMB mount utilities so they don't have the same + # names as the files in the smbfs package. + mv $(DESTDIR)/usr/bin/smbmount $(DESTDIR)/usr/bin/smbmount-2.2.x + mv $(DESTDIR)/usr/bin/smbumount $(DESTDIR)/usr/bin/smbumount-2.2.x + mv $(DESTDIR)/usr/share/man/man8/smbmount.8 $(DESTDIR)/usr/share/man/man8/smbmount-2.2.x.8 + mv $(DESTDIR)/usr/share/man/man8/smbumount.8 $(DESTDIR)/usr/share/man/man8/smbumount-2.2.x.8 + + # These files are not part of the main samba package, move to where they + # belong... + #mv $(DESTDIR)/usr/bin/smbwrapper.so debian/smbwrapper/usr/share/samba/ + + # The smbmnt, smbmount-2.2.x and smbumount-2.2.x binaries must + # be setuid-root. + chmod u+s $(DESTDIR)/usr/bin/smbmnt $(DESTDIR)/usr/bin/smbmount-2.2.x $(DESTDIR)/usr/bin/smbumount-2.2.x + + # Install samba-common's conffiles + cp debian/smb.conf $(DESTDIR)/etc/samba/ + cp debian/samba.pamd $(DESTDIR)/etc/pam.d/samba + + # OK, now it's time to install the smbfs-2.0.2 files + $(MAKE) -C source/smbfs-2.0.x install $(IVARS) + + # Rename the old smbfs utilities to more convenient names + mv $(DESTDIR)/usr/bin/smbmount $(DESTDIR)/usr/bin/smbmount-2.0.x + mv $(DESTDIR)/usr/bin/smbumount $(DESTDIR)/usr/bin/smbumount-2.0.x + mv $(DESTDIR)/usr/share/man/man8/smbmount.8 $(DESTDIR)/usr/share/man/man8/smbmount-2.0.x.8 + mv $(DESTDIR)/usr/share/man/man8/smbumount.8 $(DESTDIR)/usr/share/man/man8/smbumount-2.0.x.8 + + # Now install the smbmount and smbumount wrappers and its man pages + install debian/smbmount.sh $(DESTDIR)/usr/bin/smbmount + install debian/smbumount.sh $(DESTDIR)/usr/bin/smbumount + install -m 0644 debian/smbmount.8 $(DESTDIR)/usr/share/man/man8/smbmount.8 + install -m 0644 debian/smbumount.8 $(DESTDIR)/usr/share/man/man8/smbumount.8 + + # Install some docs. that go in "unusual" places + cp README-smbmount debian/smbfs/usr/share/doc/smbfs/2.2.x/ + cp source/smbfs-2.0.x/{FAQ,README,smbfs-2.0.2.lsm,Changes} debian/smbfs/usr/share/doc/smbfs/2.0.x/ + + dh_movefiles + touch install-stamp + +# Build architecture-independent files here. +binary-indep: build install +# dh_testversion + dh_testdir -i + dh_testroot -i + dh_installdocs -i -A docs/textdocs/DIAGNOSIS.txt + dh_installexamples -i +# dh_installmenu -i +# dh_installemacsen -i +# dh_installinit -i +# dh_installcron -i +# dh_installmanpages -i + dh_undocumented + dh_installchangelogs -i + dh_compress -i +# dh_suidregister -i + dh_fixperms -i + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir -a + dh_testroot -a + dh_installdocs -a -A docs/textdocs/DIAGNOSIS.txt -A debian/README.linux + dh_installexamples -a +# dh_installmenu -a +# dh_installemacsen -a + dh_installinit -a + dh_installcron -a +# dh_installmanpages -a + dh_undocumented + dh_installchangelogs -a + dh_strip -a + dh_compress -a + dh_suidregister -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a +# dh_makeshlibs -a + dh_md5sums -a + dh_builddeb -a + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary diff --git a/packaging/Debian/debian/rules.smbwrapper b/packaging/Debian/debian/rules.smbwrapper new file mode 100644 index 00000000000..e3c72ee47c4 --- /dev/null +++ b/packaging/Debian/debian/rules.smbwrapper @@ -0,0 +1,172 @@ +#!/usr/bin/make -f +# Made with the iad of dh_make, by Craig Small +# Sample debian/rules that uses debhelper. GNU copyright 1997 by Joey Hess. +# Also some stuff taken from debmake scripts, by Cristopt Lameter. + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +BVARS = BASEDIR=/usr \ + LIBDIR=/etc/samba \ + SMB_PASSWD_FILE=/etc/samba/smbpasswd \ + SMBLOGFILE=/var/log/smb NMBLOGFILE=/var/log/nmb \ + LOCKDIR=/var/samba \ + SWATDIR=/usr/share/samba/swat + +DESTDIR=`pwd`/debian/tmp +SWATDIR=`pwd`/debian/swat + +IVARS = BASEDIR=$(DESTDIR)/usr \ + BINDIR=$(DESTDIR)/usr/bin \ + SBINDIR=$(DESTDIR)/usr/sbin \ + MANDIR=$(DESTDIR)/usr/share/man \ + LIBDIR=$(DESTDIR)/etc/samba \ + VARDIR=$(DESTDIR)/var/samba \ + SWATDIR=$(SWATDIR)/usr/share/samba/swat + +build: build-stamp +build-stamp: + dh_testdir + + # Compile the Samba package first + [ -f source/Makefile ] || (cd source && ./configure --prefix=/usr --exec-prefix=/usr --with-netatalk --with-smbmount --with-smbwrapper) + $(MAKE) -C source $(BVARS) all smbtorture rpctorture debug2html + + # Now compile the old smbfs package + $(MAKE) -C source/smbfs-2.0.x + + touch build-stamp + +clean: + dh_testdir + dh_testroot + rm -f build-stamp install-stamp + + # Clean first the Samba package +# -$(MAKE) -C source realclean + -$(MAKE) -C source distclean +# -$(MAKE) -C source clean + rm -f source/bin/{rpctorture,smbtorture,debug2html} + + # Now clean the old smbfs-2.0.x package + -$(MAKE) -C source/smbfs-2.0.x clean + + dh_clean + +install: install-stamp +install-stamp: build-stamp + dh_testdir + dh_testroot + dh_clean -k + dh_installdirs + + # Add here commands to install the package into debian/tmp. + $(MAKE) -C source install $(IVARS) + + # Install other stuff not installed by "make install" + install -m 0755 source/script/mksmbpasswd.sh $(DESTDIR)/usr/sbin/mksmbpasswd + install -m 0755 source/bin/smbtorture $(DESTDIR)/usr/bin/ + install -m 0755 debian/sambaconfig $(DESTDIR)/usr/sbin/ + install -m 0755 source/smbadduser $(DESTDIR)/usr/sbin/ + + # Install man pages for files without man pages in the upstream dist. + install -m 0644 debian/sambaconfig.8 $(DESTDIR)/usr/share/man/man8/sambaconfig.8 + install -m 0644 debian/addtosmbpass.8 $(DESTDIR)/usr/share/man/man8/addtosmbpass.8 + install -m 0644 debian/mksmbpasswd.8 $(DESTDIR)/usr/share/man/man8/mksmbpasswd.8 + + # Delete unwanted stuff leftover from "make install" + + # smbrun is not longer needed by smbd, so delete its man page + rm $(DESTDIR)/usr/share/man/man1/smbrun.1 + + # We need to rename the SMB mount utilities so they don't have the same + # names as the files in the smbfs package. + mv $(DESTDIR)/usr/bin/smbmount $(DESTDIR)/usr/bin/smbmount-2.2.x + mv $(DESTDIR)/usr/bin/smbumount $(DESTDIR)/usr/bin/smbumount-2.2.x + mv $(DESTDIR)/usr/share/man/man8/smbmount.8 $(DESTDIR)/usr/share/man/man8/smbmount-2.2.x.8 + mv $(DESTDIR)/usr/share/man/man8/smbumount.8 $(DESTDIR)/usr/share/man/man8/smbumount-2.2.x.8 + + # These files are not part of the main samba package, move to where they + # belong... + mv $(DESTDIR)/usr/bin/smbwrapper.so debian/smbwrapper/usr/share/samba/ + + # The smbmnt, smbmount-2.2.x and smbumount-2.2.x binaries must + # be setuid-root. + chmod u+s $(DESTDIR)/usr/bin/smbmnt $(DESTDIR)/usr/bin/smbmount-2.2.x $(DESTDIR)/usr/bin/smbumount-2.2.x + + # Install samba-common's conffiles + cp debian/smb.conf $(DESTDIR)/etc/samba/ + + + # OK, now it's time to install the smbfs-2.0.2 files + $(MAKE) -C source/smbfs-2.0.x install $(IVARS) + + # Rename the old smbfs utilities to more convenient names + mv $(DESTDIR)/usr/bin/smbmount $(DESTDIR)/usr/bin/smbmount-2.0.x + mv $(DESTDIR)/usr/bin/smbumount $(DESTDIR)/usr/bin/smbumount-2.0.x + mv $(DESTDIR)/usr/share/man/man8/smbmount.8 $(DESTDIR)/usr/share/man/man8/smbmount-2.0.x.8 + mv $(DESTDIR)/usr/share/man/man8/smbumount.8 $(DESTDIR)/usr/share/man/man8/smbumount-2.0.x.8 + + # Now install the smbmount and smbumount wrappers + install debian/smbmount.sh $(DESTDIR)/usr/bin/smbmount + install debian/smbumount.sh $(DESTDIR)/usr/bin/smbumount + + # Install some docs. that go in "unusual" places + cp README-smbmount debian/smbfs/usr/share/doc/smbfs/2.2.x/ + cp source/smbfs-2.0.x/{FAQ,README,smbfs-2.0.2.lsm,Changes} debian/smbfs/usr/share/doc/smbfs/2.0.x/ + + dh_movefiles + touch install-stamp + +# Build architecture-independent files here. +binary-indep: build install +# dh_testversion + dh_testdir -i + dh_testroot -i + dh_installdocs -i -A docs/textdocs/DIAGNOSIS.txt + dh_installexamples -i +# dh_installmenu -i +# dh_installemacsen -i +# dh_installinit -i +# dh_installcron -i +# dh_installmanpages -i + dh_undocumented + dh_installchangelogs -i + dh_compress -i +# dh_suidregister -i + dh_fixperms -i + dh_installdeb -i + dh_gencontrol -i + dh_md5sums -i + dh_builddeb -i + +# Build architecture-dependent files here. +binary-arch: build install +# dh_testversion + dh_testdir -a + dh_testroot -a + dh_installdocs -a -A docs/textdocs/DIAGNOSIS.txt + dh_installexamples -a +# dh_installmenu -a +# dh_installemacsen -a + dh_installinit -a + dh_installcron -a +# dh_installmanpages -a + dh_undocumented + dh_installchangelogs -a + dh_strip -a + dh_compress -a + dh_suidregister -a + dh_fixperms -a + dh_installdeb -a + dh_shlibdeps -a + dh_gencontrol -a +# dh_makeshlibs -a + dh_md5sums -a + dh_builddeb -a + +source diff: + @echo >&2 'source and diff are obsolete - use dpkg-source -b'; false + +binary: binary-indep binary-arch +.PHONY: build clean binary-indep binary-arch binary diff --git a/packaging/Debian/debian/samba-common.conffiles b/packaging/Debian/debian/samba-common.conffiles new file mode 100644 index 00000000000..b5703025dde --- /dev/null +++ b/packaging/Debian/debian/samba-common.conffiles @@ -0,0 +1,2 @@ +/etc/samba/smb.conf +/etc/pam.d/samba diff --git a/packaging/Debian/debian/samba-common.files b/packaging/Debian/debian/samba-common.files new file mode 100644 index 00000000000..94f2e25f6a6 --- /dev/null +++ b/packaging/Debian/debian/samba-common.files @@ -0,0 +1,7 @@ +etc/samba/ +usr/bin/nmblookup +usr/bin/smbpasswd +etc/pam.d/ +usr/share/man/man1/nmblookup.1 +usr/share/man/man8/smbpasswd.8 +usr/share/samba/codepages/ diff --git a/packaging/Debian/debian/samba-common.postrm b/packaging/Debian/debian/samba-common.postrm new file mode 100644 index 00000000000..2cd832b33d2 --- /dev/null +++ b/packaging/Debian/debian/samba-common.postrm @@ -0,0 +1,6 @@ +#!/bin/sh + +if [ "$1" = purge ]; then + # Remove any files left in /etc/samba/ + rm -Rf /etc/samba/ +fi diff --git a/packaging/Debian/debian/samba-doc.docs b/packaging/Debian/debian/samba-doc.docs new file mode 100644 index 00000000000..68753e54f08 --- /dev/null +++ b/packaging/Debian/debian/samba-doc.docs @@ -0,0 +1,9 @@ +README +docs/Samba-HOWTO-Collection.pdf +docs/THANKS +docs/announce +docs/history +docs/textdocs/ +docs/faq/ +docs/htmldocs/ +docs/Registry/ diff --git a/packaging/Debian/debian/samba-doc.examples b/packaging/Debian/debian/samba-doc.examples new file mode 100644 index 00000000000..e692dd810f0 --- /dev/null +++ b/packaging/Debian/debian/samba-doc.examples @@ -0,0 +1,3 @@ +examples/ +debian/wins2dns.awk +source/script/smbadduser diff --git a/packaging/Debian/debian/samba.conffiles b/packaging/Debian/debian/samba.conffiles new file mode 100644 index 00000000000..908a791a629 --- /dev/null +++ b/packaging/Debian/debian/samba.conffiles @@ -0,0 +1,3 @@ +/etc/cron.daily/samba +/etc/init.d/samba +/etc/logrotate.d/samba diff --git a/packaging/Debian/debian/samba.cron.daily b/packaging/Debian/debian/samba.cron.daily new file mode 100644 index 00000000000..42fc98d8f6d --- /dev/null +++ b/packaging/Debian/debian/samba.cron.daily @@ -0,0 +1,16 @@ +#!/bin/sh +# +# cron script to save a backup copy of /etc/samba/smbpasswd in /var/backups. +# +# Written by Eloy A. Paris for the Debian project. +# + +BAK=/var/backups + +umask 022 +if cd $BAK; then + # Make sure /etc/samba/smbpasswd exists + if [ -f /etc/samba/smbpasswd ]; then + cmp -s smbpasswd.bak /etc/samba/smbpasswd || cp -p /etc/samba/smbpasswd smbpasswd.bak + fi +fi diff --git a/packaging/Debian/debian/samba.dirs b/packaging/Debian/debian/samba.dirs new file mode 100644 index 00000000000..237603750a1 --- /dev/null +++ b/packaging/Debian/debian/samba.dirs @@ -0,0 +1,11 @@ +sbin +usr/bin +usr/sbin +var/log/samba +var/state/samba +etc/samba +etc/pam.d +usr/share +usr/share/samba +lib/security +usr/lib/cups/backend diff --git a/packaging/Debian/debian/samba.docs b/packaging/Debian/debian/samba.docs new file mode 100644 index 00000000000..187fdd34058 --- /dev/null +++ b/packaging/Debian/debian/samba.docs @@ -0,0 +1,3 @@ +README +Roadmap +WHATSNEW.txt diff --git a/packaging/Debian/debian/samba.init b/packaging/Debian/debian/samba.init new file mode 100644 index 00000000000..8ac2e97148f --- /dev/null +++ b/packaging/Debian/debian/samba.init @@ -0,0 +1,94 @@ +#!/bin/sh +# +# Start/stops the Samba daemons (nmbd and smbd). +# + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DEBIAN_CONFIG=/etc/samba/debian_config + +NMBDPID=/var/state/samba/nmbd.pid +SMBDPID=/var/state/samba/smbd.pid + +# clear conflicting settings from the environment +unset TMPDIR + +# Sanity check: see if Samba has been configured on this system. +if [ ! -f $DEBIAN_CONFIG ]; then + echo "The file $DEBIAN_CONFIG does not exist! There is something wrong" + echo "with the installation of Samba on this system. Please re-install" + echo "Samba. I can't continue!!!" + exit 1 +fi + +# Read current Samba configuration +. $DEBIAN_CONFIG + +# the Samba daemons. + +# If Samba is running from inetd then there is nothing to do +if [ "$run_mode" = "from_inetd" ]; then + # Commented out to close bug #26884 (startup message is rather long). I + # have yet to think how to let the user know that if he/she is running + # Samba from inetd, he can't just "/etc/init.d/samba stop" to stop + # the Samba daemons. +# echo "Warning: Samba is not running as daemons. Daemons not restarted/stopped." +# echo "Daemons will start automatically by inetd (if you wanted to start Samba)." +# echo "If you want to stop Samba, get the PID's of all nmbd and smbd processes" +# echo "and send them a SIGTERM signal but keep in mind that inetd could restart them." + exit 0 +fi + +# See if the daemons are there +test -x /usr/sbin/nmbd -a -x /usr/sbin/smbd || exit 0 + +case "$1" in + start) + echo -n "Starting Samba daemons:" + + echo -n " nmbd" + start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- -D + + echo -n " smbd" + start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- -D + + echo "." + ;; + stop) + echo -n "Stopping Samba daemons:" + + echo -n " nmbd" + start-stop-daemon --stop --quiet --pidfile $NMBDPID + + echo -n " smbd" + start-stop-daemon --stop --quiet --pidfile $SMBDPID + + echo "." + ;; + reload) + echo -n "Reloading /etc/samba/smb.conf (smbd only)" + start-stop-daemon --stop --signal HUP --pidfile $SMBDPID + + echo "." + ;; + restart|force-reload) + echo -n "Restarting Samba daemons:" + + echo -n " nmbd" + start-stop-daemon --stop --quiet --pidfile $NMBDPID + sleep 2 + start-stop-daemon --start --quiet --exec /usr/sbin/nmbd -- -D + + echo -n " smbd" + start-stop-daemon --stop --quiet --pidfile $SMBDPID + sleep 2 + start-stop-daemon --start --quiet --exec /usr/sbin/smbd -- -D + + echo "." + ;; + *) + echo "Usage: /etc/init.d/samba {start|stop|reload|restart|force-reload}" + exit 1 + ;; +esac + +exit 0 diff --git a/packaging/Debian/debian/samba.logrotate b/packaging/Debian/debian/samba.logrotate new file mode 100644 index 00000000000..d264ce3d71b --- /dev/null +++ b/packaging/Debian/debian/samba.logrotate @@ -0,0 +1,21 @@ +/var/log/samba/log.smbd { + weekly + missingok + rotate 7 + postrotate + killall -q -HUP smbd || true + endscript + compress + notifempty +} + +/var/log/samba/log.nmbd { + weekly + missingok + rotate 7 + postrotate + killall -q -HUP nmbd || true + endscript + compress + notifempty +} diff --git a/packaging/Debian/debian/samba.pamd b/packaging/Debian/debian/samba.pamd new file mode 100644 index 00000000000..1a5a14c7089 --- /dev/null +++ b/packaging/Debian/debian/samba.pamd @@ -0,0 +1,5 @@ +auth required pam_unix.so nullok +account required pam_unix.so +session required pam_unix.so +password required pam_unix.so + diff --git a/packaging/Debian/debian/samba.postinst b/packaging/Debian/debian/samba.postinst new file mode 100644 index 00000000000..5f42cf4b369 --- /dev/null +++ b/packaging/Debian/debian/samba.postinst @@ -0,0 +1,218 @@ +#!/bin/sh +# +# Post-installation script for the Samba package for Debian GNU/Linux +# +# Written by Eloy A. Paris for the Debian project. +# +# The prerm script (run before the postinst) disables Samba in /etc/inetd.conf +# and stops both nmbd and smbd. So, when this script is run we +# know that neither nmbd nor smbd can start. +# + +case "$1" in + configure) + # continue below + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 0 + ;; +esac + +# Take care of the /usr/doc/ to /usr/shar/doc/ migration. +if [ -d /usr/doc -a ! -e /usr/doc/samba -a -d /usr/share/doc/samba ]; then + ln -sf ../share/doc/samba /usr/doc/samba +fi + +# Starting with Samba 2.0.7-4 the location of the WINS database, the browse +# database and other important run-time files are stored in +# /var/state/samba/ rather than in /var/samba/. The following +# code takes care of moving the files in the old directory to +# the new directory. +if [ -d /var/samba/ ]; then + mv /var/samba/* /var/state/samba/ + rmdir /var/samba/ +fi + +# Define some constants... +DEBIAN_CONFIG=/etc/samba/debian_config +CONFIG_VERSION=1 + +# Now some variables... +samba_configured=no + + +if [ -f $DEBIAN_CONFIG ]; then + . $DEBIAN_CONFIG + if [ "$config_version" -ge "$CONFIG_VERSION" ]; then + samba_configured=yes + fi +fi + +# If Samba is configured we don't want to pester the user with +# configuration questions, just tell him that he can reconfigure +# Samba at any time by running /usr/sbin/sambaconfig. +if [ "$samba_configured" = "no" ]; then + # Samba is not configured, go and ask the user the information needed + # to configure it, and configure it! + + # Create Debian specific configuration file + echo "config_version=$CONFIG_VERSION" > $DEBIAN_CONFIG + + # We always run /etc/init.d/samba, even if we run Samba from inetd. + # This script file takes care of handling the conflict of running + # from inetd or as daemons. + update-rc.d samba defaults >/dev/null + + # We want to add these entries to inetd.conf commented out. Otherwise + # UDP traffic could make inetd to start nmbd or smbd right during + # the configuration stage. + update-inetd --add "## netbios-ssn stream tcp nowait root /usr/sbin/tcpd /usr/sbin/smbd" + update-inetd --add "## netbios-ns dgram udp wait root /usr/sbin/tcpd /usr/sbin/nmbd -a" + + echo "" + echo Samba Configuration + echo ------------------- + echo "The Samba server may be run either as a daemon at startup, or it may be" + echo "run from the inetd meta-daemon upon request. If run as a daemon, the" + echo "server will always be ready, so starting sessions will be faster. If run" + echo "from the inetd meta-daemon some memory will be saved and utilities such" + echo "as the tcpd TCP-wrapper may be used for extra security. If you don't" + echo "know what to do, running from inetd is a safe choice." + echo "" + echo "Run Samba as daemons or from inetd?" + echo -n "Press 'D' to run as daemons or 'I' to run from inetd: [I] " + + read mode + test -n "$mode" || mode="I" + + case "$mode" in + [Dd]*) + echo "Samba will run as daemons. Run sambaconfig to reconfigure" + update-inetd --disable netbios-ssn + update-inetd --disable netbios-ns + echo "run_mode=as_daemons" >> $DEBIAN_CONFIG + ;; + + *) + echo "Samba will run from inetd. Run sambaconfig to reconfigure" + update-inetd --enable netbios-ssn + update-inetd --enable netbios-ns + echo "run_mode=from_inetd" >> $DEBIAN_CONFIG + ;; + esac + + if [ ! -f /etc/samba/smbpasswd ]; then + echo "" + echo "If you are going to use encrypted passwords you need to have a" + echo "separate password file for this (the format is different from " + echo "/etc/passwd). Right now you don't have an /etc/samba/smbpasswd file." + echo "Do you want to generate this new file from your existing" + echo -n "/etc/passwd file? [y/N] " + + read yn + test -n "$yn" || yn="N" + + if [ $yn = y -o $yn = Y ]; then + cat /etc/passwd | /usr/sbin/mksmbpasswd > /etc/samba/smbpasswd + chmod 600 /etc/samba/smbpasswd + echo "" + echo "/etc/samba/smbpasswd now has the same user names as /etc/passwd. However," + echo "you need to run smbpasswd manually to set the password for each user." + echo "" + echo "smbpasswd_created=yes" >> $DEBIAN_CONFIG + else + echo "smbpasswd_created=no" >> $DEBIAN_CONFIG + fi + fi + + echo "" + + # Start Samba: nothing wrong will happen if Samba is running from inetd + # and /etc/init.d/samba is run. However, to simplify things, we + # do not run /etc/init.d/samba if we're running from inetd. + + if [ $mode = d -o $mode = D ]; then + echo -n "Samba will run as daemons - start Samba now? [Y/n] " + read yn + test -n "$yn" || yn="Y" + + case "$yn" in + [Nn]*) + echo "Not started; to start later, do: /etc/init.d/samba start" + echo -n "Press [ENTER] " + read line + ;; + + *) + /etc/init.d/samba start + ;; + esac + else + echo "Since you are running Samba from inetd, the daemons will start" + echo "automatically by inetd when there is traffic on the NetBIOS" + echo "ports." + echo -n "Press [ENTER] " + read line + fi +else # if (samba_configured) ... + # We are here because Samba was already configured... + + # At this point the NetBIOS daemons are disabled in /etc/inetd.conf. + # This is a consequence of what we did in the prerm. If Samba was + # configured to run from inetd we need to enable the entries in + # /etc/inetd.conf. + + # Read current Samba configuration + . $DEBIAN_CONFIG + + if [ "$run_mode" = "from_inetd" ]; then + update-inetd --enable netbios-ssn + update-inetd --enable netbios-ns + fi + + echo "" + echo "Samba was already installed and configured so I skipped the " + echo "configuration questions. You can run the script /usr/sbin/sambaconfig" + echo "at any time to reconfigure Samba. See sambaconfig(8) for more" + echo "details. I will not even ask you if you want to restart Samba," + echo "I will just do it!" + echo "" + + /etc/init.d/samba start +fi # if (samba_configured) ... + +if test "$1" = configure && dpkg --compare-versions "$2" lt 2.0.0final-2 && [ -f /etc/samba/smbpasswd ]; then + + cat << EOF + +*** IMPORTANT *** + +The format of the smbpasswd file (which is used only if you are using +encrypted passwords) is different in Samba 2.0.0 and above. I will +convert it to the new format. + +EOF + + mv /etc/samba/smbpasswd /etc/samba/smbpasswd.old + cat /etc/samba/smbpasswd.old | /usr/bin/convert_smbpasswd \ + > /etc/samba/smbpasswd 2> /dev/null +fi + +# This check is a safety net: the /etc/samba/smbpasswd file must have +# permissions 600. +if [ -f /etc/samba/smbpasswd ]; then + chmod 600 /etc/samba/smbpasswd +fi + +# Do the same check for /var/backup/smbpasswd.bak, just in case. +if [ -f /var/backups/smbpasswd.bak ]; then + chmod 600 /var/backups/smbpasswd.bak +fi + +exit 0 diff --git a/packaging/Debian/debian/samba.postrm b/packaging/Debian/debian/samba.postrm new file mode 100644 index 00000000000..73b2f0d0a1f --- /dev/null +++ b/packaging/Debian/debian/samba.postrm @@ -0,0 +1,26 @@ +#!/bin/sh + +if [ "$1" = purge ]; then + update-rc.d samba remove >/dev/null + + # Remove WINS.DAT, BROWSE.DAT and lock information file + rm -Rf /var/samba/ + + # Remove any files in the old and obsolete /var/lock/samba directory + rm -Rf /var/lock/samba/ + + # Remove files left in /etc/samba/ + rm -Rf /etc/samba/debian_config + rm -Rf /etc/samba/MACHINE.SID + + # Remove log files + rm -f /var/log/[ns]mb* + + # Remove NetBIOS entries from /etc/inetd.conf + update-inetd --remove netbios-ssn + update-inetd --remove netbios-ns +else + # Not purging, do not remove NetBIOS entries from /etc/inetd.conf + update-inetd --disable netbios-ssn + update-inetd --disable netbios-ns +fi diff --git a/packaging/Debian/debian/samba.preinst b/packaging/Debian/debian/samba.preinst new file mode 100644 index 00000000000..6ebefb8fb1b --- /dev/null +++ b/packaging/Debian/debian/samba.preinst @@ -0,0 +1,47 @@ +#!/bin/sh +# +# The purpose of the preinst script for the samba package is to help +# the migration of the conffiles smb.conf and smbpasswd from their +# old location (/etc/) to their new location (/etc/samba/). +# +# Thanks to Ben Pfaff for sharing on debian-devel +# his ideas about how to move conffiles to new locations. +# + +# First see if a smb.conf file currently exists. +test -f /etc/smb.conf || exit 0 + +# Now see if a smb.conf file exists in the new location. +test -e /etc/samba/smb.conf && exit 0 + +# +# Move smb.conf conffile from its old location (/etc/) to its new one +# (/etc/samba). +# +# If conffile exists in old location AND conffile does not exist on new +# location then... +# +if [ -f /etc/smb.conf -a ! -e /etc/samba/smb.conf ]; then + # The new location for the conffile should not exist yet, so we create the + # dir. + mkdir -p /etc/samba + + # Finally, move the conffile to its new location. + mv /etc/smb.conf /etc/samba/smb.conf +fi + +# +# Move smbpasswd conffile from its old location (/etc/) to its new one +# (/etc/samba). +# +# If conffile exists in old location AND conffile does not exist on new +# location then... +# +if [ -f /etc/smbpasswd -a ! -e /etc/samba/smbpasswd ]; then + # The new location for the conffile should not exist yet, so we create the + # dir. + mkdir -p /etc/samba + + # Finally, move the conffile to its new location. + mv /etc/smbpasswd /etc/samba/smbpasswd +fi diff --git a/packaging/Debian/debian/samba.prerm b/packaging/Debian/debian/samba.prerm new file mode 100644 index 00000000000..acd6d087b5c --- /dev/null +++ b/packaging/Debian/debian/samba.prerm @@ -0,0 +1,74 @@ +#!/bin/sh +# +# Pre-removal script for the Samba package for Debian GNU/Linux. +# +# Written by Eloy A. Paris for the Debian project. +# + +DEBIAN_CONFIG=/etc/samba/debian_config + +NMBDPID=/var/state/samba/nmbd.pid +SMBDPID=/var/state/samba/smbd.pid + +# The most important thing the prerm script must do is to stop the Samba +# daemons (nmbd and smbd). Note that this can be tricky since Samba +# can be running from the inetd meta-daemon or as daemons (it's a +# user choice). + +# Before we stop Samba we need to know how it is running (from inetd +# or as daemons). We could source in the debian_config file but it +# is safer to grep /etc/inetd.conf. +if grep -q '^netbios-ns' /etc/inetd.conf; then + # Samba is running from inetd. We need to disable the Samba daemons + # in /etc/inetd.conf before we stop the daemons. Otherwise traffic + # in the NetBIOS ports will make inetd start them again. + # + # Note: user preferences regarding the mode he/she wants Samba to + # be run (inetd or daemons) will be lost next. In the postinst + # we depend on the information present in the debian_config + # file to restore everything back to the way it was. + update-inetd --disable netbios-ssn + update-inetd --disable netbios-ns + + # Now it is safe to stop the daemons... + + # I have just recalled that old versions of nmbd and smbd did not store + # their PID's in /var/samba/state/ (or whatever directory + # was used for this purpose in configure), so I can't use + # --pidfile in start-stop-daemon to stop nmbd or smbd. I + # will handle this by testing first whether the PID file exists. + if [ -f $NMBDPID ]; then + start-stop-daemon --stop --oknodo --user root --name nmbd --quiet --pidfile $NMBDPID + else + start-stop-daemon --stop --oknodo --user root --name nmbd --quiet + fi + + # nmbd must be dead by now, now it's smbd's turn + if [ -f $SMBDPID ]; then + start-stop-daemon --stop --oknodo --user root --name smbd --quiet --pidfile $SMBDPID + else + start-stop-daemon --stop --oknodo --user root --name smbd --quiet + fi +elif [ -x /etc/init.d/samba ]; then # Old Samba packages didn't have a + # /etc/init.d/samba so we better + # check first. + # Samba is running as daemons. No problem here, just stop Samba... + /etc/init.d/samba stop +fi + +if [ \( "$1" = "upgrade" -o "$1" = "remove" \) -a -L /usr/doc/samba ]; then + rm -f /usr/doc/samba +fi + +# Make sure there are no nmbd or smbd daemons running (security check) +# (as you see this code is commented out - so far I haven't had the need +# to do this sanity check - peloy, Aug. 23, 1998) +#ps -ax | grep nmbd +#if [ $? ... ]; then +# killall -9 nmbd +#fi + +#ps -ax | grep smbd +#if [ $? ... ]; then +# killall -9 smbd +#fi diff --git a/packaging/Debian/debian/sambaconfig b/packaging/Debian/debian/sambaconfig new file mode 100644 index 00000000000..0d35a519670 --- /dev/null +++ b/packaging/Debian/debian/sambaconfig @@ -0,0 +1,130 @@ +#!/bin/sh +# +# Written by Eloy A. Paris for Debian GNU/Linux. +# + +PATH="/usr/sbin:/usr/bin:/sbin:/bin" +DEBIAN_CONFIG=/etc/samba/debian_config + +NMBDPID=/var/state/samba/nmbd.pid +SMBDPID=/var/state/samba/smbd.pid + +if [ ! -f $DEBIAN_CONFIG ]; then + echo "The file $DEBIAN_CONFIG does not exist! There is something wrong" + echo "with the installation of Samba on this system. Please re-install" + echo "Samba." + exit 1 +fi + +# Read current Samba configuration +. $DEBIAN_CONFIG + +reload=1 + +while [ $# -gt 0 ] +do + case "$1" in + --run-from-inetd) + run_from_inetd=1 + shift + ;; + + --run-as-daemons) + run_from_inetd=0 + shift + ;; + --no-reload) + reload=0 + shift + ;; + + *) + echo "Usage: $0 [--run-from-inetd|--run-as-daemons] [no-reload]" >&2 + exit 1 + ;; + esac +done + +# Make sure there are no Samba daemons (nmbd or smbd) running +# + +if [ "$run_mode" = "from_inetd" ]; then + # Samba is running from inetd - need to disable inetd before + # killing the daemons. + update-inetd --disable netbios-ssn + update-inetd --disable netbios-ns + start-stop-daemon --stop --oknodo --user root --name nmbd --quiet --pidfile $NMBDPID + start-stop-daemon --stop --oknodo --user root --name smbd --quiet --pidfile $SMBDPID +else + # Samba is running as daemons + /etc/init.d/samba stop +fi + +if [ "x$run_from_inetd" = "x" ] +then + echo "Run Samba as daemons or from inetd?" + echo -n "Press 'D' for to run as daemons or 'I' to run from inetd: [I] " + + read mode + test -n "$mode" || mode="I" + + case "$mode" in + [Dd]*) + run_from_inetd=0 + ;; + + *) + run_from_inetd=1 + ;; + esac +fi + +if [ "$run_from_inetd" = 1 ]; then + echo "Samba will run from inetd. Run sambaconfig to reconfigure." + echo "" + update-inetd --enable netbios-ssn + update-inetd --enable netbios-ns + run_mode="from_inetd" +else + echo "Samba will run as daemons. Run sambaconfig to reconfigure." + echo "" + update-inetd --disable netbios-ssn + update-inetd --disable netbios-ns + run_mode="as_daemons" +fi + +# Rebuild Debian configuration file (only thing that could have +# changed so far is the variable called "run_mode". + +# Start the Samba daemons (take care of whether the user used the --no-reload +# option and how Samba is running: from inetd or as daemons) +echo "config_version=$config_version" > $DEBIAN_CONFIG +echo "run_mode=$run_mode" >> $DEBIAN_CONFIG +echo "smbpasswd_created=$smbpasswd_created" >> $DEBIAN_CONFIG + +if [ "$reload" = 0 ]; then + echo "Samba will not start (--no-reload parameter provided). Please note" + echo "that if you configured Samba to run from inetd, the Samba daemons" + echo "will start automatically when there is traffic in the NetBIOS ports" +elif [ "$run_from_inetd" = 1 ]; then + echo "The --no-reload parameter was not provided so I assume you want" + echo "to have the Samba daemons started. Since you are running from inetd" + echo "the Samba daemosn will start automatically when there is traffic" + echo "in the NetBIOS ports." +else + echo -n "The --no-reload parameter was not provided, start Samba now? [Y/n] " + read yn + test -n "$yn" || yn="Y" + + case "$yn" in + [Nn]*) + echo "Not started; to start later, do: /etc/init.d/samba start" + echo -n "Press [ENTER] " + read line + ;; + + *) + /etc/init.d/samba start + ;; + esac +fi diff --git a/packaging/Debian/debian/sambaconfig.8 b/packaging/Debian/debian/sambaconfig.8 new file mode 100644 index 00000000000..2a0aaa9aa31 --- /dev/null +++ b/packaging/Debian/debian/sambaconfig.8 @@ -0,0 +1,40 @@ +.TH SAMBACONFIG 8 06-Apr-1998 +.SH NAME +sambaconfig \- configure Samba for Debian systems +.SH SYNOPSIS +sambaconfig [--run-from-inetd|--run-as-daemons] [--no-reload] +.SH DESCRIPTION +.B sambaconfig +is used to simplify the configuration of samba(8) for use on Debian +systems. +.PP +You may run this program to (re)configure samba for your Debian system +at any time. +.PP +Normally +.B sambaconfig +will ask if you want to reload the Samba daemons after making changes to its +configuration. The --no-reload option will avoid this question. Note +that if Samba is running from inetd and --no-reload is not supplied no +questions is asked because Samba will start automatically from inetd +when there is traffic on the NetBIOS ports. +.SH FILES +.TP +/etc/inetd.conf +If the lines that start the NetBIOS daemons nmbd and smbd are +commented out then Samba will start as daemons from /etc/init.d/start +.TP +/etc/init.d/samba +Script that will start/stop/restart Samba when running as daemons +.TP +/etc/samba/smbpasswd +Encrypted passwords file for the Samba daemons +.TP +/etc/samba/debian_config +Debian specific configuration information, it holds the mode in which +Samba is running (from inetd or as daemons). +.SH SEE ALSO +samba(7), nmbd(8), smbd(8) +.SH AUTHOR +Eloy A. Paris (man page based on sendmailconfig's man page +by Robert Leslie ) diff --git a/packaging/Debian/debian/scripts/patch-source b/packaging/Debian/debian/scripts/patch-source new file mode 100755 index 00000000000..a95a0020488 --- /dev/null +++ b/packaging/Debian/debian/scripts/patch-source @@ -0,0 +1,7 @@ +#!/bin/sh -e + +for patch in debian/patches/*.patch; do + patch -p1 < $patch +done + +exit 0 diff --git a/packaging/Debian/debian/scripts/unpatch-source b/packaging/Debian/debian/scripts/unpatch-source new file mode 100755 index 00000000000..81d51f7dd4e --- /dev/null +++ b/packaging/Debian/debian/scripts/unpatch-source @@ -0,0 +1,7 @@ +#!/bin/sh -e + +for patch in debian/patches/*.patch; do + patch -p1 -R < $patch +done + +exit 0 diff --git a/packaging/Debian/debian/smb.conf b/packaging/Debian/debian/smb.conf new file mode 100644 index 00000000000..14cc20f49c4 --- /dev/null +++ b/packaging/Debian/debian/smb.conf @@ -0,0 +1,147 @@ +; +; /etc/samba/smb.conf +; +; Sample configuration file for the Samba suite for Debian GNU/Linux +; +; Please see the manual page for smb.conf for detailed description of +; every parameter. +; + +[global] + printing = bsd + printcap name = /etc/printcap + load printers = yes + guest account = nobody + invalid users = root + +; "security = user" is always a good idea. This will require a Unix account +; in this server for every user accessing the server. + security = user + +; Change this for the workgroup your Samba server will part of + workgroup = WORKGROUP + + server string = %h server (Samba %v) + +; If you want Samba to log though syslog only then set the following +; parameter to 'yes'. Please note that logging through syslog in +; Samba is still experimental. + syslog only = no + +; We want Samba to log a minimum amount of information to syslog. Everything +; should go to /var/log/{smb,nmb} instead. If you want to log through +; syslog you should set the following parameter to something higher. + syslog = 0; + +; This socket options really speed up Samba under Linux, according to my +; own tests. + socket options = IPTOS_LOWDELAY TCP_NODELAY SO_SNDBUF=4096 SO_RCVBUF=4096 + +; Passwords are encrypted by default. This way the latest Windows 95 and NT +; clients can connect to the Samba server with no problems. + encrypt passwords = yes + +; It's always a good idea to use a WINS server. If you want this server +; to be the WINS server for your network change the following parameter +; to "yes". Otherwise leave it as "no" and specify your WINS server +; below (note: only one Samba server can be the WINS server). +; Read BROWSING.txt for more details. + wins support = no + +; If this server is not the WINS server then specify who is it and uncomment +; next line. +; wins server = 172.16.0.10 + +; Please read BROWSING.txt and set the next four parameters according +; to your network setup. There is no valid default so they are commented +; out. +; os level = 0 +; domain master = no +; local master = no +; preferred master = no + +; What naming service and in what order should we use to resolve host names +; to IP addresses + name resolve order = lmhosts host wins bcast + +; This will prevent nmbd to search for NetBIOS names through DNS. + dns proxy = no + +; Name mangling options + + preserve case = yes + short preserve case = yes + +; This boolean parameter controlls whether Samba attempts to sync. the Unix +; password with the SMB password when the encrypted SMB password in the +; /etc/samba/smbpasswd file is changed. + unix password sync = false + +; For Unix password sync. to work on a Debian GNU/Linux system, the following +; parameters must be set (thanks to Augustin Luton +; for sending the correct chat script for +; the passwd program in Debian Potato). + passwd program = /usr/bin/passwd %u + passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n . + +; The following parameter is useful only if you have the linpopup package +; installed. The samba maintainer and the linpopup maintainer are +; working to ease installation and configuration of linpopup and samba. +; message command = /bin/sh -c '/usr/bin/linpopup "%f" "%m" %s; rm %s' & + +; The default maximum log file size is 5 MBytes. That's too big so this +; next parameter sets it to 1 MByte. Currently, Samba rotates log +; files (/var/log/{smb,nmb} in Debian) when these files reach 1000 KBytes. +; A better solution would be to have Samba rotate the log file upon +; reception of a signal, but for now on, we have to live with this. + max log size = 1000 + + obey pam restrictions = yes + +[homes] + comment = Home Directories + browseable = no + +; By default, the home directories are exported read only. Change next +; parameter to "no" if you want to be able to write to them. + read only = yes + +; File creation mask is set to 0700 for security reasons. If you want to +; create files with group=rw permissions, set next parameter to 0775. + create mask = 0700 + +; Directory creation mask is set to 0700 for security reasons. If you want to +; create dirs. with group=rw permissions, set next parameter to 0775. + directory mask = 0700 + +[printers] + comment = All Printers + browseable = no + path = /tmp + printable = yes + public = no + writable = no + create mode = 0700 + +; A sample share for sharing your CD-ROM with others. +;[cdrom] +; comment = Samba server's CD-ROM +; writable = no +; locking = no +; path = /cdrom +; public = yes +; +; The next two parameters show how to auto-mount a CD-ROM when the +; cdrom share is accesed. For this to work /etc/fstab must contain +; an entry like this: +; +; /dev/scd0 /cdrom iso9660 defaults,noauto,ro,user 0 0 +; +; The CD-ROM gets unmounted automatically after the connection to the +; +; If you don't want to use auto-mounting/unmounting make sure the CD +; is mounted on /cdrom +; +; preexec = /bin/mount /cdrom +; postexec = /bin/umount /cdrom + diff --git a/packaging/Debian/debian/smbclient.files b/packaging/Debian/debian/smbclient.files new file mode 100644 index 00000000000..5a660fc8d4e --- /dev/null +++ b/packaging/Debian/debian/smbclient.files @@ -0,0 +1,9 @@ +usr/bin/smbclient +usr/bin/smbtar +usr/bin/rpcclient +usr/bin/smbspool +usr/share/man/man1/smbclient.1 +usr/share/man/man1/smbtar.1 +usr/share/man/man1/rpcclient.1 +usr/share/man/man8/smbspool.8 +usr/lib/cups/backend/smb diff --git a/packaging/Debian/debian/smbfs.files b/packaging/Debian/debian/smbfs.files new file mode 100644 index 00000000000..870db7d6453 --- /dev/null +++ b/packaging/Debian/debian/smbfs.files @@ -0,0 +1,10 @@ +sbin/mount.smbfs +sbin/mount.smb +usr/bin/smbmount +usr/bin/smbumount +usr/bin/smbmnt +usr/share/man/man8/smbmount.8 +usr/share/man/man8/smbumount.8 +usr/share/man/man8/smbmnt.8 +usr/share/man/man8/mount.smb.8 +usr/share/man/man8/mount.smbfs.8 diff --git a/packaging/Debian/debian/smbfs.suid b/packaging/Debian/debian/smbfs.suid new file mode 100644 index 00000000000..9569087fff3 --- /dev/null +++ b/packaging/Debian/debian/smbfs.suid @@ -0,0 +1,5 @@ +usr/bin/smbmnt +usr/bin/smbmount-2.2.x +usr/bin/smbumount-2.2.x +usr/bin/smbmount-2.0.x +usr/bin/smbumount-2.0.x diff --git a/packaging/Debian/debian/smbwrapper.dirs b/packaging/Debian/debian/smbwrapper.dirs new file mode 100644 index 00000000000..fd727bddf05 --- /dev/null +++ b/packaging/Debian/debian/smbwrapper.dirs @@ -0,0 +1,2 @@ +usr/bin +usr/share/samba diff --git a/packaging/Debian/debian/smbwrapper.docs b/packaging/Debian/debian/smbwrapper.docs new file mode 100644 index 00000000000..2924e78734a --- /dev/null +++ b/packaging/Debian/debian/smbwrapper.docs @@ -0,0 +1,2 @@ +source/smbwrapper/README +source/smbwrapper/PORTING diff --git a/packaging/Debian/debian/smbwrapper.files b/packaging/Debian/debian/smbwrapper.files new file mode 100644 index 00000000000..08edbead6e6 --- /dev/null +++ b/packaging/Debian/debian/smbwrapper.files @@ -0,0 +1 @@ +usr/bin/smbsh diff --git a/packaging/Debian/debian/swat.dirs b/packaging/Debian/debian/swat.dirs new file mode 100644 index 00000000000..d5df7df4b8e --- /dev/null +++ b/packaging/Debian/debian/swat.dirs @@ -0,0 +1,2 @@ +usr/sbin +usr/share/samba/swat diff --git a/packaging/Debian/debian/swat.docs b/packaging/Debian/debian/swat.docs new file mode 100644 index 00000000000..afbfcf0c612 --- /dev/null +++ b/packaging/Debian/debian/swat.docs @@ -0,0 +1 @@ +swat/README diff --git a/packaging/Debian/debian/swat.files b/packaging/Debian/debian/swat.files new file mode 100644 index 00000000000..6fed39111be --- /dev/null +++ b/packaging/Debian/debian/swat.files @@ -0,0 +1,2 @@ +usr/sbin/swat +usr/share/man/man8/swat.8 diff --git a/packaging/Debian/debian/swat.postinst b/packaging/Debian/debian/swat.postinst new file mode 100644 index 00000000000..c5ab4890441 --- /dev/null +++ b/packaging/Debian/debian/swat.postinst @@ -0,0 +1,23 @@ +#!/bin/sh + +PATH=/sbin:/bin:/usr/sbin:/usr/bin + +case "$1" in + configure) + ;; + abort-upgrade|abort-remove|abort-deconfigure) + exit 0 + ;; + *) + echo "$0: Unknown action \"$1\"" + exit 0 + ;; +esac + +# Set up swat, turned off by default. +update-inetd --group OTHER --add \ + '## swat\t\tstream\ttcp\tnowait.400\troot\t/usr/sbin/tcpd\t/usr/sbin/swat' + +if [ -d /usr/doc -a ! -e /usr/doc/swat -a -d /usr/share/doc/swat ]; then + ln -sf ../share/doc/swat /usr/doc/swat +fi diff --git a/packaging/Debian/debian/swat.postrm b/packaging/Debian/debian/swat.postrm new file mode 100644 index 00000000000..e203d2855ff --- /dev/null +++ b/packaging/Debian/debian/swat.postrm @@ -0,0 +1,19 @@ +#!/bin/sh + +case "$1" in + purge) + update-inetd --remove '/usr/sbin/swat$' + exit 0 + ;; + remove) + ;; + upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + *) + echo "$0: unknown action \"$1\"" + exit 0 + ;; +esac + +exit 0 + diff --git a/packaging/Debian/debian/wins2dns.awk b/packaging/Debian/debian/wins2dns.awk new file mode 100644 index 00000000000..176868a115d --- /dev/null +++ b/packaging/Debian/debian/wins2dns.awk @@ -0,0 +1,38 @@ +#!/usr/bin/awk -f +# +# Date: Wed, 26 Aug 1998 10:37:39 -0600 (MDT) +# From: Jason Gunthorpe +# To: samba@packages.debian.org +# Subject: Nifty samba script +# +# Here is a really nifty script I just wrote for samba, it takes the wins +# database in /var/samba/wins and writes out two dns files for it. In this +# way network wide wins clients can get into the dns for use by unix +# machines. +# +# Perhaps this could be included in /usr/doc/examples or somesuch. +# + +BEGIN { + FS="#|\""; +FORWARD="/tmp/wins.hosts" +REVERSE="/tmp/wins.rev" +DOMAIN="ven.ra.rockwell.com" +} +$3 == "00" { + split($4,a," " ); + split(a[2],b,"."); + while (sub(" ","-",$2)); + $2=tolower($2); + if (b[1] == "255") + next; + if (length($2) >= 8) + print $2"\ta\t"a[2] > FORWARD + else + print $2"\t\ta\t"a[2] > FORWARD + print b[4]"."b[3]"\t\tptr\t"$2"."DOMAIN"." > REVERSE +} +END { + system("echo killall -HUP named"); +} + diff --git a/packaging/Digital/Instructions b/packaging/Digital/Instructions new file mode 100644 index 00000000000..f764ad350dd --- /dev/null +++ b/packaging/Digital/Instructions @@ -0,0 +1,55 @@ +Copyright (C) 1997-1998 John H Terpstra +E-mail: jht@samba.org + +Subject: Installation Instructions for Digital Unix v4.0 +-------------------------------------------------------- + +1) cd / +2) tar xvf [path-to-]/install.tar +3) cd /usr/local/samba/lib +4) vi smb.conf + +Now modify smb.conf to reflect your site needs. + +5) samba start + +To stop samba: + + samba stop + +You could install samba to run from the system start-up scripts +(recommended) by running ./setup.sh + +Start / Stop Samba as follows:- + + samba [start | stop] + + +Subject: Encrypted password support +----------------------------------- + +Encrypted password support is quite distinct from Digital Enhanced +Security Mode operation of the Unix system. Encrypted passwords +applies to the SMB connections serviced by this machine, not to +local user logons. Local user logons are services by the security +system chosen by your system administrator. + +Digital Unix knows of either BASIC or ENHANCED security mode +operation. BASIC mode uses the traditional /etc/passwd database +containing Unix crypted passwords. ENHANCED mode uses a TCB database. +Samba-1.9.18p10 has been modified so that if OSF1_ENH_SEC is defined +at compile time then a password check will be made first using ENHANCED +mode and if that fails then it will try BASIC mode. This is the case +for this binary distribution - you need not recompile. In other +words: this binary distribution will work with either security mode. + +To enable SMB encrypted password support do the following: + +1) Put /usr/local/samba/bin in your PATH +2) Edit /usr/local/samba/lib/smb.conf and uncomment the + line "encrypt passwd = yes" +3) Execute: smbpasswd -a "username" "password" + +The above will create your /usr/local/samba/private/smbpasswd file +in which will be the NT and LanMAN hashed passwords. + diff --git a/packaging/Digital/PackageDate b/packaging/Digital/PackageDate new file mode 100644 index 00000000000..360e4148aa0 --- /dev/null +++ b/packaging/Digital/PackageDate @@ -0,0 +1 @@ +November 14, 1998, Australia/Sydney diff --git a/packaging/Digital/Packager b/packaging/Digital/Packager new file mode 100644 index 00000000000..75252978dc1 --- /dev/null +++ b/packaging/Digital/Packager @@ -0,0 +1,2 @@ +Date: November 14, 1998 +Packager: John H Terpstra diff --git a/packaging/Digital/Packaging-instructions b/packaging/Digital/Packaging-instructions new file mode 100644 index 00000000000..77eafd312f5 --- /dev/null +++ b/packaging/Digital/Packaging-instructions @@ -0,0 +1,14 @@ +The package building files should be located in a directory +called: samba-2.0.0 + +Step Directions +==== ============================================ +1. Copy the samba distribution tarball into the packaging directory +2. Make sure you have a installed on your system the GNU gzip/gunzip files +3. Edit "package-prep" script as required +4. Run "package-prep" + +If all goes well, you should now have a usable distribution package. + +Note: Update the Instructions file as required. + diff --git a/packaging/Digital/package-prep b/packaging/Digital/package-prep new file mode 100755 index 00000000000..2daee8b69ef --- /dev/null +++ b/packaging/Digital/package-prep @@ -0,0 +1,30 @@ +tar xvf skeleton.tar +NOWDIR=`pwd`; +( cd /usr/local; + if [ -x man ]; then mv man man.orig; fi + if [ -x samba ]; then mv samba samba.orig; fi + ln -sf $NOWDIR/usr/local/man man; + ln -sf $NOWDIR/usr/local/samba samba; ) +gunzip samba-2.0.0.tar.gz +tar xvf samba-2.0.0.tar +cd samba-2.0.0/source +./configure +make +make install +cd $NOWDIR/usr/local/samba +cp -pr man ../ +rm -rf man +cd $NOWDIR +tar cvf install.tar usr var +cd samba-2.0.0/source +rm -f ../source/bin/* +make clean +cd ../.. +tar cvf samba-2.0.0.tar samba-2.0.0 +rm -rf samba-2.0.0 +rm -rf usr var +cd .. +find samba-2.0.0 -print | cpio -o > samba-2.0.0-OSF1-v4.0-beta5.cpio +gzip samba-2.0.0-OSF1-v4.0-beta5.cpio +cd samba-2.0.0 +tar xvf install.tar diff --git a/packaging/Digital/samba.init b/packaging/Digital/samba.init new file mode 100755 index 00000000000..6a742440890 --- /dev/null +++ b/packaging/Digital/samba.init @@ -0,0 +1,34 @@ +#!/bin/sh +# +if [ ! -d /usr/bin ]; then + echo "The /usr file system is not mounted." + exit 1 +fi + +killproc() { + pid=`/bin/ps ax | grep -w $1 | sed -e 's/^ *//' -e 's/ .*//'` + echo "Stopping $1 now." + [ "$pid" != "" ] && kill -15 $pid + echo $pid +} + + +# Start/stop processes required for samba server + +case "$1" in + + 'start') + echo "Starting Samba" + /usr/local/samba/bin/smbd + /usr/local/samba/bin/nmbd + echo "Done." + ;; + 'stop') + killproc smbd + killproc nmbd + ;; + *) + echo "Usage: /sbin/init.d/samba.init [ start | stop ]" + ;; +esac +exit 0 diff --git a/packaging/Digital/setup.sh b/packaging/Digital/setup.sh new file mode 100755 index 00000000000..81b04878bb1 --- /dev/null +++ b/packaging/Digital/setup.sh @@ -0,0 +1,24 @@ +#!/bin/sh + +echo "Setting up for SWAT - The Samba Web Administration Tool" + +echo 'swat 901/tcp' >> /etc/services +uniq /etc/services /tmp/tempserv +cp /tmp/tempserv /etc/services +rm /tmp/tempserv +echo 'swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat' >> /etc/inetd.conf +uniq /etc/inetd.conf /tmp/tempinetd +cp /tmp/tempinetd /etc/inetd.conf +rm /tmp/tempinetd +echo "Creating Symbolic Links for Start up Scripts" +cp -f samba.init /sbin/init.d +chown bin.bin /sbin/init.d/samba.init +chmod 750 /sbin/init.d/samba.init +ln -sf /sbin/init.d/samba.init /sbin/rc0.d/K01samba +ln -sf /sbin/init.d/samba.init /sbin/rc2.d/K91samba +ln -sf /sbin/init.d/samba.init /sbin/rc3.d/S91samba +echo "Done. Now settting up samba command" +ln /sbin/init.d/samba.init /sbin/samba +echo "Done." +echo "To start / stop samba:" +echo " execute: samba [start | stop] diff --git a/packaging/Digital/skeleton.tar b/packaging/Digital/skeleton.tar new file mode 100644 index 00000000000..92598d0c5e7 Binary files /dev/null and b/packaging/Digital/skeleton.tar differ diff --git a/packaging/Example/Instructions b/packaging/Example/Instructions new file mode 100644 index 00000000000..02ffa7b6a8c --- /dev/null +++ b/packaging/Example/Instructions @@ -0,0 +1,41 @@ +Copyright (C) 1997-1998 Samba-Team +E-mail: samba-binaries@samba.org + +Subject: Installation Instructions for SuperNewOS X.X +-------------------------------------------------------- + +1) cd / +2) tar xvf [path-to-samba-package]/install.tar +3) cd /usr/local/samba/lib +4) vi smb.conf + +Now modify smb.conf to reflect your site needs. + +5) samba start + +To stop samba: + + samba stop + +You could install samba to run from the system start-up scripts +(recommended) by running ./setup.sh + +Start / Stop Samba as follows:- + + samba [start | stop] + + +Subject: New Users Must Read This +----------------------------------- +Above ALL else, read the smb.conf man pages _AND_ all text documentation. + +To enable SMB encrypted password support do the following: + +1) Put /usr/local/samba/bin in your PATH +2) Edit /usr/local/samba/lib/smb.conf and uncomment the + line "encrypt passwd = yes" +3) Execute: smbpasswd -a "username" "password" + +The above will create your /usr/local/samba/private/smbpasswd file +in which will be the NT and LanMAN hashed passwords. + diff --git a/packaging/Example/PackageDate b/packaging/Example/PackageDate new file mode 100644 index 00000000000..95cbb0972bf --- /dev/null +++ b/packaging/Example/PackageDate @@ -0,0 +1 @@ +# Month, WeekDay, Date, Year, PreparerCity, Country diff --git a/packaging/Example/Packager b/packaging/Example/Packager new file mode 100644 index 00000000000..f5db3f8c303 --- /dev/null +++ b/packaging/Example/Packager @@ -0,0 +1 @@ +Packager: John Doe diff --git a/packaging/Example/Packaging-instructions b/packaging/Example/Packaging-instructions new file mode 100644 index 00000000000..b598fd68b15 --- /dev/null +++ b/packaging/Example/Packaging-instructions @@ -0,0 +1,16 @@ +The package building files should be located in a +directory called: samba-X.X.X + +Where X.X.X is the version ID. + +Step Directions +==== ============================================ +1. Copy the samba distribution tarball into the packaging directory +2. Make sure you have a installed on your system the GNU gzip/gunzip files +3. Edit "package-prep" script as required +4. Run "package-prep" + +If all goes well, you should now have a usable distribution package. + +Note: Update the Instructions file as required. + diff --git a/packaging/Example/package-prep b/packaging/Example/package-prep new file mode 100755 index 00000000000..e8f5089a865 --- /dev/null +++ b/packaging/Example/package-prep @@ -0,0 +1,51 @@ +#!/bin/sh + +# Extract the skeleton directory structure into which samba will be installed. +tar xvf skeleton.tar + +# Now link the skeleton directory structure into the final install tree. +( cd /usr/local; + mv man man.orig; + mv samba samba.orig; + NOWDIR=`pwd`; + ln -sf $NOWDIR/usr/local/man man; + ln -sf $NOWDIR/usr/local/samba samba; ) + +# Unpack the master source tarball +gunzip samba-X.X.X.tar.gz +tar xvf samba-X.X.X.tar + +# Now build the binary files +cd samba-X.X.X/source +./configure +make +make install + +# Install into the packaging tree that full reflects the final install tree +cd $NOWDIR/usr/local/samba +cp -pr man ../ +rm -rf man +cd $NOWDIR + +# Create the package tarball +tar cvf install.tar usr var + +# Clean up original sources preserving all configured files +# Note: This will allow installers to check build options +cd samba-X.X.X/source +rm -f ../source/bin/* +make clean +cd ../.. +tar cvf samba-X.X.X.tar samba-X.X.X +rm -rf samba-X.X.X +rm -rf usr var +cd .. +tar cvf samba-X.X.X-OS-Version-CPU.tar samba-X.X.X +gzip samba-X.X.X-OS-Version-CPU.tar + +# We now have the distribution package, now restore our runtime system +cd samba-X.X.X +tar xcf install.tar + +# Please test operation before shipping the binary distribution package +# to the samba-team. diff --git a/packaging/Example/samba.init b/packaging/Example/samba.init new file mode 100755 index 00000000000..c1d605cda06 --- /dev/null +++ b/packaging/Example/samba.init @@ -0,0 +1,34 @@ +#!/bin/sh +# +if [ ! -d /usr/bin ]; then + echo "The /usr file system is not mounted." + exit 1 +fi + +killproc() { + pid=`/bin/ps ax | grep -w $1 | sed -e 's/^ *//' -e 's/ .*//'` + echo "Stopping $1 now." + [ "$pid" != "" ] && kill -15 $pid + echo $pid +} + + +# Start/stop processes required for samba server + +case "$1" in + + 'start') + echo "Starting Samba" + /usr/local/samba/sbin/smbd + /usr/local/samba/sbin/nmbd + echo "Done." + ;; + 'stop') + killproc smbd + killproc nmbd + ;; + *) + echo "Usage: /sbin/init.d/samba.init [ start | stop ]" + ;; +esac +exit 0 diff --git a/packaging/Example/setup.sh b/packaging/Example/setup.sh new file mode 100755 index 00000000000..994b16d5ef0 --- /dev/null +++ b/packaging/Example/setup.sh @@ -0,0 +1,27 @@ +#!/bin/sh +# +# Note: This file MUST be edited to suit the target OS environment. +# + +echo "Setting up for SWAT - The Samba Web Administration Tool" + +echo 'swat 901/tcp' >> /etc/services +uniq /etc/services /tmp/tempserv +cp /tmp/tempserv /etc/services +rm /tmp/tempserv +echo 'swat stream tcp nowait.400 root /usr/local/samba/bin/swat swat' >> /etc/inetd.conf +uniq /etc/inetd.conf /tmp/tempinetd +cp /tmp/tempinetd /etc/inetd.conf +rm /tmp/tempinetd +echo "Creating Symbolic Links for Start up Scripts" +cp -f samba.init /sbin/init.d +chown bin.bin /sbin/init.d/samba.init +chmod 750 /sbin/init.d/samba.init +ln -sf /sbin/init.d/samba.init /sbin/rc0.d/K01samba +ln -sf /sbin/init.d/samba.init /sbin/rc2.d/K91samba +ln -sf /sbin/init.d/samba.init /sbin/rc3.d/S91samba +echo "Done. Now settting up samba command" +ln /sbin/init.d/samba.init /sbin/samba +echo "Done." +echo "To start / stop samba:" +echo " execute: samba [start | stop] diff --git a/packaging/Example/skeleton.tar b/packaging/Example/skeleton.tar new file mode 100644 index 00000000000..92598d0c5e7 Binary files /dev/null and b/packaging/Example/skeleton.tar differ diff --git a/packaging/LSB/README b/packaging/LSB/README new file mode 100644 index 00000000000..4ff0b99d769 --- /dev/null +++ b/packaging/LSB/README @@ -0,0 +1,6 @@ +README.lsb - 1 July 2001 +------------------------ + +The files in this directory allow you to build an LSB-compliant +version of SAMBA using the RPM software and the LSB development +environment. diff --git a/packaging/LSB/lsb-samba.spec b/packaging/LSB/lsb-samba.spec new file mode 100644 index 00000000000..516eaa430eb --- /dev/null +++ b/packaging/LSB/lsb-samba.spec @@ -0,0 +1,100 @@ +# +# "$Id: lsb-samba.spec,v 1.2 2001/07/03 01:01:12 jra Exp $" +# +# Linux Standards Based RPM "spec" file for SAMBA. +# + +Summary: SAMBA +Name: lsb-samba +Version: 2.2.1 +Release: 0 +Copyright: GPL +Group: System Environment/Daemons +Source: ftp://ftp.samba.org/pub/samba/samba-%{version}.tar.gz +Url: http://www.samba.org +Packager: Michael Sweet +Vendor: SAMBA Team + +# Require the "lsb" package, which guarantees LSB compliance. +Requires: lsb + +# use BuildRoot so as not to disturb the version already installed +BuildRoot: /var/tmp/%{name}-root + +%description + +%prep +%setup + +%build +export LDFLAGS="-L/usr/lib/lsb --dynamic-linker=/lib/ld-lsb.so.1" + +./configure --with-fhs --prefix=/usr --sysconfdir=/etc \ + --sharedstatedir=/var --datadir=/usr/share \ + --with-configdir=/etc/samba \ + --with-swatdir=/usr/share/samba/swat + +# If we got this far, all prerequisite libraries must be here. +make + +%install +# Make sure the RPM_BUILD_ROOT directory exists. +rm -rf $RPM_BUILD_ROOT +mkdir $RPM_BUILD_ROOT + +make \ + BASEDIR=$RPM_BUILD_ROOT/usr \ + BINDIR=$RPM_BUILD_ROOT/usr/bin \ + CODEPAGEDIR=$RPM_BUILD_ROOT/usr/share/samba/codepages \ + CONFIGDIR=$RPM_BUILD_ROOT/etc/samba \ + INCLUDEDIR=$RPM_BUILD_ROOT/usr/include \ + LIBDIR=$RPM_BUILD_ROOT/usr/lib \ + LOCKDIR=$RPM_BUILD_ROOT/var/lock/samba \ + LOGFILEBASE=$RPM_BUILD_ROOT/var/log/samba \ + MANDIR=$RPM_BUILD_ROOT/usr/share/man \ + SBINDIR=$RPM_BUILD_ROOT/usr/sbin \ + SWATDIR=$RPM_BUILD_ROOT/usr/share/samba/swat \ + VARDIR=$RPM_BUILD_ROOT/var \ + install + +mkdir -p $RPM_BUILD_ROOT/etc/init.d +install -m 700 packaging/LSB/samba.sh /etc/init.d/samba + +mkdir -p $RPM_BUILD_ROOT/etc/samba +install -m 644 packaging/LSB/smb.conf /etc/samba + +mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d +install -m 644 packaging/LSB/samba.xinetd /etc/xinetd.d/samba + +%post +/usr/lib/lsb/install_initd /etc/init.d/samba + +%preun +/usr/lib/lsb/remove_initd /etc/init.d/samba + +%clean +rm -rf $RPM_BUILD_ROOT + +%files +%defattr(-,root,root) +%dir /etc/init.d +/etc/init.d/samba +%dir /etc/samba +%config(noreplace) /etc/samba/smb.conf +%dir /etc/samba/private +%dir /etc/xinetd.d +%config(noreplace) /etc/xinetd.d/samba +%dir /usr/bin +/usr/bin/* +%dir /usr/sbin +/usr/sbin/* +%dir /usr/share/man +/usr/share/man/* +%dir /usr/share/samba +/usr/share/samba/* +%dir /var/lock/samba +%dir /var/log/samba + +# +# End of "$Id: lsb-samba.spec,v 1.2 2001/07/03 01:01:12 jra Exp $". +# diff --git a/packaging/LSB/samba.sh b/packaging/LSB/samba.sh new file mode 100755 index 00000000000..99fa1b0117d --- /dev/null +++ b/packaging/LSB/samba.sh @@ -0,0 +1,80 @@ +#!/bin/sh +# +# "$Id: samba.sh,v 1.2 2001/07/03 01:01:12 jra Exp $" +# +# SAMBA startup (init) script for LSB-compliant systems. +# +# Provides: smbd nmbd +# Required-Start: 3 5 +# Required-Stop: 0 2 1 6 +# Default-Start: 3 5 +# Default-Stop: 0 2 1 6 +# Description: Starts and stops the SAMBA smbd and nmbd daemons \ +# used to provide SMB network services. +# + +# Source LSB function library. +. /lib/lsb/init-functions + +# Check that smb.conf exists. +if test ! -f /etc/samba/smb.conf; then + log_failure_msg "The smb.conf file does not exist." + exit 6 +fi + +# Make sure that smbd and nmbd exist... +if test ! -f /usr/sbin/nmbd -o ! -f /usr/sbin/smbd; then + log_failure_msg "The nmbd and/or smbd daemons are not installed." + exit 5 +fi + +# See how we were called. +case "$1" in + start) + start_daemon nmbd -D + start_daemon smbd -D + log_success_msg "Started SMB services." + ;; + + stop) + killproc smbd + killproc nmbd + log_success_msg "Shutdown SMB services." + ;; + + reload) + # smbd and nmbd automatically re-read the smb.conf file... + log_success_msg "Reload not necessary with SAMBA." + ;; + + status) + if test -z "`pidofproc smbd`"; then + log_success_msg "smbd is not running." + else + log_success_msg "smbd is running." + fi + if test -z "`pidofproc nmbd`"; then + log_success_msg "nmbd is not running." + else + log_success_msg "nmbd is running." + fi + ;; + + + restart | force-reload) + $0 stop + $0 start + ;; + + *) + echo "Usage: smb {start|stop|reload|force-reload|restart|status}" + exit 1 + ;; +esac + +# Return "success" +exit 0 + +# +# End of "$Id: samba.sh,v 1.2 2001/07/03 01:01:12 jra Exp $". +# diff --git a/packaging/LSB/samba.xinetd b/packaging/LSB/samba.xinetd new file mode 100644 index 00000000000..8c38b354218 --- /dev/null +++ b/packaging/LSB/samba.xinetd @@ -0,0 +1,15 @@ +# default: off +# description: SWAT is the Samba Web Admin Tool. Use swat \ +# to configure your Samba server. To use SWAT, \ +# connect to port 901 with your favorite web browser. +service swat +{ + port = 901 + socket_type = stream + wait = no + only_from = localhost + user = root + server = /usr/sbin/swat + log_on_failure += USERID + disable = yes +} diff --git a/packaging/LSB/smb.conf b/packaging/LSB/smb.conf new file mode 100644 index 00000000000..71ff9463884 --- /dev/null +++ b/packaging/LSB/smb.conf @@ -0,0 +1,290 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this + printcap name = /etc/printcap + load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx +; printing = bsd + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/samba/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/samba/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/samba/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; read only = yes +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/Mandrake/.cvsignore b/packaging/Mandrake/.cvsignore new file mode 100644 index 00000000000..ffcc2e7e5ee --- /dev/null +++ b/packaging/Mandrake/.cvsignore @@ -0,0 +1,2 @@ +makerpms.sh +samba2.spec diff --git a/packaging/Mandrake/README b/packaging/Mandrake/README new file mode 100644 index 00000000000..1c5bb30edc0 --- /dev/null +++ b/packaging/Mandrake/README @@ -0,0 +1,11 @@ +Preparation Date: Sat Apr 14 2001 +Preparer: John H Terpstra + +Instructions: Preparing Samba Packages for Mandrake Linux 7.2 +=============================================================== + +We provide support only for current versions of Mandrake Linux. + +To produce the RPMS simply type: + sh makerpms.sh + diff --git a/packaging/Mandrake/empty.patch b/packaging/Mandrake/empty.patch new file mode 100644 index 00000000000..e69de29bb2d diff --git a/packaging/Mandrake/findsmb b/packaging/Mandrake/findsmb new file mode 100755 index 00000000000..986c2481779 --- /dev/null +++ b/packaging/Mandrake/findsmb @@ -0,0 +1,141 @@ +#!/usr/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00>/,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/Mandrake/makerpms.sh.tmpl b/packaging/Mandrake/makerpms.sh.tmpl new file mode 100644 index 00000000000..c4ad9c6b581 --- /dev/null +++ b/packaging/Mandrake/makerpms.sh.tmpl @@ -0,0 +1,16 @@ +#!/bin/sh +# Copyright (C) 1998 John H Terpstra, 1999 K Spoon +# +SPECDIR=/usr/src/RPM/SPECS +SRCDIR=/usr/src/RPM/SOURCES +USERID=`id -u` +GRPID=`id -g` +VERSION='PVERSION' + +( cd ../../.. ; mv samba samba-$VERSION; chown -R ${USERID}.${GRPID} ${SRCDIR}/samba-$VERSION ) +( cd ../../.. ; tar --exclude=CVS -czvf ${SRCDIR}/samba-$VERSION.tar.gz samba-$VERSION ) +( cd ../../.. ; mv samba-$VERSION samba ) +cp -a *.spec $SPECDIR +cp -a *.patch smb.* samba.log $SRCDIR +cd $SPECDIR +rpm -ba -v samba2.spec diff --git a/packaging/Mandrake/samba.log b/packaging/Mandrake/samba.log new file mode 100644 index 00000000000..7dc1667bafe --- /dev/null +++ b/packaging/Mandrake/samba.log @@ -0,0 +1,15 @@ +/var/log/samba/log.nmbd { + notifempty + missingok + postrotate + /usr/bin/killall -HUP nmbd + endscript +} + +/var/log/samba/log.smbd { + notifempty + missingok + postrotate + /usr/bin/killall -HUP smbd + endscript +} diff --git a/packaging/Mandrake/samba.pamd b/packaging/Mandrake/samba.pamd new file mode 100644 index 00000000000..30912de1726 --- /dev/null +++ b/packaging/Mandrake/samba.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth required /lib/security/pam_nologin.so +auth required /lib/security/pam_stack.so service=system-auth +account required /lib/security/pam_stack.so service=system-auth +session required /lib/security/pam_stack.so service=system-auth diff --git a/packaging/Mandrake/samba.xinetd b/packaging/Mandrake/samba.xinetd new file mode 100644 index 00000000000..a6dea1f7405 --- /dev/null +++ b/packaging/Mandrake/samba.xinetd @@ -0,0 +1,15 @@ +# default: on +# description: SWAT is the Samba Web Admin Tool. Use swat \ +# to configure your Samba server. To use SWAT, \ +# connect to port 901 with your favorite web browser. +service swat +{ + port = 901 + socket_type = stream + wait = no + only_from = localhost + user = root + server = /usr/sbin/swat + log_on_failure += USERID + disable = no +} diff --git a/packaging/Mandrake/samba2.spec.tmpl b/packaging/Mandrake/samba2.spec.tmpl new file mode 100644 index 00000000000..5bc92535f80 --- /dev/null +++ b/packaging/Mandrake/samba2.spec.tmpl @@ -0,0 +1,300 @@ +Summary: Samba SMB client and server +Name: samba +Version: PVERSION +Release: PRELEASE +Copyright: GNU GPL version 2 +Group: Networking +Source: ftp://samba.org/pub/samba/samba-%{version}.tar.gz +Packager: Gerald (Jerry) Carter [Samba-Team] +Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2 +Prereq: chkconfig fileutils +BuildRoot: /var/tmp/samba +Prefix: /usr + +%description +Samba provides an SMB server which can be used to provide +network services to SMB (sometimes called "Lan Manager") +clients, including various versions of MS Windows, OS/2, +and other Linux machines. Samba also provides some SMB +clients, which complement the built-in SMB filesystem +in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols +and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) +protocol. + +Samba-2.2 features working NT Domain Control capability and +includes the SWAT (Samba Web Administration Tool) that +allows samba's smb.conf file to be remotely managed using your +favourite web browser. For the time being this is being +enabled on TCP port 901 via inetd. + +Users are advised to use Samba-2.2 as a Windows NT4 +Domain Controller only on networks that do NOT have a Windows +NT Domain Controller. This release does NOT as yet have +Backup Domain control ability. + +Please refer to the WHATSNEW.txt document for fixup information. +This binary release includes encrypted password support. + +Please read the smb.conf file and ENCRYPTION.txt in the +docs directory for implementation details. + +%changelog +* Mon May 21 2001 Gerald (Jerry) Carter + - removed docs/htmldocs and docs/manpages from /usr/share/docs + These het installed in /usr/share/swat already + - Fix for codepages and src not getting installed in the RPM + - Fixed minor typos + +* Mon Apr 23 2001 Gerald (Jerry) Carter + - Added a few bug fixes to release the first Mandrake RPMS + +* Sat Apr 14 2001 John H Terpstra + - Added official samba-team support for Mandrakesoft + - We get a lot of requests for this! + +%prep +%setup + +%build +cd source + +%ifarch ia64 +libtoolize --copy --force # get it to recognize IA-64 +autoconf +autoheader +EXTRA="-D_LARGEFILE64_SOURCE" +%endif + +NUMCPU=`grep processor /proc/cpuinfo | wc -l` + +CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \ + --prefix=%{prefix} \ + --with-fhs \ + --libdir=/etc/samba \ + --localstatedir=/var \ + --with-codepagedir=%{prefix}/share/samba/codepages \ + --with-configdir=/etc/samba \ + --with-lockdir=/var/lock/samba \ + --with-swatdir=%{prefix}/share/swat \ + --with-quotas \ + --with-smbmount \ + --with-pam \ + --with-pam_smbpass \ + --with-syslog \ + --with-utmp \ + --with-netatalk \ + --with-sambabook=%{prefix}/share/swat/using_samba + +make -j${NUMCPU} proto +make -j${NUMCPU} all smbfilter nsswitch/libnss_wins.so debug2html + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,samba,xinetd.d} +mkdir -p $RPM_BUILD_ROOT/etc/samba/security +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +mkdir -p $RPM_BUILD_ROOT/lib/security +mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin} +mkdir -p $RPM_BUILD_ROOT/home/samba +mkdir -p $RPM_BUILD_ROOT/sbin +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/man/{man1,man5,man7,man8} +mkdir -p $RPM_BUILD_ROOT/var/lock/samba +mkdir -p $RPM_BUILD_ROOT/var/log/samba +mkdir -p $RPM_BUILD_ROOT/var/spool/samba + +# Install standard binary files +for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \ + make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool \ + smbmount smbumount smbmnt +do + install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin +done +for i in smbtar +do + install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin +done + +# Install secure binary files +for i in smbd nmbd swat debug2html smbfilter +do + install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin +done + +# we need a symlink for mount to recognise the smb and smbfs filesystem types +ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs +ln -sf %{prefix}/bin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb + +# Install codepage source files +for i in 437 737 775 850 852 861 866 932 936 949 950 1251; do + install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src +done +for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R; do + install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src +done + +# Install the nsswitch library extenstion file +install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib +# Make link for wins resolver +( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; ) + +# PAM Authentication file +install -m755 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security + +# Install SWAT helper files +for i in swat/help/*.html docs/htmldocs/*.html; do + install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help +done +for i in swat/images/*.gif; do + install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images +done +for i in swat/include/*.html; do + install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include +done + +# This is the O'Reily Samba Book - on-line +for i in docs/htmldocs/using_samba/*.html; do + install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba +done +for i in docs/htmldocs/using_samba/figs/*.gif; do + install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/figs +done +for i in docs/htmldocs/using_samba/gifs/*.gif; do + install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/gifs +done + +# Install the miscellany +install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat +# Install level 1 man pages +for i in *.1; do + install -m644 docs/manpages/$i $RPM_BUILD_ROOT%{prefix}/share/man/man1 +done +install -m644 docs/manpages/smb.conf.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5 +install -m644 docs/manpages/lmhosts.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5 +install -m644 docs/manpages/smbpasswd.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5 + +install -m644 docs/manpages/samba.7 $RPM_BUILD_ROOT%{prefix}/share/man/man7 + +install -m644 docs/manpages/smbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/nmbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbpasswd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/swat.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbmount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbmnt.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbumount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbspool.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 + +install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat + +install -m644 packaging/Mandrake/smb.con* $RPM_BUILD_ROOT/etc/samba/ +install -m644 packaging/Mandrake/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers +install -m755 packaging/Mandrake/smbprint $RPM_BUILD_ROOT%{prefix}/bin +install -m755 packaging/Mandrake/findsmb $RPM_BUILD_ROOT%{prefix}/bin +install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb +install -m755 packaging/Mandrake/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba +install -m644 packaging/Mandrake/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba +install -m644 packaging/Mandrake/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba +install -m644 packaging/Mandrake/samba.xinetd $RPM_BUILD_ROOT/etc/xinetd.d/swat +echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/samba/lmhosts + +## +## remove these directories so they don't get installed twice +## +/bin/rm -rf docs/htmldocs +/bin/rm -rf docs/manpages + + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +/sbin/chkconfig --add smb +/sbin/chkconfig smb off + +# Build codepage load files +cd %{prefix}/share/samba/codepages +for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +do +%{prefix}/bin/make_smbcodepage c $i %{prefix}/share/samba/codepages/src/codepage_def.$i %{prefix}/share/samba/codepages/codepage.$i +done +for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +do +%{prefix}/bin/make_unicodemap $i %{prefix}/share/samba/codepages/src/CP$i.TXT %{prefix}/share/samba/codepages/unicode_map.$i +done + +# Add swat entry to /etc/services if not already there +if !( grep ^[:space:]*swat /etc/services > /dev/null ) then + echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services +fi + +%preun +if [ $1 = 0 ] ; then + /sbin/chkconfig --del smb + + # We want to remove the browse.dat file + if [ -e /var/lock/samba/browse.dat ]; then + rm -f /var/lock/samba/browse.dat + fi +fi + +%postun +# Only delete remnants of samba if this is the final deletion. +if [ $1 = 0 ] ; then + if [ -x /etc/pam.d/samba ]; then + rm -f /etc/pam.d/samba + fi + if [ -e /var/log/samba ]; then + rm -rf /var/log/samba + fi + if [ -e /var/lock/samba ]; then + rm -rf /var/lock/samba + fi + + # Remove swat entries from /etc/inetd.conf and /etc/services + cd /etc + tmpfile=/etc/tmp.$$ + sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile + mv $tmpfile services +fi + +%triggerpostun -- samba < samba-2.0.0 +if [ $0 != 0 ]; then + /sbin/chkconfig --add smb +fi + +%files +%doc README COPYING Manifest Read-Manifest-Now +%doc WHATSNEW.txt Roadmap +%doc docs +%doc swat/README +%doc examples +%attr(-,root,root) %{prefix}/sbin/* +%attr(-,root,root) /sbin/* +%attr(-,root,root) %{prefix}/bin/* +%attr(755,root,root) /lib/* +%attr(-,root,root) %{prefix}/share/swat/help/* +%attr(-,root,root) %{prefix}/share/swat/images/* +%attr(-,root,root) %{prefix}/share/swat/include/* +%attr(-,root,root) %{prefix}/share/swat/using_samba/* +%attr(-,root,root) %config(noreplace) /etc/samba/lmhosts +%attr(-,root,root) %config(noreplace) /etc/samba/smb.conf +%attr(-,root,root) %config(noreplace) /etc/samba/smbusers +%attr(-,root,root) /etc/rc.d/init.d/smb +%attr(-,root,root) /etc/logrotate.d/samba +%attr(-,root,root) %config(noreplace) /etc/pam.d/samba +%attr(-,root,root) %{prefix}/share/man/man1/* +%attr(-,root,root) %{prefix}/share/man/man5/* +%attr(-,root,root) %{prefix}/share/man/man7/* +%attr(-,root,root) %{prefix}/share/man/man8/* +%attr(-,root,root) %dir /etc/samba/ +%attr(-,root,root) %dir /usr/share/samba/codepages/* +%attr(-,root,root) %dir /usr/share/samba/codepages/src/* +%attr(-,root,root) %dir /var/lock/samba +%attr(-,root,root) %dir /var/log/samba +%attr(1777,root,root) %dir /var/spool/samba + + + diff --git a/packaging/Mandrake/smb.conf b/packaging/Mandrake/smb.conf new file mode 100644 index 00000000000..a14e90ec16b --- /dev/null +++ b/packaging/Mandrake/smb.conf @@ -0,0 +1,320 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name + workgroup = MDKGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server %v + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# Enabling internationalization: +# you can match a Windows code page with a UNIX character set. +# Windows: 437 (US), 737 (GREEK), 850 (Latin1 - Western European), +# 852 (Eastern Eu.), 861 (Icelandic), 932 (Cyrillic - Russian), +# 936 (Japanese - Shift-JIS), 936 (Simpl. Chinese), 949 (Korean Hangul), +# 950 (Trad. Chin.). +# UNIX: ISO8859-1 (Western European), ISO8859-2 (Eastern Eu.), +# ISO8859-5 (Russian Cyrillic), KOI8-R (Alt-Russ. Cyril.) +# This is an example for french users: +; client code page = 850 +; character set = ISO8859-1 + + +# CHANGES TO ENABLE PRINTING ON ALL CUPS PRINTERS IN THE NETWORK +# (as cups is now used in linux-mandrake 7.2 by default) +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this + printcap name = lpstat + load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx, cups + printing = cups + + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/samba/private/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /var/lib/samba/netlogon +; guest ok = yes +; writable = no +; share modes = no + +#Uncomment the following 2 lines if you would like your login scripts to +#be created dynamically by ntlogon (check that you have it in the correct +#locationn (the default of the ntlogon rpm available in contribs) +;root preexec = /usr/bin/ntlogon -u %U -g %G -o %a -d /var/lib/samba/netlogon +;root postexec = rm -f /var/lib/samba/netlogon/%U.bat + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /var/lib/samba/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a CUPS print system there is no need to +# specifically define each individual printer. +# You must configure the samba printers with the appropriate Windows +# drivers on your Windows clients. On the Samba server no filtering is +# done. If you wish that the server provides the driver and the clients +# send PostScript ("Generic PostScript Printer" under Windows), you have +# to swap the 'print command' line below with the commented one. +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# to allow user 'guest account' to print. + guest ok = yes + writable = no + printable = yes + create mode = 0700 +# ===================================== +# print command: see above for details. +# ===================================== + print command = lpr-cups -P %p -o raw %s -r # using client side printer drivers. +; print command = lpr-cups -P %p %s # using cups own drivers (use generic PostScript on clients). + lpq command = lpstat -o %p + lprm command = cancel %p-%j + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba/public +; public = yes +; writable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/Mandrake/smb.init b/packaging/Mandrake/smb.init new file mode 100755 index 00000000000..8855f04efba --- /dev/null +++ b/packaging/Mandrake/smb.init @@ -0,0 +1,93 @@ +#!/bin/sh +# +# chkconfig: - 91 35 +# description: Starts and stops the Samba smbd and nmbd daemons \ +# used to provide SMB network services. + +# Source function library. +if [ -f /etc/init.d/functions ] ; then + . /etc/init.d/functions +elif [ -f /etc/rc.d/init.d/functions ] ; then + . /etc/rc.d/init.d/functions +else + exit 0 +fi + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Check that smb.conf exists. +[ -f /etc/samba/smb.conf ] || exit 0 + +RETVAL=0 + + +start() { + echo -n "Starting SMB services: " + daemon smbd -D + RETVAL=$? + echo + echo -n "Starting NMB services: " + daemon nmbd -D + RETVAL2=$? + echo + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && touch /var/lock/subsys/smb || \ + RETVAL=1 + return $RETVAL +} +stop() { + echo -n "Shutting down SMB services: " + killproc smbd + RETVAL=$? + echo + echo -n "Shutting down NMB services: " + killproc nmbd + RETVAL2=$? + [ $RETVAL -eq 0 -a $RETVAL2 -eq 0 ] && rm -f /var/lock/subsys/smb + echo "" + return $RETVAL +} +restart() { + stop + start +} +reload() { + echo -n "Reloading smb.conf file: " + killproc smbd -HUP + RETVAL=$? + echo + return $RETVAL +} +mdkstatus() { + status smbd + status nmbd +} + +case "$1" in + start) + start + ;; + stop) + stop + ;; + restart) + restart + ;; + reload) + reload + ;; + status) + mdkstatus + ;; + condrestart) + [ -f /var/lock/subsys/smb ] && restart || : + ;; + *) + echo "Usage: $0 {start|stop|restart|status|condrestart}" + exit 1 +esac + +exit $? diff --git a/packaging/Mandrake/smbprint b/packaging/Mandrake/smbprint new file mode 100755 index 00000000000..0d07c9c7833 --- /dev/null +++ b/packaging/Mandrake/smbprint @@ -0,0 +1,77 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +# +# Debugging log file, change to /dev/null if you like. +# +# logfile=/tmp/smb-print.log +logfile=/dev/null + + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +eval `cat $config_file` + +# +# Some debugging help, change the >> to > if you want to same space. +# +echo "server $server, service $service" >> $logfile + +( +# NOTE You may wish to add the line `echo translate' if you want automatic +# CR/LF translation when printing. +# echo translate + echo "print -" + cat +) | /usr/bin/smbclient "//$server/$service" $password -U $server -N -P >> $logfile diff --git a/packaging/Mandrake/smbusers b/packaging/Mandrake/smbusers new file mode 100644 index 00000000000..ae3389f53f8 --- /dev/null +++ b/packaging/Mandrake/smbusers @@ -0,0 +1,3 @@ +# Unix_name = SMB_name1 SMB_name2 ... +root = administrator admin +nobody = guest pcguest smbguest diff --git a/packaging/PHT/TurboLinux/.cvsignore b/packaging/PHT/TurboLinux/.cvsignore new file mode 100644 index 00000000000..0238ed8cae6 --- /dev/null +++ b/packaging/PHT/TurboLinux/.cvsignore @@ -0,0 +1,3 @@ +makefile-path.patch +makerpms.sh +samba2.spec diff --git a/packaging/PHT/TurboLinux/README b/packaging/PHT/TurboLinux/README new file mode 100644 index 00000000000..867ff01811b --- /dev/null +++ b/packaging/PHT/TurboLinux/README @@ -0,0 +1,11 @@ +Preparation Date: October 25, 1998 +Preparer: John H Terpstra + +Instructions: Preparing Samba Packages for TurboLinux +=============================================================== + +We provide support only for current versions of TurboLinux. + +To produce the RPMS simply type: + sh makerpms.sh + diff --git a/packaging/PHT/TurboLinux/findsmb b/packaging/PHT/TurboLinux/findsmb new file mode 100755 index 00000000000..986c2481779 --- /dev/null +++ b/packaging/PHT/TurboLinux/findsmb @@ -0,0 +1,141 @@ +#!/usr/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00>/,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/PHT/TurboLinux/makerpms.sh.tmpl b/packaging/PHT/TurboLinux/makerpms.sh.tmpl new file mode 100644 index 00000000000..c389bf1a68a --- /dev/null +++ b/packaging/PHT/TurboLinux/makerpms.sh.tmpl @@ -0,0 +1,14 @@ +#!/bin/sh +# Copyright (C) 1998 John H Terpstra, 1999 K Spoon +# +SPECDIR=/usr/src/turbo/SPECS +SRCDIR=/usr/src/turbo/SOURCES +USERID=`id -u` +GRPID=`id -g` + +( cd ../../../.. ; chown -R ${USERID}.${GRPID} ${SRCDIR}/samba-PVERSION ) +( cd ../../../.. ; tar czvf ${SRCDIR}/samba-PVERSION.tar.gz samba-PVERSION ) +cp -a *.spec $SPECDIR +cp -a *.patch smb.* samba.log $SRCDIR +cd $SPECDIR +rpm -ba -v samba2.spec diff --git a/packaging/PHT/TurboLinux/samba.log b/packaging/PHT/TurboLinux/samba.log new file mode 100644 index 00000000000..c5f2a5b45bc --- /dev/null +++ b/packaging/PHT/TurboLinux/samba.log @@ -0,0 +1,11 @@ +/var/log/samba/log.nmb { + postrotate + /usr/bin/killall -HUP nmbd + endrotate +} + +/var/log/samba/log.smb { + postrotate + /usr/bin/killall -HUP smbd + endrotate +} diff --git a/packaging/PHT/TurboLinux/samba.pamd b/packaging/PHT/TurboLinux/samba.pamd new file mode 100644 index 00000000000..225ab724ec9 --- /dev/null +++ b/packaging/PHT/TurboLinux/samba.pamd @@ -0,0 +1,11 @@ +#%PAM-1.0 +#[For version 1.0 syntax, the above header is optional] +# +# The PAM configuration file for the `samba' service +# +auth required /lib/security/pam_pwdb.so nullok nodelay # shadow audit +# auth required /lib/security/pam_smbpass.so nodelay +account required /lib/security/pam_pwdb.so audit nodelay +session required /lib/security/pam_pwdb.so nodelay +password required /lib/security/pam_pwdb.so # shadow md5 +#password required /lib/security/pam_smbpass.so nodelay smbconf=/etc/samba.d/smb.conf diff --git a/packaging/PHT/TurboLinux/samba2.spec.tmpl b/packaging/PHT/TurboLinux/samba2.spec.tmpl new file mode 100644 index 00000000000..0633f62a7e7 --- /dev/null +++ b/packaging/PHT/TurboLinux/samba2.spec.tmpl @@ -0,0 +1,502 @@ +Summary: Samba SMB client and server +Name: samba +Version: PVERSION +Release: PRELEASE +Copyright: GNU GPL version 2 +Group: Networking +Source: ftp://samba.org/pub/samba/samba-PVERSION.tar.gz +Patch: smbw.patch +Requires: pam >= 0.64 kernel >= 2.2.1 glibc >= 2.1.2 +Prereq: chkconfig fileutils +BuildRoot: /var/tmp/samba +Prefix: /usr + +%package debugtools +Version: PVERSION +Release: PRELEASE +Group: Networking +Summary: Programs to debug Samba and to test SMB client integrity + +%package -n smbfs +Version: PVERSION +Release: PRELEASE +Group: Utilities/File +Summary: Programs to mount SMB shares. + +%description +Samba provides an SMB server which can be used to provide +network services to SMB (sometimes called "Lan Manager") +clients, including various versions of MS Windows, OS/2, +and other Linux machines. Samba also provides some SMB +clients, which complement the built-in SMB filesystem +in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols +and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) +protocol. + +Samba-2.2 features working NT Domain Control capability and +includes the SWAT (Samba Web Administration Tool) that +allows samba's smb.conf file to be remotely managed using your +favourite web browser. For the time being this is being +enabled on TCP port 901 via inetd. + +Users are advised to use Samba-2.2 as a Windows NT4 +Domain Controller only on networks that do NOT have a Windows +NT Domain Controller. This release does NOT as yet have +Backup Domain control ability. + +Please refer to the WHATSNEW.txt document for fixup information. +This binary release includes encrypted password support. + +Please read the smb.conf file and ENCRYPTION.txt in the +docs directory for implementation details. + +NOTE: TurboLinux uses PAM which has integrated support +for Shadow passwords and quotas. Do NOT recompile with the +SHADOW_PWD option enabled. + + +%description -n smbfs +This package includes the tools necessary to mount filesystems from +SMB servers. + +Smbmount and smbumount are an interface to the SMB filesystem. Smbfs is +a filesystem which understands the SMB protocol. This is the protocol +Windows for Workgroups, Windows NT or Lan Manager use to talk to each +other. It was inspired by samba, the program by Andrew Tridgell that +turns any unix site into a file server for DOS or Windows clients. See +http://samba.org/samba for this interesting program suite and lots of +more information on SMB and NetBIOS over TCP/IP. There you also find +explanation for conceps like NetBIOS name or share. + +%changelog +* Tue Mar 27 2001 John H Terpstra +- Fixes to make 2.2 compile + +* Sat Nov 04 2000 John H Terpstra +- Put Symlink for libnss_wins.so back into main install section + +* Fri Nov 3 2000 Uros Prestor +- ported to IA-64 + +* Mon Oct 09 2000 John H Terpstra +- Started move to Samba-2.2.0 +- Added nsswitch wins support + +* Mon May 29 2000 John H Terpstra +- moved linkage of libnss_wins.so.2 to %post +- added removal step to %postun + +* Fri Apr 14 2000 John H Terpstra +- Added unicode pages + +* Sat Apr 08 2000 John H Terpsta +- Added nsswitch stuff +- Fixed some typos +- Changed hard link for smbmount to symlink + +* Sun Apr 02 2000 John H Terpstra +- Updated for samba-2.0.7 +- Added codepages 775 1251 +- Added configure options "--with-profile --with-utmp + --with-netatalk --with-sambabook=/usr/share/swat/using_samba" +- added using_samba book + +* Fri Oct 29 1999 Kelley Spoon +- get rid of the rc?.d directories +- -j flags for make command to (hopefully) speed up on + SMP systems +- discoverd that John had already made the changes I + was going to do... +- Wait! He forgot to move the man pages into /usr/share! + Cool... I get to do something substantial. + +* Sun Oct 16 1999 John H Terspstra +- changed mount.smb to link to smbmount +- removed smbwrappers as it is broken with glibc-2.1.x + +* Sun May 09 1999 John H Terpstra +- Added smbtorture et al. + +* Wed Mar 10 1999 Scott Stone +- This package now builds smbfs stuff +- Added xinetd autosetup in the post install section +- (todo: add remove of xinetd stuff in postuninstall section) + +* Sun Feb 28 1999 Jeremy Allison + - Removed smbrun binary and tidied up some loose ends + +* Sun Oct 25 1998 John H Terpstra + - Added modifier to /config specifier so that smb.conf, + lmhosts and smbusers never get lost + +* Sat Oct 24 1998 John H Terpstra + - removed README.smbsh file from docs area + +* Mon Oct 05 1998 John H Terpstra + - Added rpcclient to binaries list + - Added smbwrapper stuff + +* Fri Aug 21 1998 John H Terpstra + - Updated for Samba version 2.0 building + +* Tue Jul 07 1998 Erik Troan + - updated postun triggerscript to check $0 + - clear /etc/codepages from %preun instead of %postun + +* Sat Jul 04 1998 John H Terpstra + - fixed codepage preservation during update via -Uvh + +* Mon Jun 08 1998 Erik Troan + - made the %postun script a tad less agressive; no reason to remove + the logs or lock file + - the %postun and %preun should only exectute if this is the final + removal + - migrated %triggerpostun from Red Hat's samba package to work around + packaging problems in some Red Hat samba releases + +* Sun Apr 26 1998 John H Terpstra + - Tidy up for early alpha releases + - added findsmb from SGI packaging + +* Thu Apr 09 1998 John H Terpstra + - Updated spec file + - Included new codepage.936 + +* Sat Mar 20 1998 John H Terpstra + - Added swat facility + +* Sat Jan 24 1998 John H Terpstra + - Many optimisations (some suggested by Manoj Kasichainula + - Use of chkconfig in place of individual symlinks to /etc/rc.d/init/smb + - Compounded make line + - Updated smb.init restart mechanism + - Use compound mkdir -p line instead of individual calls to mkdir + - Fixed smb.conf file path for log files + - Fixed smb.conf file path for incoming smb print spool directory + - Added a number of options to smb.conf file + - Added smbadduser command (missed from all previous RPMs) - Doooh! + - Added smbuser file and smb.conf file updates for username map + +%prep +%setup +%patch -p1 + + +%build +cd source + +%ifarch ia64 +libtoolize --copy --force # get it to recognize IA-64 +%endif + +autoconf +autoheader +NUMCPU=`grep processor /proc/cpuinfo | wc -l` +CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \ + --prefix=%{prefix} \ + --libdir=/etc/samba \ + --with-lockdir=/var/lock/samba \ + --with-privatedir=/etc \ + --with-swatdir=%{prefix}/share/swat \ + --with-quotas \ + --with-smbmount \ + --with-pam \ + --with-pam_smbpass \ + --with-profile \ + --with-syslog \ + --with-utmp \ + --with-netatalk \ + --with-sambabook=%{prefix}/share/swat/using_samba + +make -j${NUMCPU} all smbfilter nsswitch/libnss_wins.so +make -j${NUMCPU} debug2html + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/sbin +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/samba/codepages/src +mkdir -p $RPM_BUILD_ROOT/etc/samba +mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d} +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +mkdir -p $RPM_BUILD_ROOT/lib +mkdir -p $RPM_BUILD_ROOT/home/samba +mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{gifs,figs} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/man/{man1,man5,man7,man8} +mkdir -p $RPM_BUILD_ROOT/var/lock/samba +mkdir -p $RPM_BUILD_ROOT/var/log/samba +mkdir -p $RPM_BUILD_ROOT/var/spool/samba + +# Install standard binary files +for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \ + make_smbcodepage make_unicodemap make_printerdef rpcclient smbspool +do +install -m755 -s source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin +done +for i in mksmbpasswd.sh smbtar +do +install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin +done + +# Install secure binary files +for i in smbd nmbd swat smbmount smbumount smbmnt debug2html smbfilter +do +install -m755 -s source/bin/$i $RPM_BUILD_ROOT/usr/sbin +done + + +# Install level 1 man pages +for i in *.1 +do +install -m644 docs/manpages/$i $RPM_BUILD_ROOT%{prefix}/share/man/man1 +done + +# Install codepage source files +for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +do +install -m644 source/codepages/codepage_def.$i $RPM_BUILD_ROOT%{prefix}/samba/codepages/src +done +for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +do +install -m644 source/codepages/CP$i.TXT $RPM_BUILD_ROO%{prefix}/samba/codepages/src +done + +# Install the nsswitch library extension file +install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib +# Make link for wins resolver +( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; ) + +# Install PAM pam_smbpass.so +install -m644 source/bin/pam_smbpass.so $RPM_BUILD_ROOT/lib/security + +# Install SWAT helper files +for i in swat/help/*.html docs/htmldocs/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help +done +for i in swat/images/*.gif +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images +done +for i in swat/include/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include +done + +# This is the O'Reily Samba Book - on-line +for i in docs/htmldocs/using_samba/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba +done +for i in docs/htmldocs/using_samba/figs/*.gif +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/figs +done +for i in docs/htmldocs/using_samba/gifs/*.gif +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/gifs +done + +# Install the miscellany +install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat +install -m644 docs/manpages/smb.conf.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5 +install -m644 docs/manpages/lmhosts.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5 +install -m644 docs/manpages/smbpasswd.5 $RPM_BUILD_ROOT%{prefix}/share/man/man5 +install -m644 docs/manpages/samba.7 $RPM_BUILD_ROOT%{prefix}/share/man/man7 +install -m644 docs/manpages/smbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/nmbd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbpasswd.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/swat.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbmount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbmnt.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 docs/manpages/smbumount.8 $RPM_BUILD_ROOT%{prefix}/share/man/man8 +install -m644 packaging/PHT/TurboLinux/smb.conf $RPM_BUILD_ROOT/etc/samba/smb.conf +install -m644 packaging/PHT/TurboLinux/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers +install -m755 packaging/PHT/TurboLinux/smbprint $RPM_BUILD_ROOT%{prefix}/bin +install -m755 packaging/PHT/TurboLinux/findsmb $RPM_BUILD_ROOT%{prefix}/bin +install -m755 packaging/PHT/TurboLinux/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb +install -m755 packaging/PHT/TurboLinux/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba +install -m644 packaging/PHT/TurboLinux/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba +install -m644 packaging/PHT/TurboLinux/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba +echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/lmhosts + +# Link smbmount to /sbin/mount.smb and /sbin/mount.smbfs +ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb +ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +/sbin/chkconfig --add smb +/sbin/chkconfig smb off + +# Build codepage load files +cd %{prefix}/share/samba +for i in 437 737 775 850 852 861 866 932 936 949 950 1251 +do +%{prefix}/bin/make_smbcodepage c $i %{prefix}/share/samba/codepages/src/codepage_def.$i %{prefix}/share/samba/codepages/codepage.$i +done +for i in 437 737 850 852 861 866 932 936 949 950 ISO8859-1 ISO8859-2 ISO8859-5 ISO8859-7 KOI8-R +do +%{prefix}/bin/make_unicodemap $i %{prefix}/share/samba/codepages/src/CP$i.TXT %{prefix}/share/samba/codepages/unicode_map.$i +done + +# Add swat entry to /etc/services if not already there +if !( grep ^[:space:]*swat /etc/services > /dev/null ) then + echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services +fi + +# Add swat entry to /etc/inetd.conf if needed +if !( grep ^[:space:]*swat /etc/inetd.conf > /dev/null ) then + echo '#swat stream tcp nowait.400 root %{prefix}/sbin/swat swat' >> /etc/inetd.conf + killall -1 inetd || : +fi + +# Now create the xinetd.conf file from our inetd.conf file, back up orig first. +if [ -f /etc/xinetd.conf ]; then + mv /etc/xinetd.conf /etc/xinetd.conf.presamba + /usr/sbin/itox --daemon_dir /usr/sbin < /etc/inetd.conf > /etc/xinetd.conf +fi + + +%preun +if [ $1 = 0 ] ; then + /sbin/chkconfig --del smb + + for n in %{prefix}/share/samba/codepages/*; do + if [ $n != %{prefix}/share/samba/codepages/src ]; then + rm -rf $n + fi + done + # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba! + if [ -e /var/lock/samba/browse.dat ]; then + rm -f /var/lock/samba/browse.dat + fi + if [ -e /var/lock/samba/wins.dat ]; then + rm -f /var/lock/samba/wins.dat + fi +fi + +%postun +# Only delete remnants of samba if this is the final deletion. +if [ $1 = 0 ] ; then + if [ -x /etc/pam.d/samba ]; then + rm -f /etc/pam.d/samba + fi + if [ -e /var/log/samba ]; then + rm -rf /var/log/samba + fi + +# Note: We MUST keep: +# winbindd_*, sshare_info*, printing*, ntdrivers* + + if [ -x /var/lock/samba ]; then + rm -f /var/lock/samba/browse.dat + rm -f /var/lock/samba/{brlock,connections,locking,messages}.tdb + if [ -e /var/lock/samba.d/namelist.debug ]; then + rm -f /var/lock/samba.d/namelist.debug + fi + rm -f /var/lock/samba/unexpected.tdb + rm -f /var/lock/samba/{smbd,nmbd}.pid + fi + + # Remove swat entries from /etc/inetd.conf and /etc/services + cd /etc + tmpfile=/etc/tmp.$$ + sed -e '/^[:space:]*swat.*$/d' /etc/inetd.conf > $tmpfile + mv $tmpfile inetd.conf + sed -e '/#swat.*$/d' /etc/inetd.conf > $tmpfile + mv $tmpfile inetd.conf + sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile + mv $tmpfile services + + # Recreate xinetd.conf file from /etc/inetd.conf + mv /etc/xinetd.conf /etc/xinetd.conf.samba + /usr/sbin/itox --daemon_dir /usr/sbin < /etc/inetd.conf > /etc/xinetd.conf +fi + + +%triggerpostun -- samba < samba-2.0.0 +if [ $0 != 0 ]; then + /sbin/chkconfig --add smb +fi + + +%files +%doc README COPYING Manifest Read-Manifest-Now +%doc WHATSNEW.txt Roadmap +%doc docs +%doc swat/README +%doc examples +%attr(-,root,root) %{prefix}/sbin/smbd +%attr(-,root,root) %{prefix}/sbin/nmbd +%attr(-,root,root) %{prefix}/sbin/swat +%attr(-,root,root) %{prefix}/sbin/debug2html +%attr(0750,root,root) %{prefix}/sbin/samba +%attr(-,root,root) %{prefix}/bin/smbclient +%attr(-,root,root) %{prefix}/bin/rpcclient +%attr(-,root,root) %{prefix}/bin/testparm +%attr(-,root,root) %{prefix}/bin/testprns +%attr(-,root,root) %{prefix}/bin/findsmb +%attr(-,root,root) %{prefix}/bin/smbstatus +%attr(-,root,root) %{prefix}/bin/nmblookup +%attr(-,root,root) %{prefix}/bin/make_smbcodepage +%attr(-,root,root) %{prefix}/bin/make_unicodemap +%attr(-,root,root) %{prefix}/bin/make_printerdef +%attr(-,root,root) %{prefix}/bin/smbpasswd +%attr(-,root,root) %{prefix}/bin/smbtar +%attr(-,root,root) %{prefix}/bin/smbprint +%attr(-,root,root) %{prefix}/bin/smbspool +%attr(-,root,root) %{prefix}/bin/smbadduser +%attr(755,root,root) /lib/libnss_wins.s* +%attr(755,root,root) /lib/security/pam_smbpass.so +%attr(-,root,root) %{prefix}/share/swat/help/* +%attr(-,root,root) %{prefix}/share/swat/images/* +%attr(-,root,root) %{prefix}/share/swat/include/header.html +%attr(-,root,root) %{prefix}/share/swat/include/footer.html +%attr(-,root,root) %{prefix}/share/swat/using_samba/* +%attr(-,root,root) %config(noreplace) /etc/samba/lmhosts +%attr(-,root,root) %config(noreplace) /etc/samba/smb.conf +%attr(-,root,root) %config(noreplace) /etc/samba/smbusers +%attr(-,root,root) /etc/rc.d/init.d/smb +%attr(-,root,root) /etc/logrotate.d/samba +%attr(-,root,root) /etc/pam.d/samba +%attr(-,root,root) %{prefix}/share/samba/codepages/src/codepage_def.* +%attr(-,root,root) %{prefix}/share/samba/codepages/src/CP* +# %attr(-,root,root) %{prefix}/share/man/man1/smbsh.1 +%attr(-,root,root) %{prefix}/share/man/man1/make_smbcodepage.1 +%attr(-,root,root) %{prefix}/share/man/man1/make_unicodemap.1 +%attr(-,root,root) %{prefix}/share/man/man1/nmblookup.1 +%attr(-,root,root) %{prefix}/share/man/man1/smbclient.1 +%attr(-,root,root) %{prefix}/share/man/man1/smbrun.1 +%attr(-,root,root) %{prefix}/share/man/man1/smbstatus.1 +%attr(-,root,root) %{prefix}/share/man/man1/smbtar.1 +%attr(-,root,root) %{prefix}/share/man/man1/testparm.1 +%attr(-,root,root) %{prefix}/share/man/man1/testprns.1 +%attr(-,root,root) %{prefix}/share/man/man5/lmhosts.5 +%attr(-,root,root) %{prefix}/share/man/man5/smb.conf.5 +%attr(-,root,root) %{prefix}/share/man/man5/smbpasswd.5 +%attr(-,root,root) %{prefix}/share/man/man7/samba.7 +%attr(-,root,root) %{prefix}/share/man/man8/nmbd.8 +%attr(-,root,root) %{prefix}/share/man/man8/smbd.8 +%attr(-,root,root) %{prefix}/share/man/man8/smbpasswd.8 +%attr(-,root,root) %{prefix}/share/man/man8/swat.8 +%attr(-,root,nobody) %dir /home/samba +%attr(-,root,root) %dir %{prefix}/share/samba/codepages +%attr(-,root,root) %dir %{prefix}/share/samba/codepages/src +%attr(-,root,root) %dir /var/lock/samba +%attr(-,root,root) %dir /var/log/samba +%attr(1777,root,root) %dir /var/spool/samba + +%files -n smbfs +%attr(-,root,root) %{prefix}/sbin/smbmount +%attr(-,root,root) %{prefix}/sbin/smbumount +%attr(-,root,root) %{prefix}/sbin/smbmnt +%attr(-,root,root) /sbin/mount.smb +%attr(-,root,root) /sbin/mount.smbfs +%attr(-,root,root) %{prefix}/share/man/man8/smbmnt.8 +%attr(-,root,root) %{prefix}/share/man/man8/smbmount.8 +%attr(-,root,root) %{prefix}/share/man/man8/smbumount.8 diff --git a/packaging/PHT/TurboLinux/smb.conf b/packaging/PHT/TurboLinux/smb.conf new file mode 100644 index 00000000000..e07d15c93ef --- /dev/null +++ b/packaging/PHT/TurboLinux/smb.conf @@ -0,0 +1,291 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not many any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this + printcap name = /etc/printcap + load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx +; printing = bsd + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; writable = yes +; printable = no +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/PHT/TurboLinux/smb.init b/packaging/PHT/TurboLinux/smb.init new file mode 100755 index 00000000000..6529977d236 --- /dev/null +++ b/packaging/PHT/TurboLinux/smb.init @@ -0,0 +1,49 @@ +#!/bin/sh +# +# chkconfig: 345 91 35 +# description: Starts and stops the Samba smbd and nmbd daemons \ +# used to provide SMB network services. + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Check that smb.conf exists. +[ -f /etc/smb.conf ] || exit 0 + +# See how we were called. +case "$1" in + start) + echo -n "Starting SMB services: " + daemon smbd -D + daemon nmbd -D + echo + touch /var/lock/subsys/smb + ;; + stop) + echo -n "Shutting down SMB services: " + killproc smbd + killproc nmbd + rm -f /var/lock/subsys/smb + echo "" + ;; + status) + status smbd + status nmbd + ;; + restart) + echo -n "Restarting SMB services: " + $0 stop + $0 start + echo "done." + ;; + *) + echo "Usage: smb {start|stop|restart|status}" + exit 1 +esac + diff --git a/packaging/PHT/TurboLinux/smbadduser b/packaging/PHT/TurboLinux/smbadduser new file mode 100755 index 00000000000..2f38bf28f1a --- /dev/null +++ b/packaging/PHT/TurboLinux/smbadduser @@ -0,0 +1,73 @@ +#!/bin/csh +# +# smbadduser - Written by Mike Zakharoff +# +unalias * +set path = ($path) + +set smbpasswd = /etc/smbpasswd +set user_map = /etc/smbusers +# +# Set to site specific passwd command +# +set passwd = "cat /etc/passwd" +#set passwd = "niscat passwd.org_dir" +#set passwd = "ypcat passwd" + +set line = "----------------------------------------------------------" +if ($#argv == 0) then + echo $line + echo "Written: Mike Zakharoff email: michael.j.zakharoff@boeing.com" + echo "" + echo " 1) Updates $smbpasswd" + echo " 2) Updates $user_map" + echo " 3) Executes smbpasswd for each new user" + echo "" + echo "smbadduser unixid:ntid unixid:ntid ..." + echo "" + echo "Example: smbadduser zak:zakharoffm johns:smithj" + echo $line + exit 1 +endif + +touch $smbpasswd $user_map +set new = () +foreach one ($argv) + echo $one | grep ':' >& /dev/null + if ($status != 0) then + echo "ERROR: Must use unixid:ntid like -> zak:zakharoffm" + continue + endif + set unix = `echo $one | awk -F: '{print $1}'` + set ntid = `echo $one | awk -F: '{print $2}'` + + set usr = `eval $passwd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#usr != 1) then + echo "ERROR: $unix Not in passwd database SKIPPING..." + continue + endif + set tmp = `cat $smbpasswd | awk -F: '$1==USR {print $1}' USR=$unix` + if ($#tmp != 0) then + echo "ERROR: $unix is already in $smbpasswd SKIPPING..." + continue + endif + + echo "Adding: $unix to $smbpasswd" + eval $passwd | \ + awk -F: '$1==USR { \ + printf( "%s:%s:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX:%s:%s:%s\n", $1, $3, $5, $6, $7) }' USR=$unix >> $smbpasswd + if ($unix != $ntid) then + echo "Adding: {$unix = $ntid} to $user_map" + echo "$unix = $ntid" >> $user_map + endif + set new = ($new $unix) +end + +# +# Enter password for new users +# +foreach one ($new) + echo $line + echo "ENTER password for $one" + smbpasswd $one +end diff --git a/packaging/PHT/TurboLinux/smbprint b/packaging/PHT/TurboLinux/smbprint new file mode 100755 index 00000000000..ec083eede62 --- /dev/null +++ b/packaging/PHT/TurboLinux/smbprint @@ -0,0 +1,77 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +# +# Debugging log file, change to /dev/null if you like. +# +# logfile=/tmp/smb-print.log +logfile=/dev/null + + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +eval `cat $config_file` + +# +# Some debugging help, change the >> to > if you want to same space. +# +echo "server $server, service $service" >> $logfile + +( +# NOTE You may wish to add the line `echo translate' if you want automatic +# CR/LF translation when printing. +# echo translate + echo "print -" + cat +) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile diff --git a/packaging/PHT/TurboLinux/smbusers b/packaging/PHT/TurboLinux/smbusers new file mode 100644 index 00000000000..ae3389f53f8 --- /dev/null +++ b/packaging/PHT/TurboLinux/smbusers @@ -0,0 +1,3 @@ +# Unix_name = SMB_name1 SMB_name2 ... +root = administrator admin +nobody = guest pcguest smbguest diff --git a/packaging/PHT/TurboLinux/smbw.patch b/packaging/PHT/TurboLinux/smbw.patch new file mode 100644 index 00000000000..0abbfdf73f6 --- /dev/null +++ b/packaging/PHT/TurboLinux/smbw.patch @@ -0,0 +1,10 @@ +--- samba-2.0.0/source/smbwrapper/smbsh.in.orig Mon Oct 5 22:37:01 1998 ++++ samba-2.0.0/source/smbwrapper/smbsh.in Mon Oct 5 22:37:51 1998 +@@ -1,6 +1,6 @@ + #! /bin/sh + +-SMBW_LIBDIR=${SMBW_LIBDIR-@builddir@/smbwrapper} ++SMBW_LIBDIR=${SMBW_LIBDIR-/usr/bin} + + if [ ! -f ${SMBW_LIBDIR}/smbwrapper.so ]; then + echo You need to set LIBDIR in smbsh diff --git a/packaging/README b/packaging/README new file mode 100644 index 00000000000..ce651377907 --- /dev/null +++ b/packaging/README @@ -0,0 +1,38 @@ +Copyright (C) 1997-1998 Samba-Team +Date: November 16, 1998 +Updates: First Release - 19970819 + 19981116 +=============================================================================== + +Note: +===== +This directory is a public repository for platform specific files including +build files for binary package distributions for specific operating systems +as well as for source file distribution packages for those systems. + +The Example directory should be used as a guide for preparation of binary +packages for distribution via the official samba ftp sites. + +The files contained here are intended for use only by those wishing to build +distribution packages and are NOT considered suitable material for anyone who +wants to just install Samba from the pristine source files contained under +the ~/source directory. + +All contributions / modifications / additions / etc. to the packaging files +should be sent to samba-patches@samba.org with the subject marked: + PACKAGING: [add|mod|contrib] Your subject. + +Should you, or anyone you know of, have package build instructions and/or files +that may be of use to the wider community of Samba users please mail the above +account with subject: PACKAGING: [avail] OS xxxxxxxxxx +where xxxxxxxxxx is the operating system platform that may be contributed. + +We will contact the person who is offering to contribute package build details +to ensure that their contribution can be included in the official Samba sources. + +In the event that anyone wishes to contribute package build information please +indicate in your response how we may access a suitable system to ensure our +ability to keep the binary distribution itself current with the released source. + +The future of cooperatively developed software such as Samba depends on the +willingness of all partners to share the fruit of their labours. diff --git a/packaging/README.UnixWare b/packaging/README.UnixWare new file mode 100644 index 00000000000..a4b08954ecc --- /dev/null +++ b/packaging/README.UnixWare @@ -0,0 +1,6 @@ +Date: January 9, 2001 +Maintainer: John H Terpstra +Subject: UnixWare Packaging Files +Modifications: Initial release 20010109 + +Note: The packaging build files for UnixWare are located under ~samba/packaging/Caldera/UnixWare. diff --git a/packaging/RedHat/.cvsignore b/packaging/RedHat/.cvsignore new file mode 100644 index 00000000000..4ce9d934e6e --- /dev/null +++ b/packaging/RedHat/.cvsignore @@ -0,0 +1,6 @@ +makefile-path.patch +makerpms.sh +samba2.spec +smbadduser +smbw.patch +samba2.rpm?.spec \ No newline at end of file diff --git a/packaging/RedHat/README b/packaging/RedHat/README new file mode 100644 index 00000000000..210248fa35a --- /dev/null +++ b/packaging/RedHat/README @@ -0,0 +1,11 @@ +Preparation Date: Fri Aug 21, 1998 +Preparer: John H Terpstra + +Instructions: Preparing Samba Packages for Red Hat Linux 5.X +=============================================================== + +We provide support only for current versions of Red Hat Linux. + +To produce the RPMS simply type: + sh makerpms.sh + diff --git a/packaging/RedHat/findsmb b/packaging/RedHat/findsmb new file mode 100755 index 00000000000..986c2481779 --- /dev/null +++ b/packaging/RedHat/findsmb @@ -0,0 +1,141 @@ +#!/usr/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00>/,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/RedHat/makerpms.sh.tmpl b/packaging/RedHat/makerpms.sh.tmpl new file mode 100644 index 00000000000..44b89a45ec8 --- /dev/null +++ b/packaging/RedHat/makerpms.sh.tmpl @@ -0,0 +1,38 @@ +#!/bin/sh +# Copyright (C) John H Terpstra 1998 +# Updated for RPM 3 by Jochen Wiedmann, joe@ispsoft.de +# Changed for a generic tar file rebuild by abartlet@pcug.org.au +USERID=`id -u` +GRPID=`id -g` +VERSION='PVERSION' + +rm -f ../../samba2.*.spec + +case `rpm --version | awk '{print $3}'` in + 2.*) + sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba2.rpm2.spec + cp samba2.rpm2.spec ../../ + ;; + 3.*) + sed -e "s/MANDIR_MACRO/\%\{prefix\}\/man/g" < samba2.spec > samba2.rpm3.spec + cp samba2.rpm3.spec ../../ + ;; + 4.*) + sed -e "s/MANDIR_MACRO/\%\{_mandir\}/g" < samba2.spec > samba2.rpm4.spec + cp samba2.rpm4.spec ../../ + ;; + *) + echo "Unknown RPM version: `rpm --version`" + exit 1 + ;; +esac + +( cd ../../source; if [ -f Makefile ]; then make distclean; fi ) +( cd ../../.. ; chown -R ${USERID}.${GRPID} samba-${VERSION} ) +( cd ../../.. ; tar --exclude=CVS -czvf samba-${VERSION}.tar.gz samba-${VERSION}/samba2.*.spec samba-${VERSION} ) + +rpm -ta -v ../../../samba-${VERSION}.tar.gz + + + + diff --git a/packaging/RedHat/samba.log b/packaging/RedHat/samba.log new file mode 100644 index 00000000000..4b244099c4f --- /dev/null +++ b/packaging/RedHat/samba.log @@ -0,0 +1,11 @@ +/var/log/samba/log.nmbd { + postrotate + /usr/bin/killall -HUP nmbd + endscript +} + +/var/log/samba/log.smbd { + postrotate + /usr/bin/killall -HUP smbd + endscript +} diff --git a/packaging/RedHat/samba.pamd b/packaging/RedHat/samba.pamd new file mode 100644 index 00000000000..1b4a93fb19e --- /dev/null +++ b/packaging/RedHat/samba.pamd @@ -0,0 +1,4 @@ +auth required /lib/security/pam_pwdb.so nullok shadow +account required /lib/security/pam_pwdb.so +session required /lib/security/pam_pwdb.so +password required /lib/security/pam_pwdb.so diff --git a/packaging/RedHat/samba.pamd.stack b/packaging/RedHat/samba.pamd.stack new file mode 100644 index 00000000000..6a948f92cbd --- /dev/null +++ b/packaging/RedHat/samba.pamd.stack @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth required pam_nologin.so +auth required pam_stack.so service=system-auth +account required pam_stack.so service=system-auth +session required pam_stack.so service=system-auth +password required pam_stack.so service=system-auth diff --git a/packaging/RedHat/samba.xinetd b/packaging/RedHat/samba.xinetd new file mode 100644 index 00000000000..8c38b354218 --- /dev/null +++ b/packaging/RedHat/samba.xinetd @@ -0,0 +1,15 @@ +# default: off +# description: SWAT is the Samba Web Admin Tool. Use swat \ +# to configure your Samba server. To use SWAT, \ +# connect to port 901 with your favorite web browser. +service swat +{ + port = 901 + socket_type = stream + wait = no + only_from = localhost + user = root + server = /usr/sbin/swat + log_on_failure += USERID + disable = yes +} diff --git a/packaging/RedHat/samba2.spec.tmpl b/packaging/RedHat/samba2.spec.tmpl new file mode 100644 index 00000000000..c99b9123825 --- /dev/null +++ b/packaging/RedHat/samba2.spec.tmpl @@ -0,0 +1,458 @@ +Summary: Samba SMB client and server +Name: samba +Version: PVERSION +Release: PRELEASE +Copyright: GNU GPL version 2 +Group: Networking +Source: ftp://samba.org/pub/samba/samba-%{version}.tar.gz +Packager: John H Terpstra [Samba-Team] +Requires: pam >= 0.72 kernel >= 2.2.1 glibc >= 2.1.2 +Prereq: chkconfig fileutils +BuildRoot: /var/tmp/samba +Prefix: /usr + +%description +Samba provides an SMB server which can be used to provide +network services to SMB (sometimes called "Lan Manager") +clients, including various versions of MS Windows, OS/2, +and other Linux machines. Samba also provides some SMB +clients, which complement the built-in SMB filesystem +in Linux. Samba uses NetBIOS over TCP/IP (NetBT) protocols +and does NOT need NetBEUI (Microsoft Raw NetBIOS frame) +protocol. + +Samba-2.2 features working NT Domain Control capability and +includes the SWAT (Samba Web Administration Tool) that +allows samba's smb.conf file to be remotely managed using your +favourite web browser. For the time being this is being +enabled on TCP port 901 via inetd. + +Users are advised to use Samba-2.2 as a Windows NT4 +Domain Controller only on networks that do NOT have a Windows +NT Domain Controller. This release does NOT as yet have +Backup Domain control ability. + +Please refer to the WHATSNEW.txt document for fixup information. +This binary release includes encrypted password support. + +Please read the smb.conf file and ENCRYPTION.txt in the +docs directory for implementation details. + +NOTE: Red Hat Linux uses PAM which has integrated support +for Shadow passwords and quotas. Do NOT recompile with the +SHADOW_PWD option enabled + +%changelog +* Mon Aug 1 2001 Tim Potter + - Install winbind daemon, client programs, nss and pam libraries + - Removed codepage stuff so spec file works with current HEAD branch + +* Sat Mar 31 2001 Andrew Bartlett + - Changed prefix/share/man for _mandir/share/man + - Changed this for a sed macro MANDIR_MACRO + - This allows us to build both RH7 (RPM4) + and older versions from same specfile. + - Made makerpms.sh use the rpm -ta command rather + than attempting to devine the correct location to + put the file. Also removes some /tmp symlink games. + - Allows build on RPM4 + - Increased PAM requirements to allow us to use + system-auth (this pam is in 6.x errata at least) + +* Tue Mar 27 2001 John H Terpstra + - Fixed typos introduced by Sum Wun. + - Build for Red Hat 7.x + +* Sun Nov 12 2000 John H Terpstra + - Updated for Samba-2.2 releases + - Added libnss_wins.so stuff + - Added compile-time options + +* Sat Nov 29 1999 Matthew Vanecek + - Added a Prefix and changed "/usr" to "%{prefix}" + +* Sat Nov 11 1999 Tridge + - changed from mount.smb to mount.smbfs + +* Sat Oct 9 1999 Tridge + - removed smbwrapper + - added smbmnt and smbmount + +* Sun Apr 25 1999 John H Terpstra + - added smbsh.1 man page + +* Fri Mar 26 1999 Andrew Tridgell + - added --with-pam as pam is no longer used by default + +* Sat Jan 27 1999 Jeremy Allison + - Removed smbrun binary and tidied up some loose ends + +* Sun Oct 25 1998 John H Terpstra + - Added parameters to /config to ensure smb.conf, lmhosts, + and smbusers never gets over-written. + +* Sat Oct 24 1998 John H Terpstra + - removed README.smbsh file from docs area + +* Mon Oct 05 1998 John H Terpstra + - Added rpcclient to binaries list + - Added smbwrapper stuff + +* Fri Aug 21 1998 John H Terpstra + - Updated for Samba version 2.0 building + +* Tue Jul 07 1998 Erik Troan + - updated postun triggerscript to check $0 + - clear /etc/codepages from %preun instead of %postun + +* Sat Jul 04 1998 John H Terpstra + - fixed codepage preservation during update via -Uvh + +* Mon Jun 08 1998 Erik Troan + - made the %postun script a tad less agressive; no reason to remove + the logs or lock file + - the %postun and %preun should only exectute if this is the final + removal + - migrated %triggerpostun from Red Hat's samba package to work around + packaging problems in some Red Hat samba releases + +* Sun Apr 26 1998 John H Terpstra + - Tidy up for early alpha releases + - added findsmb from SGI packaging + +* Thu Apr 09 1998 John H Terpstra + - Updated spec file + - Included new codepage.936 + +* Sat Mar 20 1998 John H Terpstra + - Added swat facility + +* Sat Jan 24 1998 John H Terpstra + - Many optimisations (some suggested by Manoj Kasichainula + - Use of chkconfig in place of individual symlinks to /etc/rc.d/init/smb + - Compounded make line + - Updated smb.init restart mechanism + - Use compound mkdir -p line instead of individual calls to mkdir + - Fixed smb.conf file path for log files + - Fixed smb.conf file path for incoming smb print spool directory + - Added a number of options to smb.conf file + - Added smbuser file and smb.conf file updates for username map + +%prep +%setup + +%build +cd source + +%ifarch ia64 +libtoolize --copy --force # get it to recognize IA-64 +autoheader +autoconf +EXTRA="-D_LARGEFILE64_SOURCE" +%endif +NUMCPU=`grep processor /proc/cpuinfo | wc -l` +CFLAGS="$RPM_OPT_FLAGS $EXTRA" ./configure \ + --prefix=%{prefix} \ + --localstatedir=/var \ + --with-configdir=/etc/samba \ + --with-privatedir=/etc/samba \ + --with-fhs \ + --with-quotas \ + --with-smbmount \ + --with-pam \ + --with-syslog \ + --with-utmp \ + --with-netatalk \ + --with-sambabook=%{prefix}/share/swat/using_samba \ + --with-swatdir=%{prefix}/share/swat +make -j${NUMCPU} proto +make -j${NUMCPU} all nsswitch/libnss_wins.so +make -j${NUMCPU} debug2html +make -j${NUMCPU} bin/smbspool + + +%install +rm -rf $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT +mkdir -p $RPM_BUILD_ROOT/sbin +mkdir -p $RPM_BUILD_ROOT/etc/samba +mkdir -p $RPM_BUILD_ROOT/etc/{logrotate.d,pam.d,samba} +mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d +mkdir -p $RPM_BUILD_ROOT%{prefix}/{bin,sbin} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/{images,help,include,using_samba} +mkdir -p $RPM_BUILD_ROOT%{prefix}/share/swat/using_samba/{figs,gifs} +mkdir -p $RPM_BUILD_ROOTMANDIR_MACRO +mkdir -p $RPM_BUILD_ROOT/var/lock/samba +mkdir -p $RPM_BUILD_ROOT/var/log/samba +mkdir -p $RPM_BUILD_ROOT/var/spool/samba +mkdir -p $RPM_BUILD_ROOT/lib/security + +# Install standard binary files +for i in nmblookup smbclient smbpasswd smbstatus testparm testprns \ + make_printerdef rpcclient smbspool smbcacls smbcontrol wbinfo +do +install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/bin +done +for i in mksmbpasswd.sh smbtar +do +install -m755 source/script/$i $RPM_BUILD_ROOT%{prefix}/bin +done + +# Install secure binary files +for i in smbd nmbd swat smbmount smbumount smbmnt debug2html winbindd +do +install -m755 source/bin/$i $RPM_BUILD_ROOT%{prefix}/sbin +done + +# we need a symlink for mount to recognise the smb and smbfs filesystem types +ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smbfs +ln -sf %{prefix}/sbin/smbmount $RPM_BUILD_ROOT/sbin/mount.smb + +# This allows us to get away without duplicating code that +# sombody else can maintain for us. +cd source +make LIBDIR=$RPM_BUILD_ROOT/etc/samba \ + BINDIR=$RPM_BUILD_ROOT%{prefix}/bin \ + MANDIR=$RPM_BUILD_ROOTMANDIR_MACRO \ + SWATDIR=$RPM_BUILD_ROOT/usr/share/swat \ + SAMBABOOK=$RPM_BUILD_ROOT/usr/share/swat/using_samba \ + installman installswat +cd .. + +# Install the nsswitch library extension file +install -m755 source/nsswitch/libnss_wins.so $RPM_BUILD_ROOT/lib + +# Make link for wins resolver +( cd $RPM_BUILD_ROOT/lib; ln -s libnss_wins.so libnss_wins.so.2; ) + +# Install winbind shared libraries +install -m755 source/nsswitch/libnss_winbind.so $RPM_BUILD_ROOT/lib +install -m755 source/nsswitch/pam_winbind.so $RPM_BUILD_ROOT/lib/security + +# Install SWAT helper files +for i in swat/help/*.html docs/htmldocs/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/help +done +for i in swat/images/*.gif +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/images +done +for i in swat/include/*.html +do +install -m644 $i $RPM_BUILD_ROOT%{prefix}/share/swat/include +done + +# Install the miscellany +install -m644 swat/README $RPM_BUILD_ROOT%{prefix}/share/swat +install -m755 packaging/RedHat/smbprint $RPM_BUILD_ROOT%{prefix}/bin +install -m755 packaging/RedHat/findsmb $RPM_BUILD_ROOT%{prefix}/bin +install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT/etc/rc.d/init.d/smb +install -m755 packaging/RedHat/smb.init $RPM_BUILD_ROOT%{prefix}/sbin/samba +install -m644 packaging/RedHat/samba.log $RPM_BUILD_ROOT/etc/logrotate.d/samba +install -m644 packaging/RedHat/smb.conf $RPM_BUILD_ROOT/etc/samba/smb.conf +install -m644 packaging/RedHat/smbusers $RPM_BUILD_ROOT/etc/samba/smbusers +install -m644 packaging/RedHat/samba.pamd $RPM_BUILD_ROOT/etc/pam.d/samba +install -m644 packaging/RedHat/samba.pamd.stack $RPM_BUILD_ROOT/etc/samba/samba.stack +install -m644 packaging/RedHat/samba.xinetd $RPM_BUILD_ROOT/etc/samba/samba.xinetd +echo 127.0.0.1 localhost > $RPM_BUILD_ROOT/etc/samba/lmhosts + +%clean +rm -rf $RPM_BUILD_ROOT + +%post +/sbin/chkconfig --add smb +/sbin/chkconfig smb off + +echo "Looking for old /etc/smb.conf..." +if [ -f /etc/smb.conf ]; then + echo "Moving old /etc/smb.conf to /etc/samba/smb.conf" + mv /etc/smb.conf /etc/samba/smb.conf +fi + +echo "Looking for old /etc/smbusers..." +if [ -f /etc/smbusers ]; then + echo "Moving old /etc/smbusers to /etc/samba/smbusers" + mv /etc/smbusers /etc/samba/smbusers +fi + +echo "Looking for old /etc/lmhosts..." +if [ -f /etc/lmhosts ]; then + echo "Moving old /etc/lmhosts to /etc/samba/lmhosts" + mv /etc/lmhosts /etc/samba/lmhosts +fi + +echo "Looking for old /etc/MACHINE.SID..." +if [ -f /etc/MACHINE.SID ]; then + echo "Moving old /etc/MACHINE.SID to /etc/samba/MACHINE.SID" + mv /etc/MACHINE.SID /etc/samba/MACHINE.SID +fi + +echo "Looking for old /etc/smbpasswd..." +if [ -f /etc/smbpasswd ]; then + echo "Moving old /etc/smbpasswd to /etc/samba/smbpasswd" + mv /etc/smbpasswd /etc/samba/smbpasswd +fi + +# Add swat entry to /etc/services if not already there. +if !( grep ^[:space:]*swat /etc/services > /dev/null ) then + echo 'swat 901/tcp # Add swat service used via inetd' >> /etc/services +fi + +# Add swat entry to /etc/inetd.conf if needed. +if [ -f /etc/inetd.conf ]; then + if !( grep ^[:space:]*swat /etc/inetd.conf > /dev/null ) then + echo 'swat stream tcp nowait.400 root %{prefix}/sbin/swat swat' >> /etc/inetd.conf + killall -1 inetd || : + fi +fi + +# Add swat entry to xinetd.d if needed. +if [ -d $RPM_BUILD_ROOT/etc/xinetd.d -a ! -f /etc/xinetd.d/swat ]; then + mv /etc/samba/samba.xinetd /etc/xinetd.d/swat +else + rm -f /etc/samba/samba.xinetd +fi + +# Install the correct version of the samba pam file, depending on pam version. +if [ -f /lib/security/pam_stack.so ]; then + echo "Installing stack version of /etc/pam.d/samba..." + mv /etc/samba/samba.stack /etc/pam.d/samba +else + echo "Installing non-stack version of /etc/pam.d/samba..." + rm -f /etc/samba/samba.stack +fi + +# Create winbind nss client symlink + +ln -s /lib/libnss_winbind.so /lib/libnss_winbind.so.2 + +%preun +if [ $1 = 0 ] ; then + /sbin/chkconfig --del smb + + # We want to remove the browse.dat and wins.dat files so they can not interfer with a new version of samba! + if [ -e /var/lock/samba/browse.dat ]; then + rm -f /var/lock/samba/browse.dat + fi + if [ -e /var/lock/samba/wins.dat ]; then + rm -f /var/lock/samba/wins.dat + fi + + # Remove the transient tdb files. + if [ -e /var/lock/samba/brlock.tdb ]; then + rm -f /var/lock/samba/brlock.tdb + fi + + if [ -e /var/lock/samba/unexpected.tdb ]; then + rm -f /var/lock/samba/unexpected.tdb + fi + + if [ -e /var/lock/samba/connections.tdb ]; then + rm -f /var/lock/samba/connections.tdb + fi + + if [ -e /var/lock/samba/locking.tdb ]; then + rm -f /var/lock/samba/locking.tdb + fi + + if [ -e /var/lock/samba/messages.tdb ]; then + rm -f /var/lock/samba/messages.tdb + fi + + # Remove winbind nss client symlink + + if [ -L /lib/libnss_winbind.so.2 ]; then + rm -f /lib/libnss_winbind.so.2 + fi +fi + +%postun +# Only delete remnants of samba if this is the final deletion. +if [ $1 = 0 ] ; then + if [ -x /etc/pam.d/samba ]; then + rm -f /etc/pam.d/samba + fi + if [ -e /var/log/samba ]; then + rm -rf /var/log/samba + fi + + # Remove swat entries from /etc/inetd.conf and /etc/services + cd /etc + tmpfile=/etc/tmp.$$ + if [ -f /etc/inetd.conf ]; then + # preserve inetd.conf permissions. + cp -p /etc/inetd.conf $tmpfile + sed -e '/^[:space:]*swat.*$/d' /etc/inetd.conf > $tmpfile + mv $tmpfile inetd.conf + fi + # preserve services permissions. + cp -p /etc/services $tmpfile + sed -e '/^[:space:]*swat.*$/d' /etc/services > $tmpfile + mv $tmpfile /etc/services + + # Remove swat entry from /etc/xinetd.d + if [ -f /etc/xinetd.d/swat ]; then + rm -r /etc/xinetd.d/swat + fi +fi + +%triggerpostun -- samba < samba-2.0.0 +if [ $0 != 0 ]; then + /sbin/chkconfig --add smb +fi + +%files +%doc README COPYING Manifest Read-Manifest-Now +%doc WHATSNEW.txt Roadmap +%doc docs +%doc swat/README +%doc examples +%attr(-,root,root) %{prefix}/sbin/smbd +%attr(-,root,root) %{prefix}/sbin/nmbd +%attr(-,root,root) %{prefix}/sbin/swat +%attr(-,root,root) %{prefix}/sbin/smbmnt +%attr(-,root,root) %{prefix}/sbin/smbmount +%attr(-,root,root) %{prefix}/sbin/smbumount +%attr(-,root,root) %{prefix}/sbin/winbindd +%attr(-,root,root) /sbin/mount.smbfs +%attr(-,root,root) /sbin/mount.smb +%attr(-,root,root) %{prefix}/bin/mksmbpasswd.sh +%attr(-,root,root) %{prefix}/bin/smbclient +%attr(-,root,root) %{prefix}/bin/smbspool +%attr(-,root,root) %{prefix}/bin/rpcclient +%attr(-,root,root) %{prefix}/bin/testparm +%attr(-,root,root) %{prefix}/bin/testprns +%attr(-,root,root) %{prefix}/bin/findsmb +%attr(-,root,root) %{prefix}/bin/smbstatus +%attr(-,root,root) %{prefix}/bin/nmblookup +%attr(-,root,root) %{prefix}/bin/make_printerdef +%attr(-,root,root) %{prefix}/bin/smbpasswd +%attr(-,root,root) %{prefix}/bin/smbtar +%attr(-,root,root) %{prefix}/bin/smbprint +%attr(-,root,root) %{prefix}/bin/smbcontrol +%attr(-,root,root) %{prefix}/bin/smbcacls +%attr(-,root,root) %{prefix}/bin/wbinfo +%attr(755,root,root) /lib/libnss_wins.s* +%attr(-,root,root) %{prefix}/share/swat/help/* +%attr(-,root,root) %{prefix}/share/swat/images/* +%attr(-,root,root) %{prefix}/share/swat/include/header.html +%attr(-,root,root) %{prefix}/share/swat/include/footer.html +%attr(-,root,root) %{prefix}/share/swat/using_samba/* +%attr(-,root,root) %config(noreplace) /etc/samba/lmhosts +%attr(-,root,root) %config(noreplace) /etc/samba/smb.conf +%attr(-,root,root) %config(noreplace) /etc/samba/smbusers +%attr(-,root,root) /etc/samba/samba.stack +%attr(-,root,root) /etc/samba/samba.xinetd +%attr(-,root,root) /etc/rc.d/init.d/smb +%attr(-,root,root) /etc/logrotate.d/samba +%attr(-,root,root) %config(noreplace) /etc/pam.d/samba +%attr(-,root,root) MANDIR_MACRO/man1/* +%attr(-,root,root) MANDIR_MACRO/man5/* +%attr(-,root,root) MANDIR_MACRO/man7/* +%attr(-,root,root) MANDIR_MACRO/man8/* +%attr(755,root,root) %dir /var/lock/samba +%attr(-,root,root) %dir /var/log/samba +%attr(1777,root,root) %dir /var/spool/samba +%attr(-,root,root) /lib/libnss_winbind.so +%attr(-,root,root) /lib/security/pam_winbind.so diff --git a/packaging/RedHat/smb.conf b/packaging/RedHat/smb.conf new file mode 100644 index 00000000000..71ff9463884 --- /dev/null +++ b/packaging/RedHat/smb.conf @@ -0,0 +1,290 @@ +# This is the main Samba configuration file. You should read the +# smb.conf(5) manual page in order to understand the options listed +# here. Samba has a huge number of configurable options (perhaps too +# many!) most of which are not shown in this example +# +# Any line which starts with a ; (semi-colon) or a # (hash) +# is a comment and is ignored. In this example we will use a # +# for commentry and a ; for parts of the config file that you +# may wish to enable +# +# NOTE: Whenever you modify this file you should run the command "testparm" +# to check that you have not made any basic syntactic errors. +# +#======================= Global Settings ===================================== +[global] + +# workgroup = NT-Domain-Name or Workgroup-Name + workgroup = MYGROUP + +# server string is the equivalent of the NT Description field + server string = Samba Server + +# This option is important for security. It allows you to restrict +# connections to machines which are on your local network. The +# following example restricts access to two C class networks and +# the "loopback" interface. For more examples of the syntax see +# the smb.conf man page +; hosts allow = 192.168.1. 192.168.2. 127. + +# if you want to automatically load your printer list rather +# than setting them up individually then you'll need this + printcap name = /etc/printcap + load printers = yes + +# It should not be necessary to spell out the print system type unless +# yours is non-standard. Currently supported print systems include: +# bsd, sysv, plp, lprng, aix, hpux, qnx +; printing = bsd + +# Uncomment this if you want a guest account, you must add this to /etc/passwd +# otherwise the user "nobody" is used +; guest account = pcguest + +# this tells Samba to use a separate log file for each machine +# that connects + log file = /var/log/samba/log.%m + +# Put a capping on the size of the log files (in Kb). + max log size = 50 + +# Security mode. Most people will want user level security. See +# security_level.txt for details. + security = user +# Use password server option only with security = server +; password server = + +# Password Level allows matching of _n_ characters of the password for +# all combinations of upper and lower case. +; password level = 8 +; username level = 8 + +# You may wish to use password encryption. Please read +# ENCRYPTION.txt, Win95.txt and WinNT.txt in the Samba documentation. +# Do not enable this option unless you have read those documents +; encrypt passwords = yes +; smb passwd file = /etc/samba/smbpasswd + +# The following are needed to allow password changing from Windows to +# update the Linux sytsem password also. +# NOTE: Use these with 'encrypt passwords' and 'smb passwd file' above. +# NOTE2: You do NOT need these to allow workstations to change only +# the encrypted SMB passwords. They allow the Unix password +# to be kept in sync with the SMB password. +; unix password sync = Yes +; passwd program = /usr/bin/passwd %u +; passwd chat = *New*UNIX*password* %n\n *ReType*new*UNIX*password* %n\n *passwd:*all*authentication*tokens*updated*successfully* + +# Unix users can map to different SMB User names +; username map = /etc/samba/smbusers + +# Using the following line enables you to customise your configuration +# on a per machine basis. The %m gets replaced with the netbios name +# of the machine that is connecting +; include = /etc/samba/smb.conf.%m + +# Most people will find that this option gives better performance. +# See speed.txt and the manual pages for details + socket options = TCP_NODELAY SO_RCVBUF=8192 SO_SNDBUF=8192 + +# Configure Samba to use multiple interfaces +# If you have multiple network interfaces then you must list them +# here. See the man page for details. +; interfaces = 192.168.12.2/24 192.168.13.2/24 + +# Configure remote browse list synchronisation here +# request announcement to, or browse list sync from: +# a specific host or from / to a whole subnet (see below) +; remote browse sync = 192.168.3.25 192.168.5.255 +# Cause this host to announce itself to local subnets here +; remote announce = 192.168.1.255 192.168.2.44 + +# Browser Control Options: +# set local master to no if you don't want Samba to become a master +# browser on your network. Otherwise the normal election rules apply +; local master = no + +# OS Level determines the precedence of this server in master browser +# elections. The default value should be reasonable +; os level = 33 + +# Domain Master specifies Samba to be the Domain Master Browser. This +# allows Samba to collate browse lists between subnets. Don't use this +# if you already have a Windows NT domain controller doing this job +; domain master = yes + +# Preferred Master causes Samba to force a local browser election on startup +# and gives it a slightly higher chance of winning the election +; preferred master = yes + +# Use only if you have an NT server on your network that has been +# configured at install time to be a primary domain controller. +; domain controller = + +# Enable this if you want Samba to be a domain logon server for +# Windows95 workstations. +; domain logons = yes + +# if you enable domain logons then you may want a per-machine or +# per user logon script +# run a specific logon batch file per workstation (machine) +; logon script = %m.bat +# run a specific logon batch file per username +; logon script = %U.bat + +# Where to store roving profiles (only for Win95 and WinNT) +# %L substitutes for this servers netbios name, %U is username +# You must uncomment the [Profiles] share below +; logon path = \\%L\Profiles\%U + +# All NetBIOS names must be resolved to IP Addresses +# 'Name Resolve Order' allows the named resolution mechanism to be specified +# the default order is "host lmhosts wins bcast". "host" means use the unix +# system gethostbyname() function call that will use either /etc/hosts OR +# DNS or NIS depending on the settings of /etc/host.config, /etc/nsswitch.conf +# and the /etc/resolv.conf file. "host" therefore is system configuration +# dependant. This parameter is most often of use to prevent DNS lookups +# in order to resolve NetBIOS names to IP Addresses. Use with care! +# The example below excludes use of name resolution for machines that are NOT +# on the local network segment +# - OR - are not deliberately to be known via lmhosts or via WINS. +; name resolve order = wins lmhosts bcast + +# Windows Internet Name Serving Support Section: +# WINS Support - Tells the NMBD component of Samba to enable it's WINS Server +; wins support = yes + +# WINS Server - Tells the NMBD components of Samba to be a WINS Client +# Note: Samba can be either a WINS Server, or a WINS Client, but NOT both +; wins server = w.x.y.z + +# WINS Proxy - Tells Samba to answer name resolution queries on +# behalf of a non WINS capable client, for this to work there must be +# at least one WINS Server on the network. The default is NO. +; wins proxy = yes + +# DNS Proxy - tells Samba whether or not to try to resolve NetBIOS names +# via DNS nslookups. The built-in default for versions 1.9.17 is yes, +# this has been changed in version 1.9.18 to no. + dns proxy = no + +# Case Preservation can be handy - system default is _no_ +# NOTE: These can be set on a per share basis +; preserve case = no +; short preserve case = no +# Default case is normally upper case for all DOS files +; default case = lower +# Be very careful with case sensitivity - it can break things! +; case sensitive = no + +#============================ Share Definitions ============================== +[homes] + comment = Home Directories + browseable = no + writable = yes + +# Un-comment the following and create the netlogon directory for Domain Logons +; [netlogon] +; comment = Network Logon Service +; path = /home/netlogon +; guest ok = yes +; writable = no +; share modes = no + + +# Un-comment the following to provide a specific roving profile share +# the default is to use the user's home directory +;[Profiles] +; path = /home/profiles +; browseable = no +; guest ok = yes + + +# NOTE: If you have a BSD-style print system there is no need to +# specifically define each individual printer +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no +# Set public = yes to allow user 'guest account' to print + guest ok = no + writable = no + printable = yes + +# This one is useful for people to share files +;[tmp] +; comment = Temporary file space +; path = /tmp +; read only = no +; public = yes + +# A publicly accessible directory, but read only, except for people in +# the "staff" group +;[public] +; comment = Public Stuff +; path = /home/samba +; public = yes +; read only = yes +; write list = @staff + +# Other examples. +# +# A private printer, usable only by fred. Spool data will be placed in fred's +# home directory. Note that fred must have write access to the spool directory, +# wherever it is. +;[fredsprn] +; comment = Fred's Printer +; valid users = fred +; path = /homes/fred +; printer = freds_printer +; public = no +; writable = no +; printable = yes + +# A private directory, usable only by fred. Note that fred requires write +# access to the directory. +;[fredsdir] +; comment = Fred's Service +; path = /usr/somewhere/private +; valid users = fred +; public = no +; writable = yes +; printable = no + +# a service which has a different directory for each machine that connects +# this allows you to tailor configurations to incoming machines. You could +# also use the %u option to tailor it by user name. +# The %m gets replaced with the machine name that is connecting. +;[pchome] +; comment = PC Directories +; path = /usr/pc/%m +; public = no +; writable = yes + +# A publicly accessible directory, read/write to all users. Note that all files +# created in the directory by users will be owned by the default user, so +# any user with access can delete any other user's files. Obviously this +# directory must be writable by the default user. Another user could of course +# be specified, in which case all files would be owned by that user instead. +;[public] +; path = /usr/somewhere/else/public +; public = yes +; only guest = yes +; writable = yes +; printable = no + +# The following two entries demonstrate how to share a directory so that two +# users can place files there that will be owned by the specific users. In this +# setup, the directory should be writable by both users and should have the +# sticky bit set on it to prevent abuse. Obviously this could be extended to +# as many users as required. +;[myshare] +; comment = Mary's and Fred's stuff +; path = /usr/somewhere/shared +; valid users = mary fred +; public = no +; writable = yes +; printable = no +; create mask = 0765 + + diff --git a/packaging/RedHat/smb.init b/packaging/RedHat/smb.init new file mode 100755 index 00000000000..260439281a3 --- /dev/null +++ b/packaging/RedHat/smb.init @@ -0,0 +1,49 @@ +#!/bin/sh +# +# chkconfig: 345 91 35 +# description: Starts and stops the Samba smbd and nmbd daemons \ +# used to provide SMB network services. + +# Source function library. +. /etc/rc.d/init.d/functions + +# Source networking configuration. +. /etc/sysconfig/network + +# Check that networking is up. +[ ${NETWORKING} = "no" ] && exit 0 + +# Check that smb.conf exists. +[ -f /etc/samba/smb.conf ] || exit 0 + +# See how we were called. +case "$1" in + start) + echo -n "Starting SMB services: " + daemon smbd -D + daemon nmbd -D + echo + touch /var/lock/subsys/smb + ;; + stop) + echo -n "Shutting down SMB services: " + killproc smbd + killproc nmbd + rm -f /var/lock/subsys/smb + echo "" + ;; + status) + status smbd + status nmbd + ;; + restart) + echo -n "Restarting SMB services: " + $0 stop + $0 start + echo "done." + ;; + *) + echo "Usage: smb {start|stop|restart|status}" + exit 1 +esac + diff --git a/packaging/RedHat/smbprint b/packaging/RedHat/smbprint new file mode 100755 index 00000000000..ec083eede62 --- /dev/null +++ b/packaging/RedHat/smbprint @@ -0,0 +1,77 @@ +#!/bin/sh + +# This script is an input filter for printcap printing on a unix machine. It +# uses the smbclient program to print the file to the specified smb-based +# server and service. +# For example you could have a printcap entry like this +# +# smb:lp=/dev/null:sd=/usr/spool/smb:sh:if=/usr/local/samba/smbprint +# +# which would create a unix printer called "smb" that will print via this +# script. You will need to create the spool directory /usr/spool/smb with +# appropriate permissions and ownerships for your system. + +# Set these to the server and service you wish to print to +# In this example I have a WfWg PC called "lapland" that has a printer +# exported called "printer" with no password. + +# +# Script further altered by hamiltom@ecnz.co.nz (Michael Hamilton) +# so that the server, service, and password can be read from +# a /var/spool/lpd/PRINTNAME/.config file. +# +# In order for this to work the /etc/printcap entry must include an +# accounting file (af=...): +# +# cdcolour:\ +# :cm=CD IBM Colorjet on 6th:\ +# :sd=/var/spool/lpd/cdcolour:\ +# :af=/var/spool/lpd/cdcolour/acct:\ +# :if=/usr/local/etc/smbprint:\ +# :mx=0:\ +# :lp=/dev/null: +# +# The /usr/var/spool/lpd/PRINTNAME/.config file should contain: +# server=PC_SERVER +# service=PR_SHARENAME +# password="password" +# +# E.g. +# server=PAULS_PC +# service=CJET_371 +# password="" + +# +# Debugging log file, change to /dev/null if you like. +# +# logfile=/tmp/smb-print.log +logfile=/dev/null + + +# +# The last parameter to the filter is the accounting file name. +# Extract the directory name from the file name. +# Concat this with /.config to get the config file. +# +eval acct_file=\${$#} +spool_dir=`dirname $acct_file` +config_file=$spool_dir/.config + +# Should read the following variables set in the config file: +# server +# service +# password +eval `cat $config_file` + +# +# Some debugging help, change the >> to > if you want to same space. +# +echo "server $server, service $service" >> $logfile + +( +# NOTE You may wish to add the line `echo translate' if you want automatic +# CR/LF translation when printing. +# echo translate + echo "print -" + cat +) | /usr/bin/smbclient "\\\\$server\\$service" $password -U $server -N -P >> $logfile diff --git a/packaging/RedHat/smbusers b/packaging/RedHat/smbusers new file mode 100644 index 00000000000..ae3389f53f8 --- /dev/null +++ b/packaging/RedHat/smbusers @@ -0,0 +1,3 @@ +# Unix_name = SMB_name1 SMB_name2 ... +root = administrator admin +nobody = guest pcguest smbguest diff --git a/packaging/SGI/.cvsignore b/packaging/SGI/.cvsignore new file mode 100644 index 00000000000..7b74def5aea --- /dev/null +++ b/packaging/SGI/.cvsignore @@ -0,0 +1,8 @@ +bins +catman +html +codepages +swat +Makefile +samba.idb +samba.spec diff --git a/packaging/SGI/README b/packaging/SGI/README new file mode 100644 index 00000000000..f13164af4a7 --- /dev/null +++ b/packaging/SGI/README @@ -0,0 +1,44 @@ +This directory contains sample files for using Samba on an IRIX +system. These were taken from a system running IRIX 6.2. The +client machines were running Win95 and connected via the Ethernet +using TCP/IP and DNS. Consult the Samba documentation for tips +on configuring Samba "properly"; this smb.conf file is very simple. +Consult the Microsoft help/documentation to understand how to +configure the networking support on the PC clients (Win95, WfW, +etc.). + +This distribution is configured so that various Samba configuration, +binary, and log files are placed in the /usr/samba file hierarchy. +Man pages are placed in the /usr/share/catman/u_man hierarchy. + +The version number of the distribution is a 10 digit number that +is created from the samba version number. Each section of the samba +version number forms 2 digits of the version number (with leading +zeros if necessary). The alpha versions add 00 and 2 digits for +the alpha number. The first release adds 0100. Patch releases add +2 digits for the patch level plus 1 and 00. + +samba version 1.9.18alpha9 would become 0109180009 +samba version 1.9.18 would become 0109180100 +samba version 1.9.18p9 would become 0109181000 + +You can enable all printers on your system to be used by samba +by running the script /usr/samba/mkprintcap.sh + +This distribution automatically configures samba to run as deamons +by the script /etc/init.d/samba and the file /etc/config/samba +(used by chkconfig). If you would prefer to have samba started by +inetd you can run the script /usr/samba/inetd.sh. + +To create a Samba distribution you must have the Documenter's WorkBench +package installed to format the manual pages. In addition you need +to have the Software Packager software (inst_dev) installed to +generate the inst images, and Perl to generate the spec and idb files. + +From /usr/samba/packaging/SGI directory run the mkrelease.sh script. +There is one optional argument which is the major release number of the +OS version (4, 5, or 6) you desire. If no number is specified it defaults +to 6. This script uses Perl to generate the Makefile with the proper +defines and the packaging files samba.spec and samba.idb. The binary +package files will be placed in ./bins + diff --git a/packaging/SGI/findsmb b/packaging/SGI/findsmb new file mode 100755 index 00000000000..a48ec592e80 --- /dev/null +++ b/packaging/SGI/findsmb @@ -0,0 +1,141 @@ +#!/bin/perl +# +# Prints info on all smb responding machines on a subnet. +# This script needs to be run on a machine without nmbd running and be +# run as root to get correct info from WIN95 clients. +# +# syntax: +# findsmb [subnet broadcast address] +# +# with no agrument it will list machines on the current subnet +# +# There will be a "+" in front of the workgroup name for machines that are +# local master browsers for that workgroup. There will be an "*" in front +# of the workgroup name for machines that are the domain master browser for +# that workgroup. +# + +$SAMBABIN = "/usr/samba/bin"; + +for ($i = 0; $i < 2; $i++) { # test for -d option and broadcast address + $_ = shift; + if (m/-d|-D/) { + $DEBUG = 1; + } else { + if ($_) { + $BCAST = "-B $_"; + } + } +} + +sub ipsort # do numeric sort on last field of IP address +{ + @t1 = split(/\./,$a); + @t2 = split(/\./,$b); + @t1[3] <=> @t2[3]; +} + +# look for all machines that respond to a name lookup + +open(NMBLOOKUP,"$SAMBABIN/nmblookup $BCAST '*'|") || + die("Can't run nmblookup '*'.\n"); + +# get rid of all lines that are not a response IP address, +# strip everything but IP address and sort by last field in address + +@ipaddrs = sort ipsort grep(s/ \*<00>.*$//,); + +# print header info + +print "\nIP ADDR NETBIOS NAME WORKGROUP/OS/VERSION $BCAST\n"; +print "---------------------------------------------------------------------\n"; + +foreach $ip (@ipaddrs) # loop through each IP address found +{ + $ip =~ s/\n//; # strip newline from IP address + +# find the netbios names registered by each machine + + open(NMBLOOKUP,"$SAMBABIN/nmblookup -r -A $ip|") || + die("Can't get nmb name list.\n"); + @nmblookup = ; + close NMBLOOKUP; + +# get the first <00> name + + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { # we have a netbios name + if (/GROUP/) { # is it a group name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + } else { + /(\S+)/; + $name = $1; + } + +# do an smbclient command on the netbios name. + + open(SMB,"$SAMBABIN/smbclient -N -L $name -I $ip -U% |") || + die("Can't do smbclient command.\n"); + @smb = ; + close SMB; + + if ($DEBUG) { # if -d flag print results of nmblookup and smbclient + print "===============================================================\n"; + print @nmblookup; + print @smb; + } + +# look for the OS= string + + @info = grep(/OS=/,@smb); + $_ = @info[0]; + if ($_) { # we found response + s/.*Domain=|OS=|Server=|\n//g; # strip out descriptions to make line shorter + + } else { # no OS= string in response (WIN95 client) + +# for WIN95 clients get workgroup name from nmblookup response + @name = grep(/<00> - /,@nmblookup); + $_ = @name[0]; + if ($_) { + /(\S+)/; + $_ = "[$1]"; + } else { + $_ = "Unknown Workgroup"; + } + } + +# see if machine registered a local master browser name + if (grep(/<1d>/,@nmblookup)) { + $master = '+'; # indicate local master browser + if (grep(/<1b>/,@nmblookup)) { # how about domain master browser? + $master = '*'; # indicate domain master browser + } + } else { + $master = ' '; # not a browse master + } + +# line up info in 3 columns + + print "$ip".' 'x(16-length($ip))."$name".' 'x(14-length($name))."$master"."$_\n"; + + } else { # no netbios name found +# try getting the host name + ($name, $aliases, $type, $length, @addresses) = + gethostbyaddr(pack('C4',split('\.',$ip)),2); + if (! $name) { # could not get name + $name = "unknown nis name"; + } + if ($DEBUG) { # if -d flag print results of nmblookup + print "===============================================================\n"; + print @nmblookup; + } + print "$ip".' 'x(16-length($ip))."$name\n"; + } +} + diff --git a/packaging/SGI/idb.pl b/packaging/SGI/idb.pl new file mode 100755 index 00000000000..ddbad803569 --- /dev/null +++ b/packaging/SGI/idb.pl @@ -0,0 +1,392 @@ +#!/usr/bin/perl +require "pwd.pl" || die "Required pwd.pl not found"; + +# This perl script automatically generates the idb file + +$PKG = 'samba'; +$SRCDIR = '../..'; +$SRCPFX = '.'; + +&initpwd; +$curdir = $ENV{"PWD"}; + +if ($PKG eq "samba_irix") { + open(BOOKS,"IDB.books") || die "Unable to open IDB.books file\n"; + @books = sort idbsort ; + close BOOKS; +} + +# We don't want the files listed in .cvsignore in the source tree +open(IGNORES,"$SRCDIR/source/.cvsignore") || die "Unable to open .cvsignore file\n"; +while () { + chop; + next if /cvs\.log/; + $ignores{$_}++; +} +close IGNORES; + +# We don't want the files listed in .cvsignore in the source/include tree +open(IGNORES,"$SRCDIR/source/include/.cvsignore") || die "Unable to open include/.cvsignore file\n"; +while () { + chop; + $ignores{$_}++; +} +close IGNORES; + +# get the names of all the binary files to be installed +open(MAKEFILE,"$SRCDIR/source/Makefile") || die "Unable to open Makefile\n"; +@makefile = ; +@winbind_progs = grep(/^WINBIND_PROGS /,@makefile); +@winbind_sprogs = grep(/^WINBIND_SPROGS /,@makefile); +@winbind_lprogs = grep(/^WINBIND_LPROGS /,@makefile); +@winbind_pam_progs = grep(/^WINBIND_PAM_PROGS /,@makefile); +@sprogs = grep(/^SPROGS /,@makefile); +@progs1 = grep(/^PROGS1 /,@makefile); +@progs2 = grep(/^PROGS2 /,@makefile); +@mprogs = grep(/^MPROGS /,@makefile); +@progs = grep(/^PROGS /,@makefile); +@scripts = grep(/^SCRIPTS /,@makefile); +@codepagelist = grep(/^CODEPAGELIST/,@makefile); +close MAKEFILE; + +if (@winbind_progs) { + @winbind_progs[0] =~ s/^.*\=//; + @winbind_progs = split(' ',@winbind_progs[0]); +} +if (@winbind_sprogs) { + @winbind_sprogs[0] =~ s/^.*\=//; + @winbind_sprogs = split(' ',@winbind_sprogs[0]); +} +if (@winbind_lprogs) { + @winbind_lprogs[0] =~ s/^.*\=//; + @winbind_lprogs = split(' ',@winbind_lprogs[0]); +} +if (@winbind_pam_progs) { + @winbind_pam_progs[0] =~ s/^.*\=//; + @winbind_pam_progs = split(' ',@winbind_pam_progs[0]); +} +if (@sprogs) { + @sprogs[0] =~ s/^.*\=//; + @sprogs[0] =~ s/\$\(\S+\)\s//g; + @sprogs = split(' ',@sprogs[0]); +} +if (@progs) { + @progs[0] =~ s/^.*\=//; + @progs[0] =~ s/\$\(\S+\)\s//g; + @progs = split(' ',@progs[0]); +} +if (@mprogs) { + @mprogs[0] =~ s/^.*\=//; + @mprogs = split(' ',@mprogs[0]); +} +if (@progs1) { + @progs1[0] =~ s/^.*\=//; + @progs1 = split(' ',@progs1[0]); +} +if (@progs2) { + @progs2[0] =~ s/^.*\=//; + @progs2 = split(' ',@progs2[0]); +} +if (@scripts) { + @scripts[0] =~ s/^.*\=//; + @scripts[0] =~ s/\$\(srcdir\)\///g; + @scripts = split(' ',@scripts[0]); +} + +# we need to create codepages for the package +@codepagelist[0] =~ s/^.*\=//; +chdir "$SRCDIR/source"; +system("chmod +x ./script/installcp.sh"); +system("./script/installcp.sh . . ../packaging/SGI/codepages ./bin @codepagelist[0]"); +chdir $curdir; +opendir(DIR,"$SRCDIR/packaging/SGI/codepages") || die "Can't open codepages directory"; +@codepage = sort readdir(DIR); +closedir(DIR); + +# install the swat files +chdir "$SRCDIR/source"; +system("chmod +x ./script/installswat.sh"); +system("./script/installswat.sh ../packaging/SGI/swat ./ ../packaging/SGI/swat/using_samba"); +system("cp -f ../swat/README ../packaging/SGI/swat"); +chdir $curdir; + +# add my local files to the list of binaries to install +@bins = sort byfilename (@sprogs,@progs,@progs1,@progs2,@mprogs,@scripts,@winbind_progs,@winbind_sprogs,("/findsmb","/sambalp","/smbprint")); + +@nsswitch = sort byfilename (@winbind_lprogs,@winbind_pam_progs); + +# get a complete list of all files in the tree +chdir "$SRCDIR/"; +&dodir('.'); +chdir $curdir; + +# the files installed in docs include all the original files in docs plus all +# the "*.doc" files from the source tree +@docs = sort byfilename grep (!/^docs\/$/ & (/^source\/.*\.doc$/ | /^docs\//),@allfiles); +@docs = grep(!/htmldocs\/using_samba/, @docs); +@docs = grep(!/docbook/, @docs); + +@swatfiles = sort grep(/^packaging\/SGI\/swat/, @allfiles); +@catman = sort grep(/^packaging\/SGI\/catman/ & !/\/$/, @allfiles); +@catman = sort bydirnum @catman; + +# strip out all the generated directories and the "*.o" files from the source +# release +@allfiles = grep(!/^.*\.o$/ & !/^.*\.po$/ & !/^.*\.po32$/ & !/^.*\.so$/ & !/^source\/bin/ & !/^packaging\/SGI\/bins/ & !/^packaging\/SGI\/catman/ & !/^packaging\/SGI\/html/ & !/^packaging\/SGI\/codepages/ & !/^packaging\/SGI\/swat/, @allfiles); + +open(IDB,"> $curdir/$PKG.idb") || die "Unable to open $PKG.idb for output\n"; + +print IDB "f 0644 root sys etc/config/samba $SRCPFX/packaging/SGI/samba.config $PKG.sw.base config(update)\n"; +print IDB "f 0644 root sys etc/config/winbind $SRCPFX/packaging/SGI/winbindd.config $PKG.sw.base config(update)\n"; +print IDB "f 0755 root sys etc/init.d/samba $SRCPFX/packaging/SGI/samba.rc $PKG.sw.base\n"; +print IDB "f 0755 root sys etc/init.d/winbind $SRCPFX/packaging/SGI/winbindd.rc $PKG.sw.base\n"; +print IDB "l 0000 root sys etc/rc0.d/K36winbind $SRCPFX/packaging/SGI $PKG.sw.base symval(../init.d/winbind)\n"; +print IDB "l 0000 root sys etc/rc0.d/K37samba $SRCPFX/packaging/SGI $PKG.sw.base symval(../init.d/samba)\n"; +print IDB "l 0000 root sys etc/rc2.d/S81samba $SRCPFX/packaging/SGI $PKG.sw.base symval(../init.d/samba)\n"; +print IDB "l 0000 root sys etc/rc2.d/S82winbind $SRCPFX/packaging/SGI $PKG.sw.base symval(../init.d/winbind)\n"; + +if ($PKG eq "samba_irix") { + print IDB "d 0755 root sys usr/relnotes/samba_irix $SRCPFX/packaging/SGI $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba_irix/TC build/TC $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba_irix/ch1.z build/ch1.z $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba_irix/ch2.z build/ch2.z $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba_irix/ch3.z build/ch3.z $PKG.man.relnotes\n"; +} +else { + @copyfile = grep (/^COPY/,@allfiles); + print IDB "d 0755 root sys usr/relnotes/samba $SRCPFX/packaging/SGI $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba/@copyfile[0] $SRCPFX/@copyfile[0] $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba/legal_notice.html $SRCPFX/packaging/SGI/legal_notice.html $PKG.man.relnotes\n"; + print IDB "f 0644 root sys usr/relnotes/samba/samba-relnotes.html $SRCPFX/packaging/SGI/relnotes.html $PKG.man.relnotes\n"; +} + +print IDB "d 0755 root sys usr/samba $SRCPFX/packaging/SGI $PKG.sw.base\n"; + +print IDB "d 0755 root sys usr/samba/bin $SRCPFX/packaging/SGI $PKG.sw.base\n"; +while(@bins) { + $nextfile = shift @bins; + ($filename = $nextfile) =~ s/^.*\///;; + + if (index($nextfile,'$')) { + if ($filename eq "smbpasswd") { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/source/$nextfile $PKG.sw.base \n"; + } + elsif ($filename eq "findsmb") { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/packaging/SGI/$filename $PKG.sw.base\n"; + } + elsif ($filename eq "swat") { + print IDB "f 4755 root sys usr/samba/bin/$filename $SRCPFX/source/$nextfile $PKG.sw.base preop(\"chroot \$rbase /etc/init.d/samba stop\") exitop(\"chroot \$rbase /usr/samba/scripts/startswat.sh\") removeop(\"chroot \$rbase /sbin/cp /etc/inetd.conf /etc/inetd.conf.O ; chroot \$rbase /sbin/sed -e '/^swat/D' -e '/^#SWAT/D' /etc/inetd.conf.O >/etc/inetd.conf; /etc/killall -HUP inetd || true\")\n"; + } + elsif ($filename eq "sambalp") { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/packaging/SGI/$filename $PKG.sw.base \n"; + } + elsif ($filename eq "smbprint") { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/packaging/SGI/$filename $PKG.sw.base\n"; + } + elsif ($filename eq "smbd") { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/source/$nextfile $PKG.sw.base \n"; + if (-e "$SRCDIR/source/$nextfile.noquota") { + print IDB "f 0755 root sys usr/samba/bin/$filename.noquota $SRCPFX/source/$nextfile.noquota $PKG.sw.base \n"; + } + if (-e "$SRCDIR/source/$nextfile.profile") { + print IDB "f 0755 root sys usr/samba/bin/$filename.profile $SRCPFX/source/$nextfile.profile $PKG.sw.base \n"; + } + } + elsif ($filename eq "nmbd") { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/source/$nextfile $PKG.sw.base \n"; + if (-e "$SRCDIR/source/$nextfile.profile") { + print IDB "f 0755 root sys usr/samba/bin/$filename.profile $SRCPFX/source/$nextfile.profile $PKG.sw.base \n"; + } + } + else { + print IDB "f 0755 root sys usr/samba/bin/$filename $SRCPFX/source/$nextfile $PKG.sw.base \n"; + } + } +} + +print IDB "d 0755 root sys usr/samba/docs $SRCPFX/docs $PKG.man.doc\n"; +while (@docs) { + $nextfile = shift @docs; + next if ($nextfile eq "CVS"); + ($junk,$file) = split(/\//,$nextfile,2); + if (grep(/\/$/,$nextfile)) { + $file =~ s/\/$//; + $nextfile =~ s/\/$//; + print IDB "d 0755 root sys usr/samba/docs/$file $SRCPFX/$nextfile $PKG.man.doc\n"; + } + else { + print IDB "f 0644 root sys usr/samba/docs/$file $SRCPFX/$nextfile $PKG.man.doc\n"; + } +} + +print IDB "d 0755 root sys usr/samba/include $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "f 0644 root sys usr/samba/include/libsmbclient.h $SRCPFX/source/include/libsmbclient.h $PKG.sw.base\n"; + +print IDB "d 0755 root sys usr/samba/lib $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 root sys usr/samba/lib/codepages $SRCPFX/packaging/SGI $PKG.sw.base\n"; +while (@codepage) { + $nextpage = shift @codepage; + print IDB "f 0644 root sys usr/samba/lib/codepages/$nextpage $SRCPFX/packaging/SGI/codepages/$nextpage $PKG.sw.base nostrip \n"; +} +print IDB "f 0644 root sys usr/samba/lib/libsmbclient.a $SRCPFX/source/bin/libsmbclient.a $PKG.sw.base\n"; +print IDB "f 0644 root sys usr/samba/lib/libsmbclient.so $SRCPFX/source/bin/libsmbclient.so $PKG.sw.base\n"; +print IDB "f 0644 root sys usr/samba/lib/smb.conf $SRCPFX/packaging/SGI/smb.conf $PKG.sw.base config(suggest)\n"; + +print IDB "d 0755 lp sys usr/samba/printer $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 lp sys usr/samba/printer/W32ALPHA $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 lp sys usr/samba/printer/W32MIPS $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 lp sys usr/samba/printer/W32PPC $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 lp sys usr/samba/printer/W32X86 $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 lp sys usr/samba/printer/WIN40 $SRCPFX/packaging/SGI $PKG.sw.base\n"; + +print IDB "d 0644 root sys usr/samba/private $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "f 0600 root sys usr/samba/private/smbpasswd $SRCPFX/packaging/SGI/smbpasswd $PKG.sw.base config(suggest)\n"; + +print IDB "d 0755 root sys usr/samba/scripts $SRCPFX/packaging/SGI $PKG.src.samba\n"; +print IDB "f 0755 root sys usr/samba/scripts/inetd.sh $SRCPFX/packaging/SGI/inetd.sh $PKG.sw.base\n"; +print IDB "f 0755 root sys usr/samba/scripts/inst.msg $SRCPFX/packaging/SGI/inst.msg $PKG.sw.base exitop(\"chroot \$rbase /usr/samba/scripts/inst.msg\")\n"; +print IDB "f 0755 root sys usr/samba/scripts/mkprintcap.sh $SRCPFX/packaging/SGI/mkprintcap.sh $PKG.sw.base\n"; +print IDB "f 0755 root sys usr/samba/scripts/removeswat.sh $SRCPFX/packaging/SGI/removeswat.sh $PKG.sw.base\n"; +print IDB "f 0755 root sys usr/samba/scripts/startswat.sh $SRCPFX/packaging/SGI/startswat.sh $PKG.sw.base\n"; + +print IDB "d 0755 root sys usr/samba/src $SRCPFX/packaging/SGI $PKG.src.samba\n"; +@sorted = sort(@allfiles); +while (@sorted) { + $nextfile = shift @sorted; + ($file = $nextfile) =~ s/^.*\///; + next if grep(/packaging\/SGI/& (/Makefile/ | /samba\.spec/ | /samba\.idb/),$nextfile); + next if grep(/source/,$nextfile) && ($ignores{$file}); + next if ($nextfile eq "CVS"); + if (grep(/\/$/,$nextfile)) { + $nextfile =~ s/\/$//; + print IDB "d 0755 root sys usr/samba/src/$nextfile $SRCPFX/$nextfile $PKG.src.samba\n"; + } + else { + if (grep((/\.sh$/ | /configure$/ | /configure\.developer/ | /config\.guess/ | /config\.sub/ | /\.pl$/ | /mkman$/ | /pcp\/Install/ | /pcp\/Remove/),$nextfile)) { + print IDB "f 0755 root sys usr/samba/src/$nextfile $SRCPFX/$nextfile $PKG.src.samba\n"; + } + else { + print IDB "f 0644 root sys usr/samba/src/$nextfile $SRCPFX/$nextfile $PKG.src.samba\n"; + } + } +} + +print IDB "d 0755 root sys usr/samba/swat $SRCPFX/packaging/SGI/swat $PKG.sw.base\n"; +while (@swatfiles) { + $nextfile = shift @swatfiles; + ($file = $nextfile) =~ s/^packaging\/SGI\/swat\///; + next if !$file; + if (grep(/\/$/,$file)) { + $file =~ s/\/$//; + print IDB "d 0755 root sys usr/samba/swat/$file $SRCPFX/packaging/SGI/swat/$file $PKG.sw.base\n"; + } + else { + print IDB "f 0444 root sys usr/samba/swat/$file $SRCPFX/packaging/SGI/swat/$file $PKG.sw.base\n"; + } +} + +print IDB "d 0755 root sys usr/samba/var $SRCPFX/packaging/SGI $PKG.sw.base\n"; +print IDB "d 0755 root sys usr/samba/var/locks $SRCPFX/packaging/SGI $PKG.sw.base\n"; + +if ($PKG eq "samba_irix") { + while(@books) { + $nextfile = shift @books; + print IDB $nextfile; + } +} + +print IDB "d 0755 root sys usr/share/catman/u_man $SRCPFX/packaging/SGI $PKG.man.manpages\n"; +$olddirnum = "0"; +while (@catman) { + $nextfile = shift @catman; + ($file = $nextfile) =~ s/^packaging\/SGI\/catman\///; + ($dirnum = $file) =~ s/^[\D]*//; + $dirnum =~ s/\.z//; + if ($dirnum ne $olddirnum) { + print IDB "d 0755 root sys usr/share/catman/u_man/cat$dirnum $SRCPFX/packaging/SGI $PKG.man.manpages\n"; + $olddirnum = $dirnum; + } + print IDB "f 0664 root sys usr/share/catman/u_man/cat$dirnum/$file $SRCPFX/$nextfile $PKG.man.manpages\n"; +} + +if (@nsswitch) { + print IDB "d 0755 root sys var/ns/lib $SRCPFX/packaging/SGI $PKG.sw.base\n"; + while(@nsswitch) { + $nextfile = shift @nsswitch; + ($filename = $nextfile) =~ s/^.*\///; + $filename =~ s/libnss/libns/; + print IDB "f 0644 root sys var/ns/lib/$filename $SRCPFX/source/$nextfile $PKG.sw.base \n"; + } +} + +print IDB "d 01777 lp sys var/spool/samba $SRCPFX/packaging/SGI $PKG.sw.base\n"; + +close IDB; +print "\n\n$PKG.idb file has been created\n"; + +sub dodir { + local($dir, $nlink) = @_; + local($dev,$ino,$mode,$subcount); + + ($dev,$ino,$mode,$nlink) = stat('.') unless $nlink; + + opendir(DIR,'.') || die "Can't open current directory"; + local(@filenames) = sort readdir(DIR); + closedir(DIR); + + if ($nlink ==2) { # This dir has no subdirectories. + for (@filenames) { + next if $_ eq '.'; + next if $_ eq '..'; + $this = substr($dir,2)."/$_"; + push(@allfiles,$this); + } + } + else { + $subcount = $nlink -2; + for (@filenames) { + next if $_ eq '.'; + next if $_ eq '..'; + next if $_ eq 'CVS'; + ($dev,$ino,$mode,$nlink) = lstat($_); + $name = "$dir/$_"; + $this = substr($name,2); + $this .= '/' if -d; + push(@allfiles,$this); + next if $subcount == 0; # seen all the subdirs? + + next unless -d _; + + chdir $_ || die "Can't cd to $name"; + &dodir($name,$nlink); + chdir '..'; + --$subcount; + } + } +} + +sub byfilename { + ($f0,$f1) = split(/\//,$a,2); + ($f0,$f2) = split(/\//,$b,2); + $f1 cmp $f2; +} + +sub bydirnum { + ($f1 = $a) =~ s/^.*\///; + ($f2 = $b) =~ s/^.*\///; + ($dir1 = $a) =~ s/^[\D]*//; + ($dir2 = $b) =~ s/^[\D]*//; + if (!($dir1 <=> $dir2)) { + $f1 cmp $f2; + } + else { + $dir1 <=> $dir2; + } +} + +sub idbsort { + ($f0,$f1,$f2,$f3) = split(/ /,$a,4); + ($f0,$f1,$f2,$f4) = split(/ /,$b,4); + $f3 cmp $f4; +} + diff --git a/packaging/SGI/inetd.sh b/packaging/SGI/inetd.sh new file mode 100755 index 00000000000..1d403978aec --- /dev/null +++ b/packaging/SGI/inetd.sh @@ -0,0 +1,37 @@ +#! /bin/sh +# +# kill any running samba processes +# +/etc/killall smbd nmbd +chkconfig samba off + +# +# add SAMBA deamons to inetd.conf +# +cp /etc/inetd.conf /etc/inetd.conf.O + +if [ $? -ne 0 ]; then exit 1; fi +if [ ! -r /etc/inetd.conf.O -o ! -w /etc/inetd.conf ]; then exit 1; fi + +sed -e "/^netbios/D" -e "/^#SAMBA/D" /etc/inetd.conf.O > /etc/inetd.conf +echo '#SAMBA services' >> /etc/inetd.conf +echo netbios-ssn stream tcp nowait root /usr/samba/bin/smbd smbd >> /etc/inetd.conf +echo netbios-ns dgram udp wait root /usr/samba/bin/nmbd nmbd -S >> /etc/inetd.conf + +# +# add SAMBA service ports to /etc/services +# +cp /etc/services /etc/services.O + +if [ $? -ne 0 ]; then exit 1; fi +if [ ! -r /etc/services.O -o ! -w /etc/services ]; then exit 1; fi + +sed -e "/^netbios/D" -e "/^#SAMBA/D" /etc/services.O > /etc/services +echo '#SAMBA services' >> /etc/services +echo 'netbios-ns 137/udp # SAMBA' >> /etc/services +echo 'netbios-ssn 139/tcp # SAMBA' >> /etc/services + +# +# restart inetd to start SAMBA +# +/etc/killall -HUP inetd diff --git a/packaging/SGI/inst.msg b/packaging/SGI/inst.msg new file mode 100755 index 00000000000..4d8bab389cb --- /dev/null +++ b/packaging/SGI/inst.msg @@ -0,0 +1,31 @@ +#! /bin/sh + +echo +echo +echo Samba has been installed on your system. +echo +echo Your /etc/services and /etc/inetd.conf files have +echo been modified to automatically start the +echo Samba Web Administration Tool \(SWAT\) when you +echo connect with a web browser to +echo +echo http://`hostname`:901 +echo +echo The original versions of /etc/services and +echo /etc/inetd.conf were saved with a .O extension. +echo +echo If you do not wish SWAT to be enabled you may +echo run the script /usr/samba/scripts/removeswat.sh +echo which will remove the entries from /etc/services +echo and /etc/inetd.conf +echo +echo Please review your configuration settings by +echo connecting to SWAT or editing the file +echo /usr/samba/lib/smb.conf and then starting +echo the smbd and nmbd daemons to complete the +echo installation. You may start the daemons from +echo the SWAT "Status" page or by executing the +echo following command as root. +echo +echo /etc/init.d/samba start +echo diff --git a/packaging/SGI/legal_notice.html b/packaging/SGI/legal_notice.html new file mode 100644 index 00000000000..fdb76456289 --- /dev/null +++ b/packaging/SGI/legal_notice.html @@ -0,0 +1,53 @@ + + + +Silicon Graphics Freeware Legal Notice + + + +

Silicon Graphics Freeware Legal Notice

+
+Copyright 1995, Silicon Graphics, Inc. -- ALL RIGHTS RESERVED +

+You may copy, modify, use and distribute this software, (i) +provided that you include the entirety of this reservation of +rights notice in all such copies, and (ii) you comply with any +additional or different obligations and/or use restrictions +specified by any third party owner or supplier of the software +in other notices that may be included with the software. + +

+SGI DISCLAIMS ALL WARRANTIES WITH RESPECT TO THIS SOFTWARE, +EXPRESS, IMPLIED, OR OTHERWISE, INCLUDING WITHOUT LIMITATION, +ALL WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR +PURPOSE OR NONINFRINGEMENT. SGI SHALL NOT BE LIABLE FOR ANY +SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING, +WITHOUT LIMITATION, LOST REVENUES, LOST PROFITS, OR LOSS OF +PROSPECTIVE ECONOMIC ADVANTAGE, RESULTING FROM THE USE OR MISUSE +OF THIS SOFTWARE. + +

+U.S. GOVERNMENT RESTRICTED RIGHTS LEGEND: + +

+ +Use, duplication or disclosure by the Government is subject to +restrictions as set forth in FAR 52.227.19(c)(2) or subparagraph +(c)(1)(ii) of the Rights in Technical Data and Computer Software +clause at DFARS 252.227-7013 and/or in similar or successor +clauses in the FAR, or the DOD or NASA FAR Supplement. +Unpublished - rights reserved under the Copyright Laws of United +States. Contractor/manufacturer is Silicon Graphics, Inc., 2011 +N. Shoreline Blvd. Mountain View, CA 94039-7311. + +

Product Support

+ +

+Freeware products are not supported by Silicon Graphics or any +of its support providers. The software contained in this package +is made available through the generous efforts of their authors. +Although they are interested in your feedback, they are under no +obligation to address bugs, enhancements, or answer questions. + + + diff --git a/packaging/SGI/mkman b/packaging/SGI/mkman new file mode 100755 index 00000000000..a39ed9fdd0c --- /dev/null +++ b/packaging/SGI/mkman @@ -0,0 +1,18 @@ +#!/bin/sh + +if [ ! -d catman ]; then + mkdir catman +fi + + +FILES="*.?" + +cd ../../docs/manpages +for FILE in $FILES ; do + if [ "$FILE" = "smbmnt.8" ]; then continue; fi; + if [ "$FILE" = "smbmount.8" -o "$FILE" = "smbumount.8" ]; then continue; fi; + if [ "$FILE" = "smbrun.1" ]; then continue; fi; + neqn $FILE | tbl | nroff -man > ../../packaging/SGI/catman/`basename $FILE` + pack -f ../../packaging/SGI/catman/`basename $FILE` +done +cd ../../packaging/SGI diff --git a/packaging/SGI/mkprintcap.sh b/packaging/SGI/mkprintcap.sh new file mode 100755 index 00000000000..f610e757f06 --- /dev/null +++ b/packaging/SGI/mkprintcap.sh @@ -0,0 +1,15 @@ +#! /bin/sh +# +# create printcap file +# +if [ -r /usr/samba/printcap ] +then + cp /usr/samba/printcap /usr/samba/printcap.O +fi + +echo "#" > /usr/samba/printcap +echo "# Samba printcap file" >> /usr/samba/printcap +echo "# Alias names are separated by |, any name with spaces is taken as a comment" >> /usr/samba/printcap +echo "#" >> /usr/samba/printcap +lpstat -a | sed -e "s/ .*//" >> /usr/samba/printcap + diff --git a/packaging/SGI/mkrelease.sh b/packaging/SGI/mkrelease.sh new file mode 100755 index 00000000000..6ba486c673f --- /dev/null +++ b/packaging/SGI/mkrelease.sh @@ -0,0 +1,124 @@ +#!/bin/sh + +# This file goes through all the necessary steps to build a release package. +# syntax: +# mkrelease.sh [clean] +# +# You can specify clean to do a make clean before building. Make clean +# will also run configure and generate the required Makefile. +# +# This will build an smbd.noquota, smbd.profile, nmbd.profile and the +# entire package with quota support and acl support. + +doclean="" +SGI_ABI=-n32 +ISA=-mips3 +CC=cc + +if [ ! -f ../../source/Makefile ]; then + doclean="clean" +fi + +if [ "$1" = "clean" ] || [ "$1" = "cleanonly" ]; then + doclean=$1 + shift +fi + +export SGI_ABI ISA CC + +if [ "$doclean" = "clean" ] || [ "$doclean" = "cleanonly" ]; then + cd ../../source + if [ -f Makefile ]; then + make distclean + fi + rm -rf bin/*.profile bin/*.noquota + cd ../packaging/SGI + rm -rf bins catman html codepages swat samba.idb samba.spec + if [ "$doclean" = "cleanonly" ]; then exit 0 ; fi +fi + +# create the catman versions of the manual pages +# +if [ "$doclean" = "clean" ]; then + echo Making manual pages + ./mkman + errstat=$? + if [ $errstat -ne 0 ]; then + echo "Error $errstat making manual pages\n"; + exit $errstat; + fi +fi + +cd ../../source +if [ "$doclean" = "clean" ]; then + echo Create SGI specific Makefile + ./configure --prefix=/usr/samba --sbindir=/usr/samba/bin --mandir=/usr/share/catman --with-acl-support --with-quotas --with-smbwrapper + errstat=$? + if [ $errstat -ne 0 ]; then + echo "Error $errstat creating Makefile\n"; + exit $errstat; + fi +fi + + +# build the sources +# +echo Making binaries + +echo "===================== Making Profile versions =======================" +make clean +make headers +make -P "CFLAGS=-O -g3 -woff 1188 -D WITH_PROFILE" bin/smbd bin/nmbd +errstat=$? +if [ $errstat -ne 0 ]; then + echo "Error $errstat building profile sources\n"; + exit $errstat; +fi +mv bin/smbd bin/smbd.profile +mv bin/nmbd bin/nmbd.profile + +echo "===================== Making No Quota versions =======================" +make clean +make headers +make -P "CFLAGS=-O -g3 -woff 1188 -D QUOTAOBJS=smbd/noquotas.o" bin/smbd +errstat=$? +if [ $errstat -ne 0 ]; then + echo "Error $errstat building noquota sources\n"; + exit $errstat; +fi +mv bin/smbd bin/smbd.noquota + +echo "===================== Making Regular versions =======================" +make -P "CFLAGS=-O -g3 -woff 1188" all libsmbclient +errstat=$? +if [ $errstat -ne 0 ]; then + echo "Error $errstat building sources\n"; + exit $errstat; +fi + +cd ../packaging/SGI + +# generate the packages +# +echo Generating Inst Packages +./spec.pl # create the samba.spec file +errstat=$? +if [ $errstat -ne 0 ]; then + echo "Error $errstat creating samba.spec\n"; + exit $errstat; +fi + +./idb.pl # create the samba.idb file +errstat=$? +if [ $errstat -ne 0 ]; then + echo "Error $errstat creating samba.idb\n"; + exit $errstat; +fi + +if [ ! -d bins ]; then + mkdir bins +fi + +# do the packaging +/usr/sbin/gendist -rbase / -sbase ../.. -idb samba.idb -spec samba.spec -dist ./bins -all + diff --git a/packaging/SGI/printcap b/packaging/SGI/printcap new file mode 100644 index 00000000000..b67b9cb167c --- /dev/null +++ b/packaging/SGI/printcap @@ -0,0 +1,5 @@ +# +# Sample printcap file +# Alias names are separated by |, any name with spaces is taken as a comment +# +lp4js|lp12|LaserJet on the third floor by the coffee machine diff --git a/packaging/SGI/relnotes.html b/packaging/SGI/relnotes.html new file mode 100644 index 00000000000..afcf5796776 --- /dev/null +++ b/packaging/SGI/relnotes.html @@ -0,0 +1,233 @@ + + + + Samba Release Notes + + + +

Samba Release Notes

+ +

+

+ +

Table of Contents

+ + +
  • What is Samba?
    • + +
  • Support Policy
    • + +
  • Installation Information
    • + +
  • Silicon +Graphics Legal Notice
    • + +
  • Author's Notice(s)
    • + +
  • Documentation Information
    • +     + +

    +

    + +

    What is Samba?

    + +

    Samba is an SMB client and server for Unix. It makes it possible for +client machines running Windows 95 and Windows for Workgroups to access +files and/or print services on a Unix system. Samba includes an SMB server +to provide LanManager-style file and print services to PCs, a Netbios (RFC10001/1002) +name server, and an FTP-like client application for accessing PC resources +from Unix.

    + +

    To make Samba work you'll need to configure your server host to run +smbd and nmbd whenever you connect to a certain Internet +port from the client machine. Smbd and nmbd can be started +either as daemons or from inetd.

    + +

    By default smbd and nmbd are started as daemons by the +file /etc/init.d/samba in conjunction with the chkconfig variable +samba being set to on. If you set chkconfig samba off then the deamons +will not be automatically started on reboot. In this case you must type +the following at a shell prompt to start samba after a reboot:

    + +
       chkconfig samba on
+   /etc/init.d/samba start
+
    + +

    If you make changes to your configuration files, smbd and nmbd +may be restarted by typing the following at a shell prompt:

    + +
       /etc/init.d/samba start
+
    + +

    smbd and nmbd may be killed by typing the following at +a shell prompt:

    + +
       /etc/init.d/samba stop
+
    + +

    To have smbd and nmbd started by inetd you can execute +the shell script /usr/samba/inetd.sh to automatically configure +the various files and start the processes. This shell script first kills +any running smbd and nmbd processes. It then removes any +existing entries for "netbios*" from /etc/inetd.conf and +adds the following lines

    + +
        netbios-ssn stream tcp  nowait  root    /usr/samba/bin/smbd smbd
+    netbios-ns  dgram udp   wait    root    /usr/samba/bin/nmbd nmbd -S
+
    + +

    It then removes any existing entries for "netbios*" from /etc/services +and adds the following lines

    + +
        netbios-ns        137/udp                         # SAMBA
+    netbios-ssn       139/tcp                         # SAMBA
+
    + +

    Inetd is then restarted by executing:

    + +
       /etc/killall -HUP inetd
+
    + +

    If you make changes to your configuration files, smbd and nmbd +may be restarted by typing the following at a shell prompt:

    + +
       /etc/killall smbd nmbd
+   /etc/killall -HUP inetd
+
    + +

    Author's Notice(s):

    + +

    The author of this product is: Andrew Tridgell

    + +

    Samba is distributed freely under the GNU +public license.

    + +

    Support:

    + +

    The software in this package is considered unsupported by Silicon Graphics. +Neither the authors or Silicon Graphics are compelled to help resolve problems +you may encounter in the installation, setup, or execution of this software. +To be more to the point, if you call us with an issue regarding products +in the Freeware package, we'll have to gracefully terminate the call. The + +Samba Web Page has a listing of companies and individuals that offer +commercial support for a fee. +

    + +

    Installation Information

    + +

    Samba includes these subsystems:

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    samba.sw.base (default)Execution environment for Samba.
    samba.man.manpages(default)Samba's online manual pages (preformatted).
    samba.man.doc (default)Samba documentation: hints on installation and configuration, an FAQ +(Frequently Asked Questions), help in diagnosing problems, etc..
    samba.man.relnotes (default) Samba online release notes.
    samba.src.samba The Samba software distribution from which this product was +built (including the packaging/SGI directory which will allow this distribution +to be rebuilt).
    + +

    Installation Method

    + +

    All of the subsystems for Samba can be installed using IRIX. You do +not need to use the miniroot. Refer to the Software Installation Administrator's +Guide for complete installation instructions.

    + +

    Prerequisites

    + +

    Your workstation must be running IRIX 5.3 or later in order to use this +product.

    + +

    Configuration Files

    + +

    Because configuration files often contain modifications, inst treats +them specially during the installation process. If they have not been modified, +inst removes the old file and installs the new version during software +updates. For configuration files that have been modified, the new version +is installed and the old version is renamed by adding the suffix .O (for +older) to the name. The no-suffix version contains changes that are required +for compatibility with the rest of the newly installed software, that increase +functionality, or that fix bugs. You should use diff(1) or gdiff(1) to +compare the two versions of the files and transfer information that you +recognize as machine or site-specific from the .O version to the no-suffix +version.

    + +
    +
    /usr/samba/lib/smb.conf
    + +
    Configuration definitions for the smbd program; the SMB server +process. The default configuration sets up password-based access to home +directories on a machine as well as open access to to all printers and +/tmp. The workgroup is set by default to "workgroup". It is highly +recommended that administrators review the content of this file when installing +Samba for the first time.
    + +
    /usr/samba/printcap
    + +
    A file that specifies the available printers on a system. It is included +as an example; administrators may want to replace it or override the reference +to it in the smb.conf file. The script /usr/samba/mkprintcap.sh +was used by inst to create a printcap file that contains all printers on +your system. You may wish to remove some printers or add a comment to each +printer name to describe its location.
    +
    + +

    Documentation Information

    + +

    Preformatted manual pages are installed by default as are the contents +of the docs directory from the Samba distribution; consult samba(7) +for an introduction.

    + +

    There is a mailing list for discussion of Samba. To subscribe send mail +to listproc@samba.org +with a body of "subscribe samba Your Name"

    + +

    To send mail to everyone on the list mail to samba@samba.org. +

    + +

    There is also an announcement mailing list where new versions are announced. +To subscribe send mail to listproc@samba.org +with a body of "subscribe samba-announce Your Name". All announcements +also go to the samba list.

    + +

    You might also like to look at the Usenet news group comp.protocols.smb +as it often contains lots of useful info and is frequented by lots of Samba +users. The newsgroup was initially setup by people on the Samba mailing +list. It is not, however, exclusive to Samba, it is a forum for discussing +the SMB protocol (which Samba implements).

    + +

    A Samba WWW site has been setup with lots of useful info. Connect to: +http://samba.org/pub/samba/. +It is maintained by Paul Blackman (thanks Paul!). You can contact him at +ictinus@lake.canberra.edu.au. +

    + + + diff --git a/packaging/SGI/removeswat.sh b/packaging/SGI/removeswat.sh new file mode 100755 index 00000000000..7a4745345be --- /dev/null +++ b/packaging/SGI/removeswat.sh @@ -0,0 +1,25 @@ +#! /bin/sh +# +# remove SWAT deamon from inetd.conf +# +cp /etc/inetd.conf /etc/inetd.conf.O + +if [ $? -ne 0 ]; then exit 1; fi +if [ ! -r /etc/inetd.conf.O -o ! -w /etc/inetd.conf ]; then exit 1; fi + +sed -e "/^swat/D" -e "/^#SWAT/D" /etc/inetd.conf.O > /etc/inetd.conf + +# +# remove SWAT service port from /etc/services +# +cp /etc/services /etc/services.O + +if [ $? -ne 0 ]; then exit 1; fi +if [ ! -r /etc/services.O -o ! -w /etc/services ]; then exit 1; fi + +sed -e "/^swat/D" -e "/^#SWAT/D" /etc/services.O > /etc/services + +# +# restart inetd to reread config files +# +/etc/killall -HUP inetd diff --git a/packaging/SGI/samba.config b/packaging/SGI/samba.config new file mode 100644 index 00000000000..b3d86404ab5 --- /dev/null +++ b/packaging/SGI/samba.config @@ -0,0 +1 @@ +on diff --git a/packaging/SGI/samba.rc b/packaging/SGI/samba.rc new file mode 100644 index 00000000000..bc0f90ee77f --- /dev/null +++ b/packaging/SGI/samba.rc @@ -0,0 +1,43 @@ +#! /bin/sh + +# +# Samba server control +# + +IS_ON=/etc/chkconfig +KILLALL=/sbin/killall + +SAMBAD=/usr/samba/bin/smbd +#SAMBA_OPTS=-d2 +NMBD=/usr/samba/bin/nmbd +#NMBD_OPTS=-d1 + +if test ! -x $IS_ON ; then + IS_ON=true +fi + +if $IS_ON verbose ; then + ECHO=echo +else # For a quiet startup and shutdown + ECHO=: +fi + +case $1 in +'start') + if $IS_ON samba && test -x $SAMBAD; then + $KILLALL -15 smbd nmbd + $ECHO "Samba:\c" + $SAMBAD $SAMBA_OPTS -D; $ECHO " smbd\c" + $NMBD $NMBD_OPTS -D; $ECHO " nmbd\c" + $ECHO "." + fi + ;; +'stop') + $ECHO "Stopping Samba Servers." + $KILLALL -15 smbd nmbd + exit 0 + ;; +*) + echo "usage: /etc/init.d/samba {start|stop}" + ;; +esac diff --git a/packaging/SGI/sambalp b/packaging/SGI/sambalp new file mode 100644 index 00000000000..61e62215c91 --- /dev/null +++ b/packaging/SGI/sambalp @@ -0,0 +1,157 @@ +#!/bin/perl +# +# Hacked by Alan Stebbens to setuid to the username if +# valid on this system. Written as a secure Perl script. To enable, +# +# chown root /usr/samba/bin/sambalp +# chmod u+s,+x /usr/samba/bin/sambalp +# +# If setuidshells is not enabled on your system, you must also do this: +# +# systune -i +# nosuidshells = 0 +# y +# quit +# +# reboot +# +# This script will still work as a normal user; it will not try +# to setuid in this case. +# +# If the "$PSFIX" variable is set below... +# +# Workaround Win95 printer driver/Impressario bug by removing +# the PS check for available virtual memory. Note that this +# bug appears to be in all Win95 print drivers that generate +# PostScript; but is for certain there with a QMS-PS 810 (the +# printer type I configure on the Win95-side for printing with +# Samba). +# +# the perl script fixes 3 different bugs. +# 1. remove the JCL statements added by some HP printer drivers to the +# beginning of the postscript output. +# 2. Fix a bug in output from word files with long filenames. A non-printing +# character added to the end of the title comment by word is +# removed. +# 3. The VM fix described above. +# +# +# Modified for Perl4 compatibility. +# + +$PROG = "sambalp"; + +$PSFIX = 1; # set to 0 if you don't want to run + # the "psfix" portion + +# Untaint the PATH variable +@PATH = split(' ',<) { + next unless /^printer (\w+)/; + push(@printers,$1); +} +close LPSTAT; +# Create a hash list +@printers{@printers} = @printers; + +# Untaint the printer name +if (defined($prtname = $printers{$printer})) { + $printer = $prtname; +} else { + die("Unknown printer: \"$printer\"\n"); +} + +if ($> == 0) { # are we root? + # yes -- then perform a taint checks and possibly do a suid check + + # Untaint the file and system names (pretend to filter them) + $file = $file =~ /^(.*)/ ? $1 : die("Bad file: $file\n"); + $system = $system =~ /^(.*)/ ? $1 : die("Bad system: $system\n"); + + # Get the valid users + setpwent; + %users = (); + while (@pwe = getpwent()) { + $uids{$pwe[0]} = $pwe[2]; + $users{$pwe[2]} = $pwe[0]; + } + endpwent(); + + # Check out the user -- if the user is a real user on this system, + # then become that user so that the printer header page looks right + # otherwise, remain as the default user (probably "nobody"). + + if (defined($uid = $uids{$user})) { + + # before we change UID, we must ensure that the file is still + # readable after the UID change. + chown($uid, 9, $file); # make the file owned by the user + + # Now, go ahead and become the user + $name = $users{$uid}; + $> = $uid; # become the user + $< = $uid; + } else { # do untaint filtering + $name = $user =~ /^(\w+)/ ? $1 : die("Bad user: $user\n"); + } +} else { # otherwise, just be me + $name = $user; # whomever that is +} + +$lpcommand = "/usr/bin/lp -c -d$printer -t'$name on $system'"; + +# This code is from the original "psfix" but it has been completely +# rewritten for speed. + +if ($PSFIX) { # are we running a "psfix"? + open(FILE, $file) || die("Can't read $file: $!\n"); + open(LP, "|$lpcommand -") || die("Can't open pipe to \"lp\": $!\n"); + select(LP); + while () { # + $_ =~ s/^\004//; # strip any ctrl-d's + if (/^\e%/) { # get rid of any non-postscript commands + while () { # remove text until next %!PS + s/^\001M//; # lenmark driver prefixes Ctrl-A M to %!PS + last if /^%!PS/; + } + last if eof(FILE); + } elsif (/^%%Title:/) { # fix bug in long titles from MS Word + s/.\r$/\r/; # remove trailing character on the title + } elsif (/^\/VM\?/) { # remove VM test + print "/VM? { pop } bind def\r\n"; + while () { last if /def\r/; } + next; # don't print + } + print; + } + close FILE; + close LP; +} else { # we're not running psfix? + system("$lpcommand $file"); +} + +if ($file =~ m(^/)) { + # $file is a fully specified path + # Remove the file only if it lives in a directory ending in /tmp. + unlink($file) if ($file =~ m(/tmp/[^/]+$)); +} else { + # $file is NOT a fully specified path + # Remove the file only if current directory ends in /tmp. + unlink($file) if (`pwd` =~ m(/tmp$)); +} diff --git a/packaging/SGI/smb.conf b/packaging/SGI/smb.conf new file mode 100644 index 00000000000..03f2a4c9f81 --- /dev/null +++ b/packaging/SGI/smb.conf @@ -0,0 +1,135 @@ +; Configuration file for smbd. +; ============================================================================ +; For the format of this file and comprehensive descriptions of all the +; configuration option, please refer to the man page for smb.conf(5). + +; This is a sample configuration for IRIX 6.x systems +; +; The following configuration should suit most systems for basic usage and +; initial testing. It gives all clients access to their home directories and +; /usr/tmp and allows access to all printers returned by lpstat. +; +[global] + comment = Samba %v + workgroup = workgroup + printing = sysv +; +; The default for printcap name is lpstat which will export all printers. +; If you want to limit the printers that are visible to clients, you can +; use a printcap file. The script mkprintcap.sh will create a printcap +; file that contains all your printers. Edit this file to only contain the +; printers that you wish to be visible. Names longer than 15 characters +; in the printcap file will not be visible to clients. +; +; printcap name = /usr/samba/printcap + printcap name = lpstat +; +; If you are using Impressario 1.x then you'll want to use the +; sambalp script provided with this package. It works around +; a problem in the PostScript generated by the standard Windows +; drivers--there is a check to verify sufficient virtual memory +; is available in the printer to print the job, but this fails +; under Impressario because of a bug in Impressario 1.x. The sambalp +; script strips out the vmstatus check. BTW, when using this +; setup to print be sure to configure a Windows printer driver +; that generates PostScript--QMS-PS 810 is one that should work +; with the sambalp script. This version of sambalp (if installed +; as a setuid script - see the comments at the beginning of the +; script) will setuid to the username if valid on the system. This +; makes the banner pages print the proper username. You can disable +; the PostScript fixes by changing a variable in sambalp. +; + print command = /usr/samba/bin/sambalp %p %s %U %m +; print command = /usr/bin/lp -c -d%p -t"%U on machine %m" %s ; rm %s + +; clear the default lppause and lpresume commands since these are not +; supported in IRIX + lppause command = + lpresume command = + + load printers = yes + guest account = nobody + browseable = yes + +; this tells Samba to use a separate log file for each machine +; that connects - default is single file named /usr/samba/var/log.smb +; log file = /usr/samba/var/log.%m + +; Set a max size for log files in Kb + max log size = 50 + +; You will need a world readable lock directory +; if you want to support the file sharing modes for multiple users +; of the same files + locking = yes + lock directory = /usr/samba/var/locks + + security = user + +; You need to test to see if this makes a difference on your system + socket options = TCP_NODELAY + +; Set the os level to > 32 if there is no NT server for your workgroup + os level = 0 + preferred master = no + domain master = no + local master = no + wins support = no + wins server = + + preserve case = yes + short preserve case = yes + +; These are the settings required for IRIX password sync + passwd program = /usr/bin/passwd %u + passwd chat = *ew*password:* %n\n *e-enter*new*password:* %n\n + +; Uncomment the following if you wish to use encrypted passwords. +; encrypt passwords = yes + +; Uncomment the following if you wish to sync unix and smbpasswd +; unix password sync = yes + +; Printer admin account to allow uploading printer drivers + printer admin = lp + +; Sample winbindd configuration parameters - uncomment and +; change if necessary for your desired configuration +; winbind uid = 50000-60000 +; winbind gid = 50000-60000 +; winbind separator = + +; winbind cache time = 10 +; password server = * + +; Sample add user command for automatically adding machine accounts +; add user script = /usr/sbin/passmgmt -a -h/dev/null -g20 -s/usr/bin/false %u + +[homes] + comment = Home Directories + browseable = no + writeable = yes + +; Share for printer drivers for automatic driver download +; +[print$] + comment = printer driver directory + path = /usr/samba/printer + guest ok = yes + browseable = yes + read only = yes + write list = lp + +[printers] + comment = All Printers + path = /var/spool/samba + browseable = no + printable = yes + guest ok = yes + writeable = no + create mask = 0700 + +[tmp] + comment = Temporary file space + path = /usr/tmp + writeable = yes + guest ok = yes diff --git a/packaging/SGI/smbpasswd b/packaging/SGI/smbpasswd new file mode 100644 index 00000000000..8e7ab34cadd --- /dev/null +++ b/packaging/SGI/smbpasswd @@ -0,0 +1 @@ +# Samba SMB password file diff --git a/packaging/SGI/smbprint b/packaging/SGI/smbprint new file mode 100644 index 00000000000..07923a42b1e --- /dev/null +++ b/packaging/SGI/smbprint @@ -0,0 +1,54 @@ +#!/bin/sh +# +# @(#) smbprint.sysv version 1.0 Ross Wakelin +# +# Version 1.0 13 January 1995 +# modified from the original smbprint (bsd) script +# +# this script is a System 5 printer interface script. It uses the smbclient +# program to print the file to the specified smb-based server and service. +# +# To add this to your lp system, modify the server and service variables +# and then execute the following command (as root): +# +# lpadmin -punixprintername -v/dev/null -i/usr/samba/bin/smbprint +# +# where unixprintername is the name that the printer will be known as +# on your unix box. +# +# the script smbprint will be copied into your printer administration +# directory (/usr/spool/lp) as a new interface (interface/unixprintername) +# Then you have to execute the following commands: +# +# enable unixprintername +# accept unixprintername +# +# This script will then be called by the lp service to print the files. +# This script will have 6 or more parameters passed to it by the lp service. +# The first five will contain details of the print job, who queued it etc, +# while parameters 6 onwards are a list of files to print. We just +# cat these to the samba client. +# +# clear out the unwanted parameters + +shift;shift;shift;shift;shift + +# now the argument list is just the files to print + +# Set these to the server and service you wish to print to +# In this example I have a PC called "admin" that has a printer +# exported called "hplj2" with no password. +# +server=admin +service=hplj2 +password="" + +# NOTE: The line `echo translate' provides automatic CR/LF translation +# when printing. +( + echo translate + echo "print -" + cat $* +) | /usr/samba/bin/smbclient "//$server/$service" $password -N > /dev/null +exit $? + diff --git a/packaging/SGI/spec.pl b/packaging/SGI/spec.pl new file mode 100755 index 00000000000..4541eb04ec3 --- /dev/null +++ b/packaging/SGI/spec.pl @@ -0,0 +1,91 @@ +#!/usr/bin/perl + +# This perl script generates the samba.spec file based on the version +# information in the version.h file in the source tree + +open (VER,'../../source/include/version.h') || die "Unable to open version.h\n"; +($_ = ) =~ s/"//g; +close (VER); +@foo = split(' '); +splice(@foo,0,2); +$_ = $foo[0]; + +# create the package name +$vername = " id \"Samba Version ".$_."\"\n"; + +$patch = 0; +#create the subsystem version numbers +if (/alpha/) { + $_ =~ s/alpha/.00./; +} +elsif (/-HEAD/) { + $_ =~ s/-HEAD/.01/; + $_ .= '.99'; +} +elsif (/pre-/) { + $_ =~ s/pre-//; + $_ .= '.00'; +} +elsif (/p/) { + $_ =~ s/p/./; + $_ .= '.00'; + $patch = 1; +} +else { + $_ .='.01.00'; +} + +($v1,$v2,$v3,$v4,$v5) = split('\.'); +$v4 = $v4 + $patch; +$vernum = sprintf(" version %02d%02d%02d%02d%02d\n",$v1,$v2,$v3,$v4,$v5); + +# generate the samba.spec file +open(SPEC,">samba.spec") || die "Unable to open samba.spec for output\n"; +print SPEC "product samba\n"; +print SPEC $vername; +print SPEC " image sw\n"; +print SPEC " id \"Samba Execution Environment\"\n"; +print SPEC $vernum; +print SPEC " order 0\n"; +print SPEC " subsys base default\n"; +print SPEC " id \"Samba Execution Environment\"\n"; +print SPEC " replaces fw_samba.sw.base 0 9999999999\n"; +print SPEC " replaces fw_samba.sw.samba 0 9999999999\n"; +print SPEC " exp samba.sw.base\n"; +print SPEC " endsubsys\n"; +print SPEC " endimage\n"; +print SPEC " image man\n"; +print SPEC " id \"Samba Online Documentation\"\n"; +print SPEC $vernum; +print SPEC " order 1\n"; +print SPEC " subsys manpages default\n"; +print SPEC " id \"Samba Man Page\"\n"; +print SPEC " replaces fw_samba.man.manpages 0 9999999999\n"; +print SPEC " replaces fw_samba.man.samba 0 9999999999\n"; +print SPEC " exp samba.man.manpages\n"; +print SPEC " endsubsys\n"; +print SPEC " subsys doc default\n"; +print SPEC " id \"Samba Documentation\"\n"; +print SPEC " replaces fw_samba.man.doc 0 9999999999\n"; +print SPEC " exp samba.man.doc\n"; +print SPEC " endsubsys\n"; +print SPEC " subsys relnotes default\n"; +print SPEC " id \"Samba Release Notes\"\n"; +print SPEC " replaces fw_samba.man.relnotes 0 9999999999\n"; +print SPEC " exp samba.man.relnotes\n"; +print SPEC " endsubsys\n"; +print SPEC " endimage\n"; +print SPEC " image src\n"; +print SPEC " id \"Samba Source Code\"\n"; +print SPEC $vernum; +print SPEC " order 2\n"; +print SPEC " subsys samba\n"; +print SPEC " id \"Samba Source Code\"\n"; +print SPEC " replaces fw_samba.src.samba 0 9999999999\n"; +print SPEC " exp samba.src.samba\n"; +print SPEC " endsubsys\n"; +print SPEC " endimage\n"; +print SPEC "endproduct\n"; +close SPEC || die "Error on close of samba.spec\n"; + +print "\nsamba.spec file has been created\n\n"; diff --git a/packaging/SGI/startswat.sh b/packaging/SGI/startswat.sh new file mode 100755 index 00000000000..2a0333020fb --- /dev/null +++ b/packaging/SGI/startswat.sh @@ -0,0 +1,29 @@ +#! /bin/sh +# +# add SWAT deamon to inetd.conf +# +cp /etc/inetd.conf /etc/inetd.conf.O + +if [ $? -ne 0 ]; then exit 1; fi +if [ ! -r /etc/inetd.conf.O -o ! -w /etc/inetd.conf ]; then exit 1; fi + +sed -e "/^swat/D" -e "/^#SWAT/D" /etc/inetd.conf.O > /etc/inetd.conf +echo '#SWAT services' >> /etc/inetd.conf +echo swat stream tcp nowait root /usr/samba/bin/swat swat >> /etc/inetd.conf + +# +# add SWAT service port to /etc/services +# +cp /etc/services /etc/services.O + +if [ $? -ne 0 ]; then exit 1; fi +if [ ! -r /etc/services.O -o ! -w /etc/services ]; then exit 1; fi + +sed -e "/^swat/D" -e "/^#SWAT/D" /etc/services.O > /etc/services +echo '#SWAT services' >> /etc/services +echo 'swat 901/tcp # SWAT' >> /etc/services + +# +# restart inetd to start SWAT +# +/etc/killall -HUP inetd diff --git a/packaging/SGI/winbindd.config b/packaging/SGI/winbindd.config new file mode 100644 index 00000000000..cfb931e4705 --- /dev/null +++ b/packaging/SGI/winbindd.config @@ -0,0 +1 @@ +off diff --git a/packaging/SGI/winbindd.rc b/packaging/SGI/winbindd.rc new file mode 100644 index 00000000000..c63944a04d9 --- /dev/null +++ b/packaging/SGI/winbindd.rc @@ -0,0 +1,38 @@ +#! /bin/sh + +# +# winbindd server control +# + +IS_ON=/etc/chkconfig +KILLALL=/sbin/killall + +WINBINDD=/usr/samba/bin/winbindd + +if test ! -x $IS_ON ; then + IS_ON=true +fi + +if $IS_ON verbose ; then + ECHO=echo +else # For a quiet startup and shutdown + ECHO=: +fi + +case $1 in +'start') + if $IS_ON winbindd && test -x $WINBINDD; then + $KILLALL -15 winbindd + $ECHO "winbindd:\c" + $WINBINDD ; $ECHO " winbindd." + fi + ;; +'stop') + $ECHO "Stopping winbindd." + $KILLALL -15 winbindd + exit 0 + ;; +*) + echo "usage: /etc/init.d/winbindd {start|stop}" + ;; +esac diff --git a/packaging/Solaris/README b/packaging/Solaris/README new file mode 100644 index 00000000000..b918cf91732 --- /dev/null +++ b/packaging/Solaris/README @@ -0,0 +1,18 @@ + +INSTRUCTIONS: Preparing Samba packages for Solaris + +To produce a package: + +* Build the binaries (by running ./configure; make; in the source directory) +* Type sh makepkg.sh + +The package will be created in the /tmp directory. + +By default, the package will be built to install samba in /usr/local +To change the default, modify the INSTALL_BASE variable in makepkg.sh +This is after you have configured samba with a --prefix option of the +alternate samba location and then created the binaries. + +Shirish Kalele +Date: 2000.01.12 + diff --git a/packaging/Solaris/copyright b/packaging/Solaris/copyright new file mode 100644 index 00000000000..1792668d174 --- /dev/null +++ b/packaging/Solaris/copyright @@ -0,0 +1 @@ +Copyright (C) 2001 Samba Team diff --git a/packaging/Solaris/i.swat b/packaging/Solaris/i.swat new file mode 100644 index 00000000000..047f0e17200 --- /dev/null +++ b/packaging/Solaris/i.swat @@ -0,0 +1,44 @@ +while read src dest +do + sed -e '/^swat.*swat$/d' $dest >/tmp/$$swat || exit 2 + cat $src >>/tmp/$$swat || exit 2 + + # Use cp;rm instead of mv because $dest might be a symlink + cp -f /tmp/$$swat $dest || exit 2 + rm -f /tmp/$$swat +done + +if [ "$1" = ENDOFCLASS ] +then + + # If local install, restart inetd + if [ -z "${PKG_INSTALL_ROOT}" ] + then + TARGET=`hostname` + kill -HUP `ps -e -o pid,comm | grep inetd | awk '{print $1}'` + else + TARGET="" + fi + + cat <&2 + exit 1 + fi + + for p in $CODEPAGELIST; do + $DISTR_BASE/source/bin/make_smbcodepage c $p $DISTR_BASE/source/codepages/codepage_def.$p $DISTR_BASE/source/codepages/codepage.$p + echo f none samba/lib/codepages/codepage.$p=source/codepages/codepage.$p 0644 root other + done + + # Create unicode maps + if [ ! -f $DISTR_BASE/source/bin/make_unicodemap ]; then + echo "Missing $DISTR_BASE/source/bin/make_unicodemap. Aborting." >&2 + exit 1 + fi + + # Pull in all the unicode map files from source/codepages/CP*.TXT + list=`find $DISTR_BASE/source/codepages -name "CP*.TXT" | sed 's|^.*CP\(.*\)\.TXT|\1|'` + for umap in $list + do + $DISTR_BASE/source/bin/make_unicodemap $umap $DISTR_BASE/source/codepages/CP$umap.TXT $DISTR_BASE/source/codepages/unicode_map.$umap + echo f none samba/lib/codepages/unicode_map.$umap=source/codepages/unicode_map.$umap 0644 root other + done + + # Add the binaries, docs and SWAT files + + echo "#\n# Binaries \n#" + cd $DISTR_BASE/source/bin + for binfile in * + do + if [ -f $binfile ]; then + echo f none samba/bin/$binfile=source/bin/$binfile 0755 root other + fi + done + + # Add the scripts to bin/ + echo "#\n# Scripts \n#" + cd $DISTR_BASE/source/script + for shfile in * + do + if [ -f $shfile ]; then + echo f none samba/bin/$shfile=source/script/$shfile 0755 root other + fi + done + + # Add the manpages + echo "#\n# man pages \n#" + echo d none /usr ? ? ? + echo d none /usr/share ? ? ? + echo d none /usr/share/man ? ? ? + + # Create directories for man page sections if nonexistent + cd $DISTR_BASE/docs/manpages + for i in 1 2 3 4 5 6 7 8 9 + do + manpages=`ls *.$i 2>/dev/null` + if [ $? -eq 0 ] + then + echo d none /usr/share/man/man$i ? ? ? + for manpage in $manpages + do + echo f none /usr/share/man/man${i}/${manpage}=docs/manpages/$manpage 0644 root other + done + fi + done + + echo "#\n# HTML documentation \n#" + cd $DISTR_BASE + list=`find docs/htmldocs -type d | grep -v "/CVS$"` + for docdir in $list + do + if [ -d $docdir ]; then + echo d none samba/$docdir 0755 root other + fi + done + + list=`find docs/htmldocs -type f | grep -v /CVS/` + for htmldoc in $list + do + if [ -f $htmldoc ]; then + echo f none samba/$htmldoc=$htmldoc 0644 root other + fi + done + + # Create a symbolic link to the Samba book in docs/ for beginners + echo 's none samba/docs/samba_book=htmldocs/using_samba' + + echo "#\n# Text Docs \n#" + echo d none samba/docs/textdocs 0755 root other + cd $DISTR_BASE/docs/textdocs + for textdoc in * + do + if [ -f $textdoc ]; then + echo f none samba/docs/textdocs/$textdoc=docs/textdocs/$textdoc 0644 root other + fi + done + echo "#\n# SWAT \n#" + cd $DISTR_BASE + list=`find swat -type d | grep -v "/CVS$"` + for i in $list + do + echo "d none samba/$i 0755 root other" + done + list=`find swat -type f | grep -v /CVS/` + for i in $list + do + echo "f none samba/$i=$i 0644 root other" + done + echo "#\n# HTML documentation for SWAT\n#" + cd $DISTR_BASE/docs/htmldocs + for htmldoc in * + do + if [ -f $htmldoc ]; then + echo f none samba/swat/help/$htmldoc=docs/htmldocs/$htmldoc 0644 root other + fi + done + + echo "#\n# Using Samba Book files for SWAT\n#" + cd $DISTR_BASE/docs/htmldocs + +# set up a symbolic link instead of duplicating the book tree + echo 's none samba/swat/using_samba=../docs/htmldocs/using_samba' + +} + +if [ $# = 0 ] +then + # Try to guess the distribution base.. + CURR_DIR=`pwd` + DISTR_BASE=`echo $CURR_DIR | sed 's|\(.*\)/packaging.*|\1|'` + echo "Assuming Samba distribution is rooted at $DISTR_BASE.." +else + DISTR_BASE=$1 +fi + +# +if [ ! -d $DISTR_BASE ]; then + echo "Source build directory $DISTR_BASE does not exist." + exit 1 +fi + +# Set up the prototype file from prototype.master +if [ -f prototype ]; then + rm prototype +fi + +# Setup version from version.h +VERSION=`sed 's/#define VERSION \"\(.*\)\"$/\1/' ../../source/include/version.h` +sed -e "s|__VERSION__|$VERSION|" -e "s|__ARCH__|`uname -p`|" -e "s|__BASEDIR__|$INSTALL_BASE|g" pkginfo.master >pkginfo + +sed -e "s|__BASEDIR__|$INSTALL_BASE|g" inetd.conf.master >inetd.conf +sed -e "s|__BASEDIR__|$INSTALL_BASE|g" samba.server.master >samba.server + +cp prototype.master prototype + +# Add the dynamic part to the prototype file +(add_dynamic_entries >> prototype) + +# Create the package +pkgmk -o -d /tmp -b $DISTR_BASE -f prototype +if [ $? = 0 ] +then + pkgtrans /tmp samba.pkg samba +fi +echo The samba package is in /tmp diff --git a/packaging/Solaris/pkg-specs/pkginfo b/packaging/Solaris/pkg-specs/pkginfo new file mode 100644 index 00000000000..d195f177e90 --- /dev/null +++ b/packaging/Solaris/pkg-specs/pkginfo @@ -0,0 +1,12 @@ +PKG=samba +NAME=SMB based file/printer sharing +ARCH=sparc +VERSION=2.0.6 +CATEGORY=system +VENDOR=Samba Group +DESC=File and printer sharing for NT workstations +HOTLINE=Please contact your local UNIX support group +EMAIL=samba@samba.org +CLASSES=none +BASEDIR=/usr/local +INTONLY=1 diff --git a/packaging/Solaris/pkginfo.master b/packaging/Solaris/pkginfo.master new file mode 100644 index 00000000000..33e7cdb471d --- /dev/null +++ b/packaging/Solaris/pkginfo.master @@ -0,0 +1,12 @@ +PKG=samba +NAME=SMB based file/printer sharing +ARCH=__ARCH__ +VERSION=__VERSION__ +CATEGORY=system +VENDOR=Samba Team +DESC=File and printer sharing for Windows workstations +HOTLINE=Please contact your local UNIX support group +EMAIL=samba@samba.org +CLASSES=none +BASEDIR=__BASEDIR__ +INTONLY=1 diff --git a/packaging/Solaris/postinstall b/packaging/Solaris/postinstall new file mode 100644 index 00000000000..0b7f40a85d0 --- /dev/null +++ b/packaging/Solaris/postinstall @@ -0,0 +1,21 @@ +cat </tmp/$$swat || exit 2 + # Use cp;rm; instead of mv because $dest might be a symlink + cp -f /tmp/$$swat $dest || exit 2 + rm -f /tmp/$$swat +done + +if [ "$1" = ENDOFCLASS ] +then + if [ -z "$PKG_INSTALL_ROOT" ] + then + kill -HUP `ps -e -o pid,comm | grep inetd | awk '{print $1}'` + fi +fi + diff --git a/packaging/Solaris/request b/packaging/Solaris/request new file mode 100644 index 00000000000..59cdd0ab22a --- /dev/null +++ b/packaging/Solaris/request @@ -0,0 +1,17 @@ +trap 'exit 3' 15 + +VALSTR=/usr/sadm/bin/valstr + +resp=`ckyorn -d y -p "Do you wish to have Samba start whenever the system boots up? (default:y) " -Q` +$VALSTR -r "^[yY]" $resp +[ $? -eq 0 ] && CLASSES="$CLASSES initscript" + +resp=`ckyorn -d y -p "Do you wish to set up the Samba Web Admin Tool (SWAT)? (default:y) " -Q` +$VALSTR -r "^[yY]" $resp +[ $? -eq 0 ] && CLASSES="$CLASSES swat" + +cat >$1 < ++# Volker Lendecke ++# ++# ++ ++doc=/usr/doc/packages/samba ++ ++compile: ++ make -C source ++ ++install: ++ make install -C source ++ mkdir -p $(doc) ++ cp -a docs/* $(doc) ++ rm -rf $(doc)/*.[0-9] ++ cp -R examples $(doc) ++ chmod 644 `find $(doc) -type f` ++ chmod 755 `find $(doc) -type d` ++ install -m 644 smb.conf /etc/smb.conf ++ install rc /sbin/init.d/smb ++ install -m 755 source/mksmbpasswd.sh /usr/bin/mksmbpasswd.sh ++ ln -sf ../smb /sbin/init.d/rc2.d/S20smb ++ ln -sf ../smb /sbin/init.d/rc2.d/K20smb ++ ln -sf ../smb /sbin/init.d/rc3.d/S20smb ++ ln -sf ../smb /sbin/init.d/rc3.d/K20smb ++ mkdir -p /var/adm/fillup-templates ++ cp rc.config.samba /var/adm/fillup-templates +--- doinst.sh ++++ doinst.sh 1998/05/06 15:54:52 +@@ -0,0 +1,15 @@ ++# ++# install/doinst.sh - to be done after extraction ++# ++# Copyright (c) 1997 S.u.S.E. GmbH Fuerth, Germany. ++# ++# ++echo "Updating etc/rc.config..." ++if [ -x bin/fillup ] ; then ++ bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.samba ++else ++ echo "ERROR: fillup not found. This should not happen. Please compare" ++ echo "etc/rc.config and var/adm/fillup-templates/rc.config.samba and" ++ echo "update by hand." ++fi ++ +--- rc ++++ rc 1998/05/06 15:54:52 +@@ -0,0 +1,32 @@ ++#! /bin/sh ++# Copyright (c) 1996 StarDivision GmbH. All rights reserved. ++# Copyright (c) 1996 S.u.S.E. Gmbh Fuerth, Germany. All rights reserved. ++# ++# Author: Bastian Epting, StarDivision GmbH ++# Florian La Roche, ++# Volker Lendecke, ++# ++ ++. /etc/rc.config ++ ++test "$START_SMB" = "yes" || exit 0 ++ ++case "$1" in ++ start) ++ echo -n "Starting SMB services." ++ /usr/sbin/nmbd -D ++ /usr/sbin/smbd -D ++ echo ++ ;; ++ stop) ++ echo -n "Shutting down SMB services." ++ killproc -TERM /usr/sbin/nmbd ++ killproc -TERM /usr/sbin/smbd ++ echo ++ ;; ++ *) ++ echo "Usage: $0 {start|stop}" ++ exit 1 ++esac ++ ++exit 0 +--- rc.config.samba ++++ rc.config.samba 1998/05/06 15:54:52 +@@ -0,0 +1,5 @@ ++# ++# start samba? ("yes" or "no") ++# Windows 95 / NT - File- and Printservices ++# ++START_SMB="no" +--- smb.conf ++++ smb.conf 1998/05/06 15:54:52 +@@ -0,0 +1,48 @@ ++[global] ++ workgroup = arbeitsgruppe ++ guest account = nobody ++ keep alive = 30 ++ os level = 2 ++ security = user ++ printing = bsd ++ printcap name = /etc/printcap ++ load printers = yes ++ ++; Please uncomment the following entry and replace the ++; ip number and netmask with the correct numbers for ++; your ethernet interface. ++; interfaces = 192.168.1.1/255.255.255.0 ++ ++; If you want Samba to act as a wins server, please set ++; 'wins support = yes' ++ wins support = no ++ ++; If you want Samba to use an existing wins server, ++; please uncomment the following line and replace ++; the dummy with the wins server's ip number. ++; wins server = 192.168.1.1 ++ ++[homes] ++ comment = Heimatverzeichnis ++ browseable = no ++ read only = no ++ create mode = 0750 ++ ++; The following share gives all users access to the Server's CD drive, ++; assuming it is mounted under /cd. To enable this share, please remove ++; the semicolons before the lines ++; ++; [cdrom] ++; comment = Linux CD-ROM ++; path = /cd ++; read only = yes ++; locking = no ++ ++[printers] ++ comment = All Printers ++ browseable = no ++ printable = yes ++ public = no ++ read only = yes ++ create mode = 0700 ++ directory = /tmp +--- source/Makefile ++++ source/Makefile 1998/05/06 15:54:52 +@@ -5,11 +5,11 @@ + ########################################################################### + + # The base directory for all samba files +-BASEDIR = /usr/local/samba ++BASEDIR = /usr + + # The base manpages directory to put the man pages in + # Note: $(MANDIR)/man1, $(MANDIR)/man5 and $(MANDIR)/man8 must exist. +-MANDIR = /usr/local/man ++MANDIR = /usr/man + + # The directories to put things in. If you use multiple + # architectures or share the samba binaries across NFS then +@@ -18,16 +18,16 @@ + # normally only applies to nmbd and smbd + # SBINDIR implies a secure binary directory + BINDIR = $(BASEDIR)/bin +-SBINDIR = $(BASEDIR)/bin +-LIBDIR = $(BASEDIR)/lib +-VARDIR = $(BASEDIR)/var ++SBINDIR = $(BASEDIR)/sbin ++LIBDIR = $(BASEDIR)/lib/samba ++VARDIR = /var/log + + # The permissions to give the executables + INSTALLPERMS = 0755 + + # Add any optimisation or debugging flags here + # add -DSYSLOG for syslog support +-FLAGS1 = -O ++FLAGS1 = -O2 + LIBS1 = + + # You will need to use a ANSI C compiler. This means under SunOS 4 you can't +@@ -47,15 +47,15 @@ + # or in smb.conf (see smb.conf(5)) + SMBLOGFILE = $(VARDIR)/log.smb + NMBLOGFILE = $(VARDIR)/log.nmb +-CONFIGFILE = $(LIBDIR)/smb.conf +-LMHOSTSFILE = $(LIBDIR)/lmhosts +-DRIVERFILE = $(LIBDIR)/printers.def ++CONFIGFILE = /etc/smb.conf ++LMHOSTSFILE = /etc/lmhosts ++DRIVERFILE = /etc/printers.def + SMB_PASSWD = $(BINDIR)/smbpasswd +-SMB_PASSWD_FILE = $(BASEDIR)/private/smbpasswd +-WEB_ROOT = $(BASEDIR) ++SMB_PASSWD_FILE = /etc/smbpasswd ++WEB_ROOT = /etc + + # the directory where lock files go +-LOCKDIR = $(VARDIR)/locks ++LOCKDIR = /var/lock + + # The directory where code page definition files go + CODEPAGEDIR = $(LIBDIR)/codepages +@@ -206,7 +206,7 @@ + # contributed by Andrew.Tridgell@anu.edu.au + # add -DLINUX_BIGCRYPT is you have shadow passwords but don't have the + # right libraries and includes +-# FLAGSM = -DLINUX -DSHADOW_PWD -DFAST_SHARE_MODES ++FLAGSM = -DLINUX -DSHADOW_PWD -DFAST_SHARE_MODES + # LIBSM = -lshadow + + # Use this for Linux without shadow passwords or for any Linux +--- source/includes.h ++++ source/includes.h 1998/05/06 15:54:52 +@@ -244,13 +244,6 @@ + #define USE_SETFS + #endif + #endif +-#ifdef SHADOW_PWD +-#if _LINUX_C_LIB_VERSION_MAJOR < 5 +-#ifndef crypt +-#define crypt pw_encrypt +-#endif +-#endif +-#endif + #endif + + #ifdef SUNOS4 diff --git a/packaging/SuSE/5.2/samba.spec b/packaging/SuSE/5.2/samba.spec new file mode 100644 index 00000000000..5f20875c9ea --- /dev/null +++ b/packaging/SuSE/5.2/samba.spec @@ -0,0 +1,119 @@ +# +# spec file for package samba (Version 1.9.18p1) +# +# Copyright (c) 1997 S.u.S.E. GmbH Fuerth, Germany. +# +# please send bugfixes or comments to feedback@suse.de. +# + +Vendor: S.u.S.E. GmbH, Fuerth, Germany +Distribution: S.u.S.E. Linux 5.1 (i386) +Name: samba +Release: 1 +Copyright: 1992-98 Andrew Tridgell, Karl Auer, Jeremy Allison +Group: +Provides: samba smbfs +Requires: +Conflicts: +Autoreqprov: on +Packager: feedback@suse.de + +Version: 1.9.18p5 +Summary: Samba is a file server for Unix, similar to LanManager. +Source: samba-1.9.18p5.tar.gz +Source1: smbfs-2.0.2.tar.gz +Patch: samba-1.9.18p5.dif +Patch1: smbfs-2.0.2.dif +%prep +%setup +%patch +%setup -T -n smbfs-2.0.2 -b1 +%patch -P 1 +%build +cd ../samba-1.9.18p5 +make -f Makefile.Linux compile +cd ../smbfs-2.0.2 +make -f Makefile.Linux compile +%install +cd ../samba-1.9.18p5 +make -f Makefile.Linux install +cd ../smbfs-2.0.2 +make -f Makefile.Linux install +Check +%post +echo "Updating etc/rc.config..." +if [ -x bin/fillup ] ; then + bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.samba +else + echo "ERROR: fillup not found. This should not happen. Please compare" + echo "etc/rc.config and var/adm/fillup-templates/rc.config.samba and" + echo "update by hand." +fi +%files +%docdir /usr/doc/packages/samba +/usr/doc/packages/samba +%config /etc/smb.conf +/usr/lib/samba/codepages +/sbin/init.d/rc2.d/K20smb +/sbin/init.d/rc2.d/S20smb +/sbin/init.d/rc3.d/K20smb +/sbin/init.d/rc3.d/S20smb +%config /sbin/init.d/smb +/usr/bin/addtosmbpass +/usr/bin/mksmbpasswd.sh +/usr/bin/make_printerdef +/usr/bin/make_smbcodepage +/usr/bin/nmblookup +/usr/bin/smbclient +/usr/bin/smbmount +/usr/bin/smbpasswd +/usr/bin/smbstatus +/usr/bin/smbtar +/usr/bin/smbumount +/usr/bin/testparm +/usr/bin/testprns +%doc /usr/man/man1/smbclient.1.gz +%doc /usr/man/man1/smbrun.1.gz +%doc /usr/man/man1/smbstatus.1.gz +%doc /usr/man/man1/smbtar.1.gz +%doc /usr/man/man1/testparm.1.gz +%doc /usr/man/man1/testprns.1.gz +%doc /usr/man/man1/make_smbcodepage.1.gz +%doc /usr/man/man5/smb.conf.5.gz +%doc /usr/man/man7/samba.7.gz +%doc /usr/man/man8/nmbd.8.gz +%doc /usr/man/man8/smbd.8.gz +%doc /usr/man/man8/smbmount.8.gz +%doc /usr/man/man8/smbumount.8.gz +%doc /usr/man/man8/smbmnt.8.gz +%doc /usr/man/man8/smbpasswd.8.gz +/usr/sbin/nmbd +/usr/sbin/smbd +/var/adm/fillup-templates/rc.config.samba +%description +Samba is a suite of programs which work together to allow clients to +access Unix filespace and printers via the SMB protocol (Seerver Message +Block). +CAUTION: The samba daemons are started by the init script +/sbin/init.d/samba, not by inetd. The entries for /usr/sbin/smbd +and /usr/sbin/nmbd must be commented out in /etc/inetd.conf. +In practice, this means that you can redirect disks and printers to +Unix disks and printers from LAN Manager clients, Windows for +Workgroups 3.11 clients, Windows'95 clients, Windows NT clients +and OS/2 clients. There is +also a Unix client program supplied as part of the suite which allows +Unix users to use an ftp-like interface to access filespace and +printers on any other SMB server. +Samba includes the following programs (in summary): +* smbd, the SMB server. This handles actual connections from clients. +* nmbd, the Netbios name server, which helps clients locate servers. +* smbclient, the Unix-hosted client program. +* testprns, a program to test server access to printers. +* testparm, a program to test the Samba configuration file for correctness. +* smb.conf, the Samba configuration file. +* smbprint, a sample script to allow a Unix host to use smbclient +to print to an SMB server. +The suite is supplied with full source and is GPLed. +This package expects its config file under /etc/smb.conf . +Documentation: /usr/doc/packages/samba + diff --git a/packaging/SuSE/7.1/samba-2.2.0-alpha0.dif b/packaging/SuSE/7.1/samba-2.2.0-alpha0.dif new file mode 100644 index 00000000000..75bfdf18c66 --- /dev/null +++ b/packaging/SuSE/7.1/samba-2.2.0-alpha0.dif @@ -0,0 +1,224 @@ +--- lmhosts ++++ lmhosts 2000/08/28 07:32:33 +@@ -0,0 +1,8 @@ ++# This file provides the same function that the ++# lmhosts file does for Windows. ++# It provides another way to map netbios names to ip addresses. ++# See the section on 'name resolve order' in the manual page to ++# smb.conf for more information. ++ ++# Sample entry: ++# 192.168.1.1 samba +--- mount.smbfs ++++ mount.smbfs 2000/08/28 07:32:55 +@@ -0,0 +1,14 @@ ++#!/bin/sh ++# ++# Copyright (c) 1999 SuSE GmbH Nuernberg, Germany. All rights reserved. ++# ++# Author: Carsten Hoeger ++# ++# /sbin/mount.smbfs ++# ++# I'm called by the mount-command and smbmount want's to get ++# called by me, so lets do it. ++# ++# P.S.: This is a very very raw solution and I don't know, if this ++# is intentionally. ++smbmount "$@" +--- rc ++++ rc 2000/08/28 07:32:33 +@@ -0,0 +1,53 @@ ++#! /bin/sh ++# Copyright (c) 1996 StarDivision GmbH. All rights reserved. ++# Copyright (c) 1996 S.u.S.E. Gmbh Fuerth, Germany. All rights reserved. ++# ++# Author: Bastian Epting, StarDivision GmbH ++# Florian La Roche, ++# Volker Lendecke, ++# ++ ++. /etc/rc.config ++ ++# Determine the base and follow a runlevel link name. ++base=${0##*/} ++link=${base#*[SK][0-9][0-9]} ++ ++# Force execution if not called by a runlevel directory. ++test $link = $base && START_SMB=yes ++test "$START_SMB" = "yes" || exit 0 ++ ++# The echo return value for success (defined in /etc/rc.config). ++return=$rc_done ++case "$1" in ++ start) ++ echo -n "Starting SMB services:" ++ startproc /usr/sbin/nmbd -D || return=$rc_failed ++ startproc /usr/sbin/smbd -D || return=$rc_failed ++ echo -e "$return" ++ ;; ++ stop) ++ echo -n "Shutting down SMB services:" ++ killproc -TERM /usr/sbin/nmbd || return=$rc_failed ++ killproc -TERM /usr/sbin/smbd || return=$rc_failed ++ echo -e "$return" ++ ;; ++ restart|reload) ++ echo -n "Reloading SMB services:" ++ killproc -HUP /usr/sbin/nmbd || return=$rc_failed ++ killproc -HUP /usr/sbin/smbd || return=$rc_failed ++ echo -e "$return" ++ ;; ++ status) ++ echo -n "Checking for service smb: " ++ checkproc /usr/sbin/nmbd && echo -n "OK " || echo -n "No process " ++ checkproc /usr/sbin/smbd && echo "OK " || echo "No process" ++ ;; ++ *) ++ echo "Usage: $0 {start|stop|restart|reload|status}" ++ exit 1 ++esac ++ ++# Inform the caller not only verbosely and set an exit status. ++test "$return" = "$rc_done" || exit 1 ++exit 0 +--- rc.config.samba ++++ rc.config.samba 2000/08/28 07:32:33 +@@ -0,0 +1,5 @@ ++# ++# start samba? ("yes" or "no") ++# Windows 95 / NT - File- and Printservices ++# ++START_SMB="no" +--- smb.conf ++++ smb.conf 2000/08/28 07:32:33 +@@ -0,0 +1,80 @@ ++; ++; /etc/smb.conf ++; ++; Copyright (c) 1999 SuSE GmbH Nuernberg, Germany. ++; ++[global] ++ workgroup = arbeitsgruppe ++ guest account = nobody ++ keep alive = 30 ++ os level = 2 ++ kernel oplocks = false ++ security = user ++ ++; Uncomment the following, if you want to use an existing ++; NT-Server to authenticate users, but don't forget that ++; you also have to create them locally!!! ++; security = server ++; password server = 192.168.1.10 ++; encrypt passwords = yes ++ ++ printing = bsd ++ printcap name = /etc/printcap ++ load printers = yes ++ ++ socket options = TCP_NODELAY ++ ++ map to guest = Bad User ++ ++; Uncomment this, if you want to integrate your server ++; into an existing net e.g. with NT-WS to prevent nettraffic ++; local master = no ++ ++; Please uncomment the following entry and replace the ++; ip number and netmask with the correct numbers for ++; your ethernet interface. ++; interfaces = 192.168.1.1/255.255.255.0 ++ ++; If you want Samba to act as a wins server, please set ++; 'wins support = yes' ++ wins support = no ++ ++; If you want Samba to use an existing wins server, ++; please uncomment the following line and replace ++; the dummy with the wins server's ip number. ++; wins server = 192.168.1.1 ++ ++; Do you wan't samba to act as a logon-server for ++; your windows 95/98 clients, so uncomment the ++; following: ++; logon script =%U.bat ++; domain logons = yes ++; domain master = yes ++; [netlogon] ++; path = /netlogon ++ ++ ++[homes] ++ comment = Heimatverzeichnis ++ browseable = no ++ read only = no ++ create mode = 0750 ++ ++; The following share gives all users access to the Server's CD drive, ++; assuming it is mounted under /cd. To enable this share, please remove ++; the semicolons before the lines ++; ++; [cdrom] ++; comment = Linux CD-ROM ++; path = /cdrom ++; read only = yes ++; locking = no ++ ++[printers] ++ comment = All Printers ++ browseable = no ++ printable = yes ++ public = no ++ read only = yes ++ create mode = 0700 ++ directory = /tmp +--- smbfs ++++ smbfs 2000/08/28 07:32:33 +@@ -0,0 +1,40 @@ ++#! /bin/bash ++# Copyright (c) 1996 SuSE GmbH Nuernberg, Germany. All rights reserved. ++# ++# Author: Thomas Fehr , 1999 ++# ++# /sbin/init.d/smbfs ++# ++ ++smbfs=no ++if [ `cat /proc/mounts | grep " smbfs " | wc -l` -gt 0 ] ++then ++ smbfs=yes ++fi ++ ++return=$rc_done ++case "$1" in ++ start|reload) ++ ;; ++ stop) ++ if [ "$smbfs" = "yes" ] ++ then ++ echo -n "Remove SMB File System" ++ # ++ # Unmount in background because during long timeouts ++ # ++ umount -at smbfs & ++ sleep 2 ++ echo -e "$return" ++ fi ++ ;; ++ restart) ++ $0 stop && $0 start || return=$rc_failed ++ ;; ++ status) ++ ;; ++ *) ++ echo "Usage: $0 {start|stop|status|reload|restart}" ++ exit 1 ++esac ++exit 0 +--- smbpasswd ++++ smbpasswd 2000/08/28 07:32:33 +@@ -0,0 +1,3 @@ ++# Sample smbpasswd file. ++# To use this, set 'encrypt passwords = yes' in the [global]-section ++# of /etc/smb.conf diff --git a/packaging/SuSE/7.1/samba.pamd b/packaging/SuSE/7.1/samba.pamd new file mode 100644 index 00000000000..d9e7088bea3 --- /dev/null +++ b/packaging/SuSE/7.1/samba.pamd @@ -0,0 +1,3 @@ +#%PAM-1.0 +auth required /lib/security/pam_unix.so +account required /lib/security/pam_unix.so diff --git a/packaging/SuSE/7.1/samba.spec b/packaging/SuSE/7.1/samba.spec new file mode 100644 index 00000000000..60d8099edbf --- /dev/null +++ b/packaging/SuSE/7.1/samba.spec @@ -0,0 +1,381 @@ +# +# spec file for package samba (Version 2.0.7) +# +# Copyright (c) 2000 SuSE GmbH Nuernberg, Germany. +# +# please send bugfixes or comments to feedback@suse.de. +# + +# neededforbuild automake openldap +# usedforbuild aaa_base aaa_dir autoconf automake base bash bindutil binutils bison bzip compress cpio cracklib devs diff ext2fs file fileutil find flex gawk gcc gdbm gettext gpm gppshare groff gzip kbd less libc libtool libz lx_suse make mktemp modules ncurses net_tool netcfg nkita nkitb nssv1 openldap pam patch perl pgp ps rcs rpm sendmail sh_utils shadow shlibs strace syslogd sysvinit texinfo textutil timezone unzip util vim xdevel xf86 xshared + +Vendor: SuSE GmbH, Nuernberg, Germany +Distribution: SuSE Linux 7.1a (i386) +Name: samba +Release: 0 +Packager: feedback@suse.de + +Copyright: 1992-95 Andrew Tridgell, Karl Auer, Jeremy Allison +Group: Networking/Daemons +Url: http://www.samba.org +Provides: samba smbfs +Requires: smbclnt +Autoreqprov: on +Version: 2.2 +Summary: An SMB file server for Unix +Source: samba-2.2.0-alpha0.tar.gz +Source1: samba.pamd +Patch: samba-2.2.0-alpha0.dif +%package -n smbclnt +Summary: Samba client utilities +Autoreqprov: on +Group: Networking +%prep +%setup -n samba-2.2.0-alpha0 +%patch + +%build +cd source +%{?suse_update_config:%{suse_update_config -f}} +LIBS=-lnsl \ +./configure --prefix=/usr --libdir=/etc \ + --with-privatedir=/etc --localstatedir=/var/log \ + --with-smbmount --with-pam \ + --mandir=%{_mandir} \ + --with-swatdir=/usr/lib/samba/swat \ + --with-sambabook=/usr/lib/samba/swat/using_samba +cd .. +make LOCKDIR=/var/lock/samba SBINDIR=/usr/sbin \ + CODEPAGEDIR=/usr/lib/samba/codepages -C source + +%install +mkdir -p /usr/lib/samba +make install LOCKDIR=/var/lock/samba SBINDIR=/usr/sbin \ + CODEPAGEDIR=/usr/lib/samba/codepages -C source +# cleanup docs +rm -rf docs/*.[0-9] +chmod 644 `find docs examples -type f` +chmod 755 `find docs examples -type d` +#utility scripts +mkdir -p /usr/lib/samba/scripts +cp -a source/script/* /usr/lib/samba/scripts +# configuration files +install -m 644 smb.conf /etc/smb.conf +install -m 644 lmhosts /etc/lmhosts +install -m 600 smbpasswd -o root -g root /etc/smbpasswd +install -d 755 /etc/pam.d +install -m 644 $RPM_SOURCE_DIR/samba.pamd /etc/pam.d/samba +install -m 755 mount.smbfs /sbin/mount.smbfs +# start script +install rc /sbin/init.d/smb +ln -sf ../smb /sbin/init.d/rc2.d/S20smb +ln -sf ../smb /sbin/init.d/rc2.d/K20smb +ln -sf ../smb /sbin/init.d/rc3.d/S20smb +ln -sf ../smb /sbin/init.d/rc3.d/K20smb +ln -sf ../../sbin/init.d/smb /usr/sbin/rcsmb +install smbfs /sbin/init.d/smbfs +ln -sf ../smbfs /sbin/init.d/rc2.d/S21smbfs +ln -sf ../smbfs /sbin/init.d/rc2.d/K19smbfs +ln -sf ../smbfs /sbin/init.d/rc3.d/S21smbfs +ln -sf ../smbfs /sbin/init.d/rc3.d/K19smbfs +ln -sf ../../sbin/init.d/smbfs /usr/sbin/rcsmbfs +# rc.config fragment +mkdir -p /var/adm/fillup-templates +cp rc.config.samba /var/adm/fillup-templates +%{?suse_check} + +%post +echo "Updating etc/rc.config..." +if [ -x bin/fillup ] ; then + bin/fillup -q -d = etc/rc.config var/adm/fillup-templates/rc.config.samba +else + echo "ERROR: fillup not found. This should not happen. Please compare" + echo "etc/rc.config and var/adm/fillup-templates/rc.config.samba and" + echo "update by hand." +fi +if grep -q '^[#[:space:]]*swat' etc/inetd.conf ; then + echo /etc/inetd.conf is up to date +else + echo updating inetd.conf + cat >> etc/inetd.conf << EOF +# swat is the Samba Web Administration Tool +swat stream tcp nowait.400 root /usr/sbin/swat swat +EOF +fi +if grep -q '^swat' etc/services ; then + echo /etc/services is up to date +else + echo updating services + cat >> etc/services << EOF +swat 901/tcp # swat is the Samba Web Administration Tool +EOF +fi +mkdir -p var/adm/notify/messages +cat << EOF > var/adm/notify/messages/samba-notify +Achtung! +======== +Die Syntax des smbmount Kommandos hat sich geaendert! +smbmount kann nicht mehr direkt aufgerufen werden. Es wird von einem +Shellscript /sbin/mount.smbfs aufgerufen, welches wiederum von mount +aufgerufen wird. +Hier ein Beispielaufruf: +mount -t smbfs -o username=uname,password=passwd //smbserv/share /destination +***************************************************************************** +Attention! +========== +The syntax of smbmount has changed! +smbmount can not be called direct anymore. It will be called by a shell +script /sbin/mount.smbfs, which will be called by mount. +A sample call to smbfs: +mount -t smbfs -o username=uname,password=passwd //smbserv/share /destination +EOF + +%files +%config(noreplace) /etc/smb.conf +%config(noreplace) /etc/lmhosts +%config(noreplace) /etc/smbpasswd +%config /etc/pam.d/samba +/usr/lib/samba +/sbin/init.d/rc2.d/K20smb +/sbin/init.d/rc2.d/S20smb +/sbin/init.d/rc3.d/K20smb +/sbin/init.d/rc3.d/S20smb +%config /sbin/init.d/smb +/usr/bin/addtosmbpass +/usr/bin/convert_smbpasswd +/usr/bin/make_printerdef +/usr/bin/make_smbcodepage +/usr/bin/make_unicodemap +/usr/bin/smbpasswd +/usr/bin/smbstatus +/usr/bin/testparm +/usr/bin/testprns +%doc docs/* examples +%doc %{_mandir}/man1/make_smbcodepage.1.gz +%doc %{_mandir}/man1/make_unicodemap.1.gz +%doc %{_mandir}/man1/smbrun.1.gz +%doc %{_mandir}/man1/smbsh.1.gz +%doc %{_mandir}/man1/smbstatus.1.gz +%doc %{_mandir}/man1/testparm.1.gz +%doc %{_mandir}/man1/testprns.1.gz +%doc %{_mandir}/man5/lmhosts.5.gz +%doc %{_mandir}/man5/smb.conf.5.gz +%doc %{_mandir}/man5/smbpasswd.5.gz +%doc %{_mandir}/man7/samba.7.gz +%doc %{_mandir}/man8/nmbd.8.gz +%doc %{_mandir}/man8/smbd.8.gz +%doc %{_mandir}/man8/smbpasswd.8.gz +%doc %{_mandir}/man8/swat.8.gz +/usr/sbin/nmbd +/usr/sbin/rcsmb +/usr/sbin/smbd +/usr/sbin/swat +/var/adm/fillup-templates/rc.config.samba + +%files -n smbclnt +/sbin/init.d/rc2.d/K19smbfs +/sbin/init.d/rc2.d/S21smbfs +/sbin/init.d/rc3.d/K19smbfs +/sbin/init.d/rc3.d/S21smbfs +%config /sbin/init.d/smbfs +/usr/sbin/rcsmbfs +/sbin/mount.smbfs +/usr/bin/nmblookup +/usr/bin/rpcclient +/usr/bin/smbclient +/usr/bin/smbmnt +/usr/bin/smbmount +/usr/bin/smbumount +/usr/bin/smbspool +/usr/bin/smbtar +%doc %{_mandir}/man1/nmblookup.1.gz +%doc %{_mandir}/man1/smbclient.1.gz +%doc %{_mandir}/man1/smbtar.1.gz +%doc %{_mandir}/man8/smbmnt.8.gz +%doc %{_mandir}/man8/smbmount.8.gz +%doc %{_mandir}/man8/smbspool.8.gz +%doc %{_mandir}/man8/smbumount.8.gz + +%description +Samba is a suite of programs which work together to allow clients to +access Unix filespace and printers via the SMB protocol (Server Message +Block). +In practice, this means that you can redirect disks and printers to +Unix disks and printers from LAN Manager clients, Windows for +Workgroups 3.11 clients, Windows'95 clients, Windows NT clients +and OS/2 clients. There is +also a Unix client program supplied as part of the suite which allows +Unix users to use an ftp-like interface to access filespace and +printers on any other SMB server. +Samba includes the following programs (in summary): +* smbd, the SMB server. This handles actual connections from clients. +* nmbd, the Netbios name server, which helps clients locate servers. +* smbclient, the Unix-hosted client program. +* smbrun, a little 'glue' program to help the server run external +programs. +* testprns, a program to test server access to printers. +* testparm, a program to test the Samba configuration file for correctness. +* smb.conf, the Samba configuration file. +* smbprint, a sample script to allow a Unix host to use smbclient +to print to an SMB server. +The suite is supplied with full source and is GPLed. +This package expects its config file under /etc/smb.conf . + +Authors: +-------- + Andrew Tridgell + Karl Auer + Jeremy Allison + +SuSE series: n + + +%description -n smbclnt +This package contains all programs, that are needed to act as a samba +client. This includes also smbmount, of course. + +Authors: +-------- + Andrew Tridgell + Karl Auer + Jeremy Allison + +SuSE series: n + + +%changelog -n samba +* Mon Aug 28 2000 - choeger@suse.de +- changed $* to "$@" in mount.smbfs to make it also + possible to mount shares with spaces +* Mon Jul 31 2000 - choeger@suse.de +- improvement for rcsmb +- fix for spec-file to compile with NIS netgroups +* Thu Jul 20 2000 - choeger@suse.de +- added smbfs initscript that has been removed + by an error +* Tue Jul 11 2000 - choeger@suse.de +- split package into client and server parts + client package name: smbclnt +* Wed Apr 26 2000 - choeger@suse.de +- new version, 2.0.7 +* Thu Apr 06 2000 - ro@suse.de +- removed pam,cracklib from neededforbuild: build handles this +* Wed Apr 05 2000 - bk@suse.de +- s390 team added config.{sub,guess} update macro for s390 +* Mon Mar 27 2000 - choeger@suse.de +- fixed bug in specfile + the multilined configure call missed a "" :-( +* Thu Mar 09 2000 - choeger@suse.de +- fixed typo in specfile +* Wed Mar 01 2000 - choeger@suse.de +- added %{_mandir} +* Tue Feb 08 2000 - choeger@suse.de +- removed /sbin/init.d/smbfs because it is no longer needed +* Mon Jan 03 2000 - choeger@suse.de +- bugfix for ipc.c + to make roaming profiles work again. +* Tue Nov 30 1999 - choeger@suse.de +- changed kernel oplocks = off to + kernel oplocks = false +* Tue Nov 16 1999 - choeger@suse.de +- added kernel oplocks = off in smb.conf +* Fri Nov 12 1999 - choeger@suse.de +- new version, 2.0.6 +* Fri Nov 05 1999 - choeger@suse.de +- Fix for the smbmount lost-connection problem + _seems_ to work... +* Fri Oct 29 1999 - choeger@suse.de +- removed comment sign in /etc/inetd.conf for swat +* Mon Sep 13 1999 - bs@suse.de +- ran old prepare_spec on spec file to switch to new prepare_spec. +* Tue Aug 10 1999 - fehr@suse.de +- set execute permissions for mksmbpasswd.sh and changesmbpasswd.sh +* Thu Jul 29 1999 - fehr@suse.de +- fixed typo in /sbin/init.d/smbfs +* Thu Jul 22 1999 - fehr@suse.de +- changed to new version 2.0.5a +* Wed Jul 21 1999 - fehr@suse.de +- changed to new version 2.0.5 +* Tue Jul 20 1999 - fehr@suse.de +- install /sbin/init.d/smbfs +- changed to new version 2.0.5pre4 +* Mon Jul 19 1999 - fehr@suse.de +- add /sbin/init.d/smbfs +- changed to new version 2.0.5pre3 +* Fri Jul 02 1999 - fehr@suse.de +- removed "umount -a -t smbfs" from start sscript +* Tue Jun 22 1999 - kukuk@suse.de +- 2.0.4b changed default values, enable PAM again +* Fri Jun 18 1999 - kukuk@suse.de +- changed to new version 2.0.4b +* Mon Jun 14 1999 - kukuk@suse.de +- Enable PAM, add samba.pamd +* Mon May 03 1999 - fehr@suse.de +- add umount -a -t smbfs to shutdown sequence of samba +* Thu Mar 11 1999 - ro@suse.de +- smbmount: define NR_OPEN to 1024 if undefined (GLIBC-2.1) +* Wed Mar 10 1999 - choeger@suse.de +- some enhancements for smb.conf +* Wed Mar 10 1999 - choeger@suse.de +- new version 2.0.3 and smbmount now seems to work +* Tue Mar 09 1999 - ro@suse.de +- use samba-2.0.2 for STABLE +- use smbfs-2.1 with kernel 2.2.2 +* Sun Feb 28 1999 - ro@suse.de +- for glibc-2.1 strncat uses strcat for one subcase, so don't + redefine strcat to "ERROR" for glibc-2.1 +* Mon Feb 15 1999 - fehr@suse.de +- fix for umount problem from Volker +* Tue Feb 09 1999 - fehr@suse.de +- changed to version 2.0.2 of samba +* Fri Jan 15 1999 - bs@suse.de +- replaced /sbin/init.d/smb with newer style version (again) +* Fri Jan 15 1999 - fehr@suse.de +- switched to new version 2.0.0 +* Wed Jan 13 1999 - bs@suse.de +- fixed entry in inetd.conf +* Wed Jan 13 1999 - bs@suse.de +- replaced /sbin/init.d/smb with newer style version +* Mon Jan 11 1999 - vl@suse.de +- make 2.0.0beta5 package of samba +* Mon Aug 24 1998 - vl@suse.de +- changed to version 1.9.18p10 +* Mon Jun 29 1998 - vl@suse.de +- changed to version 1.9.18p8 +* Mon Apr 20 1998 - vl@suse.de +- changed to version 1.9.18p4 +* Thu Feb 19 1998 - vl@suse.de +- changed to version 1.9.18p3 +* Tue Feb 03 1998 - vl@suse.de +- changed to version 1.9.18p2 +- fixed some problems in spec-file, some files were missing :-( +- fixed smbfs-2.0.2/Makefile.Linux +* Tue Jan 13 1998 - vl@suse.de +- changed to version 1.9.18p1 +* Fri Jan 09 1998 - vl@suse.de +- changed to version 1.9.18 +* Tue Dec 02 1997 - bs@suse.de +- disable samba by default in /etc/rc.config +* Mon Oct 06 1997 - fehr@suse.de +- package prepared for automatic building +* Mon Sep 29 1997 - fehr@suse.de +- updated to version 1.9.17p2 due to security hole. +* Wed Jul 16 1997 - fehr@suse.de +- add fillup-template for rc.config and install it in doinst.sh +* Fri Jun 27 1997 - bs@suse.de +- update to smbfs-2.0.2, due to security hole. +* Tue Jun 17 1997 - fehr@suse.de +- changed init-skript to recognize entry START_SMB of rc.config +* Mon Jun 02 1997 - vl@suse.de +- update to version 1.9.16p11 +- Starting Samba from /sbin/init.d, not from inetd.conf +* Sun Feb 02 1997 - vl@suse.de +- update to version 1.9.16p10 +- Adapted /etc/smb.conf.sample to 4.4.1 manual +* Thu Jan 02 1997 - florian@suse.de +- update to version 1.9.16p9 +- configuration file is now /etc/smb.conf +- smbd and nmbd are now in /usr/sbin +- added start-script /sbin/init.d/smb and entry in /etc/rc.config +* Thu Jan 02 1997 - florian@suse.de +- Update auf neue Version 1.9.16p6. diff --git a/packaging/bin/update-pkginfo b/packaging/bin/update-pkginfo new file mode 100755 index 00000000000..8432173cc88 --- /dev/null +++ b/packaging/bin/update-pkginfo @@ -0,0 +1,20 @@ +#!/bin/bash + +VERSION=$1 +RELEASE=$2 + +if [ $# -ne 2 ]; then + echo Usage: update-pkginfo VERSION RELEASE + exit 1 +fi + +for f in */*/*.tmpl; do + f2=`echo $f | sed s/.tmpl//g` + echo $f2 + sed -e s/PVERSION/$VERSION/g -e s/PRELEASE/$RELEASE/g < $f > $f2 +done +for f in */*.tmpl; do + f2=`echo $f | sed s/.tmpl//g` + echo $f2 + sed -e s/PVERSION/$VERSION/g -e s/PRELEASE/$RELEASE/g < $f > $f2 +done diff --git a/pcp/Install b/pcp/Install new file mode 100755 index 00000000000..c2087fc01e3 --- /dev/null +++ b/pcp/Install @@ -0,0 +1,64 @@ +#! /bin/sh +# +# Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it would be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Further, this software is distributed without any warranty that it is +# free of the rightful claim of any third person regarding infringement +# or the like. Any license provided herein, whether implied or +# otherwise, applies only to this software file. Patent licenses, if +# any, provided herein do not apply to combinations of this program with +# other software, or any other product whatsoever. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write the Free Software Foundation, Inc., 59 +# Temple Place - Suite 330, Boston MA 02111-1307, USA. +# +# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy, +# Mountain View, CA 94043, or: +# +# http://www.sgi.com +# +# For further information regarding this notice, see: +# +# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/ +# +# Install the samba PMDA and/or PMNS +# + +# source the PCP configuration environment variables +. /etc/pcp.env + +# Get the common procedures and variable assignments +# +. $PCP_SHARE_DIR/lib/pmdaproc.sh + +# The name of the PMDA +# +iam=samba + +# override interactive dialog from pmdaproc.sh +# +__choose_mode() +{ + echo "Installing the \"$iam\" Performance Metrics Domain Agent (PMDA) ..." + echo +} + +# Using libpcp_pmda.so.2 and PMDA_INTERFACE_2 +# +pmda_interface=2 + +# Do it +# +pmdaSetup +pmdaInstall + +exit 0 diff --git a/pcp/Makefile b/pcp/Makefile new file mode 100644 index 00000000000..e01731b2565 --- /dev/null +++ b/pcp/Makefile @@ -0,0 +1,69 @@ +#!make +# +# Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it would be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Further, this software is distributed without any warranty that it is +# free of the rightful claim of any third person regarding infringement +# or the like. Any license provided herein, whether implied or +# otherwise, applies only to this software file. Patent licenses, if +# any, provided herein do not apply to combinations of this program with +# other software, or any other product whatsoever. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write the Free Software Foundation, Inc., 59 +# Temple Place - Suite 330, Boston MA 02111-1307, USA. +# +# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy, +# Mountain View, CA 94043, or: +# +# http://www.sgi.com +# +# For further information regarding this notice, see: +# +# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/ +# + +SHELL = sh + +include /etc/pcp.conf + +IAM = samba +CFILES = $(IAM).c + +LIBTARGET = pmda_$(IAM).so +CMDTARGET = pmda$(IAM) +TARGETS = $(LIBTARGET) $(CMDTARGET) + +DEBUG = -DDEBUG +CFLAGS = $(DEBUG) +LDOPTS = +LDLIBS = -lpcp_pmda -lpcp +DSOOPTS = -shared +LDIRT = metrics.h so_locations *.log help.dir help.pag *.pmda_$(IAM).so + +INSTALL = install +CC = cc + +default: $(TARGETS) + +install: default + +$(CMDTARGET): profile.h metrics.h $(CFILES) + $(CC) $(CFLAGS) $(CFILES) $(LDOPTS) $(LDLIBS) -o $@ + +$(LIBTARGET): profile.h metrics.h $(CFILES) + $(CC) $(CFLAGS) $(DSOOPTS) $(LDOPTS) $(CFILES) $(LDLIBS) -o $@ + +metrics.h: profile.h mkheader.pl + ./mkheader.pl + +clobber clean: + rm -f $(LDIRT) $(TARGETS) diff --git a/pcp/README b/pcp/README new file mode 100644 index 00000000000..97d8125a53e --- /dev/null +++ b/pcp/README @@ -0,0 +1,94 @@ +samba PMDA +=========== + +This PMDA is a sample that illustrates how a simple samba monitor +PMDA might be constructed, using a shared memory segment to transfer +information about transaction activity from the smb daemon. + +Note: + This PMDA may be remade from source and hence requires + a C compiler and Perl to be installed. + + Uses of make(1) may fail (without removing or clobbering files) + if the C compiler cannot be found. This is most likely to + happen when running the PMDA ./Install script. + + The only remedial action is to install the C compiler, or + hand-craft changes to the Makefile. + +Metrics +======= + +The file ./help contains descriptions for all of the metrics exported +by this PMDA. + +Once the PMDA has been installed, the following command will list all +the available metrics and their explanatory "help" text: + + $ pminfo -fT samba + +Installation +============ + + + # mkdir /var/pcp/pmdas/samba + + # cp * /var/pcp/pmdas/samba + + # cp ../source/include/profile.h /var/pcp/pmdas/samba + + # cd /var/pcp/pmdas/samba + + + Check that there is no clash in the Performance Metrics Domain + defined in ./domain.h and the other PMDAs currently in use + (/etc/pmcd.conf). If there is, edit ./domain.h to choose another + domain number. + + + If you are not installing on an IRIX system, edit samba.c and + comment out the + + #define IRIX 1 + + + Then simply use + + # ./Install + + + Alternatively, to install just the Performance Metrics Name Space + for the samba metrics on the local system, but not the samba PMDA + (presumably because the local system is running PCP 1.x and you + wish to connect to a remote system where PCP 2.0 and the samba PMDA + is running), make sure the Performance Metrics Domain defined in + ./domain.h matches the domain chosen for the samba PMDA on the + remote system (check the second field in the corresponding line of + the pmcd.conf file on the remote system - located in /etc on IRIX + and /var/pcp/config/pmcd on Linux), then + + # ./Install -N + +De-installation +=============== + + + Simply use + + # cd /var/pcp/pmdas/samba + # ./Remove + + + If you also want to remove the sources use + + # cd / + # rm -rf /var/pcp/pmdas/samba + +Making something happen +======================= + +The application "smbd" updates the shared memory segment to add +profile information about smbd. By default updating is disabled. +To start updating of the shared memory segment you need to run the +smbcontrol command to turn on profiling for one or more smbd processes +(see the man page for smbcontrol). + + + +Troubleshooting +=============== + + + After installing or restarting the agent, the PMCD log file + (pmcd.log) and the PMDA log file (samba.log) should be checked + for any warnings or errors. These logs are located in + /var/log/pcp/pmcd on Linux and /var/adm/pcplog on IRIX. diff --git a/pcp/Remove b/pcp/Remove new file mode 100755 index 00000000000..3f7434d2553 --- /dev/null +++ b/pcp/Remove @@ -0,0 +1,52 @@ +#! /bin/sh +# +# Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved. +# +# This program is free software; you can redistribute it and/or modify it +# under the terms of version 2 of the GNU General Public License as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it would be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. +# +# Further, this software is distributed without any warranty that it is +# free of the rightful claim of any third person regarding infringement +# or the like. Any license provided herein, whether implied or +# otherwise, applies only to this software file. Patent licenses, if +# any, provided herein do not apply to combinations of this program with +# other software, or any other product whatsoever. +# +# You should have received a copy of the GNU General Public License along +# with this program; if not, write the Free Software Foundation, Inc., 59 +# Temple Place - Suite 330, Boston MA 02111-1307, USA. +# +# Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy, +# Mountain View, CA 94043, or: +# +# http://www.sgi.com +# +# For further information regarding this notice, see: +# +# http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/ +# +# Remove the samba PMDA +# + +# source the PCP configuration environment variables +. /etc/pcp.env + +# Get the common procedures and variable assignments +# +. $PCP_SHARE_DIR/lib/pmdaproc.sh + +# The name of the PMDA +# +iam=samba + +# Do it +# +pmdaSetup +pmdaRemove + +exit 0 diff --git a/pcp/domain.h b/pcp/domain.h new file mode 100644 index 00000000000..3cf0bc6ce97 --- /dev/null +++ b/pcp/domain.h @@ -0,0 +1,4 @@ +/* + * built from /var/pcp/pmns/stdpmid + */ +#define SAMBA 123 diff --git a/pcp/help b/pcp/help new file mode 100644 index 00000000000..dc3b02f03bd --- /dev/null +++ b/pcp/help @@ -0,0 +1,77 @@ +# +# samba PMDA help file in the ASCII format +# +# lines beginning with a # are ignored +# lines beginning @ introduce a new entry of the form +# @ metric_name oneline-text +# help test goes +# here over multiple lines +# ... +# +# the metric_name is decoded against the default PMNS -- as a special case, +# a name of the form NNN.MM (for numeric NNN and MM) is interpreted as an +# instance domain identification, and the text describes the instance domain +# +# blank lines before the @ line are ignored +# + +@ SAMBA.0 Count and Time Instance Domain +Contains count and time information for system calls and smb transactions. +Counts shows the number of times each transaction was called. Times +indicates the time spent in each transaction. + +@ SAMBA.1 Byte Instance Domain +This domain contains instances for the number of bytes transferred +using the read and write system call. + +@ samba.counts Count of calls to this function + +@ samba.times Time required to complete call + +@ samba.bytes Number of bytes processed by this call + +@ samba.smbd.smb_count Count of SMB packets processed + +@ samba.smbd.uid_changes Count of times effective uid changed + +@ samba.statcache.lookups Number of lookups in stat cache + +@ samba.statcache.misses Number of times stat cache lookup missed + +@ samba.statcache.hits Number of times stat cache lookup hit + +@ samba.writecache.num_caches Number of write caches available + +@ samba.writecache.allocated_caches Number of write caches allocated + +@ samba.writecache.read_hits Number of times read request found in write cache + +@ samba.writecache.total_writes Number of writes to write cache + +@ samba.writecache.init_writes Number of initial writes to write cache + +@ samba.writecache.abutted_writes + +@ samba.writecache.perfect_writes + +@ samba.writecache.direct_writes + +@ samba.writecache.non_oplock_writes + +@ samba.writecache.seek_flush + +@ samba.writecache.read_flush + +@ samba.writecache.write_flush + +@ samba.writecache.readraw_flush + +@ samba.writecache.oplock_rel_flush + +@ samba.writecache.close_flush + +@ samba.writecache.sync_flush + +@ samba.writecache.size_change_flush + +@ samba.bytes cumulative number of bytes read or written diff --git a/pcp/mkheader.pl b/pcp/mkheader.pl new file mode 100755 index 00000000000..ad069c544a8 --- /dev/null +++ b/pcp/mkheader.pl @@ -0,0 +1,63 @@ +#!/usr/bin/perl + + +open(PROFILE,"profile.h") || die "Unable to open profile.h\n"; +@profile = ; +close PROFILE; + +open(METRICS,"> metrics.h") || die "Unable to open metrics.h for output\n"; + +print METRICS "#define COUNT_TIME_INDOM 0\n"; +print METRICS "#define BYTE_INDOM 1\n\n"; +print METRICS "#define FIELD_OFF(x) (unsigned)\&(((struct profile_stats *)NULL)->x)\n\n"; +print METRICS "typedef struct {\n"; +print METRICS "\tchar *name;\n"; +print METRICS "\tunsigned offset;\n"; +print METRICS "} samba_instance;\n\n"; + +@instnames = grep(/unsigned .*_time;/,@profile); +foreach $instnames (@instnames) { + chomp $instnames; + $instnames =~ s/^.*unsigned (.*)_time.*$/$1/; +} + +print METRICS "static samba_instance samba_counts[] = {"; +$first = 1; +foreach $1 (@instnames) { + if ($first == 1) { + $first = 0; + print METRICS "\n"; + } else { + print METRICS ",\n"; + } + print METRICS "\t{\"$1\", FIELD_OFF($1_count)}"; +} +print METRICS "\n};\n\n"; +print METRICS "static samba_instance samba_times[] = {"; +$first = 1; +foreach $1 (@instnames) { + if ($first == 1) { + $first = 0; + print METRICS "\n"; + } else { + print METRICS ",\n"; + } + print METRICS "\t{\"$1\", FIELD_OFF($1_time)}"; +} +print METRICS "\n};\n\n"; +print METRICS "static samba_instance samba_bytes[] = {"; +@instnames = grep(/unsigned .*_bytes;/,@profile); +$first = 1; +foreach $_ (@instnames) { + if ($first == 1) { + $first = 0; + print METRICS "\n"; + } else { + print METRICS ",\n"; + } + /^.*unsigned (.*)_bytes.*$/; + print METRICS "\t{\"$1\", FIELD_OFF($1_bytes)}"; +} +print METRICS "\n};\n"; + +close METRICS diff --git a/pcp/pmns b/pcp/pmns new file mode 100644 index 00000000000..1f3dd3934ee --- /dev/null +++ b/pcp/pmns @@ -0,0 +1,45 @@ +/* + * Metrics for samba PMDA + * + */ + +samba { + smbd + statcache + writecache + counts SAMBA:3:0 + times SAMBA:4:0 + bytes SAMBA:5:0 +} + +samba.smbd { + smb_count SAMBA:0:0 + uid_changes SAMBA:0:1 +} + +samba.statcache { + lookups SAMBA:1:0 + misses SAMBA:1:1 + hits SAMBA:1:2 +} + +samba.writecache { + num_caches SAMBA:2:0 + allocated_caches SAMBA:2:1 + read_hits SAMBA:2:2 + total_writes SAMBA:2:3 + init_writes SAMBA:2:4 + abutted_writes SAMBA:2:5 + perfect_writes SAMBA:2:6 + direct_writes SAMBA:2:7 + non_oplock_writes SAMBA:2:8 + seek_flush SAMBA:2:9 + read_flush SAMBA:2:10 + write_flush SAMBA:2:11 + readraw_flush SAMBA:2:12 + oplock_rel_flush SAMBA:2:13 + close_flush SAMBA:2:14 + sync_flush SAMBA:2:15 + size_change_flush SAMBA:2:16 +} + diff --git a/pcp/root b/pcp/root new file mode 100644 index 00000000000..d5137bc7ddd --- /dev/null +++ b/pcp/root @@ -0,0 +1,10 @@ +/* + * fake "root" for validating the local PMNS subtree + */ + +#include "/var/pcp/pmns/stdpmid" + +root { samba } + +#include "pmns" + diff --git a/pcp/samba.c b/pcp/samba.c new file mode 100644 index 00000000000..07a6ce2e169 --- /dev/null +++ b/pcp/samba.c @@ -0,0 +1,390 @@ +/* + * Samba, configurable PMDA + * + * Copyright (c) 2000 Silicon Graphics, Inc. All Rights Reserved. + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of version 2 of the GNU General Public License as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it would be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. + * + * Further, this software is distributed without any warranty that it is + * free of the rightful claim of any third person regarding infringement + * or the like. Any license provided herein, whether implied or + * otherwise, applies only to this software file. Patent licenses, if + * any, provided herein do not apply to combinations of this program with + * other software, or any other product whatsoever. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write the Free Software Foundation, Inc., 59 + * Temple Place - Suite 330, Boston MA 02111-1307, USA. + * + * Contact information: Silicon Graphics, Inc., 1600 Amphitheatre Pkwy, + * Mountain View, CA 94043, or: + * + * http://www.sgi.com + * + * For further information regarding this notice, see: + * + * http://oss.sgi.com/projects/GenInfo/SGIGPLNoticeExplan/ + */ + +typedef int BOOL; + +#define IRIX 1 + +#include +#include +#include +#ifdef IRIX +#include +#endif +#include +#include "domain.h" +#include "profile.h" +#include "metrics.h" + +static pmdaInstid *counttime = NULL; +static pmdaInstid *bytes = NULL; + +/* + * List of instance domains + */ + +static pmdaIndom indomtab[] = { + {COUNT_TIME_INDOM,0,NULL}, + {BYTE_INDOM,0,NULL} +}; +/* + * all metrics supported in this PMDA - one table entry for each + */ + +static pmdaMetric metrictab[] = { +/* smbd.smb_count */ + { NULL, { PMDA_PMID(0,0), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* smbd.uid_changes */ + { NULL, { PMDA_PMID(0,1), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* statcache.lookups */ + { NULL, { PMDA_PMID(1,0), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* statcache.misses */ + { NULL, { PMDA_PMID(1,1), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* statcache.hits */ + { NULL, { PMDA_PMID(1,2), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.num_caches */ + { NULL, { PMDA_PMID(2,0), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_INSTANT, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.allocated_caches */ + { NULL, { PMDA_PMID(2,1), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_INSTANT, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.read_hits */ + { NULL, { PMDA_PMID(2,2), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.total_writes */ + { NULL, { PMDA_PMID(2,3), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.init_writes */ + { NULL, { PMDA_PMID(2,4), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.abutted_writes */ + { NULL, { PMDA_PMID(2,5), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.perfect_writes */ + { NULL, { PMDA_PMID(2,6), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.direct_writes */ + { NULL, { PMDA_PMID(2,7), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.non_oplock_writes */ + { NULL, { PMDA_PMID(2,8), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.seek_flush */ + { NULL, { PMDA_PMID(2,9), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.read_flush */ + { NULL, { PMDA_PMID(2,10), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.write_flush */ + { NULL, { PMDA_PMID(2,11), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.readraw_flush */ + { NULL, { PMDA_PMID(2,12), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.oplock_rel_flush */ + { NULL, { PMDA_PMID(2,13), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.close_flush */ + { NULL, { PMDA_PMID(2,14), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.sync_flush */ + { NULL, { PMDA_PMID(2,15), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* writecache.size_change_flush */ + { NULL, { PMDA_PMID(2,16), PM_TYPE_U32, PM_INDOM_NULL, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* counts instance domain */ + { NULL, { PMDA_PMID(3,0), PM_TYPE_U32, COUNT_TIME_INDOM, PM_SEM_COUNTER, + { 0,0,1,0,0,PM_COUNT_ONE} }, }, +/* times instance domain */ + { NULL, { PMDA_PMID(4,0), PM_TYPE_U32, COUNT_TIME_INDOM, PM_SEM_COUNTER, + { 0,1,0,0,PM_TIME_USEC,0} }, }, +/* bytes instance domain */ + { NULL, { PMDA_PMID(5,0), PM_TYPE_U32, BYTE_INDOM, PM_SEM_COUNTER, + { 1,0,0,PM_SPACE_BYTE,0,0} }, } + +}; + +extern int errno; +struct profile_stats *stats; +struct profile_header *shmheader; +int shmid = -1; + + +int +samba_fetchCallBack(pmdaMetric *mdesc, unsigned int inst, pmAtomValue *atom) +{ + __pmID_int *idp = (__pmID_int *)&(mdesc->m_desc.pmid); + + + if (inst != PM_IN_NULL && mdesc->m_desc.indom == PM_INDOM_NULL) + return PM_ERR_INST; + + if (idp->cluster == 0) { + switch (idp->item) { + case 0: /* smbd.smb_count */ + atom->ul = stats->smb_count; + break; + case 1: /* smb.uid_changes */ + atom->ul = stats->uid_changes; + break; + default: + return PM_ERR_PMID; + } + } + else if (idp->cluster == 1) { /* statcache */ + switch (idp->item) { + case 0: /* statcache.lookups */ + atom->ul = stats->statcache_lookups; + break; + case 1: /* statcache.misses */ + atom->ul = stats->statcache_misses; + break; + case 2: /* statcache.hits */ + atom->ul = stats->statcache_hits; + break; + default: + return PM_ERR_PMID; + } + } + else if (idp->cluster == 2) { /* writecache */ + switch (idp->item) { + case 0: /* writecache.num_caches */ + atom->ul = stats->writecache_num_write_caches; + break; + case 1: /* writecache.allocated_caches */ + atom->ul = stats->writecache_allocated_write_caches; + break; + case 2: /* writecache.read_hits */ + atom->ul = stats->writecache_read_hits; + break; + case 3: /* writecache.total_writes */ + atom->ul = stats->writecache_total_writes; + break; + case 4: /* writecache.init_writes */ + atom->ul = stats->writecache_init_writes; + break; + case 5: /* writecache.abutted_writes */ + atom->ul = stats->writecache_abutted_writes; + break; + case 6: /* writecache.perfect_writes */ + atom->ul = stats->writecache_num_perfect_writes; + break; + case 7: /* writecache.direct_writes */ + atom->ul = stats->writecache_direct_writes; + break; + case 8: /* writecache.non_oplock_writes */ + atom->ul = stats->writecache_non_oplock_writes; + break; + case 9: /* writecache.seek_flush */ + atom->ul = stats->writecache_flushed_writes[SEEK_FLUSH]; + break; + case 10: /* writecache.read_flush */ + atom->ul = stats->writecache_flushed_writes[READ_FLUSH]; + break; + case 11: /* writecache.write_flush */ + atom->ul = stats->writecache_flushed_writes[WRITE_FLUSH]; + break; + case 12: /* writecache.readraw_flush */ + atom->ul = stats->writecache_flushed_writes[READRAW_FLUSH]; + break; + case 13: /* writecache.oplock_rel_flush */ + atom->ul = stats->writecache_flushed_writes[OPLOCK_RELEASE_FLUSH]; + break; + case 14: /* writecache.close_flush */ + atom->ul = stats->writecache_flushed_writes[CLOSE_FLUSH]; + break; + case 15: /* writecache.sync_flush */ + atom->ul = stats->writecache_flushed_writes[SYNC_FLUSH]; + break; + case 16: /* writecache.size_change_flush */ + atom->ul = stats->writecache_flushed_writes[SIZECHANGE_FLUSH]; + break; + default: + return PM_ERR_PMID; + } + } + else if (idp->cluster == 3) { /* counts */ + if (idp->item == 0) { + if (inst < indomtab[COUNT_TIME_INDOM].it_numinst) { + unsigned *p; + + p = (unsigned *)((unsigned)stats + samba_counts[inst].offset); + atom->ul = *p; + } + else + return PM_ERR_INST; + } + else + return PM_ERR_PMID; + } + else if (idp->cluster == 4) { /* times */ + if (idp->item == 0) { + if (inst < indomtab[COUNT_TIME_INDOM].it_numinst) { + unsigned *p; + + p = (unsigned *)((unsigned)stats + samba_times[inst].offset); + atom->ul = *p; + } + else + return PM_ERR_INST; + } + else + return PM_ERR_PMID; + } + else if (idp->cluster == 5) { /* bytes */ + if (idp->item == 0) { + if (inst < indomtab[BYTE_INDOM].it_numinst) { + unsigned *p; + + p = (unsigned *)((unsigned)stats + samba_bytes[inst].offset); + atom->ul = *p; + } + else + return PM_ERR_INST; + } + else + return PM_ERR_PMID; + } + else + return PM_ERR_PMID; + return 0; +} + + +void +samba_init(pmdaInterface *dp) +{ + int inst_count, i; + + if (dp->status != 0) + return; + + if ((shmid = shmget(PROF_SHMEM_KEY, 0, 0)) == -1) { + fprintf(stderr, "shmid: %s\n", strerror(errno)); + fprintf(stderr, "samba not compiled with profile support or not running\n"); + exit(1); + } + shmheader = (struct profile_header *)shmat(shmid, NULL, SHM_RDONLY); + if ((int)shmheader == -1) { + fprintf(stderr, "shmat: %s\n", strerror(errno)); + exit(1); + } + +/* + * Initialize lists of instances + */ + + inst_count = sizeof(samba_counts)/sizeof(samba_counts[0]); + counttime = (pmdaInstid *)malloc(inst_count * sizeof(pmdaInstid)); + if (counttime == NULL) { + __pmNoMem("count&time",inst_count * sizeof(pmdaInstid),PM_FATAL_ERR); + /* NOTREACHED*/ + } + for (i = 0; i < inst_count; i++) { + counttime[i].i_inst = i; + counttime[i].i_name = samba_counts[i].name; + } + indomtab[COUNT_TIME_INDOM].it_numinst = inst_count; + indomtab[COUNT_TIME_INDOM].it_set = counttime; + + inst_count = sizeof(samba_bytes)/sizeof(samba_bytes[0]); + bytes = (pmdaInstid *)malloc(inst_count * sizeof(pmdaInstid)); + if (bytes == NULL) { + __pmNoMem("bytes",inst_count * sizeof(pmdaInstid),PM_FATAL_ERR); + /* NOTREACHED*/ + } + for (i = 0; i < inst_count; i++) { + bytes[i].i_inst = i; + bytes[i].i_name = samba_bytes[i].name; + } + indomtab[BYTE_INDOM].it_numinst = inst_count; + indomtab[BYTE_INDOM].it_set = bytes; + + + pmdaSetFetchCallBack(dp, samba_fetchCallBack); + pmdaInit(dp, indomtab, sizeof(indomtab)/sizeof(indomtab[0]), + metrictab, sizeof(metrictab)/sizeof(metrictab[0])); + + /* validate the data */ + if (!shmheader) /* not mapped yet */ + fprintf(stderr, "samba_init: shmem not mapped\n"); + else if (shmheader->prof_shm_magic != PROF_SHM_MAGIC) + fprintf(stderr, "samba_init: bad magic\n"); + else if (shmheader->prof_shm_version != PROF_SHM_VERSION) + fprintf(stderr, "samba_init: bad version %X\n", + shmheader->prof_shm_version); + else { + stats = &shmheader->stats; + return; /* looks OK */ + } + exit(1); +} + + +int +main(int argc, char **argv) +{ + int err = 0; + char *p; + pmdaInterface dispatch; + + for (p = pmProgname = argv[0]; *p; p++) + if (*p == '/') pmProgname = p+1; + + pmdaDaemon(&dispatch, PMDA_INTERFACE_2, pmProgname, SAMBA, + "samba.log", "/var/pcp/pmdas/samba/help"); + + if (pmdaGetOpt(argc, argv, "D:d:l:?", &dispatch, &err) != EOF) { + fprintf(stderr, "Usage: %s [options]\n\n\ +Options:\n\ + -d domain use domain (numeric) for metrics domain of PMDA\n\ + -l logfile write log into logfile rather than using default log name\n", + pmProgname); + exit(1); + } + + pmdaOpenLog(&dispatch); + samba_init(&dispatch); + pmdaConnect(&dispatch); + pmdaMain(&dispatch); + + exit(0); + /*NOTREACHED*/ +} diff --git a/source3/.cvsignore b/source3/.cvsignore new file mode 100644 index 00000000000..77e82c57010 --- /dev/null +++ b/source3/.cvsignore @@ -0,0 +1,19 @@ +*.po +*.po32 +.headers.stamp +.proto.stamp +.proto.check +ID +ID +Makefile +bin +config.cache +config.log +config.status +cvs.log +dmallog.log +dox +libtool +so_locations +testdir +testtmp diff --git a/source3/.dmallocrc b/source3/.dmallocrc new file mode 100644 index 00000000000..5e5c45e1244 --- /dev/null +++ b/source3/.dmallocrc @@ -0,0 +1,2 @@ +samba allow-free-null, log-stats, log-non-free, log-trans, \ + check-fence, check-heap, check-lists, error-abort \ No newline at end of file diff --git a/source3/CodingSuggestions b/source3/CodingSuggestions new file mode 100644 index 00000000000..48c51281f52 --- /dev/null +++ b/source3/CodingSuggestions @@ -0,0 +1,143 @@ +/** + +@page CodingSuggestions Coding suggestions + +So you want to add code to Samba ... + +One of the daunting tasks facing a programmer attempting to write code for +Samba is understanding the various coding conventions used by those most +active in the project. These conventions were mostly unwritten and helped +improve either the portability, stability or consistency of the code. This +document will attempt to document a few of the more important coding +practices used at this time on the Samba project. The coding practices are +expected to change slightly over time, and even to grow as more is learned +about obscure portability considerations. Two existing documents +samba/source/internals.doc and samba/source/architecture.doc provide +additional information. + +The loosely related question of coding style is very personal and this +document does not attempt to address that subject, except to say that I +have observed that eight character tabs seem to be preferred in Samba +source. If you are interested in the topic of coding style, two oft-quoted +documents are: + + http://lxr.linux.no/source/Documentation/CodingStyle + http://www.fsf.org/prep/standards_toc.html + +but note that coding style in Samba varies due to the many different +programmers who have contributed. + +Following are some considerations you should use when adding new code to +Samba. First and foremost remember that: + +Portability is a primary consideration in adding function, as is network +compatability with de facto, existing, real world CIFS/SMB implementations. +There are lots of platforms that Samba builds on so use caution when adding +a call to a library function that is not invoked in existing Samba code. +Also note that there are many quite different SMB/CIFS clients that Samba +tries to support, not all of which follow the SNIA CIFS Technical Reference +(or the earlier Microsoft reference documents or the X/Open book on the SMB +Standard) perfectly. + +Here are some other suggestions: + +1) use d_printf instead of printf for display text + reason: enable auto-substitution of translated language text + +2) use SAFE_FREE instead of free + reason: reduce traps due to null pointers + +3) don't use bzero use memset, or ZERO_STRUCT and ZERO_STRUCTP macros + reason: not POSIX + +4) don't use strcpy and strlen (use safe_* equivalents) + reason: to avoid traps due to buffer overruns + +5) don't use getopt_long, use popt functions instead + reason: portability + +6) explicitly add const qualifiers on parm passing in functions where parm + is input only (somewhat controversial but const can be #defined away) + +8) discourage use of threads + reason: portability (also see architecture.doc) + +9) don't explicitly include new header files in C files - new h files + should be included by adding them once to includes.h + reason: consistency + +10) don't explicitly extern functions (they are autogenerated by + "make proto" into proto.h) + reason: consistency + +11) use endian safe macros when unpacking SMBs (see byteorder.h and + internals.doc) + reason: not everyone uses Intel + +12) Note Unicode implications of charset handling (see internals.doc). See + pull_* and push_* and convert_string functions. + reason: Internationalization + +13) Don't assume English only + reason: See above + +14) Try to avoid using in/out parameters (functions that return data which + overwrites input parameters) + reason: Can cause stability problems + +15) Ensure copyright notices are correct, don't append Tridge's name to code + that he didn't write. If you did not write the code, make sure that it + can coexist with the rest of the Samba GPLed code. + +16) Consider usage of DATA_BLOBs for length specified byte-data. + reason: stability + +17) Take advantage of tdbs for database like function + reason: consistency + +18) Don't access the SAM_ACCOUNT structure directly, they should be accessed + via pdb_get...() and pdb_set...() functions. + reason: stability, consistency + +19) Don't check a password directly against the passdb, always use the + check_password() interface. + reason: long term pluggability + +20) Try to use asprintf rather than pstrings and fstrings where possible + +21) Use normal C comments / * instead of C++ comments // like + this. Although the C++ comment format is part of the C99 + standard, some older vendor C compilers do not accept it. + +22) Try to write documentation for API functions and structures + explaining the point of the code, the way it should be used, and + any special conditions or results. Mark these with a double-star + comment start / ** so that they can be picked up by Doxygen, as in + this file. + +23) Keep the scope narrow. This means making functions/variables + static whenever possible. We don't want our namespace + polluted. Each module should have a minimal number of externally + visible functions or variables. + +24) Use function pointers to keep knowledge about particular pieces of + code isolated in one place. We don't want a particular piece of + functionality to be spread out across lots of places - that makes + for fragile, hand to maintain code. Instead, design an interface + and use tables containing function pointers to implement specific + functionality. This is particularly important for command + interpreters. + +25) Think carefully about what it will be like for someone else to add + to and maintain your code. If it would be hard for someone else to + maintain then do it another way. + +The suggestions above are simply that, suggestions, but the information may +help in reducing the routine rework done on new code. The preceeding list +is expected to change routinely as new support routines and macros are +added. + +Written by Steve French, with contributions from Simo Sorce, Andrew +Bartlett, Tim Potter and Martin Pool. + +**/ diff --git a/source3/Doxyfile b/source3/Doxyfile new file mode 100644 index 00000000000..fe71065c24c --- /dev/null +++ b/source3/Doxyfile @@ -0,0 +1,170 @@ +# Doxyfile 0.1 + +#--------------------------------------------------------------------------- +# General configuration options +#--------------------------------------------------------------------------- +PROJECT_NAME = Samba +PROJECT_NUMBER = HEAD +OUTPUT_DIRECTORY = dox +OUTPUT_LANGUAGE = English +EXTRACT_ALL = YES +EXTRACT_PRIVATE = YES +EXTRACT_STATIC = YES +HIDE_UNDOC_MEMBERS = NO +HIDE_UNDOC_CLASSES = NO +BRIEF_MEMBER_DESC = YES +REPEAT_BRIEF = YES +ALWAYS_DETAILED_SEC = NO +FULL_PATH_NAMES = NO +STRIP_FROM_PATH = *source +INTERNAL_DOCS = YES +CLASS_DIAGRAMS = YES +SOURCE_BROWSER = YES +INLINE_SOURCES = YES +STRIP_CODE_COMMENTS = NO +CASE_SENSE_NAMES = YES +SHORT_NAMES = NO +HIDE_SCOPE_NAMES = YES +VERBATIM_HEADERS = YES +SHOW_INCLUDE_FILES = YES +JAVADOC_AUTOBRIEF = YES +INHERIT_DOCS = YES +INLINE_INFO = YES +SORT_MEMBER_DOCS = NO +DISTRIBUTE_GROUP_DOC = NO +TAB_SIZE = 8 +GENERATE_TODOLIST = YES +GENERATE_TESTLIST = YES +GENERATE_BUGLIST = YES +ALIASES = +ENABLED_SECTIONS = +MAX_INITIALIZER_LINES = 30 +OPTIMIZE_OUTPUT_FOR_C = YES +SHOW_USED_FILES = YES +REFERENCED_RELATION = YES +REFERENCED_BY_RELATION = YES +#--------------------------------------------------------------------------- +# configuration options related to warning and progress messages +#--------------------------------------------------------------------------- +QUIET = NO +WARNINGS = NO +WARN_IF_UNDOCUMENTED = NO +WARN_FORMAT = "$file:$line: $text" +WARN_LOGFILE = +#--------------------------------------------------------------------------- +# configuration options related to the input files +#--------------------------------------------------------------------------- +INPUT = . \ + CodingSuggestions mainpage.dox +FILE_PATTERNS = *.c \ + *.h \ + *.idl +RECURSIVE = YES +EXCLUDE = include/includes.h \ + include/proto.h +EXCLUDE_PATTERNS = +EXAMPLE_PATH = +EXAMPLE_PATTERNS = +IMAGE_PATH = +INPUT_FILTER = +FILTER_SOURCE_FILES = NO +#--------------------------------------------------------------------------- +# configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- +ALPHABETICAL_INDEX = YES +COLS_IN_ALPHA_INDEX = 1 +IGNORE_PREFIX = +#--------------------------------------------------------------------------- +# configuration options related to the HTML output +#--------------------------------------------------------------------------- +GENERATE_HTML = YES +HTML_OUTPUT = html +HTML_HEADER = +HTML_FOOTER = +HTML_STYLESHEET = +HTML_ALIGN_MEMBERS = YES +GENERATE_HTMLHELP = NO +GENERATE_CHI = NO +BINARY_TOC = NO +TOC_EXPAND = NO +DISABLE_INDEX = NO +ENUM_VALUES_PER_LINE = 3 +GENERATE_TREEVIEW = NO +TREEVIEW_WIDTH = 250 +#--------------------------------------------------------------------------- +# configuration options related to the LaTeX output +#--------------------------------------------------------------------------- +GENERATE_LATEX = NO +LATEX_OUTPUT = latex +COMPACT_LATEX = NO +PAPER_TYPE = a4wide +EXTRA_PACKAGES = +LATEX_HEADER = +PDF_HYPERLINKS = YES +USE_PDFLATEX = YES +LATEX_BATCHMODE = YES +#--------------------------------------------------------------------------- +# configuration options related to the RTF output +#--------------------------------------------------------------------------- +GENERATE_RTF = NO +RTF_OUTPUT = rtf +COMPACT_RTF = NO +RTF_HYPERLINKS = NO +RTF_STYLESHEET_FILE = +RTF_EXTENSIONS_FILE = +#--------------------------------------------------------------------------- +# configuration options related to the man page output +#--------------------------------------------------------------------------- +GENERATE_MAN = NO +MAN_OUTPUT = man +MAN_EXTENSION = .3 +MAN_LINKS = NO +#--------------------------------------------------------------------------- +# configuration options related to the XML output +#--------------------------------------------------------------------------- +GENERATE_XML = NO +#--------------------------------------------------------------------------- +# Configuration options related to the preprocessor +#--------------------------------------------------------------------------- +ENABLE_PREPROCESSING = NO +MACRO_EXPANSION = NO +EXPAND_ONLY_PREDEF = NO +SEARCH_INCLUDES = YES +INCLUDE_PATH = +INCLUDE_FILE_PATTERNS = +PREDEFINED = +EXPAND_AS_DEFINED = +SKIP_FUNCTION_MACROS = YES +#--------------------------------------------------------------------------- +# Configuration::addtions related to external references +#--------------------------------------------------------------------------- +TAGFILES = +GENERATE_TAGFILE = +ALLEXTERNALS = NO +PERL_PATH = /usr/bin/perl +#--------------------------------------------------------------------------- +# Configuration options related to the dot tool +#--------------------------------------------------------------------------- +HAVE_DOT = YES +CLASS_GRAPH = YES +COLLABORATION_GRAPH = YES +TEMPLATE_RELATIONS = YES +INCLUDE_GRAPH = YES +INCLUDED_BY_GRAPH = YES +GRAPHICAL_HIERARCHY = YES +DOT_PATH = +DOTFILE_DIRS = +MAX_DOT_GRAPH_WIDTH = 1024 +MAX_DOT_GRAPH_HEIGHT = 1024 +GENERATE_LEGEND = YES +DOT_CLEANUP = YES +#--------------------------------------------------------------------------- +# Configuration::addtions related to the search engine +#--------------------------------------------------------------------------- +SEARCHENGINE = NO +CGI_NAME = search.cgi +CGI_URL = +DOC_URL = +DOC_ABSPATH = +BIN_ABSPATH = /usr/local/bin/ +EXT_DOC_PATHS = diff --git a/source3/Makefile.in b/source3/Makefile.in new file mode 100644 index 00000000000..54e3238fba2 --- /dev/null +++ b/source3/Makefile.in @@ -0,0 +1,926 @@ +########################################################################## +# Makefile.in for Samba - rewritten for autoconf support +# Copyright Andrew Tridgell 1992-1998 +# Copyright (C) 2001 by Martin Pool +########################################################################### + +prefix=@prefix@ +exec_prefix=@exec_prefix@ +mandir=@mandir@ + +LIBS=@LIBS@ +CC=@CC@ +SHLD=@SHLD@ +CFLAGS=@CFLAGS@ +CPPFLAGS=@CPPFLAGS@ +LDFLAGS=@LDFLAGS@ +LDSHFLAGS=@LDSHFLAGS@ @LDFLAGS@ @CFLAGS@ +AWK=@AWK@ +DYNEXP=@DYNEXP@ + +TERMLDFLAGS=@TERMLDFLAGS@ +TERMLIBS=@TERMLIBS@ + +LINK=$(CC) $(FLAGS) $(LDFLAGS) + +INSTALLCMD=@INSTALL@ + +VPATH=@srcdir@ +srcdir=@srcdir@ +builddir=@builddir@ +SHELL=/bin/sh + +# XXX: Perhaps this should be @SHELL@ instead -- apparently autoconf +# will search for a POSIX-compliant shell, and that might not be +# /bin/sh on some platforms. I guess it's not a big problem -- mbp + +# See the autoconf manual "Installation Directory Variables" for a +# discussion of thesubtle use of these variables. + +BASEDIR= @prefix@ +BINDIR = @bindir@ +# sbindir is mapped to bindir when compiling SAMBA in 2.0.x compatibility mode. +SBINDIR = @sbindir@ +LIBDIR = @libdir@ +VARDIR = @localstatedir@ +MANDIR = @mandir@ + +# The permissions to give the executables +INSTALLPERMS = 0755 + +# set these to where to find various files +# These can be overridden by command line switches (see smbd(8)) +# or in smb.conf (see smb.conf(5)) +LOGFILEBASE = $(VARDIR) +CONFIGFILE = $(LIBDIR)/smb.conf +LMHOSTSFILE = $(LIBDIR)/lmhosts +DRIVERFILE = $(LIBDIR)/printers.def +# This is where smbpasswd et al go +PRIVATEDIR = @privatedir@ + +SMB_PASSWD_FILE = $(PRIVATEDIR)/smbpasswd +PRIVATE_DIR = $(PRIVATEDIR) + +# This is where SWAT images and help files go +SWATDIR = @swatdir@ + +# the directory where lock files go +LOCKDIR = @lockdir@ + +# man pages language(s) +man_langs = "@manlangs@" + +FLAGS1 = $(CFLAGS) @FLAGS1@ -Iinclude -I$(srcdir)/include -I$(srcdir)/ubiqx -I$(srcdir)/smbwrapper -I. $(CPPFLAGS) -I$(srcdir) +FLAGS2 = +FLAGS3 = +FLAGS4 = +FLAGS5 = $(FLAGS1) $(FLAGS2) $(FLAGS3) $(FLAGS4) +FLAGS = $(ISA) $(FLAGS5) +FLAGS32 = $(ISA32) $(FLAGS5) + +PASSWD_FLAGS = -DSMB_PASSWD_FILE=\"$(SMB_PASSWD_FILE)\" -DPRIVATE_DIR=\"$(PRIVATE_DIR)\" +PATH_FLAGS1 = -DCONFIGFILE=\"$(CONFIGFILE)\" -DSBINDIR=\"$(SBINDIR)\" +PATH_FLAGS2 = $(PATH_FLAGS1) -DBINDIR=\"$(BINDIR)\" -DDRIVERFILE=\"$(DRIVERFILE)\" +PATH_FLAGS3 = $(PATH_FLAGS2) -DLMHOSTSFILE=\"$(LMHOSTSFILE)\" +PATH_FLAGS4 = $(PATH_FLAGS3) -DSWATDIR=\"$(SWATDIR)\" -DLOCKDIR=\"$(LOCKDIR)\" +PATH_FLAGS5 = $(PATH_FLAGS4) -DLIBDIR=\"$(LIBDIR)\" -DLOGFILEBASE=\"$(LOGFILEBASE)\" +PATH_FLAGS = $(PATH_FLAGS5) $(PASSWD_FLAGS) + +WINBIND_PROGS = @WINBIND_TARGETS@ +WINBIND_SPROGS = @WINBIND_STARGETS@ +WINBIND_PAM_PROGS = @WINBIND_PAM_TARGETS@ +WINBIND_LPROGS = @WINBIND_LTARGETS@ + +SPROGS = bin/smbd bin/nmbd bin/swat bin/wrepld @WINBIND_STARGETS@ +PROGS1 = bin/smbclient bin/net bin/smbspool bin/testparm bin/testprns bin/smbstatus bin/smbcontrol bin/smbtree bin/tdbbackup @RUNPROG@ @WINBIND_TARGETS@ +PROGS2 = bin/smbpasswd bin/rpcclient bin/smbcacls @WRAP@ @WRAP32@ @PAM_MOD@ +MPROGS = @MPROGS@ +LPROGS = $(WINBIND_PAM_PROGS) $(WINBIND_LPROGS) + +PROGS = $(PROGS1) $(PROGS2) $(MPROGS) bin/nmblookup bin/pdbedit bin/smbgroupedit +TORTURE_PROGS = bin/smbtorture bin/msgtest bin/masktest bin/locktest \ + bin/locktest2 bin/nsstest +SHLIBS = libsmbclient + +SCRIPTS = $(srcdir)/script/smbtar $(srcdir)/script/addtosmbpass $(srcdir)/script/convert_smbpasswd + +QUOTAOBJS=@QUOTAOBJS@ + +###################################################################### +# object file lists +###################################################################### + +TDBBASE_OBJ = tdb/tdb.o tdb/spinlock.o +TDB_OBJ = $(TDBBASE_OBJ) tdb/tdbutil.o + +LIB_OBJ = lib/charcnv.o lib/debug.o lib/fault.o \ + lib/getsmbpass.o lib/interface.o lib/md4.o \ + lib/interfaces.o lib/pidfile.o lib/replace.o \ + lib/signal.o lib/system.o lib/time.o \ + lib/ufc.o lib/genrand.o lib/username.o \ + lib/util_getent.o lib/util_pw.o lib/access.o lib/smbrun.o \ + lib/bitmap.o lib/crc32.o lib/snprintf.o lib/dprintf.o \ + lib/xfile.o lib/wins_srv.o \ + lib/util_str.o lib/util_sid.o \ + lib/util_unistr.o lib/util_file.o \ + lib/util.o lib/util_sock.o lib/util_sec.o smbd/ssl.o \ + lib/talloc.o lib/hash.o lib/substitute.o lib/fsusage.o \ + lib/ms_fnmatch.o lib/select.o lib/error.o lib/messages.o \ + lib/tallocmsg.o lib/dmallocmsg.o \ + lib/md5.o lib/hmacmd5.o lib/iconv.o lib/smbpasswd.o \ + nsswitch/wb_client.o nsswitch/wb_common.o \ + lib/pam_errors.o intl/lang_tdb.o lib/account_pol.o \ + $(TDB_OBJ) + +READLINE_OBJ = lib/readline.o + +UBIQX_OBJ = ubiqx/ubi_BinTree.o ubiqx/ubi_Cache.o ubiqx/ubi_SplayTree.o \ + ubiqx/ubi_dLinkList.o ubiqx/ubi_sLinkList.o ubiqx/debugparse.o + +PARAM_OBJ = param/loadparm.o param/params.o dynconfig.o + +LIBADS_OBJ = libads/ldap.o libads/ldap_printer.o libads/sasl.o \ + libads/krb5_setpw.o libads/kerberos.o libads/ldap_user.o \ + libads/ads_struct.o libads/ads_status.o passdb/secrets.o \ + libads/util.o libads/disp_sec.o + +LIBSMB_OBJ = libsmb/clientgen.o libsmb/cliconnect.o libsmb/clifile.o \ + libsmb/clikrb5.o libsmb/clispnego.o libsmb/asn1.o \ + libsmb/clirap.o libsmb/clierror.o libsmb/climessage.o \ + libsmb/clireadwrite.o libsmb/clilist.o libsmb/cliprint.o \ + libsmb/clitrans.o libsmb/clisecdesc.o libsmb/clidgram.o \ + libsmb/namequery.o libsmb/nmblib.o libsmb/clistr.o \ + libsmb/nterr.o libsmb/smbdes.o libsmb/smbencrypt.o \ + libsmb/smberr.o libsmb/credentials.o libsmb/pwd_cache.o \ + libsmb/clioplock.o libsmb/errormap.o libsmb/clirap2.o \ + libsmb/passchange.o libsmb/unexpected.o libsmb/doserr.o \ + $(RPC_PARSE_OBJ1) $(LIBADS_OBJ) + +LIBMSRPC_OBJ = libsmb/cli_lsarpc.o libsmb/cli_samr.o libsmb/cli_spoolss.o \ + libsmb/cli_netlogon.o libsmb/cli_srvsvc.o libsmb/cli_wkssvc.o \ + libsmb/cli_dfs.o libsmb/cli_reg.o libsmb/trust_passwd.o\ + rpc_client/cli_pipe.o libsmb/cli_pipe_util.o + +LIBMSRPC_PICOBJ = $(LIBMSRPC_OBJ:.o=.po) + +RPC_SERVER_OBJ = rpc_server/srv_lsa.o rpc_server/srv_lsa_nt.o \ + rpc_server/srv_lsa_hnd.o rpc_server/srv_netlog.o rpc_server/srv_netlog_nt.o \ + rpc_server/srv_pipe_hnd.o rpc_server/srv_reg.o rpc_server/srv_reg_nt.o \ + rpc_server/srv_samr.o rpc_server/srv_samr_nt.o rpc_server/srv_srvsvc.o rpc_server/srv_srvsvc_nt.o \ + rpc_server/srv_util.o rpc_server/srv_wkssvc.o rpc_server/srv_wkssvc_nt.o \ + rpc_server/srv_pipe.o rpc_server/srv_dfs.o rpc_server/srv_dfs_nt.o \ + rpc_server/srv_spoolss.o rpc_server/srv_spoolss_nt.o + +# this includes only the low level parse code, not stuff +# that requires knowledge of security contexts +RPC_PARSE_OBJ1 = rpc_parse/parse_prs.o rpc_parse/parse_sec.o \ + rpc_parse/parse_misc.o + +RPC_PARSE_OBJ = rpc_parse/parse_lsa.o rpc_parse/parse_net.o \ + rpc_parse/parse_reg.o rpc_parse/parse_rpc.o \ + rpc_parse/parse_samr.o rpc_parse/parse_srv.o \ + rpc_parse/parse_wks.o \ + rpc_parse/parse_spoolss.o rpc_parse/parse_dfs.o + + +RPC_CLIENT_OBJ = rpc_client/cli_netlogon.o rpc_client/cli_pipe.o \ + rpc_client/cli_login.o \ + rpc_client/cli_spoolss_notify.o + +LOCKING_OBJ = locking/locking.o locking/brlock.o locking/posix.o + +PASSDB_OBJ = passdb/passdb.o passdb/pdb_interface.o passdb/pdb_get_set.o \ + passdb/machine_sid.o passdb/pdb_smbpasswd.o \ + passdb/pdb_tdb.o passdb/pdb_ldap.o passdb/pdb_plugin.o \ + passdb/pdb_nisplus.o + +GROUPDB_OBJ = groupdb/mapping.o + +# passdb/smbpass.o passdb/ldap.o passdb/nispass.o + +PROFILE_OBJ = profile/profile.o + +OPLOCK_OBJ = smbd/oplock.o smbd/oplock_irix.o smbd/oplock_linux.o + +NOTIFY_OBJ = smbd/notify.o smbd/notify_hash.o smbd/notify_kernel.o + +PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o + +UNIGRP_OBJ = libsmb/netlogon_unigrp.o + +AUTH_OBJ = auth/auth.o auth/auth_sam.o auth/auth_server.o auth/auth_domain.o \ + auth/auth_rhosts.o auth/auth_unix.o auth/auth_util.o auth/auth_winbind.o \ + auth/auth_builtin.o auth/auth_compat.o $(PLAINTEXT_AUTH_OBJ) $(UNIGRP_OBJ) + +MANGLE_OBJ = smbd/mangle.o smbd/mangle_hash.o smbd/mangle_map.o smbd/mangle_hash2.o + +SMBD_OBJ1 = smbd/server.o smbd/files.o smbd/chgpasswd.o smbd/connection.o \ + smbd/utmp.o smbd/session.o \ + smbd/dfree.o smbd/dir.o smbd/password.o smbd/conn.o smbd/fileio.o \ + smbd/ipc.o smbd/lanman.o smbd/negprot.o \ + smbd/message.o smbd/nttrans.o smbd/pipes.o \ + smbd/reply.o smbd/sesssetup.o smbd/trans2.o smbd/uid.o \ + smbd/dosmode.o smbd/filename.o smbd/open.o smbd/close.o \ + smbd/blocking.o smbd/sec_ctx.o \ + smbd/vfs.o smbd/vfs-wrap.o smbd/statcache.o \ + smbd/posix_acls.o lib/sysacls.o \ + smbd/process.o smbd/service.o smbd/error.o \ + printing/printfsp.o lib/util_seaccess.o smbd/srvstr.o \ + smbd/build_options.o \ + smbd/change_trust_pw.o \ + rpc_client/cli_spoolss_notify.o \ + $(MANGLE_OBJ) + + +PRINTING_OBJ = printing/pcap.o printing/print_svid.o \ + printing/print_cups.o printing/print_generic.o \ + printing/lpq_parse.o printing/load.o + +PRINTBACKEND_OBJ = printing/printing.o printing/nt_printing.o + +MSDFS_OBJ = msdfs/msdfs.o + +SMBD_OBJ = $(SMBD_OBJ1) $(MSDFS_OBJ) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ + $(RPC_SERVER_OBJ) $(RPC_PARSE_OBJ) \ + $(LOCKING_OBJ) $(PASSDB_OBJ) $(PRINTING_OBJ) $(PROFILE_OBJ) \ + $(LIB_OBJ) $(PRINTBACKEND_OBJ) $(QUOTAOBJS) $(OPLOCK_OBJ) \ + $(NOTIFY_OBJ) $(GROUPDB_OBJ) $(AUTH_OBJ) $(LIBMSRPC_OBJ) + + +NMBD_OBJ1 = nmbd/asyncdns.o nmbd/nmbd.o nmbd/nmbd_become_dmb.o \ + nmbd/nmbd_become_lmb.o nmbd/nmbd_browserdb.o \ + nmbd/nmbd_browsesync.o nmbd/nmbd_elections.o \ + nmbd/nmbd_incomingdgrams.o nmbd/nmbd_incomingrequests.o \ + nmbd/nmbd_lmhosts.o nmbd/nmbd_logonnames.o nmbd/nmbd_mynames.o \ + nmbd/nmbd_namelistdb.o nmbd/nmbd_namequery.o \ + nmbd/nmbd_nameregister.o nmbd/nmbd_namerelease.o \ + nmbd/nmbd_nodestatus.o nmbd/nmbd_packets.o \ + nmbd/nmbd_processlogon.o nmbd/nmbd_responserecordsdb.o \ + nmbd/nmbd_sendannounce.o nmbd/nmbd_serverlistdb.o \ + nmbd/nmbd_subnetdb.o nmbd/nmbd_winsproxy.o nmbd/nmbd_winsserver.o \ + nmbd/nmbd_workgroupdb.o nmbd/nmbd_synclists.o + +NMBD_OBJ = $(NMBD_OBJ1) $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) \ + $(PROFILE_OBJ) $(LIB_OBJ) + +WREPL_OBJ1 = wrepld/server.o wrepld/process.o wrepld/parser.o wrepld/socket.o \ + wrepld/partners.o + +WREPL_OBJ = $(WREPL_OBJ1) $(PARAM_OBJ) $(UBIQX_OBJ) \ + $(PROFILE_OBJ) $(LIB_OBJ) + +SWAT_OBJ = web/cgi.o web/diagnose.o web/startstop.o web/statuspage.o \ + web/swat.o web/neg_lang.o $(PRINTING_OBJ) $(LIBSMB_OBJ) $(LOCKING_OBJ) \ + $(PARAM_OBJ) $(PASSDB_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) $(PLAINTEXT_AUTH_OBJ) \ + smbwrapper/shared.o + +SMBSH_OBJ = smbwrapper/smbsh.o smbwrapper/shared.o \ + $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +MAKE_PRINTERDEF_OBJ = utils/make_printerdef.o $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +STATUS_OBJ = utils/status.o $(LOCKING_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) + +SMBCONTROL_OBJ = utils/smbcontrol.o $(LOCKING_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) + +SMBTREE_OBJ = utils/smbtree.o $(LOCKING_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(PROFILE_OBJ) $(LIB_OBJ) $(LIBSMB_OBJ) + +TESTPARM_OBJ = utils/testparm.o \ + $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +TESTPRNS_OBJ = utils/testprns.o $(PARAM_OBJ) $(PRINTING_OBJ) $(UBIQX_OBJ) \ + $(LIB_OBJ) + +SMBPASSWD_OBJ = utils/smbpasswd.o $(PARAM_OBJ) \ + $(LIBSMB_OBJ) $(PASSDB_OBJ) $(GROUPDB_OBJ)\ + $(UBIQX_OBJ) $(LIB_OBJ) + +PDBEDIT_OBJ = utils/pdbedit.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(PASSDB_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) $(GROUPDB_OBJ) + +SMBGROUPEDIT_OBJ = utils/smbgroupedit.o $(GROUPDB_OBJ) $(PARAM_OBJ) \ + $(LIBSMB_OBJ) $(PASSDB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +RPCCLIENT_OBJ1 = rpcclient/rpcclient.o rpcclient/cmd_lsarpc.o \ + rpcclient/cmd_samr.o rpcclient/cmd_spoolss.o \ + rpcclient/cmd_netlogon.o rpcclient/cmd_srvsvc.o \ + rpcclient/cmd_dfs.o rpcclient/cmd_reg.o \ + rpc_client/cli_login.o rpc_client/cli_netlogon.o \ + rpcclient/display_sec.o + +RPCCLIENT_OBJ = $(RPCCLIENT_OBJ1) \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \ + $(READLINE_OBJ) $(GROUPDB_OBJ) + +SAMSYNC_OBJ1 = rpcclient/samsync.o rpcclient/display_sec.o + +SAMSYNC_OBJ = $(SAMSYNC_OBJ1) \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(RPC_PARSE_OBJ) $(PASSDB_OBJ) $(LIBMSRPC_OBJ) \ + $(GROUPDB_OBJ) + +PAM_WINBIND_OBJ = nsswitch/pam_winbind.po nsswitch/wb_common.po lib/snprintf.po + +SMBW_OBJ = smbwrapper/smbw.o \ + smbwrapper/smbw_dir.o smbwrapper/smbw_stat.o \ + smbwrapper/realcalls.o smbwrapper/shared.o \ + smbwrapper/smbw_cache.o \ + $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +SMBWRAPPER_OBJ = $(SMBW_OBJ) smbwrapper/wrapped.o + +LIBSMBCLIENT_OBJ = libsmb/libsmbclient.o $(LIB_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) + +CLIENT_OBJ = client/client.o client/clitar.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(READLINE_OBJ) + +NET_OBJ = utils/net.o utils/net_ads.o utils/net_help.o \ + utils/net_rap.o utils/net_rpc.o \ + utils/net_rpc_join.o utils/net_time.o utils/net_lookup.o \ + $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \ + $(GROUPDB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + + +CUPS_OBJ = client/smbspool.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +MOUNT_OBJ = client/smbmount.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +MNT_OBJ = client/smbmnt.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +UMOUNT_OBJ = client/smbumount.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(UBIQX_OBJ) \ + $(LIBSMB_OBJ) $(LIB_OBJ) + +SMBTORTURE_OBJ = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \ + torture/denytest.o \ + $(LIBSMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) + +MASKTEST_OBJ = torture/masktest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +MSGTEST_OBJ = torture/msgtest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +LOCKTEST_OBJ = torture/locktest.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +NSSTEST_OBJ = torture/nsstest.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +LOCKTEST2_OBJ = torture/locktest2.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +SMBCACLS_OBJ = utils/smbcacls.o $(LOCKING_OBJ) $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) \ + $(LIBMSRPC_OBJ) $(GROUPDB_OBJ) + +TALLOCTORT_OBJ = lib/talloctort.o $(LIB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) + +RPCTORTURE_OBJ = torture/rpctorture.o \ + rpcclient/display.o \ + rpcclient/cmd_lsarpc.o \ + rpcclient/cmd_wkssvc.o \ + rpcclient/cmd_samr.o \ + rpcclient/cmd_srvsvc.o \ + rpcclient/cmd_netlogon.o \ + $(PARAM_OBJ) $(LIBSMB_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(RPC_CLIENT_OBJ) $(RPC_PARSE_OBJ) $(PASSDB_OBJ) + +DEBUG2HTML_OBJ = utils/debug2html.o ubiqx/debugparse.o + +SMBFILTER_OBJ = utils/smbfilter.o $(LIBSMB_OBJ) $(PARAM_OBJ) \ + $(UBIQX_OBJ) $(LIB_OBJ) + +PROTO_OBJ = $(SMBD_OBJ) $(NMBD_OBJ) $(SWAT_OBJ) $(CLIENT_OBJ) \ + $(SMBWRAPPER_OBJ) $(SMBTORTURE_OBJ) $(RPCCLIENT_OBJ1) \ + $(LIBMSRPC_OBJ) $(RPC_CLIENT_OBJ) $(AUTH_OBJ) $(NET_OBJ) + +NSS_OBJ_0 = nsswitch/wins.o $(PARAM_OBJ) $(UBIQX_OBJ) $(LIBSMB_OBJ) $(LIB_OBJ) $(NSSWINS_OBJ) +NSS_OBJ = $(NSS_OBJ_0:.o=.po) + +PICOBJS = $(SMBWRAPPER_OBJ:.o=.po) +PICOBJS32 = $(SMBWRAPPER_OBJ:.o=.po32) +LIBSMBCLIENT_PICOBJS = $(LIBSMBCLIENT_OBJ:.o=.po) + +PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \ + pam_smbpass/pam_smb_acct.o pam_smbpass/support.o \ + lib/debug.o lib/util_sid.o lib/messages.o lib/util_str.o \ + lib/wins_srv.o lib/substitute.o lib/select.o lib/util.o \ + nsswitch/wb_client.o nsswitch/wb_common.o \ + lib/system.o lib/util_file.o \ + lib/genrand.o lib/username.o lib/util_getent.o lib/charcnv.o lib/time.o \ + lib/md4.o lib/util_unistr.o lib/signal.o lib/talloc.o \ + lib/ms_fnmatch.o lib/util_sock.o lib/smbrun.o \ + lib/util_sec.o lib/snprintf.o \ + ubiqx/ubi_sLinkList.o libsmb/smbencrypt.o libsmb/smbdes.o \ + $(PARAM_OBJ) $(TDB_OBJ) $(PASSDB_OBJ) + +PAM_SMBPASS_PICOOBJ = $(PAM_SMBPASS_OBJ_0:.o=.po) + +WINBINDD_OBJ1 = \ + nsswitch/winbindd.o \ + nsswitch/winbindd_user.o \ + nsswitch/winbindd_group.o \ + nsswitch/winbindd_idmap.o \ + nsswitch/winbindd_util.o \ + nsswitch/winbindd_cache.o \ + nsswitch/winbindd_pam.o \ + nsswitch/winbindd_sid.o \ + nsswitch/winbindd_misc.o \ + nsswitch/winbindd_cm.o \ + nsswitch/winbindd_wins.o \ + nsswitch/winbindd_rpc.o \ + nsswitch/winbindd_ads.o + +WINBINDD_OBJ = \ + $(WINBINDD_OBJ1) $(NOPROTO_OBJ) $(PASSDB_OBJ) \ + $(LIBNMB_OBJ) $(PARAM_OBJ) $(UBIQX_OBJ) $(LIB_OBJ) \ + $(LIBSMB_OBJ) $(LIBMSRPC_OBJ) $(RPC_PARSE_OBJ) \ + $(GROUPDB_OBJ) $(PROFILE_OBJ) $(UNIGRP_OBJ) + +WBINFO_OBJ = nsswitch/wbinfo.o libsmb/smbencrypt.o libsmb/smbdes.o \ + passdb/secrets.o + +WINBIND_NSS_OBJ = nsswitch/winbind_nss.o nsswitch/wb_common.o @WINBIND_NSS_EXTRA_OBJS@ + +WINBIND_NSS_PICOBJS = $(WINBIND_NSS_OBJ:.o=.po) + +POPT_OBJS=popt/findme.o popt/popt.o popt/poptconfig.o \ + popt/popthelp.o popt/poptparse.o + +TDBBACKUP_OBJ = tdb/tdbbackup.o $(TDBBASE_OBJ) + +###################################################################### +# now the rules... +###################################################################### +all : SHOWFLAGS include/proto.h include/wrepld_proto.h include/build_env.h $(SPROGS) $(PROGS) $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS) $(SHLIBS) + +pam_smbpass : SHOWFLAGS bin/pam_smbpass.@SHLIBEXT@ + +smbwrapper : SHOWFLAGS bin/smbsh bin/smbwrapper.@SHLIBEXT@ @WRAP32@ + +torture : SHOWFLAGS $(TORTURE_PROGS) + +smbtorture : SHOWFLAGS bin/smbtorture + +masktest : SHOWFLAGS bin/masktest + +msgtest : SHOWFLAGS bin/msgtest + +locktest : SHOWFLAGS bin/locktest + +smbcacls : SHOWFLAGS bin/smbcacls + +locktest2 : SHOWFLAGS bin/locktest2 + +rpctorture : SHOWFLAGS bin/rpctorture + +debug2html : SHOWFLAGS bin/debug2html + +smbfilter : SHOWFLAGS bin/smbfilter + +talloctort : SHOWFLAGS bin/talloctort + +nsswitch : SHOWFLAGS $(WINBIND_PROGS) $(WINBIND_SPROGS) $(LPROGS) + +wins : SHOWFLAGS nsswitch/libnss_wins.so + +everything: all libsmbclient debug2html smbfilter talloctort bin/samsync bin/make_printerdef + +.SUFFIXES: +.SUFFIXES: .c .o .po .po32 .lo + +SHOWFLAGS: + @echo "Using FLAGS = $(FLAGS)" + @echo " FLAGS32 = $(FLAGS32)" + @echo " LIBS = $(LIBS)" + @echo " LDSHFLAGS = $(LDSHFLAGS)" + @echo " LDFLAGS = $(LDFLAGS)" + +MAKEDIR = || exec false; \ + if test -d "$$dir"; then :; else \ + echo mkdir "$$dir"; \ + mkdir -p "$$dir" >/dev/null 2>&1 || \ + test -d "$$dir" || \ + mkdir "$$dir" || \ + exec false; fi || exec false + +.c.o: + @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ + dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi + @echo Compiling $*.c + @$(CC) -I. -I$(srcdir) $(FLAGS) -c $< \ + -o $@ +@BROKEN_CC@ -mv `echo $@ | sed 's%^.*/%%g'` $@ + +# These dependencies are only approximately correct: we want to make +# sure Samba's paths are updated if ./configure is re-run. Really it +# would be nice if "make prefix=/opt/samba all" also rebuilt things, +# but since we also require "make install prefix=/opt/samba" *not* to +# rebuild it's a bit hard. + +dynconfig.o: dynconfig.c Makefile + @echo Compiling $*.c + @$(CC) $(FLAGS) $(PATH_FLAGS) -c $< -o $@ + +dynconfig.po: dynconfig.c Makefile + @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ + dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi + @echo Compiling $*.c with @PICFLAG@ + @$(CC) -I. -I$(srcdir) $(FLAGS) $(PATH_FLAGS) @PICFLAG@ -c $< -o $*.@PICSUFFIX@ +@BROKEN_CC@ -mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@ +@POBAD_CC@ @mv $*.po.o $@ + +.c.po: + @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ + dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi + @echo Compiling $*.c with @PICFLAG@ + @$(CC) -I. -I$(srcdir) $(FLAGS) @PICFLAG@ -c $< -o $*.@PICSUFFIX@ +@BROKEN_CC@ -mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po$$%.o%'` $@ +@POBAD_CC@ @mv $*.po.o $@ + +# this is for IRIX +.c.po32: + @if (: >> $@ || : > $@) >/dev/null 2>&1; then rm -f $@; else \ + dir=`echo $@ | sed 's,/[^/]*$$,,;s,^$$,.,'` $(MAKEDIR); fi + @echo Compiling $*.c with @PICFLAG@ and -32 + @$(CC) -32 -I. -I$(srcdir) $(FLAGS32) $(PATH_FLAGS) @PICFLAG@ -c $< \ + -o $*.po32.o +@BROKEN_CC@ -mv `echo $@ | sed -e 's%^.*/%%g' -e 's%\.po32$$%.o%'` $@.o + @mv $*.po32.o $@ + +bin/.dummy: + @if (: >> $@ || : > $@) >/dev/null 2>&1; then :; else \ + dir=bin $(MAKEDIR); fi + @: >> $@ || : > $@ # what a fancy emoticon! + +bin/smbd: $(SMBD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + +bin/nmbd: $(NMBD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(NMBD_OBJ) $(LDFLAGS) $(LIBS) + +bin/wrepld: $(WREPL_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(WREPL_OBJ) $(LDFLAGS) $(LIBS) + +bin/swat: $(SWAT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SWAT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + +bin/rpcclient: $(RPCCLIENT_OBJ) @BUILD_POPT@ bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(RPCCLIENT_OBJ) $(LDFLAGS) $(DYNEXP) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) @BUILD_POPT@ + +bin/samsync: $(SAMSYNC_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SAMSYNC_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) + +bin/smbclient: $(CLIENT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(CLIENT_OBJ) $(LDFLAGS) $(TERMLDFLAGS) $(TERMLIBS) $(LIBS) + +bin/net: $(NET_OBJ) @BUILD_POPT@ bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(NET_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) @BUILD_POPT@ + +bin/smbspool: $(CUPS_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(CUPS_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbmount: $(MOUNT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(MOUNT_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbmnt: $(MNT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(MNT_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbumount: $(UMOUNT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(UMOUNT_OBJ) $(LDFLAGS) $(LIBS) + +bin/testparm: $(TESTPARM_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(TESTPARM_OBJ) $(LDFLAGS) $(LIBS) + +bin/testprns: $(TESTPRNS_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(TESTPRNS_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbstatus: $(STATUS_OBJ) @BUILD_POPT@ bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(STATUS_OBJ) $(LDFLAGS) $(LIBS) @BUILD_POPT@ + +bin/smbcontrol: $(SMBCONTROL_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBCONTROL_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbtree: $(SMBTREE_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBTREE_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbpasswd: $(SMBPASSWD_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBPASSWD_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + +bin/pdbedit: $(PDBEDIT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(PDBEDIT_OBJ) $(LDFLAGS) $(DYNEXP) $(LIBS) + +bin/smbgroupedit: $(SMBGROUPEDIT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBGROUPEDIT_OBJ) $(LDFLAGS) $(LIBS) + +bin/nmblookup: $(NMBLOOKUP_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(NMBLOOKUP_OBJ) $(LDFLAGS) $(LIBS) + +bin/make_printerdef: $(MAKE_PRINTERDEF_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(MAKE_PRINTERDEF_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbtorture: $(SMBTORTURE_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBTORTURE_OBJ) $(LDFLAGS) $(LIBS) + +bin/talloctort: $(TALLOCTORT_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(TALLOCTORT_OBJ) $(LDFLAGS) $(LIBS) + +bin/masktest: $(MASKTEST_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(MASKTEST_OBJ) $(LDFLAGS) $(LIBS) + +bin/msgtest: $(MSGTEST_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(MSGTEST_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbcacls: $(SMBCACLS_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBCACLS_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) + +bin/locktest: $(LOCKTEST_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(LOCKTEST_OBJ) $(LDFLAGS) $(LIBS) + +bin/nsstest: $(NSSTEST_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(NSSTEST_OBJ) $(LDFLAGS) $(LIBS) + +bin/locktest2: $(LOCKTEST2_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(LOCKTEST2_OBJ) $(LDFLAGS) $(LIBS) + +bin/rpctorture: $(RPCTORTURE_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(RPCTORTURE_OBJ) $(DYNEXP) $(LDFLAGS) $(LIBS) + +bin/debug2html: $(DEBUG2HTML_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(DEBUG2HTML_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbfilter: $(SMBFILTER_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBFILTER_OBJ) $(LDFLAGS) $(LIBS) + +bin/smbw_sample: $(SMBW_OBJ) utils/smbw_sample.o bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBW_OBJ) utils/smbw_sample.o $(LDFLAGS) $(LIBS) + +bin/smbwrapper.@SHLIBEXT@: $(PICOBJS) + @echo Linking shared library $@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(PICOBJS) $(LIBS) + +bin/smbwrapper.32.@SHLIBEXT@: $(PICOBJS32) + @echo Linking shared library $@ + @$(SHLD) -32 $(LDSHFLAGS) -o $@ $(PICOBJS32) $(LIBS) + +bin/libsmbclient.@SHLIBEXT@: $(LIBSMBCLIENT_PICOBJS) + echo Linking libsmbclient shared library $@ + $(SHLD) $(LDSHFLAGS) -o $@ $(LIBSMBCLIENT_PICOBJS) $(LIBS) + +bin/libsmbclient.a: $(LIBSMBCLIENT_PICOBJS) + @echo Linking libsmbclient non-shared library $@ + -$(AR) -rc $@ $(LIBSMBCLIENT_PICOBJS) + +libsmbclient: bin/libsmbclient.a bin/libsmbclient.@SHLIBEXT@ + +bin/smbsh: $(SMBSH_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(SMBSH_OBJ) $(LDFLAGS) $(LIBS) + +nsswitch/libnss_wins.so: $(NSS_OBJ) + @echo "Linking $@" + @$(SHLD) $(LDSHFLAGS) -o $@ $(NSS_OBJ) -lc + +bin/winbindd: $(WINBINDD_OBJ) bin/.dummy + @echo Linking $@ + @$(LINK) -o $@ $(WINBINDD_OBJ) $(DYNEXP) $(LIBS) + +nsswitch/libnss_winbind.so: $(WINBIND_NSS_PICOBJS) + @echo "Linking $@" + @$(SHLD) $(LDSHFLAGS) -o $@ $(WINBIND_NSS_PICOBJS) @WINBIND_NSS_EXTRA_LIBS@ + +nsswitch/pam_winbind.so: $(PAM_WINBIND_OBJ) bin/.dummy + @echo Linking $@ + @$(SHLD) $(LDSHFLAGS) -o $@ $(PAM_WINBIND_OBJ) + +bin/wbinfo: $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ + $(UBIQX_OBJ) @BUILD_POPT@ bin/.dummy + @echo Linking $@ + @$(LINK) -o $@ $(WBINFO_OBJ) $(PARAM_OBJ) $(LIB_OBJ) $(NOPROTO_OBJ) \ + $(UBIQX_OBJ) $(LIBS) @BUILD_POPT@ + +bin/pam_smbpass.@SHLIBEXT@: $(PAM_SMBPASS_PICOOBJ) + @echo "Linking shared library $@" + $(SHLD) $(LDSHFLAGS) -symbolic -o $@ $(PAM_SMBPASS_PICOOBJ) -lpam $(DYNEXP) $(LIBS) -lc + +bin/libmsrpc.a: $(LIBMSRPC_PICOBJ) + -$(AR) -rc $@ $(LIBMSRPC_PICOBJ) + +bin/spamsync: rpcclient/samsync.o bin/libmsrpc.a + @$(LINK) -o $@ rpcclient/samsync.o bin/libmsrpc.a \ + $(UBIQX_OBJ) $(LIBS) + +bin/tdbbackup: $(TDBBACKUP_OBJ) bin/.dummy + @echo Linking $@ + @$(CC) $(FLAGS) -o $@ $(TDBBACKUP_OBJ) + +install: installbin installman installscripts installdat installswat + +installdirs: + @$(SHELL) $(srcdir)/script/installdirs.sh $(BASEDIR) $(BINDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(PRIVATEDIR) + +installservers: all installdirs + @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS) + +installbin: all installdirs + @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS) + @$(SHELL) $(srcdir)/script/installbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS) + +installscripts: installdirs + @$(SHELL) $(srcdir)/script/installscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS) + +installdat: installdirs + @$(SHELL) $(srcdir)/script/installdat.sh $(LIBDIR) $(srcdir) + +installswat: installdirs + @$(SHELL) $(srcdir)/script/installswat.sh $(SWATDIR) $(srcdir) + +installclientlib: + -$(INSTALLCMD) bin/libsmbclient.so ${prefix}/lib + -$(INSTALLCMD) -d ${prefix}/include + -$(INSTALLCMD) include/libsmbclient.h ${prefix}/include + +# revert to the previously installed version +revert: + @$(SHELL) $(srcdir)/script/revert.sh $(SBINDIR) $(SPROGS) + @$(SHELL) $(srcdir)/script/revert.sh $(BINDIR) $(PROGS) $(SCRIPTS) + +installman: + @$(SHELL) $(srcdir)/script/installman.sh $(MANDIR) $(srcdir) $(man_langs) "@ROFF@" + +.PHONY: showlayout + +showlayout: + @echo "Samba will be installed into:" + @echo " basedir: $(BASEDIR)" + @echo " bindir: $(BINDIR)" + @echo " sbindir: $(SBINDIR)" + @echo " libdir: $(LIBDIR)" + @echo " vardir: $(VARDIR)" + @echo " mandir: $(MANDIR)" + + +uninstall: uninstallman uninstallbin uninstallscripts + +uninstallman: + @$(SHELL) $(srcdir)/script/uninstallman.sh $(MANDIR) $(srcdir) $(man_langs) + +uninstallbin: + @$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(BASEDIR) $(SBINDIR) $(LIBDIR) $(VARDIR) $(SPROGS) + @$(SHELL) $(srcdir)/script/uninstallbin.sh $(INSTALLPERMS) $(BASEDIR) $(BINDIR) $(LIBDIR) $(VARDIR) $(PROGS) + +uninstallscripts: + @$(SHELL) $(srcdir)/script/uninstallscripts.sh $(INSTALLPERMS) $(BINDIR) $(SCRIPTS) + +# Toplevel clean files +TOPFILES=dynconfig.o dynconfig.po + +clean: delheaders + -rm -f core */*~ *~ */*.o */*.po */*.po32 */*.@SHLIBEXT@ \ + $(TOPFILES) $(PROGS) $(SPROGS) .headers.stamp + +winbindd_proto: + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _WINBINDD_PROTO_H_ nsswitch/winbindd_proto.h \ + $(WINBINDD_OBJ1) + +delheaders: + @/bin/rm -f $(srcdir)/include/proto.h $(srcdir)/include/build_env.h + @/bin/rm -f include/proto.h include/build_env.h + +# we want our generated headers to be rebuilt if they don't exist, but not rebuilt every time +.headers.stamp: + @[ -f $@ ] || touch $@ + +$(PROTO_OBJ) : .headers.stamp + +include/proto.h: + @echo rebuilding include/proto.h + @cd $(srcdir) && $(AWK) -f script/mkproto.awk `echo $(PROTO_OBJ) | tr ' ' '\n' | sed -e 's/\.o/\.c/g' | sort -u | egrep -v 'ubiqx/|wrapped'` > $(builddir)/include/proto.h + +include/build_env.h: + @echo rebuilding include/build_env.h + @cd $(srcdir) && $(SHELL) script/build_env.sh $(srcdir) $(builddir) $(CC) > $(builddir)/include/build_env.h + +include/wrepld_proto.h: + @echo rebuilding include/wrepld_proto.h + @cd $(srcdir) && $(SHELL) script/mkproto.sh $(AWK) \ + -h _WREPLD_PROTO_H_ $(builddir)/include/wrepld_proto.h \ + $(WREPL_OBJ1) + +headers: delheaders include/proto.h include/build_env.h include/wrepld_proto.h .headers.stamp + +proto: headers winbindd_proto + +etags: + etags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/` + +ctags: + ctags `find $(srcdir) -name "*.[ch]" | grep -v /CVS/` + +realclean: clean + -rm -f config.log $(PROGS) $(SPROGS) bin/.dummy + -rmdir bin + +distclean: realclean + -rm -f include/config.h Makefile + -rm -f config.status config.cache so_locations + -rm -rf .deps + +# this target is really just for my use. It only works on a limited +# range of machines and is used to produce a list of potentially +# dead (ie. unused) functions in the code. (tridge) +finddead: + nm */*.o |grep 'U ' | awk '{print $$2}' | sort -u > nmused.txt + nm */*.o |grep 'T ' | awk '{print $$3}' | sort -u > nmfns.txt + comm -13 nmused.txt nmfns.txt + + +# when configure.in is updated, reconfigure +$(srcdir)/configure: $(srcdir)/configure.in + @echo "WARNING: you need to rerun autoconf" + +config.status: $(srcdir)/configure + @echo "WARNING: you need to run configure" + +Makefile: $(srcdir)/Makefile.in config.status + @echo "WARNING: you need to run ./config.status" + +test_prefix=/tmp/test-samba +# Run regression suite using the external "satyr" framework +check: + @echo "** Sorry, samba self-test without installation does not work " + @echo "** yet. Please try specifying a scratch directory to" + @echo "** ./configure --prefix DIR" + @echo "** then run \"make install installcheck\"" + exit 1 + +# -rm -rf $(test_prefix)/lib +# mkdir $(test_prefix)/lib -p ./testdir +# PATH=$(builddir)/bin:$(PATH) \ +# SATYR_SUITEDIR=../testsuite/build_farm/ prefix=$(test_prefix) \ +# testdir=./testdir $(SHELL) satyr + +# Run regression suite on the installed version. + +# `installcheck' +# Perform installation tests (if any). The user must build and +# install the program before running the tests. You should not +# assume that `$(bindir)' is in the search path. + +dangerous-installcheck: + mkdir -p $(BASEDIR)/lib + mkdir -p $(BASEDIR)/var + PATH=$(BINDIR):$(SBINDIR):$(PATH) \ + SATYR_DISCOURAGE=1 \ + SATYR_SUITEDIR=../testsuite/satyr/ prefix=$(BASEDIR) \ + LIBSMB_PROG=$(SBINDIR)/smbd \ + testdir=./testdir $(SHELL) satyr + diff --git a/source3/acconfig.h b/source3/acconfig.h new file mode 100644 index 00000000000..00c14ca97b7 --- /dev/null +++ b/source3/acconfig.h @@ -0,0 +1,216 @@ +#undef HAVE_VOLATILE +#undef HAVE_BROKEN_READDIR +#undef HAVE_C99_VSNPRINTF +#undef HAVE_ERRNO_DECL +#undef HAVE_LONGLONG +#undef HAVE_OFF64_T +#undef HAVE_REMSH +#undef HAVE_UNSIGNED_CHAR +#undef HAVE_UTIMBUF +#undef HAVE_SIG_ATOMIC_T_TYPE +#undef HAVE_SOCKLEN_T_TYPE +#undef ssize_t +#undef ino_t +#undef ssize_t +#undef loff_t +#undef offset_t +#undef aclent_t +#undef wchar_t +#undef HAVE_CONNECT +#undef HAVE_SHORT_INO_T +#undef WITH_SMBWRAPPER +#undef WITH_AFS +#undef WITH_DFS +#undef SUNOS5 +#undef SUNOS4 +#undef LINUX +#undef AIX +#undef BSD +#undef IRIX +#undef IRIX6 +#undef HPUX +#undef QNX +#undef SCO +#undef OSF1 +#undef NEXT2 +#undef RELIANTUNIX +#undef HAVE_MMAP +#undef HAVE_FCNTL_LOCK +#undef HAVE_FTRUNCATE_EXTEND +#undef FTRUNCATE_NEEDS_ROOT +#undef HAVE_TRAPDOOR_UID +#undef HAVE_ROOT +#undef HAVE_GETTIMEOFDAY_TZ +#undef HAVE_SOCK_SIN_LEN +#undef STAT_READ_FILSYS +#undef STAT_STATFS2_BSIZE +#undef STAT_STATFS2_FSIZE +#undef STAT_STATFS2_FS_DATA +#undef STAT_STATFS3_OSF1 +#undef STAT_STATFS4 +#undef STAT_STATVFS +#undef STAT_STATVFS64 +#undef HAVE_IFACE_AIX +#undef HAVE_IFACE_IFCONF +#undef HAVE_IFACE_IFREQ +#undef HAVE_CRYPT +#undef HAVE_PUTPRPWNAM +#undef HAVE_SET_AUTH_PARAMETERS +#undef WITH_SYSLOG +#undef WITH_PROFILE +#undef WITH_SSL +#undef SSL_DIR +#undef WITH_PAM +#undef WITH_NISPLUS_HOME +#undef WITH_AUTOMOUNT +#undef WITH_SMBMOUNT +#undef WITH_QUOTAS +#undef WITH_WINBIND +#undef HAVE_BROKEN_GETGROUPS +#undef REPLACE_GETPASS +#undef REPLACE_INET_NTOA +#undef HAVE_FILE_MACRO +#undef HAVE_FUNCTION_MACRO +#undef HAVE_SETRESUID_DECL +#undef HAVE_SETRESUID +#undef WITH_NETATALK +#undef WITH_UTMP +#undef WITH_MSDFS +#undef WITH_LIBICONV +#undef HAVE_INO64_T +#undef HAVE_DEV64_T +#undef HAVE_STRUCT_FLOCK64 +#undef SIZEOF_INO_T +#undef SIZEOF_OFF_T +#undef STAT_STATVFS64 +#undef HAVE_LIBREADLINE +#undef HAVE_KERNEL_SHARE_MODES +#undef HAVE_KERNEL_OPLOCKS_IRIX +#undef HAVE_KERNEL_OPLOCKS_LINUX +#undef HAVE_KERNEL_CHANGE_NOTIFY +#undef HAVE_IRIX_SPECIFIC_CAPABILITIES +#undef HAVE_INT16_FROM_RPC_RPC_H +#undef HAVE_UINT16_FROM_RPC_RPC_H +#undef HAVE_INT32_FROM_RPC_RPC_H +#undef HAVE_UINT32_FROM_RPC_RPC_H +#undef KRB4_AUTH +#undef KRB5_AUTH +#undef KRB4_DIR +#undef KRB5_DIR +#undef SEEKDIR_RETURNS_VOID +#undef HAVE_DIRENT_D_OFF +#undef HAVE_GETSPNAM +#undef HAVE_BIGCRYPT +#undef HAVE_GETPRPWNAM +#undef HAVE_FSTAT64 +#undef HAVE_LSTAT64 +#undef HAVE_STAT64 +#undef HAVE_SETRESGID +#undef HAVE_SETRESGID_DECL +#undef HAVE_SHADOW_H +#undef HAVE_CUPS +#undef HAVE_MEMSET +#undef HAVE_STRCASECMP +#undef HAVE_STRUCT_DIRENT64 +#undef HAVE_TRUNCATED_SALT +#undef BROKEN_NISPLUS_INCLUDE_FILES +#undef HAVE_RPC_AUTH_ERROR_CONFLICT +#undef HAVE_EXPLICIT_LARGEFILE_SUPPORT +#undef USE_BOTH_CRYPT_CALLS +#undef HAVE_BROKEN_FCNTL64_LOCKS +#undef HAVE_SECURE_MKSTEMP +#undef HAVE_FNMATCH +#undef USE_SETEUID +#undef USE_SETRESUID +#undef USE_SETREUID +#undef USE_SETUIDX +#undef HAVE_LIBDL +#undef SYSCONF_SC_NGROUPS_MAX +#undef HAVE_UT_UT_NAME +#undef HAVE_UT_UT_USER +#undef HAVE_UT_UT_ID +#undef HAVE_UT_UT_HOST +#undef HAVE_UT_UT_TIME +#undef HAVE_UT_UT_TV +#undef HAVE_UT_UT_TYPE +#undef HAVE_UT_UT_PID +#undef HAVE_UT_UT_EXIT +#undef HAVE_UT_UT_ADDR +#undef HAVE_UX_UT_SYSLEN +#undef PUTUTLINE_RETURNS_UTMP +#undef COMPILER_SUPPORTS_LL +#undef HAVE_YP_GET_DEFAULT_DOMAIN +#undef USE_SPINLOCKS +#undef SPARC_SPINLOCKS +#undef INTEL_SPINLOCKS +#undef MIPS_SPINLOCKS +#undef POWERPC_SPINLOCKS +#undef HAVE_POSIX_ACLS +#undef HAVE_ACL_GET_PERM_NP +#undef HAVE_UNIXWARE_ACLS +#undef HAVE_SOLARIS_ACLS +#undef HAVE_HPUX_ACLS +#undef HAVE_IRIX_ACLS +#undef HAVE_AIX_ACLS +#undef HAVE_TRU64_ACLS +#undef HAVE_NO_ACLS +#undef HAVE_LIBPAM +#undef HAVE_ASPRINTF_DECL +#undef HAVE_VASPRINTF_DECL +#undef HAVE_SNPRINTF_DECL +#undef HAVE_VSNPRINTF_DECL +#undef HAVE_NATIVE_ICONV +#undef HAVE_UNIXSOCKET +#undef MMAP_BLACKLIST +#undef HAVE_IMMEDIATE_STRUCTURES +#undef HAVE_CUPS +#undef WITH_LDAP_SAM +#undef WITH_NISPLUS_SAM +#undef WITH_TDB_SAM +#undef LINUX_QUOTAS_1 +#undef LINUX_QUOTAS_2 +#undef PACKAGE +#undef VERSION +#undef HAVE_LC_MESSAGES +#undef ENABLE_NLS +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef HAVE_STPCPY +#undef I18N_SWAT +#undef I18N_DEFAULT_PREF_LANG +#undef HAVE_KRB5 +#undef HAVE_GSSAPI +#undef BROKEN_REDHAT_7_SYSTEM_HEADERS +#undef HAVE_LDAP +#undef HAVE_STAT_ST_BLOCKS +#undef STAT_ST_BLOCKSIZE +#undef HAVE_DEVICE_MAJOR_FN +#undef HAVE_DEVICE_MINOR_FN +/* + * Add these definitions to allow VFS modules to + * see the CPPFLAGS defines. + */ +#ifndef _HPUX_SOURCE +#undef _HPUX_SOURCE +#endif +#ifndef _POSIX_SOURCE +#undef _POSIX_SOURCE +#endif +#ifndef _LARGEFILE64_SOURCE +#undef _LARGEFILE64_SOURCE +#endif +#ifndef _ALIGNMENT_REQUIRED +#undef _ALIGNMENT_REQUIRED +#endif +#ifndef _MAX_ALIGNMENT +#undef _MAX_ALIGNMENT +#endif +#ifndef _LARGE_FILES +#undef _LARGE_FILES +#endif +#ifndef _FILE_OFFSET_BITS +#undef _FILE_OFFSET_BITS +#endif +#ifndef _GNU_SOURCE +#undef _GNU_SOURCE +#endif diff --git a/source3/aclocal.m4 b/source3/aclocal.m4 new file mode 100644 index 00000000000..caf5ab461b9 --- /dev/null +++ b/source3/aclocal.m4 @@ -0,0 +1,932 @@ +dnl AC_VALIDATE_CACHE_SYSTEM_TYPE[(cmd)] +dnl if the cache file is inconsistent with the current host, +dnl target and build system types, execute CMD or print a default +dnl error message. +AC_DEFUN(AC_VALIDATE_CACHE_SYSTEM_TYPE, [ + AC_REQUIRE([AC_CANONICAL_SYSTEM]) + AC_MSG_CHECKING([config.cache system type]) + if { test x"${ac_cv_host_system_type+set}" = x"set" && + test x"$ac_cv_host_system_type" != x"$host"; } || + { test x"${ac_cv_build_system_type+set}" = x"set" && + test x"$ac_cv_build_system_type" != x"$build"; } || + { test x"${ac_cv_target_system_type+set}" = x"set" && + test x"$ac_cv_target_system_type" != x"$target"; }; then + AC_MSG_RESULT([different]) + ifelse($#, 1, [$1], + [AC_MSG_ERROR(["you must remove config.cache and restart configure"])]) + else + AC_MSG_RESULT([same]) + fi + ac_cv_host_system_type="$host" + ac_cv_build_system_type="$build" + ac_cv_target_system_type="$target" +]) + + +dnl test whether dirent has a d_off member +AC_DEFUN(AC_DIRENT_D_OFF, +[AC_CACHE_CHECK([for d_off in dirent], ac_cv_dirent_d_off, +[AC_TRY_COMPILE([ +#include +#include +#include ], [struct dirent d; d.d_off;], +ac_cv_dirent_d_off=yes, ac_cv_dirent_d_off=no)]) +if test $ac_cv_dirent_d_off = yes; then + AC_DEFINE(HAVE_DIRENT_D_OFF) +fi +]) + + +dnl AC_PROG_CC_FLAG(flag) +AC_DEFUN(AC_PROG_CC_FLAG, +[AC_CACHE_CHECK(whether ${CC-cc} accepts -$1, ac_cv_prog_cc_$1, +[echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -$1 -c conftest.c 2>&1`"; then + ac_cv_prog_cc_$1=yes +else + ac_cv_prog_cc_$1=no +fi +rm -f conftest* +])]) + +dnl see if a declaration exists for a function or variable +dnl defines HAVE_function_DECL if it exists +dnl AC_HAVE_DECL(var, includes) +AC_DEFUN(AC_HAVE_DECL, +[ + AC_CACHE_CHECK([for $1 declaration],ac_cv_have_$1_decl,[ + AC_TRY_COMPILE([$2],[int i = (int)$1], + ac_cv_have_$1_decl=yes,ac_cv_have_$1_decl=no)]) + if test x"$ac_cv_have_$1_decl" = x"yes"; then + AC_DEFINE([HAVE_]translit([$1], [a-z], [A-Z])[_DECL]) + fi +]) + + +dnl check for a function in a library, but don't +dnl keep adding the same library to the LIBS variable. +dnl AC_LIBTESTFUNC(lib,func) +AC_DEFUN(AC_LIBTESTFUNC, +[case "$LIBS" in + *-l$1*) AC_CHECK_FUNCS($2) ;; + *) AC_CHECK_LIB($1, $2) + AC_CHECK_FUNCS($2) + ;; + esac +]) + +dnl Define an AC_DEFINE with ifndef guard. +dnl AC_N_DEFINE(VARIABLE [, VALUE]) +define(AC_N_DEFINE, +[cat >> confdefs.h <<\EOF +[#ifndef] $1 +[#define] $1 ifelse($#, 2, [$2], $#, 3, [$2], 1) +[#endif] +EOF +]) + +dnl Add an #include +dnl AC_ADD_INCLUDE(VARIABLE) +define(AC_ADD_INCLUDE, +[cat >> confdefs.h <<\EOF +[#include] $1 +EOF +]) + +## libtool.m4 - Configure libtool for the target system. -*-Shell-script-*- +## Copyright (C) 1996-1999 Free Software Foundation, Inc. +## Originally by Gordon Matzigkeit , 1996 +## +## This program is free software; you can redistribute it and/or modify +## it under the terms of the GNU General Public License as published by +## the Free Software Foundation; either version 2 of the License, or +## (at your option) any later version. +## +## This program is distributed in the hope that it will be useful, but +## WITHOUT ANY WARRANTY; without even the implied warranty of +## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +## General Public License for more details. +## +## You should have received a copy of the GNU General Public License +## along with this program; if not, write to the Free Software +## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +## +## As a special exception to the GNU General Public License, if you +## distribute this file as part of a program that contains a +## configuration script generated by Autoconf, you may include it under +## the same distribution terms that you use for the rest of that program. + +# serial 40 AC_PROG_LIBTOOL +AC_DEFUN(AC_PROG_LIBTOOL, +[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl + +# Save cache, so that ltconfig can load it +AC_CACHE_SAVE + +# Actually configure libtool. ac_aux_dir is where install-sh is found. +CC="$CC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" \ +LD="$LD" LDFLAGS="$LDFLAGS" LIBS="$LIBS" \ +LN_S="$LN_S" NM="$NM" RANLIB="$RANLIB" \ +DLLTOOL="$DLLTOOL" AS="$AS" OBJDUMP="$OBJDUMP" \ +${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \ +$libtool_flags --no-verify $ac_aux_dir/ltmain.sh $lt_target \ +|| AC_MSG_ERROR([libtool configure failed]) + +# Reload cache, that may have been modified by ltconfig +AC_CACHE_LOAD + +# This can be used to rebuild libtool when needed +LIBTOOL_DEPS="$ac_aux_dir/ltconfig $ac_aux_dir/ltmain.sh" + +# Always use our own libtool. +LIBTOOL='$(SHELL) $(top_builddir)/libtool' +AC_SUBST(LIBTOOL)dnl + +# Redirect the config.log output again, so that the ltconfig log is not +# clobbered by the next message. +exec 5>>./config.log +]) + +# Macro to add for using GNU gettext. +# Ulrich Drepper , 1995. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License +# but which still want to provide support for the GNU gettext functionality. +# Please note that the actual code is *not* freely available. + +# serial 5 + +AC_DEFUN(AM_WITH_NLS, + [AC_MSG_CHECKING([whether NLS is requested]) + dnl Default is enabled NLS + AC_ARG_ENABLE(nls, + [ --disable-nls do not use Native Language Support], + USE_NLS=$enableval, USE_NLS=yes) + AC_MSG_RESULT($USE_NLS) + AC_SUBST(USE_NLS) + + USE_INCLUDED_LIBINTL=no + + dnl If we use NLS figure out what method + if test "$USE_NLS" = "yes"; then + AC_DEFINE(ENABLE_NLS) +# AC_MSG_CHECKING([whether included gettext is requested]) +# AC_ARG_WITH(included-gettext, +# [ --with-included-gettext use the GNU gettext library included here], +# nls_cv_force_use_gnu_gettext=$withval, +# nls_cv_force_use_gnu_gettext=no) +# AC_MSG_RESULT($nls_cv_force_use_gnu_gettext) + + dnl ad-hoc fix to prevent configure from detecting + dnl gettext on the system. use included-gettext as default.(rkawa) + nls_cv_force_use_gnu_gettext="yes" + + nls_cv_use_gnu_gettext="$nls_cv_force_use_gnu_gettext" + if test "$nls_cv_force_use_gnu_gettext" != "yes"; then + dnl User does not insist on using GNU NLS library. Figure out what + dnl to use. If gettext or catgets are available (in this order) we + dnl use this. Else we have to fall back to GNU NLS library. + dnl catgets is only used if permitted by option --with-catgets. + nls_cv_header_intl= + nls_cv_header_libgt= + CATOBJEXT=NONE + + AC_CHECK_HEADER(libintl.h, + [AC_CACHE_CHECK([for gettext in libc], gt_cv_func_gettext_libc, + [AC_TRY_LINK([#include ], [return (int) gettext ("")], + gt_cv_func_gettext_libc=yes, gt_cv_func_gettext_libc=no)]) + + if test "$gt_cv_func_gettext_libc" != "yes"; then + AC_CHECK_LIB(intl, bindtextdomain, + [AC_CACHE_CHECK([for gettext in libintl], + gt_cv_func_gettext_libintl, + [AC_CHECK_LIB(intl, gettext, + gt_cv_func_gettext_libintl=yes, + gt_cv_func_gettext_libintl=no)], + gt_cv_func_gettext_libintl=no)]) + fi + + if test "$gt_cv_func_gettext_libc" = "yes" \ + || test "$gt_cv_func_gettext_libintl" = "yes"; then + AC_DEFINE(HAVE_GETTEXT) + AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no)dnl + if test "$MSGFMT" != "no"; then + AC_CHECK_FUNCS(dcgettext) + AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) + AC_TRY_LINK(, [extern int _nl_msg_cat_cntr; + return _nl_msg_cat_cntr], + [CATOBJEXT=.gmo + DATADIRNAME=share], + [CATOBJEXT=.mo + DATADIRNAME=lib]) + INSTOBJEXT=.mo + fi + fi + ]) + + if test "$CATOBJEXT" = "NONE"; then +# AC_MSG_CHECKING([whether catgets can be used]) +# AC_ARG_WITH(catgets, +# [ --with-catgets use catgets functions if available], +# nls_cv_use_catgets=$withval, nls_cv_use_catgets=no) +# AC_MSG_RESULT($nls_cv_use_catgets) + + dnl ad-hoc fix to prevent configure to detect catgets library. + dnl (rkawa) + nls_cv_use_catgets="no" + + if test "$nls_cv_use_catgets" = "yes"; then + dnl No gettext in C library. Try catgets next. + AC_CHECK_LIB(i, main) + AC_CHECK_FUNC(catgets, + [AC_DEFINE(HAVE_CATGETS) + INTLOBJS="\$(CATOBJS)" + AC_PATH_PROG(GENCAT, gencat, no)dnl + if test "$GENCAT" != "no"; then + AC_PATH_PROG(GMSGFMT, gmsgfmt, no) + if test "$GMSGFMT" = "no"; then + AM_PATH_PROG_WITH_TEST(GMSGFMT, msgfmt, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], no) + fi + AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) + USE_INCLUDED_LIBINTL=yes + CATOBJEXT=.cat + INSTOBJEXT=.cat + DATADIRNAME=lib + INTLDEPS='$(top_builddir)/intl/libintl.a' + INTLLIBS=$INTLDEPS + LIBS=`echo $LIBS | sed -e 's/-lintl//'` + nls_cv_header_intl=intl/libintl.h + nls_cv_header_libgt=intl/libgettext.h + fi]) + fi + fi + + if test "$CATOBJEXT" = "NONE"; then + dnl Neither gettext nor catgets in included in the C library. + dnl Fall back on GNU gettext library. + nls_cv_use_gnu_gettext=yes + fi + fi + + if test "$nls_cv_use_gnu_gettext" = "yes"; then + dnl Mark actions used to generate GNU NLS library. + INTLOBJS="\$(GETTOBJS)" + AM_PATH_PROG_WITH_TEST(MSGFMT, msgfmt, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep 'dv '`"], msgfmt) + AC_PATH_PROG(GMSGFMT, gmsgfmt, $MSGFMT) + AM_PATH_PROG_WITH_TEST(XGETTEXT, xgettext, + [test -z "`$ac_dir/$ac_word -h 2>&1 | grep '(HELP)'`"], :) + AC_SUBST(MSGFMT) + USE_INCLUDED_LIBINTL=yes + CATOBJEXT=.gmo + INSTOBJEXT=.mo + DATADIRNAME=share + INTLDEPS='$(top_builddir)/intl/libintl.a' + INTLLIBS=$INTLDEPS + LIBS=`echo $LIBS | sed -e 's/-lintl//'` + nls_cv_header_intl=intl/libintl.h + nls_cv_header_libgt=intl/libgettext.h + fi + + dnl Test whether we really found GNU xgettext. + if test "$XGETTEXT" != ":"; then + dnl If it is no GNU xgettext we define it as : so that the + dnl Makefiles still can work. + if $XGETTEXT --omit-header /dev/null 2> /dev/null; then + : ; + else + AC_MSG_RESULT( + [found xgettext program is not GNU xgettext; ignore it]) + XGETTEXT=":" + fi + fi + + # We need to process the po/ directory. + POSUB=po + else + DATADIRNAME=share + nls_cv_header_intl=intl/libintl.h + nls_cv_header_libgt=intl/libgettext.h + fi + + dnl the next line has been modified by rkawa to avoid + dnl misconfiguration of intl/libintl.h symlink. + rm -f intl/libintl.h + + AC_LINK_FILES($nls_cv_header_libgt, $nls_cv_header_intl) + AC_OUTPUT_COMMANDS( + [case "$CONFIG_FILES" in *po/Makefile.in*) + sed -e "/POTFILES =/r po/POTFILES" po/Makefile.in > po/Makefile + esac]) + + + # If this is used in GNU gettext we have to set USE_NLS to `yes' + # because some of the sources are only built for this goal. + if test "$PACKAGE" = gettext; then + USE_NLS=yes + USE_INCLUDED_LIBINTL=yes + fi + + dnl These rules are solely for the distribution goal. While doing this + dnl we only have to keep exactly one list of the available catalogs + dnl in configure.in. + for lang in $ALL_LINGUAS; do + GMOFILES="$GMOFILES $lang.gmo" + POFILES="$POFILES $lang.po" + done + + dnl Make all variables we use known to autoconf. + AC_SUBST(USE_INCLUDED_LIBINTL) + AC_SUBST(CATALOGS) + AC_SUBST(CATOBJEXT) + AC_SUBST(DATADIRNAME) + AC_SUBST(GMOFILES) + AC_SUBST(INSTOBJEXT) + AC_SUBST(INTLDEPS) + AC_SUBST(INTLLIBS) + AC_SUBST(INTLOBJS) + AC_SUBST(POFILES) + AC_SUBST(POSUB) + ]) + +AC_DEFUN(AM_GNU_GETTEXT, + [AC_REQUIRE([AC_PROG_MAKE_SET])dnl + AC_REQUIRE([AC_PROG_CC])dnl + AC_REQUIRE([AC_PROG_RANLIB])dnl + AC_REQUIRE([AC_ISC_POSIX])dnl + AC_REQUIRE([AC_HEADER_STDC])dnl + AC_REQUIRE([AC_C_CONST])dnl + AC_REQUIRE([AC_C_INLINE])dnl + AC_REQUIRE([AC_TYPE_OFF_T])dnl + AC_REQUIRE([AC_TYPE_SIZE_T])dnl + AC_REQUIRE([AC_FUNC_ALLOCA])dnl + AC_REQUIRE([AC_FUNC_MMAP])dnl + + AC_CHECK_HEADERS([argz.h limits.h locale.h nl_types.h malloc.h string.h \ +unistd.h sys/param.h]) + AC_CHECK_FUNCS([getcwd munmap putenv setenv setlocale strchr strcasecmp \ +strdup __argz_count __argz_stringify __argz_next]) + + if test "${ac_cv_func_stpcpy+set}" != "set"; then + AC_CHECK_FUNCS(stpcpy) + fi + if test "${ac_cv_func_stpcpy}" = "yes"; then + AC_DEFINE(HAVE_STPCPY) + fi + + AM_LC_MESSAGES + AM_WITH_NLS + + + if test "x$CATOBJEXT" != "x"; then + if test "x$ALL_LINGUAS" = "x"; then + LINGUAS= + else + AC_MSG_CHECKING(for catalogs to be installed) + NEW_LINGUAS= + for lang in ${LINGUAS=$ALL_LINGUAS}; do + case "$ALL_LINGUAS" in + *$lang*) NEW_LINGUAS="$NEW_LINGUAS $lang" ;; + esac + done + LINGUAS=$NEW_LINGUAS + AC_MSG_RESULT($LINGUAS) + fi + + dnl Construct list of names of catalog files to be constructed. + if test -n "$LINGUAS"; then + for lang in $LINGUAS; do CATALOGS="$CATALOGS $lang$CATOBJEXT"; done + fi + fi + + dnl The reference to in the installed file + dnl must be resolved because we cannot expect the users of this + dnl to define HAVE_LOCALE_H. + if test $ac_cv_header_locale_h = yes; then + INCLUDE_LOCALE_H="#include " + else + INCLUDE_LOCALE_H="\ +/* The system does not provide the header . Take care yourself. */" + fi + AC_SUBST(INCLUDE_LOCALE_H) + dnl Determine which catalog format we have (if any is needed) + dnl For now we know about two different formats: + dnl Linux libc-5 and the normal X/Open format + test -d intl || mkdir intl + if test "$CATOBJEXT" = ".cat"; then + AC_CHECK_HEADER(linux/version.h, msgformat=linux, msgformat=xopen) + + dnl Transform the SED scripts while copying because some dumb SEDs + dnl cannot handle comments. + sed -e '/^#/d' $srcdir/intl/$msgformat-msg.sed > intl/po2msg.sed + + dnl To avoid XPG incompatible SED to be used, .msg files of + dnl x/open format are included to the archive, rather than + dnl compiled in the installation. If the system uses linux libc5 + dnl format, then x/open files are removed and the sed script + dnl creates the files of the correct format. (rkawa) + if test "$msgformat" = "linux"; then + rm -f $srcdir/po/*.msg + fi + fi + dnl po2tbl.sed is always needed. + sed -e '/^#.*[^\\]$/d' -e '/^#$/d' \ + $srcdir/intl/po2tbl.sed.in > intl/po2tbl.sed + + dnl In the intl/Makefile.in we have a special dependency which makes + dnl only sense for gettext. We comment this out for non-gettext + dnl packages. + if test "$PACKAGE" = "gettext"; then + GT_NO="#NO#" + GT_YES= + else + GT_NO= + GT_YES="#YES#" + fi + AC_SUBST(GT_NO) + AC_SUBST(GT_YES) + + dnl If the AC_CONFIG_AUX_DIR macro for autoconf is used we possibly + dnl find the mkinstalldirs script in another subdir but ($top_srcdir). + dnl Try to locate is. + MKINSTALLDIRS= + if test -n "$ac_aux_dir"; then + MKINSTALLDIRS="$ac_aux_dir/mkinstalldirs" + fi + if test -z "$MKINSTALLDIRS"; then + MKINSTALLDIRS="\$(top_srcdir)/mkinstalldirs" + fi + AC_SUBST(MKINSTALLDIRS) + + dnl *** For now the libtool support in intl/Makefile is not for real. + l= + AC_SUBST(l) + + dnl Generate list of files to be processed by xgettext which will + dnl be included in po/Makefile. + test -d po || mkdir po + if test "x$srcdir" != "x."; then + if test "x`echo $srcdir | sed 's@/.*@@'`" = "x"; then + posrcprefix="$srcdir/" + else + posrcprefix="../$srcdir/" + fi + else + posrcprefix="../" + fi + rm -f po/POTFILES + sed -e "/^#/d" -e "/^\$/d" -e "s,.*, $posrcprefix& \\\\," -e "\$s/\(.*\) \\\\/\1/" \ + < $srcdir/po/POTFILES.in > po/POTFILES + ]) + +# Check whether LC_MESSAGES is available in . +# Ulrich Drepper , 1995. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License +# but which still want to provide support for the GNU gettext functionality. +# Please note that the actual code is *not* freely available. + +# serial 1 + +AC_DEFUN(AM_LC_MESSAGES, + [if test $ac_cv_header_locale_h = yes; then + AC_CACHE_CHECK([for LC_MESSAGES], am_cv_val_LC_MESSAGES, + [AC_TRY_LINK([#include ], [return LC_MESSAGES], + am_cv_val_LC_MESSAGES=yes, am_cv_val_LC_MESSAGES=no)]) + if test $am_cv_val_LC_MESSAGES = yes; then + AC_DEFINE(HAVE_LC_MESSAGES) + fi + fi]) + +# Search path for a program which passes the given test. +# Ulrich Drepper , 1996. +# +# This file can be copied and used freely without restrictions. It can +# be used in projects which are not available under the GNU Public License +# but which still want to provide support for the GNU gettext functionality. +# Please note that the actual code is *not* freely available. + +# serial 1 + +dnl AM_PATH_PROG_WITH_TEST(VARIABLE, PROG-TO-CHECK-FOR, +dnl TEST-PERFORMED-ON-FOUND_PROGRAM [, VALUE-IF-NOT-FOUND [, PATH]]) +AC_DEFUN(AM_PATH_PROG_WITH_TEST, +[# Extract the first word of "$2", so it can be a program name with args. +set dummy $2; ac_word=[$]2 +AC_MSG_CHECKING([for $ac_word]) +AC_CACHE_VAL(ac_cv_path_$1, +[case "[$]$1" in + /*) + ac_cv_path_$1="[$]$1" # Let the user override the test with a path. + ;; + *) + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:" + for ac_dir in ifelse([$5], , $PATH, [$5]); do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if [$3]; then + ac_cv_path_$1="$ac_dir/$ac_word" + break + fi + fi + done + IFS="$ac_save_ifs" +dnl If no 4th arg is given, leave the cache variable unset, +dnl so AC_PATH_PROGS will keep looking. +ifelse([$4], , , [ test -z "[$]ac_cv_path_$1" && ac_cv_path_$1="$4" +])dnl + ;; +esac])dnl +$1="$ac_cv_path_$1" +if test -n "[$]$1"; then + AC_MSG_RESULT([$]$1) +else + AC_MSG_RESULT(no) +fi +AC_SUBST($1)dnl +]) + + +AC_DEFUN(AC_LIBTOOL_SETUP, +[AC_PREREQ(2.13)dnl +AC_REQUIRE([AC_ENABLE_SHARED])dnl +AC_REQUIRE([AC_ENABLE_STATIC])dnl +AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +AC_REQUIRE([AC_PROG_RANLIB])dnl +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_PROG_LD])dnl +AC_REQUIRE([AC_PROG_NM])dnl +AC_REQUIRE([AC_PROG_LN_S])dnl +dnl + +case "$target" in +NONE) lt_target="$host" ;; +*) lt_target="$target" ;; +esac + +# Check for any special flags to pass to ltconfig. +libtool_flags="--cache-file=$cache_file" +test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared" +test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static" +test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install" +test "$ac_cv_prog_gcc" = yes && libtool_flags="$libtool_flags --with-gcc" +test "$ac_cv_prog_gnu_ld" = yes && libtool_flags="$libtool_flags --with-gnu-ld" +ifdef([AC_PROVIDE_AC_LIBTOOL_DLOPEN], +[libtool_flags="$libtool_flags --enable-dlopen"]) +ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL], +[libtool_flags="$libtool_flags --enable-win32-dll"]) +AC_ARG_ENABLE(libtool-lock, + [ --disable-libtool-lock avoid locking (might break parallel builds)]) +test "x$enable_libtool_lock" = xno && libtool_flags="$libtool_flags --disable-lock" +test x"$silent" = xyes && libtool_flags="$libtool_flags --silent" + +# Some flags need to be propagated to the compiler or linker for good +# libtool support. +case "$lt_target" in +*-*-irix6*) + # Find out which ABI we are using. + echo '[#]line __oline__ "configure"' > conftest.$ac_ext + if AC_TRY_EVAL(ac_compile); then + case "`/usr/bin/file conftest.o`" in + *32-bit*) + LD="${LD-ld} -32" + ;; + *N32*) + LD="${LD-ld} -n32" + ;; + *64-bit*) + LD="${LD-ld} -64" + ;; + esac + fi + rm -rf conftest* + ;; + +*-*-sco3.2v5*) + # On SCO OpenServer 5, we need -belf to get full-featured binaries. + SAVE_CFLAGS="$CFLAGS" + CFLAGS="$CFLAGS -belf" + AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf, + [AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])]) + if test x"$lt_cv_cc_needs_belf" != x"yes"; then + # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf + CFLAGS="$SAVE_CFLAGS" + fi + ;; + +ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL], +[*-*-cygwin* | *-*-mingw*) + AC_CHECK_TOOL(DLLTOOL, dlltool, false) + AC_CHECK_TOOL(AS, as, false) + AC_CHECK_TOOL(OBJDUMP, objdump, false) + ;; +]) +esac +]) + +# AC_LIBTOOL_DLOPEN - enable checks for dlopen support +AC_DEFUN(AC_LIBTOOL_DLOPEN, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])]) + +# AC_LIBTOOL_WIN32_DLL - declare package support for building win32 dll's +AC_DEFUN(AC_LIBTOOL_WIN32_DLL, [AC_BEFORE([$0], [AC_LIBTOOL_SETUP])]) + +# AC_ENABLE_SHARED - implement the --enable-shared flag +# Usage: AC_ENABLE_SHARED[(DEFAULT)] +# Where DEFAULT is either `yes' or `no'. If omitted, it defaults to +# `yes'. +AC_DEFUN(AC_ENABLE_SHARED, [dnl +define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl +AC_ARG_ENABLE(shared, +changequote(<<, >>)dnl +<< --enable-shared[=PKGS] build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT], +changequote([, ])dnl +[p=${PACKAGE-default} +case "$enableval" in +yes) enable_shared=yes ;; +no) enable_shared=no ;; +*) + enable_shared=no + # Look at the argument we got. We use all the common list separators. + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," + for pkg in $enableval; do + if test "X$pkg" = "X$p"; then + enable_shared=yes + fi + done + IFS="$ac_save_ifs" + ;; +esac], +enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl +]) + +# AC_DISABLE_SHARED - set the default shared flag to --disable-shared +AC_DEFUN(AC_DISABLE_SHARED, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +AC_ENABLE_SHARED(no)]) + +# AC_ENABLE_STATIC - implement the --enable-static flag +# Usage: AC_ENABLE_STATIC[(DEFAULT)] +# Where DEFAULT is either `yes' or `no'. If omitted, it defaults to +# `yes'. +AC_DEFUN(AC_ENABLE_STATIC, [dnl +define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl +AC_ARG_ENABLE(static, +changequote(<<, >>)dnl +<< --enable-static[=PKGS] build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT], +changequote([, ])dnl +[p=${PACKAGE-default} +case "$enableval" in +yes) enable_static=yes ;; +no) enable_static=no ;; +*) + enable_static=no + # Look at the argument we got. We use all the common list separators. + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," + for pkg in $enableval; do + if test "X$pkg" = "X$p"; then + enable_static=yes + fi + done + IFS="$ac_save_ifs" + ;; +esac], +enable_static=AC_ENABLE_STATIC_DEFAULT)dnl +]) + +# AC_DISABLE_STATIC - set the default static flag to --disable-static +AC_DEFUN(AC_DISABLE_STATIC, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +AC_ENABLE_STATIC(no)]) + + +# AC_ENABLE_FAST_INSTALL - implement the --enable-fast-install flag +# Usage: AC_ENABLE_FAST_INSTALL[(DEFAULT)] +# Where DEFAULT is either `yes' or `no'. If omitted, it defaults to +# `yes'. +AC_DEFUN(AC_ENABLE_FAST_INSTALL, [dnl +define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl +AC_ARG_ENABLE(fast-install, +changequote(<<, >>)dnl +<< --enable-fast-install[=PKGS] optimize for fast installation [default=>>AC_ENABLE_FAST_INSTALL_DEFAULT], +changequote([, ])dnl +[p=${PACKAGE-default} +case "$enableval" in +yes) enable_fast_install=yes ;; +no) enable_fast_install=no ;; +*) + enable_fast_install=no + # Look at the argument we got. We use all the common list separators. + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}:," + for pkg in $enableval; do + if test "X$pkg" = "X$p"; then + enable_fast_install=yes + fi + done + IFS="$ac_save_ifs" + ;; +esac], +enable_fast_install=AC_ENABLE_FAST_INSTALL_DEFAULT)dnl +]) + +# AC_ENABLE_FAST_INSTALL - set the default to --disable-fast-install +AC_DEFUN(AC_DISABLE_FAST_INSTALL, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl +AC_ENABLE_FAST_INSTALL(no)]) + +# AC_PROG_LD - find the path to the GNU or non-GNU linker +AC_DEFUN(AC_PROG_LD, +[AC_ARG_WITH(gnu-ld, +[ --with-gnu-ld assume the C compiler uses GNU ld [default=no]], +test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no) +AC_REQUIRE([AC_PROG_CC])dnl +AC_REQUIRE([AC_CANONICAL_HOST])dnl +AC_REQUIRE([AC_CANONICAL_BUILD])dnl +ac_prog=ld +if test "$ac_cv_prog_gcc" = yes; then + # Check if gcc -print-prog-name=ld gives a path. + AC_MSG_CHECKING([for ld used by GCC]) + ac_prog=`($CC -print-prog-name=ld) 2>&5` + case "$ac_prog" in + # Accept absolute paths. +changequote(,)dnl + [\\/]* | [A-Za-z]:[\\/]*) + re_direlt='/[^/][^/]*/\.\./' +changequote([,])dnl + # Canonicalize the path of ld + ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'` + while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do + ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"` + done + test -z "$LD" && LD="$ac_prog" + ;; + "") + # If it fails, then pretend we aren't using GCC. + ac_prog=ld + ;; + *) + # If it is relative, then search for the first ld in PATH. + with_gnu_ld=unknown + ;; + esac +elif test "$with_gnu_ld" = yes; then + AC_MSG_CHECKING([for GNU ld]) +else + AC_MSG_CHECKING([for non-GNU ld]) +fi +AC_CACHE_VAL(ac_cv_path_LD, +[if test -z "$LD"; then + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" + for ac_dir in $PATH; do + test -z "$ac_dir" && ac_dir=. + if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then + ac_cv_path_LD="$ac_dir/$ac_prog" + # Check to see if the program is GNU ld. I'd rather use --version, + # but apparently some GNU ld's only accept -v. + # Break only if it was the GNU/non-GNU ld that we prefer. + if "$ac_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then + test "$with_gnu_ld" != no && break + else + test "$with_gnu_ld" != yes && break + fi + fi + done + IFS="$ac_save_ifs" +else + ac_cv_path_LD="$LD" # Let the user override the test with a path. +fi]) +LD="$ac_cv_path_LD" +if test -n "$LD"; then + AC_MSG_RESULT($LD) +else + AC_MSG_RESULT(no) +fi +test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH]) +AC_PROG_LD_GNU +]) + +AC_DEFUN(AC_PROG_LD_GNU, +[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], ac_cv_prog_gnu_ld, +[# I'd rather use --version here, but apparently some GNU ld's only accept -v. +if $LD -v 2>&1 &5; then + ac_cv_prog_gnu_ld=yes +else + ac_cv_prog_gnu_ld=no +fi]) +]) + +# AC_PROG_NM - find the path to a BSD-compatible name lister +AC_DEFUN(AC_PROG_NM, +[AC_MSG_CHECKING([for BSD-compatible nm]) +AC_CACHE_VAL(ac_cv_path_NM, +[if test -n "$NM"; then + # Let the user override the test. + ac_cv_path_NM="$NM" +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}" + for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext ; then + # Check to see if the nm accepts a BSD-compat flag. + # Adding the `sed 1q' prevents false positives on HP-UX, which says: + # nm: unknown option "B" ignored + if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then + ac_cv_path_NM="$ac_dir/nm -B" + break + elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then + ac_cv_path_NM="$ac_dir/nm -p" + break + else + ac_cv_path_NM=${ac_cv_path_NM="$ac_dir/nm"} # keep the first match, but + continue # so that we can try to find one that supports BSD flags + fi + fi + done + IFS="$ac_save_ifs" + test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm +fi]) +NM="$ac_cv_path_NM" +AC_MSG_RESULT([$NM]) +]) + +# AC_CHECK_LIBM - check for math library +AC_DEFUN(AC_CHECK_LIBM, +[AC_REQUIRE([AC_CANONICAL_HOST])dnl +LIBM= +case "$lt_target" in +*-*-beos* | *-*-cygwin*) + # These system don't have libm + ;; +*-ncr-sysv4.3*) + AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw") + AC_CHECK_LIB(m, main, LIBM="$LIBM -lm") + ;; +*) + AC_CHECK_LIB(m, main, LIBM="-lm") + ;; +esac +]) + +# AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for +# the libltdl convenience library, adds --enable-ltdl-convenience to +# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor +# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed +# to be `${top_builddir}/libltdl'. Make sure you start DIR with +# '${top_builddir}/' (note the single quotes!) if your package is not +# flat, and, if you're not using automake, define top_builddir as +# appropriate in the Makefiles. +AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl + case "$enable_ltdl_convenience" in + no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;; + "") enable_ltdl_convenience=yes + ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;; + esac + LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la + INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl']) +]) + +# AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for +# the libltdl installable library, and adds --enable-ltdl-install to +# the configure arguments. Note that LIBLTDL is not AC_SUBSTed, nor +# is AC_CONFIG_SUBDIRS called. If DIR is not provided, it is assumed +# to be `${top_builddir}/libltdl'. Make sure you start DIR with +# '${top_builddir}/' (note the single quotes!) if your package is not +# flat, and, if you're not using automake, define top_builddir as +# appropriate in the Makefiles. +# In the future, this macro may have to be called after AC_PROG_LIBTOOL. +AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl + AC_CHECK_LIB(ltdl, main, + [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no], + [if test x"$enable_ltdl_install" = xno; then + AC_MSG_WARN([libltdl not installed, but installation disabled]) + else + enable_ltdl_install=yes + fi + ]) + if test x"$enable_ltdl_install" = x"yes"; then + ac_configure_args="$ac_configure_args --enable-ltdl-install" + LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la + INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl']) + else + ac_configure_args="$ac_configure_args --enable-ltdl-install=no" + LIBLTDL="-lltdl" + INCLTDL= + fi +]) + +dnl old names +AC_DEFUN(AM_PROG_LIBTOOL, [indir([AC_PROG_LIBTOOL])])dnl +AC_DEFUN(AM_ENABLE_SHARED, [indir([AC_ENABLE_SHARED], $@)])dnl +AC_DEFUN(AM_ENABLE_STATIC, [indir([AC_ENABLE_STATIC], $@)])dnl +AC_DEFUN(AM_DISABLE_SHARED, [indir([AC_DISABLE_SHARED], $@)])dnl +AC_DEFUN(AM_DISABLE_STATIC, [indir([AC_DISABLE_STATIC], $@)])dnl +AC_DEFUN(AM_PROG_LD, [indir([AC_PROG_LD])])dnl +AC_DEFUN(AM_PROG_NM, [indir([AC_PROG_NM])])dnl + +dnl This is just to silence aclocal about the macro not being used +ifelse([AC_DISABLE_FAST_INSTALL])dnl diff --git a/source3/aparser/Makefile b/source3/aparser/Makefile new file mode 100644 index 00000000000..953743b234d --- /dev/null +++ b/source3/aparser/Makefile @@ -0,0 +1,17 @@ +CFLAGS=-Wall -g +CC=gcc + +OBJ = vluke.o parser.o +AWKPROGS=dump.awk harness.awk header.awk parsefn.awk main.awk parsetree.awk template.awk util.awk + +all: test.h vluke + +test.h : $(AWKPROGS) + igawk -f main.awk srvsvc.struct + +vluke: test.h $(OBJ) + $(CC) $(CFLAGS) -o vluke $(OBJ) + +clean: + rm -f *.o test.h prs_*.[ch] + diff --git a/source3/aparser/build b/source3/aparser/build new file mode 100755 index 00000000000..4cdf2901f80 --- /dev/null +++ b/source3/aparser/build @@ -0,0 +1,13 @@ +#!/bin/sh + +file=$1 + +if ! igawk -f main.awk $file; then + echo parse failed; + exit 1; +fi + +echo compiling vluke +gcc -Wall -g -o vluke parser.c vluke.c util.c +echo done. + diff --git a/source3/aparser/cifs.struct b/source3/aparser/cifs.struct new file mode 100644 index 00000000000..202f0d7e619 --- /dev/null +++ b/source3/aparser/cifs.struct @@ -0,0 +1,1029 @@ +module cifs + +option autoalign False + + +#define BOOL uint32 +#define UCHAR uint8 +#define WCHAR uint16 +#define USHORT uint16 +#define LONG uint32 +#define ULONG uint32 +#define DWORD uint32 +#define SMB_TIME uint16 +#define SMB_DATE uint16 + +typedef struct { + ULONG low; + LONG high; +} TIME; + +typedef struct { + ULONG low; + ULONG high; +} hyper; + +typedef struct { + uint8 cmd; + uint8 reserved; + uint16 offset; +} ANDX_INFO; + + +typedef struct { + uint8 tag2; + STRING protocol; +} BUF2; + +typedef struct { + uint16 bcount; + BUF2 protocol[*]; +} Q_NEGPROT_0; + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 0 Q_NEGPROT_0 q0; + } +} Q_NEGPROT; + +typedef struct { + USHORT DialectIndex; /* Index of selected dialect */ + USHORT SecurityMode; /* Security mode: */ + /* bit 0: 0 = share, 1 = user */ + /* bit 1: 1 = use challenge/response */ + /* authentication */ + USHORT MaxBufferSize; /* Max transmit buffer size (>= 1024) */ + USHORT MaxMpxCount; /* Max pending multiplexed requests */ + USHORT MaxNumberVcs; /* Max VCs between client and server */ + USHORT RawMode; /* Raw modes supported: */ + /* bit 0: 1 = Read Raw supported */ + /* bit 1: 1 = Write Raw supported */ + ULONG SessionKey; /* Unique token identifying this session */ + SMB_TIME ServerTime; /* Current time at server */ + SMB_DATE ServerDate; /* Current date at server */ + USHORT ServerTimeZone; /* Current time zone at server */ + USHORT ChallengeLength; /* Length of Challenge; MBZ if not LM2.1 + /* dialect or later */ + USHORT Reserved; /* MBZ */ + USHORT ByteCount; /* Count of data bytes */ + UCHAR Challenge[ChallengeLength]; /* The challenge */ + STRING PrimaryDomain; /* The server's primary domain */ + +} R_NEGPROT_12; + +typedef struct { + USHORT DialectIndex; /*Index of selected dialect */ + UCHAR SecurityMode; /*Security mode: */ + /* bit 0: 0 = share, 1 = user */ + /* bit 1: 1 = use challenge/response */ + /* authentication */ + /* bit 2: 1 = Security Signatures (SMB integrity */ + /* check) enabled */ + /* bit 3: 1 = Security Signatures (SMB integrity */ + /* check) required */ + USHORT MaxMpxCount; /*Max pending outstanding requests */ + USHORT MaxNumberVcs; /*Max VCs between client and server */ + ULONG MaxBufferSize; /*Max transmit buffer size */ + ULONG MaxRawSize; /*Maximum raw buffer size */ + ULONG SessionKey; /*Unique token identifying this session */ + ULONG Capabilities; /*Server capabilities */ + ULONG SystemTimeLow; /*System (UTC) time of the server (low). */ + ULONG SystemTimeHigh; /*System (UTC) time of the server (high). */ + USHORT ServerTimeZone;/*Time zone of server (minutes from UTC) */ + UCHAR SecurityBlobLength;/*Length of SecurityBlob */ + + USHORT bcount; /*Count of data bytes */ + /*UCHAR GUID[16]; A globally unique identifier assigned to the */ + /* server; present only when */ + /* CAP_EXTENDED_SECURITY is on in the */ + /* Capabilities field. */ + UCHAR SecurityBlob[SecurityBlobLength]; /*Opaque Security Blob associated with the */ + /* security package if CAP_EXTENDED_SECURITY is */ + /* on in the Capabilities field; else challenge */ + /* for CIFS challenge/response authentication. */ + STRING OemDomainName[+]; /*The name of the domain (in OEM chars); not */ + /* present if CAP_EXTENDED_SECURITY is on in the */ + /* Capabilities field */ +} R_NEGPROT_17; + + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 17 R_NEGPROT_17 r17; + } +} R_NEGPROT; + +typedef struct { + uint8 wcount; + uint16 vwv[wcount]; + uint16 bcount; + uint8 none[bcount]; +} Q_TDIS; + +typedef struct { + uint8 wcount; + uint16 vwv[wcount]; + uint16 bcount; + uint8 none[bcount]; +} R_TDIS; + +typedef struct { + ANDX_INFO andx; + uint16 bcount; + uint8 none[bcount]; +} R_ULOGOFF_ANDX_2; + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 2 R_ULOGOFF_ANDX_2 q2; + } +} R_ULOGOFF_ANDX; + +typedef struct { + ANDX_INFO andx; + uint16 bcount; + uint8 none[bcount]; +} Q_ULOGOFF_ANDX_2; + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 2 Q_ULOGOFF_ANDX_2 q2; + } +} Q_ULOGOFF_ANDX; + +typedef struct { + ANDX_INFO andx; + uint16 bufsize; + uint16 max_mpx; + uint16 vc; + ULONG sess_key; + uint16 pwlen; + ULONG reserved; + + uint16 bcount; + uint8 password[pwlen]; + STRING domain; + STRING os; + STRING server; + +} Q_SESSION_SETUP_ANDX_10; + +typedef struct { + ANDX_INFO andx; + uint16 bufsize; + uint16 max_mpx; + uint16 vc; + ULONG sess_key; + uint16 pwlen; + uint16 upwlen; + ULONG capabilities; + ULONG reserved; + + uint16 bcount; + uint8 password[pwlen]; + uint8 upassword[upwlen]; + STRING user; + STRING domain; + STRING os; + STRING server; + +} Q_SESSION_SETUP_ANDX_13; + +typedef struct _Q_SESSION_SETUP_ANDX { + uint8 wcount; + union ctr[wcount] { + case 10 Q_SESSION_SETUP_ANDX_10 q10; + case 13 Q_SESSION_SETUP_ANDX_13 q13; + } +} Q_SESSION_SETUP_ANDX; + +typedef struct { + ANDX_INFO andx; + uint16 vwv2; + uint16 passlen; + uint16 bcount; + uint8 password[passlen]; + STRING path; + STRING device; +} Q_TCON_ANDX_4; + +typedef struct _Q_TCON_ANDX { + uint8 wcount; + union ctr[wcount] { + case 4 Q_TCON_ANDX_4 q4; + } +} Q_TCON_ANDX; + +typedef struct { + ANDX_INFO andx; + uint16 vwv2; + uint16 bcount; + STRING share; +} R_TCON_ANDX_3; + +typedef struct _R_TCON_ANDX { + uint8 wcount; + union ctr[wcount] { + case 3 R_TCON_ANDX_3 q3; + } +} R_TCON_ANDX; + +typedef struct { + ANDX_INFO andx; + uint16 action; + + uint16 count; + STRING os; + STRING server; + STRING domain; +} R_SESSION_SETUP_ANDX_10; + +typedef struct _R_SESSION_SETUP_ANDX { + uint8 wcount; + union ctr[wcount] { + case 3 R_SESSION_SETUP_ANDX_10 r3; + } +} R_SESSION_SETUP_ANDX; + + +typedef struct _R_CLOSE { + uint8 wcount; + uint16 count; + uint8 none[count]; + +} R_CLOSE; + +typedef struct _Q_CLOSE { + uint8 wcount; + uint16 fnum; + uint32 vwv1; + + uint16 count; + uint8 none[count]; + +} Q_CLOSE; + +typedef struct { + uint16 dsize; + uint16 bsizehi; + uint16 bsizelo; + uint16 avail; + uint16 vwv4; + + uint16 bcount; + uint8 none[bcount]; + +} R_DSKATTR_5; + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 5 R_DSKATTR_5 r5; + } +} R_DSKATTR; + +typedef struct { + uint16 count; + uint8 none[count]; + +} Q_DSKATTR_0; + +typedef struct _Q_DSKATTR { + uint8 wcount; + union ctr[wcount] { + case 0 Q_DSKATTR_0 q1; + } + +} Q_DSKATTR; + +typedef struct { + ANDX_INFO andx; + + uint16 bcount; + uint8 none[bcount]; + +} R_LOCKING_2; + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 2 R_LOCKING_2 r2; + } +} R_LOCKING_ANDX; + +/* XXXX must do a switch on bit 0x10 to do large locks XXXX */ +/* LockType Flag Name Value Description */ + +#define LOCKING_ANDX_SHARED_LOCK 0x01 /* Read-only lock */ +#define LOCKING_ANDX_OPLOCK_RELEASE 0x02 /* Oplock break notification */ +#define LOCKING_ANDX_CHANGE_LOCKTYPE 0x04 /* Change lock type */ +#define LOCKING_ANDX_CANCEL_LOCK 0x08 /* Cancel outstanding request */ +#define LOCKING_ANDX_LARGE_FILES 0x10 /* Large file locking format */ + +typedef struct { + USHORT Pid; /* PID of process "owning" lock */ + ULONG Offset; /* Offset to bytes to [un]lock */ + ULONG Length; /* Number of bytes to [un]lock */ +} LOCKING_ANDX_RANGE_SHORT; + +typedef struct { + USHORT Pid; /* PID of process "owning" lock */ + .align4 0; + ULONG OffsetHigh; /* Offset to bytes to [un]lock (high) */ + ULONG OffsetLow; /* Offset to bytes to [un]lock (low) */ + ULONG LengthHigh; /* Number of bytes to [un]lock (high) */ + ULONG LengthLow; /* Number of bytes to [un]lock (low) */ + +} LOCKING_ANDX_RANGE_LARGE; + +/* typedef struct { */ + /* union ctr[LockType&0x10] { */ + /* case 0 LOCKING_ANDX_RANGE_SHORT ls; */ + /* case 0x10 LOCKING_ANDX_RANGE_LARGE ll; */ + /* } */ +/* } LOCKING_ANDX_RANGE; */ + +typedef struct { + ANDX_INFO andx; + + USHORT Fid; /* File handle */ + UCHAR LockType; /* See LockType table below */ + UCHAR OplockLevel; /* The new oplock level */ + ULONG Timeout; /* Milliseconds to wait for unlock */ + USHORT NumberOfUnlocks; /* Num. unlock range structs following */ + USHORT NumberOfLocks; /* Num. lock range structs following */ + + USHORT ByteCount; /* Count of data bytes */ + LOCKING_ANDX_RANGE_SHORT Unlocks[NumberOfUnlocks]; /* Unlock ranges */ + LOCKING_ANDX_RANGE_SHORT Locks[NumberOfLocks]; /* Lock ranges */ + +} Q_LOCKING_8; + +typedef struct _Q_LOCKING { + uint8 wcount; + union ctr[wcount] { + case 8 Q_LOCKING_8 q8; + } + +} Q_LOCKING_ANDX; + + +typedef struct { + uint16 bcount; + uint8 protocols[bcount]; + +} R_UNLINK_0; + +typedef struct { + uint8 wcount; + union ctr[wcount] { + case 0 R_UNLINK_0 r0; + } +} R_UNLINK; + +typedef struct { + uint16 dirtype; + + uint16 count; + uint8 fname[count]; + +} Q_UNLINK_1; + +typedef struct _Q_UNLINK { + uint8 wcount; + union ctr[wcount] { + case 1 Q_UNLINK_1 q1; + } + +} Q_UNLINK; + +typedef struct _R_OPEN_ANDX{ + uint8 wcount; + ANDX_INFO andx; + uint16 fnum; + uint16 fmode; + uint32 mtime; + uint32 size; + uint16 rmode; + uint16 vwv9; + uint16 vwv10; + uint16 smb_action; + uint16 vwv12; + uint16 vwv13; + uint16 vwv14; + + uint16 count; + uint8 none[count]; + +} R_OPEN_ANDX; + +typedef struct _Q_OPEN_ANDX{ + uint8 wcount; + ANDX_INFO andx; + uint16 fnum; + uint16 fmode; + uint32 mtime; + uint32 size; + uint16 rmode; + uint16 vwv9; + uint16 vwv10; + uint16 smb_action; + uint16 vwv12; + uint16 vwv13; + uint16 vwv14; + + uint16 count; + uint8 fname[count]; + +} Q_OPEN_ANDX; + +typedef struct _R_READ_ANDX { + uint8 wcount; + ANDX_INFO andx; + uint16 vwv2; + uint16 vwv3; + uint16 vwv4; + uint16 nread; + uint16 offset; + uint16 vwv7; + uint16 vwv8; + uint16 vwv9; + uint16 vwv10; + uint16 vwv11; + + uint16 count; + uint8 data[count]; + +} R_READ_ANDX; + +typedef struct _Q_READ_ANDX_10 { + ANDX_INFO andx; + uint16 fnum; + uint32 startpos; + uint16 smb_maxcnt; + uint16 smb_mincnt; + uint16 vwv7; + uint16 vwv8; + uint16 vwv9; + + uint16 count; + uint8 none[count]; + +} Q_READ_ANDX_10; + +typedef struct _Q_READ_ANDX_12 { + ANDX_INFO andx; + uint16 fnum; + uint32 startpos; + uint16 smb_maxcnt; + uint16 smb_mincnt; + uint16 vwv7; + uint16 vwv8; + uint16 vwv9; + uint32 startposhi; + + uint16 count; + uint8 none[count]; + +} Q_READ_ANDX_12; + +typedef struct _Q_READ_ANDX { + uint8 wcount; + union ctr[wcount] { + case 10 Q_READ_ANDX_10 q10; + case 12 Q_READ_ANDX_12 q12; + } +} Q_READ_ANDX; + +typedef struct _R_WRITE_ANDX { + uint8 wcount; + ANDX_INFO andx; + uint16 nwritten; + uint16 vwv3; + uint16 vwv4; + uint16 vwv5; + + uint16 count; + uint8 none[count]; + +} R_WRITE_ANDX; + +typedef struct _Q_WRITE_ANDX_12 { + ANDX_INFO andx; + uint16 fnum; + uint32 startpos; + uint16 vwv5; + uint16 vwv6; + uint16 write_through; + uint16 vwv8; + uint16 vwv9; + uint16 numtowrite; + uint16 smb_doff; + + uint16 count; + uint8 data[count]; + +} Q_WRITE_ANDX_12; + +typedef struct _Q_WRITE_ANDX_14 { + ANDX_INFO andx; + uint16 fnum; + uint32 startpos; + uint16 vwv5; + uint16 vwv6; + uint16 write_through; + uint16 vwv8; + uint16 vwv9; + uint16 numtowrite; + uint16 smb_doff; + uint32 startposhi; + + uint16 count; + uint8 data[count]; + +} Q_WRITE_ANDX_14; + +typedef struct _Q_WRITE_ANDX { + uint8 wcount; + union ctr[wcount] { + case 12 Q_WRITE_ANDX_12 q12; + case 14 Q_WRITE_ANDX_14 q14; + } +} Q_WRITE_ANDX; + + + +typedef struct _Q_NTTRANS_19 { + UCHAR MaxSetupCount; /* Max setup words to return */ + USHORT Reserved; + ULONG TotalParameterCount; /* Total parameter bytes being sent */ + ULONG TotalDataCount; /* Total data bytes being sent */ + ULONG MaxParameterCount; /* Max parameter bytes to return */ + ULONG MaxDataCount; /* Max data bytes to return */ + ULONG ParameterCount; /* Parameter bytes sent this buffer */ + ULONG ParameterOffset; /* Offset (from header start) to */ + /* Parameters */ + ULONG DataCount; /* Data bytes sent this buffer */ + ULONG DataOffset; /* Offset (from header start) to data */ + UCHAR SetupCount; /* Count of setup words */ + USHORT Function; /* The transaction function code */ + UCHAR Buffer[1]; + USHORT Setup[SetupCount]; /* Setup words */ + USHORT ByteCount; /* Count of data bytes */ + .align4 0; + UCHAR Parameters[ParameterCount];/* Parameter bytes */ + .align4 0; + UCHAR Data[DataCount]; /* Data bytes */ + +} Q_NTTRANS_19; + +typedef struct _Q_NTTRANS { + uint8 wcount; + union ctr[wcount] { + case 19 Q_NTTRANS_19 q19; + } +} Q_NTTRANS; + +typedef struct _R_NTTRANS_18 { + UCHAR Reserved[3]; + ULONG TotalParameterCount; /* Total parameter bytes being sent */ + ULONG TotalDataCount; /* Total data bytes being sent */ + ULONG ParameterCount; /* Parameter bytes sent this buffer */ + ULONG ParameterOffset; /* Offset (from header start) to */ + /* Parameters */ + ULONG ParameterDisplacement; /* Specifies the offset from the start */ + /* of the overall parameter block to */ + /* the parameter bytes that are */ + /* contained in this message */ + ULONG DataCount; /* Data bytes sent this buffer */ + ULONG DataOffset; /* Offset (from header start) to data */ + ULONG DataDisplacement; /* Specifies the offset from the start */ + /* of the overall data block to the */ + /* data bytes that are contained in */ + /* this message. */ + UCHAR SetupCount; /* Count of setup words */ + USHORT Setup[SetupCount]; /* Setup words */ + USHORT ByteCount; /* Count of data bytes */ + .align4 0; + UCHAR Parameters[ParameterCount]; /* Parameter bytes */ + .align4 0; + UCHAR Data[DataCount]; /* Data bytes */ +} R_NTTRANS_18; + +typedef struct _R_NTTRANS { + uint8 wcount; + union ctr[wcount] { + case 18 R_NTTRANS_18 q18; + } + .align4 2; +} R_NTTRANS; + +/*Setup[0] Transaction2 Value Description */ +/*Subcommand Code */ +/*=============================== ===== ============================= */ + +#define TRANS2_OPEN2 0x00 /* Create file with extended attributes */ +#define TRANS2_FIND_FIRST2 0x01 /* Begin search for files */ +#define TRANS2_FIND_NEXT2 0x02 /* Resume search for files */ +#define TRANS2_QUERY_FS_INFO 0x03 /* Get file system information +#define TRANS2_RESERVED4 0x04 /* Reserved */ +#define TRANS2_QUERY_PATH_INFO 0x05 /* Get information about a named file or directory */ +#define TRANS2_SET_PATH_INFO 0x06 /* Set information about a named file or directory */ +#define TRANS2_QUERY_FILE_INFO 0x07 /* Get information about a handle */ +#define TRANS2_SET_FILE_INFO 0x08 /* Set information by handle */ +#define TRANS2_FSCTL 0x09 /* Not implemented by NT server */ +#define TRANS2_IOCTL2 0x0A /* Not implemented by NT server */ +#define TRANS2_FIND_NOTIFY_FIRST 0x0B /* Not implemented by NT server */ +#define TRANS2_FIND_NOTIFY_NEXT 0x0C /* Not implemented by NT server */ +#define TRANS2_CREATE_DIRECTORY 0x0D /* Create directory with extended attributes */ +#define TRANS2_SESSION_SETUP 0x0E /* Session setup with extended security information */ +#define TRANS2_GET_DFS_REFERRAL 0x10 /* Get a DFS referral */ +#define TRANS2_REPORT_DFS_INCONSISTENCY 0x11 /* Report a DFS knowledge inconsistency */ + +typedef struct { + USHORT InformationLevel; /* Level of information requested */ +} TRANS2_QUERY_FS_INFO_STRUCT; + +#define SMB_INFO_STANDARD 1 +#define SMB_INFO_QUERY_EA_SIZE 2 +#define SMB_SET_FILE_BASIC_INFO 0x101 +#define SMB_SET_FILE_DISPOSITION_INFO 0x102 +#define SMB_SET_FILE_ALLOCATION_INFO 0x103 +#define SMB_SET_FILE_END_OF_FILE_INFO 0x104 + + +typedef struct { + hyper CreationTime; + hyper LastAccessTime; + hyper LastWriteTime; + hyper ChangeTime; + USHORT Attributes; + .align4 0; +} SMB_QUERY_FILE_BASIC_INFO_STRUCT; + + +typedef struct { + ULONG fs_atr; + LONG max_len_filename; + ULONG length; + uint8 fs[length]; + .align4 2; +} SMB_QUERY_FS_ATTRIBUTE_INFO_STRUCT; + +#define FILE_CASE_SENSITIVE_SEARCH 0x00000001 +#define FILE_CASE_PRESERVED_NAMES 0x00000002 +#define FILE_PRSISTENT_ACLS 0x00000004 +#define FILE_FILE_COMPRESSION 0x00000008 +#define FILE_VOLUME_QUOTAS 0x00000010 +#define FILE_DEVICE_IS_MOUNTED 0x00000020 +#define FILE_VOLUME_IS_COMPRESSED 0x00008000 + +typedef struct { + USHORT Fid; + USHORT InformationLevel; + USHORT Reserved; + .align4 0; + + union ctr[InformationLevel] { + case 0x101 SMB_QUERY_FILE_BASIC_INFO_STRUCT t101; + } + +} TRANS2_SET_FILE_INFO_STRUCT; + +typedef struct { + USHORT InformationLevel; /* Level of information requested */ + ULONG Reserved; /* Must be zero */ + STRING FileName; /* File or directory name */ +} TRANS2_QUERY_PATH_INFO_STRUCT; + +typedef struct { + USHORT SearchAttributes; + USHORT SearchCount; + USHORT Flags; + USHORT InformationLevel; + ULONG SearchStorageType; + STRING FileName; +} TRANS2_FIND_FIRST2_STRUCT; + +typedef struct _Q_TRANS2_15 { + USHORT TotalParameterCount; /* Total parameter bytes being sent */ + USHORT TotalDataCount; /* Total data bytes being sent */ + USHORT MaxParameterCount; /* Max parameter bytes to return */ + USHORT MaxDataCount; /* Max data bytes to return */ + UCHAR MaxSetupCount; /* Max setup words to return */ + UCHAR Reserved; + USHORT Flags; /* Additional information: */ + /* bit 0 - also disconnect TID in TID */ + ULONG Timeout; + USHORT Reserved2; + USHORT ParameterCount; /* Parameter bytes sent this buffer */ + USHORT ParameterOffset; /* Offset (from header start) to */ + /* Parameters */ + USHORT DataCount; /* Data bytes sent this buffer */ + USHORT DataOffset; /* Offset (from header start) to data */ + UCHAR SetupCount; /* Count of setup words */ + UCHAR Reserved3; /* Reserved (pad above to word) */ + USHORT Setup[SetupCount]; /* Setup words (# = SetupWordCount) */ + USHORT ByteCount; /* Count of data bytes */ + .align4 0; + union ctr[Setup[0]] { + case 1 TRANS2_FIND_FIRST2_STRUCT t1; + case 3 TRANS2_QUERY_FS_INFO_STRUCT t3; + case 5 TRANS2_QUERY_PATH_INFO_STRUCT t5; + case 8 TRANS2_SET_FILE_INFO_STRUCT t8; + } + +} Q_TRANS2_15; + +typedef struct _Q_TRANS2 { + uint8 wcount; + union ctr[wcount] { + case 15 Q_TRANS2_15 q15; + } +} Q_TRANS2; + +typedef struct { + ULONG NextEntryOffset; + ULONG FileIndex; + hyper CreationTime; + hyper LastAccessTime; + hyper LastWriteTime; + hyper ChangeTime; + hyper EndOfFile; + hyper AllocationSize; + ULONG ExtFileAttributes; + ULONG FileNameLength; + ULONG EaSize; + UCHAR ShortNameLength; + UCHAR Reserved; + uint8 ShortName[24]; + UCHAR FileName[FileNameLength]; + .align4 2; +} SMB_FIND_FILE_BOTH_DIRECTORY_INFO; + +typedef struct { + .align2 0; +} R_TRANS2_D0; + +typedef struct { + .align4 2; +} R_TRANS2_P0; + +typedef struct { + USHORT Reserved; +} R_TRANS2_P2; + +typedef struct { + USHORT Sid; /* Search handle */ + USHORT SearchCount; /* Number of entries returned */ + USHORT EndOfSearch; /* Was last entry returned? */ + USHORT EaErrorOffset; /* Offset into EA list if EA error */ + USHORT LastNameOffset; /* Offset into data to file name of last */ + /* entry, if server needs it to resume */ + /* search; else 0 */ + .align4 2; + SMB_FIND_FILE_BOTH_DIRECTORY_INFO i104[SearchCount]; +} R_TRANS2_FIND_FIRST2_STRUCT; + +typedef struct { + SMB_QUERY_FILE_BASIC_INFO_STRUCT i101; + .align4 2; +} R_TRANS2_FILE_BASIC_STRUCT; + +typedef struct _R_TRANS2_10 { + USHORT TotalParameterCount;/* Total parameter bytes being sent */ + USHORT TotalDataCount; /* Total data bytes being sent */ + USHORT Reserved2; + USHORT ParameterCount; /* Parameter bytes sent this buffer */ + USHORT ParameterOffset; /* Offset (from header start) to */ + /* Parameters */ + USHORT ParameterDisplacement; /* Specifies the offset from the start */ + /* of the overall parameter block to */ + /* the parameter bytes that are */ + /* contained in this message */ + USHORT DataCount; /* Data bytes sent this buffer */ + USHORT DataOffset; /* Offset (from header start) to data */ + USHORT DataDisplacement; /* Specifies the offset from the start */ + /* of the overall data block to the */ + /* data bytes that are contained in */ + /* this message. */ + UCHAR SetupCount; /* Count of setup words */ + UCHAR Reserved3; /* Reserved (pad above to word) */ + USHORT Setup[SetupCount]; /* Setup words */ + USHORT ByteCount; /* Count of data bytes */ + .align4 2; + union pctr[ParameterCount] { + case 0 R_TRANS2_P0 p0; + case 2 R_TRANS2_P2 p2; + case 10 R_TRANS2_FIND_FIRST2_STRUCT r10; + } + union dctr[DataCount] { + case 0 R_TRANS2_D0 d0; + case 0x24 R_TRANS2_FILE_BASIC_STRUCT r24; + case 0x14 SMB_QUERY_FS_ATTRIBUTE_INFO_STRUCT r14; + } +} R_TRANS2_10; + +typedef struct { + USHORT ByteCount; /* Count of data bytes */ +} R_TRANS2_0; + +typedef struct _R_TRANS2 { + uint8 wcount; + union ctr[wcount] { + case 0 R_TRANS2_0 q0; + case 10 R_TRANS2_10 q10; + } +} R_TRANS2; + +typedef struct _Q_TRANS_16 { + USHORT TotalParameterCount; /* Total parameter bytes being sent */ + USHORT TotalDataCount; /* Total data bytes being sent */ + USHORT MaxParameterCount; /* Max parameter bytes to return */ + USHORT MaxDataCount; /* Max data bytes to return */ + UCHAR MaxSetupCount; /* Max setup words to return */ + UCHAR Reserved; + USHORT Flags; /* Additional information: */ + /* bit 0 - also disconnect TID in TID */ + ULONG Timeout; + USHORT Reserved2; + USHORT ParameterCount; /* Parameter bytes sent this buffer */ + USHORT ParameterOffset; /* Offset (from header start) to */ + /* Parameters */ + USHORT DataCount; /* Data bytes sent this buffer */ + USHORT DataOffset; /* Offset (from header start) to data */ + UCHAR SetupCount; /* Count of setup words */ + UCHAR Reserved3; /* Reserved (pad above to word) */ + USHORT Setup[SetupCount]; /* Setup words (# = SetupWordCount) */ + USHORT ByteCount; /* Count of data bytes */ + STRING Name; /* Must be NULL */ + .align4 0; + UCHAR Parameters[ParameterCount];/* Parameter bytes (# = ParameterCount) */ + .align4 0; + UCHAR Data[DataCount]; /* Data bytes (# = DataCount) */ + +} Q_TRANS_16; + +typedef struct _Q_TRANS { + uint8 wcount; + union ctr[wcount] { + case 16 Q_TRANS_16 q16; + } +} Q_TRANS; + +typedef struct _R_TRANS_10 { + USHORT TotalParameterCount;/* Total parameter bytes being sent */ + USHORT TotalDataCount; /* Total data bytes being sent */ + USHORT Reserved2; + USHORT ParameterCount; /* Parameter bytes sent this buffer */ + USHORT ParameterOffset; /* Offset (from header start) to */ + /* Parameters */ + USHORT ParameterDisplacement; /* Specifies the offset from the start */ + /* of the overall parameter block to */ + /* the parameter bytes that are */ + /* contained in this message */ + USHORT DataCount; /* Data bytes sent this buffer */ + USHORT DataOffset; /* Offset (from header start) to data */ + USHORT DataDisplacement; /* Specifies the offset from the start */ + /* of the overall data block to the */ + /* data bytes that are contained in */ + /* this message. */ + UCHAR SetupCount; /* Count of setup words */ + UCHAR Reserved3; /* Reserved (pad above to word) */ + USHORT Setup[SetupCount]; /* Setup words */ + USHORT ByteCount; /* Count of data bytes */ + .align4 0; + UCHAR Parameters[ParameterCount];/* Parameter bytes */ + .align4 0; + UCHAR Data[DataCount]; /* Data bytes */ +} R_TRANS_10; + +typedef struct _R_TRANS { + uint8 wcount; + union ctr[wcount] { + case 10 R_TRANS_10 q10; + } +} R_TRANS; + +typedef struct _Q_NT_CREATE_ANDX_24 { + ANDX_INFO andx; + uint8 reserved; + uint16 name_len; + ULONG flags; + ULONG rootfid; + ULONG access; + hyper allocsize; + ULONG attribs; + ULONG sharing; + ULONG creat_disp; + ULONG creat_options; + ULONG impersonation; + uint8 sec_flags; + + uint16 count; + uint8 name[name_len]; + +} Q_NTCREATE_ANDX_24; + +typedef struct _Q_NTCREATE_ANDX{ + uint8 wcount; + union ctr[wcount] { + case 24 Q_NTCREATE_ANDX_24 q24; + } +} Q_NTCREATE_ANDX; + +typedef struct { + ANDX_INFO andx; + uint8 oplock_level; + uint16 fid; + ULONG action; + TIME create_time; + TIME access_time; + TIME write_time; + TIME change_time; + ULONG ext_attribs; + hyper allocsize; + hyper size; + uint16 type; + uint16 state; + uint8 directory; + + uint16 count; + uint8 none[count]; + +} R_NTCREATE_ANDX_34; + +typedef struct _R_NTCREATE_ANDX{ + uint8 wcount; + union ctr[wcount] { + case 34 R_NTCREATE_ANDX_34 q34; + } +} R_NTCREATE_ANDX; + +typedef struct { + ULONG smbhdr; + uint8 com; + uint8 rcls; + uint8 reh; + uint16 err; + uint8 flg; + uint16 flg2; + uint16 reserved; + uint8 SecuritySignature[8]; + uint16 pad; + uint16 tid; + uint16 pid; + uint16 uid; + uint16 mid; +} SMB_HDR; + +typedef struct _R_SMB { + ULONG nbhdr; + SMB_HDR hdr; + union ctr[hdr.com] { + case 4 R_CLOSE r4; + case 6 R_UNLINK r6; + case 36 R_LOCKING_ANDX r36; + case 37 R_TRANS r37; + case 45 R_OPEN_ANDX r45; + case 46 R_READ_ANDX r46; + case 47 R_WRITE_ANDX r47; + case 50 R_TRANS2 q50; + case 113 R_TDIS r113; + case 114 R_NEGPROT r114; + case 115 R_SESSION_SETUP_ANDX r115; + case 116 R_ULOGOFF_ANDX r116; + case 117 R_TCON_ANDX r117; + case 128 R_DSKATTR r128; + case 160 R_NTTRANS r160; + case 162 R_NTCREATE_ANDX r162; + } +} R_SMB; + +typedef struct _Q_SMB { + ULONG nbhdr; + SMB_HDR hdr; + union ctr[hdr.com] { + case 4 Q_CLOSE q4; + case 6 Q_UNLINK q6; + case 36 Q_LOCKING_ANDX q36; + case 37 Q_TRANS q37; + case 45 Q_OPEN_ANDX q45; + case 46 Q_READ_ANDX q46; + case 47 Q_WRITE_ANDX q47; + case 50 Q_TRANS2 q50; + case 113 Q_TDIS q113; + case 114 Q_NEGPROT q114; + case 115 Q_SESSION_SETUP_ANDX q115; + case 116 Q_ULOGOFF_ANDX q116; + case 117 Q_TCON_ANDX q117; + case 128 Q_DSKATTR q128; + case 160 Q_NTTRANS q160; + case 162 Q_NTCREATE_ANDX q162; + } +} Q_SMB; + diff --git a/source3/aparser/dump.awk b/source3/aparser/dump.awk new file mode 100644 index 00000000000..11bfb107e46 --- /dev/null +++ b/source3/aparser/dump.awk @@ -0,0 +1,70 @@ +# dump the current parse tree + + +function element_string(elnum, + LOCAL, elem) +{ + elem = elements[elnum, "elem"]; + if (elements[elnum, "ptr"]=="1") elem="*"elem; + if (elements[elnum, "array_len"]!="") + elem=elem"["elements[elnum, "array_len"]"]"; + if (elements[elnum, "switch"]!="") + elem=elem"["elements[elnum, "switch"]"]"; + return elem; +} + +function dump_element(f, elnum, + LOCAL, elem, type) +{ + type = elements[elnum, "type"]; + case = elements[elnum, "case"]; + elem = element_string(elnum); + if (case != "") { + xprintf(f,"\t\tcase %d %s %s;\n", case, type, elem); + } else { + xprintf(f,"\t%s %s;\n", type, elem); + } +} + +function dump_union(f, elnum, + LOCAL, i) +{ + xprintf(f,"\tunion %s {\n", element_string(elnum)); + for (i=0;i"; + } else { + v["UNION"] = v["UNION"]"."; + } + + print_template(f, "union_start.tpl", v); + for (i=0;i 0) { + print_template(f, "fn_end.tpl", v); + } + else { + print_template(f, "fn_end0.tpl", v); + } + + if (f1 == -1) + return; + + xprintf(m, "void fn_%s(\n", v["STRUCTNAME"]); + + for (i=f1+1;igrow_size = MAX(ps->grow_size, ps->data_offset + extra_space); + + if(ps->data_offset + extra_space <= ps->buffer_size) + return True; + + /* + * We cannot grow the buffer if we're not reading + * into the io_struct, or if we don't own the memory. + */ + + if(UNMARSHALLING(ps) || !ps->is_dynamic) { + DEBUG(0,("io_grow: Buffer overflow - unable to expand buffer by %u bytes.\n", + (unsigned int)extra_space)); + return False; + } + + /* + * Decide how much extra space we really need. + */ + + extra_space -= (ps->buffer_size - ps->data_offset); + if(ps->buffer_size == 0) { + new_size = extra_space; + + if((new_data = malloc(new_size)) == NULL) { + DEBUG(0,("io_grow: Malloc failure for size %u.\n", (unsigned int)new_size)); + return False; + } + memset(new_data, '\0', new_size ); + } else { + /* + * If the current buffer size is bigger than the space needed, just + * double it, else add extra_space. + */ + new_size = MAX(ps->buffer_size*2, ps->buffer_size + extra_space); + + if ((new_data = Realloc(ps->data_p, new_size)) == NULL) { + DEBUG(0,("io_grow: Realloc failure for size %u.\n", + (unsigned int)new_size)); + return False; + } + } + ps->buffer_size = new_size; + ps->data_p = new_data; + + return True; +} + + +/******************************************************************* + Ensure we can read/write to a given offset. + ********************************************************************/ + +char *io_mem_get(io_struct *ps, uint32 extra_size) +{ + if(UNMARSHALLING(ps)) { + /* + * If reading, ensure that we can read the requested size item. + */ + if (ps->data_offset + extra_size > ps->buffer_size) { + DEBUG(0,("io_mem_get: reading data of size %u would overrun buffer.\n", + (unsigned int)extra_size )); + return NULL; + } + } else { + /* + * Writing - grow the buffer if needed. + */ + if(!io_grow(ps, extra_size)) + return False; + } + return &ps->data_p[ps->data_offset]; +} + +/******************************************************************* + Initialise a parse structure - malloc the data if requested. + ********************************************************************/ + +BOOL io_init(io_struct *ps, uint32 size, BOOL io) +{ + ZERO_STRUCTP(ps); + ps->io = io; + ps->bigendian_data = False; + ps->is_dynamic = False; + ps->data_offset = 0; + ps->buffer_size = 0; + ps->data_p = NULL; + + if (size != 0) { + ps->buffer_size = size; + if((ps->data_p = (char *)malloc((size_t)size)) == NULL) { + DEBUG(0,("io_init: malloc fail for %u bytes.\n", (unsigned int)size)); + return False; + } + ps->is_dynamic = True; /* We own this memory. */ + } + + return True; +} + +/******************************************************************* + debug output for parsing info. + + XXXX side-effect of this function is to increase the debug depth XXXX + + ********************************************************************/ +void io_debug(io_struct *ps, int depth, char *desc, char *fn_name) +{ + DEBUG(5+depth, ("%s%06x %s %s\n", tab_depth(depth), ps->data_offset, fn_name, desc)); +} + +/******************************************************************* + Align a the data_len to a multiple of align bytes - filling with + zeros. + ********************************************************************/ + +BOOL io_align2(io_struct *ps, int offset) +{ + uint32 mod = (ps->data_offset + offset) & (2-1); + + if (mod != 0) { + uint32 extra_space = (2 - mod); + if(!io_grow(ps, extra_space)) + return False; + memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space); + ps->data_offset += extra_space; + } + + return True; +} + +BOOL io_align4(io_struct *ps, int offset) +{ + uint32 mod = (ps->data_offset + offset) & (4-1); + + if (mod != 0) { + uint32 extra_space = (4 - mod); + if(!io_grow(ps, extra_space)) + return False; + memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space); + ps->data_offset += extra_space; + } + + return True; +} + +/******************************************************************* + Align a the data_len to a multiple of align bytes - filling with + zeros. + ********************************************************************/ + +BOOL io_align(io_struct *ps, int align) +{ + uint32 mod; + + if (!ps->autoalign) return True; + + mod = ps->data_offset & (align-1); + + if (align != 0 && mod != 0) { + uint32 extra_space = (align - mod); + if(!io_grow(ps, extra_space)) + return False; + memset(&ps->data_p[ps->data_offset], '\0', (size_t)extra_space); + ps->data_offset += extra_space; + } + + return True; +} + + +/******************************************************************* + read from a socket into memory. + ********************************************************************/ +BOOL io_read(io_struct *ps, int fd, size_t len, int timeout) +{ + BOOL ok; + size_t prev_size = ps->buffer_size; + if (!io_grow(ps, len)) + { + return False; + } + + if (timeout > 0) + { + ok = (read(fd, &ps->data_p[prev_size], len) == len); + } + else + { + ok = (read(fd, &ps->data_p[prev_size], len) == len); + } + return ok; +} + + +/******************************************************************* + do IO on a uint32. + ********************************************************************/ +BOOL io_uint32(char *name, io_struct *ps, int depth, uint32 *data32, unsigned flags) +{ + char *q; + + if (!(flags & PARSE_SCALARS)) return True; + + if (!io_align(ps, 4)) return False; + + q = io_mem_get(ps, sizeof(uint32)); + if (q == NULL) return False; + + DBG_RW_IVAL(name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, *data32) + ps->data_offset += sizeof(uint32); + + return True; +} + +/******************************************************************* + do IO on a uint16. + ********************************************************************/ +BOOL io_uint16(char *name, io_struct *ps, int depth, uint16 *data16, unsigned flags) +{ + char *q; + + if (!(flags & PARSE_SCALARS)) return True; + + if (!io_align(ps, 2)) return False; + + q = io_mem_get(ps, sizeof(uint16)); + if (q == NULL) return False; + + DBG_RW_SVAL(name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, *data16) + ps->data_offset += sizeof(uint16); + + return True; +} + +/******************************************************************* + do IO on a uint8. + ********************************************************************/ +BOOL io_uint8(char *name, io_struct *ps, int depth, uint8 *data8, unsigned flags) +{ + char *q; + + if (!(flags & PARSE_SCALARS)) return True; + + q = io_mem_get(ps, sizeof(uint8)); + if (q == NULL) return False; + + DBG_RW_IVAL(name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, *data8) + ps->data_offset += sizeof(uint8); + + return True; +} + +/******************************************************************* + do IO on a pointer + ********************************************************************/ +BOOL io_pointer(char *desc, io_struct *ps, int depth, void **p, unsigned flags) +{ + uint32 v; + + if (!(flags & PARSE_SCALARS)) return True; + + v = (*p) ? 0xdeadbeef : 0; + if (!io_uint32(desc, ps, depth, &v, flags)) return False; + *p = (void *) (v ? 0xdeadbeef : 0); + return True; +} + +/******************************************************************* + Stream a null-terminated string. + ********************************************************************/ +BOOL io_SMBSTR(char *name, io_struct *ps, int depth, char **str, unsigned flags) +{ + char *q; + uint8 *start; + int i; + size_t len; + int start_offset = ps->data_offset; + + if (!(flags & PARSE_SCALARS)) return True; + + if (UNMARSHALLING(ps)) { + *str = io_mem_get(ps, 0); + if (*str == NULL) + return False; + len = strlen(*str); + ps->data_offset += len + 1; + } + else + { + len = strlen(*str)+1; + start = (uint8*)q; + + for(i = 0; i < len; i++) { + q = io_mem_get(ps, 1); + if (q == NULL) + return False; + + RW_CVAL(ps->io, q, (*str)[i],0); + ps->data_offset++; + } + } + + DEBUG(5,("%s%04x %s: %s\n", tab_depth(depth), + start_offset, name, *str)); + return True; +} + +/****************************************************************** + do IO on a byte array + ********************************************************************/ +BOOL io_uint8s(char *name, io_struct *ps, int depth, uint8 **data8s, int len, unsigned flags) +{ + char *q; + size_t num_bytes = len * sizeof(uint8); + + if (!(flags & PARSE_SCALARS)) return True; + + q = io_mem_get(ps, num_bytes); + if (q == NULL) return False; + + if (MARSHALLING(ps)) + { + DBG_RW_PCVAL(True, name, depth, ps->data_offset, ps->io, q, *data8s, len) + } + else + { + *data8s = q; + dump_data(depth+5, *data8s, num_bytes); + } + ps->data_offset += num_bytes; + + return True; +} +/****************************************************************** + do IO on a fixed-size byte array + ********************************************************************/ +BOOL io_uint8s_fixed(char *name, io_struct *ps, int depth, uint8 *data8s, int len, unsigned flags) +{ + char *q; + size_t num_bytes = len * sizeof(uint8); + + if (!(flags & PARSE_SCALARS)) return True; + + q = io_mem_get(ps, num_bytes); + if (q == NULL) return False; + + DBG_RW_PCVAL(True, name, depth, ps->data_offset, ps->io, q, data8s, len) + ps->data_offset += num_bytes; + + return True; +} + + +/****************************************************************** + do IO on an io (eh?? :) + ********************************************************************/ +BOOL io_io_struct(char *name, io_struct *ps, int depth, io_struct *io, unsigned flags) +{ + char *q; + uint16 len; + + if (!(flags & PARSE_SCALARS)) return True; + + q = io_mem_get(ps, sizeof(uint16)); + if (q == NULL) return False; + + /* length first */ + if (MARSHALLING(ps)) + { + len = io->data_offset; + } + if (!io_uint16("len", ps, depth+1, &len, flags)) + { + return False; + } + if (UNMARSHALLING(ps)) + { + if (!io_init(io, len, UNMARSHALL)) + { + return False; + } + } + + /* now data */ + q = io_mem_get(ps, len * sizeof(uint8)); + if (q == NULL) return False; + + if (MARSHALLING(ps)) + { + DBG_RW_PCVAL(False, name, depth+1, ps->data_offset, ps->io, q, io->data_p, len) + } + else + { + io->data_p = q; + dump_data(depth+5, q, len); + } + ps->data_offset += len; + + return True; +} + +/****************************************************************** + do IO on a unicode array + ********************************************************************/ +BOOL io_wstring(char *name, io_struct *ps, int depth, uint16 *data16s, int len, unsigned flags) +{ + char *q; + + if (!(flags & PARSE_SCALARS)) return True; + + if (!io_align(ps, 2)) return False; + + q = io_mem_get(ps, len * sizeof(uint16)); + if (q == NULL) return False; + + DBG_RW_PSVAL(True, name, depth, ps->data_offset, ps->io, ps->bigendian_data, q, data16s, len) + ps->data_offset += (len * sizeof(uint16)); + + return True; +} + + +/****************************************************************** +allocate some memory for a parse structure + ********************************************************************/ +void io_free(io_struct *ps) +{ + if (ps->is_dynamic && ps->data_p) + { + free(ps->data_p); + ps->data_p = NULL; + } +} + +/****************************************************************** +allocate some memory for a parse structure + ********************************************************************/ +BOOL io_alloc(char *name, io_struct *ps, void **ptr, unsigned size) +{ + (*ptr) = (void *)malloc(size); + if (*ptr) return True; + return False; +} + +/****************************************************************** +realloc some memory for a parse structure + ********************************************************************/ +BOOL io_realloc(char *name, io_struct *ps, void **ptr, unsigned size) +{ + BOOL ret = True; + void *tp; + + tp = (void *)Realloc(*ptr, size); + if (tp) *ptr = tp; + else ret = False; + return ret; +} + diff --git a/source3/aparser/parser.h b/source3/aparser/parser.h new file mode 100644 index 00000000000..319aeb5d138 --- /dev/null +++ b/source3/aparser/parser.h @@ -0,0 +1,103 @@ +#include +#include +#include +#include +#include +#include +#include "../include/byteorder.h" + +#define PARSE_SCALARS (1<<0) +#define PARSE_BUFFERS (1<<1) + +#ifndef MIN +#define MIN(a,b) ((a)<(b)?(a):(b)) +#endif + +#ifndef MAX +#define MAX(a,b) ((a)>(b)?(a):(b)) +#endif + +#define DEBUG(lvl, str) printf str; +#define DEBUGADD(lvl, str) printf str; + +#define MARSHALL 0 +#define UNMARSHALL 1 + +#define MARSHALLING(ps) (!(ps)->io) +#define UNMARSHALLING(ps) ((ps)->io) + +typedef int BOOL; +typedef unsigned char uint8; +typedef unsigned char uchar; +typedef unsigned short uint16; +typedef unsigned short wchar; +typedef unsigned uint32; +typedef char *SMBSTR; + +/* a null terminated unicode string */ +typedef uint16 ZUSTRING; + +#ifndef _PSTRING + +#define PSTRING_LEN 1024 +#define FSTRING_LEN 128 + +typedef char pstring[PSTRING_LEN]; +typedef char fstring[FSTRING_LEN]; + +#define _PSTRING + +#endif +#define False 0 +#define True 1 + +/* zero a structure given a pointer to the structure */ +#define ZERO_STRUCTP(x) do { if ((x) != NULL) memset((char *)(x), 0, sizeof(*(x))); } while(0) + +#define MAX_UNISTRLEN 256 +#define MAX_STRINGLEN 256 +#define MAX_BUFFERLEN 512 + +typedef struct _io_struct +{ + BOOL io; /* parsing in or out of data stream */ + /* + * If the (incoming) data is big-endian. On output we are + * always little-endian. + */ + BOOL bigendian_data; + BOOL is_dynamic; /* Do we own this memory or not ? */ + BOOL autoalign; /* should we auto-align all elements? */ + uint32 data_offset; /* Current working offset into data. */ + uint32 buffer_size; /* Current size of the buffer. */ + uint32 grow_size; /* size requested via io_grow() calls */ + char *data_p; /* The buffer itself. */ +} io_struct; + + +char *io_mem_get(io_struct *ps, uint32 extra_size); +BOOL io_init(io_struct *ps, uint32 size, BOOL io); +void io_debug(io_struct *ps, int depth, char *desc, char *fn_name); +BOOL io_align(io_struct *ps, int align); +BOOL io_align4(io_struct *ps, int align); +BOOL io_align2(io_struct *ps, int align); +BOOL io_read(io_struct *ps, int fd, size_t len, int timeout); +void dump_data(int level,char *buf1,int len); +BOOL io_alloc(char *name, io_struct *ps, void **ptr, unsigned size); +BOOL io_uint32(char *name, io_struct *ps, int depth, uint32 *data32, unsigned flags); +BOOL io_uint16(char *name, io_struct *ps, int depth, uint16 *data16, unsigned flags); +BOOL io_uint8(char *name, io_struct *ps, int depth, uint8 *data8, unsigned flags); +BOOL io_pointer(char *desc, io_struct *ps, int depth, void **p, unsigned flags); +BOOL io_SMBSTR(char *name, io_struct *ps, int depth, char **str, unsigned flags); +BOOL io_io_struct(char *name, io_struct *ps, int depth, io_struct *io, unsigned flags); +BOOL io_wstring(char *name, io_struct *ps, int depth, uint16 *data16s, int len, unsigned flags); +BOOL io_uint8s_fixed(char *name, io_struct *ps, int depth, uint8 *data8s, int len, unsigned flags); +BOOL io_uint8s(char *name, io_struct *ps, int depth, uint8 **data8s, int len, unsigned flags); + +char *tab_depth(int depth); +void *Realloc(void *p,size_t size); +void dump_data(int level,char *buf1,int len); +void print_asc(int level, uchar const *buf, int len); +BOOL io_ZUSTRING(char *name, io_struct *ps, int depth, uint16 **ustr, unsigned flags); +size_t strlen_w(void *src); + diff --git a/source3/aparser/parserel.awk b/source3/aparser/parserel.awk new file mode 100644 index 00000000000..6d80f0607e4 --- /dev/null +++ b/source3/aparser/parserel.awk @@ -0,0 +1,213 @@ +# build parse functions for a parsed struct file + +function elem_name(v, elem) +{ + return v["UNION"]elem; +} + +function parse_array(f, v, elnum, flags, + LOCAL, type, elem, array_len) +{ + type = elements[elnum, "type"]; + elem = elements[elnum, "elem"]; + array_len = elements[elnum, "array_len"]; + v["ELEM"] = elem_name(v, elem); + v["TYPE"] = type; + v["FLAGS"] = flags; + v["ARRAY_LEN"] = array_len; + + if (array_len=="+") { + print_template(f,"prs_array_optional.tpl", v); + return; + } + + if (array_len=="&") { + print_template(f,"prs_array_null.tpl", v); + return; + } + + if (array_len=="*") { + print_template(f,"prs_array_remainder.tpl", v); + return; + } + + if (type == "wchar" || type == "uint16") { + if (match(array_len,"[0-9]") == 1) { + print_template(f, "prs_wstring_fixed.tpl", v); + } else { + print_template(f, "prs_wstring.tpl", v); + } + } else if (type == "uint8") { + if (match(array_len,"[0-9]") == 1) { + print_template(f, "prs_uint8s_fixed.tpl", v); + } else { + print_template(f, "prs_uint8s.tpl", v); + } + } else { + print_template(f, "prs_array.tpl", v); + } +} + + +function parse_element(f, v, elnum, flags, + LOCAL, type, elem) +{ + if (elements[elnum,"nowire"] != "") { + return; + } + type = elements[elnum, "type"]; + if (substr(type,1,1) == ".") return; + elem = elements[elnum, "elem"]; + if (elements[elnum,"ptr"] == "") { + v["PTR"] = "\\&"; + } else { + v["PTR"] = " "; + } + v["ELEM"] = elem_name(v, elem); + v["TYPE"] = type; + v["FLAGS"] = flags; + print_template(f, "prs_element.tpl", v); +} + +function parse_union(f, v, elnum, flags, + LOCAL, i) +{ + v["UNION"] = elements[elnum, "elem"]; + v["SWITCH"] = elements[elnum, "switch"]; + + if (elements[elnum, "ptr"] == "1") { + v["UNION"] = v["UNION"]"->"; + } else { + v["UNION"] = v["UNION"]"."; + } + + print_template(f, "union_start.tpl", v); + for (i=0;i 0) { + while ((i = match(line,"@[a-zA-Z_]*@")) != 0) { + pat=substr(line,i+1,RLENGTH-2); + if (v[pat] == "") fatal("no value for "pat" in "tplname); + gsub("@"pat"@", v[pat], line); + } + + xprintf(f, "%s\n", line); + } + close(tplname); +} diff --git a/source3/aparser/templates/fn_end.tpl b/source3/aparser/templates/fn_end.tpl new file mode 100644 index 00000000000..2275ec4e33c --- /dev/null +++ b/source3/aparser/templates/fn_end.tpl @@ -0,0 +1,13 @@ + +end: + /* the parse is OK */ + return True; + +fail: + if (UNMARSHALLING(ps)) { + ZERO_STRUCTP(il); + } + return False; +} /* @FUNCNAME@ */ + + diff --git a/source3/aparser/templates/fn_end0.tpl b/source3/aparser/templates/fn_end0.tpl new file mode 100644 index 00000000000..6e49a10f538 --- /dev/null +++ b/source3/aparser/templates/fn_end0.tpl @@ -0,0 +1,8 @@ + +end: + /* the parse is OK */ + return True; + +} /* @FUNCNAME@ */ + + diff --git a/source3/aparser/templates/fn_i_end.tpl b/source3/aparser/templates/fn_i_end.tpl new file mode 100644 index 00000000000..9de61decb38 --- /dev/null +++ b/source3/aparser/templates/fn_i_end.tpl @@ -0,0 +1,12 @@ + + /* the parse is OK */ + return True; + +fail: + if (UNMARSHALLING(ps)) { + ZERO_STRUCTP(il); + } + return False; +} /* @FUNCNAME@ */ + + diff --git a/source3/aparser/templates/fn_i_start.tpl b/source3/aparser/templates/fn_i_start.tpl new file mode 100644 index 00000000000..3979d78e7db --- /dev/null +++ b/source3/aparser/templates/fn_i_start.tpl @@ -0,0 +1,15 @@ +/******************************************************************* +parse a @STRUCTNAME@ structure +********************************************************************/ +BOOL @FUNCNAME@(char *desc, io_struct *ps, int depth, + @STRUCTNAME@ *il, unsigned flags) +{ + io_debug(ps, depth, desc, "@FUNCNAME@"); + depth++; + +#if 0 + if (UNMARSHALLING(ps)) { + ZERO_STRUCTP(il); + } +#endif + /* parse the scalars */ diff --git a/source3/aparser/templates/fn_mid.tpl b/source3/aparser/templates/fn_mid.tpl new file mode 100644 index 00000000000..b81de92a5bd --- /dev/null +++ b/source3/aparser/templates/fn_mid.tpl @@ -0,0 +1,6 @@ + +buffers: + if (!(flags & PARSE_BUFFERS)) goto end; + + /* now parse the buffers */ + diff --git a/source3/aparser/templates/fn_start.tpl b/source3/aparser/templates/fn_start.tpl new file mode 100644 index 00000000000..a5d58767a6c --- /dev/null +++ b/source3/aparser/templates/fn_start.tpl @@ -0,0 +1,17 @@ +/******************************************************************* +parse a @STRUCTNAME@ structure +********************************************************************/ +BOOL @FUNCNAME@(char *desc, io_struct *ps, int depth, + @STRUCTNAME@ *il, unsigned flags) +{ + io_debug(ps, depth, desc, "@FUNCNAME@"); + depth++; + + if (!(flags & PARSE_SCALARS)) goto buffers; + +#if 0 + if (UNMARSHALLING(ps)) { + ZERO_STRUCTP(il); + } +#endif + /* parse the scalars */ diff --git a/source3/aparser/templates/harness.tpl b/source3/aparser/templates/harness.tpl new file mode 100644 index 00000000000..27c33c0adc1 --- /dev/null +++ b/source3/aparser/templates/harness.tpl @@ -0,0 +1,5 @@ + + if (strcmp(test,"@TEST@")==0) { + @TEST@ il; + ret = io_@TEST@("@TEST@", ps, 0, &il, flags); + } else diff --git a/source3/aparser/templates/harness_end.tpl b/source3/aparser/templates/harness_end.tpl new file mode 100644 index 00000000000..1e15faec167 --- /dev/null +++ b/source3/aparser/templates/harness_end.tpl @@ -0,0 +1,7 @@ + { + printf("structure %s not found\n", test); + ret = False; + } + + return ret; +} diff --git a/source3/aparser/templates/harness_start.tpl b/source3/aparser/templates/harness_start.tpl new file mode 100644 index 00000000000..beba6fc12de --- /dev/null +++ b/source3/aparser/templates/harness_start.tpl @@ -0,0 +1,7 @@ +#include "prs_@MODULE@.c" + +static BOOL run_test(char *test, io_struct *ps, int flags) +{ + BOOL ret; + + diff --git a/source3/aparser/templates/ifptr_end.tpl b/source3/aparser/templates/ifptr_end.tpl new file mode 100644 index 00000000000..990635cf453 --- /dev/null +++ b/source3/aparser/templates/ifptr_end.tpl @@ -0,0 +1 @@ + } diff --git a/source3/aparser/templates/ifptr_start.tpl b/source3/aparser/templates/ifptr_start.tpl new file mode 100644 index 00000000000..228b84bac93 --- /dev/null +++ b/source3/aparser/templates/ifptr_start.tpl @@ -0,0 +1,2 @@ + if (il->@ELEM@) { + if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@)))) goto fail; diff --git a/source3/aparser/templates/module_end.tpl b/source3/aparser/templates/module_end.tpl new file mode 100644 index 00000000000..661f7edb95d --- /dev/null +++ b/source3/aparser/templates/module_end.tpl @@ -0,0 +1,3 @@ + + +/* end auto-generated structure parsers for @MODULE@ */ diff --git a/source3/aparser/templates/module_start.tpl b/source3/aparser/templates/module_start.tpl new file mode 100644 index 00000000000..ac6a3c9d98d --- /dev/null +++ b/source3/aparser/templates/module_start.tpl @@ -0,0 +1,5 @@ +/* auto-generated structure parsers for @MODULE@ + generated by aparser +*/ +#include "prs_@MODULE@.h" + diff --git a/source3/aparser/templates/prs_.align.tpl b/source3/aparser/templates/prs_.align.tpl new file mode 100644 index 00000000000..25816a23b34 --- /dev/null +++ b/source3/aparser/templates/prs_.align.tpl @@ -0,0 +1 @@ + if(!io_align(ps)) goto fail; diff --git a/source3/aparser/templates/prs_align2.tpl b/source3/aparser/templates/prs_align2.tpl new file mode 100644 index 00000000000..54c569b547b --- /dev/null +++ b/source3/aparser/templates/prs_align2.tpl @@ -0,0 +1 @@ + if (!io_align2(ps, @OFFSET@)) goto fail; diff --git a/source3/aparser/templates/prs_align4.tpl b/source3/aparser/templates/prs_align4.tpl new file mode 100644 index 00000000000..702fab13243 --- /dev/null +++ b/source3/aparser/templates/prs_align4.tpl @@ -0,0 +1 @@ + if (!io_align4(ps, @OFFSET@)) goto fail; diff --git a/source3/aparser/templates/prs_array.tpl b/source3/aparser/templates/prs_array.tpl new file mode 100644 index 00000000000..4bd6a26c99c --- /dev/null +++ b/source3/aparser/templates/prs_array.tpl @@ -0,0 +1,8 @@ + if ((@FLAGS@ & PARSE_SCALARS) && + !io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(il->@ARRAY_LEN@))) goto fail; + { + int i; + for (i=0;i@ARRAY_LEN@;i++) { + if (!io_@TYPE@("@ELEM@...", ps, depth+1, &il->@ELEM@[i], @FLAGS@)) goto fail; + } + } diff --git a/source3/aparser/templates/prs_array_optional.tpl b/source3/aparser/templates/prs_array_optional.tpl new file mode 100644 index 00000000000..38bd32861f7 --- /dev/null +++ b/source3/aparser/templates/prs_array_optional.tpl @@ -0,0 +1,5 @@ + if ((MARSHALLING(ps) && il->@ELEM@) || + ps->data_offset < ps->buffer_size) { + if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@)))) goto fail; + if (!io_@TYPE@("@ELEM@...", ps, depth+1, il->@ELEM@, @FLAGS@)) goto fail; + } diff --git a/source3/aparser/templates/prs_array_remainder.tpl b/source3/aparser/templates/prs_array_remainder.tpl new file mode 100644 index 00000000000..c8b1e2ab5af --- /dev/null +++ b/source3/aparser/templates/prs_array_remainder.tpl @@ -0,0 +1,17 @@ + if (UNMARSHALLING(ps)) + { + int i; + for (i=0;ps->data_offset < ps->buffer_size;i++) { + if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(i+1))) goto fail; + if (!io_@TYPE@("@ELEM@...", ps, depth+1, &il->@ELEM@[i], @FLAGS@)) goto fail; + } + } + else + { + int i = -1; + /* HACK ALERT! */ + do { + i++; + if (!io_@TYPE@("@ELEM@...", ps, depth+1, &il->@ELEM@[i], @FLAGS@)) goto fail; + } while (il->@ELEM@[i].tag2 != 0); + } diff --git a/source3/aparser/templates/prs_break.tpl b/source3/aparser/templates/prs_break.tpl new file mode 100644 index 00000000000..eb540f7be84 --- /dev/null +++ b/source3/aparser/templates/prs_break.tpl @@ -0,0 +1 @@ + break; diff --git a/source3/aparser/templates/prs_case.tpl b/source3/aparser/templates/prs_case.tpl new file mode 100644 index 00000000000..06c1bd3ae6e --- /dev/null +++ b/source3/aparser/templates/prs_case.tpl @@ -0,0 +1 @@ + case @CASE@: diff --git a/source3/aparser/templates/prs_case_end.tpl b/source3/aparser/templates/prs_case_end.tpl new file mode 100644 index 00000000000..eb540f7be84 --- /dev/null +++ b/source3/aparser/templates/prs_case_end.tpl @@ -0,0 +1 @@ + break; diff --git a/source3/aparser/templates/prs_element.tpl b/source3/aparser/templates/prs_element.tpl new file mode 100644 index 00000000000..e8bf5180cec --- /dev/null +++ b/source3/aparser/templates/prs_element.tpl @@ -0,0 +1 @@ + if (!io_@TYPE@("@ELEM@", ps, depth+1, @PTR@il->@ELEM@, @FLAGS@)) goto fail; diff --git a/source3/aparser/templates/prs_pointer.tpl b/source3/aparser/templates/prs_pointer.tpl new file mode 100644 index 00000000000..4ebcf19d834 --- /dev/null +++ b/source3/aparser/templates/prs_pointer.tpl @@ -0,0 +1,2 @@ + if (!io_pointer("@ELEM@_ptr", ps, depth+1, + (void **)&il->@ELEM@, @FLAGS@)) goto fail; diff --git a/source3/aparser/templates/prs_struct.tpl b/source3/aparser/templates/prs_struct.tpl new file mode 100644 index 00000000000..ab8246db8e7 --- /dev/null +++ b/source3/aparser/templates/prs_struct.tpl @@ -0,0 +1 @@ + if (!@MODULE@_io_@TYPE@("@ELEM@", &il->@ELEM@, ps, depth+1)) goto fail; diff --git a/source3/aparser/templates/prs_struct_alloc.tpl b/source3/aparser/templates/prs_struct_alloc.tpl new file mode 100644 index 00000000000..9eae5c92fca --- /dev/null +++ b/source3/aparser/templates/prs_struct_alloc.tpl @@ -0,0 +1 @@ + if (!@MODULE@_io_@TYPE@_alloc("@ELEM@", &il->@ELEM@, ps, depth+1)) goto fail; diff --git a/source3/aparser/templates/prs_uint16.tpl b/source3/aparser/templates/prs_uint16.tpl new file mode 100644 index 00000000000..b40d6d4216f --- /dev/null +++ b/source3/aparser/templates/prs_uint16.tpl @@ -0,0 +1 @@ + if (!io_uint16("@ELEM@", ps, depth+1, &il->@ELEM@)) goto fail; diff --git a/source3/aparser/templates/prs_uint32.tpl b/source3/aparser/templates/prs_uint32.tpl new file mode 100644 index 00000000000..eb76715d28b --- /dev/null +++ b/source3/aparser/templates/prs_uint32.tpl @@ -0,0 +1 @@ + if (!io_uint32("@ELEM@", ps, depth+1, &il->@ELEM@)) goto fail; diff --git a/source3/aparser/templates/prs_uint8s.tpl b/source3/aparser/templates/prs_uint8s.tpl new file mode 100644 index 00000000000..967162213f4 --- /dev/null +++ b/source3/aparser/templates/prs_uint8s.tpl @@ -0,0 +1,2 @@ + if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(il->@ARRAY_LEN@))) goto fail; + if (!io_uint8s("@ELEM@", ps, depth+1, &il->@ELEM@, il->@ARRAY_LEN@, @FLAGS@)) goto fail; diff --git a/source3/aparser/templates/prs_uint8s_fixed.tpl b/source3/aparser/templates/prs_uint8s_fixed.tpl new file mode 100644 index 00000000000..26597f419f3 --- /dev/null +++ b/source3/aparser/templates/prs_uint8s_fixed.tpl @@ -0,0 +1 @@ + if (!io_uint8s_fixed("@ELEM@", ps, depth+1, il->@ELEM@, @ARRAY_LEN@, @FLAGS@)) goto fail; diff --git a/source3/aparser/templates/prs_wstring.tpl b/source3/aparser/templates/prs_wstring.tpl new file mode 100644 index 00000000000..4de46f093c8 --- /dev/null +++ b/source3/aparser/templates/prs_wstring.tpl @@ -0,0 +1,2 @@ + if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(il->@ARRAY_LEN@))) goto fail; + if (!io_wstring("@ELEM@", ps, depth+1, il->@ELEM@, il->@ARRAY_LEN@, @FLAGS@)) goto fail; diff --git a/source3/aparser/templates/prs_wstring_fixed.tpl b/source3/aparser/templates/prs_wstring_fixed.tpl new file mode 100644 index 00000000000..e33f7c3d5d2 --- /dev/null +++ b/source3/aparser/templates/prs_wstring_fixed.tpl @@ -0,0 +1,2 @@ + if (!io_alloc("@ELEM@", ps, (void **)&il->@ELEM@, sizeof(*(il->@ELEM@))*(@ARRAY_LEN@))) goto fail; + if (!io_wstring("@ELEM@", ps, depth+1, il->@ELEM@, @ARRAY_LEN@, @FLAGS@)) goto fail; diff --git a/source3/aparser/templates/union_end.tpl b/source3/aparser/templates/union_end.tpl new file mode 100644 index 00000000000..511adbcf602 --- /dev/null +++ b/source3/aparser/templates/union_end.tpl @@ -0,0 +1,5 @@ + default: + DEBUG(5,("No handler for case %d in @FUNCNAME@\n", + (int)il->@SWITCH@)); + goto fail; + } diff --git a/source3/aparser/templates/union_start.tpl b/source3/aparser/templates/union_start.tpl new file mode 100644 index 00000000000..aa052be6972 --- /dev/null +++ b/source3/aparser/templates/union_start.tpl @@ -0,0 +1 @@ + switch (il->@SWITCH@) { diff --git a/source3/aparser/token.awk b/source3/aparser/token.awk new file mode 100644 index 00000000000..fb2982f0777 --- /dev/null +++ b/source3/aparser/token.awk @@ -0,0 +1,180 @@ +# tokenise the input file + +function parse_error(msg) { + printf("PARSE ERROR: %s\nLine "NR" : "$0"\n", msg); + exit 1; +} + +# ignore multi-line C comments. +{ + if (t = index($0, "/*")) { + if (t > 1) + tmp = substr($0, 1, t - 1) + else + tmp = "" + u = index(substr($0, t + 2), "*/") + while (u == 0) { + getline + t = -1 + u = index($0, "*/") + } + if (u <= length($0) - 2) + $0 = tmp substr($0, t + u + 3) + else + $0 = tmp + } +} + +# ignore blank lines +/^[ \t]*$/ { + next; +} + +/^\#define.*/ { + split($0,a,"[ \t;]*"); + parse_define(a[2], a[3]); + next; +} + +# ignore comments +/^[ \t]*\#/ { + next; +} + +/^[ \t]*module/ { + {if (module!="") parse_error("you can only specify one module name");} + start_module($2); + next; +} + +{if (module=="") parse_error("you must specify the module name first");} + +/^[ \t]*option/ { + set_option($2, $3); + next; +} + +/^[ \t]*typedef struct.*\{/ { + {if (current_struct!="") parse_error("you cannot have nested structures");} + start_struct($3); + next; +} + +/^[ \t]*struct.*\{/ { + {if (current_struct!="") parse_error("you cannot have nested structures");} + start_struct($2); + next; +} + +/^[ \t]*typedef union.*\{/ { + {if (current_struct!="") parse_error("this cannot appear inside a structure");} + split($0,a,"[ \t;()]*"); + start_union_encap(a[4], a[6], a[7], a[8]); + next; +} + +/^[ \t]*void.*\(/ { + {if (current_struct!="") parse_error("you cannot have nested structures");} + split($0,a,"[ \t;()]*"); + start_function(a[2], a[3]); + return_result="void"; + next; +} + +/^[ \t]*STATUS.*\(|^[ \t]*void.*\(/ { + {if (current_struct!="") parse_error("you cannot have nested structures");} + split($0,a,"[ \t;()]*"); + start_function(a[2], a[3]); + return_result="STATUS"; + next; +} + +{if (current_struct=="") parse_error("this must appear inside a structure");} + +/^[ \t]*union.*\{/ { + {if (current_union!="") parse_error("you cannot have nested unions");} + start_union($2); + next; +} + +/^[ \t]*\[switch_is.*union.*\{/ { + {if (current_union!="") parse_error("you cannot have nested unions");} + split($0,a,"[ \t;()]*"); + start_union_notencap(a[3]); + next; +} + +/^[ \t]*case.*;/ { + {if (current_union=="") parse_error("this must appear inide a union");} + split($0,a,"[ \t;]*"); + parse_case(a[3],a[4],a[5]); + next; +} + +/^[ \t]*\[case(.*)\].*;/ { + {if (current_union=="") parse_error("this must appear inide a union");} + split($0,a,"[ \t;()[\]]*"); + parse_case(a[6],a[8],a[9]); + next; +} + +/^[ \t]*\}$/ { + {if (current_union=="") parse_error("this must appear inside a union");} + end_union(""); + next; +} + +/^[ \t]*\} .*;/ { + if (current_union!="") { + split($2,a,"[ \t;]*"); + end_union(a[1]); + next; + } +} + +{if (current_union!="") parse_error("this cannot appear inside a union");} + +/^[ \t]*\};/ { + end_struct(""); + next; +} + +/^[ \t]*\} .*;/ { + split($2,a,"[ \t;]*"); + end_struct(a[1]); + next; +} + +/^[ \t]*\);/ { + end_function(); + return_result=""; + next; +} + +/^.*size_is.*\*.*;/ { + split($0,a,"[ \t;()]*"); + add_sizeis_array(a[3], a[5], a[6]); + next; +} + +/^.*;/ { + split($0,a,"[ \t;]*"); + add_struct_elem(a[2], a[3]); + next; +} + +/^[\t ]*void/ { + next; +} + +/^[ \t]*\[.*\].*/ { + split($0,a,"[ \t;]*"); + split(a[4], b, "[,]"); + add_function_param(a[2], a[3], b[1]); + next; +} + +{ + parse_error("Unknown construct."); +} + diff --git a/source3/aparser/util.awk b/source3/aparser/util.awk new file mode 100644 index 00000000000..6c5594da688 --- /dev/null +++ b/source3/aparser/util.awk @@ -0,0 +1,39 @@ +function isaptr(elem) +{ + if (substr(elem, 1, 1) == "*") { + return 1; + } + return 0; +} + +function noptr(elem) +{ + if (!isaptr(elem)) return elem; + return substr(elem, 2); +} + +function xprintf(f, fmt, v1, v2, v3, v4, v5, v6, v7) +{ + printf(fmt, v1, v2, v3, v4, v5, v6) > f; +} + +function fatal(why) +{ + printf("FATAL: %s\n", why); + exit 1; +} + +function numlines(fname, + LOCAL, line, count) +{ + count=0; + while ((getline line < fname) > 0) count++; + close(fname); + return count; +} + +# return 1 if the string is a constant +function is_constant(s) +{ + return match(s,"^[0-9]+$"); +} diff --git a/source3/aparser/util.c b/source3/aparser/util.c new file mode 100644 index 00000000000..ffa84dbfabc --- /dev/null +++ b/source3/aparser/util.c @@ -0,0 +1,112 @@ +#include "parser.h" + + +/******************************************************************* + Count the number of characters (not bytes) in a unicode string. +********************************************************************/ +size_t strlen_w(void *src) +{ + size_t len; + + for (len = 0; SVAL(src, len*2); len++) ; + + return len; +} + +/**************************************************************************** +expand a pointer to be a particular size +****************************************************************************/ +void *Realloc(void *p,size_t size) +{ + void *ret=NULL; + + if (size == 0) { + if (p) free(p); + DEBUG(5,("Realloc asked for 0 bytes\n")); + return NULL; + } + + if (!p) + ret = (void *)malloc(size); + else + ret = (void *)realloc(p,size); + + if (!ret) + DEBUG(0,("Memory allocation error: failed to expand to %d bytes\n",(int)size)); + + return(ret); +} + + +char *tab_depth(int depth) +{ + static pstring spaces; + memset(spaces, ' ', depth * 4); + spaces[depth * 4] = 0; + return spaces; +} + +void print_asc(int level, uchar const *buf, int len) +{ + int i; + for (i = 0; i < len; i++) + { + DEBUGADD(level, ("%c", isprint(buf[i]) ? buf[i] : '.')); + } +} + +void dump_data(int level, char *buf1, int len) +{ + uchar const *buf = (uchar const *)buf1; + int i = 0; + if (buf == NULL) + { + DEBUG(level, ("dump_data: NULL, len=%d\n", len)); + return; + } + if (len < 0) + return; + if (len == 0) + { + DEBUG(level, ("\n")); + return; + } + + DEBUG(level, ("[%03X] ", i)); + for (i = 0; i < len;) + { + DEBUGADD(level, ("%02X ", (int)buf[i])); + i++; + if (i % 8 == 0) + DEBUGADD(level, (" ")); + if (i % 16 == 0) + { + print_asc(level, &buf[i - 16], 8); + DEBUGADD(level, (" ")); + print_asc(level, &buf[i - 8], 8); + DEBUGADD(level, ("\n")); + if (i < len) + DEBUGADD(level, ("[%03X] ", i)); + } + } + + if (i % 16 != 0) /* finish off a non-16-char-length row */ + { + int n; + + n = 16 - (i % 16); + DEBUGADD(level, (" ")); + if (n > 8) + DEBUGADD(level, (" ")); + while (n--) + DEBUGADD(level, (" ")); + + n = MIN(8, i % 16); + print_asc(level, &buf[i - (i % 16)], n); + DEBUGADD(level, (" ")); + n = (i % 16) - n; + if (n > 0) + print_asc(level, &buf[i - n], n); + DEBUGADD(level, ("\n")); + } +} diff --git a/source3/aparser/vluke.c b/source3/aparser/vluke.c new file mode 100644 index 00000000000..d3868f2753e --- /dev/null +++ b/source3/aparser/vluke.c @@ -0,0 +1,41 @@ +#include "parser.h" +#include "test.h" + +int main(int argc, char *argv[]) +{ + BOOL ret; + char *fname, *test; + int fd; + struct stat st; + io_struct ps; + + if (argc < 3) { + printf("usage: vluke \n"); + exit(1); + } + + test = argv[1]; + fname = argv[2]; + + fd = open(fname,O_RDONLY); + if (fd == -1) { + perror(fname); + exit(1); + } + fstat(fd, &st); + + io_init(&ps, 0, MARSHALL); + ps.is_dynamic=True; + io_read(&ps, fd, st.st_size, 0); + ps.data_offset = 0; + ps.buffer_size = ps.grow_size; + ps.io = UNMARSHALL; + ps.autoalign = OPTION_autoalign; + ret = run_test(test, &ps, PARSE_SCALARS|PARSE_BUFFERS); + printf("\nret=%s\n", ret?"OK":"Bad"); + printf("Trailer is %d bytes\n\n", ps.grow_size - ps.data_offset); + if (ps.grow_size - ps.data_offset > 0) { + dump_data(0, ps.data_p + ps.data_offset, ps.grow_size - ps.data_offset); + } + return !ret; +} diff --git a/source3/architecture.doc b/source3/architecture.doc new file mode 100644 index 00000000000..eb29792bea0 --- /dev/null +++ b/source3/architecture.doc @@ -0,0 +1,134 @@ +Samba Architecture +------------------ + +First preliminary version Dan Shearer Nov 97 +Quickly scrabbled together from odd bits of mail and memory. Please update. + +This document gives a general overview of how Samba works +internally. The Samba Team has tried to come up with a model which is +the best possible compromise between elegance, portability, security +and the constraints imposed by the very messy SMB and CIFS +protocol. + +It also tries to answer some of the frequently asked questions such as: + + * Is Samba secure when running on Unix? The xyz platform? + What about the root priveliges issue? + + * Pros and cons of multithreading in various parts of Samba + + * Why not have a separate process for name resolution, WINS, + and browsing? + + +Multithreading and Samba +------------------------ + +People sometimes tout threads as a uniformly good thing. They are very +nice in their place but are quite inappropriate for smbd. nmbd is +another matter, and multi-threading it would be very nice. + +The short version is that smbd is not multithreaded, and alternative +servers that take this approach under Unix (such as Syntax, at the +time of writing) suffer tremendous performance penalties and are less +robust. nmbd is not threaded either, but this is because it is not +possible to do it while keeping code consistent and portable across 35 +or more platforms. (This drawback also applies to threading smbd.) + +The longer versions is that there are very good reasons for not making +smbd multi-threaded. Multi-threading would actually make Samba much +slower, less scalable, less portable and much less robust. The fact +that we use a separate process for each connection is one of Samba's +biggest advantages. + +Threading smbd +-------------- + +A few problems that would arise from a threaded smbd are: + +0) It's not only to create threads instead of processes, but you + must care about all variables if they have to be thread specific + (currently they would be global). + +1) if one thread dies (eg. a seg fault) then all threads die. We can +immediately throw robustness out the window. + +2) many of the system calls we make are blocking. Non-blocking +equivalents of many calls are either not available or are awkward (and +slow) to use. So while we block in one thread all clients are +waiting. Imagine if one share is a slow NFS filesystem and the others +are fast, we will end up slowing all clients to the speed of NFS. + +3) you can't run as a different uid in different threads. This means +we would have to switch uid/gid on _every_ SMB packet. It would be +horrendously slow. + +4) the per process file descriptor limit would mean that we could only +support a limited number of clients. + +5) we couldn't use the system locking calls as the locking context of +fcntl() is a process, not a thread. + +Threading nmbd +-------------- + +This would be ideal, but gets sunk by portability requirements. + +Andrew tried to write a test threads library for nmbd that used only +ansi-C constructs (using setjmp and longjmp). Unfortunately some OSes +defeat this by restricting longjmp to calling addresses that are +shallower than the current address on the stack (apparently AIX does +this). This makes a truly portable threads library impossible. So to +support all our current platforms we would have to code nmbd both with +and without threads, and as the real aim of threads is to make the +code clearer we would not have gained anything. (it is a myth that +threads make things faster. threading is like recursion, it can make +things clear but the same thing can always be done faster by some +other method) + +Chris tried to spec out a general design that would abstract threading +vs separate processes (vs other methods?) and make them accessible +through some general API. This doesn't work because of the data +sharing requirements of the protocol (packets in the future depending +on packets now, etc.) At least, the code would work but would be very +clumsy, and besides the fork() type model would never work on Unix. (Is there an OS that it would work on, for nmbd?) + +A fork() is cheap, but not nearly cheap enough to do on every UDP +packet that arrives. Having a pool of processes is possible but is +nasty to program cleanly due to the enormous amount of shared data (in +complex structures) between the processes. We can't rely on each +platform having a shared memory system. + +nbmd Design +----------- + +Originally Andrew used recursion to simulate a multi-threaded +environment, which use the stack enormously and made for really +confusing debugging sessions. Luke Leighton rewrote it to use a +queuing system that keeps state information on each packet. The +first version used a single structure which was used by all the +pending states. As the initialisation of this structure was +done by adding arguments, as the functionality developed, it got +pretty messy. So, it was replaced with a higher-order function +and a pointer to a user-defined memory block. This suddenly +made things much simpler: large numbers of functions could be +made static, and modularised. This is the same principle as used +in NT's kernel, and achieves the same effect as threads, but in +a single process. + +Then Jeremy rewrote nmbd. The packet data in nmbd isn't what's on the +wire. It's a nice format that is very amenable to processing but still +keeps the idea of a distinct packet. See "struct packet_struct" in +nameserv.h. It has all the detail but none of the on-the-wire +mess. This makes it ideal for using in disk or memory-based databases +for browsing and WINS support. + +nmbd now consists of a series of modules. It... + + +Samba Design and Security +------------------------- + +Why Isn't nmbd Multiple Daemons? +-------------------------------- + diff --git a/source3/auth/auth.c b/source3/auth/auth.c new file mode 100644 index 00000000000..c7b9fcc1d8b --- /dev/null +++ b/source3/auth/auth.c @@ -0,0 +1,456 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Bartlett 2001-2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/** List of various built-in authenticaion modules */ + +const struct auth_init_function builtin_auth_init_functions[] = { + { "guest", auth_init_guest }, + { "rhosts", auth_init_rhosts }, + { "hostsequiv", auth_init_hostsequiv }, + { "sam", auth_init_sam }, + { "samstrict", auth_init_samstrict }, + { "unix", auth_init_unix }, + { "smbserver", auth_init_smbserver }, + { "ntdomain", auth_init_ntdomain }, + { "trustdomain", auth_init_trustdomain }, + { "winbind", auth_init_winbind }, +#ifdef DEVELOPER + { "name_to_ntstatus", auth_init_name_to_ntstatus }, +#endif + { NULL, NULL} +}; + +/**************************************************************************** + Try to get a challenge out of the various authenticaion modules. + Returns a const char of length 8 bytes. +****************************************************************************/ + +static const uint8 *get_ntlm_challenge(struct auth_context *auth_context) +{ + DATA_BLOB challenge = data_blob(NULL, 0); + char *challenge_set_by = NULL; + auth_methods *auth_method; + TALLOC_CTX *mem_ctx; + + if (auth_context->challenge.length) { + DEBUG(5, ("get_ntlm_challenge (auth subsystem): returning previous challenge (normal)\n")); + return auth_context->challenge.data; + } + + for (auth_method = auth_context->auth_method_list; auth_method; auth_method = auth_method->next) + { + if (auth_method->get_chal == NULL) { + DEBUG(5, ("auth_get_challenge: module %s did not want to specify a challenge\n", auth_method->name)); + continue; + } + + DEBUG(5, ("auth_get_challenge: getting challenge from module %s\n", auth_method->name)); + if (challenge_set_by != NULL) { + DEBUG(1, ("auth_get_challenge: CONFIGURATION ERROR: authenticaion method %s has already specified a challenge. Challenge by %s ignored.\n", + challenge_set_by, auth_method->name)); + continue; + } + + mem_ctx = talloc_init_named("auth_get_challenge for module %s", auth_method->name); + if (!mem_ctx) { + smb_panic("talloc_init_named() failed!"); + } + + challenge = auth_method->get_chal(auth_context, &auth_method->private_data, mem_ctx); + if (!challenge.length) { + DEBUG(3, ("auth_get_challenge: getting challenge from authenticaion method %s FAILED.\n", + auth_method->name)); + } else { + DEBUG(5, ("auth_get_challenge: sucessfully got challenge from module %s\n", auth_method->name)); + auth_context->challenge = challenge; + challenge_set_by = auth_method->name; + auth_context->challenge_set_method = auth_method; + } + talloc_destroy(mem_ctx); + } + + if (!challenge_set_by) { + uchar chal[8]; + + generate_random_buffer(chal, sizeof(chal), False); + auth_context->challenge = data_blob_talloc(auth_context->mem_ctx, + chal, sizeof(chal)); + + challenge_set_by = "random"; + } + + DEBUG(5, ("auth_context challenge created by %s\n", challenge_set_by)); + DEBUG(5, ("challenge is: \n")); + dump_data(5, auth_context->challenge.data, auth_context->challenge.length); + + SMB_ASSERT(auth_context->challenge.length == 8); + + auth_context->challenge_set_by=challenge_set_by; + + return auth_context->challenge.data; +} + + +/** + * Check user is in correct domain (if required) + * + * @param user Only used to fill in the debug message + * + * @param domain The domain to be verified + * + * @return True if the user can connect with that domain, + * False otherwise. +**/ + +static BOOL check_domain_match(const char *user, const char *domain) +{ + /* + * If we aren't serving to trusted domains, we must make sure that + * the validation request comes from an account in the same domain + * as the Samba server + */ + + if (!lp_allow_trusted_domains() && + !(strequal("", domain) || + strequal(lp_workgroup(), domain) || + is_netbios_alias_or_name(domain))) { + DEBUG(1, ("check_domain_match: Attempt to connect as user %s from domain %s denied.\n", user, domain)); + return False; + } else { + return True; + } +} + +/** + * Check a user's Plaintext, LM or NTLM password. + * + * Check a user's password, as given in the user_info struct and return various + * interesting details in the server_info struct. + * + * This function does NOT need to be in a become_root()/unbecome_root() pair + * as it makes the calls itself when needed. + * + * The return value takes precedence over the contents of the server_info + * struct. When the return is other than NT_STATUS_OK the contents + * of that structure is undefined. + * + * @param user_info Contains the user supplied components, including the passwords. + * Must be created with make_user_info() or one of its wrappers. + * + * @param auth_info Supplies the challenges and some other data. + * Must be created with make_auth_info(), and the challenges should be + * filled in, either at creation or by calling the challenge geneation + * function auth_get_challenge(). + * + * @param server_info If successful, contains information about the authenticaion, + * including a SAM_ACCOUNT struct describing the user. + * + * @return An NTSTATUS with NT_STATUS_OK or an appropriate error. + * + **/ + +static NTSTATUS check_ntlm_password(const struct auth_context *auth_context, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info) +{ + + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + const char *pdb_username; + auth_methods *auth_method; + TALLOC_CTX *mem_ctx; + + if (!user_info || !auth_context || !server_info) { + return NT_STATUS_LOGON_FAILURE; + } + + DEBUG(3, ("check_password: Checking password for unmapped user [%s]\\[%s]@[%s] with the new password interface\n", + user_info->client_domain.str, user_info->smb_name.str, user_info->wksta_name.str)); + + DEBUG(3, ("check_password: mapped user is: [%s]\\[%s]@[%s]\n", + user_info->domain.str, user_info->internal_username.str, user_info->wksta_name.str)); + if (auth_context->challenge_set_by) { + DEBUG(10, ("auth_context challenge created by %s\n", auth_context->challenge_set_by)); + } + DEBUG(10, ("challenge is: \n")); + dump_data(5, auth_context->challenge.data, auth_context->challenge.length); + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("user_info has passwords of length %d and %d\n", + user_info->lm_resp.length, user_info->nt_resp.length)); + DEBUG(100, ("lm:\n")); + dump_data(100, user_info->lm_resp.data, user_info->lm_resp.length); + DEBUG(100, ("nt:\n")); + dump_data(100, user_info->nt_resp.data, user_info->nt_resp.length); +#endif + + /* This needs to be sorted: If it doesn't match, what should we do? */ + if (!check_domain_match(user_info->smb_name.str, user_info->domain.str)) { + return NT_STATUS_LOGON_FAILURE; + } + + for (auth_method = auth_context->auth_method_list;auth_method; auth_method = auth_method->next) + { + mem_ctx = talloc_init_named("%s authentication for user %s\\%s", auth_method->name, + user_info->domain.str, user_info->smb_name.str); + + nt_status = auth_method->auth(auth_context, auth_method->private_data, mem_ctx, user_info, server_info); + if (NT_STATUS_IS_OK(nt_status)) { + DEBUG(3, ("check_password: %s authentication for user [%s] suceeded\n", + auth_method->name, user_info->smb_name.str)); + } else { + DEBUG(5, ("check_password: %s authentication for user [%s] FAILED with error %s\n", + auth_method->name, user_info->smb_name.str, nt_errstr(nt_status))); + } + + talloc_destroy(mem_ctx); + + if (NT_STATUS_IS_OK(nt_status)) { + break; + } + } + + /* This is one of the few places the *relies* (rather than just sets defaults + on the value of lp_security(). This needs to change. A new paramater + perhaps? */ + if (lp_security() >= SEC_SERVER) { + smb_user_control(user_info, *server_info, nt_status); + } + + if (NT_STATUS_IS_OK(nt_status)) { + pdb_username = pdb_get_username((*server_info)->sam_account); + if (!(*server_info)->guest) { + /* We might not be root if we are an RPC call */ + become_root(); + nt_status = smb_pam_accountcheck(pdb_username); + unbecome_root(); + + if (NT_STATUS_IS_OK(nt_status)) { + DEBUG(5, ("check_password: PAM Account for user [%s] suceeded\n", + pdb_username)); + } else { + DEBUG(3, ("check_password: PAM Account for user [%s] FAILED with error %s\n", + pdb_username, nt_errstr(nt_status))); + } + } + + if (NT_STATUS_IS_OK(nt_status)) { + DEBUG((*server_info)->guest ? 5 : 2, + ("check_password: %sauthenticaion for user [%s] -> [%s] -> [%s] suceeded\n", + (*server_info)->guest ? "guest " : "", + user_info->smb_name.str, + user_info->internal_username.str, + pdb_username)); + } + } + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(2, ("check_password: Authenticaion for user [%s] -> [%s] FAILED with error %s\n", + user_info->smb_name.str, user_info->internal_username.str, + nt_errstr(nt_status))); + ZERO_STRUCTP(server_info); + } + return nt_status; +} + +/*************************************************************************** + Clear out a auth_context, and destroy the attached TALLOC_CTX +***************************************************************************/ + +static void free_auth_context(struct auth_context **auth_context) +{ + if (*auth_context != NULL) { + talloc_destroy((*auth_context)->mem_ctx); + } + *auth_context = NULL; +} + +/*************************************************************************** + Make a auth_info struct +***************************************************************************/ + +static NTSTATUS make_auth_context(struct auth_context **auth_context) +{ + TALLOC_CTX *mem_ctx; + + mem_ctx = talloc_init_named("authentication context"); + + *auth_context = talloc(mem_ctx, sizeof(**auth_context)); + if (!*auth_context) { + DEBUG(0,("make_auth_context: talloc failed!\n")); + talloc_destroy(mem_ctx); + return NT_STATUS_NO_MEMORY; + } + ZERO_STRUCTP(*auth_context); + + (*auth_context)->mem_ctx = mem_ctx; + (*auth_context)->check_ntlm_password = check_ntlm_password; + (*auth_context)->get_ntlm_challenge = get_ntlm_challenge; + (*auth_context)->free = free_auth_context; + + return NT_STATUS_OK; +} + +/*************************************************************************** + Make a auth_info struct for the auth subsystem +***************************************************************************/ + +static NTSTATUS make_auth_context_text_list(struct auth_context **auth_context, char **text_list) +{ + auth_methods *list = NULL; + auth_methods *t = NULL; + auth_methods *tmp; + int i; + NTSTATUS nt_status; + + if (!text_list) { + DEBUG(2,("No auth method list!?\n")); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!NT_STATUS_IS_OK(nt_status = make_auth_context(auth_context))) { + return nt_status; + } + + for (;*text_list; text_list++) + { + DEBUG(5,("Attempting to find an auth method to match %s\n", *text_list)); + for (i = 0; builtin_auth_init_functions[i].name; i++) + { + if (strequal(builtin_auth_init_functions[i].name, *text_list)) + { + DEBUG(5,("Found auth method %s (at pos %d)\n", *text_list, i)); + if (builtin_auth_init_functions[i].init(*auth_context, &t)) { + DEBUG(5,("auth method %s has a valid init\n", *text_list)); + t->name = builtin_auth_init_functions[i].name; + DLIST_ADD_END(list, t, tmp); + } else { + DEBUG(0,("auth method %s did not correctly init\n", *text_list)); + } + break; + } + } + } + + (*auth_context)->auth_method_list = list; + + return nt_status; +} + +/*************************************************************************** + Make a auth_context struct for the auth subsystem +***************************************************************************/ + +NTSTATUS make_auth_context_subsystem(struct auth_context **auth_context) +{ + char **auth_method_list = NULL; + NTSTATUS nt_status; + + if (lp_auth_methods() && !lp_list_copy(&auth_method_list, lp_auth_methods())) { + return NT_STATUS_NO_MEMORY; + } + + if (auth_method_list == NULL) { + switch (lp_security()) + { + case SEC_DOMAIN: + DEBUG(5,("Making default auth method list for security=domain\n")); + auth_method_list = lp_list_make("guest samstrict ntdomain"); + break; + case SEC_SERVER: + DEBUG(5,("Making default auth method list for security=server\n")); + auth_method_list = lp_list_make("guest samstrict smbserver"); + break; + case SEC_USER: + if (lp_encrypted_passwords()) { + DEBUG(5,("Making default auth method list for security=user, encrypt passwords = yes\n")); + auth_method_list = lp_list_make("guest sam"); + } else { + DEBUG(5,("Making default auth method list for security=user, encrypt passwords = no\n")); + auth_method_list = lp_list_make("guest unix"); + } + break; + case SEC_SHARE: + if (lp_encrypted_passwords()) { + DEBUG(5,("Making default auth method list for security=share, encrypt passwords = yes\n")); + auth_method_list = lp_list_make("guest sam"); + } else { + DEBUG(5,("Making default auth method list for security=share, encrypt passwords = no\n")); + auth_method_list = lp_list_make("guest unix"); + } + break; + case SEC_ADS: + DEBUG(5,("Making default auth method list for security=ADS\n")); + auth_method_list = lp_list_make("guest samstrict ads ntdomain"); + break; + default: + DEBUG(5,("Unknown auth method!\n")); + return NT_STATUS_UNSUCCESSFUL; + } + } else { + DEBUG(5,("Using specified auth order\n")); + } + + if (!NT_STATUS_IS_OK(nt_status = make_auth_context_text_list(auth_context, auth_method_list))) { + lp_list_free(&auth_method_list); + return nt_status; + } + + lp_list_free(&auth_method_list); + return nt_status; +} + +/*************************************************************************** + Make a auth_info struct with a random challenge +***************************************************************************/ + +NTSTATUS make_auth_context_random(struct auth_context **auth_context) +{ + uchar chal[8]; + NTSTATUS nt_status; + if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) { + return nt_status; + } + + generate_random_buffer(chal, sizeof(chal), False); + (*auth_context)->challenge = data_blob(chal, sizeof(chal)); + + (*auth_context)->challenge_set_by = "random"; + + return nt_status; +} + +/*************************************************************************** + Make a auth_info struct with a fixed challenge +***************************************************************************/ + +NTSTATUS make_auth_context_fixed(struct auth_context **auth_context, uchar chal[8]) +{ + NTSTATUS nt_status; + if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(auth_context))) { + return nt_status; + } + + (*auth_context)->challenge = data_blob(chal, 8); + return nt_status; +} + + diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c new file mode 100644 index 00000000000..6e999b0d14f --- /dev/null +++ b/source3/auth/auth_builtin.c @@ -0,0 +1,111 @@ +/* + Unix SMB/CIFS implementation. + Generic authenticaion types + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/** + * Return a guest logon for guest users (username = "") + * + * Typically used as the first module in the auth chain, this allows + * guest logons to be delt with in one place. Non-gust logons 'fail' + * and pass onto the next module. + **/ + +static NTSTATUS check_guest_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + + if (!(user_info->internal_username.str + && *user_info->internal_username.str)) { + if (make_server_info_guest(server_info)) { + nt_status = NT_STATUS_OK; + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + } + + return nt_status; +} + +/* Guest modules initialisation */ +BOOL auth_init_guest(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_guest_security; + return True; +} + +/** + * Return an error based on username + * + * This function allows the testing of obsure errors, as well as the generation + * of NT_STATUS -> DOS error mapping tables. + * + * This module is of no value to end-users. + * + * The password is ignored. + * + * @return An NTSTATUS value based on the username + **/ + +static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status; + fstring user; + long error_num; + fstrcpy(user, user_info->smb_name.str); + + if (strncasecmp("NT_STATUS", user, strlen("NT_STATUS")) == 0) { + strupper(user); + return nt_status_string_to_code(user); + } + + strlower(user); + error_num = strtoul(user, NULL, 16); + + DEBUG(5,("Error for user %s was %lx\n", user, error_num)); + + nt_status = NT_STATUS(error_num); + + return nt_status; +} + +/** Module initailisation function */ +BOOL auth_init_name_to_ntstatus(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_name_to_ntstatus_security; + return True; +} + diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c new file mode 100644 index 00000000000..857cf2b7d9f --- /dev/null +++ b/source3/auth/auth_compat.c @@ -0,0 +1,119 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Bartlett 2001-2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/**************************************************************************** + COMPATIBILITY INTERFACES: + ***************************************************************************/ + +/**************************************************************************** +check if a username/password is OK assuming the password is a 24 byte +SMB hash +return True if the password is correct, False otherwise +****************************************************************************/ + +NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info) +{ + struct auth_context *plaintext_auth_context = NULL; + auth_usersupplied_info *user_info = NULL; + const uint8 *chal; + NTSTATUS nt_status; + if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) { + return nt_status; + } + + chal = plaintext_auth_context->get_ntlm_challenge(plaintext_auth_context); + + if (!make_user_info_for_reply(&user_info, + smb_name, lp_workgroup(), chal, + plaintext_password)) { + return NT_STATUS_NO_MEMORY; + } + + nt_status = plaintext_auth_context->check_ntlm_password(plaintext_auth_context, + user_info, server_info); + + (plaintext_auth_context->free)(&plaintext_auth_context); + free_user_info(&user_info); + return nt_status; +} + +static NTSTATUS pass_check_smb(const char *smb_name, + const char *domain, + DATA_BLOB lm_pwd, + DATA_BLOB nt_pwd, + DATA_BLOB plaintext_password, + BOOL encrypted) + +{ + NTSTATUS nt_status; + extern struct auth_context *negprot_global_auth_context; + auth_serversupplied_info *server_info = NULL; + if (encrypted) { + auth_usersupplied_info *user_info = NULL; + make_user_info_for_reply_enc(&user_info, smb_name, + domain, + lm_pwd, + nt_pwd); + nt_status = negprot_global_auth_context->check_ntlm_password(negprot_global_auth_context, + user_info, &server_info); + free_user_info(&user_info); + } else { + nt_status = check_plaintext_password(smb_name, plaintext_password, &server_info); + } + free_server_info(&server_info); + return nt_status; +} + +/**************************************************************************** +check if a username/password pair is ok via the auth subsystem. +return True if the password is correct, False otherwise +****************************************************************************/ +BOOL password_ok(char *smb_name, DATA_BLOB password_blob) +{ + + DATA_BLOB null_password = data_blob(NULL, 0); + extern BOOL global_encrypted_passwords_negotiated; + BOOL encrypted = (global_encrypted_passwords_negotiated && password_blob.length == 24); + + if (encrypted) { + /* + * The password could be either NTLM or plain LM. Try NTLM first, + * but fall-through as required. + * NTLMv2 makes no sense here. + */ + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, password_blob, null_password, encrypted))) { + return True; + } + + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), password_blob, null_password, null_password, encrypted))) { + return True; + } + } else { + if (NT_STATUS_IS_OK(pass_check_smb(smb_name, lp_workgroup(), null_password, null_password, password_blob, encrypted))) { + return True; + } + } + + return False; +} + + diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c new file mode 100644 index 00000000000..af353ef812c --- /dev/null +++ b/source3/auth/auth_domain.c @@ -0,0 +1,571 @@ +/* + Unix SMB/CIFS implementation. + Authenticate against a remote domain + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +BOOL global_machine_password_needs_changing = False; + +extern pstring global_myname; +extern userdom_struct current_user_info; + +/** + * Connect to a remote server for domain security authenticaion. + * + * @param cli the cli to return containing the active connection + * @param server either a machine name or text IP address to + * connect to. + * @param trust_password the trust password to establish the + * credentials with. + * + **/ + +static NTSTATUS connect_to_domain_password_server(struct cli_state **cli, + const char *server, + const char *setup_creds_as, + uint16 sec_chan, + const unsigned char *trust_passwd) +{ + struct in_addr dest_ip; + fstring remote_machine; + NTSTATUS result; + + if (is_ipaddress(server)) { + struct in_addr to_ip; + + /* we shouldn't have 255.255.255.255 forthe IP address of + a password server anyways */ + if ((to_ip.s_addr=inet_addr(server)) == 0xFFFFFFFF) { + DEBUG (0,("connect_to_domain_password_server: inet_addr(%s) returned 0xFFFFFFFF!\n", server)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (!name_status_find("*", 0x20, 0x20, to_ip, remote_machine)) { + DEBUG(0, ("connect_to_domain_password_server: Can't " + "resolve name for IP %s\n", server)); + return NT_STATUS_UNSUCCESSFUL; + } + } else { + fstrcpy(remote_machine, server); + } + + standard_sub_basic(current_user_info.smb_name, remote_machine); + strupper(remote_machine); + + if(!resolve_name( remote_machine, &dest_ip, 0x20)) { + DEBUG(1,("connect_to_domain_password_server: Can't resolve address for %s\n", remote_machine)); + return NT_STATUS_UNSUCCESSFUL; + } + + if (ismyip(dest_ip)) { + DEBUG(1,("connect_to_domain_password_server: Password server loop - not using password server %s\n", + remote_machine)); + return NT_STATUS_UNSUCCESSFUL; + } + + /* TODO: Send a SAMLOGON request to determine whether this is a valid + logonserver. We can avoid a 30-second timeout if the DC is down + if the SAMLOGON request fails as it is only over UDP. */ + + /* we use a mutex to prevent two connections at once - when a NT PDC gets + two connections where one hasn't completed a negprot yet it will send a + TCP reset to the first connection (tridge) */ + if (!message_named_mutex(server, 20)) { + DEBUG(1,("connect_to_domain_password_server: domain mutex failed for %s\n", server)); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Attempt connection */ + result = cli_full_connection(cli, global_myname, server, + &dest_ip, 0, "IPC$", "IPC", "", "", "", 0); + + message_named_mutex_release(server); + + if (!NT_STATUS_IS_OK(result)) { + return result; + } + + /* + * We now have an anonymous connection to IPC$ on the domain password server. + */ + + /* + * Even if the connect succeeds we need to setup the netlogon + * pipe here. We do this as we may just have changed the domain + * account password on the PDC and yet we may be talking to + * a BDC that doesn't have this replicated yet. In this case + * a successful connect to a DC needs to take the netlogon connect + * into account also. This patch from "Bjart Kvarme" . + */ + + if(cli_nt_session_open(*cli, PIPE_NETLOGON) == False) { + DEBUG(0,("connect_to_domain_password_server: unable to open the domain client session to \ +machine %s. Error was : %s.\n", remote_machine, cli_errstr(*cli))); + cli_nt_session_close(*cli); + cli_ulogoff(*cli); + cli_shutdown(*cli); + return NT_STATUS_UNSUCCESSFUL; + } + + snprintf((*cli)->mach_acct, sizeof((*cli)->mach_acct) - 1, "%s$", setup_creds_as); + + if (!(*cli)->mach_acct) { + return NT_STATUS_NO_MEMORY; + } + + result = new_cli_nt_setup_creds(*cli, sec_chan, trust_passwd); + + if (!NT_STATUS_IS_OK(result)) { + DEBUG(0,("connect_to_domain_password_server: unable to setup the PDC credentials to machine \ +%s. Error was : %s.\n", remote_machine, nt_errstr(result))); + cli_nt_session_close(*cli); + cli_ulogoff(*cli); + cli_shutdown(*cli); + return result; + } + + return NT_STATUS_OK; +} + +/*********************************************************************** + Utility function to attempt a connection to an IP address of a DC. +************************************************************************/ + +static NTSTATUS attempt_connect_to_dc(struct cli_state **cli, + const char *domain, + struct in_addr *ip, + const char *setup_creds_as, + uint16 sec_chan, + const unsigned char *trust_passwd) +{ + fstring dc_name; + + /* + * Ignore addresses we have already tried. + */ + + if (is_zero_ip(*ip)) + return NT_STATUS_UNSUCCESSFUL; + + if (!lookup_dc_name(global_myname, domain, ip, dc_name)) + return NT_STATUS_UNSUCCESSFUL; + + return connect_to_domain_password_server(cli, dc_name, setup_creds_as, sec_chan, trust_passwd); +} + +/*********************************************************************** + We have been asked to dynamcially determine the IP addresses of + the PDC and BDC's for DOMAIN, and query them in turn. +************************************************************************/ +static NTSTATUS find_connect_pdc(struct cli_state **cli, + const char *domain, + const char *setup_creds_as, + uint16 sec_chan, + unsigned char *trust_passwd, + time_t last_change_time) +{ + struct in_addr *ip_list = NULL; + int count = 0; + int i; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + time_t time_now = time(NULL); + BOOL use_pdc_only = False; + + /* + * If the time the machine password has changed + * was less than an hour ago then we need to contact + * the PDC only, as we cannot be sure domain replication + * has yet taken place. Bug found by Gerald (way to go + * Gerald !). JRA. + */ + + if (time_now - last_change_time < 3600) + use_pdc_only = True; + + if (!get_dc_list(use_pdc_only, domain, &ip_list, &count)) + return NT_STATUS_UNSUCCESSFUL; + + /* + * Firstly try and contact a PDC/BDC who has the same + * network address as any of our interfaces. + */ + for(i = 0; i < count; i++) { + if(!is_local_net(ip_list[i])) + continue; + + if(NT_STATUS_IS_OK(nt_status = + attempt_connect_to_dc(cli, domain, + &ip_list[i], setup_creds_as, + sec_chan, trust_passwd))) + break; + + zero_ip(&ip_list[i]); /* Tried and failed. */ + } + + /* + * Secondly try and contact a random PDC/BDC. + */ + if(!NT_STATUS_IS_OK(nt_status)) { + i = (sys_random() % count); + + if (!is_zero_ip(ip_list[i])) { + if (!NT_STATUS_IS_OK(nt_status = + attempt_connect_to_dc(cli, domain, + &ip_list[i], setup_creds_as, + sec_chan, trust_passwd))) + zero_ip(&ip_list[i]); /* Tried and failed. */ + } + } + + /* + * Finally go through the IP list in turn, ignoring any addresses + * we have already tried. + */ + if(!NT_STATUS_IS_OK(nt_status)) { + /* + * Try and connect to any of the other IP addresses in the PDC/BDC list. + * Note that from a WINS server the #1 IP address is the PDC. + */ + for(i = 0; i < count; i++) { + if (is_zero_ip(ip_list[i])) + continue; + + if (NT_STATUS_IS_OK(nt_status = attempt_connect_to_dc(cli, domain, + &ip_list[i], setup_creds_as, sec_chan, trust_passwd))) + break; + } + } + + SAFE_FREE(ip_list); + return nt_status; +} + +/*********************************************************************** + Do the same as security=server, but using NT Domain calls and a session + key from the machine password. If the server parameter is specified + use it, otherwise figure out a server from the 'password server' param. +************************************************************************/ + +static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + const char *domain, + uchar chal[8], + auth_serversupplied_info **server_info, + char *server, char *setup_creds_as, + uint16 sec_chan, + unsigned char *trust_passwd, + time_t last_change_time) +{ + fstring remote_machine; + NET_USER_INFO_3 info3; + struct cli_state *cli = NULL; + NTSTATUS nt_status = NT_STATUS_UNSUCCESSFUL; + struct passwd *pass; + + /* + * At this point, smb_apasswd points to the lanman response to + * the challenge in local_challenge, and smb_ntpasswd points to + * the NT response to the challenge in local_challenge. Ship + * these over the secure channel to a domain controller and + * see if they were valid. + */ + + while (!NT_STATUS_IS_OK(nt_status) && + next_token(&server,remote_machine,LIST_SEP,sizeof(remote_machine))) { + if(strequal(remote_machine, "*")) { + nt_status = find_connect_pdc(&cli, domain, setup_creds_as, sec_chan, trust_passwd, last_change_time); + } else { + nt_status = connect_to_domain_password_server(&cli, remote_machine, setup_creds_as, sec_chan, trust_passwd); + } + } + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("domain_client_validate: Domain password server not available.\n")); + return nt_status; + } + + ZERO_STRUCT(info3); + + /* + * If this call succeeds, we now have lots of info about the user + * in the info3 structure. + */ + + nt_status = cli_netlogon_sam_network_logon(cli, mem_ctx, + user_info->smb_name.str, user_info->domain.str, + user_info->wksta_name.str, chal, + user_info->lm_resp, user_info->nt_resp, + &info3); + + if (!NT_STATUS_IS_OK(nt_status)) { + DEBUG(0,("domain_client_validate: unable to validate password " + "for user %s in domain %s to Domain controller %s. " + "Error was %s.\n", user_info->smb_name.str, + user_info->domain.str, cli->srv_name_slash, + nt_errstr(nt_status))); + } else { + char *dom_user; + + /* Check DOMAIN\username first to catch winbind users, then + just the username for local users. */ + + dom_user = talloc_asprintf(mem_ctx, "%s%s%s", user_info->domain.str, + lp_winbind_separator(), + user_info->internal_username.str); + + if (!dom_user) { + DEBUG(0, ("talloc_asprintf failed!\n")); + nt_status = NT_STATUS_NO_MEMORY; + } else { + + if (!(pass = Get_Pwnam(dom_user))) + pass = Get_Pwnam(user_info->internal_username.str); + + if (pass) { + make_server_info_pw(server_info, pass); + if (!server_info) { + nt_status = NT_STATUS_NO_MEMORY; + } + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + } + } + + /* Store the user group information in the server_info returned to the caller. */ + + if (NT_STATUS_IS_OK(nt_status) && (info3.num_groups2 != 0)) { + int i; + NT_USER_TOKEN *ptok; + auth_serversupplied_info *pserver_info = *server_info; + + if ((pserver_info->ptok = malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) { + DEBUG(0, ("domain_client_validate: out of memory allocating rid group membership\n")); + nt_status = NT_STATUS_NO_MEMORY; + free_server_info(server_info); + goto done; + } + + ptok = pserver_info->ptok; + ptok->num_sids = (size_t)info3.num_groups2; + + if ((ptok->user_sids = (DOM_SID *)malloc( sizeof(DOM_SID) * ptok->num_sids )) == NULL) { + DEBUG(0, ("domain_client_validate: Out of memory allocating group SIDS\n")); + nt_status = NT_STATUS_NO_MEMORY; + free_server_info(server_info); + goto done; + } + + for (i = 0; i < ptok->num_sids; i++) { + sid_copy(&ptok->user_sids[i], &info3.dom_sid.sid); + sid_append_rid(&ptok->user_sids[i], info3.gids[i].g_rid); + } + + uni_group_cache_store_netlogon(mem_ctx, &info3); + } + +#if 0 + /* + * We don't actually need to do this - plus it fails currently with + * NT_STATUS_INVALID_INFO_CLASS - we need to know *exactly* what to + * send here. JRA. + */ + + if (NT_STATUS_IS_OK(status)) { + if(cli_nt_logoff(&cli, &ctr) == False) { + DEBUG(0,("domain_client_validate: unable to log off user %s in domain \ +%s to Domain controller %s. Error was %s.\n", user, domain, remote_machine, cli_errstr(&cli))); + nt_status = NT_STATUS_LOGON_FAILURE; + } + } +#endif /* 0 */ + + done: + + /* Note - once the cli stream is shutdown the mem_ctx used + to allocate the other_sids and gids structures has been deleted - so + these pointers are no longer valid..... */ + + cli_nt_session_close(cli); + cli_ulogoff(cli); + cli_shutdown(cli); + return nt_status; +} + +/**************************************************************************** + Check for a valid username and password in security=domain mode. +****************************************************************************/ + +static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + char *password_server; + unsigned char trust_passwd[16]; + time_t last_change_time; + char *domain = lp_workgroup(); + + if (!user_info || !server_info || !auth_context) { + DEBUG(1,("check_ntdomain_security: Critical variables not present. Failing.\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Check that the requested domain is not our own machine name. + * If it is, we should never check the PDC here, we use our own local + * password file. + */ + + if(is_netbios_alias_or_name(user_info->domain.str)) { + DEBUG(3,("check_ntdomain_security: Requested domain was for this machine.\n")); + return NT_STATUS_LOGON_FAILURE; + } + + /* + * Get the machine account password for our primary domain + * No need to become_root() as secrets_init() is done at startup. + */ + + if (!secrets_fetch_trust_account_password(domain, trust_passwd, &last_change_time)) + { + DEBUG(0, ("check_ntdomain_security: could not fetch trust account password for domain %s\n", lp_workgroup())); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + + /* Test if machine password is expired and need to be changed */ + if (time(NULL) > last_change_time + lp_machine_password_timeout()) + { + global_machine_password_needs_changing = True; + } + + /* + * Treat each name in the 'password server =' line as a potential + * PDC/BDC. Contact each in turn and try and authenticate. + */ + + password_server = lp_passwordserver(); + + nt_status = domain_client_validate(mem_ctx, user_info, domain, + (uchar *)auth_context->challenge.data, + server_info, + password_server, global_myname, SEC_CHAN_WKSTA, trust_passwd, last_change_time); + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_ntdomain(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_ntdomain_security; + return True; +} + + +/**************************************************************************** + Check for a valid username and password in a trusted domain +****************************************************************************/ + +static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + unsigned char trust_md4_password[16]; + char *trust_password; + time_t last_change_time; + DOM_SID sid; + + if (!user_info || !server_info || !auth_context) { + DEBUG(1,("check_trustdomain_security: Critical variables not present. Failing.\n")); + return NT_STATUS_INVALID_PARAMETER; + } + + /* + * Check that the requested domain is not our own machine name. + * If it is, we should never check the PDC here, we use our own local + * password file. + */ + + if(is_netbios_alias_or_name(user_info->domain.str)) { + DEBUG(3,("check_trustdomain_security: Requested domain was for this machine.\n")); + return NT_STATUS_LOGON_FAILURE; + } + + /* + * Check that the requested domain is not our own domain, + * If it is, we should use our own local password file. + */ + + if(strequal(lp_workgroup(), (user_info->domain.str))) { + DEBUG(3,("check_trustdomain_security: Requested domain was for this domain.\n")); + return NT_STATUS_LOGON_FAILURE; + } + + /* + * Get the machine account password for the trusted domain + * No need to become_root() as secrets_init() is done at startup. + */ + + if (!secrets_fetch_trusted_domain_password(user_info->domain.str, &trust_password, &sid, &last_change_time)) + { + DEBUG(0, ("check_trustdomain_security: could not fetch trust account password for domain %s\n", user_info->domain.str)); + return NT_STATUS_CANT_ACCESS_DOMAIN_INFO; + } + +#ifdef DEBUG_PASSWORD + DEBUG(100, ("Trust password for domain %s is %s\n", user_info->domain.str, trust_password)); +#endif + E_md4hash((uchar *)trust_password, trust_md4_password); + SAFE_FREE(trust_password); + +#if 0 + /* Test if machine password is expired and need to be changed */ + if (time(NULL) > last_change_time + lp_machine_password_timeout()) + { + global_machine_password_needs_changing = True; + } +#endif + + nt_status = domain_client_validate(mem_ctx, user_info, user_info->domain.str, + (uchar *)auth_context->challenge.data, + server_info, "*" /* Do a lookup */, + lp_workgroup(), SEC_CHAN_DOMAIN, trust_md4_password, last_change_time); + + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_trustdomain(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_trustdomain_security; + return True; +} diff --git a/source3/auth/auth_rhosts.c b/source3/auth/auth_rhosts.c new file mode 100644 index 00000000000..9586d1d65ec --- /dev/null +++ b/source3/auth/auth_rhosts.c @@ -0,0 +1,231 @@ +/* + Unix SMB/CIFS implementation. + Main SMB reply routines + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/**************************************************************************** + Read the a hosts.equiv or .rhosts file and check if it + allows this user from this machine. +****************************************************************************/ + +static BOOL check_user_equiv(const char *user, const char *remote, const char *equiv_file) +{ + int plus_allowed = 1; + char *file_host; + char *file_user; + char **lines = file_lines_load(equiv_file, NULL); + int i; + + DEBUG(5, ("check_user_equiv %s %s %s\n", user, remote, equiv_file)); + if (! lines) return False; + for (i=0; lines[i]; i++) { + char *buf = lines[i]; + trim_string(buf," "," "); + + if (buf[0] != '#' && buf[0] != '\n') + { + BOOL is_group = False; + int plus = 1; + char *bp = buf; + if (strcmp(buf, "NO_PLUS\n") == 0) + { + DEBUG(6, ("check_user_equiv NO_PLUS\n")); + plus_allowed = 0; + } + else { + if (buf[0] == '+') + { + bp++; + if (*bp == '\n' && plus_allowed) + { + /* a bare plus means everbody allowed */ + DEBUG(6, ("check_user_equiv everybody allowed\n")); + file_lines_free(lines); + return True; + } + } + else if (buf[0] == '-') + { + bp++; + plus = 0; + } + if (*bp == '@') + { + is_group = True; + bp++; + } + file_host = strtok(bp, " \t\n"); + file_user = strtok(NULL, " \t\n"); + DEBUG(7, ("check_user_equiv %s %s\n", file_host ? file_host : "(null)", + file_user ? file_user : "(null)" )); + if (file_host && *file_host) + { + BOOL host_ok = False; + +#if defined(HAVE_NETGROUP) && defined(HAVE_YP_GET_DEFAULT_DOMAIN) + if (is_group) + { + static char *mydomain = NULL; + if (!mydomain) + yp_get_default_domain(&mydomain); + if (mydomain && innetgr(file_host,remote,user,mydomain)) + host_ok = True; + } +#else + if (is_group) + { + DEBUG(1,("Netgroups not configured\n")); + continue; + } +#endif + + /* is it this host */ + /* the fact that remote has come from a call of gethostbyaddr + * means that it may have the fully qualified domain name + * so we could look up the file version to get it into + * a canonical form, but I would rather just type it + * in full in the equiv file + */ + if (!host_ok && !is_group && strequal(remote, file_host)) + host_ok = True; + + if (!host_ok) + continue; + + /* is it this user */ + if (file_user == 0 || strequal(user, file_user)) + { + DEBUG(5, ("check_user_equiv matched %s%s %s\n", + (plus ? "+" : "-"), file_host, + (file_user ? file_user : ""))); + file_lines_free(lines); + return (plus ? True : False); + } + } + } + } + } + file_lines_free(lines); + return False; +} + + +/**************************************************************************** +check for a possible hosts equiv or rhosts entry for the user +****************************************************************************/ + +static BOOL check_hosts_equiv(struct passwd *pass) +{ + char *fname = NULL; + + if (!pass) + return(False); + + fname = lp_hosts_equiv(); + + /* note: don't allow hosts.equiv on root */ + if (fname && *fname && (pass->pw_uid != 0)) { + if (check_user_equiv(pass->pw_name,client_name(),fname)) + return(True); + } + + return(False); +} + + +/**************************************************************************** + Check for a valid .rhosts/hosts.equiv entry for this user +****************************************************************************/ + +static NTSTATUS check_hostsequiv_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + struct passwd *pass = Get_Pwnam(user_info->internal_username.str); + + if (pass) { + if (check_hosts_equiv(pass)) { + nt_status = NT_STATUS_OK; + make_server_info_pw(server_info, pass); + } + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_hostsequiv(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_hostsequiv_security; + return True; +} + + +/**************************************************************************** + Check for a valid .rhosts/hosts.equiv entry for this user +****************************************************************************/ + +static NTSTATUS check_rhosts_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + struct passwd *pass = Get_Pwnam(user_info->internal_username.str); + pstring rhostsfile; + + if (pass) { + char *home = pass->pw_dir; + if (home) { + slprintf(rhostsfile, sizeof(rhostsfile)-1, "%s/.rhosts", home); + become_root(); + if (check_user_equiv(pass->pw_name,client_name(),rhostsfile)) { + nt_status = NT_STATUS_OK; + make_server_info_pw(server_info, pass); + } + unbecome_root(); + } + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_rhosts(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_rhosts_security; + return True; +} diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c new file mode 100644 index 00000000000..6753951c898 --- /dev/null +++ b/source3/auth/auth_sam.c @@ -0,0 +1,452 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/**************************************************************************** +core of smb password checking routine. +****************************************************************************/ +static BOOL smb_pwd_check_ntlmv1(DATA_BLOB nt_response, + const uchar *part_passwd, + DATA_BLOB sec_blob, + uint8 user_sess_key[16]) +{ + /* Finish the encryption of part_passwd. */ + uchar p24[24]; + + if (part_passwd == NULL) { + DEBUG(10,("No password set - DISALLOWING access\n")); + /* No password set - always false ! */ + return False; + } + + if (sec_blob.length != 8) { + DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect challenge size (%d)\n", sec_blob.length)); + return False; + } + + if (nt_response.length != 24) { + DEBUG(0, ("smb_pwd_check_ntlmv1: incorrect password length (%d)\n", nt_response.length)); + return False; + } + + SMBOWFencrypt(part_passwd, sec_blob.data, p24); + if (user_sess_key != NULL) + { + SMBsesskeygen_ntv1(part_passwd, NULL, user_sess_key); + } + + + +#if DEBUG_PASSWORD + DEBUG(100,("Part password (P16) was |")); + dump_data(100, part_passwd, 16); + DEBUG(100,("Password from client was |")); + dump_data(100, nt_response.data, nt_response.length); + DEBUG(100,("Given challenge was |")); + dump_data(100, sec_blob.data, sec_blob.length); + DEBUG(100,("Value from encryption was |")); + dump_data(100, p24, 24); +#endif + return (memcmp(p24, nt_response.data, 24) == 0); +} + +/**************************************************************************** +core of smb password checking routine. +****************************************************************************/ +static BOOL smb_pwd_check_ntlmv2(const DATA_BLOB ntv2_response, + const uchar *part_passwd, + const DATA_BLOB sec_blob, + const char *user, const char *domain, + uint8 user_sess_key[16]) +{ + /* Finish the encryption of part_passwd. */ + uchar kr[16]; + uchar value_from_encryption[16]; + uchar client_response[16]; + DATA_BLOB client_key_data; + + if (part_passwd == NULL) + { + DEBUG(10,("No password set - DISALLOWING access\n")); + /* No password set - always False */ + return False; + } + + if (ntv2_response.length < 16) { + /* We MUST have more than 16 bytes, or the stuff below will go + crazy... */ + DEBUG(0, ("smb_pwd_check_ntlmv2: incorrect password length (%d)\n", + ntv2_response.length)); + return False; + } + + client_key_data = data_blob(ntv2_response.data+16, ntv2_response.length-16); + memcpy(client_response, ntv2_response.data, sizeof(client_response)); + + ntv2_owf_gen(part_passwd, user, domain, kr); + SMBOWFencrypt_ntv2(kr, sec_blob, client_key_data, (char *)value_from_encryption); + if (user_sess_key != NULL) + { + SMBsesskeygen_ntv2(kr, value_from_encryption, user_sess_key); + } + +#if DEBUG_PASSWORD + DEBUG(100,("Part password (P16) was |")); + dump_data(100, part_passwd, 16); + DEBUG(100,("Password from client was |")); + dump_data(100, ntv2_response.data, ntv2_response.length); + DEBUG(100,("Variable data from client was |")); + dump_data(100, client_key_data.data, client_key_data.length); + DEBUG(100,("Given challenge was |")); + dump_data(100, sec_blob.data, sec_blob.length); + DEBUG(100,("Value from encryption was |")); + dump_data(100, value_from_encryption, 16); +#endif + data_blob_clear_free(&client_key_data); + return (memcmp(value_from_encryption, client_response, 16) == 0); +} + + +/**************************************************************************** + Do a specific test for an smb password being correct, given a smb_password and + the lanman and NT responses. +****************************************************************************/ +static NTSTATUS sam_password_ok(const struct auth_context *auth_context, + TALLOC_CTX *mem_ctx, + SAM_ACCOUNT *sampass, + const auth_usersupplied_info *user_info, + uint8 user_sess_key[16]) +{ + uint16 acct_ctrl; + const uint8 *nt_pw, *lm_pw; + uint32 auth_flags; + + acct_ctrl = pdb_get_acct_ctrl(sampass); + if (acct_ctrl & ACB_PWNOTREQ) + { + if (lp_null_passwords()) + { + DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", pdb_get_username(sampass))); + return(NT_STATUS_OK); + } + else + { + DEBUG(3,("Account for user '%s' has no password and null passwords are NOT allowed.\n", pdb_get_username(sampass))); + return(NT_STATUS_LOGON_FAILURE); + } + } + + nt_pw = pdb_get_nt_passwd(sampass); + lm_pw = pdb_get_lanman_passwd(sampass); + + auth_flags = user_info->auth_flags; + + if (nt_pw == NULL) { + DEBUG(3,("sam_password_ok: NO NT password stored for user %s.\n", + pdb_get_username(sampass))); + /* No return, we want to check the LM hash below in this case */ + auth_flags &= (~(AUTH_FLAG_NTLMv2_RESP | AUTH_FLAG_NTLM_RESP)); + } + + if (auth_flags & AUTH_FLAG_NTLMv2_RESP) { + /* We have the NT MD4 hash challenge available - see if we can + use it (ie. does it exist in the smbpasswd file). + */ + DEBUG(4,("sam_password_ok: Checking NTLMv2 password\n")); + if (smb_pwd_check_ntlmv2( user_info->nt_resp, + nt_pw, auth_context->challenge, + user_info->smb_name.str, + user_info->client_domain.str, + user_sess_key)) + { + return NT_STATUS_OK; + } else { + DEBUG(3,("sam_password_ok: NTLMv2 password check failed\n")); + return NT_STATUS_WRONG_PASSWORD; + } + } else if (auth_flags & AUTH_FLAG_NTLM_RESP) { + if (lp_ntlm_auth()) { + /* We have the NT MD4 hash challenge available - see if we can + use it (ie. does it exist in the smbpasswd file). + */ + DEBUG(4,("sam_password_ok: Checking NT MD4 password\n")); + if (smb_pwd_check_ntlmv1(user_info->nt_resp, + nt_pw, auth_context->challenge, + user_sess_key)) + { + return NT_STATUS_OK; + } else { + DEBUG(3,("sam_password_ok: NT MD4 password check failed for user %s\n",pdb_get_username(sampass))); + return NT_STATUS_WRONG_PASSWORD; + } + } else { + DEBUG(2,("sam_password_ok: NTLMv1 passwords NOT PERMITTED for user %s\n",pdb_get_username(sampass))); + /* No return, we want to check the LM hash below in this case */ + } + } + + if (lm_pw == NULL) { + DEBUG(3,("sam_password_ok: NO LanMan password set for user %s (and no NT password supplied)\n",pdb_get_username(sampass))); + auth_flags &= (~AUTH_FLAG_LM_RESP); + } + + if (auth_flags & AUTH_FLAG_LM_RESP) { + + if (user_info->lm_resp.length != 24) { + DEBUG(2,("sam_password_ok: invalid LanMan password length (%d) for user %s\n", + user_info->nt_resp.length, pdb_get_username(sampass))); + } + + if (!lp_lanman_auth()) { + DEBUG(3,("sam_password_ok: Lanman passwords NOT PERMITTED for user %s\n",pdb_get_username(sampass))); + return NT_STATUS_LOGON_FAILURE; + } + + DEBUG(4,("sam_password_ok: Checking LM password\n")); + if (smb_pwd_check_ntlmv1(user_info->lm_resp, + lm_pw, auth_context->challenge, + user_sess_key)) + { + return NT_STATUS_OK; + } else { + DEBUG(4,("sam_password_ok: LM password check failed for user %s\n",pdb_get_username(sampass))); + return NT_STATUS_WRONG_PASSWORD; + } + } + + /* Should not be reached, but if they send nothing... */ + DEBUG(3,("sam_password_ok: NEITHER LanMan nor NT password supplied for user %s\n",pdb_get_username(sampass))); + return NT_STATUS_WRONG_PASSWORD; +} + +/**************************************************************************** + Do a specific test for a SAM_ACCOUNT being vaild for this connection + (ie not disabled, expired and the like). +****************************************************************************/ +static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx, + SAM_ACCOUNT *sampass, + const auth_usersupplied_info *user_info) +{ + uint16 acct_ctrl = pdb_get_acct_ctrl(sampass); + char *workstation_list; + time_t kickoff_time; + + DEBUG(4,("sam_account_ok: Checking SMB password for user %s\n",pdb_get_username(sampass))); + + /* Quit if the account was disabled. */ + if (acct_ctrl & ACB_DISABLED) { + DEBUG(1,("Account for user '%s' was disabled.\n", pdb_get_username(sampass))); + return NT_STATUS_ACCOUNT_DISABLED; + } + + /* Test account expire time */ + + kickoff_time = pdb_get_kickoff_time(sampass); + if (kickoff_time != 0 && time(NULL) > kickoff_time) { + DEBUG(1,("Account for user '%s' has expried.\n", pdb_get_username(sampass))); + DEBUG(3,("Account expired at '%ld' unix time.\n", (long)kickoff_time)); + return NT_STATUS_ACCOUNT_EXPIRED; + } + + if (!(pdb_get_acct_ctrl(sampass) & ACB_PWNOEXP)) { + time_t must_change_time = pdb_get_pass_must_change_time(sampass); + time_t last_set_time = pdb_get_pass_last_set_time(sampass); + + /* check for immediate expiry "must change at next logon" */ + if (must_change_time == 0 && last_set_time != 0) { + DEBUG(1,("Account for user '%s' password must change!.\n", pdb_get_username(sampass))); + return NT_STATUS_PASSWORD_MUST_CHANGE; + } + + /* check for expired password */ + if (must_change_time < time(NULL) && must_change_time != 0) { + DEBUG(1,("Account for user '%s' password expired!.\n", pdb_get_username(sampass))); + DEBUG(1,("Password expired at '%s' (%ld) unix time.\n", http_timestring(must_change_time), (long)must_change_time)); + return NT_STATUS_PASSWORD_EXPIRED; + } + } + + /* Test workstation. Workstation list is comma separated. */ + + workstation_list = talloc_strdup(mem_ctx, pdb_get_workstations(sampass)); + + if (!workstation_list) return NT_STATUS_NO_MEMORY; + + if (*workstation_list) { + BOOL invalid_ws = True; + char *s = workstation_list; + + fstring tok; + + while (next_token(&s, tok, ",", sizeof(tok))) { + DEBUG(10,("checking for workstation match %s and %s (len=%d)\n", + tok, user_info->wksta_name.str, user_info->wksta_name.len)); + if(strequal(tok, user_info->wksta_name.str)) { + invalid_ws = False; + break; + } + } + + if (invalid_ws) + return NT_STATUS_INVALID_WORKSTATION; + } + + if (acct_ctrl & ACB_DOMTRUST) { + DEBUG(2,("sam_account_ok: Domain trust account %s denied by server\n", pdb_get_username(sampass))); + return NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_SVRTRUST) { + DEBUG(2,("sam_account_ok: Server trust account %s denied by server\n", pdb_get_username(sampass))); + return NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT; + } + + if (acct_ctrl & ACB_WSTRUST) { + DEBUG(4,("sam_account_ok: Wksta trust account %s denied by server\n", pdb_get_username(sampass))); + return NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT; + } + + return NT_STATUS_OK; +} + + +/**************************************************************************** +check if a username/password is OK assuming the password is a 24 byte +SMB hash supplied in the user_info structure +return an NT_STATUS constant. +****************************************************************************/ + +static NTSTATUS check_sam_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + SAM_ACCOUNT *sampass=NULL; + BOOL ret; + NTSTATUS nt_status; + uint8 user_sess_key[16]; + const uint8* lm_hash; + + if (!user_info || !auth_context) { + return NT_STATUS_UNSUCCESSFUL; + } + + /* Can't use the talloc version here, becouse the returned struct gets + kept on the server_info */ + if (!NT_STATUS_IS_OK(nt_status = pdb_init_sam(&sampass))) { + return nt_status; + } + + /* get the account information */ + + become_root(); + ret = pdb_getsampwnam(sampass, user_info->internal_username.str); + unbecome_root(); + + if (ret == False) + { + DEBUG(3,("Couldn't find user '%s' in passdb file.\n", user_info->internal_username.str)); + pdb_free_sam(&sampass); + return NT_STATUS_NO_SUCH_USER; + } + + nt_status = sam_password_ok(auth_context, mem_ctx, sampass, user_info, user_sess_key); + + if (!NT_STATUS_IS_OK(nt_status)) { + pdb_free_sam(&sampass); + return nt_status; + } + + nt_status = sam_account_ok(mem_ctx, sampass, user_info); + + if (!NT_STATUS_IS_OK(nt_status)) { + pdb_free_sam(&sampass); + return nt_status; + } + + if (!make_server_info_sam(server_info, sampass)) { + DEBUG(0,("failed to malloc memory for server_info\n")); + return NT_STATUS_NO_MEMORY; + } + + lm_hash = pdb_get_lanman_passwd((*server_info)->sam_account); + if (lm_hash) { + memcpy((*server_info)->first_8_lm_hash, lm_hash, 8); + } + + memcpy((*server_info)->session_key, user_sess_key, sizeof(user_sess_key)); + + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_sam(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_sam_security; + return True; +} + + +/**************************************************************************** +Check SAM security (above) but with a few extra checks. +****************************************************************************/ + +static NTSTATUS check_samstrict_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + + if (!user_info || !auth_context) { + return NT_STATUS_LOGON_FAILURE; + } + + /* If we are a domain member, we must not + attempt to check the password locally, + unless it is one of our aliases. */ + + if (!is_netbios_alias_or_name(user_info->domain.str)) { + return NT_STATUS_NO_SUCH_USER; + } + + return check_sam_security(auth_context, my_private_data, mem_ctx, user_info, server_info); +} + +/* module initialisation */ +BOOL auth_init_samstrict(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_samstrict_security; + return True; +} + + diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c new file mode 100644 index 00000000000..5190d45c203 --- /dev/null +++ b/source3/auth/auth_server.c @@ -0,0 +1,367 @@ +/* + Unix SMB/CIFS implementation. + Authenticate to a remote server + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern pstring global_myname; +extern userdom_struct current_user_info; + +/**************************************************************************** + Support for server level security. +****************************************************************************/ + +static struct cli_state *server_cryptkey(TALLOC_CTX *mem_ctx) +{ + struct cli_state *cli = NULL; + fstring desthost; + struct in_addr dest_ip; + char *p, *pserver; + BOOL connected_ok = False; + + if (!(cli = cli_initialise(cli))) + return NULL; + + /* security = server just can't function with spnego */ + cli->use_spnego = False; + + pserver = talloc_strdup(mem_ctx, lp_passwordserver()); + p = pserver; + + while(next_token( &p, desthost, LIST_SEP, sizeof(desthost))) { + standard_sub_basic(current_user_info.smb_name, desthost); + strupper(desthost); + + if(!resolve_name( desthost, &dest_ip, 0x20)) { + DEBUG(1,("server_cryptkey: Can't resolve address for %s\n",desthost)); + continue; + } + + if (ismyip(dest_ip)) { + DEBUG(1,("Password server loop - disabling password server %s\n",desthost)); + continue; + } + + if (cli_connect(cli, desthost, &dest_ip)) { + DEBUG(3,("connected to password server %s\n",desthost)); + connected_ok = True; + break; + } + } + + if (!connected_ok) { + DEBUG(0,("password server not available\n")); + cli_shutdown(cli); + return NULL; + } + + if (!attempt_netbios_session_request(cli, global_myname, desthost, &dest_ip)) + return NULL; + + if (strequal(desthost,myhostname())) { + exit_server("Password server loop!"); + } + + DEBUG(3,("got session\n")); + + if (!cli_negprot(cli)) { + DEBUG(1,("%s rejected the negprot\n",desthost)); + cli_shutdown(cli); + return NULL; + } + + if (cli->protocol < PROTOCOL_LANMAN2 || + !(cli->sec_mode & 1)) { + DEBUG(1,("%s isn't in user level security mode\n",desthost)); + cli_shutdown(cli); + return NULL; + } + + DEBUG(3,("password server OK\n")); + + return cli; +} + +/**************************************************************************** + Clean up our allocated cli. +****************************************************************************/ + +static void free_server_private_data(void **private_data_pointer) +{ + struct cli_state **cli = (struct cli_state **)private_data_pointer; + if (*cli && (*cli)->initialised) { + cli_shutdown(*cli); + } +} + +/**************************************************************************** + Send a 'keepalive' packet down the cli pipe. +****************************************************************************/ + +static void send_server_keepalive(void **private_data_pointer) +{ + struct cli_state **cli = (struct cli_state **)private_data_pointer; + + /* also send a keepalive to the password server if its still + connected */ + if (cli && *cli && (*cli)->initialised) { + if (!send_keepalive((*cli)->fd)) { + DEBUG( 2, ( "password server keepalive failed.\n")); + cli_shutdown(*cli); + } + } +} + +/**************************************************************************** + Get the challenge out of a password server. +****************************************************************************/ + +static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_context, + void **my_private_data, + TALLOC_CTX *mem_ctx) +{ + struct cli_state *cli = server_cryptkey(mem_ctx); + + if (cli) { + DEBUG(3,("using password server validation\n")); + + if ((cli->sec_mode & 2) == 0) { + /* We can't work with unencrypted password servers + unless 'encrypt passwords = no' */ + DEBUG(5,("make_auth_info_server: Server is unencrypted, no challenge available..\n")); + + /* However, it is still a perfectly fine connection + to pass that unencrypted password over */ + *my_private_data = (void *)cli; + return data_blob(NULL, 0); + + } else if (cli->secblob.length < 8) { + /* We can't do much if we don't get a full challenge */ + DEBUG(2,("make_auth_info_server: Didn't receive a full challenge from server\n")); + cli_shutdown(cli); + return data_blob(NULL, 0); + } + + *my_private_data = (void *)cli; + + /* The return must be allocated on the caller's mem_ctx, as our own will be + destoyed just after the call. */ + return data_blob_talloc(auth_context->mem_ctx, cli->secblob.data,8); + } else { + return data_blob(NULL, 0); + } +} + + +/**************************************************************************** + Check for a valid username and password in security=server mode. + - Validate a password with the password server. +****************************************************************************/ + +static NTSTATUS check_smbserver_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + struct cli_state *cli; + static unsigned char badpass[24]; + static fstring baduser; + static BOOL tested_password_server = False; + static BOOL bad_password_server = False; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + BOOL locally_made_cli = False; + + /* + * Check that the requested domain is not our own machine name. + * If it is, we should never check the PDC here, we use our own local + * password file. + */ + + if(is_netbios_alias_or_name(user_info->domain.str)) { + DEBUG(3,("check_smbserver_security: Requested domain was for this machine.\n")); + return NT_STATUS_LOGON_FAILURE; + } + + cli = my_private_data; + + if (cli) { + } else { + cli = server_cryptkey(mem_ctx); + locally_made_cli = True; + } + + if (!cli || !cli->initialised) { + DEBUG(1,("password server is not connected (cli not initilised)\n")); + return NT_STATUS_LOGON_FAILURE; + } + + if ((cli->sec_mode & 2) == 0) { + if (user_info->encrypted) { + DEBUG(1,("password server %s is plaintext, but we are encrypted. This just can't work :-(\n", cli->desthost)); + return NT_STATUS_LOGON_FAILURE; + } + } else { + if (memcmp(cli->secblob.data, auth_context->challenge.data, 8) != 0) { + DEBUG(1,("the challenge that the password server (%s) supplied us is not the one we gave our client. This just can't work :-(\n", cli->desthost)); + return NT_STATUS_LOGON_FAILURE; + } + } + + if(badpass[0] == 0) + memset(badpass, 0x1f, sizeof(badpass)); + + if((user_info->nt_resp.length == sizeof(badpass)) && + !memcmp(badpass, user_info->nt_resp.data, sizeof(badpass))) { + /* + * Very unlikely, our random bad password is the same as the users + * password. + */ + memset(badpass, badpass[0]+1, sizeof(badpass)); + } + + if(baduser[0] == 0) { + fstrcpy(baduser, INVALID_USER_PREFIX); + fstrcat(baduser, global_myname); + } + + /* + * Attempt a session setup with a totally incorrect password. + * If this succeeds with the guest bit *NOT* set then the password + * server is broken and is not correctly setting the guest bit. We + * need to detect this as some versions of NT4.x are broken. JRA. + */ + + /* I sure as hell hope that there arn't servers out there that take + * NTLMv2 and have this bug, as we don't test for that... + * - abartlet@samba.org + */ + + if ((!tested_password_server) && (lp_paranoid_server_security())) { + if (cli_session_setup(cli, baduser, (char *)badpass, sizeof(badpass), + (char *)badpass, sizeof(badpass), user_info->domain.str)) { + + /* + * We connected to the password server so we + * can say we've tested it. + */ + tested_password_server = True; + + if ((SVAL(cli->inbuf,smb_vwv2) & 1) == 0) { + DEBUG(0,("server_validate: password server %s allows users as non-guest \ +with a bad password.\n", cli->desthost)); + DEBUG(0,("server_validate: This is broken (and insecure) behaviour. Please do not \ +use this machine as the password server.\n")); + cli_ulogoff(cli); + + /* + * Password server has the bug. + */ + bad_password_server = True; + return NT_STATUS_LOGON_FAILURE; + } + cli_ulogoff(cli); + } + } else { + + /* + * We have already tested the password server. + * Fail immediately if it has the bug. + */ + + if(bad_password_server) { + DEBUG(0,("server_validate: [1] password server %s allows users as non-guest \ +with a bad password.\n", cli->desthost)); + DEBUG(0,("server_validate: [1] This is broken (and insecure) behaviour. Please do not \ +use this machine as the password server.\n")); + return NT_STATUS_LOGON_FAILURE; + } + } + + /* + * Now we know the password server will correctly set the guest bit, or is + * not guest enabled, we can try with the real password. + */ + + if (!user_info->encrypted) { + /* Plaintext available */ + if (!cli_session_setup(cli, user_info->smb_name.str, + (char *)user_info->plaintext_password.data, + user_info->plaintext_password.length, + NULL, 0, + user_info->domain.str)) { + DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + /* Make this cli_nt_error() when the conversion is in */ + nt_status = cli_nt_error(cli); + } else { + nt_status = NT_STATUS_OK; + } + } else { + if (!cli_session_setup(cli, user_info->smb_name.str, + (char *)user_info->lm_resp.data, + user_info->lm_resp.length, + (char *)user_info->nt_resp.data, + user_info->nt_resp.length, + user_info->domain.str)) { + DEBUG(1,("password server %s rejected the password\n", cli->desthost)); + /* Make this cli_nt_error() when the conversion is in */ + nt_status = cli_nt_error(cli); + } else { + nt_status = NT_STATUS_OK; + } + } + + /* if logged in as guest then reject */ + if ((SVAL(cli->inbuf,smb_vwv2) & 1) != 0) { + DEBUG(1,("password server %s gave us guest only\n", cli->desthost)); + nt_status = NT_STATUS_LOGON_FAILURE; + } + + cli_ulogoff(cli); + + if NT_STATUS_IS_OK(nt_status) { + struct passwd *pass = Get_Pwnam(user_info->internal_username.str); + if (pass) { + if (!make_server_info_pw(server_info, pass)) { + nt_status = NT_STATUS_NO_MEMORY; + } + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + } + + if (locally_made_cli) { + cli_shutdown(cli); + } + + return(nt_status); +} + +BOOL auth_init_smbserver(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + (*auth_method)->auth = check_smbserver_security; + (*auth_method)->get_chal = auth_get_challenge_server; + (*auth_method)->send_keepalive = send_server_keepalive; + (*auth_method)->free_private_data = free_server_private_data; + return True; +} diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c new file mode 100644 index 00000000000..05646f554e2 --- /dev/null +++ b/source3/auth/auth_unix.c @@ -0,0 +1,129 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/** + * update the encrypted smbpasswd file from the plaintext username and password + * + * this ugly hack needs to die, but not quite yet, I think people still use it... + **/ +static BOOL update_smbpassword_file(char *user, char *password) +{ + SAM_ACCOUNT *sampass = NULL; + BOOL ret; + + pdb_init_sam(&sampass); + + become_root(); + ret = pdb_getsampwnam(sampass, user); + unbecome_root(); + + if(ret == False) { + DEBUG(0,("pdb_getsampwnam returned NULL\n")); + pdb_free_sam(&sampass); + return False; + } + + /* + * Remove the account disabled flag - we are updating the + * users password from a login. + */ + if (!pdb_set_acct_ctrl(sampass, pdb_get_acct_ctrl(sampass) & ~ACB_DISABLED)) { + pdb_free_sam(&sampass); + return False; + } + + if (!pdb_set_plaintext_passwd (sampass, password)) { + pdb_free_sam(&sampass); + return False; + } + + /* Now write it into the file. */ + become_root(); + + ret = pdb_update_sam_account (sampass); + + unbecome_root(); + + if (ret) { + DEBUG(3,("pdb_update_sam_account returned %d\n",ret)); + } + + memset(password, '\0', strlen(password)); + + pdb_free_sam(&sampass); + return ret; +} + + +/** Check a plaintext username/password + * + * Cannot deal with an encrupted password in any manner whatsoever, + * unless the account has a null password. + **/ + +static NTSTATUS check_unix_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + NTSTATUS nt_status; + struct passwd *pass = NULL; + + become_root(); + pass = Get_Pwnam(user_info->internal_username.str); + + + /** @todo This call assumes a ASCII password, no charset transformation is + done. We may need to revisit this **/ + nt_status = pass_check(pass, + pass ? pass->pw_name : user_info->internal_username.str, + (char *)user_info->plaintext_password.data, + user_info->plaintext_password.length-1, + lp_update_encrypted() ? + update_smbpassword_file : NULL, + True); + + unbecome_root(); + + if NT_STATUS_IS_OK(nt_status) { + if (pass) { + make_server_info_pw(server_info, pass); + } else { + /* we need to do somthing more useful here */ + nt_status = NT_STATUS_NO_SUCH_USER; + } + } + + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_unix(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_unix_security; + return True; +} diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c new file mode 100644 index 00000000000..d80c927c19e --- /dev/null +++ b/source3/auth/auth_util.c @@ -0,0 +1,685 @@ +/* + Unix SMB/CIFS implementation. + Authentication utility functions + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Andrew Bartlett 2001 + Copyright (C) Jeremy Allison 2000-2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern fstring remote_machine; +extern pstring global_myname; + +/**************************************************************************** + Create a UNIX user on demand. +****************************************************************************/ + +static int smb_create_user(const char *unix_user, const char *homedir) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_adduser_script()); + if (! *add_script) + return -1; + all_string_sub(add_script, "%u", unix_user, sizeof(pstring)); + if (homedir) + all_string_sub(add_script, "%H", homedir, sizeof(pstring)); + ret = smbrun(add_script,NULL); + DEBUG(3,("smb_create_user: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX user on demand. +****************************************************************************/ + +int smb_delete_user(const char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluser_script()); + if (! *del_script) + return -1; + all_string_sub(del_script, "%u", unix_user, sizeof(pstring)); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + +/**************************************************************************** + Add and Delete UNIX users on demand, based on NTSTATUS codes. +****************************************************************************/ + +void smb_user_control(const auth_usersupplied_info *user_info, auth_serversupplied_info *server_info, NTSTATUS nt_status) +{ + struct passwd *pwd=NULL; + + if (NT_STATUS_IS_OK(nt_status)) { + + if (!(server_info->sam_fill_level & SAM_FILL_UNIX)) { + + /* + * User validated ok against Domain controller. + * If the admin wants us to try and create a UNIX + * user on the fly, do so. + */ + + if(lp_adduser_script() && !(pwd = Get_Pwnam(user_info->internal_username.str))) { + smb_create_user(user_info->internal_username.str, NULL); + } + } + } else if (NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER)) { + /* + * User failed to validate ok against Domain controller. + * If the failure was "user doesn't exist" and admin + * wants us to try and delete that UNIX user on the fly, + * do so. + */ + if (lp_deluser_script()) { + smb_delete_user(user_info->internal_username.str); + } + } +} + +/**************************************************************************** + Create an auth_usersupplied_data structure +****************************************************************************/ + +static BOOL make_user_info(auth_usersupplied_info **user_info, + const char *smb_name, + const char *internal_username, + const char *client_domain, + const char *domain, + const char *wksta_name, + DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, + DATA_BLOB plaintext, + uint32 auth_flags, BOOL encrypted) +{ + + DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name)); + + *user_info = malloc(sizeof(**user_info)); + if (!user_info) { + DEBUG(0,("malloc failed for user_info (size %d)\n", sizeof(*user_info))); + return False; + } + + ZERO_STRUCTP(*user_info); + + DEBUG(5,("making strings for %s's user_info struct\n", internal_username)); + + (*user_info)->smb_name.str = strdup(smb_name); + if ((*user_info)->smb_name.str) { + (*user_info)->smb_name.len = strlen(smb_name); + } else { + free_user_info(user_info); + return False; + } + + (*user_info)->internal_username.str = strdup(internal_username); + if ((*user_info)->internal_username.str) { + (*user_info)->internal_username.len = strlen(internal_username); + } else { + free_user_info(user_info); + return False; + } + + (*user_info)->domain.str = strdup(domain); + if ((*user_info)->domain.str) { + (*user_info)->domain.len = strlen(domain); + } else { + free_user_info(user_info); + return False; + } + + (*user_info)->client_domain.str = strdup(client_domain); + if ((*user_info)->client_domain.str) { + (*user_info)->client_domain.len = strlen(client_domain); + } else { + free_user_info(user_info); + return False; + } + + (*user_info)->wksta_name.str = strdup(wksta_name); + if ((*user_info)->wksta_name.str) { + (*user_info)->wksta_name.len = strlen(wksta_name); + } else { + free_user_info(user_info); + return False; + } + + DEBUG(5,("makeing blobs for %s's user_info struct\n", internal_username)); + + (*user_info)->lm_resp = data_blob(lm_pwd.data, lm_pwd.length); + (*user_info)->nt_resp = data_blob(nt_pwd.data, nt_pwd.length); + (*user_info)->plaintext_password = data_blob(plaintext.data, plaintext.length); + + (*user_info)->encrypted = encrypted; + (*user_info)->auth_flags = auth_flags; + + DEBUG(10,("made an %sencrypted user_info for %s (%s)\n", encrypted ? "":"un" , internal_username, smb_name)); + + return True; +} + +/**************************************************************************** + Create an auth_usersupplied_data structure after appropriate mapping. +****************************************************************************/ + +BOOL make_user_info_map(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + const char *wksta_name, + DATA_BLOB lm_pwd, DATA_BLOB nt_pwd, + DATA_BLOB plaintext, + uint32 ntlmssp_flags, BOOL encrypted) +{ + const char *domain; + fstring internal_username; + fstrcpy(internal_username, smb_name); + map_username(internal_username); + + DEBUG(5, ("make_user_info_map: Mapping user [%s]\\[%s] from workstation [%s]\n", + client_domain, smb_name, wksta_name)); + + if (lp_allow_trusted_domains() && *client_domain) { + + /* the client could have given us a workstation name + or other crap for the workgroup - we really need a + way of telling if this domain name is one of our + trusted domain names + + Also don't allow "" as a domain, fixes a Win9X bug + where it doens't supply a domain for logon script + 'net use' commands. + + The way I do it here is by checking if the fully + qualified username exists. This is rather reliant + on winbind, but until we have a better method this + will have to do + */ + + domain = client_domain; + + if ((smb_name) && (*smb_name)) { /* Don't do this for guests */ + char *user = NULL; + if (asprintf(&user, "%s%s%s", + client_domain, lp_winbind_separator(), + smb_name) < 0) { + DEBUG(0, ("make_user_info_map: asprintf() failed!\n")); + return False; + } + + DEBUG(5, ("make_user_info_map: testing for user %s\n", user)); + + if (Get_Pwnam(user) == NULL) { + DEBUG(5, ("make_user_info_map: test for user %s failed\n", user)); + domain = lp_workgroup(); + DEBUG(5, ("make_user_info_map: trusted domain %s doesn't appear to exist, using %s\n", + client_domain, domain)); + } else { + DEBUG(5, ("make_user_info_map: using trusted domain %s\n", domain)); + } + SAFE_FREE(user); + } + } else { + domain = lp_workgroup(); + } + + return make_user_info(user_info, + smb_name, internal_username, + client_domain, domain, + wksta_name, + lm_pwd, nt_pwd, + plaintext, + ntlmssp_flags, encrypted); + +} + +/**************************************************************************** + Create an auth_usersupplied_data, making the DATA_BLOBs here. + Decrypt and encrypt the passwords. +****************************************************************************/ + +BOOL make_user_info_netlogon_network(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + const char *wksta_name, + const uchar *lm_network_pwd, int lm_pwd_len, + const uchar *nt_network_pwd, int nt_pwd_len) +{ + BOOL ret; + DATA_BLOB lm_blob = data_blob(lm_network_pwd, lm_pwd_len); + DATA_BLOB nt_blob = data_blob(nt_network_pwd, nt_pwd_len); + DATA_BLOB plaintext_blob = data_blob(NULL, 0); + uint32 auth_flags = AUTH_FLAG_NONE; + + if (lm_pwd_len) + auth_flags |= AUTH_FLAG_LM_RESP; + if (nt_pwd_len == 24) { + auth_flags |= AUTH_FLAG_NTLM_RESP; + } else if (nt_pwd_len != 0) { + auth_flags |= AUTH_FLAG_NTLMv2_RESP; + } + + ret = make_user_info_map(user_info, + smb_name, client_domain, + wksta_name, + lm_blob, nt_blob, + plaintext_blob, + auth_flags, True); + + data_blob_free(&lm_blob); + data_blob_free(&nt_blob); + return ret; +} + +/**************************************************************************** + Create an auth_usersupplied_data, making the DATA_BLOBs here. + Decrypt and encrypt the passwords. +****************************************************************************/ + +BOOL make_user_info_netlogon_interactive(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + const char *wksta_name, + const uchar chal[8], + const uchar lm_interactive_pwd[16], + const uchar nt_interactive_pwd[16], + const uchar *dc_sess_key) +{ + char lm_pwd[16]; + char nt_pwd[16]; + unsigned char local_lm_response[24]; + unsigned char local_nt_response[24]; + unsigned char key[16]; + uint32 auth_flags = AUTH_FLAG_NONE; + + ZERO_STRUCT(key); + memcpy(key, dc_sess_key, 8); + + if (lm_interactive_pwd) memcpy(lm_pwd, lm_interactive_pwd, sizeof(lm_pwd)); + if (nt_interactive_pwd) memcpy(nt_pwd, nt_interactive_pwd, sizeof(nt_pwd)); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("key:")); + dump_data(100, (char *)key, sizeof(key)); + + DEBUG(100,("lm owf password:")); + dump_data(100, lm_pwd, sizeof(lm_pwd)); + + DEBUG(100,("nt owf password:")); + dump_data(100, nt_pwd, sizeof(nt_pwd)); +#endif + + SamOEMhash((uchar *)lm_pwd, key, sizeof(lm_pwd)); + SamOEMhash((uchar *)nt_pwd, key, sizeof(nt_pwd)); + +#ifdef DEBUG_PASSWORD + DEBUG(100,("decrypt of lm owf password:")); + dump_data(100, lm_pwd, sizeof(lm_pwd)); + + DEBUG(100,("decrypt of nt owf password:")); + dump_data(100, nt_pwd, sizeof(nt_pwd)); +#endif + + SMBOWFencrypt((const unsigned char *)lm_pwd, chal, local_lm_response); + SMBOWFencrypt((const unsigned char *)nt_pwd, chal, local_nt_response); + + /* Password info paranoia */ + ZERO_STRUCT(lm_pwd); + ZERO_STRUCT(nt_pwd); + ZERO_STRUCT(key); + + { + BOOL ret; + DATA_BLOB local_lm_blob = data_blob(local_lm_response, sizeof(local_lm_response)); + DATA_BLOB local_nt_blob = data_blob(local_nt_response, sizeof(local_nt_response)); + DATA_BLOB plaintext_blob = data_blob(NULL, 0); + + if (lm_interactive_pwd) + auth_flags |= AUTH_FLAG_LM_RESP; + if (nt_interactive_pwd) + auth_flags |= AUTH_FLAG_NTLM_RESP; + + ret = make_user_info_map(user_info, + smb_name, client_domain, + wksta_name, + local_lm_blob, + local_nt_blob, + plaintext_blob, + auth_flags, True); + + data_blob_free(&local_lm_blob); + data_blob_free(&local_nt_blob); + return ret; + } +} + + +/**************************************************************************** + Create an auth_usersupplied_data structure +****************************************************************************/ + +BOOL make_user_info_for_reply(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + const uint8 chal[8], + DATA_BLOB plaintext_password) +{ + + DATA_BLOB local_lm_blob; + DATA_BLOB local_nt_blob; + BOOL ret = False; + uint32 auth_flags = AUTH_FLAG_NONE; + + /* + * Not encrypted - do so. + */ + + DEBUG(5,("make_user_info_for_reply: User passwords not in encrypted format.\n")); + + if (plaintext_password.data) { + unsigned char local_lm_response[24]; + +#ifdef DEBUG_PASSWORD + DEBUG(10,("Unencrypted password (len %d):\n",plaintext_password.length)); + dump_data(100, plaintext_password.data, plaintext_password.length); +#endif + + SMBencrypt( (const uchar *)plaintext_password.data, (const uchar*)chal, local_lm_response); + local_lm_blob = data_blob(local_lm_response, 24); + + /* We can't do an NT hash here, as the password needs to be + case insensitive */ + local_nt_blob = data_blob(NULL, 0); + + auth_flags = (AUTH_FLAG_PLAINTEXT | AUTH_FLAG_LM_RESP); + } else { + local_lm_blob = data_blob(NULL, 0); + local_nt_blob = data_blob(NULL, 0); + } + + ret = make_user_info_map(user_info, smb_name, + client_domain, + remote_machine, + local_lm_blob, + local_nt_blob, + plaintext_password, + auth_flags, False); + + data_blob_free(&local_lm_blob); + return ret; +} + +/**************************************************************************** + Create an auth_usersupplied_data structure +****************************************************************************/ + +BOOL make_user_info_for_reply_enc(auth_usersupplied_info **user_info, + const char *smb_name, + const char *client_domain, + DATA_BLOB lm_resp, DATA_BLOB nt_resp) +{ + uint32 auth_flags = AUTH_FLAG_NONE; + + DATA_BLOB no_plaintext_blob = data_blob(NULL, 0); + + if (lm_resp.length == 24) { + auth_flags |= AUTH_FLAG_LM_RESP; + } + if (nt_resp.length == 0) { + } else if (nt_resp.length == 24) { + auth_flags |= AUTH_FLAG_NTLM_RESP; + } else { + auth_flags |= AUTH_FLAG_NTLMv2_RESP; + } + + return make_user_info_map(user_info, smb_name, + client_domain, + remote_machine, + lm_resp, + nt_resp, + no_plaintext_blob, + auth_flags, True); +} + +/**************************************************************************** + Create a guest user_info blob, for anonymous authenticaion. +****************************************************************************/ + +BOOL make_user_info_guest(auth_usersupplied_info **user_info) +{ + DATA_BLOB lm_blob = data_blob(NULL, 0); + DATA_BLOB nt_blob = data_blob(NULL, 0); + DATA_BLOB plaintext_blob = data_blob(NULL, 0); + uint32 auth_flags = AUTH_FLAG_NONE; + + return make_user_info(user_info, + "","", + "","", + "", + nt_blob, lm_blob, + plaintext_blob, + auth_flags, True); +} + +/*************************************************************************** + Make a user_info struct +***************************************************************************/ + +BOOL make_server_info(auth_serversupplied_info **server_info) +{ + *server_info = malloc(sizeof(**server_info)); + if (!*server_info) { + DEBUG(0,("make_server_info: malloc failed!\n")); + return False; + } + ZERO_STRUCTP(*server_info); + return True; +} + +/*************************************************************************** + Make (and fill) a user_info struct from a SAM_ACCOUNT +***************************************************************************/ + +BOOL make_server_info_sam(auth_serversupplied_info **server_info, SAM_ACCOUNT *sampass) +{ + if (!make_server_info(server_info)) { + return False; + } + + (*server_info)->sam_fill_level = SAM_FILL_ALL; + (*server_info)->sam_account = sampass; + + DEBUG(5,("make_server_info_sam: made server info for user %s\n", + pdb_get_username((*server_info)->sam_account))); + return True; +} + +/*************************************************************************** + Make (and fill) a user_info struct from a 'struct passwd' by conversion + to a SAM_ACCOUNT +***************************************************************************/ + +BOOL make_server_info_pw(auth_serversupplied_info **server_info, const struct passwd *pwd) +{ + SAM_ACCOUNT *sampass = NULL; + if (!NT_STATUS_IS_OK(pdb_init_sam_pw(&sampass, pwd))) { + return False; + } + return make_server_info_sam(server_info, sampass); +} + +/*************************************************************************** + Free a user_info struct +***************************************************************************/ + +void free_user_info(auth_usersupplied_info **user_info) +{ + DEBUG(5,("attempting to free (and zero) a user_info structure\n")); + if (*user_info != NULL) { + if ((*user_info)->smb_name.str) { + DEBUG(10,("structure was created for %s\n", (*user_info)->smb_name.str)); + } + SAFE_FREE((*user_info)->smb_name.str); + SAFE_FREE((*user_info)->internal_username.str); + SAFE_FREE((*user_info)->client_domain.str); + SAFE_FREE((*user_info)->domain.str); + SAFE_FREE((*user_info)->wksta_name.str); + data_blob_free(&(*user_info)->lm_resp); + data_blob_free(&(*user_info)->nt_resp); + SAFE_FREE((*user_info)->interactive_password); + data_blob_clear_free(&(*user_info)->plaintext_password); + ZERO_STRUCT(**user_info); + } + SAFE_FREE(*user_info); +} + +/*************************************************************************** + Clear out a server_info struct that has been allocated +***************************************************************************/ + +void free_server_info(auth_serversupplied_info **server_info) +{ + if (*server_info != NULL) { + pdb_free_sam(&(*server_info)->sam_account); + + /* call pam_end here, unless we know we are keeping it */ + delete_nt_token( &(*server_info)->ptok ); + ZERO_STRUCT(**server_info); + } + SAFE_FREE(*server_info); +} + +/*************************************************************************** + Make a server_info struct for a guest user +***************************************************************************/ + +BOOL make_server_info_guest(auth_serversupplied_info **server_info) +{ + struct passwd *pass = getpwnam_alloc(lp_guestaccount()); + + if (pass) { + if (!make_server_info_pw(server_info, pass)) { + passwd_free(&pass); + return False; + } + (*server_info)->guest = True; + passwd_free(&pass); + return True; + } + DEBUG(0,("make_server_info_guest: getpwnam_alloc() failed on guest account!\n")); + return False; +} + +/*************************************************************************** + Make an auth_methods struct +***************************************************************************/ + +BOOL make_auth_methods(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!auth_context) { + smb_panic("no auth_context supplied to make_auth_methods()!\n"); + } + + if (!auth_method) { + smb_panic("make_auth_methods: pointer to auth_method pointer is NULL!\n"); + } + + *auth_method = talloc(auth_context->mem_ctx, sizeof(**auth_method)); + if (!*auth_method) { + DEBUG(0,("make_auth_method: malloc failed!\n")); + return False; + } + ZERO_STRUCTP(*auth_method); + + return True; +} + +/**************************************************************************** + Delete a SID token. +****************************************************************************/ + +void delete_nt_token(NT_USER_TOKEN **pptoken) +{ + if (*pptoken) { + NT_USER_TOKEN *ptoken = *pptoken; + SAFE_FREE( ptoken->user_sids ); + ZERO_STRUCTP(ptoken); + } + SAFE_FREE(*pptoken); +} + +/**************************************************************************** + Duplicate a SID token. +****************************************************************************/ + +NT_USER_TOKEN *dup_nt_token(NT_USER_TOKEN *ptoken) +{ + NT_USER_TOKEN *token; + + if (!ptoken) + return NULL; + + if ((token = (NT_USER_TOKEN *)malloc( sizeof(NT_USER_TOKEN) ) ) == NULL) + return NULL; + + ZERO_STRUCTP(token); + + if ((token->user_sids = (DOM_SID *)memdup( ptoken->user_sids, sizeof(DOM_SID) * ptoken->num_sids )) == NULL) { + SAFE_FREE(token); + return NULL; + } + + token->num_sids = ptoken->num_sids; + + return token; +} + +/** + * Squash an NT_STATUS in line with security requirements. + * In an attempt to avoid giving the whole game away when users + * are authenticating, NT replaces both NT_STATUS_NO_SUCH_USER and + * NT_STATUS_WRONG_PASSWORD with NT_STATUS_LOGON_FAILURE in certain situations + * (session setups in particular). + * + * @param nt_status NTSTATUS input for squashing. + * @return the 'squashed' nt_status + **/ + +NTSTATUS nt_status_squash(NTSTATUS nt_status) +{ + if NT_STATUS_IS_OK(nt_status) { + return nt_status; + } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_NO_SUCH_USER) { + /* Match WinXP and don't give the game away */ + return NT_STATUS_LOGON_FAILURE; + + } else if NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD) { + /* Match WinXP and don't give the game away */ + return NT_STATUS_LOGON_FAILURE; + } else { + return nt_status; + } +} + + + diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c new file mode 100644 index 00000000000..bc19b36b541 --- /dev/null +++ b/source3/auth/auth_winbind.c @@ -0,0 +1,111 @@ +/* + Unix SMB/CIFS implementation. + + Winbind authentication mechnism + + Copyright (C) Tim Potter 2000 + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* Prototypes from common.h */ + +NSS_STATUS winbindd_request(int req_type, + struct winbindd_request *request, + struct winbindd_response *response); + + +/* Authenticate a user with a challenge/response */ + +static NTSTATUS check_winbind_security(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info) +{ + struct winbindd_request request; + struct winbindd_response response; + NSS_STATUS result; + struct passwd *pw; + NTSTATUS nt_status; + + if (!user_info) { + return NT_STATUS_UNSUCCESSFUL; + } + + if (!auth_context) { + DEBUG(3,("Password for user %s cannot be checked because we have no auth_info to get the challenge from.\n", + user_info->internal_username.str)); + return NT_STATUS_UNSUCCESSFUL; + } + + /* Send off request */ + + ZERO_STRUCT(request); + ZERO_STRUCT(response); + + snprintf(request.data.auth_crap.user, sizeof(request.data.auth_crap.user), + "%s\\%s", user_info->domain.str, user_info->smb_name.str); + + fstrcpy(request.data.auth_crap.user, user_info->smb_name.str); + fstrcpy(request.data.auth_crap.domain, user_info->domain.str); + + memcpy(request.data.auth_crap.chal, auth_context->challenge.data, sizeof(request.data.auth_crap.chal)); + + request.data.auth_crap.lm_resp_len = MIN(user_info->lm_resp.length, + sizeof(request.data.auth_crap.lm_resp)); + request.data.auth_crap.nt_resp_len = MIN(user_info->nt_resp.length, + sizeof(request.data.auth_crap.nt_resp)); + + memcpy(request.data.auth_crap.lm_resp, user_info->lm_resp.data, + sizeof(request.data.auth_crap.lm_resp_len)); + memcpy(request.data.auth_crap.nt_resp, user_info->nt_resp.data, + request.data.auth_crap.lm_resp_len); + + result = winbindd_request(WINBINDD_PAM_AUTH_CRAP, &request, &response); + + if (result == NSS_STATUS_SUCCESS) { + + pw = Get_Pwnam(user_info->internal_username.str); + + if (pw) { + if (make_server_info_pw(server_info, pw)) { + nt_status = NT_STATUS_OK; + } else { + nt_status = NT_STATUS_NO_MEMORY; + } + } else { + nt_status = NT_STATUS_NO_SUCH_USER; + } + } else { + nt_status = NT_STATUS_LOGON_FAILURE; + } + + return nt_status; +} + +/* module initialisation */ +BOOL auth_init_winbind(struct auth_context *auth_context, auth_methods **auth_method) +{ + if (!make_auth_methods(auth_context, auth_method)) { + return False; + } + + (*auth_method)->auth = check_winbind_security; + return True; +} diff --git a/source3/auth/pampass.c b/source3/auth/pampass.c new file mode 100644 index 00000000000..1428e929f16 --- /dev/null +++ b/source3/auth/pampass.c @@ -0,0 +1,872 @@ +/* + Unix SMB/CIFS implementation. + PAM Password checking + Copyright (C) Andrew Tridgell 1992-2001 + Copyright (C) John H Terpsta 1999-2001 + Copyright (C) Andrew Bartlett 2001 + Copyright (C) Jeremy Allison 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* + * This module provides PAM based functions for validation of + * username/password pairs, account managment, session and access control. + * Note: SMB password checking is done in smbpass.c + */ + +#include "includes.h" + +#ifdef WITH_PAM + +/******************************************************************* + * Handle PAM authentication + * - Access, Authentication, Session, Password + * Note: See PAM Documentation and refer to local system PAM implementation + * which determines what actions/limitations/allowances become affected. + *********************************************************************/ + +#include + +/* + * Structure used to communicate between the conversation function + * and the server_login/change password functions. + */ + +struct smb_pam_userdata { + const char *PAM_username; + const char *PAM_password; + const char *PAM_newpassword; +}; + +typedef int (*smb_pam_conv_fn)(int, const struct pam_message **, struct pam_response **, void *appdata_ptr); + +/* + * Macros to help make life easy + */ +#define COPY_STRING(s) (s) ? strdup(s) : NULL + +/******************************************************************* + PAM error handler. + *********************************************************************/ + +static BOOL smb_pam_error_handler(pam_handle_t *pamh, int pam_error, char *msg, int dbglvl) +{ + + if( pam_error != PAM_SUCCESS) { + DEBUG(dbglvl, ("smb_pam_error_handler: PAM: %s : %s\n", + msg, pam_strerror(pamh, pam_error))); + + return False; + } + return True; +} + +/******************************************************************* + This function is a sanity check, to make sure that we NEVER report + failure as sucess. +*********************************************************************/ + +static BOOL smb_pam_nt_status_error_handler(pam_handle_t *pamh, int pam_error, + char *msg, int dbglvl, + NTSTATUS *nt_status) +{ + *nt_status = pam_to_nt_status(pam_error); + + if (smb_pam_error_handler(pamh, pam_error, msg, dbglvl)) + return True; + + if (NT_STATUS_IS_OK(*nt_status)) { + /* Complain LOUDLY */ + DEBUG(0, ("smb_pam_nt_status_error_handler: PAM: BUG: PAM and NT_STATUS \ +error MISMATCH, forcing to NT_STATUS_LOGON_FAILURE")); + *nt_status = NT_STATUS_LOGON_FAILURE; + } + return False; +} + +/* + * PAM conversation function + * Here we assume (for now, at least) that echo on means login name, and + * echo off means password. + */ + +static int smb_pam_conv(int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *appdata_ptr) +{ + int replies = 0; + struct pam_response *reply = NULL; + struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr; + + *resp = NULL; + + if (num_msg <= 0) + return PAM_CONV_ERR; + + /* + * Apparantly HPUX has a buggy PAM that doesn't support the + * appdata_ptr. Fail if this is the case. JRA. + */ + + if (udp == NULL) { + DEBUG(0,("smb_pam_conv: PAM on this system is broken - appdata_ptr == NULL !\n")); + return PAM_CONV_ERR; + } + + reply = malloc(sizeof(struct pam_response) * num_msg); + if (!reply) + return PAM_CONV_ERR; + + memset(reply, '\0', sizeof(struct pam_response) * num_msg); + + for (replies = 0; replies < num_msg; replies++) { + switch (msg[replies]->msg_style) { + case PAM_PROMPT_ECHO_ON: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = COPY_STRING(udp->PAM_username); + /* PAM frees resp */ + break; + + case PAM_PROMPT_ECHO_OFF: + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = COPY_STRING(udp->PAM_password); + /* PAM frees resp */ + break; + + case PAM_TEXT_INFO: + /* fall through */ + + case PAM_ERROR_MSG: + /* ignore it... */ + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = NULL; + break; + + default: + /* Must be an error of some sort... */ + SAFE_FREE(reply); + return PAM_CONV_ERR; + } + } + if (reply) + *resp = reply; + return PAM_SUCCESS; +} + +/* + * PAM password change conversation function + * Here we assume (for now, at least) that echo on means login name, and + * echo off means password. + */ + +static void special_char_sub(char *buf) +{ + all_string_sub(buf, "\\n", "", 0); + all_string_sub(buf, "\\r", "", 0); + all_string_sub(buf, "\\s", " ", 0); + all_string_sub(buf, "\\t", "\t", 0); +} + +static void pwd_sub(char *buf, const char *username, const char *oldpass, const char *newpass) +{ + pstring_sub(buf, "%u", username); + all_string_sub(buf, "%o", oldpass, sizeof(fstring)); + all_string_sub(buf, "%n", newpass, sizeof(fstring)); +} + + +struct chat_struct { + struct chat_struct *next, *prev; + fstring prompt; + fstring reply; +}; + +/************************************************************** + Create a linked list containing chat data. +***************************************************************/ + +static struct chat_struct *make_pw_chat(char *p) +{ + fstring prompt; + fstring reply; + struct chat_struct *list = NULL; + struct chat_struct *t; + struct chat_struct *tmp; + + while (1) { + t = (struct chat_struct *)malloc(sizeof(*t)); + if (!t) { + DEBUG(0,("make_pw_chat: malloc failed!\n")); + return NULL; + } + + ZERO_STRUCTP(t); + + DLIST_ADD_END(list, t, tmp); + + if (!next_token(&p, prompt, NULL, sizeof(fstring))) + break; + + if (strequal(prompt,".")) + fstrcpy(prompt,"*"); + + special_char_sub(prompt); + fstrcpy(t->prompt, prompt); + strlower(t->prompt); + trim_string(t->prompt, " ", " "); + + if (!next_token(&p, reply, NULL, sizeof(fstring))) + break; + + if (strequal(reply,".")) + fstrcpy(reply,""); + + special_char_sub(reply); + fstrcpy(t->reply, reply); + strlower(t->reply); + trim_string(t->reply, " ", " "); + + } + return list; +} + +static void free_pw_chat(struct chat_struct *list) +{ + while (list) { + struct chat_struct *old_head = list; + DLIST_REMOVE(list, list); + SAFE_FREE(old_head); + } +} + +static int smb_pam_passchange_conv(int num_msg, + const struct pam_message **msg, + struct pam_response **resp, + void *appdata_ptr) +{ + int replies = 0; + struct pam_response *reply = NULL; + fstring current_prompt; + fstring current_reply; + struct smb_pam_userdata *udp = (struct smb_pam_userdata *)appdata_ptr; + struct chat_struct *pw_chat= make_pw_chat(lp_passwd_chat()); + struct chat_struct *t; + BOOL found; + *resp = NULL; + + DEBUG(10,("smb_pam_passchange_conv: starting converstation for %d messages\n", num_msg)); + + if (num_msg <= 0) + return PAM_CONV_ERR; + + if (pw_chat == NULL) + return PAM_CONV_ERR; + + /* + * Apparantly HPUX has a buggy PAM that doesn't support the + * appdata_ptr. Fail if this is the case. JRA. + */ + + if (udp == NULL) { + DEBUG(0,("smb_pam_passchange_conv: PAM on this system is broken - appdata_ptr == NULL !\n")); + free_pw_chat(pw_chat); + return PAM_CONV_ERR; + } + + reply = malloc(sizeof(struct pam_response) * num_msg); + if (!reply) { + DEBUG(0,("smb_pam_passchange_conv: malloc for reply failed!\n")); + free_pw_chat(pw_chat); + return PAM_CONV_ERR; + } + + for (replies = 0; replies < num_msg; replies++) { + found = False; + DEBUG(10,("smb_pam_passchange_conv: Processing message %d\n", replies)); + switch (msg[replies]->msg_style) { + case PAM_PROMPT_ECHO_ON: + DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: PAM said: %s\n", msg[replies]->msg)); + fstrcpy(current_prompt, msg[replies]->msg); + trim_string(current_prompt, " ", " "); + for (t=pw_chat; t; t=t->next) { + + DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: trying to match |%s| to |%s|\n", + t->prompt, current_prompt )); + + if (unix_wild_match(t->prompt, current_prompt) == 0) { + fstrcpy(current_reply, t->reply); + DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We sent: %s\n", current_reply)); + pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword); +#ifdef DEBUG_PASSWORD + DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_ON: We actualy sent: %s\n", current_reply)); +#endif + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = COPY_STRING(current_reply); + found = True; + break; + } + } + /* PAM frees resp */ + if (!found) { + DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg)); + free_pw_chat(pw_chat); + SAFE_FREE(reply); + return PAM_CONV_ERR; + } + break; + + case PAM_PROMPT_ECHO_OFF: + DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: PAM said: %s\n", msg[replies]->msg)); + fstrcpy(current_prompt, msg[replies]->msg); + trim_string(current_prompt, " ", " "); + for (t=pw_chat; t; t=t->next) { + + DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: trying to match |%s| to |%s|\n", + t->prompt, current_prompt )); + + if (unix_wild_match(t->prompt, current_prompt) == 0) { + fstrcpy(current_reply, t->reply); + DEBUG(10,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We sent: %s\n", current_reply)); + pwd_sub(current_reply, udp->PAM_username, udp->PAM_password, udp->PAM_newpassword); + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = COPY_STRING(current_reply); +#ifdef DEBUG_PASSWORD + DEBUG(100,("smb_pam_passchange_conv: PAM_PROMPT_ECHO_OFF: We actualy sent: %s\n", current_reply)); +#endif + found = True; + break; + } + } + /* PAM frees resp */ + + if (!found) { + DEBUG(3,("smb_pam_passchange_conv: Could not find reply for PAM prompt: %s\n",msg[replies]->msg)); + free_pw_chat(pw_chat); + SAFE_FREE(reply); + return PAM_CONV_ERR; + } + break; + + case PAM_TEXT_INFO: + /* fall through */ + + case PAM_ERROR_MSG: + /* ignore it... */ + reply[replies].resp_retcode = PAM_SUCCESS; + reply[replies].resp = NULL; + break; + + default: + /* Must be an error of some sort... */ + free_pw_chat(pw_chat); + SAFE_FREE(reply); + return PAM_CONV_ERR; + } + } + + free_pw_chat(pw_chat); + if (reply) + *resp = reply; + return PAM_SUCCESS; +} + +/*************************************************************************** + Free up a malloced pam_conv struct. +****************************************************************************/ + +static void smb_free_pam_conv(struct pam_conv *pconv) +{ + if (pconv) + SAFE_FREE(pconv->appdata_ptr); + + SAFE_FREE(pconv); +} + +/*************************************************************************** + Allocate a pam_conv struct. +****************************************************************************/ + +static struct pam_conv *smb_setup_pam_conv(smb_pam_conv_fn smb_pam_conv_fnptr, const char *user, + const char *passwd, const char *newpass) +{ + struct pam_conv *pconv = (struct pam_conv *)malloc(sizeof(struct pam_conv)); + struct smb_pam_userdata *udp = (struct smb_pam_userdata *)malloc(sizeof(struct smb_pam_userdata)); + + if (pconv == NULL || udp == NULL) { + SAFE_FREE(pconv); + SAFE_FREE(udp); + return NULL; + } + + udp->PAM_username = user; + udp->PAM_password = passwd; + udp->PAM_newpassword = newpass; + + pconv->conv = smb_pam_conv_fnptr; + pconv->appdata_ptr = (void *)udp; + return pconv; +} + +/* + * PAM Closing out cleanup handler + */ + +static BOOL smb_pam_end(pam_handle_t *pamh, struct pam_conv *smb_pam_conv_ptr) +{ + int pam_error; + + smb_free_pam_conv(smb_pam_conv_ptr); + + if( pamh != NULL ) { + pam_error = pam_end(pamh, 0); + if(smb_pam_error_handler(pamh, pam_error, "End Cleanup Failed", 2) == True) { + DEBUG(4, ("smb_pam_end: PAM: PAM_END OK.\n")); + return True; + } + } + DEBUG(2,("smb_pam_end: PAM: not initialised")); + return False; +} + +/* + * Start PAM authentication for specified account + */ + +static BOOL smb_pam_start(pam_handle_t **pamh, const char *user, const char *rhost, struct pam_conv *pconv) +{ + int pam_error; + const char *our_rhost; + + *pamh = (pam_handle_t *)NULL; + + DEBUG(4,("smb_pam_start: PAM: Init user: %s\n", user)); + + pam_error = pam_start("samba", user, pconv, pamh); + if( !smb_pam_error_handler(*pamh, pam_error, "Init Failed", 0)) { + *pamh = (pam_handle_t *)NULL; + return False; + } + + if (rhost == NULL) { + our_rhost = client_name(); + if (strequal(rhost,"UNKNOWN")) + our_rhost = client_addr(); + } else { + our_rhost = rhost; + } + +#ifdef PAM_RHOST + DEBUG(4,("smb_pam_start: PAM: setting rhost to: %s\n", our_rhost)); + pam_error = pam_set_item(*pamh, PAM_RHOST, our_rhost); + if(!smb_pam_error_handler(*pamh, pam_error, "set rhost failed", 0)) { + smb_pam_end(*pamh, pconv); + *pamh = (pam_handle_t *)NULL; + return False; + } +#endif +#ifdef PAM_TTY + DEBUG(4,("smb_pam_start: PAM: setting tty\n")); + pam_error = pam_set_item(*pamh, PAM_TTY, "samba"); + if (!smb_pam_error_handler(*pamh, pam_error, "set tty failed", 0)) { + smb_pam_end(*pamh, pconv); + *pamh = (pam_handle_t *)NULL; + return False; + } +#endif + DEBUG(4,("smb_pam_start: PAM: Init passed for user: %s\n", user)); + return True; +} + +/* + * PAM Authentication Handler + */ +static NTSTATUS smb_pam_auth(pam_handle_t *pamh, char *user) +{ + int pam_error; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + + /* + * To enable debugging set in /etc/pam.d/samba: + * auth required /lib/security/pam_pwdb.so nullok shadow audit + */ + + DEBUG(4,("smb_pam_auth: PAM: Authenticate User: %s\n", user)); + pam_error = pam_authenticate(pamh, PAM_SILENT | lp_null_passwords() ? 0 : PAM_DISALLOW_NULL_AUTHTOK); + switch( pam_error ){ + case PAM_AUTH_ERR: + DEBUG(2, ("smb_pam_auth: PAM: Athentication Error for user %s\n", user)); + break; + case PAM_CRED_INSUFFICIENT: + DEBUG(2, ("smb_pam_auth: PAM: Insufficient Credentials for user %s\n", user)); + break; + case PAM_AUTHINFO_UNAVAIL: + DEBUG(2, ("smb_pam_auth: PAM: Authentication Information Unavailable for user %s\n", user)); + break; + case PAM_USER_UNKNOWN: + DEBUG(2, ("smb_pam_auth: PAM: Username %s NOT known to Authentication system\n", user)); + break; + case PAM_MAXTRIES: + DEBUG(2, ("smb_pam_auth: PAM: One or more authentication modules reports user limit for user %s exceeeded\n", user)); + break; + case PAM_ABORT: + DEBUG(0, ("smb_pam_auth: PAM: One or more PAM modules failed to load for user %s\n", user)); + break; + case PAM_SUCCESS: + DEBUG(4, ("smb_pam_auth: PAM: User %s Authenticated OK\n", user)); + break; + default: + DEBUG(0, ("smb_pam_auth: PAM: UNKNOWN ERROR while authenticating user %s\n", user)); + break; + } + + smb_pam_nt_status_error_handler(pamh, pam_error, "Authentication Failure", 2, &nt_status); + return nt_status; +} + +/* + * PAM Account Handler + */ +static NTSTATUS smb_pam_account(pam_handle_t *pamh, const char * user) +{ + int pam_error; + NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; + + DEBUG(4,("smb_pam_account: PAM: Account Management for User: %s\n", user)); + pam_error = pam_acct_mgmt(pamh, PAM_SILENT); /* Is user account enabled? */ + switch( pam_error ) { + case PAM_AUTHTOK_EXPIRED: + DEBUG(2, ("smb_pam_account: PAM: User %s is valid but password is expired\n", user)); + break; + case PAM_ACCT_EXPIRED: + DEBUG(2, ("smb_pam_account: PAM: User %s no longer permitted to access system\n", user)); + break; + case PAM_AUTH_ERR: + DEBUG(2, ("smb_pam_account: PAM: There was an authentication error for user %s\n", user)); + break; + case PAM_PERM_DENIED: + DEBUG(0, ("smb_pam_account: PAM: User %s is NOT permitted to access system at this time\n", user)); + break; + case PAM_USER_UNKNOWN: + DEBUG(0, ("smb_pam_account: PAM: User \"%s\" is NOT known to account management\n", user)); + break; + case PAM_SUCCESS: + DEBUG(4, ("smb_pam_account: PAM: Account OK for User: %s\n", user)); + break; + default: + DEBUG(0, ("smb_pam_account: PAM: UNKNOWN PAM ERROR (%d) during Account Management for User: %s\n", pam_error, user)); + break; + } + + smb_pam_nt_status_error_handler(pamh, pam_error, "Account Check Failed", 2, &nt_status); + return nt_status; +} + +/* + * PAM Credential Setting + */ + +static NTSTATUS smb_pam_setcred(pam_handle_t *pamh, char * user) +{ + int pam_error; + NTSTATUS nt_status = NT_STATUS_NO_TOKEN; + + /* + * This will allow samba to aquire a kerberos token. And, when + * exporting an AFS cell, be able to /write/ to this cell. + */ + + DEBUG(4,("PAM: Account Management SetCredentials for User: %s\n", user)); + pam_error = pam_setcred(pamh, (PAM_ESTABLISH_CRED|PAM_SILENT)); + switch( pam_error ) { + case PAM_CRED_UNAVAIL: + DEBUG(0, ("smb_pam_setcred: PAM: Credentials not found for user:%s\n", user )); + break; + case PAM_CRED_EXPIRED: + DEBUG(0, ("smb_pam_setcred: PAM: Credentials for user: \"%s\" EXPIRED!\n", user )); + break; + case PAM_USER_UNKNOWN: + DEBUG(0, ("smb_pam_setcred: PAM: User: \"%s\" is NOT known so can not set credentials!\n", user )); + break; + case PAM_CRED_ERR: + DEBUG(0, ("smb_pam_setcred: PAM: Unknown setcredentials error - unable to set credentials for %s\n", user )); + break; + case PAM_SUCCESS: + DEBUG(4, ("smb_pam_setcred: PAM: SetCredentials OK for User: %s\n", user)); + break; + default: + DEBUG(0, ("smb_pam_setcred: PAM: UNKNOWN PAM ERROR (%d) during SetCredentials for User: %s\n", pam_error, user)); + break; + } + + smb_pam_nt_status_error_handler(pamh, pam_error, "Set Credential Failure", 2, &nt_status); + return nt_status; +} + +/* + * PAM Internal Session Handler + */ +static BOOL smb_internal_pam_session(pam_handle_t *pamh, char *user, char *tty, BOOL flag) +{ + int pam_error; + +#ifdef PAM_TTY + DEBUG(4,("smb_internal_pam_session: PAM: tty set to: %s\n", tty)); + pam_error = pam_set_item(pamh, PAM_TTY, tty); + if (!smb_pam_error_handler(pamh, pam_error, "set tty failed", 0)) + return False; +#endif + + if (flag) { + pam_error = pam_open_session(pamh, PAM_SILENT); + if (!smb_pam_error_handler(pamh, pam_error, "session setup failed", 0)) + return False; + } else { + pam_setcred(pamh, (PAM_DELETE_CRED|PAM_SILENT)); /* We don't care if this fails */ + pam_error = pam_close_session(pamh, PAM_SILENT); /* This will probably pick up the error anyway */ + if (!smb_pam_error_handler(pamh, pam_error, "session close failed", 0)) + return False; + } + return (True); +} + +/* + * Internal PAM Password Changer. + */ + +static BOOL smb_pam_chauthtok(pam_handle_t *pamh, const char * user) +{ + int pam_error; + + DEBUG(4,("smb_pam_chauthtok: PAM: Password Change for User: %s\n", user)); + + pam_error = pam_chauthtok(pamh, PAM_SILENT); /* Change Password */ + + switch( pam_error ) { + case PAM_AUTHTOK_ERR: + DEBUG(2, ("PAM: unable to obtain the new authentication token - is password to weak?\n")); + break; + + /* This doesn't seem to be defined on Solaris. JRA */ +#ifdef PAM_AUTHTOK_RECOVER_ERR + case PAM_AUTHTOK_RECOVER_ERR: + DEBUG(2, ("PAM: unable to obtain the old authentication token - was the old password wrong?.\n")); + break; +#endif + + case PAM_AUTHTOK_LOCK_BUSY: + DEBUG(2, ("PAM: unable to change the authentication token since it is currently locked.\n")); + break; + case PAM_AUTHTOK_DISABLE_AGING: + DEBUG(2, ("PAM: Authentication token aging has been disabled.\n")); + break; + case PAM_PERM_DENIED: + DEBUG(0, ("PAM: Permission denied.\n")); + break; + case PAM_TRY_AGAIN: + DEBUG(0, ("PAM: Could not update all authentication token(s). No authentication tokens were updated.\n")); + break; + case PAM_USER_UNKNOWN: + DEBUG(0, ("PAM: User not known to PAM\n")); + break; + case PAM_SUCCESS: + DEBUG(4, ("PAM: Account OK for User: %s\n", user)); + break; + default: + DEBUG(0, ("PAM: UNKNOWN PAM ERROR (%d) for User: %s\n", pam_error, user)); + } + + if(!smb_pam_error_handler(pamh, pam_error, "Password Change Failed", 2)) { + return False; + } + + /* If this point is reached, the password has changed. */ + return True; +} + +/* + * PAM Externally accessible Session handler + */ + +BOOL smb_pam_claim_session(char *user, char *tty, char *rhost) +{ + pam_handle_t *pamh = NULL; + struct pam_conv *pconv = NULL; + + /* Ignore PAM if told to. */ + + if (!lp_obey_pam_restrictions()) + return True; + + if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL) + return False; + + if (!smb_pam_start(&pamh, user, rhost, pconv)) + return False; + + if (!smb_internal_pam_session(pamh, user, tty, True)) { + smb_pam_end(pamh, pconv); + return False; + } + + return smb_pam_end(pamh, pconv); +} + +/* + * PAM Externally accessible Session handler + */ + +BOOL smb_pam_close_session(char *user, char *tty, char *rhost) +{ + pam_handle_t *pamh = NULL; + struct pam_conv *pconv = NULL; + + /* Ignore PAM if told to. */ + + if (!lp_obey_pam_restrictions()) + return True; + + if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL) + return False; + + if (!smb_pam_start(&pamh, user, rhost, pconv)) + return False; + + if (!smb_internal_pam_session(pamh, user, tty, False)) { + smb_pam_end(pamh, pconv); + return False; + } + + return smb_pam_end(pamh, pconv); +} + +/* + * PAM Externally accessible Account handler + */ + +NTSTATUS smb_pam_accountcheck(const char * user) +{ + NTSTATUS nt_status = NT_STATUS_ACCOUNT_DISABLED; + pam_handle_t *pamh = NULL; + struct pam_conv *pconv = NULL; + + /* Ignore PAM if told to. */ + + if (!lp_obey_pam_restrictions()) + return NT_STATUS_OK; + + if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, NULL, NULL)) == NULL) + return NT_STATUS_NO_MEMORY; + + if (!smb_pam_start(&pamh, user, NULL, pconv)) + return NT_STATUS_ACCOUNT_DISABLED; + + if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) + DEBUG(0, ("smb_pam_accountcheck: PAM: Account Validation Failed - Rejecting User %s!\n", user)); + + smb_pam_end(pamh, pconv); + return nt_status; +} + +/* + * PAM Password Validation Suite + */ + +NTSTATUS smb_pam_passcheck(char * user, char * password) +{ + pam_handle_t *pamh = NULL; + NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE; + struct pam_conv *pconv = NULL; + + /* + * Note we can't ignore PAM here as this is the only + * way of doing auths on plaintext passwords when + * compiled --with-pam. + */ + + if ((pconv = smb_setup_pam_conv(smb_pam_conv, user, password, NULL)) == NULL) + return NT_STATUS_LOGON_FAILURE; + + if (!smb_pam_start(&pamh, user, NULL, pconv)) + return NT_STATUS_LOGON_FAILURE; + + if (!NT_STATUS_IS_OK(nt_status = smb_pam_auth(pamh, user))) { + DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_auth failed - Rejecting User %s !\n", user)); + smb_pam_end(pamh, pconv); + return nt_status; + } + + if (!NT_STATUS_IS_OK(nt_status = smb_pam_account(pamh, user))) { + DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_account failed - Rejecting User %s !\n", user)); + smb_pam_end(pamh, pconv); + return nt_status; + } + + if (!NT_STATUS_IS_OK(nt_status = smb_pam_setcred(pamh, user))) { + DEBUG(0, ("smb_pam_passcheck: PAM: smb_pam_setcred failed - Rejecting User %s !\n", user)); + smb_pam_end(pamh, pconv); + return nt_status; + } + + smb_pam_end(pamh, pconv); + return nt_status; +} + +/* + * PAM Password Change Suite + */ + +BOOL smb_pam_passchange(const char * user, const char * oldpassword, const char * newpassword) +{ + /* Appropriate quantities of root should be obtained BEFORE calling this function */ + struct pam_conv *pconv = NULL; + pam_handle_t *pamh = NULL; + + if ((pconv = smb_setup_pam_conv(smb_pam_passchange_conv, user, oldpassword, newpassword)) == NULL) + return False; + + if(!smb_pam_start(&pamh, user, NULL, pconv)) + return False; + + if (!smb_pam_chauthtok(pamh, user)) { + DEBUG(0, ("smb_pam_passchange: PAM: Password Change Failed for user %s!\n", user)); + smb_pam_end(pamh, pconv); + return False; + } + + return smb_pam_end(pamh, pconv); +} + +#else + +/* If PAM not used, no PAM restrictions on accounts. */ +NTSTATUS smb_pam_accountcheck(const char * user) +{ + return NT_STATUS_OK; +} + +/* If PAM not used, also no PAM restrictions on sessions. */ +BOOL smb_pam_claim_session(char *user, char *tty, char *rhost) +{ + return True; +} + +/* If PAM not used, also no PAM restrictions on sessions. */ +BOOL smb_pam_close_session(char *in_user, char *tty, char *rhost) +{ + return True; +} +#endif /* WITH_PAM */ diff --git a/source3/auth/pass_check.c b/source3/auth/pass_check.c new file mode 100644 index 00000000000..47c9664a74c --- /dev/null +++ b/source3/auth/pass_check.c @@ -0,0 +1,793 @@ +/* + Unix SMB/CIFS implementation. + Password checking + Copyright (C) Andrew Tridgell 1992-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* this module is for checking a username/password against a system + password database. The SMB encrypted password support is elsewhere */ + +#include "includes.h" + +/* these are kept here to keep the string_combinations function simple */ +static fstring this_user; +#if !defined(WITH_PAM) +static fstring this_salt; +static fstring this_crypted; +#endif + +#ifdef WITH_AFS + +#include +#include + +/******************************************************************* +check on AFS authentication +********************************************************************/ +static BOOL afs_auth(char *user, char *password) +{ + long password_expires = 0; + char *reason; + + /* For versions of AFS prior to 3.3, this routine has few arguments, */ + /* but since I can't find the old documentation... :-) */ + setpag(); + if (ka_UserAuthenticateGeneral + (KA_USERAUTH_VERSION + KA_USERAUTH_DOSETPAG, user, (char *)0, /* instance */ + (char *)0, /* cell */ + password, 0, /* lifetime, default */ + &password_expires, /*days 'til it expires */ + 0, /* spare 2 */ + &reason) == 0) + { + return (True); + } + DEBUG(1, + ("AFS authentication for \"%s\" failed (%s)\n", user, reason)); + return (False); +} +#endif + + +#ifdef WITH_DFS + +#include +#include + +/***************************************************************** + This new version of the DFS_AUTH code was donated by Karsten Muuss + . It fixes the following problems with the + old code : + + - Server credentials may expire + - Client credential cache files have wrong owner + - purge_context() function is called with invalid argument + + This new code was modified to ensure that on exit the uid/gid is + still root, and the original directory is restored. JRA. +******************************************************************/ + +sec_login_handle_t my_dce_sec_context; +int dcelogin_atmost_once = 0; + +/******************************************************************* +check on a DCE/DFS authentication +********************************************************************/ +static BOOL dfs_auth(char *user, char *password) +{ + error_status_t err; + int err2; + int prterr; + signed32 expire_time, current_time; + boolean32 password_reset; + struct passwd *pw; + sec_passwd_rec_t passwd_rec; + sec_login_auth_src_t auth_src = sec_login_auth_src_network; + unsigned char dce_errstr[dce_c_error_string_len]; + gid_t egid; + + if (dcelogin_atmost_once) + return (False); + +#ifdef HAVE_CRYPT + /* + * We only go for a DCE login context if the given password + * matches that stored in the local password file.. + * Assumes local passwd file is kept in sync w/ DCE RGY! + */ + + if (strcmp((char *)crypt(password, this_salt), this_crypted)) + { + return (False); + } +#endif + + sec_login_get_current_context(&my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr)); + + return (False); + } + + sec_login_certify_identity(my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get current context. %s\n", dce_errstr)); + + return (False); + } + + sec_login_get_expiration(my_dce_sec_context, &expire_time, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr)); + + return (False); + } + + time(¤t_time); + + if (expire_time < (current_time + 60)) + { + struct passwd *pw; + sec_passwd_rec_t *key; + + sec_login_get_pwent(my_dce_sec_context, + (sec_login_passwd_t *) & pw, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr)); + + return (False); + } + + sec_login_refresh_identity(my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't refresh identity. %s\n", + dce_errstr)); + + return (False); + } + + sec_key_mgmt_get_key(rpc_c_authn_dce_secret, NULL, + (unsigned char *)pw->pw_name, + sec_c_key_version_none, + (void **)&key, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get key for %s. %s\n", + pw->pw_name, dce_errstr)); + + return (False); + } + + sec_login_valid_and_cert_ident(my_dce_sec_context, key, + &password_reset, &auth_src, + &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, + ("DCE can't validate and certify identity for %s. %s\n", + pw->pw_name, dce_errstr)); + } + + sec_key_mgmt_free_key(key, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't free key.\n", dce_errstr)); + } + } + + if (sec_login_setup_identity((unsigned char *)user, + sec_login_no_flags, + &my_dce_sec_context, &err) == 0) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE Setup Identity for %s failed: %s\n", + user, dce_errstr)); + return (False); + } + + sec_login_get_pwent(my_dce_sec_context, + (sec_login_passwd_t *) & pw, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr)); + + return (False); + } + + sec_login_purge_context(&my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't purge context. %s\n", dce_errstr)); + + return (False); + } + + /* + * NB. I'd like to change these to call something like change_to_user() + * instead but currently we don't have a connection + * context to become the correct user. This is already + * fairly platform specific code however, so I think + * this should be ok. I have added code to go + * back to being root on error though. JRA. + */ + + egid = getegid(); + + set_effective_gid(pw->pw_gid); + set_effective_uid(pw->pw_uid); + + if (sec_login_setup_identity((unsigned char *)user, + sec_login_no_flags, + &my_dce_sec_context, &err) == 0) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE Setup Identity for %s failed: %s\n", + user, dce_errstr)); + goto err; + } + + sec_login_get_pwent(my_dce_sec_context, + (sec_login_passwd_t *) & pw, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr)); + goto err; + } + + passwd_rec.version_number = sec_passwd_c_version_none; + passwd_rec.pepper = NULL; + passwd_rec.key.key_type = sec_passwd_plain; + passwd_rec.key.tagged_union.plain = (idl_char *) password; + + sec_login_validate_identity(my_dce_sec_context, + &passwd_rec, &password_reset, + &auth_src, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, + ("DCE Identity Validation failed for principal %s: %s\n", + user, dce_errstr)); + goto err; + } + + sec_login_certify_identity(my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE certify identity failed: %s\n", dce_errstr)); + goto err; + } + + if (auth_src != sec_login_auth_src_network) + { + DEBUG(0, ("DCE context has no network credentials.\n")); + } + + sec_login_set_context(my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, + ("DCE login failed for principal %s, cant set context: %s\n", + user, dce_errstr)); + + sec_login_purge_context(&my_dce_sec_context, &err); + goto err; + } + + sec_login_get_pwent(my_dce_sec_context, + (sec_login_passwd_t *) & pw, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get pwent. %s\n", dce_errstr)); + goto err; + } + + DEBUG(0, ("DCE login succeeded for principal %s on pid %d\n", + user, sys_getpid())); + + DEBUG(3, ("DCE principal: %s\n" + " uid: %d\n" + " gid: %d\n", + pw->pw_name, pw->pw_uid, pw->pw_gid)); + DEBUG(3, (" info: %s\n" + " dir: %s\n" + " shell: %s\n", + pw->pw_gecos, pw->pw_dir, pw->pw_shell)); + + sec_login_get_expiration(my_dce_sec_context, &expire_time, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, ("DCE can't get expiration. %s\n", dce_errstr)); + goto err; + } + + set_effective_uid(0); + set_effective_gid(0); + + DEBUG(0, + ("DCE context expires: %s", asctime(localtime(&expire_time)))); + + dcelogin_atmost_once = 1; + return (True); + + err: + + /* Go back to root, JRA. */ + set_effective_uid(0); + set_effective_gid(egid); + return (False); +} + +void dfs_unlogin(void) +{ + error_status_t err; + int err2; + unsigned char dce_errstr[dce_c_error_string_len]; + + sec_login_purge_context(&my_dce_sec_context, &err); + if (err != error_status_ok) + { + dce_error_inq_text(err, dce_errstr, &err2); + DEBUG(0, + ("DCE purge login context failed for server instance %d: %s\n", + sys_getpid(), dce_errstr)); + } +} +#endif + +#ifdef LINUX_BIGCRYPT +/**************************************************************************** +an enhanced crypt for Linux to handle password longer than 8 characters +****************************************************************************/ +static int linux_bigcrypt(char *password, char *salt1, char *crypted) +{ +#define LINUX_PASSWORD_SEG_CHARS 8 + char salt[3]; + int i; + + StrnCpy(salt, salt1, 2); + crypted += 2; + + for (i = strlen(password); i > 0; i -= LINUX_PASSWORD_SEG_CHARS) { + char *p = crypt(password, salt) + 2; + if (strncmp(p, crypted, LINUX_PASSWORD_SEG_CHARS) != 0) + return (0); + password += LINUX_PASSWORD_SEG_CHARS; + crypted += strlen(p); + } + + return (1); +} +#endif + +#ifdef OSF1_ENH_SEC +/**************************************************************************** +an enhanced crypt for OSF1 +****************************************************************************/ +static char *osf1_bigcrypt(char *password, char *salt1) +{ + static char result[AUTH_MAX_PASSWD_LENGTH] = ""; + char *p1; + char *p2 = password; + char salt[3]; + int i; + int parts = strlen(password) / AUTH_CLEARTEXT_SEG_CHARS; + if (strlen(password) % AUTH_CLEARTEXT_SEG_CHARS) + parts++; + + StrnCpy(salt, salt1, 2); + StrnCpy(result, salt1, 2); + result[2] = '\0'; + + for (i = 0; i < parts; i++) { + p1 = crypt(p2, salt); + strncat(result, p1 + 2, + AUTH_MAX_PASSWD_LENGTH - strlen(p1 + 2) - 1); + StrnCpy(salt, &result[2 + i * AUTH_CIPHERTEXT_SEG_CHARS], 2); + p2 += AUTH_CLEARTEXT_SEG_CHARS; + } + + return (result); +} +#endif + + +/**************************************************************************** +apply a function to upper/lower case combinations +of a string and return true if one of them returns true. +try all combinations with N uppercase letters. +offset is the first char to try and change (start with 0) +it assumes the string starts lowercased +****************************************************************************/ +static NTSTATUS string_combinations2(char *s, int offset, NTSTATUS (*fn) (char *), + int N) +{ + int len = strlen(s); + int i; + NTSTATUS nt_status; + +#ifdef PASSWORD_LENGTH + len = MIN(len, PASSWORD_LENGTH); +#endif + + if (N <= 0 || offset >= len) + return (fn(s)); + + for (i = offset; i < (len - (N - 1)); i++) { + char c = s[i]; + if (!islower(c)) + continue; + s[i] = toupper(c); + if (!NT_STATUS_EQUAL(nt_status = string_combinations2(s, i + 1, fn, N - 1),NT_STATUS_WRONG_PASSWORD)) { + return (nt_status); + } + s[i] = c; + } + return (NT_STATUS_WRONG_PASSWORD); +} + +/**************************************************************************** +apply a function to upper/lower case combinations +of a string and return true if one of them returns true. +try all combinations with up to N uppercase letters. +offset is the first char to try and change (start with 0) +it assumes the string starts lowercased +****************************************************************************/ +static NTSTATUS string_combinations(char *s, NTSTATUS (*fn) (char *), int N) +{ + int n; + NTSTATUS nt_status; + for (n = 1; n <= N; n++) + if (!NT_STATUS_EQUAL(nt_status = string_combinations2(s, 0, fn, n), NT_STATUS_WRONG_PASSWORD)) + return nt_status; + return NT_STATUS_WRONG_PASSWORD; +} + + +/**************************************************************************** +core of password checking routine +****************************************************************************/ +static NTSTATUS password_check(char *password) +{ +#ifdef WITH_PAM + return smb_pam_passcheck(this_user, password); +#else + + BOOL ret; + +#ifdef WITH_AFS + if (afs_auth(this_user, password)) + return NT_STATUS_OK; +#endif /* WITH_AFS */ + +#ifdef WITH_DFS + if (dfs_auth(this_user, password)) + return NT_STATUS_OK; +#endif /* WITH_DFS */ + +#ifdef OSF1_ENH_SEC + + ret = (strcmp(osf1_bigcrypt(password, this_salt), + this_crypted) == 0); + if (!ret) { + DEBUG(2, + ("OSF1_ENH_SEC failed. Trying normal crypt.\n")); + ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0); + } + if (ret) { + return NT_STATUS_OK; + } else { + return NT_STATUS_WRONG_PASSWORD; + } + +#endif /* OSF1_ENH_SEC */ + +#ifdef ULTRIX_AUTH + ret = (strcmp((char *)crypt16(password, this_salt), this_crypted) == 0); + if (ret) { + return NT_STATUS_OK; + } else { + return NT_STATUS_WRONG_PASSWORD; + } + +#endif /* ULTRIX_AUTH */ + +#ifdef LINUX_BIGCRYPT + ret = (linux_bigcrypt(password, this_salt, this_crypted)); + if (ret) { + return NT_STATUS_OK; + } else { + return NT_STATUS_WRONG_PASSWORD; + } +#endif /* LINUX_BIGCRYPT */ + +#if defined(HAVE_BIGCRYPT) && defined(HAVE_CRYPT) && defined(USE_BOTH_CRYPT_CALLS) + + /* + * Some systems have bigcrypt in the C library but might not + * actually use it for the password hashes (HPUX 10.20) is + * a noteable example. So we try bigcrypt first, followed + * by crypt. + */ + + if (strcmp(bigcrypt(password, this_salt), this_crypted) == 0) + return NT_STATUS_OK; + else + ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0); + if (ret) { + return NT_STATUS_OK; + } else { + return NT_STATUS_WRONG_PASSWORD; + } +#else /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */ + +#ifdef HAVE_BIGCRYPT + ret = (strcmp(bigcrypt(password, this_salt), this_crypted) == 0); + if (ret) { + return NT_STATUS_OK; + } else { + return NT_STATUS_WRONG_PASSWORD; + } +#endif /* HAVE_BIGCRYPT */ + +#ifndef HAVE_CRYPT + DEBUG(1, ("Warning - no crypt available\n")); + return NT_STATUS_LOGON_FAILURE; +#else /* HAVE_CRYPT */ + ret = (strcmp((char *)crypt(password, this_salt), this_crypted) == 0); + if (ret) { + return NT_STATUS_OK; + } else { + return NT_STATUS_WRONG_PASSWORD; + } +#endif /* HAVE_CRYPT */ +#endif /* HAVE_BIGCRYPT && HAVE_CRYPT && USE_BOTH_CRYPT_CALLS */ +#endif /* WITH_PAM || KRB4_AUTH || KRB5_AUTH */ +} + + + +/**************************************************************************** +CHECK if a username/password is OK +the function pointer fn() points to a function to call when a successful +match is found and is used to update the encrypted password file +return NT_STATUS_OK on correct match, appropriate error otherwise +****************************************************************************/ + +NTSTATUS pass_check(const struct passwd *input_pass, char *user, char *password, + int pwlen, BOOL (*fn) (char *, char *), BOOL run_cracker) +{ + struct passwd *pass; + pstring pass2; + int level = lp_passwordlevel(); + + NTSTATUS nt_status; + if (password) + password[pwlen] = 0; + +#if DEBUG_PASSWORD + DEBUG(100, ("checking user=[%s] pass=[%s]\n", user, password)); +#endif + + if (!password) + return NT_STATUS_LOGON_FAILURE; + + if (((!*password) || (!pwlen)) && !lp_null_passwords()) + return NT_STATUS_LOGON_FAILURE; + +#if defined(WITH_PAM) + + /* + * If we're using PAM we want to short-circuit all the + * checks below and dive straight into the PAM code. + */ + + fstrcpy(this_user, user); + + DEBUG(4, ("pass_check: Checking (PAM) password for user %s (l=%d)\n", user, pwlen)); + +#else /* Not using PAM */ + + DEBUG(4, ("pass_check: Checking password for user %s (l=%d)\n", user, pwlen)); + + if (!input_pass) { + DEBUG(3, ("Couldn't find user %s\n", user)); + return NT_STATUS_NO_SUCH_USER; + } + + pass = make_modifyable_passwd(input_pass); + +#ifdef HAVE_GETSPNAM + { + struct spwd *spass; + + /* many shadow systems require you to be root to get + the password, in most cases this should already be + the case when this function is called, except + perhaps for IPC password changing requests */ + + spass = getspnam(pass->pw_name); + if (spass && spass->sp_pwdp) + pstrcpy(pass->pw_passwd, spass->sp_pwdp); + } +#elif defined(IA_UINFO) + { + /* Need to get password with SVR4.2's ia_ functions + instead of get{sp,pw}ent functions. Required by + UnixWare 2.x, tested on version + 2.1. (tangent@cyberport.com) */ + uinfo_t uinfo; + if (ia_openinfo(pass->pw_name, &uinfo) != -1) + ia_get_logpwd(uinfo, &(pass->pw_passwd)); + } +#endif + +#ifdef HAVE_GETPRPWNAM + { + struct pr_passwd *pr_pw = getprpwnam(pass->pw_name); + if (pr_pw && pr_pw->ufld.fd_encrypt) + pstrcpy(pass->pw_passwd, pr_pw->ufld.fd_encrypt); + } +#endif + +#ifdef HAVE_GETPWANAM + { + struct passwd_adjunct *pwret; + pwret = getpwanam(s); + if (pwret && pwret->pwa_passwd) + pstrcpy(pass->pw_passwd,pwret->pwa_passwd); + } +#endif + +#ifdef OSF1_ENH_SEC + { + struct pr_passwd *mypasswd; + DEBUG(5, ("Checking password for user %s in OSF1_ENH_SEC\n", + user)); + mypasswd = getprpwnam(user); + if (mypasswd) { + fstrcpy(pass->pw_name, mypasswd->ufld.fd_name); + fstrcpy(pass->pw_passwd, mypasswd->ufld.fd_encrypt); + } else { + DEBUG(5, + ("OSF1_ENH_SEC: No entry for user %s in protected database !\n", + user)); + } + } +#endif + +#ifdef ULTRIX_AUTH + { + AUTHORIZATION *ap = getauthuid(pass->pw_uid); + if (ap) { + fstrcpy(pass->pw_passwd, ap->a_password); + endauthent(); + } + } +#endif + + /* extract relevant info */ + fstrcpy(this_salt, pass->pw_passwd); + +#if defined(HAVE_TRUNCATED_SALT) + /* crypt on some platforms (HPUX in particular) + won't work with more than 2 salt characters. */ + this_salt[2] = 0; +#endif + + /* Copy into global for the convenience of looping code */ + fstrcpy(this_crypted, pass->pw_passwd); + + if (!*this_crypted) { + if (!lp_null_passwords()) { + DEBUG(2, ("Disallowing %s with null password\n", + this_user)); + passwd_free(&pass); + return NT_STATUS_LOGON_FAILURE; + } + if (!*password) { + DEBUG(3, + ("Allowing access to %s with null password\n", + this_user)); + passwd_free(&pass); + return NT_STATUS_OK; + } + } + + passwd_free(&pass); + +#endif /* defined(WITH_PAM) */ + + /* try it as it came to us */ + nt_status = password_check(password); + if NT_STATUS_IS_OK(nt_status) { + if (fn) { + fn(user, password); + } + return (nt_status); + } else if (!NT_STATUS_EQUAL(nt_status, NT_STATUS_WRONG_PASSWORD)) { + /* No point continuing if its not the password thats to blame (ie PAM disabled). */ + return (nt_status); + } + + if (!run_cracker) { + return (nt_status); + } + + /* if the password was given to us with mixed case then we don't + * need to proceed as we know it hasn't been case modified by the + * client */ + if (strhasupper(password) && strhaslower(password)) { + passwd_free(&pass); + return nt_status; + } + + /* make a copy of it */ + StrnCpy(pass2, password, sizeof(pstring) - 1); + + /* try all lowercase if it's currently all uppercase */ + if (strhasupper(password)) { + strlower(password); + if NT_STATUS_IS_OK(nt_status = password_check(password)) { + if (fn) + fn(user, password); + return (nt_status); + } + } + + /* give up? */ + if (level < 1) { + /* restore it */ + fstrcpy(password, pass2); + return NT_STATUS_WRONG_PASSWORD; + } + + /* last chance - all combinations of up to level chars upper! */ + strlower(password); + + + if NT_STATUS_IS_OK(nt_status = string_combinations(password, password_check, level)) { + if (fn) + fn(user, password); + return nt_status; + } + + /* restore it */ + fstrcpy(password, pass2); + + return NT_STATUS_WRONG_PASSWORD; +} diff --git a/source3/bin/.cvsignore b/source3/bin/.cvsignore new file mode 100644 index 00000000000..c152d8918ab --- /dev/null +++ b/source3/bin/.cvsignore @@ -0,0 +1,38 @@ +.dummy +.libs +locktest +locktest2 +make_printerdef +make_smbcodepage +make_unicodemap +masktest +msgtest +net +nmbd +nmblookup +pdbedit +rpcclient +samsync +smbcacls +smbcacls +smbclient +smbcontrol +smbd +smbgroupedit +smbmnt +smbmount +smbpasswd +smbsh +smbspool +smbstatus +smbtorture +smbtree +smbumount +swat +talloctort +tdbbackup +testparm +testprns +wbinfo +winbindd +wrepld diff --git a/source3/change-log b/source3/change-log index e120ac6f02a..1f7798b541f 100644 --- a/source3/change-log +++ b/source3/change-log @@ -1,10 +1,13 @@ -Change Log for Samba +SUPERCEDED Change Log for Samba +^^^^^^^^^^ Unless otherwise attributed, all changes were made by -Andrew.Tridgell@anu.edu.au +Andrew.Tridgell@anu.edu.au. All bugs to samba-bugs@samba.org. NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER +NOTE: From now on the cvs.log file will be used to give a complete log of +changes to samba. This change-log is now obsolete. 1.5.00 announced to mailing list @@ -1793,6 +1796,9 @@ NOTE: THIS LOG IS IN CHRONOLOGICAL ORDER - Linux quota patch from xeno@mix.hsv.no - try to work around NT passlen2 problem in session setup - released alpha1 + +NOTE: From now on the cvs.log file will be used to give a complete log of +changes to samba. This change-log is now obsolete. ========== @@ -1869,4 +1875,4 @@ lpd stuff: Tony Aiuto (tony@ics.com) make max disk size local - \ No newline at end of file + diff --git a/source3/client/.cvsignore b/source3/client/.cvsignore new file mode 100644 index 00000000000..e69de29bb2d diff --git a/source3/client/client.c b/source3/client/client.c index 504cb5a0bb4..1daba28b98e 100644 --- a/source3/client/client.c +++ b/source3/client/client.c @@ -1,8 +1,8 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. SMB client - Copyright (C) Andrew Tridgell 1994-1995 + Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) Simo Sorce 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,36 +19,40 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#ifdef SYSLOG -#undef SYSLOG -#endif +#define NO_SYSLOG #include "includes.h" -#include "nameserv.h" #ifndef REGISTER #define REGISTER 0 #endif +const char prog_name[] = "smbclient"; + +struct cli_state *cli; +extern BOOL in_client; +extern BOOL AllowDebugChange; +static int port = 0; pstring cur_dir = "\\"; pstring cd_path = ""; -pstring service=""; -pstring desthost=""; -pstring myname = ""; -pstring password = ""; -pstring username=""; -pstring workgroup=WORKGROUP; -BOOL got_pass = False; -BOOL connect_as_printer = False; -BOOL connect_as_ipc = False; -extern struct in_addr bcast_ip; -static BOOL got_bcast=False; - -char cryptkey[8]; -BOOL doencrypt=False; - +static pstring service; +static pstring desthost; +extern pstring global_myname; +static pstring password; +static pstring username; +static pstring workgroup; +static char *cmdstr; +static BOOL got_pass; +static int io_bufsize = 64512; +static BOOL use_kerberos; + +static int name_type = 0x20; +static int max_protocol = PROTOCOL_NT1; extern pstring user_socket_options; +static int process_tok(fstring tok); +static int cmd_help(void); + /* 30 second timeout on most commands */ #define CLIENT_TIMEOUT (30*1000) #define SHORT_TIMEOUT (5*1000) @@ -56,65 +60,35 @@ extern pstring user_socket_options; /* value for unused fid field in trans2 secondary request */ #define FID_UNUSED (0xFFFF) -int name_type = 0x20; - -int max_protocol = PROTOCOL_NT1; - - time_t newer_than = 0; int archive_level = 0; -extern struct in_addr myip; - -extern pstring debugf; -extern int DEBUGLEVEL; - BOOL translation = False; +static BOOL have_ip; + /* clitar bits insert */ -extern void cmd_tar(); -extern void cmd_block(); -extern void cmd_tarmode(); -extern void cmd_setmode(); extern int blocksize; extern BOOL tar_inc; extern BOOL tar_reset; -extern int process_tar(); -extern int tar_parseargs(); /* clitar bits end */ -int cnum = 0; -int pid = 0; -int gid = 0; -int uid = 0; -int mid = 0; -int myumask = 0755; - -int max_xmit = BUFFER_SIZE; - -extern pstring scope; +mode_t myumask = 0755; BOOL prompt = True; int printmode = 1; -BOOL recurse = False; +static BOOL recurse = False; BOOL lowercase = False; -BOOL have_ip = False; - struct in_addr dest_ip; #define SEPARATORS " \t\n\r" BOOL abort_mget = True; -extern int Protocol; - -BOOL readbraw_supported = False; -BOOL writebraw_supported = False; - pstring fileselection = ""; extern file_info def_finfo; @@ -125,269 +99,114 @@ int get_total_time_ms = 0; int put_total_size = 0; int put_total_time_ms = 0; - -extern int Client; +/* totals globals */ +static double dir_total; #define USENMB -#ifdef KANJI -extern int coding_system; -#define CNV_LANG(s) (coding_system == DOSV_CODE?s:dos_to_unix(s, False)) -#define CNV_INPUT(s) (coding_system == DOSV_CODE?s:unix_to_dos(s, True)) -static BOOL -setup_term_code (char *code) -{ - int new; - new = interpret_coding_system (code, UNKNOWN_CODE); - if (new != UNKNOWN_CODE) { - coding_system = new; - return True; - } - return False; -} -#else -#define CNV_LANG(s) dos2unix_format(s,False) -#define CNV_INPUT(s) unix2dos_format(s,True) -#endif - -static void send_logout(void ); -BOOL reopen_connection(char *inbuf,char *outbuf); -static int do_long_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir); -static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir); -static BOOL call_api(int prcnt,int drcnt,int mprcnt,int mdrcnt, - int *rprcnt,int *rdrcnt,char *param,char *data, - char **rparam,char **rdata); -static BOOL send_trans_request(char *outbuf,int trans, - char *name,int fid,int flags, - char *data,char *param,uint16 *setup, - int ldata,int lparam,int lsetup, - int mdata,int mparam,int msetup); - - -/**************************************************************************** -setup basics in a outgoing packet -****************************************************************************/ -void setup_pkt(char *outbuf) -{ - SSVAL(outbuf,smb_pid,pid); - SSVAL(outbuf,smb_uid,uid); - SSVAL(outbuf,smb_mid,mid); - if (Protocol > PROTOCOL_CORE) - { - SCVAL(outbuf,smb_flg,0x8); - SSVAL(outbuf,smb_flg2,0x1); - } -} - /**************************************************************************** write to a local file with CR/LF->LF translation if appropriate. return the number taken from the buffer. This may not equal the number written. ****************************************************************************/ static int writefile(int f, char *b, int n) { - int i; + int i; - if (!translation) - return(write(f,b,n)); - - i = 0; - while (i < n) - { - if (*b == '\r' && (i<(n-1)) && *(b+1) == '\n') - { - b++;i++; + if (!translation) { + return write(f,b,n); } - if (write(f, b, 1) != 1) - { - break; + + i = 0; + while (i < n) { + if (*b == '\r' && (i<(n-1)) && *(b+1) == '\n') { + b++;i++; + } + if (write(f, b, 1) != 1) { + break; + } + b++; + i++; } - b++; - i++; - } - return(i); + return(i); } /**************************************************************************** read from a file with LF->CR/LF translation if appropriate. return the number read. read approx n bytes. ****************************************************************************/ -static int readfile(char *b, int size, int n, FILE *f) +static int readfile(char *b, int n, XFILE *f) { - int i; - int c; + int i; + int c; - if (!translation || (size != 1)) - return(fread(b,size,n,f)); + if (!translation) + return x_fread(b,1,n,f); - i = 0; - while (i < n) - { - if ((c = getc(f)) == EOF) - { - break; - } + i = 0; + while (i < (n - 1) && (i < BUFFER_SIZE)) { + if ((c = x_getc(f)) == EOF) { + break; + } - if (c == '\n') /* change all LFs to CR/LF */ - { - b[i++] = '\r'; - n++; - } + if (c == '\n') { /* change all LFs to CR/LF */ + b[i++] = '\r'; + } - b[i++] = c; - } + b[i++] = c; + } - return(i); + return(i); } -/**************************************************************************** -read from a file with print translation. return the number read. read approx n -bytes. -****************************************************************************/ -static int printread(FILE *f,char *b,int n) -{ - int i; - - i = readfile(b,1, n-1,f); -#if FORMFEED - if (feof(f) && i>0) - b[i++] = '\014'; -#endif - - return(i); -} - -/**************************************************************************** -check for existance of a dir -****************************************************************************/ -static BOOL chkpath(char *path,BOOL report) -{ - fstring path2; - pstring inbuf,outbuf; - char *p; - - strcpy(path2,path); - trim_string(path2,NULL,"\\"); - if (!*path2) *path2 = '\\'; - - bzero(outbuf,smb_size); - set_message(outbuf,0,4 + strlen(path2),True); - SCVAL(outbuf,smb_com,SMBchkpth); - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,path2); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (report && CVAL(inbuf,smb_rcls) != 0) - DEBUG(2,("chkpath: %s\n",smb_errstr(inbuf))); - - return(CVAL(inbuf,smb_rcls) == 0); -} - - /**************************************************************************** send a message ****************************************************************************/ -static void send_message(char *inbuf,char *outbuf) +static void send_message(void) { - int total_len = 0; - - char *p; - int grp_id; + int total_len = 0; + int grp_id; - /* send a SMBsendstrt command */ - bzero(outbuf,smb_size); - set_message(outbuf,0,0,True); - CVAL(outbuf,smb_com) = SMBsendstrt; - SSVAL(outbuf,smb_tid,cnum); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,username); - p = skip_string(p,1); - *p++ = 4; - strcpy(p,desthost); - p = skip_string(p,1); - - set_message(outbuf,0,PTR_DIFF(p,smb_buf(outbuf)),False); - - send_smb(Client,outbuf); - + if (!cli_message_start(cli, desthost, username, &grp_id)) { + d_printf("message start: %s\n", cli_errstr(cli)); + return; + } - if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0) - { - printf("SMBsendstrt failed. (%s)\n",smb_errstr(inbuf)); - return; - } - grp_id = SVAL(inbuf,smb_vwv0); + d_printf("Connected. Type your message, ending it with a Control-D\n"); - printf("Connected. Type your message, ending it with a Control-D\n"); + while (!feof(stdin) && total_len < 1600) { + int maxlen = MIN(1600 - total_len,127); + pstring msg; + int l=0; + int c; - while (!feof(stdin) && total_len < 1600) - { - int maxlen = MIN(1600 - total_len,127); - pstring msg; - int l=0; - int c; + ZERO_ARRAY(msg); - bzero(msg,smb_size); + for (l=0;l= 1600) + d_printf("the message was truncated to 1600 bytes\n"); + else + d_printf("sent %d bytes\n",total_len); - if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0) - { - printf("SMBsendtxt failed (%s)\n",smb_errstr(inbuf)); - return; + if (!cli_message_end(cli, grp_id)) { + d_printf("SMBsendend failed (%s)\n",cli_errstr(cli)); + return; } - - total_len += l; - } - - if (total_len >= 1600) - printf("the message was truncated to 1600 bytes "); - else - printf("sent %d bytes ",total_len); - - printf("(status was %d-%d)\n",CVAL(inbuf,smb_rcls),SVAL(inbuf,smb_err)); - - CVAL(outbuf,smb_com) = SMBsendend; - set_message(outbuf,1,0,False); - SSVAL(outbuf,smb_vwv0,grp_id); - - send_smb(Client,outbuf); - - - if (!receive_smb(Client,inbuf,SHORT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0) - { - printf("SMBsendend failed (%s)\n",smb_errstr(inbuf)); - return; - } } @@ -395,3332 +214,1807 @@ static void send_message(char *inbuf,char *outbuf) /**************************************************************************** check the space on a device ****************************************************************************/ -static void do_dskattr(void) +static int do_dskattr(void) { - pstring inbuf,outbuf; + int total, bsize, avail; - bzero(outbuf,smb_size); - set_message(outbuf,0,0,True); - CVAL(outbuf,smb_com) = SMBdskattr; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); + if (!cli_dskattr(cli, &bsize, &total, &avail)) { + d_printf("Error in dskattr: %s\n",cli_errstr(cli)); + return 1; + } - if (CVAL(inbuf,smb_rcls) != 0) - DEBUG(0,("Error in dskattr: %s\n",smb_errstr(inbuf))); + d_printf("\n\t\t%d blocks of size %d. %d blocks available\n", + total, bsize, avail); - DEBUG(0,("\n\t\t%d blocks of size %d. %d blocks available\n", - SVAL(inbuf,smb_vwv0), - SVAL(inbuf,smb_vwv1)*SVAL(inbuf,smb_vwv2), - SVAL(inbuf,smb_vwv3))); + return 0; } /**************************************************************************** show cd/pwd ****************************************************************************/ -static void cmd_pwd(void) +static int cmd_pwd(void) { - DEBUG(0,("Current directory is %s",CNV_LANG(service))); - DEBUG(0,("%s\n",CNV_LANG(cur_dir))); + d_printf("Current directory is %s",service); + d_printf("%s\n",cur_dir); + return 0; } /**************************************************************************** change directory - inner section ****************************************************************************/ -static void do_cd(char *newdir) +static int do_cd(char *newdir) { - char *p = newdir; - pstring saved_dir; - pstring dname; + char *p = newdir; + pstring saved_dir; + pstring dname; - /* Save the current directory in case the - new directory is invalid */ - strcpy(saved_dir, cur_dir); - if (*p == '\\') - strcpy(cur_dir,p); - else - strcat(cur_dir,p); - if (*(cur_dir+strlen(cur_dir)-1) != '\\') { - strcat(cur_dir, "\\"); - } - dos_clean_name(cur_dir); - strcpy(dname,cur_dir); - strcat(cur_dir,"\\"); - dos_clean_name(cur_dir); - - if (!strequal(cur_dir,"\\")) - if (!chkpath(dname,True)) - strcpy(cur_dir,saved_dir); - - strcpy(cd_path,cur_dir); + dos_format(newdir); + + /* Save the current directory in case the + new directory is invalid */ + pstrcpy(saved_dir, cur_dir); + if (*p == '\\') + pstrcpy(cur_dir,p); + else + pstrcat(cur_dir,p); + if (*(cur_dir+strlen(cur_dir)-1) != '\\') { + pstrcat(cur_dir, "\\"); + } + dos_clean_name(cur_dir); + pstrcpy(dname,cur_dir); + pstrcat(cur_dir,"\\"); + dos_clean_name(cur_dir); + + if (!strequal(cur_dir,"\\")) { + if (!cli_chkpath(cli, dname)) { + d_printf("cd %s: %s\n", dname, cli_errstr(cli)); + pstrcpy(cur_dir,saved_dir); + } + } + + pstrcpy(cd_path,cur_dir); + + return 0; } /**************************************************************************** change directory ****************************************************************************/ -static void cmd_cd(char *inbuf,char *outbuf) +static int cmd_cd(void) { - fstring buf; - - if (next_token(NULL,buf,NULL)) - do_cd(buf); - else - DEBUG(0,("Current directory is %s\n",CNV_LANG(cur_dir))); -} + fstring buf; + int rc = 0; + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) + rc = do_cd(buf); + else + d_printf("Current directory is %s\n",cur_dir); -/**************************************************************************** - display info about a file - ****************************************************************************/ -static void display_finfo(file_info *finfo) -{ - time_t t = finfo->mtime; /* the time is assumed to be passed as GMT */ - DEBUG(0,(" %-30s%7.7s%10d %s", - CNV_LANG(finfo->name), - attrib_string(finfo->mode), - finfo->size, - asctime(LocalTime(&t,GMT_TO_LOCAL)))); + return rc; } -/**************************************************************************** - do a directory listing, calling fn on each file found - ****************************************************************************/ -void do_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir) -{ - DEBUG(5,("do_dir(%s,%x,%s)\n",Mask,attribute,BOOLSTR(recurse_dir))); - if (Protocol >= PROTOCOL_LANMAN2) - { - if (do_long_dir(inbuf,outbuf,Mask,attribute,fn,recurse_dir) > 0) - return; - } - - expand_mask(Mask,False); - do_short_dir(inbuf,outbuf,Mask,attribute,fn,recurse_dir); - return; -} /******************************************************************* decide if a file should be operated on ********************************************************************/ static BOOL do_this_one(file_info *finfo) { - if (finfo->mode & aDIR) return(True); + if (finfo->mode & aDIR) return(True); - if (newer_than && finfo->mtime < newer_than) - return(False); + if (*fileselection && + !mask_match(finfo->name,fileselection,False)) { + DEBUG(3,("match_match %s failed\n", finfo->name)); + return False; + } - if ((archive_level==1 || archive_level==2) && !(finfo->mode & aARCH)) - return(False); + if (newer_than && finfo->mtime < newer_than) { + DEBUG(3,("newer_than %s failed\n", finfo->name)); + return(False); + } - return(True); + if ((archive_level==1 || archive_level==2) && !(finfo->mode & aARCH)) { + DEBUG(3,("archive %s failed\n", finfo->name)); + return(False); + } + + return(True); } /**************************************************************************** -interpret a short filename structure -The length of the structure is returned -****************************************************************************/ -static int interpret_short_filename(char *p,file_info *finfo) + display info about a file + ****************************************************************************/ +static void display_finfo(file_info *finfo) { - finfo->mode = CVAL(p,21); - - /* this date is converted to GMT by make_unix_date */ - finfo->ctime = make_unix_date(p+22); - finfo->mtime = finfo->atime = finfo->ctime; - finfo->size = IVAL(p,26); - strcpy(finfo->name,p+30); - - return(DIR_STRUCT_SIZE); + if (do_this_one(finfo)) { + time_t t = finfo->mtime; /* the time is assumed to be passed as GMT */ + d_printf(" %-30s%7.7s %8.0f %s", + finfo->name, + attrib_string(finfo->mode), + (double)finfo->size, + asctime(LocalTime(&t))); + dir_total += finfo->size; + } } + /**************************************************************************** -interpret a long filename structure - this is mostly guesses at the moment -The length of the structure is returned -The structure of a long filename depends on the info level. 260 is used -by NT and 2 is used by OS/2 -****************************************************************************/ -static int interpret_long_filename(int level,char *p,file_info *finfo) + accumulate size of a file + ****************************************************************************/ +static void do_du(file_info *finfo) { - if (finfo) - memcpy(finfo,&def_finfo,sizeof(*finfo)); + if (do_this_one(finfo)) { + dir_total += finfo->size; + } +} - switch (level) - { - case 1: /* OS/2 understands this */ - if (finfo) - { - /* these dates are converted to GMT by make_unix_date */ - finfo->ctime = make_unix_date2(p+4); - finfo->atime = make_unix_date2(p+8); - finfo->mtime = make_unix_date2(p+12); - finfo->size = IVAL(p,16); - finfo->mode = CVAL(p,24); - strcpy(finfo->name,p+27); +static BOOL do_list_recurse; +static BOOL do_list_dirs; +static char *do_list_queue = 0; +static long do_list_queue_size = 0; +static long do_list_queue_start = 0; +static long do_list_queue_end = 0; +static void (*do_list_fn)(file_info *); + +/**************************************************************************** +functions for do_list_queue + ****************************************************************************/ + +/* + * The do_list_queue is a NUL-separated list of strings stored in a + * char*. Since this is a FIFO, we keep track of the beginning and + * ending locations of the data in the queue. When we overflow, we + * double the size of the char*. When the start of the data passes + * the midpoint, we move everything back. This is logically more + * complex than a linked list, but easier from a memory management + * angle. In any memory error condition, do_list_queue is reset. + * Functions check to ensure that do_list_queue is non-NULL before + * accessing it. + */ +static void reset_do_list_queue(void) +{ + SAFE_FREE(do_list_queue); + do_list_queue_size = 0; + do_list_queue_start = 0; + do_list_queue_end = 0; +} + +static void init_do_list_queue(void) +{ + reset_do_list_queue(); + do_list_queue_size = 1024; + do_list_queue = malloc(do_list_queue_size); + if (do_list_queue == 0) { + d_printf("malloc fail for size %d\n", + (int)do_list_queue_size); + reset_do_list_queue(); + } else { + memset(do_list_queue, 0, do_list_queue_size); } - return(28 + CVAL(p,26)); +} - case 2: /* this is what OS/2 uses mostly */ - if (finfo) +static void adjust_do_list_queue(void) +{ + /* + * If the starting point of the queue is more than half way through, + * move everything toward the beginning. + */ + if (do_list_queue && (do_list_queue_start == do_list_queue_end)) { - /* these dates are converted to GMT by make_unix_date */ - finfo->ctime = make_unix_date2(p+4); - finfo->atime = make_unix_date2(p+8); - finfo->mtime = make_unix_date2(p+12); - finfo->size = IVAL(p,16); - finfo->mode = CVAL(p,24); - strcpy(finfo->name,p+31); + DEBUG(4,("do_list_queue is empty\n")); + do_list_queue_start = do_list_queue_end = 0; + *do_list_queue = '\0'; } - return(32 + CVAL(p,30)); - - /* levels 3 and 4 are untested */ - case 3: - if (finfo) + else if (do_list_queue_start > (do_list_queue_size / 2)) { - /* these dates are probably like the other ones */ - finfo->ctime = make_unix_date2(p+8); - finfo->atime = make_unix_date2(p+12); - finfo->mtime = make_unix_date2(p+16); - finfo->size = IVAL(p,20); - finfo->mode = CVAL(p,28); - strcpy(finfo->name,p+33); + DEBUG(4,("sliding do_list_queue backward\n")); + memmove(do_list_queue, + do_list_queue + do_list_queue_start, + do_list_queue_end - do_list_queue_start); + do_list_queue_end -= do_list_queue_start; + do_list_queue_start = 0; } - return(SVAL(p,4)+4); + +} - case 4: - if (finfo) +static void add_to_do_list_queue(const char* entry) +{ + char *dlq; + long new_end = do_list_queue_end + ((long)strlen(entry)) + 1; + while (new_end > do_list_queue_size) + { + do_list_queue_size *= 2; + DEBUG(4,("enlarging do_list_queue to %d\n", + (int)do_list_queue_size)); + dlq = Realloc(do_list_queue, do_list_queue_size); + if (! dlq) { + d_printf("failure enlarging do_list_queue to %d bytes\n", + (int)do_list_queue_size); + reset_do_list_queue(); + } + else + { + do_list_queue = dlq; + memset(do_list_queue + do_list_queue_size / 2, + 0, do_list_queue_size / 2); + } + } + if (do_list_queue) { - /* these dates are probably like the other ones */ - finfo->ctime = make_unix_date2(p+8); - finfo->atime = make_unix_date2(p+12); - finfo->mtime = make_unix_date2(p+16); - finfo->size = IVAL(p,20); - finfo->mode = CVAL(p,28); - strcpy(finfo->name,p+37); + pstrcpy(do_list_queue + do_list_queue_end, entry); + do_list_queue_end = new_end; + DEBUG(4,("added %s to do_list_queue (start=%d, end=%d)\n", + entry, (int)do_list_queue_start, (int)do_list_queue_end)); } - return(SVAL(p,4)+4); +} + +static char *do_list_queue_head(void) +{ + return do_list_queue + do_list_queue_start; +} - case 260: /* NT uses this, but also accepts 2 */ - if (finfo) +static void remove_do_list_queue_head(void) +{ + if (do_list_queue_end > do_list_queue_start) { - int ret = SVAL(p,0); - int namelen; - p += 4; /* next entry offset */ - p += 4; /* fileindex */ - - /* these dates appear to arrive in a weird way. It seems to - be localtime plus the serverzone given in the initial - connect. This is GMT when DST is not in effect and one - hour from GMT otherwise. Can this really be right?? - - I suppose this could be called kludge-GMT. Is is the GMT - you get by using the current DST setting on a different - localtime. It will be cheap to calculate, I suppose, as - no DST tables will be needed */ - - finfo->ctime = interpret_long_date(p); p += 8; - finfo->atime = interpret_long_date(p); p += 8; - finfo->mtime = interpret_long_date(p); p += 8; p += 8; - finfo->size = IVAL(p,0); p += 8; - p += 8; /* alloc size */ - finfo->mode = CVAL(p,0); p += 4; - namelen = IVAL(p,0); p += 4; - p += 4; /* EA size */ - p += 2; /* short name len? */ - p += 24; /* short name? */ - StrnCpy(finfo->name,p,namelen); - return(ret); + do_list_queue_start += strlen(do_list_queue_head()) + 1; + adjust_do_list_queue(); + DEBUG(4,("removed head of do_list_queue (start=%d, end=%d)\n", + (int)do_list_queue_start, (int)do_list_queue_end)); } - return(SVAL(p,0)); - } +} - DEBUG(1,("Unknown long filename format %d\n",level)); - return(SVAL(p,0)); +static int do_list_queue_empty(void) +{ + return (! (do_list_queue && *do_list_queue)); } +/**************************************************************************** +a helper for do_list + ****************************************************************************/ +static void do_list_helper(file_info *f, const char *mask, void *state) +{ + if (f->mode & aDIR) { + if (do_list_dirs && do_this_one(f)) { + do_list_fn(f); + } + if (do_list_recurse && + !strequal(f->name,".") && + !strequal(f->name,"..")) { + pstring mask2; + char *p; + + pstrcpy(mask2, mask); + p = strrchr_m(mask2,'\\'); + if (!p) return; + p[1] = 0; + pstrcat(mask2, f->name); + pstrcat(mask2,"\\*"); + add_to_do_list_queue(mask2); + } + return; + } + if (do_this_one(f)) { + do_list_fn(f); + } +} /**************************************************************************** - act on the files in a dir listing +a wrapper around cli_list that adds recursion ****************************************************************************/ -static void dir_action(char *inbuf,char *outbuf,int attribute,file_info *finfo,BOOL recurse_dir,void (*fn)(),BOOL longdir) +void do_list(const char *mask,uint16 attribute,void (*fn)(file_info *),BOOL rec, BOOL dirs) { + static int in_do_list = 0; - if (!((finfo->mode & aDIR) == 0 && *fileselection && - !mask_match(finfo->name,fileselection,False,False)) && - !(recurse_dir && (strequal(finfo->name,".") || - strequal(finfo->name,"..")))) - { - if (recurse_dir && (finfo->mode & aDIR)) + if (in_do_list && rec) { - pstring mask2; - pstring sav_dir; - strcpy(sav_dir,cur_dir); - strcat(cur_dir,finfo->name); - strcat(cur_dir,"\\"); - strcpy(mask2,cur_dir); - - if (!fn) - DEBUG(0,("\n%s\n",CNV_LANG(cur_dir))); + fprintf(stderr, "INTERNAL ERROR: do_list called recursively when the recursive flag is true\n"); + exit(1); + } - strcat(mask2,"*"); + in_do_list = 1; - if (longdir) - do_long_dir(inbuf,outbuf,mask2,attribute,fn,True); - else - do_dir(inbuf,outbuf,mask2,attribute,fn,True); + do_list_recurse = rec; + do_list_dirs = dirs; + do_list_fn = fn; - strcpy(cur_dir,sav_dir); + if (rec) + { + init_do_list_queue(); + add_to_do_list_queue(mask); + + while (! do_list_queue_empty()) + { + /* + * Need to copy head so that it doesn't become + * invalid inside the call to cli_list. This + * would happen if the list were expanded + * during the call. + * Fix from E. Jay Berkenbilt (ejb@ql.org) + */ + pstring head; + pstrcpy(head, do_list_queue_head()); + cli_list(cli, head, attribute, do_list_helper, NULL); + remove_do_list_queue_head(); + if ((! do_list_queue_empty()) && (fn == display_finfo)) + { + char* next_file = do_list_queue_head(); + char* save_ch = 0; + if ((strlen(next_file) >= 2) && + (next_file[strlen(next_file) - 1] == '*') && + (next_file[strlen(next_file) - 2] == '\\')) + { + save_ch = next_file + + strlen(next_file) - 2; + *save_ch = '\0'; + } + d_printf("\n%s\n",next_file); + if (save_ch) + { + *save_ch = '\\'; + } + } + } } - else + else { - if (fn && do_this_one(finfo)) - fn(finfo); + if (cli_list(cli, mask, attribute, do_list_helper, NULL) == -1) + { + d_printf("%s listing %s\n", cli_errstr(cli), mask); + } } - } -} + in_do_list = 0; + reset_do_list_queue(); +} /**************************************************************************** - do a directory listing, calling fn on each file found + get a directory listing ****************************************************************************/ -static int do_short_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir) +static int cmd_dir(void) { - char *p; - int received = 0; - BOOL first = True; - char status[21]; - int num_asked = (max_xmit - 100)/DIR_STRUCT_SIZE; - int num_received = 0; - int i; - char *dirlist = NULL; - pstring mask; - file_info finfo; - - finfo = def_finfo; - - bzero(status,21); - - strcpy(mask,Mask); - - while (1) - { - bzero(outbuf,smb_size); - if (first) - set_message(outbuf,2,5 + strlen(mask),True); - else - set_message(outbuf,2,5 + 21,True); - -#if FFIRST - if (Protocol >= PROTOCOL_LANMAN1) - CVAL(outbuf,smb_com) = SMBffirst; - else -#endif - CVAL(outbuf,smb_com) = SMBsearch; - - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,num_asked); - SSVAL(outbuf,smb_vwv1,attribute); - - p = smb_buf(outbuf); - *p++ = 4; - - if (first) - strcpy(p,mask); - else - strcpy(p,""); - p += strlen(p) + 1; - - *p++ = 5; - if (first) - SSVAL(p,0,0); - else - { - SSVAL(p,0,21); - p += 2; - memcpy(p,status,21); + uint16 attribute = aDIR | aSYSTEM | aHIDDEN; + pstring mask; + fstring buf; + char *p=buf; + int rc; + + dir_total = 0; + pstrcpy(mask,cur_dir); + if(mask[strlen(mask)-1]!='\\') + pstrcat(mask,"\\"); + + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) { + dos_format(p); + if (*p == '\\') + pstrcpy(mask,p); + else + pstrcat(mask,p); + } + else { + pstrcat(mask,"*"); } - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - received = SVAL(inbuf,smb_vwv0); + do_list(mask, attribute, display_finfo, recurse, True); - DEBUG(5,("dir received %d\n",received)); + rc = do_dskattr(); - DEBUG(6,("errstr=%s\n",smb_errstr(inbuf))); + DEBUG(3, ("Total bytes listed: %.0f\n", dir_total)); - if (received <= 0) break; + return rc; +} - first = False; - dirlist = Realloc(dirlist,(num_received + received)*DIR_STRUCT_SIZE); +/**************************************************************************** + get a directory listing + ****************************************************************************/ +static int cmd_du(void) +{ + uint16 attribute = aDIR | aSYSTEM | aHIDDEN; + pstring mask; + fstring buf; + char *p=buf; + int rc; + + dir_total = 0; + pstrcpy(mask,cur_dir); + if(mask[strlen(mask)-1]!='\\') + pstrcat(mask,"\\"); + + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) { + dos_format(p); + if (*p == '\\') + pstrcpy(mask,p); + else + pstrcat(mask,p); + } else { + pstrcat(mask,"*"); + } - if (!dirlist) - return 0; + do_list(mask, attribute, do_du, recurse, True); - p = smb_buf(inbuf) + 3; + rc = do_dskattr(); - memcpy(dirlist+num_received*DIR_STRUCT_SIZE, - p,received*DIR_STRUCT_SIZE); + d_printf("Total number of bytes: %.0f\n", dir_total); - memcpy(status,p + ((received-1)*DIR_STRUCT_SIZE),21); + return rc; +} - num_received += received; - if (CVAL(inbuf,smb_rcls) != 0) break; - } +/**************************************************************************** + get a file from rname to lname + ****************************************************************************/ +static int do_get(char *rname,char *lname) +{ + int handle=0,fnum; + BOOL newhandle = False; + char *data; + struct timeval tp_start; + int read_size = io_bufsize; + uint16 attr; + size_t size; + off_t nread = 0; + int rc = 0; + + GetTimeOfDay(&tp_start); + + if (lowercase) { + strlower(lname); + } -#if FFIRST - if (!first && Protocol >= PROTOCOL_LANMAN1) - { - bzero(outbuf,smb_size); - CVAL(outbuf,smb_com) = SMBfclose; + fnum = cli_open(cli, rname, O_RDONLY, DENY_NONE); - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); + if (fnum == -1) { + d_printf("%s opening remote file %s\n",cli_errstr(cli),rname); + return 1; + } - p = smb_buf(outbuf); - *p++ = 4; - - strcpy(p,""); - p += strlen(p) + 1; - - *p++ = 5; - SSVAL(p,0,21); - p += 2; - memcpy(p,status,21); + if(!strcmp(lname,"-")) { + handle = fileno(stdout); + } else { + handle = sys_open(lname,O_WRONLY|O_CREAT|O_TRUNC,0644); + newhandle = True; + } + if (handle < 0) { + d_printf("Error opening local file %s\n",lname); + return 1; + } - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT,False); - if (CVAL(inbuf,smb_rcls) != 0) - DEBUG(0,("Error closing search: %s\n",smb_errstr(inbuf))); - } -#endif + if (!cli_qfileinfo(cli, fnum, + &attr, &size, NULL, NULL, NULL, NULL, NULL) && + !cli_getattrE(cli, fnum, + &attr, &size, NULL, NULL, NULL)) { + d_printf("getattrib: %s\n",cli_errstr(cli)); + return 1; + } - if (!fn) - for (p=dirlist,i=0;i 200) - { - DEBUG(0,("ERROR: Looping in FIND_NEXT??\n")); - break; - } + while (1) { + int n = cli_read(cli, fnum, data, nread, read_size); - if (First) - { - setup = TRANSACT2_FINDFIRST; - SSVAL(param,0,attribute); /* attribute */ - SSVAL(param,2,max_matches); /* max count */ - SSVAL(param,4,8+4+2); /* resume required + close on end + continue */ - SSVAL(param,6,info_level); - SIVAL(param,8,0); - strcpy(param+12,mask); - } - else - { - setup = TRANSACT2_FINDNEXT; - SSVAL(param,0,ff_dir_handle); - SSVAL(param,2,max_matches); /* max count */ - SSVAL(param,4,info_level); - SIVAL(param,6,ff_resume_key); /* ff_resume_key */ - SSVAL(param,10,8+4+2); /* resume required + close on end + continue */ - strcpy(param+12,mask); - - DEBUG(5,("hand=0x%X resume=%d ff_lastname=%d mask=%s\n", - ff_dir_handle,ff_resume_key,ff_lastname,mask)); + if (n <= 0) break; + + if (writefile(handle,data, n) != n) { + d_printf("Error writing local file\n"); + rc = 1; + break; + } + + nread += n; } - /* ??? original code added 1 pad byte after param */ - send_trans_request(outbuf,SMBtrans2,NULL,FID_UNUSED,0, - NULL,param,&setup, - 0,12+strlen(mask)+1,1, - BUFFER_SIZE,10,0); + if (nread < size) { + DEBUG (0, ("Short read when getting file %s. Only got %ld bytes.\n", + rname, (long)nread)); - if (!receive_trans_response(inbuf,SMBtrans2, - &resp_data_len,&resp_param_len, - &resp_data,&resp_param)) - { - DEBUG(3,("FIND%s gave %s\n",First?"FIRST":"NEXT",smb_errstr(inbuf))); - break; + rc = 1; } - /* parse out some important return info */ - p = resp_param; - if (First) - { - ff_dir_handle = SVAL(p,0); - ff_searchcount = SVAL(p,2); - ff_eos = SVAL(p,4); - ff_lastname = SVAL(p,8); - } - else - { - ff_searchcount = SVAL(p,0); - ff_eos = SVAL(p,2); - ff_lastname = SVAL(p,6); + SAFE_FREE(data); + + if (!cli_close(cli, fnum)) { + d_printf("Error %s closing remote file\n",cli_errstr(cli)); + rc = 1; } - if (ff_searchcount == 0) - break; - - /* point to the data bytes */ - p = resp_data; + if (newhandle) { + close(handle); + } - /* we might need the lastname for continuations */ - if (ff_lastname > 0) - { - switch(info_level) - { - case 260: - ff_resume_key =0; - StrnCpy(mask,p+ff_lastname,resp_data_len-ff_lastname); - /* strcpy(mask,p+ff_lastname+94); */ - break; - case 1: - strcpy(mask,p + ff_lastname + 1); - ff_resume_key = 0; - break; - } + if (archive_level >= 2 && (attr & aARCH)) { + cli_setatr(cli, rname, attr & ~(uint16)aARCH, 0); } - else - strcpy(mask,""); - - /* and add them to the dirlist pool */ - dirlist = Realloc(dirlist,dirlist_len + resp_data_len); - if (!dirlist) { - DEBUG(0,("Failed to expand dirlist\n")); - break; + struct timeval tp_end; + int this_time; + + GetTimeOfDay(&tp_end); + this_time = + (tp_end.tv_sec - tp_start.tv_sec)*1000 + + (tp_end.tv_usec - tp_start.tv_usec)/1000; + get_total_time_ms += this_time; + get_total_size += nread; + + DEBUG(2,("(%3.1f kb/s) (average %3.1f kb/s)\n", + nread / (1.024*this_time + 1.0e-4), + get_total_size / (1.024*get_total_time_ms))); } - - /* put in a length for the last entry, to ensure we can chain entries - into the next packet */ - { - char *p2; - for (p2=p,i=0;i<(ff_searchcount-1);i++) - p2 += interpret_long_filename(info_level,p2,NULL); - SSVAL(p2,0,resp_data_len - PTR_DIFF(p2,p)); - } - - /* grab the data for later use */ - memcpy(dirlist+dirlist_len,p,resp_data_len); - dirlist_len += resp_data_len; - - total_received += ff_searchcount; - - if (resp_data) free(resp_data); resp_data = NULL; - if (resp_param) free(resp_param); resp_param = NULL; - - DEBUG(3,("received %d entries (eos=%d resume=%d)\n", - ff_searchcount,ff_eos,ff_resume_key)); - - First = False; - } - - if (!fn) - for (p=dirlist,i=0;i\n"); + return 1; + } + pstrcpy(lname,p); + dos_clean_name(rname); + + next_token_nr(NULL,lname,NULL,sizeof(lname)); + + return do_get(rname, lname); +} /**************************************************************************** - get a file from rname to lname + do a mget operation on one file ****************************************************************************/ -static void do_get(char *rname,char *lname,file_info *finfo1) -{ - int handle=0,fnum; - uint32 nread=0; - char *p; - BOOL newhandle = False; - char *inbuf,*outbuf; - file_info finfo; - BOOL close_done = False; - BOOL ignore_close_error = False; - char *dataptr=NULL; - int datalen=0; - - struct timeval tp_start; - GetTimeOfDay(&tp_start); - - if (finfo1) - finfo = *finfo1; - else - finfo = def_finfo; - - if (lowercase) - strlower(lname); - - - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return; - } - - bzero(outbuf,smb_size); - set_message(outbuf,15,1 + strlen(rname),True); - - CVAL(outbuf,smb_com) = SMBopenX; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,0xFF); - SSVAL(outbuf,smb_vwv2,1); - SSVAL(outbuf,smb_vwv3,(DENY_NONE<<4)); - SSVAL(outbuf,smb_vwv4,aSYSTEM | aHIDDEN); - SSVAL(outbuf,smb_vwv5,aSYSTEM | aHIDDEN); - SSVAL(outbuf,smb_vwv8,1); - - p = smb_buf(outbuf); - strcpy(p,rname); - p = skip_string(p,1); - - /* do a chained openX with a readX? */ -#if 1 - if (finfo.size > 0) - { - DEBUG(3,("Chaining readX wth openX\n")); - SSVAL(outbuf,smb_vwv0,SMBreadX); - SSVAL(outbuf,smb_vwv1,smb_offset(p,outbuf)); - bzero(p,200); - p -= smb_wct; - SSVAL(p,smb_wct,10); - SSVAL(p,smb_vwv0,0xFF); - SSVAL(p,smb_vwv5,MIN(max_xmit-500,finfo.size)); - SSVAL(p,smb_vwv9,MIN(BUFFER_SIZE,finfo.size)); - smb_setlen(outbuf,smb_len(outbuf)+11*2+1); - } -#endif +static void do_mget(file_info *finfo) +{ + pstring rname; + pstring quest; + pstring saved_curdir; + pstring mget_mask; - if(!strcmp(lname,"-")) - handle = fileno(stdout); - else - { - handle = creat(lname,0644); - newhandle = True; - } - if (handle < 0) - { - DEBUG(0,("Error opening local file %s\n",lname)); - free(inbuf);free(outbuf); - return; - } - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - if (CVAL(inbuf,smb_rcls) == ERRSRV && - SVAL(inbuf,smb_err) == ERRnoresource && - reopen_connection(inbuf,outbuf)) - { - do_get(rname,lname,finfo1); - return; + if (strequal(finfo->name,".") || strequal(finfo->name,"..")) + return; + + if (abort_mget) { + d_printf("mget aborted\n"); + return; } - DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),CNV_LANG(rname))); - if(newhandle) - close(handle); - free(inbuf);free(outbuf); - return; - } - - strcpy(finfo.name,rname); - - if (!finfo1) - { - finfo.mode = SVAL(inbuf,smb_vwv3); - /* these times arrive as LOCAL time, using the DST offset - corresponding to that time, we convert them to GMT */ - finfo.mtime = make_unix_date3(inbuf+smb_vwv4); - finfo.atime = finfo.ctime = finfo.mtime; - finfo.size = IVAL(inbuf,smb_vwv6); - } - - DEBUG(3,("file %s attrib 0x%X\n",CNV_LANG(finfo.name),finfo.mode)); - - fnum = SVAL(inbuf,smb_vwv2); - - /* we might have got some data from a chained readX */ - if (SVAL(inbuf,smb_vwv0) == SMBreadX) - { - p = (smb_base(inbuf)+SVAL(inbuf,smb_vwv1)) - smb_wct; - datalen = SVAL(p,smb_vwv5); - dataptr = smb_base(inbuf) + SVAL(p,smb_vwv6); - } - else - { - dataptr = NULL; - datalen = 0; - } - - - DEBUG(2,("getting file %s of size %d bytes as %s ", - CNV_LANG(finfo.name), - finfo.size, - lname)); - - while (nread < finfo.size && !close_done) - { - int method = -1; - static BOOL can_chain_close = True; - - p=NULL; - - DEBUG(3,("nread=%d max_xmit=%d fsize=%d\n",nread,max_xmit,finfo.size)); - /* 3 possible read types. readbraw if a large block is required. - readX + close if not much left and read if neither is supported */ + if (finfo->mode & aDIR) + slprintf(quest,sizeof(pstring)-1, + "Get directory %s? ",finfo->name); + else + slprintf(quest,sizeof(pstring)-1, + "Get file %s? ",finfo->name); - /* we might have already read some data from a chained readX */ - if (dataptr && datalen>0) - method=3; + if (prompt && !yesno(quest)) return; - /* if we can finish now then readX+close */ - if (method<0 && can_chain_close && (Protocol >= PROTOCOL_LANMAN1) && - ((finfo.size - nread) < - (max_xmit - (2*smb_size + 13*SIZEOFWORD + 300)))) - method = 0; + if (!(finfo->mode & aDIR)) { + pstrcpy(rname,cur_dir); + pstrcat(rname,finfo->name); + do_get(rname,finfo->name); + return; + } - /* if we support readraw then use that */ - if (method<0 && readbraw_supported) - method = 1; + /* handle directories */ + pstrcpy(saved_curdir,cur_dir); - /* if we can then use readX */ - if (method<0 && (Protocol >= PROTOCOL_LANMAN1)) - method = 2; + pstrcat(cur_dir,finfo->name); + pstrcat(cur_dir,"\\"); - switch (method) - { - /* use readX */ - case 0: - case 2: - if (method == 0) - close_done = True; - - /* use readX + close */ - bzero(outbuf,smb_size); - set_message(outbuf,10,0,True); - CVAL(outbuf,smb_com) = SMBreadX; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - if (close_done) - { - CVAL(outbuf,smb_vwv0) = SMBclose; - SSVAL(outbuf,smb_vwv1,smb_offset(smb_buf(outbuf),outbuf)); - } - else - CVAL(outbuf,smb_vwv0) = 0xFF; - - SSVAL(outbuf,smb_vwv2,fnum); - SIVAL(outbuf,smb_vwv3,nread); - SSVAL(outbuf,smb_vwv5,MIN(max_xmit-200,finfo.size - nread)); - SSVAL(outbuf,smb_vwv6,0); - SIVAL(outbuf,smb_vwv7,0); - SSVAL(outbuf,smb_vwv9,MIN(BUFFER_SIZE,finfo.size-nread)); - - if (close_done) - { - p = smb_buf(outbuf); - bzero(p,9); - - CVAL(p,0) = 3; - SSVAL(p,1,fnum); - SIVALS(p,3,-1); - - /* now set the total packet length */ - smb_setlen(outbuf,smb_len(outbuf)+9); - } - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf))); - break; - } - - if (close_done && - SVAL(inbuf,smb_vwv0) != SMBclose) - { - /* NOTE: WfWg sometimes just ignores the chained - command! This seems to break the spec? */ - DEBUG(3,("Rejected chained close?\n")); - close_done = False; - can_chain_close = False; - ignore_close_error = True; - } - - datalen = SVAL(inbuf,smb_vwv5); - dataptr = smb_base(inbuf) + SVAL(inbuf,smb_vwv6); - break; - - /* use readbraw */ - case 1: - { - static int readbraw_size = BUFFER_SIZE; - - extern int Client; - bzero(outbuf,smb_size); - set_message(outbuf,8,0,True); - CVAL(outbuf,smb_com) = SMBreadbraw; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - SSVAL(outbuf,smb_vwv0,fnum); - SIVAL(outbuf,smb_vwv1,nread); - SSVAL(outbuf,smb_vwv3,MIN(finfo.size-nread,readbraw_size)); - SSVAL(outbuf,smb_vwv4,0); - SIVALS(outbuf,smb_vwv5,-1); - send_smb(Client,outbuf); - - /* Now read the raw data into the buffer and write it */ - if(read_smb_length(Client,inbuf,0) == -1) { - DEBUG(0,("Failed to read length in readbraw\n")); - exit(1); - } - - /* Even though this is not an smb message, smb_len - returns the generic length of an smb message */ - datalen = smb_len(inbuf); - - if (datalen == 0) - { - /* we got a readbraw error */ - DEBUG(4,("readbraw error - reducing size\n")); - readbraw_size = (readbraw_size * 9) / 10; - - if (readbraw_size < max_xmit) - { - DEBUG(0,("disabling readbraw\n")); - readbraw_supported = False; - } - - dataptr=NULL; - continue; - } - - if(read_data(Client,inbuf,datalen) != datalen) { - DEBUG(0,("Failed to read data in readbraw\n")); - exit(1); - } - dataptr = inbuf; - } - break; - - case 3: - /* we've already read some data with a chained readX */ - break; - - default: - /* use plain read */ - bzero(outbuf,smb_size); - set_message(outbuf,5,0,True); - CVAL(outbuf,smb_com) = SMBread; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SSVAL(outbuf,smb_vwv1,MIN(max_xmit-200,finfo.size - nread)); - SIVAL(outbuf,smb_vwv2,nread); - SSVAL(outbuf,smb_vwv4,finfo.size - nread); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf))); - break; - } - - datalen = SVAL(inbuf,smb_vwv0); - dataptr = smb_buf(inbuf) + 3; - break; - } - - if (writefile(handle,dataptr,datalen) != datalen) - { - DEBUG(0,("Error writing local file\n")); - break; + unix_format(finfo->name); + if (lowercase) + strlower(finfo->name); + + if (!directory_exist(finfo->name,NULL) && + mkdir(finfo->name,0777) != 0) { + d_printf("failed to create directory %s\n",finfo->name); + pstrcpy(cur_dir,saved_curdir); + return; } - - nread += datalen; - if (datalen == 0) - { - DEBUG(0,("Error reading file %s. Got %d bytes\n",CNV_LANG(rname),nread)); - break; + + if (chdir(finfo->name) != 0) { + d_printf("failed to chdir to directory %s\n",finfo->name); + pstrcpy(cur_dir,saved_curdir); + return; } - dataptr=NULL; - datalen=0; - } - - - - if (!close_done) - { - bzero(outbuf,smb_size); - set_message(outbuf,3,0,True); - CVAL(outbuf,smb_com) = SMBclose; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SIVALS(outbuf,smb_vwv1,-1); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (!ignore_close_error && CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("Error %s closing remote file\n",smb_errstr(inbuf))); - if(newhandle) - close(handle); - free(inbuf);free(outbuf); - return; - } - } - - if(newhandle) - close(handle); - - if (archive_level >= 2 && (finfo.mode & aARCH)) { - bzero(outbuf,smb_size); - set_message(outbuf,8,strlen(rname)+4,True); - CVAL(outbuf,smb_com) = SMBsetatr; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - SSVAL(outbuf,smb_vwv0,finfo.mode & ~(aARCH)); - SIVALS(outbuf,smb_vwv1,0); - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,rname); - p += strlen(p)+1; - *p++ = 4; - *p = 0; - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - } - - { - struct timeval tp_end; - int this_time; - - GetTimeOfDay(&tp_end); - this_time = - (tp_end.tv_sec - tp_start.tv_sec)*1000 + - (tp_end.tv_usec - tp_start.tv_usec)/1000; - get_total_time_ms += this_time; - get_total_size += finfo.size; - - DEBUG(2,("(%g kb/s) (average %g kb/s)\n", - finfo.size / (1.024*this_time + 1.0e-4), - get_total_size / (1.024*get_total_time_ms))); - } - - free(inbuf);free(outbuf); + pstrcpy(mget_mask,cur_dir); + pstrcat(mget_mask,"*"); + + do_list(mget_mask, aSYSTEM | aHIDDEN | aDIR,do_mget,False, True); + chdir(".."); + pstrcpy(cur_dir,saved_curdir); } /**************************************************************************** - get a file - ****************************************************************************/ -static void cmd_get(void) +view the file using the pager +****************************************************************************/ +static int cmd_more(void) { - pstring lname; - pstring rname; - char *p; + fstring rname,lname,pager_cmd; + char *pager; + int fd; + int rc = 0; - strcpy(rname,cur_dir); - strcat(rname,"\\"); + fstrcpy(rname,cur_dir); + fstrcat(rname,"\\"); + + slprintf(lname,sizeof(lname)-1, "%s/smbmore.XXXXXX",tmpdir()); + fd = smb_mkstemp(lname); + if (fd == -1) { + d_printf("failed to create temporary file for more\n"); + return 1; + } + close(fd); + + if (!next_token_nr(NULL,rname+strlen(rname),NULL,sizeof(rname)-strlen(rname))) { + d_printf("more \n"); + unlink(lname); + return 1; + } + dos_clean_name(rname); - p = rname + strlen(rname); + rc = do_get(rname,lname); - if (!next_token(NULL,p,NULL)) { - DEBUG(0,("get \n")); - return; - } - strcpy(lname,p); - dos_clean_name(rname); - - next_token(NULL,lname,NULL); + pager=getenv("PAGER"); - do_get(rname,lname,NULL); + slprintf(pager_cmd,sizeof(pager_cmd)-1, + "%s %s",(pager? pager:PAGER), lname); + system(pager_cmd); + unlink(lname); + + return rc; } + /**************************************************************************** - do a mget operation on one file - ****************************************************************************/ -static void do_mget(file_info *finfo) +do a mget command +****************************************************************************/ +static int cmd_mget(void) { - pstring rname; - pstring quest; - - if (strequal(finfo->name,".") || strequal(finfo->name,"..")) - return; - - if (abort_mget) - { - DEBUG(0,("mget aborted\n")); - return; - } + uint16 attribute = aSYSTEM | aHIDDEN; + pstring mget_mask; + fstring buf; + char *p=buf; - if (finfo->mode & aDIR) - sprintf(quest,"Get directory %s? ",CNV_LANG(finfo->name)); - else - sprintf(quest,"Get file %s? ",CNV_LANG(finfo->name)); + *mget_mask = 0; - if (prompt && !yesno(quest)) return; - - if (finfo->mode & aDIR) - { - pstring saved_curdir; - pstring mget_mask; - char *inbuf,*outbuf; - - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + if (recurse) + attribute |= aDIR; + + abort_mget = False; - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return; + while (next_token_nr(NULL,p,NULL,sizeof(buf))) { + pstrcpy(mget_mask,cur_dir); + if(mget_mask[strlen(mget_mask)-1]!='\\') + pstrcat(mget_mask,"\\"); + + if (*p == '\\') + pstrcpy(mget_mask,p); + else + pstrcat(mget_mask,p); + do_list(mget_mask, attribute,do_mget,False,True); } - strcpy(saved_curdir,cur_dir); - - strcat(cur_dir,finfo->name); - strcat(cur_dir,"\\"); - - unix_format(finfo->name); - { - if (lowercase) - strlower(finfo->name); - - if (!directory_exist(finfo->name,NULL) && - sys_mkdir(finfo->name,0777) != 0) - { - DEBUG(0,("failed to create directory %s\n",CNV_LANG(finfo->name))); - strcpy(cur_dir,saved_curdir); - free(inbuf);free(outbuf); - return; - } - - if (sys_chdir(finfo->name) != 0) - { - DEBUG(0,("failed to chdir to directory %s\n",CNV_LANG(finfo->name))); - strcpy(cur_dir,saved_curdir); - free(inbuf);free(outbuf); - return; - } - } - - strcpy(mget_mask,cur_dir); - strcat(mget_mask,"*"); - - do_dir((char *)inbuf,(char *)outbuf, - mget_mask,aSYSTEM | aHIDDEN | aDIR,do_mget,False); - chdir(".."); - strcpy(cur_dir,saved_curdir); - free(inbuf);free(outbuf); - } - else - { - strcpy(rname,cur_dir); - strcat(rname,finfo->name); - do_get(rname,finfo->name,finfo); - } + if (!*mget_mask) { + pstrcpy(mget_mask,cur_dir); + if(mget_mask[strlen(mget_mask)-1]!='\\') + pstrcat(mget_mask,"\\"); + pstrcat(mget_mask,"*"); + do_list(mget_mask, attribute,do_mget,False,True); + } + + return 0; } + /**************************************************************************** -view the file using the pager +make a directory of name "name" ****************************************************************************/ -static void cmd_more(void) +static BOOL do_mkdir(char *name) { - fstring rname,lname,tmpname,pager_cmd; - char *pager; - - strcpy(rname,cur_dir); - strcat(rname,"\\"); - sprintf(tmpname,"/tmp/smbmore.%d",getpid()); - strcpy(lname,tmpname); - - if (!next_token(NULL,rname+strlen(rname),NULL)) { - DEBUG(0,("more \n")); - return; - } - dos_clean_name(rname); - - do_get(rname,lname,NULL); - - pager=getenv("PAGER"); - sprintf(pager_cmd,"%s %s",(pager? pager:PAGER), tmpname); - system(pager_cmd); - unlink(tmpname); -} - + if (!cli_mkdir(cli, name)) { + d_printf("%s making remote directory %s\n", + cli_errstr(cli),name); + return(False); + } + return(True); +} /**************************************************************************** -do a mget command +show 8.3 name of a file ****************************************************************************/ -static void cmd_mget(char *inbuf,char *outbuf) +static BOOL do_altname(char *name) { - int attribute = aSYSTEM | aHIDDEN; - pstring mget_mask; - fstring buf; - char *p=buf; - - *mget_mask = 0; - - if (recurse) - attribute |= aDIR; - - abort_mget = False; - - while (next_token(NULL,p,NULL)) - { - strcpy(mget_mask,cur_dir); - if(mget_mask[strlen(mget_mask)-1]!='\\') - strcat(mget_mask,"\\"); - - if (*p == '\\') - strcpy(mget_mask,p); - else - strcat(mget_mask,p); - do_dir((char *)inbuf,(char *)outbuf,mget_mask,attribute,do_mget,False); - } - - if (! *mget_mask) - { - strcpy(mget_mask,cur_dir); - if(mget_mask[strlen(mget_mask)-1]!='\\') - strcat(mget_mask,"\\"); - strcat(mget_mask,"*"); - do_dir((char *)inbuf,(char *)outbuf,mget_mask,attribute,do_mget,False); - } + fstring altname; + if (!NT_STATUS_IS_OK(cli_qpathinfo_alt_name(cli, name, altname))) { + d_printf("%s getting alt name for %s\n", + cli_errstr(cli),name); + return(False); + } + d_printf("%s\n", altname); + + return(True); } + /**************************************************************************** -make a directory of name "name" + Exit client. ****************************************************************************/ -static BOOL do_mkdir(char *name) +static int cmd_quit(void) { - char *p; - char *inbuf,*outbuf; - - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return False; - } - - bzero(outbuf,smb_size); - set_message(outbuf,0,2 + strlen(name),True); - - CVAL(outbuf,smb_com) = SMBmkdir; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,name); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s making remote directory %s\n", - smb_errstr(inbuf),CNV_LANG(name))); - - free(inbuf);free(outbuf); - return(False); - } - - free(inbuf);free(outbuf); - return(True); + cli_shutdown(cli); + exit(0); + /* NOTREACHED */ + return 0; } /**************************************************************************** make a directory ****************************************************************************/ -static void cmd_mkdir(char *inbuf,char *outbuf) -{ - pstring mask; - fstring buf; - char *p=buf; - - strcpy(mask,cur_dir); - - if (!next_token(NULL,p,NULL)) - { - if (!recurse) - DEBUG(0,("mkdir \n")); - return; - } - strcat(mask,p); - - if (recurse) - { - pstring ddir; - pstring ddir2; - *ddir2 = 0; - - strcpy(ddir,mask); - trim_string(ddir,".",NULL); - p = strtok(ddir,"/\\"); - while (p) - { - strcat(ddir2,p); - if (!chkpath(ddir2,False)) - { - do_mkdir(ddir2); - } - strcat(ddir2,"\\"); - p = strtok(NULL,"/\\"); - } - } - else - do_mkdir(mask); -} - - -/******************************************************************* - write to a file using writebraw - ********************************************************************/ -static int smb_writeraw(char *outbuf,int fnum,int pos,char *buf,int n) +static int cmd_mkdir(void) { - extern int Client; - pstring inbuf; - - bzero(outbuf,smb_size); - bzero(inbuf,smb_size); - set_message(outbuf,Protocol>PROTOCOL_COREPLUS?12:10,0,True); - - CVAL(outbuf,smb_com) = SMBwritebraw; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SSVAL(outbuf,smb_vwv1,n); - SIVAL(outbuf,smb_vwv3,pos); - SSVAL(outbuf,smb_vwv7,1); - - send_smb(Client,outbuf); + pstring mask; + fstring buf; + char *p=buf; - if (!receive_smb(Client,inbuf,CLIENT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0) - return(0); + pstrcpy(mask,cur_dir); - _smb_setlen(buf-4,n); /* HACK! XXXX */ - - if (write_socket(Client,buf-4,n+4) != n+4) - return(0); + if (!next_token_nr(NULL,p,NULL,sizeof(buf))) { + if (!recurse) + d_printf("mkdir \n"); + return 1; + } + pstrcat(mask,p); - if (!receive_smb(Client,inbuf,CLIENT_TIMEOUT) || CVAL(inbuf,smb_rcls) != 0) { - DEBUG(0,("Error writing remote file (2)\n")); - return(0); - } - return(SVAL(inbuf,smb_vwv0)); + if (recurse) { + pstring ddir; + pstring ddir2; + *ddir2 = 0; + + pstrcpy(ddir,mask); + trim_string(ddir,".",NULL); + p = strtok(ddir,"/\\"); + while (p) { + pstrcat(ddir2,p); + if (!cli_chkpath(cli, ddir2)) { + do_mkdir(ddir2); + } + pstrcat(ddir2,"\\"); + p = strtok(NULL,"/\\"); + } + } else { + do_mkdir(mask); + } + + return 0; } - -/******************************************************************* - write to a file - ********************************************************************/ -static int smb_writefile(char *outbuf,int fnum,int pos,char *buf,int n) +/**************************************************************************** + show alt name + ****************************************************************************/ +static int cmd_altname(void) { - pstring inbuf; - - if (writebraw_supported && n > (max_xmit-200)) - return(smb_writeraw(outbuf,fnum,pos,buf,n)); - - bzero(outbuf,smb_size); - bzero(inbuf,smb_size); - set_message(outbuf,5,n + 3,True); - - CVAL(outbuf,smb_com) = SMBwrite; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SSVAL(outbuf,smb_vwv1,n); - SIVAL(outbuf,smb_vwv2,pos); - SSVAL(outbuf,smb_vwv4,0); - CVAL(smb_buf(outbuf),0) = 1; - SSVAL(smb_buf(outbuf),1,n); + pstring name; + fstring buf; + char *p=buf; + + pstrcpy(name,cur_dir); - memcpy(smb_buf(outbuf)+3,buf,n); + if (!next_token_nr(NULL,p,NULL,sizeof(buf))) { + d_printf("altname \n"); + return 1; + } + pstrcat(name,p); - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); + do_altname(name); - if (CVAL(inbuf,smb_rcls) != 0) { - DEBUG(0,("%s writing remote file\n",smb_errstr(inbuf))); - return(0); - } - return(SVAL(inbuf,smb_vwv0)); + return 0; } - /**************************************************************************** put a single file ****************************************************************************/ -static void do_put(char *rname,char *lname,file_info *finfo) -{ - int fnum; - FILE *f; - int nread=0; - char *p; - char *inbuf,*outbuf; - time_t close_time = finfo->mtime; - char *buf=NULL; - static int maxwrite=0; - - struct timeval tp_start; - GetTimeOfDay(&tp_start); - - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return; - } - - bzero(outbuf,smb_size); - set_message(outbuf,3,2 + strlen(rname),True); - - if (finfo->mtime == 0 || finfo->mtime == -1) - finfo->mtime = finfo->atime = finfo->ctime = time(NULL); - - CVAL(outbuf,smb_com) = SMBcreate; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,finfo->mode); - put_dos_date3(outbuf,smb_vwv1,finfo->mtime); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,rname); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); +static int do_put(char *rname,char *lname) +{ + int fnum; + XFILE *f; + int nread=0; + char *buf=NULL; + int maxwrite=io_bufsize; + int rc = 0; + + struct timeval tp_start; + GetTimeOfDay(&tp_start); + + fnum = cli_open(cli, rname, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE); - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),CNV_LANG(rname))); + if (fnum == -1) { + d_printf("%s opening remote file %s\n",cli_errstr(cli),rname); + return 1; + } - free(inbuf);free(outbuf);if (buf) free(buf); - return; - } + /* allow files to be piped into smbclient + jdblair 24.jun.98 - f = fopen(lname,"r"); + Note that in this case this function will exit(0) rather + than returning. */ + if (!strcmp(lname, "-")) { + f = x_stdin; + /* size of file is not known */ + } else { + f = x_fopen(lname,O_RDONLY, 0); + } - if (!f) - { - DEBUG(0,("Error opening local file %s\n",lname)); - free(inbuf);free(outbuf); - return; - } + if (!f) { + d_printf("Error opening local file %s\n",lname); + return 1; + } - fnum = SVAL(inbuf,smb_vwv0); - if (finfo->size < 0) - finfo->size = file_size(lname); - - DEBUG(1,("putting file %s of size %d bytes as %s ",lname,finfo->size,CNV_LANG(rname))); + DEBUG(1,("putting file %s as %s ",lname, + rname)); - if (!maxwrite) - maxwrite = writebraw_supported?MAX(max_xmit,BUFFER_SIZE):(max_xmit-200); + buf = (char *)malloc(maxwrite); + if (!buf) { + d_printf("ERROR: Not enough memory!\n"); + return 1; + } + while (!x_feof(f)) { + int n = maxwrite; + int ret; - while (nread < finfo->size) - { - int n = maxwrite; - int ret; + if ((n = readfile(buf,n,f)) < 1) { + if((n == 0) && x_feof(f)) + break; /* Empty local file. */ - n = MIN(n,finfo->size - nread); + d_printf("Error reading local file: %s\n", strerror(errno)); + rc = 1; + break; + } - buf = (char *)Realloc(buf,n+4); - - fseek(f,nread,SEEK_SET); - if ((n = readfile(buf+4,1,n,f)) < 1) - { - DEBUG(0,("Error reading local file\n")); - break; - } + ret = cli_write(cli, fnum, 0, buf, nread, n); - ret = smb_writefile(outbuf,fnum,nread,buf+4,n); + if (n != ret) { + d_printf("Error writing file: %s\n", cli_errstr(cli)); + rc = 1; + break; + } - if (n != ret) { - if (!maxwrite) { - DEBUG(0,("Error writing file\n")); - break; - } else { - maxwrite /= 2; - continue; + nread += n; } - } - - nread += n; - } - + if (!cli_close(cli, fnum)) { + d_printf("%s closing remote file %s\n",cli_errstr(cli),rname); + x_fclose(f); + SAFE_FREE(buf); + return 1; + } - bzero(outbuf,smb_size); - set_message(outbuf,3,0,True); - CVAL(outbuf,smb_com) = SMBclose; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - put_dos_date3(outbuf,smb_vwv1,close_time); + + x_fclose(f); + SAFE_FREE(buf); - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s closing remote file %s\n",smb_errstr(inbuf),CNV_LANG(rname))); - fclose(f); - free(inbuf);free(outbuf); - if (buf) free(buf); - return; - } + { + struct timeval tp_end; + int this_time; + + GetTimeOfDay(&tp_end); + this_time = + (tp_end.tv_sec - tp_start.tv_sec)*1000 + + (tp_end.tv_usec - tp_start.tv_usec)/1000; + put_total_time_ms += this_time; + put_total_size += nread; + + DEBUG(1,("(%3.1f kb/s) (average %3.1f kb/s)\n", + nread / (1.024*this_time + 1.0e-4), + put_total_size / (1.024*put_total_time_ms))); + } - - fclose(f); - free(inbuf);free(outbuf); - if (buf) free(buf); - - { - struct timeval tp_end; - int this_time; - - GetTimeOfDay(&tp_end); - this_time = - (tp_end.tv_sec - tp_start.tv_sec)*1000 + - (tp_end.tv_usec - tp_start.tv_usec)/1000; - put_total_time_ms += this_time; - put_total_size += finfo->size; - - DEBUG(2,("(%g kb/s) (average %g kb/s)\n", - finfo->size / (1.024*this_time + 1.0e-4), - put_total_size / (1.024*put_total_time_ms))); - } -} + if (f == x_stdin) { + cli_shutdown(cli); + exit(0); + } + + return rc; +} /**************************************************************************** put a file ****************************************************************************/ -static void cmd_put(void) +static int cmd_put(void) { - pstring lname; - pstring rname; - fstring buf; - char *p=buf; - file_info finfo; - finfo = def_finfo; - - strcpy(rname,cur_dir); - strcat(rname,"\\"); - + pstring lname; + pstring rname; + fstring buf; + char *p=buf; + + pstrcpy(rname,cur_dir); + pstrcat(rname,"\\"); - if (!next_token(NULL,p,NULL)) - { - DEBUG(0,("put \n")); - return; - } - strcpy(lname,p); + if (!next_token_nr(NULL,p,NULL,sizeof(buf))) { + d_printf("put \n"); + return 1; + } + pstrcpy(lname,p); - if (next_token(NULL,p,NULL)) - strcat(rname,p); - else - strcat(rname,lname); - - dos_clean_name(rname); - - { - struct stat st; - if (!file_exist(lname,&st)) { - DEBUG(0,("%s does not exist\n",lname)); - return; - } - finfo.mtime = st.st_mtime; - } - - do_put(rname,lname,&finfo); + if (next_token_nr(NULL,p,NULL,sizeof(buf))) + pstrcat(rname,p); + else + pstrcat(rname,lname); + + dos_clean_name(rname); + + { + SMB_STRUCT_STAT st; + /* allow '-' to represent stdin + jdblair, 24.jun.98 */ + if (!file_exist(lname,&st) && + (strcmp(lname,"-"))) { + d_printf("%s does not exist\n",lname); + return 1; + } + } + + return do_put(rname,lname); +} + +/************************************* + File list structure +*************************************/ + +static struct file_list { + struct file_list *prev, *next; + char *file_path; + BOOL isdir; +} *file_list; + +/**************************************************************************** + Free a file_list structure +****************************************************************************/ + +static void free_file_list (struct file_list * list) +{ + struct file_list *tmp; + + while (list) + { + tmp = list; + DLIST_REMOVE(list, list); + SAFE_FREE(tmp->file_path); + SAFE_FREE(tmp); + } } /**************************************************************************** seek in a directory/file list until you get something that doesn't start with the specified name ****************************************************************************/ -static BOOL seek_list(FILE *f,char *name) +static BOOL seek_list(struct file_list *list, char *name) { - pstring s; - while (!feof(f)) - { - if (fscanf(f,"%s",s) != 1) return(False); - trim_string(s,"./",NULL); - if (strncmp(s,name,strlen(name)) != 0) - { - strcpy(name,s); - return(True); + while (list) { + trim_string(list->file_path,"./","\n"); + if (strncmp(list->file_path, name, strlen(name)) != 0) { + return(True); + } + list = list->next; } - } - return(False); + return(False); } - /**************************************************************************** set the file selection mask ****************************************************************************/ -static void cmd_select(void) +static int cmd_select(void) { - strcpy(fileselection,""); - next_token(NULL,fileselection,NULL); + pstrcpy(fileselection,""); + next_token_nr(NULL,fileselection,NULL,sizeof(fileselection)); + + return 0; } +/**************************************************************************** + Recursive file matching function act as find + match must be always set to True when calling this function +****************************************************************************/ +static int file_find(struct file_list **list, const char *directory, + const char *expression, BOOL match) +{ + DIR *dir; + struct file_list *entry; + struct stat statbuf; + int ret; + char *path; + BOOL isdir; + char *dname; + + dir = opendir(directory); + if (!dir) return -1; + + while ((dname = readdirname(dir))) { + if (!strcmp("..", dname)) continue; + if (!strcmp(".", dname)) continue; + + if (asprintf(&path, "%s/%s", directory, dname) <= 0) { + continue; + } + + isdir = False; + if (!match || !gen_fnmatch(expression, dname)) { + if (recurse) { + ret = stat(path, &statbuf); + if (ret == 0) { + if (S_ISDIR(statbuf.st_mode)) { + isdir = True; + ret = file_find(list, path, expression, False); + } + } else { + d_printf("file_find: cannot stat file %s\n", path); + } + + if (ret == -1) { + SAFE_FREE(path); + closedir(dir); + return -1; + } + } + entry = (struct file_list *) malloc(sizeof (struct file_list)); + if (!entry) { + d_printf("Out of memory in file_find\n"); + closedir(dir); + return -1; + } + entry->file_path = path; + entry->isdir = isdir; + DLIST_ADD(*list, entry); + } else { + SAFE_FREE(path); + } + } + + closedir(dir); + return 0; +} /**************************************************************************** mput some files ****************************************************************************/ -static void cmd_mput(void) +static int cmd_mput(void) { - pstring lname; - pstring rname; - file_info finfo; - fstring buf; - char *p=buf; - - finfo = def_finfo; - - - while (next_token(NULL,p,NULL)) - { - struct stat st; - pstring cmd; - pstring tmpname; - FILE *f; - - sprintf(tmpname,"/tmp/ls.smb.%d",(int)getpid()); - if (recurse) - sprintf(cmd,"find . -name \"%s\" -print > %s",p,tmpname); - else - sprintf(cmd,"/bin/ls %s > %s",p,tmpname); - system(cmd); - - f = fopen(tmpname,"r"); - if (!f) continue; - - while (!feof(f)) - { - pstring quest; - - if (fscanf(f,"%s",lname) != 1) break; - trim_string(lname,"./",NULL); - - again1: + fstring buf; + char *p=buf; + + while (next_token_nr(NULL,p,NULL,sizeof(buf))) { + int ret; + struct file_list *temp_list; + char *quest, *lname, *rname; + + file_list = NULL; - /* check if it's a directory */ - if (directory_exist(lname,&st)) - { - if (!recurse) continue; - sprintf(quest,"Put directory %s? ",lname); - if (prompt && !yesno(quest)) - { - strcat(lname,"/"); - if (!seek_list(f,lname)) - break; - goto again1; + ret = file_find(&file_list, ".", p, True); + if (ret) { + free_file_list(file_list); + continue; } - - strcpy(rname,cur_dir); - strcat(rname,lname); - if (!do_mkdir(rname)) - { - strcat(lname,"/"); - if (!seek_list(f,lname)) - break; - goto again1; + + quest = NULL; + lname = NULL; + rname = NULL; + + for (temp_list = file_list; temp_list; + temp_list = temp_list->next) { + + SAFE_FREE(lname); + if (asprintf(&lname, "%s/", temp_list->file_path) <= 0) + continue; + trim_string(lname, "./", "/"); + + /* check if it's a directory */ + if (temp_list->isdir) { + /* if (!recurse) continue; */ + + SAFE_FREE(quest); + if (asprintf(&quest, "Put directory %s? ", lname) < 0) break; + if (prompt && !yesno(quest)) { /* No */ + /* Skip the directory */ + lname[strlen(lname)-1] = '/'; + if (!seek_list(temp_list, lname)) + break; + } else { /* Yes */ + SAFE_FREE(rname); + if(asprintf(&rname, "%s%s", cur_dir, lname) < 0) break; + dos_format(rname); + if (!cli_chkpath(cli, rname) && + !do_mkdir(rname)) { + DEBUG (0, ("Unable to make dir, skipping...")); + /* Skip the directory */ + lname[strlen(lname)-1] = '/'; + if (!seek_list(temp_list, lname)) + break; + } + } + continue; + } else { + SAFE_FREE(quest); + if (asprintf(&quest,"Put file %s? ", lname) < 0) break; + if (prompt && !yesno(quest)) /* No */ + continue; + + /* Yes */ + SAFE_FREE(rname); + if (asprintf(&rname, "%s%s", cur_dir, lname) < 0) break; + } + + dos_format(rname); + + do_put(rname, lname); } - - continue; - } - else - { - sprintf(quest,"Put file %s? ",lname); - if (prompt && !yesno(quest)) continue; - - strcpy(rname,cur_dir); - strcat(rname,lname); - } - dos_format(rname); - - /* null size so do_put knows to ignore it */ - finfo.size = -1; - - /* set the date on the file */ - finfo.mtime = st.st_mtime; - - do_put(rname,lname,&finfo); + free_file_list(file_list); + SAFE_FREE(quest); + SAFE_FREE(lname); + SAFE_FREE(rname); } - fclose(f); - unlink(tmpname); - } -} -/**************************************************************************** - cancel a print job - ****************************************************************************/ -static void do_cancel(int job) -{ - char *rparam = NULL; - char *rdata = NULL; - char *p; - int rdrcnt,rprcnt; - pstring param; - - bzero(param,sizeof(param)); - - p = param; - SSVAL(p,0,81); /* api number */ - p += 2; - strcpy(p,"W"); - p = skip_string(p,1); - strcpy(p,""); - p = skip_string(p,1); - SSVAL(p,0,job); - p += 2; - - if (call_api(PTR_DIFF(p,param),0, - 6,1000, - &rprcnt,&rdrcnt, - param,NULL, - &rparam,&rdata)) - { - int res = SVAL(rparam,0); - - if (!res) - printf("Job %d cancelled\n",job); - else - printf("Error %d calcelling job %d\n",res,job); - return; - } - else - printf("Server refused cancel request\n"); - - if (rparam) free(rparam); - if (rdata) free(rdata); - - return; + return 0; } /**************************************************************************** cancel a print job ****************************************************************************/ -static void cmd_cancel(char *inbuf,char *outbuf ) +static int do_cancel(int job) { - fstring buf; - int job; - - if (!connect_as_printer) - { - DEBUG(0,("WARNING: You didn't use the -P option to smbclient.\n")); - DEBUG(0,("Trying to cancel print jobs without -P may fail\n")); - } - - if (!next_token(NULL,buf,NULL)) { - printf("cancel ...\n"); - return; - } - do { - job = atoi(buf); - do_cancel(job); - } while (next_token(NULL,buf,NULL)); + if (cli_printjob_del(cli, job)) { + d_printf("Job %d cancelled\n",job); + return 0; + } else { + d_printf("Error cancelling job %d : %s\n",job,cli_errstr(cli)); + return 1; + } } /**************************************************************************** - get info on a file + cancel a print job ****************************************************************************/ -static void cmd_stat(char *inbuf,char *outbuf) +static int cmd_cancel(void) { - fstring buf; - pstring param; - char *resp_data=NULL; - char *resp_param=NULL; - int resp_data_len = 0; - int resp_param_len=0; - char *p; - uint16 setup = TRANSACT2_QPATHINFO; - - if (!next_token(NULL,buf,NULL)) { - printf("stat \n"); - return; - } - - bzero(param,6); - SSVAL(param,0,4); /* level */ - p = param+6; - strcpy(p,cur_dir); - strcat(p,buf); - - send_trans_request(outbuf,SMBtrans2,NULL,FID_UNUSED,0, - NULL,param,&setup, - 0,6 + strlen(p)+1,1, - BUFFER_SIZE,2,0); - - receive_trans_response(inbuf,SMBtrans2, - &resp_data_len,&resp_param_len, - &resp_data,&resp_param); - - if (resp_data) free(resp_data); resp_data = NULL; - if (resp_param) free(resp_param); resp_param = NULL; + fstring buf; + int job; + + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { + d_printf("cancel ...\n"); + return 1; + } + do { + job = atoi(buf); + do_cancel(job); + } while (next_token_nr(NULL,buf,NULL,sizeof(buf))); + + return 0; } /**************************************************************************** print a file ****************************************************************************/ -static void cmd_print(char *inbuf,char *outbuf ) +static int cmd_print(void) { - int fnum; - FILE *f = NULL; - uint32 nread=0; - pstring lname; - pstring rname; - char *p; - - if (!connect_as_printer) - { - DEBUG(0,("WARNING: You didn't use the -P option to smbclient.\n")); - DEBUG(0,("Trying to print without -P may fail\n")); - } - - if (!next_token(NULL,lname,NULL)) - { - DEBUG(0,("print \n")); - return; - } - - strcpy(rname,lname); - p = strrchr(rname,'/'); - if (p) - { - pstring tname; - strcpy(tname,p+1); - strcpy(rname,tname); - } - - if ((int)strlen(rname) > 14) - rname[14] = 0; - - if (strequal(lname,"-")) - { - f = stdin; - strcpy(rname,"stdin"); - } - - dos_clean_name(rname); - - bzero(outbuf,smb_size); - set_message(outbuf,2,2 + strlen(rname),True); - - CVAL(outbuf,smb_com) = SMBsplopen; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,0); - SSVAL(outbuf,smb_vwv1,printmode); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,rname); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s opening printer for %s\n",smb_errstr(inbuf),CNV_LANG(rname))); - return; - } - - if (!f) - f = fopen(lname,"r"); - if (!f) - { - DEBUG(0,("Error opening local file %s\n",lname)); - return; - } + pstring lname; + pstring rname; + char *p; - - fnum = SVAL(inbuf,smb_vwv0); - - DEBUG(1,("printing file %s as %s\n",lname,CNV_LANG(rname))); - - while (!feof(f)) - { - int n; - - bzero(outbuf,smb_size); - set_message(outbuf,1,3,True); - - /* for some strange reason the OS/2 print server can't handle large - packets when printing. weird */ - n = MIN(1024,max_xmit-(smb_len(outbuf)+4)); - - if (translation) - n = printread(f,smb_buf(outbuf)+3,(int)(0.95*n)); - else - n = readfile(smb_buf(outbuf)+3,1,n,f); - if (n <= 0) - { - DEBUG(0,("read gave %d\n",n)); - break; + if (!next_token_nr(NULL,lname,NULL, sizeof(lname))) { + d_printf("print \n"); + return 1; } - smb_setlen(outbuf,smb_len(outbuf) + n); - - CVAL(outbuf,smb_com) = SMBsplwr; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SSVAL(outbuf,smb_vwv1,n+3); - CVAL(smb_buf(outbuf),0) = 1; - SSVAL(smb_buf(outbuf),1,n); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s printing remote file\n",smb_errstr(inbuf))); - break; + pstrcpy(rname,lname); + p = strrchr_m(rname,'/'); + if (p) { + slprintf(rname, sizeof(rname)-1, "%s-%d", p+1, (int)sys_getpid()); } - nread += n; - } - - DEBUG(2,("%d bytes printed\n",nread)); + if (strequal(lname,"-")) { + slprintf(rname, sizeof(rname)-1, "stdin-%d", (int)sys_getpid()); + } - bzero(outbuf,smb_size); - set_message(outbuf,1,0,True); - CVAL(outbuf,smb_com) = SMBsplclose; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); + return do_put(rname, lname); +} - SSVAL(outbuf,smb_vwv0,fnum); - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s closing print file\n",smb_errstr(inbuf))); - if (f != stdin) - fclose(f); - return; - } - - if (f != stdin) - fclose(f); +/**************************************************************************** + show a print queue entry +****************************************************************************/ +static void queue_fn(struct print_job_info *p) +{ + d_printf("%-6d %-9d %s\n", (int)p->id, (int)p->size, p->name); } /**************************************************************************** -print a file + show a print queue ****************************************************************************/ -static void cmd_queue(char *inbuf,char *outbuf ) +static int cmd_queue(void) { - int count; - char *p; - - bzero(outbuf,smb_size); - set_message(outbuf,2,0,True); - - CVAL(outbuf,smb_com) = SMBsplretq; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,32); /* a max of 20 entries is to be shown */ - SSVAL(outbuf,smb_vwv1,0); /* the index into the queue */ - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s obtaining print queue\n",smb_errstr(inbuf))); - return; - } - - count = SVAL(inbuf,smb_vwv0); - p = smb_buf(inbuf) + 3; - if (count <= 0) - { - DEBUG(0,("No entries in the print queue\n")); - return; - } - - { - char status[20]; - - DEBUG(0,("Job Name Size Status\n")); - - while (count--) - { - switch (CVAL(p,4)) - { - case 0x01: sprintf(status,"held or stopped"); break; - case 0x02: sprintf(status,"printing"); break; - case 0x03: sprintf(status,"awaiting print"); break; - case 0x04: sprintf(status,"in intercept"); break; - case 0x05: sprintf(status,"file had error"); break; - case 0x06: sprintf(status,"printer error"); break; - default: sprintf(status,"unknown"); break; - } - - DEBUG(0,("%-6d %-16.16s %-9d %s\n", - SVAL(p,5),p+12,IVAL(p,7),status)); - p += 28; - } - } - + cli_print_queue(cli, queue_fn); + + return 0; } - /**************************************************************************** delete some files ****************************************************************************/ static void do_del(file_info *finfo) { - char *p; - char *inbuf,*outbuf; - pstring mask; + pstring mask; - strcpy(mask,cur_dir); - strcat(mask,finfo->name); + pstrcpy(mask,cur_dir); + pstrcat(mask,finfo->name); - if (finfo->mode & aDIR) - return; + if (finfo->mode & aDIR) + return; - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return; - } - - bzero(outbuf,smb_size); - set_message(outbuf,1,2 + strlen(mask),True); - - CVAL(outbuf,smb_com) = SMBunlink; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); + if (!cli_unlink(cli, mask)) { + d_printf("%s deleting remote file %s\n",cli_errstr(cli),mask); + } +} - SSVAL(outbuf,smb_vwv0,0); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,mask); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - DEBUG(0,("%s deleting remote file %s\n",smb_errstr(inbuf),CNV_LANG(mask))); +/**************************************************************************** +delete some files +****************************************************************************/ +static int cmd_del(void) +{ + pstring mask; + fstring buf; + uint16 attribute = aSYSTEM | aHIDDEN; - free(inbuf);free(outbuf); - + if (recurse) + attribute |= aDIR; + + pstrcpy(mask,cur_dir); + + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { + d_printf("del \n"); + return 1; + } + pstrcat(mask,buf); + + do_list(mask, attribute,do_del,False,False); + + return 0; } /**************************************************************************** -delete some files ****************************************************************************/ -static void cmd_del(char *inbuf,char *outbuf ) +static int cmd_open(void) { - pstring mask; - fstring buf; - int attribute = aSYSTEM | aHIDDEN; + pstring mask; + fstring buf; + + pstrcpy(mask,cur_dir); + + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { + d_printf("open \n"); + return 1; + } + pstrcat(mask,buf); - if (recurse) - attribute |= aDIR; - - strcpy(mask,cur_dir); - - if (!next_token(NULL,buf,NULL)) - { - DEBUG(0,("del \n")); - return; - } - strcat(mask,buf); - - do_dir((char *)inbuf,(char *)outbuf,mask,attribute,do_del,False); + cli_open(cli, mask, O_RDWR, DENY_ALL); + + return 0; } /**************************************************************************** remove a directory ****************************************************************************/ -static void cmd_rmdir(char *inbuf,char *outbuf ) +static int cmd_rmdir(void) { - pstring mask; - fstring buf; - char *p; + pstring mask; + fstring buf; - strcpy(mask,cur_dir); - - if (!next_token(NULL,buf,NULL)) - { - DEBUG(0,("rmdir \n")); - return; - } - strcat(mask,buf); - - bzero(outbuf,smb_size); - set_message(outbuf,0,2 + strlen(mask),True); - - CVAL(outbuf,smb_com) = SMBrmdir; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); + pstrcpy(mask,cur_dir); + + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { + d_printf("rmdir \n"); + return 1; + } + pstrcat(mask,buf); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,mask); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s removing remote directory file %s\n",smb_errstr(inbuf),CNV_LANG(mask))); - return; - } - + if (!cli_rmdir(cli, mask)) { + d_printf("%s removing remote directory file %s\n", + cli_errstr(cli),mask); + } + + return 0; } /**************************************************************************** -rename some files + UNIX hardlink. ****************************************************************************/ -static void cmd_rename(char *inbuf,char *outbuf ) + +static int cmd_link(void) { - pstring src,dest; - fstring buf,buf2; - char *p; - - strcpy(src,cur_dir); - strcpy(dest,cur_dir); - - if (!next_token(NULL,buf,NULL) || !next_token(NULL,buf2,NULL)) - { - DEBUG(0,("rename \n")); - return; - } - strcat(src,buf); - strcat(dest,buf2); - - bzero(outbuf,smb_size); - set_message(outbuf,1,4 + strlen(src) + strlen(dest),True); - - CVAL(outbuf,smb_com) = SMBmv; - SSVAL(outbuf,smb_tid,cnum); - SSVAL(outbuf,smb_vwv0,aHIDDEN | aDIR | aSYSTEM); - setup_pkt(outbuf); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,src); - p = skip_string(p,1); - *p++ = 4; - strcpy(p,dest); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); + pstring src,dest; + fstring buf,buf2; - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s renaming files\n",smb_errstr(inbuf))); - return; - } + if (!SERVER_HAS_UNIX_CIFS(cli)) { + d_printf("Server doesn't support UNIX CIFS calls.\n"); + return 1; + } + + pstrcpy(src,cur_dir); + pstrcpy(dest,cur_dir); -} + if (!next_token(NULL,buf,NULL,sizeof(buf)) || + !next_token(NULL,buf2,NULL, sizeof(buf2))) { + d_printf("link \n"); + return 1; + } + pstrcat(src,buf); + pstrcat(dest,buf2); -/**************************************************************************** -toggle the prompt flag -****************************************************************************/ -static void cmd_prompt(void) -{ - prompt = !prompt; - DEBUG(2,("prompting is now %s\n",prompt?"on":"off")); -} + if (!cli_unix_hardlink(cli, src, dest)) { + d_printf("%s linking files (%s -> %s)\n", cli_errstr(cli), src, dest); + return 1; + } + return 0; +} /**************************************************************************** -set the newer than time + UNIX symlink. ****************************************************************************/ -static void cmd_newer(void) + +static int cmd_symlink(void) { - fstring buf; - BOOL ok; - struct stat sbuf; - - ok = next_token(NULL,buf,NULL); - if (ok && (sys_stat(buf,&sbuf) == 0)) - { - newer_than = sbuf.st_mtime; - DEBUG(1,("Getting files newer than %s", - asctime(LocalTime(&newer_than,GMT_TO_LOCAL)))); - } - else - newer_than = 0; - - if (ok && newer_than == 0) - DEBUG(0,("Error setting newer-than time\n")); + pstring src,dest; + fstring buf,buf2; + + if (!SERVER_HAS_UNIX_CIFS(cli)) { + d_printf("Server doesn't support UNIX CIFS calls.\n"); + return 1; + } + + pstrcpy(src,cur_dir); + pstrcpy(dest,cur_dir); + + if (!next_token(NULL,buf,NULL,sizeof(buf)) || + !next_token(NULL,buf2,NULL, sizeof(buf2))) { + d_printf("symlink \n"); + return 1; + } + + pstrcat(src,buf); + pstrcat(dest,buf2); + + if (!cli_unix_symlink(cli, src, dest)) { + d_printf("%s symlinking files (%s -> %s)\n", + cli_errstr(cli), src, dest); + return 1; + } + + return 0; } /**************************************************************************** -set the archive level + UNIX chmod. ****************************************************************************/ -static void cmd_archive(void) + +static int cmd_chmod(void) { - fstring buf; + pstring src; + mode_t mode; + fstring buf, buf2; + + if (!SERVER_HAS_UNIX_CIFS(cli)) { + d_printf("Server doesn't support UNIX CIFS calls.\n"); + return 1; + } + + pstrcpy(src,cur_dir); + + if (!next_token(NULL,buf,NULL,sizeof(buf)) || + !next_token(NULL,buf2,NULL, sizeof(buf2))) { + d_printf("chmod mode file\n"); + return 1; + } + + mode = (mode_t)strtol(buf, NULL, 8); + pstrcat(src,buf2); + + if (!cli_unix_chmod(cli, src, mode)) { + d_printf("%s chmod file %s 0%o\n", + cli_errstr(cli), src, (unsigned int)mode); + return 1; + } - if (next_token(NULL,buf,NULL)) { - archive_level = atoi(buf); - } else - DEBUG(0,("Archive level is %d\n",archive_level)); + return 0; } /**************************************************************************** -toggle the lowercaseflag + UNIX chown. ****************************************************************************/ -static void cmd_lowercase(void) + +static int cmd_chown(void) { - lowercase = !lowercase; - DEBUG(2,("filename lowercasing is now %s\n",lowercase?"on":"off")); -} + pstring src; + uid_t uid; + gid_t gid; + fstring buf, buf2, buf3; + + if (!SERVER_HAS_UNIX_CIFS(cli)) { + d_printf("Server doesn't support UNIX CIFS calls.\n"); + return 1; + } + pstrcpy(src,cur_dir); + + if (!next_token(NULL,buf,NULL,sizeof(buf)) || + !next_token(NULL,buf2,NULL, sizeof(buf2)) || + !next_token(NULL,buf3,NULL, sizeof(buf3))) { + d_printf("chown uid gid file\n"); + return 1; + } + uid = (uid_t)atoi(buf); + gid = (gid_t)atoi(buf2); + pstrcat(src,buf3); + if (!cli_unix_chown(cli, src, uid, gid)) { + d_printf("%s chown file %s uid=%d, gid=%d\n", + cli_errstr(cli), src, (int)uid, (int)gid); + return 1; + } -/**************************************************************************** -toggle the recurse flag -****************************************************************************/ -static void cmd_recurse(void) -{ - recurse = !recurse; - DEBUG(2,("directory recursion is now %s\n",recurse?"on":"off")); + return 0; } /**************************************************************************** -toggle the translate flag +rename some files ****************************************************************************/ -static void cmd_translate(void) +static int cmd_rename(void) { - translation = !translation; - DEBUG(2,("CR/LF<->LF and print text translation now %s\n", - translation?"on":"off")); -} + pstring src,dest; + fstring buf,buf2; + + pstrcpy(src,cur_dir); + pstrcpy(dest,cur_dir); + + if (!next_token_nr(NULL,buf,NULL,sizeof(buf)) || + !next_token_nr(NULL,buf2,NULL, sizeof(buf2))) { + d_printf("rename \n"); + return 1; + } + pstrcat(src,buf); + pstrcat(dest,buf2); -/**************************************************************************** -do a printmode command -****************************************************************************/ -static void cmd_printmode(void) -{ - fstring buf; - fstring mode; - - if (next_token(NULL,buf,NULL)) - { - if (strequal(buf,"text")) - printmode = 0; - else - { - if (strequal(buf,"graphics")) - printmode = 1; - else - printmode = atoi(buf); + if (!cli_rename(cli, src, dest)) { + d_printf("%s renaming files\n",cli_errstr(cli)); + return 1; } - } - - switch(printmode) - { - case 0: - strcpy(mode,"text"); - break; - case 1: - strcpy(mode,"graphics"); - break; - default: - sprintf(mode,"%d",printmode); - break; - } - - DEBUG(2,("the printmode is now %s\n",mode)); + + return 0; } + /**************************************************************************** -do the lcd command +toggle the prompt flag ****************************************************************************/ -static void cmd_lcd(void) +static int cmd_prompt(void) { - fstring buf; - pstring d; - - if (next_token(NULL,buf,NULL)) - sys_chdir(buf); - DEBUG(2,("the local directory is now %s\n",GetWd(d))); + prompt = !prompt; + DEBUG(2,("prompting is now %s\n",prompt?"on":"off")); + + return 1; } /**************************************************************************** -send a session request +set the newer than time ****************************************************************************/ -static BOOL send_session_request(char *inbuf,char *outbuf) +static int cmd_newer(void) { - fstring dest; - char *p; - int len = 4; - /* send a session request (RFC 8002) */ - - strcpy(dest,desthost); - p = strchr(dest,'.'); - if (p) *p = 0; - - /* put in the destination name */ - p = outbuf+len; - name_mangle(dest,p,name_type); - len += name_len(p); - - /* and my name */ - p = outbuf+len; - name_mangle(myname,p,0); - len += name_len(p); - - /* setup the packet length */ - _smb_setlen(outbuf,len); - CVAL(outbuf,0) = 0x81; - - send_smb(Client,outbuf); - DEBUG(5,("Sent session request\n")); - - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,0) == 0x84) /* C. Hoch 9/14/95 Start */ - { - /* For information, here is the response structure. - * We do the byte-twiddling to for portability. - struct RetargetResponse{ - unsigned char type; - unsigned char flags; - int16 length; - int32 ip_addr; - int16 port; - }; - */ - extern int Client; - int port = (CVAL(inbuf,8)<<8)+CVAL(inbuf,9); - /* SESSION RETARGET */ - putip((char *)&dest_ip,inbuf+4); - - close_sockets(); - Client = open_socket_out(SOCK_STREAM, &dest_ip, port); - if (Client == -1) - return False; - - DEBUG(3,("Retargeted\n")); - - set_socket_options(Client,user_socket_options); - - /* Try again */ - return send_session_request(inbuf,outbuf); - } /* C. Hoch 9/14/95 End */ - - - if (CVAL(inbuf,0) != 0x82) - { - int ecode = CVAL(inbuf,4); - DEBUG(0,("Session request failed (%d,%d) with myname=%s destname=%s\n", - CVAL(inbuf,0),ecode,myname,desthost)); - switch (ecode) - { - case 0x80: - DEBUG(0,("Not listening on called name\n")); - DEBUG(0,("Try to connect to another name (instead of %s)\n",desthost)); - DEBUG(0,("You may find the -I option useful for this\n")); - break; - case 0x81: - DEBUG(0,("Not listening for calling name\n")); - DEBUG(0,("Try to connect as another name (instead of %s)\n",myname)); - DEBUG(0,("You may find the -n option useful for this\n")); - break; - case 0x82: - DEBUG(0,("Called name not present\n")); - DEBUG(0,("Try to connect to another name (instead of %s)\n",desthost)); - DEBUG(0,("You may find the -I option useful for this\n")); - break; - case 0x83: - DEBUG(0,("Called name present, but insufficient resources\n")); - DEBUG(0,("Perhaps you should try again later?\n")); - break; - default: - DEBUG(0,("Unspecified error 0x%X\n",ecode)); - DEBUG(0,("Your server software is being unfriendly\n")); - break; + fstring buf; + BOOL ok; + SMB_STRUCT_STAT sbuf; + + ok = next_token_nr(NULL,buf,NULL,sizeof(buf)); + if (ok && (sys_stat(buf,&sbuf) == 0)) { + newer_than = sbuf.st_mtime; + DEBUG(1,("Getting files newer than %s", + asctime(LocalTime(&newer_than)))); + } else { + newer_than = 0; } - return(False); - } - return(True); -} + if (ok && newer_than == 0) { + d_printf("Error setting newer-than time\n"); + return 1; + } + + return 0; +} /**************************************************************************** -send a login command +set the archive level ****************************************************************************/ -static BOOL send_login(char *inbuf,char *outbuf,BOOL start_session,BOOL use_setup) +static int cmd_archive(void) { - BOOL was_null = (!inbuf && !outbuf); - int sesskey=0; - time_t servertime = 0; - extern int serverzone; - int sec_mode=0; - int crypt_len; - int max_vcs=0; - struct { - int prot; - char *name; - } - prots[] = - { - {PROTOCOL_CORE,"PC NETWORK PROGRAM 1.0"}, - {PROTOCOL_COREPLUS,"MICROSOFT NETWORKS 1.03"}, - {PROTOCOL_LANMAN1,"MICROSOFT NETWORKS 3.0"}, - {PROTOCOL_LANMAN1,"LANMAN1.0"}, - {PROTOCOL_LANMAN2,"LM1.2X002"}, - {PROTOCOL_LANMAN2,"Samba"}, - {PROTOCOL_NT1,"NT LM 0.12"}, - {PROTOCOL_NT1,"NT LANMAN 1.0"}, - {-1,NULL} - }; - char *pass = NULL; - pstring dev; - char *p; - int numprots; - - if (was_null) - { - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - } - -#if AJT - if (strstr(service,"IPC$")) connect_as_ipc = True; -#endif + fstring buf; - strcpy(dev,"A:"); - if (connect_as_printer) - strcpy(dev,"LPT1:"); - if (connect_as_ipc) - strcpy(dev,"IPC"); + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) { + archive_level = atoi(buf); + } else + d_printf("Archive level is %d\n",archive_level); + return 0; +} - if (start_session && !send_session_request(inbuf,outbuf)) - { - if (was_null) - { - free(inbuf); - free(outbuf); - } - return(False); - } - - bzero(outbuf,smb_size); - - /* setup the protocol strings */ - { - int plength; - - for (plength=0,numprots=0; - prots[numprots].name && prots[numprots].prot<=max_protocol; - numprots++) - plength += strlen(prots[numprots].name)+2; - - set_message(outbuf,0,plength,True); - - p = smb_buf(outbuf); - for (numprots=0; - prots[numprots].name && prots[numprots].prot<=max_protocol; - numprots++) - { - *p++ = 2; - strcpy(p,prots[numprots].name); - p += strlen(p) + 1; - } - } - - CVAL(outbuf,smb_com) = SMBnegprot; - setup_pkt(outbuf); - - CVAL(smb_buf(outbuf),0) = 2; - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - show_msg(inbuf); - - if (CVAL(inbuf,smb_rcls) != 0 || ((int)SVAL(inbuf,smb_vwv0) >= numprots)) - { - DEBUG(0,("SMBnegprot failed. myname=%s destname=%s - %s \n", - myname,desthost,smb_errstr(inbuf))); - if (was_null) - { - free(inbuf); - free(outbuf); - } - return(False); - } - - Protocol = prots[SVAL(inbuf,smb_vwv0)].prot; - - - if (Protocol < PROTOCOL_NT1) { - sec_mode = SVAL(inbuf,smb_vwv1); - max_xmit = SVAL(inbuf,smb_vwv2); - sesskey = IVAL(inbuf,smb_vwv6); - serverzone = SVALS(inbuf,smb_vwv10)*60; - /* this time is converted to GMT by make_unix_date */ - servertime = make_unix_date(inbuf+smb_vwv8); - if (Protocol >= PROTOCOL_COREPLUS) { - readbraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x1) != 0); - writebraw_supported = ((SVAL(inbuf,smb_vwv5) & 0x2) != 0); - } - crypt_len = smb_buflen(inbuf); - memcpy(cryptkey,smb_buf(inbuf),8); - DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv3))); - max_vcs = SVAL(inbuf,smb_vwv4); - DEBUG(3,("max vcs %d\n",max_vcs)); - DEBUG(3,("max blk %d\n",SVAL(inbuf,smb_vwv5))); - } else { - /* NT protocol */ - sec_mode = CVAL(inbuf,smb_vwv1); - max_xmit = IVAL(inbuf,smb_vwv3+1); - sesskey = IVAL(inbuf,smb_vwv7+1); - serverzone = SVALS(inbuf,smb_vwv15+1)*60; - /* this time arrives in real GMT */ - servertime = interpret_long_date(inbuf+smb_vwv11+1); - crypt_len = CVAL(inbuf,smb_vwv16+1); - memcpy(cryptkey,smb_buf(inbuf),8); - if (IVAL(inbuf,smb_vwv9+1) & 1) - readbraw_supported = writebraw_supported = True; - DEBUG(3,("max mux %d\n",SVAL(inbuf,smb_vwv1+1))); - max_vcs = SVAL(inbuf,smb_vwv2+1); - DEBUG(3,("max vcs %d\n",max_vcs)); - DEBUG(3,("max raw %d\n",IVAL(inbuf,smb_vwv5+1))); - DEBUG(3,("capabilities 0x%x\n",IVAL(inbuf,smb_vwv9+1))); - } - - DEBUG(3,("Sec mode %d\n",SVAL(inbuf,smb_vwv1))); - DEBUG(3,("max xmt %d\n",max_xmit)); - DEBUG(3,("Got %d byte crypt key\n",crypt_len)); - DEBUG(3,("Chose protocol [%s]\n",prots[SVAL(inbuf,smb_vwv0)].name)); - - doencrypt = ((sec_mode & 2) != 0); - - if (servertime) { - static BOOL done_time = False; - if (!done_time) { - DEBUG(1,("Server time is %sTimezone is UTC%+02.1f\n", - asctime(LocalTime(&servertime,GMT_TO_LOCAL)), - -(double)(serverzone/3600.0))); - done_time = True; - } - } - - get_pass: - - if (got_pass) - pass = password; - else - pass = (char *)getpass("Password: "); - - if (Protocol >= PROTOCOL_LANMAN1 && use_setup) - { - fstring pword; - int passlen = strlen(pass)+1; - strcpy(pword,pass); - -#ifdef SMB_PASSWD - if (doencrypt && *pass) { - DEBUG(3,("Using encrypted passwords\n")); - passlen = 24; - SMBencrypt(pass,cryptkey,pword); - } -#else - doencrypt = False; -#endif +/**************************************************************************** +toggle the lowercaseflag +****************************************************************************/ +static int cmd_lowercase(void) +{ + lowercase = !lowercase; + DEBUG(2,("filename lowercasing is now %s\n",lowercase?"on":"off")); + + return 0; +} - /* if in share level security then don't send a password now */ - if (!(sec_mode & 1)) {strcpy(pword, "");passlen=1;} - - /* send a session setup command */ - bzero(outbuf,smb_size); - - if (Protocol < PROTOCOL_NT1) { - set_message(outbuf,10,1 + strlen(username) + passlen,True); - CVAL(outbuf,smb_com) = SMBsesssetupX; - setup_pkt(outbuf); - - CVAL(outbuf,smb_vwv0) = 0xFF; - SSVAL(outbuf,smb_vwv2,max_xmit); - SSVAL(outbuf,smb_vwv3,2); - SSVAL(outbuf,smb_vwv4,max_vcs-1); - SIVAL(outbuf,smb_vwv5,sesskey); - SSVAL(outbuf,smb_vwv7,passlen); - p = smb_buf(outbuf); - memcpy(p,pword,passlen); - p += passlen; - strcpy(p,username); - } else { - if (!doencrypt) passlen--; - /* for Win95 */ - set_message(outbuf,13,0,True); - CVAL(outbuf,smb_com) = SMBsesssetupX; - setup_pkt(outbuf); - - CVAL(outbuf,smb_vwv0) = 0xFF; - SSVAL(outbuf,smb_vwv2,BUFFER_SIZE); - SSVAL(outbuf,smb_vwv3,2); - SSVAL(outbuf,smb_vwv4,getpid()); - SIVAL(outbuf,smb_vwv5,sesskey); - SSVAL(outbuf,smb_vwv7,passlen); - SSVAL(outbuf,smb_vwv8,0); - p = smb_buf(outbuf); - memcpy(p,pword,passlen); p += SVAL(outbuf,smb_vwv7); - strcpy(p,username);p = skip_string(p,1); - strcpy(p,workgroup);p = skip_string(p,1); - strcpy(p,"Unix");p = skip_string(p,1); - strcpy(p,"Samba");p = skip_string(p,1); - set_message(outbuf,13,PTR_DIFF(p,smb_buf(outbuf)),False); - } - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - show_msg(inbuf); - - if (CVAL(inbuf,smb_rcls) != 0) - { - if (! *pass && - ((CVAL(inbuf,smb_rcls) == ERRDOS && - SVAL(inbuf,smb_err) == ERRnoaccess) || - (CVAL(inbuf,smb_rcls) == ERRSRV && - SVAL(inbuf,smb_err) == ERRbadpw))) - { - got_pass = False; - DEBUG(3,("resending login\n")); - goto get_pass; - } - - DEBUG(0,("Session setup failed for username=%s myname=%s destname=%s %s\n", - username,myname,desthost,smb_errstr(inbuf))); - DEBUG(0,("You might find the -U, -W or -n options useful\n")); - DEBUG(0,("Sometimes you have to use `-n USERNAME' (particularly with OS/2)\n")); - DEBUG(0,("Some servers also insist on uppercase-only passwords\n")); - if (was_null) - { - free(inbuf); - free(outbuf); - } - return(False); - } - if (Protocol >= PROTOCOL_NT1) { - char *domain,*os,*lanman; - p = smb_buf(inbuf); - os = p; - lanman = skip_string(os,1); - domain = skip_string(lanman,1); - if (*domain || *os || *lanman) - DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n",domain,os,lanman)); - } - - /* use the returned uid from now on */ - if (SVAL(inbuf,smb_uid) != uid) - DEBUG(3,("Server gave us a UID of %d. We gave %d\n", - SVAL(inbuf,smb_uid),uid)); - uid = SVAL(inbuf,smb_uid); - } - - /* now we've got a connection - send a tcon message */ - bzero(outbuf,smb_size); - - if (strncmp(service,"\\\\",2) != 0) - { - DEBUG(0,("\nWarning: Your service name doesn't start with \\\\. This is probably incorrect.\n")); - DEBUG(0,("Perhaps try replacing each \\ with \\\\ on the command line?\n\n")); - } - - - again2: - - { - int passlen = strlen(pass)+1; - fstring pword; - strcpy(pword,pass); - -#ifdef SMB_PASSWD - if (doencrypt && *pass) { - passlen=24; - SMBencrypt(pass,cryptkey,pword); - } -#endif - /* if in user level security then don't send a password now */ - if ((sec_mode & 1)) { - strcpy(pword, ""); passlen=1; - } - - set_message(outbuf,4,2 + strlen(service) + passlen + strlen(dev),True); - CVAL(outbuf,smb_com) = SMBtconX; - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,0xFF); - SSVAL(outbuf,smb_vwv3,passlen); - - p = smb_buf(outbuf); - memcpy(p,pword,passlen); - p += passlen; - strcpy(p,service); - p = skip_string(p,1); - strcpy(p,dev); - } - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - /* trying again with a blank password */ - if (CVAL(inbuf,smb_rcls) != 0 && - (int)strlen(pass) > 0 && - !doencrypt && - Protocol >= PROTOCOL_LANMAN1) - { - DEBUG(2,("first SMBtconX failed, trying again. %s\n",smb_errstr(inbuf))); - strcpy(pass,""); - goto again2; - } - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("SMBtconX failed. %s\n",smb_errstr(inbuf))); - DEBUG(0,("Perhaps you are using the wrong sharename, username or password?\n")); - DEBUG(0,("Some servers insist that these be in uppercase\n")); - if (was_null) - { - free(inbuf); - free(outbuf); - } - return(False); - } - - max_xmit = MIN(max_xmit,BUFFER_SIZE-4); - if (max_xmit <= 0) - max_xmit = BUFFER_SIZE - 4; +/**************************************************************************** +toggle the recurse flag +****************************************************************************/ +static int cmd_recurse(void) +{ + recurse = !recurse; + DEBUG(2,("directory recursion is now %s\n",recurse?"on":"off")); - cnum = SVAL(inbuf,smb_tid); + return 0; +} - DEBUG(3,("Connected with cnum=%d max_xmit=%d\n",cnum,max_xmit)); +/**************************************************************************** +toggle the translate flag +****************************************************************************/ +static int cmd_translate(void) +{ + translation = !translation; + DEBUG(2,("CR/LF<->LF and print text translation now %s\n", + translation?"on":"off")); - if (was_null) - { - free(inbuf); - free(outbuf); - } - return True; + return 0; } /**************************************************************************** -send a logout command +do a printmode command ****************************************************************************/ -static void send_logout(void ) -{ - pstring inbuf,outbuf; - - bzero(outbuf,smb_size); - set_message(outbuf,0,0,True); - CVAL(outbuf,smb_com) = SMBtdis; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,SHORT_TIMEOUT); +static int cmd_printmode(void) +{ + fstring buf; + fstring mode; + + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) { + if (strequal(buf,"text")) { + printmode = 0; + } else { + if (strequal(buf,"graphics")) + printmode = 1; + else + printmode = atoi(buf); + } + } - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("SMBtdis failed %s\n",smb_errstr(inbuf))); - } + switch(printmode) + { + case 0: + fstrcpy(mode,"text"); + break; + case 1: + fstrcpy(mode,"graphics"); + break; + default: + slprintf(mode,sizeof(mode)-1,"%d",printmode); + break; + } + + DEBUG(2,("the printmode is now %s\n",mode)); - -#ifdef STATS - stats_report(); -#endif - exit(0); + return 0; } - - /**************************************************************************** -call a remote api +do the lcd command ****************************************************************************/ -static BOOL call_api(int prcnt,int drcnt, - int mprcnt,int mdrcnt, - int *rprcnt,int *rdrcnt, - char *param,char *data, - char **rparam,char **rdata) +static int cmd_lcd(void) { - static char *inbuf=NULL; - static char *outbuf=NULL; - - if (!inbuf) inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - if (!outbuf) outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - send_trans_request(outbuf,SMBtrans,"\\PIPE\\LANMAN",0,0, - data,param,NULL, - drcnt,prcnt,0, - mdrcnt,mprcnt,0); + fstring buf; + pstring d; + + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) + chdir(buf); + DEBUG(2,("the local directory is now %s\n",sys_getwd(d))); - return (receive_trans_response(inbuf,SMBtrans, - rdrcnt,rprcnt, - rdata,rparam)); + return 0; } /**************************************************************************** - send a SMB trans or trans2 request - ****************************************************************************/ -static BOOL send_trans_request(char *outbuf,int trans, - char *name,int fid,int flags, - char *data,char *param,uint16 *setup, - int ldata,int lparam,int lsetup, - int mdata,int mparam,int msetup) +list a share name +****************************************************************************/ +static void browse_fn(const char *name, uint32 m, + const char *comment, void *state) { - int i; - int this_ldata,this_lparam; - int tot_data=0,tot_param=0; - char *outdata,*outparam; - pstring inbuf; - char *p; - - this_lparam = MIN(lparam,max_xmit - (500+lsetup*SIZEOFWORD)); /* hack */ - this_ldata = MIN(ldata,max_xmit - (500+lsetup*SIZEOFWORD+this_lparam)); - - bzero(outbuf,smb_size); - set_message(outbuf,14+lsetup,0,True); - CVAL(outbuf,smb_com) = trans; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - outparam = smb_buf(outbuf)+(trans==SMBtrans ? strlen(name)+1 : 3); - outdata = outparam+this_lparam; - - /* primary request */ - SSVAL(outbuf,smb_tpscnt,lparam); /* tpscnt */ - SSVAL(outbuf,smb_tdscnt,ldata); /* tdscnt */ - SSVAL(outbuf,smb_mprcnt,mparam); /* mprcnt */ - SSVAL(outbuf,smb_mdrcnt,mdata); /* mdrcnt */ - SCVAL(outbuf,smb_msrcnt,msetup); /* msrcnt */ - SSVAL(outbuf,smb_flags,flags); /* flags */ - SIVAL(outbuf,smb_timeout,0); /* timeout */ - SSVAL(outbuf,smb_pscnt,this_lparam); /* pscnt */ - SSVAL(outbuf,smb_psoff,smb_offset(outparam,outbuf)); /* psoff */ - SSVAL(outbuf,smb_dscnt,this_ldata); /* dscnt */ - SSVAL(outbuf,smb_dsoff,smb_offset(outdata,outbuf)); /* dsoff */ - SCVAL(outbuf,smb_suwcnt,lsetup); /* suwcnt */ - for (i=0;i 0) - { - printf("\n\tSharename Type Comment\n"); - printf("\t--------- ---- -------\n"); - } - - if (sort) - qsort(p,count,20,QSORT_CAST strcasecmp); - - for (i=0;i8) long_share_name=True; - - p += 20; - } - - if (long_share_name) { - printf("\nNOTE: There were share names longer than 8 chars.\nOn older clients these may not be accessible or may give browsing errors\n"); - } - } - } - - if (rparam) free(rparam); - if (rdata) free(rdata); + d_printf("\n\tSharename Type Comment\n"); + d_printf("\t--------- ---- -------\n"); - return(count>0); -} + if((ret = cli_RNetShareEnum(cli, browse_fn, NULL)) == -1) + d_printf("Error returning browse list: %s\n", cli_errstr(cli)); + return (ret != -1); +} /**************************************************************************** -get some server info +list a server name ****************************************************************************/ -static void server_info() +static void server_fn(const char *name, uint32 m, + const char *comment, void *state) { - char *rparam = NULL; - char *rdata = NULL; - char *p; - int rdrcnt,rprcnt; - pstring param; - - bzero(param,sizeof(param)); - - p = param; - SSVAL(p,0,63); /* api number */ - p += 2; - strcpy(p,"WrLh"); - p = skip_string(p,1); - strcpy(p,"zzzBBzz"); - p = skip_string(p,1); - SSVAL(p,0,10); /* level 10 */ - SSVAL(p,2,1000); - p += 6; - - if (call_api(PTR_DIFF(p,param),0, - 6,1000, - &rprcnt,&rdrcnt, - param,NULL, - &rparam,&rdata)) - { - int res = SVAL(rparam,0); - int converter=SVAL(rparam,2); - - if (res == 0) - { - p = rdata; - - printf("\nServer=[%s] User=[%s] Workgroup=[%s] Domain=[%s]\n", - rdata+SVAL(p,0)-converter, - rdata+SVAL(p,4)-converter, - rdata+SVAL(p,8)-converter, - rdata+SVAL(p,14)-converter); - } - } - - if (rparam) free(rparam); - if (rdata) free(rdata); - - return; + d_printf("\t%-16.16s %s\n", name, comment); } - /**************************************************************************** try and browse available connections on a host ****************************************************************************/ -static BOOL list_servers() +static BOOL list_servers(char *wk_grp) { - char *rparam = NULL; - char *rdata = NULL; - int rdrcnt,rprcnt; - char *p; - pstring param; - int uLevel = 1; - int count = 0; - - /* now send a SMBtrans command with api ServerEnum? */ - p = param; - SSVAL(p,0,0x68); /* api number */ - p += 2; - strcpy(p,"WrLehDO"); - p = skip_string(p,1); - - strcpy(p,"B16BBDz"); -#if 0 - strcpy(p,getenv("XX_STR2")); -#endif - - p = skip_string(p,1); - SSVAL(p,0,uLevel); - SSVAL(p,2,0x2000); /* buf length */ - p += 4; - - SIVAL(p,0,SV_TYPE_ALL); - - if (call_api(PTR_DIFF(p+4,param),0, - 8,10000, - &rprcnt,&rdrcnt, - param,NULL, - &rparam,&rdata)) - { - int res = SVAL(rparam,0); - int converter=SVAL(rparam,2); - int i; - - if (res == 0) { - char *p2 = rdata; - count=SVAL(rparam,4); - - if (count > 0) { - printf("\n\nThis machine has a browse list:\n"); - printf("\n\tServer Comment\n"); - printf("\t--------- -------\n"); - } + if (!cli->server_domain) return False; - for (i=0;i 0) { - printf("\n\nThis machine has a workgroup list:\n"); - printf("\n\tWorkgroup Master\n"); - printf("\t--------- -------\n"); - } - - for (i=0;i0); -} + cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_ALL, server_fn, NULL); + d_printf("\n\tWorkgroup Master\n"); + d_printf("\t--------- -------\n"); + cli_NetServerEnum(cli, cli->server_domain, SV_TYPE_DOMAIN_ENUM, server_fn, NULL); + return True; +} +/* Some constants for completing filename arguments */ -void cmd_help(); +#define COMPL_NONE 0 /* No completions */ +#define COMPL_REMOTE 1 /* Complete remote filename */ +#define COMPL_LOCAL 2 /* Complete local filename */ -/* This defines the commands supported by this client */ +/* This defines the commands supported by this client. + * NOTE: The "!" must be the last one in the list because it's fn pointer + * field is NULL, and NULL in that field is used in process_tok() + * (below) to indicate the end of the list. crh + */ struct { char *name; - void (*fn)(); + int (*fn)(void); char *description; + char compl_args[2]; /* Completion argument info */ } commands[] = { - {"ls",cmd_dir," list the contents of the current directory"}, - {"dir",cmd_dir," list the contents of the current directory"}, - {"lcd",cmd_lcd,"[directory] change/report the local current working directory"}, - {"cd",cmd_cd,"[directory] change/report the remote directory"}, - {"pwd",cmd_pwd,"show current remote directory (same as 'cd' with no args)"}, - {"get",cmd_get," [local name] get a file"}, - {"mget",cmd_mget," get all the matching files"}, - {"put",cmd_put," [remote name] put a file"}, - {"mput",cmd_mput," put all matching files"}, - {"rename",cmd_rename," rename some files"}, - {"more",cmd_more," view a remote file with your pager"}, - {"mask",cmd_select," mask all filenames against this"}, - {"del",cmd_del," delete all matching files"}, - {"rm",cmd_del," delete all matching files"}, - {"mkdir",cmd_mkdir," make a directory"}, - {"md",cmd_mkdir," make a directory"}, - {"rmdir",cmd_rmdir," remove a directory"}, - {"rd",cmd_rmdir," remove a directory"}, - {"prompt",cmd_prompt,"toggle prompting for filenames for mget and mput"}, - {"recurse",cmd_recurse,"toggle directory recursion for mget and mput"}, - {"translate",cmd_translate,"toggle text translation for printing"}, - {"lowercase",cmd_lowercase,"toggle lowercasing of filenames for get"}, - {"print",cmd_print," print a file"}, - {"printmode",cmd_printmode," set the print mode"}, - {"queue",cmd_queue,"show the print queue"}, - {"cancel",cmd_cancel," cancel a print queue entry"}, - {"stat",cmd_stat," get info on a file (experimental!)"}, - {"quit",send_logout,"logoff the server"}, - {"q",send_logout,"logoff the server"}, - {"exit",send_logout,"logoff the server"}, - {"newer",cmd_newer," only mget files newer than the specified local file"}, - {"archive",cmd_archive,"\n0=ignore archive bit\n1=only get archive files\n2=only get archive files and reset archive bit\n3=get all files and reset archive bit"}, - {"tar",cmd_tar,"tar [IXbgNa] current directory to/from " }, - {"blocksize",cmd_block,"blocksize (default 20)" }, - {"tarmode",cmd_tarmode, - " tar's behaviour towards archive bits" }, - {"setmode",cmd_setmode,"filename change modes of file"}, - {"help",cmd_help,"[command] give help on a command"}, - {"?",cmd_help,"[command] give help on a command"}, - {"!",NULL,"run a shell command on the local system"}, - {"",NULL,NULL} + {"?",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}}, + {"altname",cmd_altname," show alt name",{COMPL_NONE,COMPL_NONE}}, + {"archive",cmd_archive,"\n0=ignore archive bit\n1=only get archive files\n2=only get archive files and reset archive bit\n3=get all files and reset archive bit",{COMPL_NONE,COMPL_NONE}}, + {"blocksize",cmd_block,"blocksize (default 20)",{COMPL_NONE,COMPL_NONE}}, + {"cancel",cmd_cancel," cancel a print queue entry",{COMPL_NONE,COMPL_NONE}}, + {"cd",cmd_cd,"[directory] change/report the remote directory",{COMPL_REMOTE,COMPL_NONE}}, + {"chmod",cmd_chmod," chmod a file using UNIX permission",{COMPL_REMOTE,COMPL_REMOTE}}, + {"chown",cmd_chown," chown a file using UNIX uids and gids",{COMPL_REMOTE,COMPL_REMOTE}}, + {"del",cmd_del," delete all matching files",{COMPL_REMOTE,COMPL_NONE}}, + {"dir",cmd_dir," list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}}, + {"du",cmd_du," computes the total size of the current directory",{COMPL_REMOTE,COMPL_NONE}}, + {"exit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}}, + {"get",cmd_get," [local name] get a file",{COMPL_REMOTE,COMPL_LOCAL}}, + {"help",cmd_help,"[command] give help on a command",{COMPL_NONE,COMPL_NONE}}, + {"history",cmd_history,"displays the command history",{COMPL_NONE,COMPL_NONE}}, + {"lcd",cmd_lcd,"[directory] change/report the local current working directory",{COMPL_LOCAL,COMPL_NONE}}, + {"link",cmd_link," create a UNIX hard link",{COMPL_REMOTE,COMPL_REMOTE}}, + {"lowercase",cmd_lowercase,"toggle lowercasing of filenames for get",{COMPL_NONE,COMPL_NONE}}, + {"ls",cmd_dir," list the contents of the current directory",{COMPL_REMOTE,COMPL_NONE}}, + {"mask",cmd_select," mask all filenames against this",{COMPL_REMOTE,COMPL_NONE}}, + {"md",cmd_mkdir," make a directory",{COMPL_NONE,COMPL_NONE}}, + {"mget",cmd_mget," get all the matching files",{COMPL_REMOTE,COMPL_NONE}}, + {"mkdir",cmd_mkdir," make a directory",{COMPL_NONE,COMPL_NONE}}, + {"more",cmd_more," view a remote file with your pager",{COMPL_REMOTE,COMPL_NONE}}, + {"mput",cmd_mput," put all matching files",{COMPL_REMOTE,COMPL_NONE}}, + {"newer",cmd_newer," only mget files newer than the specified local file",{COMPL_LOCAL,COMPL_NONE}}, + {"open",cmd_open," open a file",{COMPL_REMOTE,COMPL_NONE}}, + {"print",cmd_print," print a file",{COMPL_NONE,COMPL_NONE}}, + {"printmode",cmd_printmode," set the print mode",{COMPL_NONE,COMPL_NONE}}, + {"prompt",cmd_prompt,"toggle prompting for filenames for mget and mput",{COMPL_NONE,COMPL_NONE}}, + {"put",cmd_put," [remote name] put a file",{COMPL_LOCAL,COMPL_REMOTE}}, + {"pwd",cmd_pwd,"show current remote directory (same as 'cd' with no args)",{COMPL_NONE,COMPL_NONE}}, + {"q",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}}, + {"queue",cmd_queue,"show the print queue",{COMPL_NONE,COMPL_NONE}}, + {"quit",cmd_quit,"logoff the server",{COMPL_NONE,COMPL_NONE}}, + {"rd",cmd_rmdir," remove a directory",{COMPL_NONE,COMPL_NONE}}, + {"recurse",cmd_recurse,"toggle directory recursion for mget and mput",{COMPL_NONE,COMPL_NONE}}, + {"rename",cmd_rename," rename some files",{COMPL_REMOTE,COMPL_REMOTE}}, + {"rm",cmd_del," delete all matching files",{COMPL_REMOTE,COMPL_NONE}}, + {"rmdir",cmd_rmdir," remove a directory",{COMPL_NONE,COMPL_NONE}}, + {"setmode",cmd_setmode,"filename change modes of file",{COMPL_REMOTE,COMPL_NONE}}, + {"symlink",cmd_symlink," create a UNIX symlink",{COMPL_REMOTE,COMPL_REMOTE}}, + {"tar",cmd_tar,"tar [IXFqbgNan] current directory to/from ",{COMPL_NONE,COMPL_NONE}}, + {"tarmode",cmd_tarmode," tar's behaviour towards archive bits",{COMPL_NONE,COMPL_NONE}}, + {"translate",cmd_translate,"toggle text translation for printing",{COMPL_NONE,COMPL_NONE}}, + + /* Yes, this must be here, see crh's comment above. */ + {"!",NULL,"run a shell command on the local system",{COMPL_NONE,COMPL_NONE}}, + {"",NULL,NULL,{COMPL_NONE,COMPL_NONE}} }; @@ -3730,805 +2024,892 @@ struct ******************************************************************/ static int process_tok(fstring tok) { - int i = 0, matches = 0; - int cmd=0; - int tok_len = strlen(tok); - - while (commands[i].fn != NULL) - { - if (strequal(commands[i].name,tok)) - { - matches = 1; - cmd = i; - break; - } - else if (strnequal(commands[i].name, tok, tok_len+1)) - { - matches++; - cmd = i; + int i = 0, matches = 0; + int cmd=0; + int tok_len = strlen(tok); + + while (commands[i].fn != NULL) { + if (strequal(commands[i].name,tok)) { + matches = 1; + cmd = i; + break; + } else if (strnequal(commands[i].name, tok, tok_len)) { + matches++; + cmd = i; + } + i++; } - i++; - } - if (matches == 0) - return(-1); - else if (matches == 1) - return(cmd); - else - return(-2); + if (matches == 0) + return(-1); + else if (matches == 1) + return(cmd); + else + return(-2); } /**************************************************************************** help ****************************************************************************/ -void cmd_help(void) +static int cmd_help(void) { - int i=0,j; - fstring buf; - - if (next_token(NULL,buf,NULL)) - { - if ((i = process_tok(buf)) >= 0) - DEBUG(0,("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description)); - } - else - while (commands[i].description) - { - for (j=0; commands[i].description && (j<5); j++) { - DEBUG(0,("%-15s",commands[i].name)); - i++; + int i=0,j; + fstring buf; + + if (next_token_nr(NULL,buf,NULL,sizeof(buf))) { + if ((i = process_tok(buf)) >= 0) + d_printf("HELP %s:\n\t%s\n\n",commands[i].name,commands[i].description); + } else { + while (commands[i].description) { + for (j=0; commands[i].description && (j<5); j++) { + d_printf("%-15s",commands[i].name); + i++; + } + d_printf("\n"); + } } - DEBUG(0,("\n")); - } + return 0; } /**************************************************************************** -open the client sockets +process a -c command string ****************************************************************************/ -static BOOL open_sockets(int port ) +static int process_command_string(char *cmd) { - static int last_port; - char *host; - pstring service2; - extern int Client; -#ifdef USENMB - BOOL failed = True; -#endif + pstring line; + char *ptr; + int rc = 0; - if (port == 0) port=last_port; - last_port=port; - - strupper(service); - - if (*desthost) - { - host = desthost; - } - else - { - strcpy(service2,service); - host = strtok(service2,"\\/"); - if (!host) { - DEBUG(0,("Badly formed host name\n")); - return(False); - } - strcpy(desthost,host); - } - - DEBUG(3,("Opening sockets\n")); - - if (*myname == 0) - { - get_myname(myname,NULL); - strupper(myname); - } - - if (!have_ip) - { - struct hostent *hp; - - if ((hp = Get_Hostbyname(host))) { - putip((char *)&dest_ip,(char *)hp->h_addr); - failed = False; - } else { -#ifdef USENMB - /* Try and resolve the name with the netbios server */ - int bcast; - pstring hs; - struct in_addr ip1, ip2; + while (cmd[0] != '\0') { + char *p; + fstring tok; + int i; + + if ((p = strchr_m(cmd, ';')) == 0) { + strncpy(line, cmd, 999); + line[1000] = '\0'; + cmd += strlen(cmd); + } else { + if (p - cmd > 999) p = cmd + 999; + strncpy(line, cmd, p - cmd); + line[p - cmd] = '\0'; + cmd = p + 1; + } + + /* and get the first part of the command */ + ptr = line; + if (!next_token_nr(&ptr,tok,NULL,sizeof(tok))) continue; + + if ((i = process_tok(tok)) >= 0) { + rc = commands[i].fn(); + } else if (i == -2) { + d_printf("%s: command abbreviation ambiguous\n",tok); + } else { + d_printf("%s: command not found\n",tok); + } + } - if ((bcast = open_socket_in(SOCK_DGRAM, 0, 3)) != -1) { - set_socket_options (bcast, "SO_BROADCAST"); + return rc; +} + +/**************************************************************************** +handle completion of commands for readline +****************************************************************************/ +static char **completion_fn(char *text, int start, int end) +{ +#define MAX_COMPLETIONS 100 + char **matches; + int i, count=0; + + /* for words not at the start of the line fallback to filename completion */ + if (start) return NULL; - if (!got_bcast && get_myname(hs, &ip1)) { - get_broadcast(&ip1, &bcast_ip, &ip2); - } + matches = (char **)malloc(sizeof(matches[0])*MAX_COMPLETIONS); + if (!matches) return NULL; - if (name_query(bcast, host, 0x20, True, True, bcast_ip, &dest_ip,0)){ - failed = False; - } - close (bcast); + matches[count++] = strdup(text); + if (!matches[0]) return NULL; + + for (i=0;commands[i].fn && count < MAX_COMPLETIONS-1;i++) { + if (strncmp(text, commands[i].name, strlen(text)) == 0) { + matches[count] = strdup(commands[i].name); + if (!matches[count]) return NULL; + count++; + } } -#endif - if (failed) { - DEBUG(0,("Get_Hostbyname: Unknown host %s.\n",host)); - return False; + + if (count == 2) { + SAFE_FREE(matches[0]); + matches[0] = strdup(matches[1]); } - } - } + matches[count] = NULL; + return matches; +} - Client = open_socket_out(SOCK_STREAM, &dest_ip, port); - if (Client == -1) - return False; - DEBUG(3,("Connected\n")); - - set_socket_options(Client,user_socket_options); - - return True; +/**************************************************************************** +make sure we swallow keepalives during idle time +****************************************************************************/ +static void readline_callback(void) +{ + fd_set fds; + struct timeval timeout; + static time_t last_t; + time_t t; + + t = time(NULL); + + if (t - last_t < 5) return; + + last_t = t; + + again: + FD_ZERO(&fds); + FD_SET(cli->fd,&fds); + + timeout.tv_sec = 0; + timeout.tv_usec = 0; + sys_select_intr(cli->fd+1,&fds,NULL,NULL,&timeout); + + /* We deliberately use receive_smb instead of + client_receive_smb as we want to receive + session keepalives and then drop them here. + */ + if (FD_ISSET(cli->fd,&fds)) { + receive_smb(cli->fd,cli->inbuf,0); + goto again; + } + + cli_chkpath(cli, "\\"); } + /**************************************************************************** -wait for keyboard activity, swallowing network packets +process commands on stdin ****************************************************************************/ -#ifdef CLIX -static char wait_keyboard(char *buffer) -#else -static void wait_keyboard(char *buffer) -#endif +static void process_stdin(void) { - fd_set fds; - int selrtn; - struct timeval timeout; - -#ifdef CLIX - int delay = 0; -#endif - - while (1) - { - extern int Client; - FD_ZERO(&fds); - FD_SET(Client,&fds); -#ifndef CLIX - FD_SET(fileno(stdin),&fds); -#endif + char *ptr; - timeout.tv_sec = 20; - timeout.tv_usec = 0; -#ifdef CLIX - timeout.tv_sec = 0; -#endif - selrtn = sys_select(&fds,&timeout); - -#ifndef CLIX - if (FD_ISSET(fileno(stdin),&fds)) - return; -#else - { - char ch; - int f_flags; - int readret; - - f_flags = fcntl(fileno(stdin), F_GETFL, 0); - fcntl( fileno(stdin), F_SETFL, f_flags | O_NONBLOCK); - readret = read_data( fileno(stdin), &ch, 1); - fcntl(fileno(stdin), F_SETFL, f_flags); - if (readret == -1) - { - if (errno != EAGAIN) - { - /* should crash here */ - DEBUG(1,("readchar stdin failed\n")); - } - } - else if (readret != 0) - { - return ch; - } - } -#endif - if (FD_ISSET(Client,&fds)) - receive_smb(Client,buffer,0); + while (1) { + fstring tok; + fstring the_prompt; + char *cline; + pstring line; + int i; + + /* display a prompt */ + slprintf(the_prompt, sizeof(the_prompt)-1, "smb: %s> ", cur_dir); + cline = smb_readline(the_prompt, readline_callback, completion_fn); + + if (!cline) break; + + pstrcpy(line, cline); + + /* special case - first char is ! */ + if (*line == '!') { + system(line + 1); + continue; + } -#ifdef CLIX - delay++; - if (delay > 100000) - { - delay = 0; - chkpath("\\",False); + /* and get the first part of the command */ + ptr = line; + if (!next_token_nr(&ptr,tok,NULL,sizeof(tok))) continue; + + if ((i = process_tok(tok)) >= 0) { + commands[i].fn(); + } else if (i == -2) { + d_printf("%s: command abbreviation ambiguous\n",tok); + } else { + d_printf("%s: command not found\n",tok); + } } -#else - chkpath("\\",False); -#endif - } } -/**************************************************************************** -close and open the connection again -****************************************************************************/ -BOOL reopen_connection(char *inbuf,char *outbuf) +/***************************************************** +return a connection to a server +*******************************************************/ +struct cli_state *do_connect(const char *server, const char *share) { - static int open_count=0; + struct cli_state *c; + struct nmb_name called, calling; + const char *server_n; + struct in_addr ip; + fstring servicename; + char *sharename; + + /* make a copy so we don't modify the global string 'service' */ + safe_strcpy(servicename, share, sizeof(servicename)-1); + sharename = servicename; + if (*sharename == '\\') { + server = sharename+2; + sharename = strchr_m(server,'\\'); + if (!sharename) return NULL; + *sharename = 0; + sharename++; + } + + server_n = server; + + zero_ip(&ip); + + make_nmb_name(&calling, global_myname, 0x0); + make_nmb_name(&called , server, name_type); + + again: + zero_ip(&ip); + if (have_ip) ip = dest_ip; + + /* have to open a new connection */ + if (!(c=cli_initialise(NULL)) || (cli_set_port(c, port) != port) || + !cli_connect(c, server_n, &ip)) { + d_printf("Connection to %s failed\n", server_n); + return NULL; + } + + c->protocol = max_protocol; + c->use_kerberos = use_kerberos; + + if (!cli_session_request(c, &calling, &called)) { + char *p; + d_printf("session request to %s failed (%s)\n", + called.name, cli_errstr(c)); + cli_shutdown(c); + if ((p=strchr_m(called.name, '.'))) { + *p = 0; + goto again; + } + if (strcmp(called.name, "*SMBSERVER")) { + make_nmb_name(&called , "*SMBSERVER", 0x20); + goto again; + } + return NULL; + } - open_count++; + DEBUG(4,(" session request ok\n")); - if (open_count>5) return(False); + if (!cli_negprot(c)) { + d_printf("protocol negotiation failed\n"); + cli_shutdown(c); + return NULL; + } + + if (!got_pass) { + char *pass = getpass("Password: "); + if (pass) { + pstrcpy(password, pass); + } + } - DEBUG(1,("Trying to re-open connection\n")); + if (!cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + workgroup)) { + /* if a password was not supplied then try again with a null username */ + if (password[0] || !username[0] || use_kerberos || + !cli_session_setup(c, "", "", 0, "", 0, workgroup)) { + d_printf("session setup failed: %s\n", cli_errstr(c)); + cli_shutdown(c); + return NULL; + } + d_printf("Anonymous login successful\n"); + } - set_message(outbuf,0,0,True); - SCVAL(outbuf,smb_com,SMBtdis); - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); + if (*c->server_domain) { + DEBUG(1,("Domain=[%s] OS=[%s] Server=[%s]\n", + c->server_domain,c->server_os,c->server_type)); + } else if (*c->server_os || *c->server_type){ + DEBUG(1,("OS=[%s] Server=[%s]\n", + c->server_os,c->server_type)); + } + + DEBUG(4,(" session setup ok\n")); - send_smb(Client,outbuf); - receive_smb(Client,inbuf,SHORT_TIMEOUT); + if (!cli_send_tconX(c, sharename, "?????", + password, strlen(password)+1)) { + d_printf("tree connect failed: %s\n", cli_errstr(c)); + cli_shutdown(c); + return NULL; + } - close_sockets(); - if (!open_sockets(0)) return(False); + DEBUG(4,(" tconx ok\n")); - return(send_login(inbuf,outbuf,True,True)); + return c; } + /**************************************************************************** process commands from the client ****************************************************************************/ -BOOL process(char *base_directory) +static int process(char *base_directory) { - extern FILE *dbf; - pstring line; + int rc = 0; - char *InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - char *OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + cli = do_connect(desthost, service); + if (!cli) { + return 1; + } - if ((InBuffer == NULL) || (OutBuffer == NULL)) - return(False); + if (*base_directory) do_cd(base_directory); + + if (cmdstr) { + rc = process_command_string(cmdstr); + } else { + process_stdin(); + } - bzero(OutBuffer,smb_size); - - if (!send_login(InBuffer,OutBuffer,True,True)) - return(False); + cli_shutdown(cli); + return rc; +} - if (*base_directory) do_cd(base_directory); +/**************************************************************************** +usage on the program +****************************************************************************/ +static void usage(char *pname) +{ + d_printf("Usage: %s service [options]", pname); + + d_printf("\nVersion %s\n",VERSION); + d_printf("\t-s smb.conf pathname to smb.conf file\n"); + d_printf("\t-O socket_options socket options to use\n"); + d_printf("\t-R name resolve order use these name resolution services only\n"); + d_printf("\t-M host send a winpopup message to the host\n"); + d_printf("\t-i scope use this NetBIOS scope\n"); + d_printf("\t-N don't ask for a password\n"); + d_printf("\t-n netbios name. Use this name as my netbios name\n"); + d_printf("\t-d debuglevel set the debuglevel\n"); + d_printf("\t-P connect to service as a printer\n"); + d_printf("\t-p port connect to the specified port\n"); + d_printf("\t-l log basename. Basename for log/debug files\n"); + d_printf("\t-h Print this help message.\n"); + d_printf("\t-I dest IP use this IP to connect to\n"); + d_printf("\t-E write messages to stderr instead of stdout\n"); + d_printf("\t-k use kerberos (active directory) authentication\n"); + d_printf("\t-U username set the network username\n"); + d_printf("\t-L host get a list of shares available on a host\n"); + d_printf("\t-t terminal code terminal i/o code {sjis|euc|jis7|jis8|junet|hex}\n"); + d_printf("\t-m max protocol set the max protocol level\n"); + d_printf("\t-A filename get the credentials from a file\n"); + d_printf("\t-W workgroup set the workgroup name\n"); + d_printf("\t-TIXFqgbNan command line tar\n"); + d_printf("\t-D directory start from directory\n"); + d_printf("\t-c command string execute semicolon separated commands\n"); + d_printf("\t-b xmit/send buffer changes the transmit/send buffer (default: 65520)\n"); + d_printf("\n"); +} + + +/**************************************************************************** +get a password from a a file or file descriptor +exit on failure +****************************************************************************/ +static void get_password_file(void) +{ + int fd = -1; + char *p; + BOOL close_it = False; + pstring spec; + char pass[128]; + + if ((p = getenv("PASSWD_FD")) != NULL) { + pstrcpy(spec, "descriptor "); + pstrcat(spec, p); + sscanf(p, "%d", &fd); + close_it = False; + } else if ((p = getenv("PASSWD_FILE")) != NULL) { + fd = sys_open(p, O_RDONLY, 0); + pstrcpy(spec, p); + if (fd < 0) { + fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n", + spec, strerror(errno)); + exit(1); + } + close_it = True; + } - while (!feof(stdin)) - { - fstring tok; - int i; + for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */ + p && p - pass < sizeof(pass);) { + switch (read(fd, p, 1)) { + case 1: + if (*p != '\n' && *p != '\0') { + *++p = '\0'; /* advance p, and null-terminate pass */ + break; + } + case 0: + if (p - pass) { + *p = '\0'; /* null-terminate it, just in case... */ + p = NULL; /* then force the loop condition to become false */ + break; + } else { + fprintf(stderr, "Error reading password from file %s: %s\n", + spec, "empty password\n"); + exit(1); + } + + default: + fprintf(stderr, "Error reading password from file %s: %s\n", + spec, strerror(errno)); + exit(1); + } + } + pstrcpy(password, pass); + if (close_it) + close(fd); +} - bzero(OutBuffer,smb_size); - /* display a prompt */ - DEBUG(1,("smb: %s> ", CNV_LANG(cur_dir))); - fflush(dbf); -#ifdef CLIX - line[0] = wait_keyboard(InBuffer); - /* this might not be such a good idea... */ - if ( line[0] == EOF) - break; -#else - wait_keyboard(InBuffer); -#endif - - /* and get a response */ -#ifdef CLIX - fgets( &line[1],999, stdin); -#else - if (!fgets(line,1000,stdin)) - break; -#endif +/**************************************************************************** +handle a -L query +****************************************************************************/ +static int do_host_query(char *query_host) +{ + cli = do_connect(query_host, "IPC$"); + if (!cli) + return 1; - /* input language code to internal one */ - CNV_INPUT (line); + browse_host(True); + list_servers(workgroup); - /* special case - first char is ! */ - if (*line == '!') - { - system(line + 1); - continue; - } - - /* and get the first part of the command */ - { - char *ptr = line; - if (!next_token(&ptr,tok,NULL)) continue; - } - - if ((i = process_tok(tok)) >= 0) - commands[i].fn(InBuffer,OutBuffer); - else if (i == -2) - DEBUG(0,("%s: command abbreviation ambiguous\n",CNV_LANG(tok))); - else - DEBUG(0,("%s: command not found\n",CNV_LANG(tok))); - } - - send_logout(); - return(True); + cli_shutdown(cli); + + return(0); } /**************************************************************************** -usage on the program +handle a tar operation ****************************************************************************/ -void usage(char *pname) +static int do_tar_op(char *base_directory) { - DEBUG(0,("Usage: %s service [-p port] [-d debuglevel] [-l log] ", - pname)); + int ret; + cli = do_connect(desthost, service); + if (!cli) + return 1; -#ifdef KANJI - DEBUG(0,("[-t termcode] ")); -#endif /* KANJI */ + recurse=True; - DEBUG(0,("\nVersion %s\n",VERSION)); - DEBUG(0,("\t-p port listen on the specified port\n")); - DEBUG(0,("\t-d debuglevel set the debuglevel\n")); - DEBUG(0,("\t-l log basename. Basename for log/debug files\n")); - DEBUG(0,("\t-n netbios name. Use this name as my netbios name\n")); - DEBUG(0,("\t-N don't ask for a password\n")); - DEBUG(0,("\t-P connect to service as a printer\n")); - DEBUG(0,("\t-M host send a winpopup message to the host\n")); - DEBUG(0,("\t-m max protocol set the max protocol level\n")); - DEBUG(0,("\t-L host get a list of shares available on a host\n")); - DEBUG(0,("\t-I dest IP use this IP to connect to\n")); - DEBUG(0,("\t-E write messages to stderr instead of stdout\n")); - DEBUG(0,("\t-U username set the network username\n")); - DEBUG(0,("\t-W workgroup set the workgroup name\n")); -#ifdef KANJI - DEBUG(0,("\t-t terminal code terminal i/o code {sjis|euc|jis7|jis8|junet|hex}\n")); -#endif /* KANJI */ - DEBUG(0,("\t-TIXgbNa command line tar\n")); - DEBUG(0,("\t-D directory start from directory\n")); - DEBUG(0,("\n")); -} + if (*base_directory) do_cd(base_directory); + + ret=process_tar(); + cli_shutdown(cli); + return(ret); +} /**************************************************************************** - main program +handle a message operation ****************************************************************************/ -int main(int argc,char *argv[]) +static int do_message_op(void) { - fstring base_directory; - char *pname = argv[0]; - int port = 139; - int opt; - extern FILE *dbf; - extern char *optarg; - extern int optind; - pstring query_host; - BOOL message = False; - extern char tar_type; - - *query_host = 0; - *base_directory = 0; - - DEBUGLEVEL = 2; - - setup_logging(pname,True); - - TimeInit(); - charset_initialise(); - - pid = getpid(); - uid = getuid(); - gid = getgid(); - mid = pid + 100; - myumask = umask(0); - umask(myumask); - - if (getenv("USER")) - { - strcpy(username,getenv("USER")); - strupper(username); - } - - if (*username == 0 && getenv("LOGNAME")) - { - strcpy(username,getenv("LOGNAME")); - strupper(username); - } - - if (argc < 2) - { - usage(pname); - exit(1); - } - - if (*argv[1] != '-') - { + struct in_addr ip; + struct nmb_name called, calling; - strcpy(service,argv[1]); - argc--; - argv++; + zero_ip(&ip); - if (count_chars(service,'\\') < 3) - { - usage(pname); - printf("\n%s: Not enough '\\' characters in service\n",service); - exit(1); - } + make_nmb_name(&calling, global_myname, 0x0); + make_nmb_name(&called , desthost, name_type); -/* - if (count_chars(service,'\\') > 3) - { - usage(pname); - printf("\n%s: Too many '\\' characters in service\n",service); - exit(1); - } - */ + zero_ip(&ip); + if (have_ip) ip = dest_ip; - if (argc > 1 && (*argv[1] != '-')) - { - got_pass = True; - strcpy(password,argv[1]); - memset(argv[1],'X',strlen(argv[1])); - argc--; - argv++; + if (!(cli=cli_initialise(NULL)) || (cli_set_port(cli, port) != port) || !cli_connect(cli, desthost, &ip)) { + d_printf("Connection to %s failed\n", desthost); + return 1; } - } -#ifdef KANJI - setup_term_code (KANJI); - while ((opt = getopt (argc, argv, "B:O:M:i:Nn:d:Pp:l:hI:EB:U:L:t:m:W:T:D:")) != EOF) -#else - while ((opt = getopt (argc, argv, "B:O:M:i:Nn:d:Pp:l:hI:EB:U:L:m:W:T:D:")) != EOF) -#endif /* KANJI */ - switch (opt) - { - case 'm': - max_protocol = interpret_protocol(optarg,max_protocol); - break; - case 'O': - strcpy(user_socket_options,optarg); - break; - case 'M': - name_type = 3; - strcpy(desthost,optarg); - strupper(desthost); - message = True; - break; - case 'B': - bcast_ip = *interpret_addr2(optarg); - got_bcast = True; - break; - case 'D': - strcpy(base_directory,optarg); - break; - case 'T': - if (!tar_parseargs(argc, argv, optarg, optind)) { - usage(pname); - exit(1); - } - break; - case 'i': - strcpy(scope,optarg); - break; - case 'L': - got_pass = True; - strcpy(query_host,optarg); - break; - case 'U': - { - char *p; - strcpy(username,optarg); - if ((p=strchr(username,'%'))) - { - *p = 0; - strcpy(password,p+1); - got_pass = True; - memset(strchr(optarg,'%')+1,'X',strlen(password)); - } + if (!cli_session_request(cli, &calling, &called)) { + d_printf("session request failed\n"); + cli_shutdown(cli); + return 1; } - - break; - case 'W': - strcpy(workgroup,optarg); - break; - case 'E': - dbf = stderr; - break; - case 'I': - { - dest_ip = *interpret_addr2(optarg); - if (zero_ip(dest_ip)) exit(1); - have_ip = True; + + send_message(); + cli_shutdown(cli); + + return 0; +} + + +/** + * Process "-L hostname" option. + * + * We don't actually do anything yet -- we just stash the name in a + * global variable and do the query when all options have been read. + **/ +static void remember_query_host(const char *arg, + pstring query_host) +{ + char *slash; + + while (*arg == '\\' || *arg == '/') + arg++; + pstrcpy(query_host, arg); + if ((slash = strchr(query_host, '/')) + || (slash = strchr(query_host, '\\'))) { + *slash = 0; } - break; - case 'n': - strcpy(myname,optarg); - break; - case 'N': - got_pass = True; - break; - case 'P': - connect_as_printer = True; - break; - case 'd': - if (*optarg == 'A') - DEBUGLEVEL = 10000; - else - DEBUGLEVEL = atoi(optarg); - break; - case 'l': - sprintf(debugf,"%s.client",optarg); - break; - case 'p': - port = atoi(optarg); - break; - case 'h': - usage(pname); - exit(0); - break; +} + + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ + fstring base_directory; + char *pname = argv[0]; + int opt; + extern char *optarg; + extern int optind; + int old_debug; + pstring query_host; + BOOL message = False; + extern char tar_type; + pstring term_code; + pstring new_name_resolve_order; + pstring logfile; + char *p; + int rc = 0; + #ifdef KANJI - case 't': - if (!setup_term_code (optarg)) { - DEBUG(0, ("%s: unknown terminal code name\n", optarg)); - usage (pname); - exit (1); - } - break; + pstrcpy(term_code, KANJI); +#else /* KANJI */ + *term_code = 0; #endif /* KANJI */ - default: - usage(pname); - exit(1); - } - if (!tar_type && !*query_host && !*service && !message) - { - usage(pname); - exit(1); - } + *query_host = 0; + *base_directory = 0; + *new_name_resolve_order = 0; - DEBUG(3,("%s client started (version %s)\n",timestring(),VERSION)); + DEBUGLEVEL = 2; + AllowDebugChange = False; + + setup_logging(pname,True); + + /* + * If the -E option is given, be careful not to clobber stdout + * before processing the options. 28.Feb.99, richard@hacom.nl. + * Also pre-parse the -s option to get the service file name. + */ + + for (opt = 1; opt < argc; opt++) { + if (strcmp(argv[opt], "-E") == 0) + dbf = x_stderr; + else if(strncmp(argv[opt], "-s", 2) == 0) { + if(argv[opt][2] != '\0') + pstrcpy(dyn_CONFIGFILE, &argv[opt][2]); + else if(argv[opt+1] != NULL) { + /* + * At least one more arg left. + */ + pstrcpy(dyn_CONFIGFILE, argv[opt+1]); + } else { + usage(pname); + exit(1); + } + } + } - get_myname(*myname?NULL:myname,&myip); - strupper(myname); + in_client = True; /* Make sure that we tell lp_load we are */ - if (tar_type) { - recurse=True; + old_debug = DEBUGLEVEL; + if (!lp_load(dyn_CONFIGFILE,True,False,False)) { + fprintf(stderr, "%s: Can't load %s - run testparm to debug it\n", + prog_name, dyn_CONFIGFILE); + } + DEBUGLEVEL = old_debug; + +#ifdef WITH_SSL + sslutil_init(0); +#endif - if (open_sockets(port)) { - char *InBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - char *OutBuffer = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - int ret; + pstrcpy(workgroup,lp_workgroup()); - if ((InBuffer == NULL) || (OutBuffer == NULL)) - return(1); + load_interfaces(); + myumask = umask(0); + umask(myumask); - bzero(OutBuffer,smb_size); - if (!send_login(InBuffer,OutBuffer,True,True)) - return(False); + if (getenv("USER")) { + pstrcpy(username,getenv("USER")); - if (*base_directory) do_cd(base_directory); + /* modification to support userid%passwd syntax in the USER var + 25.Aug.97, jdblair@uab.edu */ - ret=process_tar(InBuffer, OutBuffer); + if ((p=strchr_m(username,'%'))) { + *p = 0; + pstrcpy(password,p+1); + got_pass = True; + memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password)); + } + strupper(username); + } - send_logout(); - close_sockets(); - return(ret); - } else - return(1); - } - - if (*query_host) - { - int ret = 0; - sprintf(service,"\\\\%s\\IPC$",query_host); - strupper(service); - connect_as_ipc = True; - if (open_sockets(port)) - { -#if 0 - *username = 0; -#endif - if (!send_login(NULL,NULL,True,True)) - return(1); - - server_info(); - if (!browse_host(True)) { - sleep(1); - browse_host(True); - } - if (!list_servers()) { - sleep(1); - list_servers(); - } - - send_logout(); - close_sockets(); + /* modification to support PASSWD environmental var + 25.Aug.97, jdblair@uab.edu */ + if (getenv("PASSWD")) { + pstrcpy(password,getenv("PASSWD")); + got_pass = True; } - return(ret); - } + if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) { + get_password_file(); + got_pass = True; + } - if (message) - { - int ret = 0; - if (open_sockets(port)) - { - pstring inbuf,outbuf; - bzero(outbuf,smb_size); - if (!send_session_request(inbuf,outbuf)) - return(1); + if (*username == 0 && getenv("LOGNAME")) { + pstrcpy(username,getenv("LOGNAME")); + strupper(username); + } - send_message(inbuf,outbuf); + if (*username == 0) { + pstrcpy(username,"GUEST"); + } - close_sockets(); + if (argc < 2) { + usage(pname); + exit(1); } - return(ret); - } + /* FIXME: At the moment, if the user should happen to give the + * options ahead of the service name (in standard Unix + * fashion) then smbclient just spits out the usage message + * with no explanation of what in particular was wrong. Is + * there any reason we can't just parse out the service name + * and password after running getopt?? -- mbp */ + if (*argv[1] != '-') { + pstrcpy(service,argv[1]); + /* Convert any '/' characters in the service name to '\' characters */ + string_replace( service, '/','\\'); + argc--; + argv++; + + if (count_chars(service,'\\') < 3) { + usage(pname); + d_printf("\n%s: Not enough '\\' characters in service\n",service); + exit(1); + } - if (open_sockets(port)) - { - if (!process(base_directory)) - { - close_sockets(); - return(1); + if (argc > 1 && (*argv[1] != '-')) { + got_pass = True; + pstrcpy(password,argv[1]); + memset(argv[1],'X',strlen(argv[1])); + argc--; + argv++; + } } - close_sockets(); - } - else - return(1); - return(0); -} + while ((opt = + getopt(argc, argv,"s:O:R:M:i:Nn:d:Pp:l:hI:EU:L:t:m:W:T:D:c:b:A:k")) != EOF) { + switch (opt) { + case 's': + pstrcpy(dyn_CONFIGFILE, optarg); + break; + case 'O': + pstrcpy(user_socket_options,optarg); + break; + case 'R': + pstrcpy(new_name_resolve_order, optarg); + break; + case 'M': + name_type = 0x03; /* messages are sent to NetBIOS name type 0x3 */ + pstrcpy(desthost,optarg); + message = True; + break; + case 'i': + { + extern pstring global_scope; + pstrcpy(global_scope,optarg); + strupper(global_scope); + } + break; + case 'N': + got_pass = True; + break; + case 'n': + pstrcpy(global_myname,optarg); + break; + case 'd': + if (*optarg == 'A') + DEBUGLEVEL = 10000; + else + DEBUGLEVEL = atoi(optarg); + break; + case 'P': + /* not needed anymore */ + break; + case 'p': + port = atoi(optarg); + break; + case 'l': + slprintf(logfile,sizeof(logfile)-1, "%s.client",optarg); + lp_set_logfile(logfile); + break; + case 'h': + usage(pname); + exit(0); + break; + case 'I': + { + dest_ip = *interpret_addr2(optarg); + if (is_zero_ip(dest_ip)) + exit(1); + have_ip = True; + } + break; + case 'E': + display_set_stderr(); + dbf = x_stderr; + break; + case 'U': + { + char *lp; + pstrcpy(username,optarg); + if ((lp=strchr_m(username,'%'))) { + *lp = 0; + pstrcpy(password,lp+1); + got_pass = True; + memset(strchr_m(optarg,'%')+1,'X',strlen(password)); + } + } + break; + + case 'A': + { + XFILE *auth; + fstring buf; + uint16 len = 0; + char *ptr, *val, *param; + + if ((auth=x_fopen(optarg, O_RDONLY, 0)) == NULL) + { + /* fail if we can't open the credentials file */ + d_printf("ERROR: Unable to open credentials file!\n"); + exit (-1); + } + + while (!x_feof(auth)) + { + /* get a line from the file */ + if (!x_fgets(buf, sizeof(buf), auth)) + continue; + len = strlen(buf); + + if ((len) && (buf[len-1]=='\n')) + { + buf[len-1] = '\0'; + len--; + } + if (len == 0) + continue; + + /* break up the line into parameter & value. + will need to eat a little whitespace possibly */ + param = buf; + if (!(ptr = strchr_m (buf, '='))) + continue; + val = ptr+1; + *ptr = '\0'; + + /* eat leading white space */ + while ((*val!='\0') && ((*val==' ') || (*val=='\t'))) + val++; + + if (strwicmp("password", param) == 0) + { + pstrcpy(password, val); + got_pass = True; + } + else if (strwicmp("username", param) == 0) + pstrcpy(username, val); + else if (strwicmp("domain", param) == 0) + pstrcpy(workgroup,val); + memset(buf, 0, sizeof(buf)); + } + x_fclose(auth); + } + break; + + case 'L': + remember_query_host(optarg, query_host); + break; + case 't': + pstrcpy(term_code, optarg); + break; + case 'm': + max_protocol = interpret_protocol(optarg, max_protocol); + break; + case 'W': + pstrcpy(workgroup,optarg); + break; + case 'T': + if (!tar_parseargs(argc, argv, optarg, optind)) { + usage(pname); + exit(1); + } + break; + case 'D': + pstrcpy(base_directory,optarg); + break; + case 'c': + cmdstr = optarg; + break; + case 'b': + io_bufsize = MAX(1, atoi(optarg)); + break; + case 'k': +#ifdef HAVE_KRB5 + use_kerberos = True; + got_pass = True; +#else + d_printf("No kerberos support compiled in\n"); + exit(1); +#endif + break; + default: + usage(pname); + exit(1); + } + } + get_myname((*global_myname)?NULL:global_myname); -/* error code stuff - put together by Merik Karman - merik@blackadder.dsh.oz.au */ + if(*new_name_resolve_order) + lp_set_name_resolve_order(new_name_resolve_order); -typedef struct -{ - char *name; - int code; - char *message; -} err_code_struct; - -/* Dos Error Messages */ -err_code_struct dos_msgs[] = { - {"ERRbadfunc",1,"Invalid function."}, - {"ERRbadfile",2,"File not found."}, - {"ERRbadpath",3,"Directory invalid."}, - {"ERRnofids",4,"No file descriptors available"}, - {"ERRnoaccess",5,"Access denied."}, - {"ERRbadfid",6,"Invalid file handle."}, - {"ERRbadmcb",7,"Memory control blocks destroyed."}, - {"ERRnomem",8,"Insufficient server memory to perform the requested function."}, - {"ERRbadmem",9,"Invalid memory block address."}, - {"ERRbadenv",10,"Invalid environment."}, - {"ERRbadformat",11,"Invalid format."}, - {"ERRbadaccess",12,"Invalid open mode."}, - {"ERRbaddata",13,"Invalid data."}, - {"ERR",14,"reserved."}, - {"ERRbaddrive",15,"Invalid drive specified."}, - {"ERRremcd",16,"A Delete Directory request attempted to remove the server's current directory."}, - {"ERRdiffdevice",17,"Not same device."}, - {"ERRnofiles",18,"A File Search command can find no more files matching the specified criteria."}, - {"ERRbadshare",32,"The sharing mode specified for an Open conflicts with existing FIDs on the file."}, - {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."}, - {"ERRfilexists",80,"The file named in a Create Directory, Make New File or Link request already exists."}, - {"ERRbadpipe",230,"Pipe invalid."}, - {"ERRpipebusy",231,"All instances of the requested pipe are busy."}, - {"ERRpipeclosing",232,"Pipe close in progress."}, - {"ERRnotconnected",233,"No process on other end of pipe."}, - {"ERRmoredata",234,"There is more data to be returned."}, - {"ERRinvgroup",2455,"Invalid workgroup (try the -W option)"}, - {NULL,-1,NULL}}; - -/* Server Error Messages */ -err_code_struct server_msgs[] = { - {"ERRerror",1,"Non-specific error code."}, - {"ERRbadpw",2,"Bad password - name/password pair in a Tree Connect or Session Setup are invalid."}, - {"ERRbadtype",3,"reserved."}, - {"ERRaccess",4,"The requester does not have the necessary access rights within the specified context for the requested function. The context is defined by the TID or the UID."}, - {"ERRinvnid",5,"The tree ID (TID) specified in a command was invalid."}, - {"ERRinvnetname",6,"Invalid network name in tree connect."}, - {"ERRinvdevice",7,"Invalid device - printer request made to non-printer connection or non-printer request made to printer connection."}, - {"ERRqfull",49,"Print queue full (files) -- returned by open print file."}, - {"ERRqtoobig",50,"Print queue full -- no space."}, - {"ERRqeof",51,"EOF on print queue dump."}, - {"ERRinvpfid",52,"Invalid print file FID."}, - {"ERRsmbcmd",64,"The server did not recognize the command received."}, - {"ERRsrverror",65,"The server encountered an internal error, e.g., system file unavailable."}, - {"ERRfilespecs",67,"The file handle (FID) and pathname parameters contained an invalid combination of values."}, - {"ERRreserved",68,"reserved."}, - {"ERRbadpermits",69,"The access permissions specified for a file or directory are not a valid combination. The server cannot set the requested attribute."}, - {"ERRreserved",70,"reserved."}, - {"ERRsetattrmode",71,"The attribute mode in the Set File Attribute request is invalid."}, - {"ERRpaused",81,"Server is paused."}, - {"ERRmsgoff",82,"Not receiving messages."}, - {"ERRnoroom",83,"No room to buffer message."}, - {"ERRrmuns",87,"Too many remote user names."}, - {"ERRtimeout",88,"Operation timed out."}, - {"ERRnoresource",89,"No resources currently available for request."}, - {"ERRtoomanyuids",90,"Too many UIDs active on this session."}, - {"ERRbaduid",91,"The UID is not known as a valid ID on this session."}, - {"ERRusempx",250,"Temp unable to support Raw, use MPX mode."}, - {"ERRusestd",251,"Temp unable to support Raw, use standard read/write."}, - {"ERRcontmpx",252,"Continue in MPX mode."}, - {"ERRreserved",253,"reserved."}, - {"ERRreserved",254,"reserved."}, - {"ERRnosupport",0xFFFF,"Function not supported."}, - {NULL,-1,NULL}}; - -/* Hard Error Messages */ -err_code_struct hard_msgs[] = { - {"ERRnowrite",19,"Attempt to write on write-protected diskette."}, - {"ERRbadunit",20,"Unknown unit."}, - {"ERRnotready",21,"Drive not ready."}, - {"ERRbadcmd",22,"Unknown command."}, - {"ERRdata",23,"Data error (CRC)."}, - {"ERRbadreq",24,"Bad request structure length."}, - {"ERRseek",25 ,"Seek error."}, - {"ERRbadmedia",26,"Unknown media type."}, - {"ERRbadsector",27,"Sector not found."}, - {"ERRnopaper",28,"Printer out of paper."}, - {"ERRwrite",29,"Write fault."}, - {"ERRread",30,"Read fault."}, - {"ERRgeneral",31,"General failure."}, - {"ERRbadshare",32,"A open conflicts with an existing open."}, - {"ERRlock",33,"A Lock request conflicted with an existing lock or specified an invalid mode, or an Unlock requested attempted to remove a lock held by another process."}, - {"ERRwrongdisk",34,"The wrong disk was found in a drive."}, - {"ERRFCBUnavail",35,"No FCBs are available to process request."}, - {"ERRsharebufexc",36,"A sharing buffer has been exceeded."}, - {NULL,-1,NULL}}; + if (!tar_type && !*query_host && !*service && !message) { + usage(pname); + exit(1); + } + DEBUG( 3, ( "Client started (version %s).\n", VERSION ) ); -struct -{ - int code; - char *class; - err_code_struct *err_msgs; -} err_classes[] = { - {0,"SUCCESS",NULL}, - {0x01,"ERRDOS",dos_msgs}, - {0x02,"ERRSRV",server_msgs}, - {0x03,"ERRHRD",hard_msgs}, - {0x04,"ERRXOS",NULL}, - {0xE1,"ERRRMX1",NULL}, - {0xE2,"ERRRMX2",NULL}, - {0xE3,"ERRRMX3",NULL}, - {0xFF,"ERRCMD",NULL}, - {-1,NULL,NULL}}; + if (tar_type) { + if (cmdstr) + process_command_string(cmdstr); + return do_tar_op(base_directory); + } + if ((p=strchr_m(query_host,'#'))) { + *p = 0; + p++; + sscanf(p, "%x", &name_type); + } + + if (*query_host) { + return do_host_query(query_host); + } -/**************************************************************************** -return a SMB error string from a SMB buffer -****************************************************************************/ -char *smb_errstr(char *inbuf) -{ - static pstring ret; - int class = CVAL(inbuf,smb_rcls); - int num = SVAL(inbuf,smb_err); - int i,j; - - for (i=0;err_classes[i].class;i++) - if (err_classes[i].code == class) - { - if (err_classes[i].err_msgs) - { - err_code_struct *err = err_classes[i].err_msgs; - for (j=0;err[j].name;j++) - if (num == err[j].code) - { - if (DEBUGLEVEL > 0) - sprintf(ret,"%s - %s (%s)",err_classes[i].class, - err[j].name,err[j].message); - else - sprintf(ret,"%s - %s",err_classes[i].class,err[j].name); - return ret; - } - } + if (message) { + return do_message_op(); + } + + if (process(base_directory)) { + return 1; + } - sprintf(ret,"%s - %d",err_classes[i].class,num); - return ret; - } - - sprintf(ret,"ERROR: Unknown error (%d,%d)",class,num); - return(ret); + return rc; } diff --git a/source3/client/clitar.c b/source3/client/clitar.c index 1433ec59412..9fa3750b0c2 100644 --- a/source3/client/clitar.c +++ b/source3/client/clitar.c @@ -1,8 +1,8 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. Tar Extensions - Copyright (C) Ricky Poulten 1995 + Copyright (C) Ricky Poulten 1995-1998 + Copyright (C) Richard Sharpe 1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,100 +18,181 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +/* The following changes developed by Richard Sharpe for Canon Information + Systems Research Australia (CISRA) + + 1. Restore can now restore files with long file names + 2. Save now saves directory information so that we can restore + directory creation times + 3. tar now accepts both UNIX path names and DOS path names. I prefer + those lovely /'s to those UGLY \'s :-) + 4. the files to exclude can be specified as a regular expression by adding + an r flag to the other tar flags. Eg: + + -TcrX file.tar "*.(obj|exe)" + + will skip all .obj and .exe files +*/ #include "includes.h" #include "clitar.h" -extern void setup_pkt(char *outbuf); -extern BOOL reopen_connection(char *inbuf,char *outbuf); -extern void do_dir(char *inbuf,char *outbuf,char *Mask,int attribute,void (*fn)(),BOOL recurse_dir); +static int clipfind(char **aret, int ret, char *tok); + +typedef struct file_info_struct file_info2; + +struct file_info_struct +{ + size_t size; + uint16 mode; + int uid; + int gid; + /* These times are normally kept in GMT */ + time_t mtime; + time_t atime; + time_t ctime; + char *name; /* This is dynamically allocate */ + + file_info2 *next, *prev; /* Used in the stack ... */ -int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind); +}; -extern BOOL recurse; +typedef struct +{ + file_info2 *top; + int items; + +} stack; + +stack dir_stack = {NULL, 0}; /* Want an empty stack */ #define SEPARATORS " \t\n\r" -extern int DEBUGLEVEL; -extern int Client; +extern struct cli_state *cli; /* These defines are for the do_setrattr routine, to indicate * setting and reseting of file attributes in the function call */ #define ATTRSET 1 #define ATTRRESET 0 -static int attribute = aDIR | aSYSTEM | aHIDDEN; +static uint16 attribute = aDIR | aSYSTEM | aHIDDEN; #ifndef CLIENT_TIMEOUT #define CLIENT_TIMEOUT (30*1000) #endif -static char *tarbuf; +static char *tarbuf, *buffer_p; static int tp, ntarf, tbufsiz; +static double ttarf; /* Incremental mode */ BOOL tar_inc=False; /* Reset archive bit */ BOOL tar_reset=False; /* Include / exclude mode (true=include, false=exclude) */ BOOL tar_excl=True; +/* use regular expressions for search on file names */ +BOOL tar_re_search=False; +#ifdef HAVE_REGEX_H +regex_t *preg; +#endif +/* Do not dump anything, just calculate sizes */ +BOOL dry_run=False; +/* Dump files with System attribute */ +BOOL tar_system=True; +/* Dump files with Hidden attribute */ +BOOL tar_hidden=True; +/* Be noisy - make a catalogue */ +BOOL tar_noisy=True; +BOOL tar_real_noisy=False; /* Don't want to be really noisy by default */ + char tar_type='\0'; static char **cliplist=NULL; static int clipn=0; +static BOOL must_free_cliplist = False; extern file_info def_finfo; extern BOOL lowercase; -extern int cnum; +extern uint16 cnum; extern BOOL readbraw_supported; extern int max_xmit; extern pstring cur_dir; extern int get_total_time_ms; extern int get_total_size; -extern int Protocol; int blocksize=20; int tarhandle; -static void writetarheader(); -static void do_atar(); -static void do_tar(); -static void oct_it(); -static void fixtarname(); -static int dotarbuf(); -static void dozerobuf(); -static void dotareof(); -static void initarbuf(); -static int do_setrattr(); -void cmd_tar(); -int process_tar(); -char **toktocliplist(); -int clipfind(); +static void writetarheader(int f, char *aname, int size, time_t mtime, + char *amode, unsigned char ftype); +static void do_atar(char *rname,char *lname,file_info *finfo1); +static void do_tar(file_info *finfo); +static void oct_it(long value, int ndgs, char *p); +static void fixtarname(char *tptr, char *fp, int l); +static int dotarbuf(int f, char *b, int n); +static void dozerobuf(int f, int n); +static void dotareof(int f); +static void initarbuf(void); + /* restore functions */ -static long readtarheader(); -static long unoct(); -static void do_tarput(); -static void unfixtarname(); +static long readtarheader(union hblock *hb, file_info2 *finfo, char *prefix); +static long unoct(char *p, int ndgs); +static void do_tarput(void); +static void unfixtarname(char *tptr, char *fp, int l, BOOL first); /* * tar specific utitlities */ +/******************************************************************* +Create a string of size size+1 (for the null) +*******************************************************************/ +static char *string_create_s(int size) +{ + char *tmp; + + tmp = (char *)malloc(size+1); + + if (tmp == NULL) { + + DEBUG(0, ("Out of memory in string_create_s\n")); + + } + + return(tmp); + +} + /**************************************************************************** Write a tar header to buffer ****************************************************************************/ static void writetarheader(int f, char *aname, int size, time_t mtime, - char *amode) + char *amode, unsigned char ftype) { union hblock hb; int i, chk, l; char *jp; + DEBUG(5, ("WriteTarHdr, Type = %c, Size= %i, Name = %s\n", ftype, size, aname)); + memset(hb.dummy, 0, sizeof(hb.dummy)); l=strlen(aname); - if (l >= NAMSIZ) - { - DEBUG(0, ("tar file %s name length exceeds NAMSIZ\n", aname)); - } + if (l >= NAMSIZ - 1) { + /* write a GNU tar style long header */ + char *b; + b = (char *)malloc(l+TBLOCK+100); + if (!b) { + DEBUG(0,("out of memory\n")); + exit(1); + } + writetarheader(f, "/./@LongLink", l+2, 0, " 0 \0", 'L'); + memset(b, 0, l+TBLOCK+100); + fixtarname(b, aname, l); + i = strlen(b)+1; + DEBUG(5, ("File name in tar file: %s, size=%d, \n", b, (int)strlen(b))); + dotarbuf(f, b, TBLOCK*(((i-1)/TBLOCK)+1)); + SAFE_FREE(b); + } /* use l + 1 to do the null too */ fixtarname(hb.dbuf.name, aname, (l >= NAMSIZ) ? NAMSIZ : l + 1); @@ -122,14 +203,14 @@ static void writetarheader(int f, char *aname, int size, time_t mtime, /* write out a "standard" tar format header */ hb.dbuf.name[NAMSIZ-1]='\0'; - strcpy(hb.dbuf.mode, amode); + safe_strcpy(hb.dbuf.mode, amode, strlen(amode)); oct_it(0L, 8, hb.dbuf.uid); oct_it(0L, 8, hb.dbuf.gid); oct_it((long) size, 13, hb.dbuf.size); oct_it((long) mtime, 13, hb.dbuf.mtime); memcpy(hb.dbuf.chksum, " ", sizeof(hb.dbuf.chksum)); - hb.dbuf.linkflag='0'; memset(hb.dbuf.linkname, 0, NAMSIZ); + hb.dbuf.linkflag=ftype; for (chk=0, i=sizeof(hb.dummy), jp=hb.dummy; --i>=0;) chk+=(0xFF & *jp++); @@ -142,7 +223,7 @@ static void writetarheader(int f, char *aname, int size, time_t mtime, /**************************************************************************** Read a tar header into a hblock structure, and validate ***************************************************************************/ -static long readtarheader(union hblock *hb, file_info *finfo, char *prefix) +static long readtarheader(union hblock *hb, file_info2 *finfo, char *prefix) { long chk, fchk; int i; @@ -167,29 +248,44 @@ static long readtarheader(union hblock *hb, file_info *finfo, char *prefix) fchk=unoct(hb->dbuf.chksum, sizeof(hb->dbuf.chksum)); - DEBUG(5, ("checksum totals chk=%d fchk=%d chksum=%s\n", + DEBUG(5, ("checksum totals chk=%ld fchk=%ld chksum=%s\n", chk, fchk, hb->dbuf.chksum)); if (fchk != chk) { - DEBUG(0, ("checksums don't match %d %d\n", fchk, chk)); + DEBUG(0, ("checksums don't match %ld %ld\n", fchk, chk)); + dump_data(5, (char *)hb - TBLOCK, TBLOCK *3); return -1; } - strcpy(finfo->name, prefix); + if ((finfo->name = string_create_s(strlen(prefix) + strlen(hb -> dbuf.name) + 3)) == NULL) { + + DEBUG(0, ("Out of space creating file_info2 for %s\n", hb -> dbuf.name)); + return(-1); + + } + + safe_strcpy(finfo->name, prefix, strlen(prefix) + strlen(hb -> dbuf.name) + 3); /* use l + 1 to do the null too; do prefix - prefcnt to zap leading slash */ unfixtarname(finfo->name + strlen(prefix), hb->dbuf.name, - strlen(hb->dbuf.name) + 1); + strlen(hb->dbuf.name) + 1, True); -/* can't handle links at present */ - if (hb->dbuf.linkflag != '0') { + /* can't handle some links at present */ + if ((hb->dbuf.linkflag != '0') && (hb -> dbuf.linkflag != '5')) { if (hb->dbuf.linkflag == 0) { DEBUG(6, ("Warning: NULL link flag (gnu tar archive ?) %s\n", finfo->name)); } else { - DEBUG(0, ("this tar file appears to contain some kind of link - ignoring\n")); - return -2; + if (hb -> dbuf.linkflag == 'L') { /* We have a longlink */ + /* Do nothing here at the moment. do_tarput will handle this + as long as the longlink gets back to it, as it has to advance + the buffer pointer, etc */ + + } else { + DEBUG(0, ("this tar file appears to contain some kind of link other than a GNUtar Longlink - ignoring\n")); + return -2; + } } } @@ -222,6 +318,9 @@ static int dotarbuf(int f, char *b, int n) { int fail=1, writ=n; + if (dry_run) { + return writ; + } /* This routine and the next one should be the only ones that do write()s */ if (tp + n >= tbufsiz) { @@ -250,7 +349,7 @@ static int dotarbuf(int f, char *b, int n) } /**************************************************************************** -Write a zeros to buffer / tape +Write zeros to buffer / tape ****************************************************************************/ static void dozerobuf(int f, int n) { @@ -258,9 +357,13 @@ static void dozerobuf(int f, int n) * used to round files to nearest block * and to do tar EOFs */ + if (dry_run) + return; + if (n+tp >= tbufsiz) { memset(tarbuf+tp, 0, tbufsiz-tp); + write(f, tarbuf, tbufsiz); memset(tarbuf, 0, (tp+=n-tbufsiz)); } @@ -274,14 +377,14 @@ static void dozerobuf(int f, int n) /**************************************************************************** Malloc tape buffer ****************************************************************************/ -static void initarbuf() +static void initarbuf(void) { /* initialize tar buffer */ tbufsiz=blocksize*TBLOCK; - tarbuf=malloc(tbufsiz); + tarbuf=malloc(tbufsiz); /* FIXME: We might not get the buffer */ - /* reset tar buffer pointer and tar file counter */ - tp=0; ntarf=0; + /* reset tar buffer pointer and tar file counter and total dumped */ + tp=0; ntarf=0; ttarf=0; } /**************************************************************************** @@ -289,13 +392,16 @@ Write two zero blocks at end of file ****************************************************************************/ static void dotareof(int f) { - struct stat stbuf; + SMB_STRUCT_STAT stbuf; /* Two zero blocks at end of file, write out full buffer */ + if (dry_run) + return; + (void) dozerobuf(f, TBLOCK); (void) dozerobuf(f, TBLOCK); - if (fstat(f, &stbuf) == -1) + if (sys_fstat(f, &stbuf) == -1) { DEBUG(0, ("Couldn't stat file handle\n")); return; @@ -311,37 +417,18 @@ static void dotareof(int f) ****************************************************************************/ static void fixtarname(char *tptr, char *fp, int l) { - /* add a '.' to start of file name, convert from ugly dos \'s in path - * to lovely unix /'s :-} */ - - *tptr++='.'; -#ifdef KANJI - while (l > 0) { - if (is_shift_jis (*fp)) { - *tptr++ = *fp++; - *tptr++ = *fp++; - l -= 2; - } else if (is_kana (*fp)) { - *tptr++ = *fp++; - l--; - } else if (*fp == '\\') { - *tptr++ = '/'; - fp++; - l--; - } else { - *tptr++ = *fp++; - l--; - } - } -#else - while (l--) { *tptr=(*fp == '\\') ? '/' : *fp; tptr++; fp++; } -#endif + /* add a '.' to start of file name, convert from ugly dos \'s in path + * to lovely unix /'s :-} */ + *tptr++='.'; + + safe_strcpy(tptr, fp, l); + string_replace(tptr, '\\', '/'); } /**************************************************************************** Convert from decimal to octal string ****************************************************************************/ -static void oct_it (register long value, register int ndgs, register char *p) +static void oct_it (long value, int ndgs, char *p) { /* Converts long to octal string, pads with leading zeros */ @@ -371,7 +458,7 @@ static long unoct(char *p, int ndgs) while (--ndgs) { - if (isdigit(*p)) + if (isdigit((int)*p)) value = (value << 3) | (long) (*p - '0'); p++; @@ -381,10 +468,14 @@ static long unoct(char *p, int ndgs) } /**************************************************************************** -Compare two strings in a slash insensitive way +Compare two strings in a slash insensitive way, allowing s1 to match s2 +if s1 is an "initial" string (up to directory marker). Thus, if s2 is +a file in any subdirectory of s1, declare a match. ***************************************************************************/ -int strslashcmp(const char *s1, const char *s2) +static int strslashcmp(char *s1, char *s2) { + char *s1_0=s1; + while(*s1 && *s2 && (*s1 == *s2 || tolower(*s1) == tolower(*s2) @@ -393,296 +484,52 @@ int strslashcmp(const char *s1, const char *s2) s1++; s2++; } - return *s1-*s2; -} - -/* - * general smb utility functions - */ -/**************************************************************************** -Set DOS file attributes -***************************************************************************/ -static int do_setrattr(char *fname, int attr, int setit) -{ - /* - * First get the existing attribs from existing file + /* if s1 has a trailing slash, it compared equal, so s1 is an "initial" + string of s2. */ - char *inbuf,*outbuf; - char *p; - pstring name; - int fattr; - - strcpy(name,fname); - strcpy(fname,"\\"); - strcat(fname,name); - - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return False; - } - - /* send an smb getatr message */ - - memset(outbuf,0,smb_size); - set_message(outbuf,0,2 + strlen(fname),True); - CVAL(outbuf,smb_com) = SMBgetatr; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,fname); - p += (strlen(fname)+1); - - *p++ = 4; - *p++ = 0; - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - DEBUG(5,("getatr: %s\n",smb_errstr(inbuf))); - else - { - DEBUG(5,("\nattr 0x%X time %d size %d\n", - (int)CVAL(inbuf,smb_vwv0), - SVAL(inbuf,smb_vwv1), - SVAL(inbuf,smb_vwv3))); - } - - fattr=CVAL(inbuf,smb_vwv0); - - /* combine found attributes with bits to be set or reset */ - - attr=setit ? (fattr | attr) : (fattr & ~attr); - - /* now try and set attributes by sending smb reset message */ - - /* clear out buffer and start again */ - memset(outbuf,0,smb_size); - set_message(outbuf,8,4 + strlen(fname),True); - CVAL(outbuf,smb_com) = SMBsetatr; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); + if (!*s1 && s1 != s1_0 && (*(s1-1) == '/' || *(s1-1) == '\\')) return 0; - SSVAL(outbuf,smb_vwv0,attr); + /* ignore trailing slash on s1 */ + if (!*s2 && (*s1 == '/' || *s1 == '\\') && !*(s1+1)) return 0; - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,fname); - p += (strlen(fname)+1); - - *p++ = 4; - *p++ = 0; - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s setting attributes on file %s\n", - smb_errstr(inbuf), fname)); - free(inbuf);free(outbuf); - return(False); - } - - free(inbuf);free(outbuf); - return(True); -} + /* check for s1 is an "initial" string of s2 */ + if (*s2 == '/' || *s2 == '\\') return 0; -/**************************************************************************** -Create a file on a share -***************************************************************************/ -static BOOL smbcreat(file_info finfo, int *fnum, char *inbuf, char *outbuf) -{ - char *p; - /* *must* be called with buffer ready malloc'ed */ - /* open remote file */ - - memset(outbuf,0,smb_size); - set_message(outbuf,3,2 + strlen(finfo.name),True); - CVAL(outbuf,smb_com) = SMBcreate; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,finfo.mode); - put_dos_date3(outbuf,smb_vwv1,finfo.mtime); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,finfo.name); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf), - finfo.name)); - return 0; - } - - *fnum = SVAL(inbuf,smb_vwv0); - return True; + return *s1-*s2; } -/**************************************************************************** -Write a file to a share -***************************************************************************/ -static BOOL smbwrite(int fnum, int n, int low, int high, int left, - char *bufferp, char *inbuf, char *outbuf) -{ - /* *must* be called with buffer ready malloc'ed */ - - memset(outbuf,0,smb_size); - set_message(outbuf,5,n + 3,True); - - memcpy(smb_buf(outbuf)+3, bufferp, n); - - set_message(outbuf,5,n + 3, False); - CVAL(outbuf,smb_com) = SMBwrite; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SSVAL(outbuf,smb_vwv1,n); - SIVAL(outbuf,smb_vwv2,low); - SSVAL(outbuf,smb_vwv4,left); - CVAL(smb_buf(outbuf),0) = 1; - SSVAL(smb_buf(outbuf),1,n); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s writing remote file\n",smb_errstr(inbuf))); - return False; - } - - if (n != SVAL(inbuf,smb_vwv0)) - { - DEBUG(0,("Error: only wrote %d bytes out of %d\n", - SVAL(inbuf,smb_vwv0), n)); - return False; - } - - return True; -} /**************************************************************************** -Close a file on a share +Ensure a remote path exists (make if necessary) ***************************************************************************/ -static BOOL smbshut(file_info finfo, int fnum, char *inbuf, char *outbuf) +static BOOL ensurepath(char *fname) { /* *must* be called with buffer ready malloc'ed */ + /* ensures path exists */ - memset(outbuf,0,smb_size); - set_message(outbuf,3,0,True); - CVAL(outbuf,smb_com) = SMBclose; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - put_dos_date3(outbuf,smb_vwv1,finfo.mtime); - - DEBUG(3,("Setting date to %s (0x%X)", - asctime(LocalTime(&finfo.mtime,GMT_TO_LOCAL)), - finfo.mtime)); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s closing remote file %s\n",smb_errstr(inbuf), - finfo.name)); - return False; - } - - return True; -} - -/**************************************************************************** -Verify existence of path on share -***************************************************************************/ -static BOOL smbchkpath(char *fname, char *inbuf, char *outbuf) -{ - char *p; - - memset(outbuf,0,smb_size); - set_message(outbuf,0,4 + strlen(fname),True); - CVAL(outbuf,smb_com) = SMBchkpth; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,fname); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - DEBUG(5,("smbchkpath: %s\n",smb_errstr(inbuf))); - - return(CVAL(inbuf,smb_rcls) == 0); -} + char *partpath, *ffname; + char *p=fname, *basehack; -/**************************************************************************** -Make a directory on share -***************************************************************************/ -static BOOL smbmkdir(char *fname, char *inbuf, char *outbuf) -{ - /* *must* be called with buffer ready malloc'ed */ - char *p; + DEBUG(5, ( "Ensurepath called with: %s\n", fname)); - memset(outbuf,0,smb_size); - set_message(outbuf,0,2 + strlen(fname),True); - - CVAL(outbuf,smb_com) = SMBmkdir; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - p = smb_buf(outbuf); - *p++ = 4; - strcpy(p,fname); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("%s making remote directory %s\n", - smb_errstr(inbuf),fname)); - return(False); - } + partpath = string_create_s(strlen(fname)); + ffname = string_create_s(strlen(fname)); - return(True); -} + if ((partpath == NULL) || (ffname == NULL)){ -/**************************************************************************** -Ensure a remote path exists (make if necessary) -***************************************************************************/ -static BOOL ensurepath(char *fname, char *inbuf, char *outbuf) -{ - /* *must* be called with buffer ready malloc'ed */ - /* ensures path exists */ + DEBUG(0, ("Out of memory in ensurepath: %s\n", fname)); + return(False); - pstring partpath, ffname; - char *p=fname, *basehack; + } *partpath = 0; /* fname copied to ffname so can strtok */ - strcpy(ffname, fname); + safe_strcpy(ffname, fname, strlen(fname)); /* do a `basename' on ffname, so don't try and make file name directory */ - if ((basehack=strrchr(ffname, '\\')) == NULL) + if ((basehack=strrchr_m(ffname, '\\')) == NULL) return True; else *basehack='\0'; @@ -691,10 +538,10 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf) while (p) { - strcat(partpath, p); + safe_strcat(partpath, p, strlen(fname) + 1); - if (!smbchkpath(partpath, inbuf, outbuf)) { - if (!smbmkdir(partpath, inbuf, outbuf)) + if (!cli_chkpath(cli, partpath)) { + if (!cli_mkdir(cli, partpath)) { DEBUG(0, ("Error mkdirhiering\n")); return False; @@ -704,16 +551,48 @@ static BOOL ensurepath(char *fname, char *inbuf, char *outbuf) } - strcat(partpath, "\\"); + safe_strcat(partpath, "\\", strlen(fname) + 1); p = strtok(NULL,"/\\"); } return True; } -/* - * smbclient functions - */ +static int padit(char *buf, int bufsize, int padsize) +{ + int berr= 0; + int bytestowrite; + + DEBUG(5, ("Padding with %d zeros\n", padsize)); + memset(buf, 0, bufsize); + while( !berr && padsize > 0 ) { + bytestowrite= MIN(bufsize, padsize); + berr = dotarbuf(tarhandle, buf, bytestowrite) != bytestowrite; + padsize -= bytestowrite; + } + + return berr; +} + + +static void do_setrattr(char *name, uint16 attr, int set) +{ + uint16 oldattr; + + if (!cli_getatr(cli, name, &oldattr, NULL, NULL)) return; + + if (set == ATTRSET) { + attr |= oldattr; + } else { + attr = oldattr & ~attr; + } + + if (!cli_setatr(cli, name, attr, 0)) { + DEBUG(1,("setatr failed: %s\n", cli_errstr(cli))); + } +} + + /**************************************************************************** append one remote file to the tar file ***************************************************************************/ @@ -721,356 +600,154 @@ static void do_atar(char *rname,char *lname,file_info *finfo1) { int fnum; uint32 nread=0; - char *p; - char *inbuf,*outbuf; - file_info finfo; + char ftype; + file_info2 finfo; BOOL close_done = False; BOOL shallitime=True; - BOOL ignore_close_error = False; - char *dataptr=NULL; + char data[65520]; + int read_size = 65520; int datalen=0; struct timeval tp_start; GetTimeOfDay(&tp_start); - if (finfo1) - finfo = *finfo1; - else - finfo = def_finfo; + ftype = '0'; /* An ordinary file ... */ - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + if (finfo1) { + finfo.size = finfo1 -> size; + finfo.mode = finfo1 -> mode; + finfo.uid = finfo1 -> uid; + finfo.gid = finfo1 -> gid; + finfo.mtime = finfo1 -> mtime; + finfo.atime = finfo1 -> atime; + finfo.ctime = finfo1 -> ctime; + } + else { + finfo.size = def_finfo.size; + finfo.mode = def_finfo.mode; + finfo.uid = def_finfo.uid; + finfo.gid = def_finfo.gid; + finfo.mtime = def_finfo.mtime; + finfo.atime = def_finfo.atime; + finfo.ctime = def_finfo.ctime; + } - if (!inbuf || !outbuf) + if (dry_run) { - DEBUG(0,("out of memory\n")); + DEBUG(3,("skipping file %s of size %d bytes\n", + finfo.name, + (int)finfo.size)); + shallitime=0; + ttarf+=finfo.size + TBLOCK - (finfo.size % TBLOCK); + ntarf++; return; } - memset(outbuf,0,smb_size); - set_message(outbuf,15,1 + strlen(rname),True); - - CVAL(outbuf,smb_com) = SMBopenX; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,0xFF); - SSVAL(outbuf,smb_vwv2,1); - SSVAL(outbuf,smb_vwv3,(DENY_NONE<<4)); - SSVAL(outbuf,smb_vwv4,aSYSTEM | aHIDDEN); - SSVAL(outbuf,smb_vwv5,aSYSTEM | aHIDDEN); - SSVAL(outbuf,smb_vwv8,1); - - p = smb_buf(outbuf); - strcpy(p,rname); - p = skip_string(p,1); + fnum = cli_open(cli, rname, O_RDONLY, DENY_NONE); dos_clean_name(rname); - /* do a chained openX with a readX? */ - if (finfo.size > 0) - { - SSVAL(outbuf,smb_vwv0,SMBreadX); - SSVAL(outbuf,smb_vwv1,PTR_DIFF(p,outbuf) - 4); - memset(p,0,200); - p -= smb_wct; - SSVAL(p,smb_wct,10); - SSVAL(p,smb_vwv0,0xFF); - SSVAL(p,smb_vwv5,MIN(max_xmit-500,finfo.size)); - SSVAL(p,smb_vwv9,MIN(0xFFFF,finfo.size)); - smb_setlen(outbuf,smb_len(outbuf)+11*2+1); - } - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - if (CVAL(inbuf,smb_rcls) == ERRSRV && - SVAL(inbuf,smb_err) == ERRnoresource && - reopen_connection(inbuf,outbuf)) - { - do_atar(rname,lname,finfo1); - free(inbuf);free(outbuf); + if (fnum == -1) { + DEBUG(0,("%s opening remote file %s (%s)\n", + cli_errstr(cli),rname, cur_dir)); return; - } + } - DEBUG(0,("%s opening remote file %s\n",smb_errstr(inbuf),rname)); - free(inbuf);free(outbuf); - return; - } + finfo.name = string_create_s(strlen(rname)); + if (finfo.name == NULL) { + DEBUG(0, ("Unable to allocate space for finfo.name in do_atar\n")); + return; + } - strcpy(finfo.name,rname); - if (!finfo1) - { - finfo.mode = SVAL(inbuf,smb_vwv3); - finfo.size = IVAL(inbuf,smb_vwv4); - finfo.mtime = make_unix_date3(inbuf+smb_vwv6); - finfo.atime = finfo.ctime = finfo.mtime; - } + safe_strcpy(finfo.name,rname, strlen(rname)); + if (!finfo1) { + if (!cli_getattrE(cli, fnum, &finfo.mode, &finfo.size, NULL, &finfo.atime, &finfo.mtime)) { + DEBUG(0, ("getattrE: %s\n", cli_errstr(cli))); + return; + } + finfo.ctime = finfo.mtime; + } DEBUG(3,("file %s attrib 0x%X\n",finfo.name,finfo.mode)); - fnum = SVAL(inbuf,smb_vwv2); - if (tar_inc && !(finfo.mode & aARCH)) { DEBUG(4, ("skipping %s - archive bit not set\n", finfo.name)); shallitime=0; } + else if (!tar_system && (finfo.mode & aSYSTEM)) + { + DEBUG(4, ("skipping %s - system bit is set\n", finfo.name)); + shallitime=0; + } + else if (!tar_hidden && (finfo.mode & aHIDDEN)) + { + DEBUG(4, ("skipping %s - hidden bit is set\n", finfo.name)); + shallitime=0; + } else { - if (SVAL(inbuf,smb_vwv0) == SMBreadX) - { - p = (inbuf+4+SVAL(inbuf,smb_vwv1)) - smb_wct; - datalen = SVAL(p,smb_vwv5); - dataptr = inbuf + 4 + SVAL(p,smb_vwv6); - } - else - { - dataptr = NULL; - datalen = 0; - } - - DEBUG(2,("getting file %s of size %d bytes as a tar file %s", + DEBUG(3,("getting file %s of size %d bytes as a tar file %s", finfo.name, - finfo.size, + (int)finfo.size, lname)); /* write a tar header, don't bother with mode - just set to 100644 */ - writetarheader(tarhandle, rname, finfo.size, finfo.mtime, "100644 \0"); - - while (nread < finfo.size && !close_done) - { - int method = -1; - static BOOL can_chain_close=True; - - p=NULL; - - DEBUG(3,("nread=%d\n",nread)); - - /* 3 possible read types. readbraw if a large block is required. - readX + close if not much left and read if neither is supported */ + writetarheader(tarhandle, rname, finfo.size, finfo.mtime, "100644 \0", ftype); - /* we might have already read some data from a chained readX */ - if (dataptr && datalen>0) - method=3; - - /* if we can finish now then readX+close */ - if (method<0 && can_chain_close && (Protocol >= PROTOCOL_LANMAN1) && - ((finfo.size - nread) < - (max_xmit - (2*smb_size + 13*SIZEOFWORD + 300)))) - method = 0; - - /* if we support readraw then use that */ - if (method<0 && readbraw_supported) - method = 1; - - /* if we can then use readX */ - if (method<0 && (Protocol >= PROTOCOL_LANMAN1)) - method = 2; - - - switch (method) - { - /* use readX */ - case 0: - case 2: - if (method == 0) - close_done = True; - - /* use readX + close */ - memset(outbuf,0,smb_size); - set_message(outbuf,10,0,True); - CVAL(outbuf,smb_com) = SMBreadX; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - if (close_done) - { - CVAL(outbuf,smb_vwv0) = SMBclose; - SSVAL(outbuf,smb_vwv1,PTR_DIFF(smb_buf(outbuf),outbuf) - 4); - } - else - CVAL(outbuf,smb_vwv0) = 0xFF; - - - SSVAL(outbuf,smb_vwv2,fnum); - SIVAL(outbuf,smb_vwv3,nread); - SSVAL(outbuf,smb_vwv5,MIN(max_xmit-200,finfo.size - nread)); - SSVAL(outbuf,smb_vwv6,0); - SIVAL(outbuf,smb_vwv7,0); - SSVAL(outbuf,smb_vwv9,MIN(0xFFFF,finfo.size-nread)); + while (nread < finfo.size && !close_done) { - if (close_done) - { - p = smb_buf(outbuf); - memset(p,0,9); - - CVAL(p,0) = 3; - SSVAL(p,1,fnum); - SIVALS(p,3,-1); - - /* now set the total packet length */ - smb_setlen(outbuf,smb_len(outbuf)+9); - } - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf))); - break; - } + DEBUG(3,("nread=%d\n",nread)); - if (close_done && - SVAL(inbuf,smb_vwv0) != SMBclose) - { - /* NOTE: WfWg sometimes just ignores the chained - command! This seems to break the spec? */ - DEBUG(3,("Rejected chained close?\n")); - close_done = False; - can_chain_close = False; - ignore_close_error = True; - } - - datalen = SVAL(inbuf,smb_vwv5); - dataptr = inbuf + 4 + SVAL(inbuf,smb_vwv6); - break; + datalen = cli_read(cli, fnum, data, nread, read_size); + if (datalen == -1) { + DEBUG(0,("Error reading file %s : %s\n", rname, cli_errstr(cli))); + break; + } - /* use readbraw */ - case 1: - { - static int readbraw_size = 0xFFFF; - - extern int Client; - memset(outbuf,0,smb_size); - set_message(outbuf,8,0,True); - CVAL(outbuf,smb_com) = SMBreadbraw; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - SSVAL(outbuf,smb_vwv0,fnum); - SIVAL(outbuf,smb_vwv1,nread); - SSVAL(outbuf,smb_vwv3,MIN(finfo.size-nread,readbraw_size)); - SSVAL(outbuf,smb_vwv4,0); - SIVALS(outbuf,smb_vwv5,-1); - send_smb(Client,outbuf); - - /* Now read the raw data into the buffer and write it */ - if(read_smb_length(Client,inbuf,0) == -1) { - DEBUG(0,("Failed to read length in readbraw\n")); - exit(1); - } - - /* Even though this is not an smb message, smb_len - returns the generic length of an smb message */ - datalen = smb_len(inbuf); - - if (datalen == 0) - { - /* we got a readbraw error */ - DEBUG(4,("readbraw error - reducing size\n")); - readbraw_size = (readbraw_size * 9) / 10; - - if (readbraw_size < max_xmit) - { - DEBUG(0,("disabling readbraw\n")); - readbraw_supported = False; - } - - dataptr=NULL; - continue; + nread += datalen; + + /* if file size has increased since we made file size query, truncate + read so tar header for this file will be correct. + */ + + if (nread > finfo.size) { + datalen -= nread - finfo.size; + DEBUG(0,("File size change - truncating %s to %d bytes\n", finfo.name, (int)finfo.size)); } - if(read_data(Client,inbuf,datalen) != datalen) { - DEBUG(0,("Failed to read data in readbraw\n")); - exit(1); - } - dataptr = inbuf; + /* add received bits of file to buffer - dotarbuf will + * write out in 512 byte intervals */ + if (dotarbuf(tarhandle,data,datalen) != datalen) { + DEBUG(0,("Error writing to tar file - %s\n", strerror(errno))); + break; } - break; - - case 3: - /* we've already read some data with a chained readX */ - break; - - default: - /* use plain read */ - memset(outbuf,0,smb_size); - set_message(outbuf,5,0,True); - CVAL(outbuf,smb_com) = SMBread; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SSVAL(outbuf,smb_vwv1,MIN(max_xmit-200,finfo.size - nread)); - SIVAL(outbuf,smb_vwv2,nread); - SSVAL(outbuf,smb_vwv4,finfo.size - nread); - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("Error %s reading remote file\n",smb_errstr(inbuf))); - break; - } - - datalen = SVAL(inbuf,smb_vwv0); - dataptr = smb_buf(inbuf) + 3; - break; - } - - - /* add received bits of file to buffer - dotarbuf will - * write out in 512 byte intervals */ - if (dotarbuf(tarhandle,dataptr,datalen) != datalen) - { - DEBUG(0,("Error writing local file\n")); - break; - } - - nread += datalen; - if (datalen == 0) - { - DEBUG(0,("Error reading file %s. Got 0 bytes\n", rname)); - break; - } - - dataptr=NULL; - datalen=0; - } - + if (datalen == 0) { + DEBUG(0,("Error reading file %s. Got 0 bytes\n", rname)); + break; + } + + datalen=0; + } + + /* pad tar file with zero's if we couldn't get entire file */ + if (nread < finfo.size) { + DEBUG(0, ("Didn't get entire file. size=%d, nread=%d\n", (int)finfo.size, (int)nread)); + if (padit(data, sizeof(data), finfo.size - nread)) + DEBUG(0,("Error writing tar file - %s\n", strerror(errno))); + } + /* round tar file to nearest block */ if (finfo.size % TBLOCK) dozerobuf(tarhandle, TBLOCK - (finfo.size % TBLOCK)); + ttarf+=finfo.size + TBLOCK - (finfo.size % TBLOCK); ntarf++; } - if (!close_done) - { - memset(outbuf,0,smb_size); - set_message(outbuf,3,0,True); - CVAL(outbuf,smb_com) = SMBclose; - SSVAL(outbuf,smb_tid,cnum); - setup_pkt(outbuf); - - SSVAL(outbuf,smb_vwv0,fnum); - SIVALS(outbuf,smb_vwv1,-1); - - send_smb(Client,outbuf); - receive_smb(Client,inbuf,CLIENT_TIMEOUT); - - if (!ignore_close_error && CVAL(inbuf,smb_rcls) != 0) - { - DEBUG(0,("Error %s closing remote file\n",smb_errstr(inbuf))); - free(inbuf);free(outbuf); - return; - } - } + cli_close(cli, fnum); if (shallitime) { @@ -1078,7 +755,8 @@ static void do_atar(char *rname,char *lname,file_info *finfo1) int this_time; /* if shallitime is true then we didn't skip */ - if (tar_reset) (void) do_setrattr(finfo.name, aARCH, ATTRRESET); + if (tar_reset && !dry_run) + (void) do_setrattr(finfo.name, aARCH, ATTRRESET); GetTimeOfDay(&tp_end); this_time = @@ -1087,13 +765,18 @@ static void do_atar(char *rname,char *lname,file_info *finfo1) get_total_time_ms += this_time; get_total_size += finfo.size; + if (tar_noisy) + { + DEBUG(0, ("%10d (%7.1f kb/s) %s\n", + (int)finfo.size, finfo.size / MAX(0.001, (1.024*this_time)), + finfo.name)); + } + /* Thanks to Carel-Jan Engel (ease@mail.wirehub.nl) for this one */ - DEBUG(2,("(%g kb/s) (average %g kb/s)\n", + DEBUG(3,("(%g kb/s) (average %g kb/s)\n", finfo.size / MAX(0.001, (1.024*this_time)), get_total_size / MAX(0.001, (1.024*get_total_time_ms)))); } - - free(inbuf);free(outbuf); } /**************************************************************************** @@ -1103,25 +786,29 @@ static void do_tar(file_info *finfo) { pstring rname; - if (strequal(finfo->name,".") || strequal(finfo->name,"..")) + if (strequal(finfo->name,"..") || strequal(finfo->name,".")) return; /* Is it on the exclude list ? */ if (!tar_excl && clipn) { pstring exclaim; - strcpy(exclaim, cur_dir); + DEBUG(5, ("Excl: strlen(cur_dir) = %d\n", (int)strlen(cur_dir))); + + safe_strcpy(exclaim, cur_dir, sizeof(pstring)); *(exclaim+strlen(exclaim)-1)='\0'; - if (clipfind(cliplist, clipn, exclaim)) { - DEBUG(3,("Skipping directory %s\n", exclaim)); - return; - } + safe_strcat(exclaim, "\\", sizeof(pstring)); + safe_strcat(exclaim, finfo->name, sizeof(exclaim)); - strcat(exclaim, "\\"); - strcat(exclaim, finfo->name); + DEBUG(5, ("...tar_re_search: %d\n", tar_re_search)); - if (clipfind(cliplist, clipn, exclaim)) { + if ((!tar_re_search && clipfind(cliplist, clipn, exclaim)) || +#ifdef HAVE_REGEX_H + (tar_re_search && !regexec(preg, exclaim, 0, NULL, 0))) { +#else + (tar_re_search && mask_match(exclaim, cliplist[0], True))) { +#endif DEBUG(3,("Skipping file %s\n", exclaim)); return; } @@ -1131,36 +818,33 @@ static void do_tar(file_info *finfo) { pstring saved_curdir; pstring mtar_mask; - char *inbuf,*outbuf; - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); + safe_strcpy(saved_curdir, cur_dir, sizeof(saved_curdir)); - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); - return; - } + DEBUG(5, ("Sizeof(cur_dir)=%d, strlen(cur_dir)=%d, strlen(finfo->name)=%d\nname=%s,cur_dir=%s\n", (int)sizeof(cur_dir), (int)strlen(cur_dir), (int)strlen(finfo->name), finfo->name, cur_dir)); - strcpy(saved_curdir,cur_dir); + safe_strcat(cur_dir,finfo->name, sizeof(cur_dir)); + safe_strcat(cur_dir,"\\", sizeof(cur_dir)); - strcat(cur_dir,finfo->name); - strcat(cur_dir,"\\"); + DEBUG(5, ("Writing a dir, Name = %s\n", cur_dir)); /* write a tar directory, don't bother with mode - just set it to * 40755 */ - writetarheader(tarhandle, cur_dir, 0, finfo->mtime, "040755 \0"); - strcpy(mtar_mask,cur_dir); - strcat(mtar_mask,"*"); - - do_dir((char *)inbuf,(char *)outbuf,mtar_mask,attribute,do_tar,recurse); - strcpy(cur_dir,saved_curdir); - free(inbuf);free(outbuf); + writetarheader(tarhandle, cur_dir, 0, finfo->mtime, "040755 \0", '5'); + if (tar_noisy) { + DEBUG(0,(" directory %s\n", cur_dir)); + } + ntarf++; /* Make sure we have a file on there */ + safe_strcpy(mtar_mask,cur_dir, sizeof(pstring)); + safe_strcat(mtar_mask,"*", sizeof(pstring)); + DEBUG(5, ("Doing list with mtar_mask: %s\n", mtar_mask)); + do_list(mtar_mask, attribute, do_tar, False, True); + safe_strcpy(cur_dir,saved_curdir, sizeof(pstring)); } else { - strcpy(rname,cur_dir); - strcat(rname,finfo->name); + safe_strcpy(rname,cur_dir, sizeof(pstring)); + safe_strcat(rname,finfo->name, sizeof(pstring)); do_atar(rname,finfo->name,finfo); } } @@ -1168,227 +852,423 @@ static void do_tar(file_info *finfo) /**************************************************************************** Convert from UNIX to DOS file names ***************************************************************************/ -static void unfixtarname(char *tptr, char *fp, int l) +static void unfixtarname(char *tptr, char *fp, int l, BOOL first) { - /* remove '.' from start of file name, convert from unix /'s to - * dos \'s in path. Kill any absolute path names. - */ + /* remove '.' from start of file name, convert from unix /'s to + * dos \'s in path. Kill any absolute path names. But only if first! + */ - if (*fp == '.') fp++; - if (*fp == '\\' || *fp == '/') fp++; - -#ifdef KANJI - while (l > 0) { - if (is_shift_jis (*fp)) { - *tptr++ = *fp++; - *tptr++ = *fp++; - l -= 2; - } else if (is_kana (*fp)) { - *tptr++ = *fp++; - l--; - } else if (*fp == '/') { - *tptr++ = '\\'; - fp++; - l--; - } else { - *tptr++ = *fp++; - l--; + DEBUG(5, ("firstb=%lX, secondb=%lX, len=%i\n", (long)tptr, (long)fp, l)); + + if (first) { + if (*fp == '.') { + fp++; + l--; + } + if (*fp == '\\' || *fp == '/') { + fp++; + l--; + } + } + + safe_strcpy(tptr, fp, l); + string_replace(tptr, '/', '\\'); +} + + +/**************************************************************************** +Move to the next block in the buffer, which may mean read in another set of +blocks. FIXME, we should allow more than one block to be skipped. +****************************************************************************/ +static int next_block(char *ltarbuf, char **bufferp, int bufsiz) +{ + int bufread, total = 0; + + DEBUG(5, ("Advancing to next block: %0lx\n", (unsigned long)*bufferp)); + *bufferp += TBLOCK; + total = TBLOCK; + + if (*bufferp >= (ltarbuf + bufsiz)) { + + DEBUG(5, ("Reading more data into ltarbuf ...\n")); + + /* + * Bugfix from Bob Boehmer + * Fixes bug where read can return short if coming from + * a pipe. + */ + + bufread = read(tarhandle, ltarbuf, bufsiz); + total = bufread; + + while (total < bufsiz) { + if (bufread < 0) { /* An error, return false */ + return (total > 0 ? -2 : bufread); + } + if (bufread == 0) { + if (total <= 0) { + return -2; + } + break; + } + bufread = read(tarhandle, <arbuf[total], bufsiz - total); + total += bufread; } + + DEBUG(5, ("Total bytes read ... %i\n", total)); + + *bufferp = ltarbuf; + } -#else - while (l--) { *tptr=(*fp == '/') ? '\\' : *fp; tptr++; fp++; } -#endif + + return(total); + } -static void do_tarput() +/* Skip a file, even if it includes a long file name? */ +static int skip_file(int skipsize) { - file_info finfo; - int nread=0, bufread; - char *inbuf,*outbuf; - int fsize=0; - int fnum; + int dsize = skipsize; + + DEBUG(5, ("Skiping file. Size = %i\n", skipsize)); + + /* FIXME, we should skip more than one block at a time */ + + while (dsize > 0) { + + if (next_block(tarbuf, &buffer_p, tbufsiz) <= 0) { + + DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno))); + return(False); + + } + + dsize -= TBLOCK; + + } + + return(True); +} + +/************************************************************* + Get a file from the tar file and store it. + When this is called, tarbuf already contains the first + file block. This is a bit broken & needs fixing. +**************************************************************/ + +static int get_file(file_info2 finfo) +{ + int fnum = -1, pos = 0, dsize = 0, rsize = 0, bpos = 0; + + DEBUG(5, ("get_file: file: %s, size %i\n", finfo.name, (int)finfo.size)); + + if (ensurepath(finfo.name) && + (fnum=cli_open(cli, finfo.name, O_RDWR|O_CREAT|O_TRUNC, DENY_NONE)) == -1) { + DEBUG(0, ("abandoning restore\n")); + return(False); + } + + /* read the blocks from the tar file and write to the remote file */ + + rsize = finfo.size; /* This is how much to write */ + + while (rsize > 0) { + + /* We can only write up to the end of the buffer */ + + dsize = MIN(tbufsiz - (buffer_p - tarbuf) - bpos, 65520); /* Calculate the size to write */ + dsize = MIN(dsize, rsize); /* Should be only what is left */ + DEBUG(5, ("writing %i bytes, bpos = %i ...\n", dsize, bpos)); + + if (cli_write(cli, fnum, 0, buffer_p + bpos, pos, dsize) != dsize) { + DEBUG(0, ("Error writing remote file\n")); + return 0; + } + + rsize -= dsize; + pos += dsize; + + /* Now figure out how much to move in the buffer */ + + /* FIXME, we should skip more than one block at a time */ + + /* First, skip any initial part of the part written that is left over */ + /* from the end of the first TBLOCK */ + + if ((bpos) && ((bpos + dsize) >= TBLOCK)) { + + dsize -= (TBLOCK - bpos); /* Get rid of the end of the first block */ + bpos = 0; + + if (next_block(tarbuf, &buffer_p, tbufsiz) <=0) { /* and skip the block */ + DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno))); + return False; + + } + + } + + /* + * Bugfix from Bob Boehmer . + * If the file being extracted is an exact multiple of + * TBLOCK bytes then we don't want to extract the next + * block from the tarfile here, as it will be done in + * the caller of get_file(). + */ + + while (((rsize != 0) && (dsize >= TBLOCK)) || + ((rsize == 0) && (dsize > TBLOCK))) { + + if (next_block(tarbuf, &buffer_p, tbufsiz) <=0) { + DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno))); + return False; + } + + dsize -= TBLOCK; + } + + bpos = dsize; + + } + + /* Now close the file ... */ + + if (!cli_close(cli, fnum)) { + DEBUG(0, ("Error closing remote file\n")); + return(False); + } + + /* Now we update the creation date ... */ + + DEBUG(5, ("Updating creation date on %s\n", finfo.name)); + + if (!cli_setatr(cli, finfo.name, finfo.mode, finfo.mtime)) { + if (tar_real_noisy) { + DEBUG(0, ("Could not set time on file: %s\n", finfo.name)); + /*return(False); */ /* Ignore, as Win95 does not allow changes */ + } + } + + ntarf++; + + DEBUG(0, ("restore tar file %s of size %d bytes\n", finfo.name, (int)finfo.size)); + + return(True); +} + +/* Create a directory. We just ensure that the path exists and return as there + is no file associated with a directory +*/ +static int get_dir(file_info2 finfo) +{ + + DEBUG(0, ("restore directory %s\n", finfo.name)); + + if (!ensurepath(finfo.name)) { + + DEBUG(0, ("Problems creating directory\n")); + return(False); + + } + + ntarf++; + return(True); + +} +/* Get a file with a long file name ... first file has file name, next file + has the data. We only want the long file name, as the loop in do_tarput + will deal with the rest. +*/ +static char * get_longfilename(file_info2 finfo) +{ + int namesize = finfo.size + strlen(cur_dir) + 2; + char *longname = malloc(namesize); + int offset = 0, left = finfo.size; + BOOL first = True; + + DEBUG(5, ("Restoring a long file name: %s\n", finfo.name)); + DEBUG(5, ("Len = %d\n", (int)finfo.size)); + + if (longname == NULL) { + + DEBUG(0, ("could not allocate buffer of size %d for longname\n", + (int)(finfo.size + strlen(cur_dir) + 2))); + return(NULL); + } + + /* First, add cur_dir to the long file name */ + + if (strlen(cur_dir) > 0) { + strncpy(longname, cur_dir, namesize); + offset = strlen(cur_dir); + } + + /* Loop through the blocks picking up the name */ + + while (left > 0) { + + if (next_block(tarbuf, &buffer_p, tbufsiz) <= 0) { + + DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno))); + return(NULL); + + } + + unfixtarname(longname + offset, buffer_p, MIN(TBLOCK, finfo.size), first--); + DEBUG(5, ("UnfixedName: %s, buffer: %s\n", longname, buffer_p)); + + offset += TBLOCK; + left -= TBLOCK; + + } + + return(longname); + +} + +static void do_tarput(void) +{ + file_info2 finfo; struct timeval tp_start; - BOOL tskip=False; /* We'll take each file as it comes */ + char *longfilename = NULL, linkflag; + int skip = False; GetTimeOfDay(&tp_start); - - inbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - outbuf = (char *)malloc(BUFFER_SIZE + SAFETY_MARGIN); - - if (!inbuf || !outbuf) - { - DEBUG(0,("out of memory\n")); + + DEBUG(5, ("RJS do_tarput called ...\n")); + + buffer_p = tarbuf + tbufsiz; /* init this to force first read */ + + /* Now read through those files ... */ + + while (True) { + + /* Get us to the next block, or the first block first time around */ + + if (next_block(tarbuf, &buffer_p, tbufsiz) <= 0) { + + DEBUG(0, ("Empty file, short tar file, or read error: %s\n", strerror(errno))); + return; + } - - /* - * Must read in tbufsiz dollops - */ - /* These should be the only reads in clitar.c */ - while ((bufread=read(tarhandle, tarbuf, tbufsiz))>0) { - char *bufferp, *endofbuffer; - int chunk; + DEBUG(5, ("Reading the next header ...\n")); - /* Code to handle a short read. - * We always need a TBLOCK full of stuff - */ - if (bufread % TBLOCK) { - int lchunk=TBLOCK-(bufread % TBLOCK); - int lread; + switch (readtarheader((union hblock *) buffer_p, &finfo, cur_dir)) { - /* It's a shorty - a short read that is */ - DEBUG(3, ("Short read, read %d so far (need %d)\n", bufread, lchunk)); + case -2: /* Hmm, not good, but not fatal */ + DEBUG(0, ("Skipping %s...\n", finfo.name)); + if ((next_block(tarbuf, &buffer_p, tbufsiz) <= 0) && + !skip_file(finfo.size)) { + + DEBUG(0, ("Short file, bailing out...\n")); + return; - while ((lread=read(tarhandle, tarbuf+bufread, lchunk))>0) { - bufread+=lread; - if (!(lchunk-=lread)) break; } - /* If we've reached EOF then that must be a short file */ - if (lread<=0) break; + break; + + case -1: + DEBUG(0, ("abandoning restore, -1 from read tar header\n")); + return; + + case 0: /* chksum is zero - looks like an EOF */ + DEBUG(0, ("tar: restored %d files and directories\n", ntarf)); + return; /* Hmmm, bad here ... */ + + default: + /* No action */ + + break; + } - bufferp=tarbuf; - endofbuffer=tarbuf+bufread; + /* Now, do we have a long file name? */ + + if (longfilename != NULL) { + + SAFE_FREE(finfo.name); /* Free the space already allocated */ + finfo.name = longfilename; + longfilename = NULL; - if (tskip) { - if (fsize= endofbuffer) break; - } /* if (!fsize) */ - - /* write out the file in chunk sized chunks - don't - * go past end of buffer though */ - chunk=(fsize-nread < endofbuffer - bufferp) - ? fsize - nread : endofbuffer - bufferp; - - while (chunk > 0) { - int minichunk=MIN(chunk, max_xmit-200); - - if (!smbwrite(fnum, /* file descriptor */ - minichunk, /* n */ - nread, /* offset low */ - 0, /* offset high - not implemented */ - fsize-nread, /* left - only hint to server */ - bufferp, - inbuf, - outbuf)) - { - DEBUG(0, ("Error writing remote file\n")); - free(inbuf); free(outbuf); - return; - } - DEBUG(5, ("chunk writing fname=%s fnum=%d nread=%d minichunk=%d chunk=%d size=%d\n", finfo.name, fnum, nread, minichunk, chunk, fsize)); - - bufferp+=minichunk; nread+=minichunk; - chunk-=minichunk; + /* Should we skip the file? We have the long name as well here */ + + skip = clipn && + ((!tar_re_search && clipfind(cliplist, clipn, finfo.name) ^ tar_excl) +#ifdef HAVE_REGEX_H + || (tar_re_search && !regexec(preg, finfo.name, 0, NULL, 0))); +#else + || (tar_re_search && mask_match(finfo.name, cliplist[0], True))); +#endif + + DEBUG(5, ("Skip = %i, cliplist=%s, file=%s\n", skip, (cliplist?cliplist[0]:NULL), finfo.name)); + + if (skip) { + + skip_file(finfo.size); + continue; + + } + + /* We only get this far if we should process the file */ + linkflag = ((union hblock *)buffer_p) -> dbuf.linkflag; + + switch (linkflag) { + + case '0': /* Should use symbolic names--FIXME */ + + /* + * Skip to the next block first, so we can get the file, FIXME, should + * be in get_file ... + * The 'finfo.size != 0' fix is from Bob Boehmer + * Fixes bug where file size in tarfile is zero. + */ + + if ((finfo.size != 0) && next_block(tarbuf, &buffer_p, tbufsiz) <=0) { + DEBUG(0, ("Short file, bailing out...\n")); + return; } - - if (nread>=fsize) - { - if (!smbshut(finfo, fnum, inbuf, outbuf)) - { - DEBUG(0, ("Error closing remote file\n")); - free(inbuf);free(outbuf); - return; - } - if (fsize % TBLOCK) bufferp+=TBLOCK - (fsize % TBLOCK); - DEBUG(5, ("bufferp is now %d (psn=%d)\n", - (long) bufferp, (long)(bufferp - tarbuf))); - ntarf++; - fsize=0; - } - } while (bufferp < endofbuffer); + if (!get_file(finfo)) { + DEBUG(0, ("Abandoning restore\n")); + return; + + } + break; + + case '5': + if (!get_dir(finfo)) { + DEBUG(0, ("Abandoning restore \n")); + return; + } + break; + + case 'L': + longfilename = get_longfilename(finfo); + if (!longfilename) { + DEBUG(0, ("abandoning restore\n")); + return; + + } + DEBUG(5, ("Long file name: %s\n", longfilename)); + break; + + default: + skip_file(finfo.size); /* Don't handle these yet */ + break; + + } + } - DEBUG(0, ("premature eof on tar file ?\n")); - DEBUG(0,("total of %d tar files restored to share\n", ntarf)); - free(inbuf); free(outbuf); } + /* * samba interactive commands */ @@ -1396,36 +1276,38 @@ static void do_tarput() /**************************************************************************** Blocksize command ***************************************************************************/ -void cmd_block(void) +int cmd_block(void) { fstring buf; int block; - if (!next_token(NULL,buf,NULL)) + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { DEBUG(0, ("blocksize \n")); - return; + return 1; } block=atoi(buf); if (block < 0 || block > 65535) { DEBUG(0, ("blocksize out of range")); - return; + return 1; } blocksize=block; DEBUG(2,("blocksize is now %d\n", blocksize)); + + return 0; } /**************************************************************************** command to set incremental / reset mode ***************************************************************************/ -void cmd_tarmode(void) +int cmd_tarmode(void) { fstring buf; - while (next_token(NULL,buf,NULL)) { + while (next_token_nr(NULL,buf,NULL,sizeof(buf))) { if (strequal(buf, "full")) tar_inc=False; else if (strequal(buf, "inc")) @@ -1434,37 +1316,54 @@ void cmd_tarmode(void) tar_reset=True; else if (strequal(buf, "noreset")) tar_reset=False; + else if (strequal(buf, "system")) + tar_system=True; + else if (strequal(buf, "nosystem")) + tar_system=False; + else if (strequal(buf, "hidden")) + tar_hidden=True; + else if (strequal(buf, "nohidden")) + tar_hidden=False; + else if (strequal(buf, "verbose") || strequal(buf, "noquiet")) + tar_noisy=True; + else if (strequal(buf, "quiet") || strequal(buf, "noverbose")) + tar_noisy=False; else DEBUG(0, ("tarmode: unrecognised option %s\n", buf)); } - DEBUG(0, ("tarmode is now %s, %s\n", + DEBUG(0, ("tarmode is now %s, %s, %s, %s, %s\n", tar_inc ? "incremental" : "full", - tar_reset ? "reset" : "noreset")); + tar_system ? "system" : "nosystem", + tar_hidden ? "hidden" : "nohidden", + tar_reset ? "reset" : "noreset", + tar_noisy ? "verbose" : "quiet")); + + return 0; } /**************************************************************************** Feeble attrib command ***************************************************************************/ -void cmd_setmode(void) +int cmd_setmode(void) { char *q; fstring buf; pstring fname; - int attra[2]; + uint16 attra[2]; int direct=1; attra[0] = attra[1] = 0; - if (!next_token(NULL,buf,NULL)) + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { - DEBUG(0, ("setmode \n")); - return; + DEBUG(0, ("setmode <[+|-]rsha>\n")); + return 1; } - strcpy(fname, cur_dir); - strcat(fname, buf); + safe_strcpy(fname, cur_dir, sizeof(pstring)); + safe_strcat(fname, buf, sizeof(pstring)); - while (next_token(NULL,buf,NULL)) { + while (next_token_nr(NULL,buf,NULL,sizeof(buf))) { q=buf; while(*q) @@ -1482,55 +1381,64 @@ void cmd_setmode(void) case 'a': attra[direct]|=aARCH; break; default: DEBUG(0, ("setmode \n")); - return; + return 1; } } if (attra[ATTRSET]==0 && attra[ATTRRESET]==0) { - DEBUG(0, ("setmode \n")); - return; + DEBUG(0, ("setmode <[+|-]rsha>\n")); + return 1; } -DEBUG(2, ("\nperm set %d %d\n", attra[ATTRSET], attra[ATTRRESET])); - (void) do_setrattr(fname, attra[ATTRSET], ATTRSET); - (void) do_setrattr(fname, attra[ATTRRESET], ATTRRESET); + DEBUG(2, ("\nperm set %d %d\n", attra[ATTRSET], attra[ATTRRESET])); + do_setrattr(fname, attra[ATTRSET], ATTRSET); + do_setrattr(fname, attra[ATTRRESET], ATTRRESET); + + return 0; } /**************************************************************************** Principal command for creating / extracting ***************************************************************************/ -void cmd_tar(char *inbuf, char *outbuf) +int cmd_tar(void) { fstring buf; char **argl; int argcl; - if (!next_token(NULL,buf,NULL)) + if (!next_token_nr(NULL,buf,NULL,sizeof(buf))) { - DEBUG(0,("tar [IXbga] \n")); - return; + DEBUG(0,("tar [IXbgan] \n")); + return 1; } argl=toktocliplist(&argcl, NULL); if (!tar_parseargs(argcl, argl, buf, 0)) - return; + return 1; + + process_tar(); - process_tar(inbuf, outbuf); + SAFE_FREE(argl); - free(argl); + return 0; } /**************************************************************************** Command line (option) version ***************************************************************************/ -int process_tar(char *inbuf, char *outbuf) +int process_tar(void) { initarbuf(); switch(tar_type) { case 'x': + +#if 0 + do_tarput2(); +#else do_tarput(); - free(tarbuf); +#endif + SAFE_FREE(tarbuf); close(tarhandle); break; case 'r': @@ -1540,67 +1448,82 @@ int process_tar(char *inbuf, char *outbuf) pstring tarmac; for (i=0; i= inclusion_buffer_size) { + char *ib; + inclusion_buffer_size *= 2; + ib = Realloc(inclusion_buffer,inclusion_buffer_size); + if (! ib) { + DEBUG(0,("failure enlarging inclusion buffer to %d bytes\n", + inclusion_buffer_size)); + error = 1; + break; + } + else inclusion_buffer = ib; + } + + safe_strcpy(inclusion_buffer + inclusion_buffer_sofar, buf, inclusion_buffer_size - inclusion_buffer_sofar); + inclusion_buffer_sofar += strlen(buf) + 1; + clipn++; + } + x_fclose(inclusion); + + if (! error) { + /* Allocate an array of clipn + 1 char*'s for cliplist */ + cliplist = malloc((clipn + 1) * sizeof(char *)); + if (cliplist == NULL) { + DEBUG(0,("failure allocating memory for cliplist\n")); + error = 1; + } else { + cliplist[clipn] = NULL; + p = inclusion_buffer; + for (i = 0; (! error) && (i < clipn); i++) { + /* set current item to NULL so array will be null-terminated even if + * malloc fails below. */ + cliplist[i] = NULL; + if ((tmpstr = (char *)malloc(strlen(p)+1)) == NULL) { + DEBUG(0, ("Could not allocate space for a cliplist item, # %i\n", i)); + error = 1; + } else { + unfixtarname(tmpstr, p, strlen(p) + 1, True); + cliplist[i] = tmpstr; + if ((p = strchr_m(p, '\000')) == NULL) { + DEBUG(0,("INTERNAL ERROR: inclusion_buffer is of unexpected contents.\n")); + abort(); + } + } + ++p; + } + must_free_cliplist = True; + } + } + + SAFE_FREE(inclusion_buffer); + if (error) { + if (cliplist) { + char **pp; + /* We know cliplist is always null-terminated */ + for (pp = cliplist; *pp; ++pp) { + SAFE_FREE(*pp); + } + SAFE_FREE(cliplist); + cliplist = NULL; + must_free_cliplist = False; + } + return 0; + } + + /* cliplist and its elements are freed at the end of process_tar. */ + return 1; +} + /**************************************************************************** Parse tar arguments. Sets tar_type, tar_excl, etc. ***************************************************************************/ @@ -1620,6 +1651,7 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind) */ tar_type='\0'; tar_excl=True; + dry_run=False; while (*Optarg) switch(*Optarg++) { @@ -1649,13 +1681,13 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind) DEBUG(0,("Option N must be followed by valid file name\n")); return 0; } else { - struct stat stbuf; + SMB_STRUCT_STAT stbuf; extern time_t newer_than; if (sys_stat(argv[Optind], &stbuf) == 0) { newer_than = stbuf.st_mtime; DEBUG(1,("Getting files newer than %s", - asctime(LocalTime(&newer_than,GMT_TO_LOCAL)))); + asctime(LocalTime(&newer_than)))); Optind++; } else { DEBUG(0,("Error setting newer-than time\n")); @@ -1666,20 +1698,43 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind) case 'a': tar_reset=True; break; + case 'q': + tar_noisy=False; + break; case 'I': if (tar_clipfl) { - DEBUG(0,("Only one of I,X must be specified\n")); + DEBUG(0,("Only one of I,X,F must be specified\n")); return 0; } tar_clipfl='I'; break; case 'X': if (tar_clipfl) { - DEBUG(0,("Only one of I,X must be specified\n")); + DEBUG(0,("Only one of I,X,F must be specified\n")); return 0; } tar_clipfl='X'; break; + case 'F': + if (tar_clipfl) { + DEBUG(0,("Only one of I,X,F must be specified\n")); + return 0; + } + tar_clipfl='F'; + break; + case 'r': + DEBUG(0, ("tar_re_search set\n")); + tar_re_search = True; + break; + case 'n': + if (tar_type == 'c') { + DEBUG(0, ("dry_run set\n")); + dry_run = True; + } else { + DEBUG(0, ("n is only meaningful when creating a tar-file\n")); + return 0; + } + break; default: DEBUG(0,("Unknown tar option\n")); return 0; @@ -1690,21 +1745,105 @@ int tar_parseargs(int argc, char *argv[], char *Optarg, int Optind) return 0; } + /* tar_excl is true if cliplist lists files to be included. + * Both 'I' and 'F' mean include. */ + tar_excl=tar_clipfl!='X'; + + if (tar_clipfl=='F') { + if (argc-Optind-1 != 1) { + DEBUG(0,("Option F must be followed by exactly one filename.\n")); + return 0; + } + if (! read_inclusion_file(argv[Optind+1])) { + return 0; + } + } else if (Optind+1=argc || !strcmp(argv[Optind], "-")) { /* Sets tar handle to either 0 or 1, as appropriate */ tarhandle=(tar_type=='c'); + /* + * Make sure that dbf points to stderr if we are using stdout for + * tar output + */ + if (tarhandle == 1) + dbf = x_stderr; } else { - tar_excl=tar_clipfl!='X'; - - if (Optind+1 +#include + +#include +#include +#include +#include +#include + +#ifndef MS_MGC_VAL +/* This may look strange but MS_MGC_VAL is what we are looking for and + is what we need from under libc systems and is + provided in standard includes on glibc systems. So... We + switch on what we need... */ +#include +#endif + +static uid_t mount_uid; +static gid_t mount_gid; +static int mount_ro; +static unsigned mount_fmask; +static unsigned mount_dmask; +static int user_mount; +static char *options; + +static void +help(void) +{ + printf("\n"); + printf("Usage: smbmnt mount-point [options]\n"); + printf("Version %s\n\n",VERSION); + printf("-s share share name on server\n" + "-r mount read-only\n" + "-u uid mount as uid\n" + "-g gid mount as gid\n" + "-f mask permission mask for files\n" + "-d mask permission mask for directories\n" + "-o options name=value, list of options\n" + "-h print this help text\n"); +} + +static int +parse_args(int argc, char *argv[], struct smb_mount_data *data, char **share) +{ + int opt; + + while ((opt = getopt (argc, argv, "s:u:g:rf:d:o:")) != EOF) + { + switch (opt) + { + case 's': + *share = optarg; + break; + case 'u': + if (!user_mount) { + mount_uid = strtol(optarg, NULL, 0); + } + break; + case 'g': + if (!user_mount) { + mount_gid = strtol(optarg, NULL, 0); + } + break; + case 'r': + mount_ro = 1; + break; + case 'f': + mount_fmask = strtol(optarg, NULL, 8); + break; + case 'd': + mount_dmask = strtol(optarg, NULL, 8); + break; + case 'o': + options = optarg; + break; + default: + return -1; + } + } + return 0; + +} + +static char * +fullpath(const char *p) +{ + char path[MAXPATHLEN]; + + if (strlen(p) > MAXPATHLEN-1) { + return NULL; + } + + if (realpath(p, path) == NULL) { + fprintf(stderr,"Failed to find real path for mount point\n"); + exit(1); + } + return strdup(path); +} + +/* Check whether user is allowed to mount on the specified mount point. If it's + OK then we change into that directory - this prevents race conditions */ +static int mount_ok(char *mount_point) +{ + SMB_STRUCT_STAT st; + + if (chdir(mount_point) != 0) { + return -1; + } + + if (sys_stat(".", &st) != 0) { + return -1; + } + + if (!S_ISDIR(st.st_mode)) { + errno = ENOTDIR; + return -1; + } + + if ((getuid() != 0) && + ((getuid() != st.st_uid) || + ((st.st_mode & S_IRWXU) != S_IRWXU))) { + errno = EPERM; + return -1; + } + + return 0; +} + +/* Tries to mount using the appropriate format. For 2.2 the struct, + for 2.4 the ascii version. */ +static int +do_mount(char *share_name, unsigned int flags, struct smb_mount_data *data) +{ + pstring opts; + struct utsname uts; + char *release, *major, *minor; + char *data1, *data2; + + uname(&uts); + release = uts.release; + major = strsep(&release, "."); + minor = strsep(&release, "."); + if (major && minor && atoi(major) == 2 && atoi(minor) < 4) { + /* < 2.4, assume struct */ + data1 = (char *) data; + data2 = opts; + } else { + /* >= 2.4, assume ascii but fall back on struct */ + data1 = opts; + data2 = (char *) data; + } + + slprintf(opts, sizeof(opts)-1, + "version=7,uid=%d,gid=%d,file_mode=0%o,dir_mode=0%o,%s", + data->uid, data->gid, data->file_mode, data->dir_mode,options); + if (mount(share_name, ".", "smbfs", flags, data1) == 0) + return 0; + return mount(share_name, ".", "smbfs", flags, data2); +} + + int main(int argc, char *argv[]) +{ + char *mount_point, *share_name = NULL; + FILE *mtab; + int fd; + unsigned int flags; + struct smb_mount_data data; + struct mntent ment; + + memset(&data, 0, sizeof(struct smb_mount_data)); + + if (argc < 2) { + help(); + exit(1); + } + + if (argv[1][0] == '-') { + help(); + exit(1); + } + + if (getuid() != 0) { + user_mount = 1; + } + + if (geteuid() != 0) { + fprintf(stderr, "smbmnt must be installed suid root for direct user mounts (%d,%d)\n", getuid(), geteuid()); + exit(1); + } + + mount_uid = getuid(); + mount_gid = getgid(); + mount_fmask = umask(0); + umask(mount_fmask); + mount_fmask = ~mount_fmask; + + mount_point = fullpath(argv[1]); + + argv += 1; + argc -= 1; + + if (mount_ok(mount_point) != 0) { + fprintf(stderr, "cannot mount on %s: %s\n", + mount_point, strerror(errno)); + exit(1); + } + + data.version = SMB_MOUNT_VERSION; + + /* getuid() gives us the real uid, who may umount the fs */ + data.mounted_uid = getuid(); + + if (parse_args(argc, argv, &data, &share_name) != 0) { + help(); + return -1; + } + + data.uid = mount_uid; + data.gid = mount_gid; + data.file_mode = (S_IRWXU|S_IRWXG|S_IRWXO) & mount_fmask; + data.dir_mode = (S_IRWXU|S_IRWXG|S_IRWXO) & mount_dmask; + + if (mount_dmask == 0) { + data.dir_mode = data.file_mode; + if ((data.dir_mode & S_IRUSR) != 0) + data.dir_mode |= S_IXUSR; + if ((data.dir_mode & S_IRGRP) != 0) + data.dir_mode |= S_IXGRP; + if ((data.dir_mode & S_IROTH) != 0) + data.dir_mode |= S_IXOTH; + } + + flags = MS_MGC_VAL; + + if (mount_ro) flags |= MS_RDONLY; + + if (do_mount(share_name, flags, &data) < 0) { + switch (errno) { + case ENODEV: + fprintf(stderr, "ERROR: smbfs filesystem not supported by the kernel\n"); + break; + default: + perror("mount error"); + } + fprintf(stderr, "Please refer to the smbmnt(8) manual page\n"); + return -1; + } + + ment.mnt_fsname = share_name ? share_name : "none"; + ment.mnt_dir = mount_point; + ment.mnt_type = "smbfs"; + ment.mnt_opts = ""; + ment.mnt_freq = 0; + ment.mnt_passno= 0; + + mount_point = ment.mnt_dir; + + if (mount_point == NULL) + { + fprintf(stderr, "Mount point too long\n"); + return -1; + } + + if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) + { + fprintf(stderr, "Can't get "MOUNTED"~ lock file"); + return 1; + } + close(fd); + + if ((mtab = setmntent(MOUNTED, "a+")) == NULL) + { + fprintf(stderr, "Can't open " MOUNTED); + return 1; + } + + if (addmntent(mtab, &ment) == 1) + { + fprintf(stderr, "Can't write mount entry"); + return 1; + } + if (fchmod(fileno(mtab), 0644) == -1) + { + fprintf(stderr, "Can't set perms on "MOUNTED); + return 1; + } + endmntent(mtab); + + if (unlink(MOUNTED"~") == -1) + { + fprintf(stderr, "Can't remove "MOUNTED"~"); + return 1; + } + + return 0; +} diff --git a/source3/client/smbmount.c b/source3/client/smbmount.c new file mode 100644 index 00000000000..ad050063ec4 --- /dev/null +++ b/source3/client/smbmount.c @@ -0,0 +1,883 @@ +/* + Unix SMB/CIFS implementation. + SMBFS mount program + Copyright (C) Andrew Tridgell 1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#define NO_SYSLOG + +#include "includes.h" + +#include +#include +#include + +extern BOOL in_client; +extern pstring user_socket_options; +extern BOOL append_log; +extern fstring remote_machine; + +static pstring credentials; +static pstring my_netbios_name; +static pstring password; +static pstring username; +static pstring workgroup; +static pstring mpoint; +static pstring service; +static pstring options; + +static struct in_addr dest_ip; +static BOOL have_ip; +static int smb_port = 0; +static BOOL got_pass; +static uid_t mount_uid; +static gid_t mount_gid; +static int mount_ro; +static unsigned mount_fmask; +static unsigned mount_dmask; + +static void usage(void); + +static void exit_parent(int sig) +{ + /* parent simply exits when child says go... */ + exit(0); +} + +static void daemonize(void) +{ + int j, status; + pid_t child_pid; + + signal( SIGTERM, exit_parent ); + + if ((child_pid = sys_fork()) < 0) { + DEBUG(0,("could not fork\n")); + } + + if (child_pid > 0) { + while( 1 ) { + j = waitpid( child_pid, &status, 0 ); + if( j < 0 ) { + if( EINTR == errno ) { + continue; + } + status = errno; + } + break; + } + /* If we get here - the child exited with some error status */ + exit(status); + } + + signal( SIGTERM, SIG_DFL ); + chdir("/"); +} + +static void close_our_files(int client_fd) +{ + int i; + struct rlimit limits; + + getrlimit(RLIMIT_NOFILE,&limits); + for (i = 0; i< limits.rlim_max; i++) { + if (i == client_fd) + continue; + close(i); + } +} + +static void usr1_handler(int x) +{ + return; +} + + +/***************************************************** +return a connection to a server +*******************************************************/ +static struct cli_state *do_connection(char *the_service) +{ + struct cli_state *c; + struct nmb_name called, calling; + char *server_n; + struct in_addr ip; + pstring server; + char *share; + + if (the_service[0] != '\\' || the_service[1] != '\\') { + usage(); + exit(1); + } + + pstrcpy(server, the_service+2); + share = strchr_m(server,'\\'); + if (!share) { + usage(); + exit(1); + } + *share = 0; + share++; + + server_n = server; + + make_nmb_name(&calling, my_netbios_name, 0x0); + make_nmb_name(&called , server, 0x20); + + again: + zero_ip(&ip); + if (have_ip) ip = dest_ip; + + /* have to open a new connection */ + if (!(c=cli_initialise(NULL)) || (cli_set_port(c, smb_port) != smb_port) || + !cli_connect(c, server_n, &ip)) { + DEBUG(0,("%d: Connection to %s failed\n", sys_getpid(), server_n)); + if (c) { + cli_shutdown(c); + } + return NULL; + } + + /* SPNEGO doesn't work till we get NTSTATUS error support */ + c->use_spnego = False; + + if (!cli_session_request(c, &calling, &called)) { + char *p; + DEBUG(0,("%d: session request to %s failed (%s)\n", + sys_getpid(), called.name, cli_errstr(c))); + cli_shutdown(c); + if ((p=strchr_m(called.name, '.'))) { + *p = 0; + goto again; + } + if (strcmp(called.name, "*SMBSERVER")) { + make_nmb_name(&called , "*SMBSERVER", 0x20); + goto again; + } + return NULL; + } + + DEBUG(4,("%d: session request ok\n", sys_getpid())); + + if (!cli_negprot(c)) { + DEBUG(0,("%d: protocol negotiation failed\n", sys_getpid())); + cli_shutdown(c); + return NULL; + } + + if (!got_pass) { + char *pass = getpass("Password: "); + if (pass) { + pstrcpy(password, pass); + } + } + + /* This should be right for current smbfs. Future versions will support + large files as well as unicode and oplocks. */ + c->capabilities &= ~(CAP_UNICODE | CAP_LARGE_FILES | CAP_NT_SMBS | + CAP_NT_FIND | CAP_STATUS32 | CAP_LEVEL_II_OPLOCKS); + c->force_dos_errors = True; + if (!cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + workgroup)) { + /* if a password was not supplied then try again with a + null username */ + if (password[0] || !username[0] || + !cli_session_setup(c, "", "", 0, "", 0, workgroup)) { + DEBUG(0,("%d: session setup failed: %s\n", + sys_getpid(), cli_errstr(c))); + cli_shutdown(c); + return NULL; + } + DEBUG(0,("Anonymous login successful\n")); + } + + DEBUG(4,("%d: session setup ok\n", sys_getpid())); + + if (!cli_send_tconX(c, share, "?????", + password, strlen(password)+1)) { + DEBUG(0,("%d: tree connect failed: %s\n", + sys_getpid(), cli_errstr(c))); + cli_shutdown(c); + return NULL; + } + + DEBUG(4,("%d: tconx ok\n", sys_getpid())); + + got_pass = True; + + return c; +} + + +/**************************************************************************** +unmount smbfs (this is a bailout routine to clean up if a reconnect fails) + Code blatently stolen from smbumount.c + -mhw- +****************************************************************************/ +static void smb_umount(char *mount_point) +{ + int fd; + struct mntent *mnt; + FILE* mtab; + FILE* new_mtab; + + /* Programmers Note: + This routine only gets called to the scene of a disaster + to shoot the survivors... A connection that was working + has now apparently failed. We have an active mount point + (presumably) that we need to dump. If we get errors along + the way - make some noise, but we are already turning out + the lights to exit anyways... + */ + if (umount(mount_point) != 0) { + DEBUG(0,("%d: Could not umount %s: %s\n", + sys_getpid(), mount_point, strerror(errno))); + return; + } + + if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) { + DEBUG(0,("%d: Can't get "MOUNTED"~ lock file", sys_getpid())); + return; + } + + close(fd); + + if ((mtab = setmntent(MOUNTED, "r")) == NULL) { + DEBUG(0,("%d: Can't open " MOUNTED ": %s\n", + sys_getpid(), strerror(errno))); + return; + } + +#define MOUNTED_TMP MOUNTED".tmp" + + if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL) { + DEBUG(0,("%d: Can't open " MOUNTED_TMP ": %s\n", + sys_getpid(), strerror(errno))); + endmntent(mtab); + return; + } + + while ((mnt = getmntent(mtab)) != NULL) { + if (strcmp(mnt->mnt_dir, mount_point) != 0) { + addmntent(new_mtab, mnt); + } + } + + endmntent(mtab); + + if (fchmod (fileno (new_mtab), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { + DEBUG(0,("%d: Error changing mode of %s: %s\n", + sys_getpid(), MOUNTED_TMP, strerror(errno))); + return; + } + + endmntent(new_mtab); + + if (rename(MOUNTED_TMP, MOUNTED) < 0) { + DEBUG(0,("%d: Cannot rename %s to %s: %s\n", + sys_getpid(), MOUNTED, MOUNTED_TMP, strerror(errno))); + return; + } + + if (unlink(MOUNTED"~") == -1) { + DEBUG(0,("%d: Can't remove "MOUNTED"~", sys_getpid())); + return; + } +} + + +/* + * Call the smbfs ioctl to install a connection socket, + * then wait for a signal to reconnect. Note that we do + * not exit after open_sockets() or send_login() errors, + * as the smbfs mount would then have no way to recover. + */ +static void send_fs_socket(char *the_service, char *mount_point, struct cli_state *c) +{ + int fd, closed = 0, res = 1; + pid_t parentpid = getppid(); + struct smb_conn_opt conn_options; + + memset(&conn_options, 0, sizeof(conn_options)); + + while (1) { + if ((fd = open(mount_point, O_RDONLY)) < 0) { + DEBUG(0,("mount.smbfs[%d]: can't open %s\n", + sys_getpid(), mount_point)); + break; + } + + conn_options.fd = c->fd; + conn_options.protocol = c->protocol; + conn_options.case_handling = SMB_CASE_DEFAULT; + conn_options.max_xmit = c->max_xmit; + conn_options.server_uid = c->vuid; + conn_options.tid = c->cnum; + conn_options.secmode = c->sec_mode; + conn_options.rawmode = 0; + conn_options.sesskey = c->sesskey; + conn_options.maxraw = 0; + conn_options.capabilities = c->capabilities; + conn_options.serverzone = c->serverzone/60; + + res = ioctl(fd, SMB_IOC_NEWCONN, &conn_options); + if (res != 0) { + DEBUG(0,("mount.smbfs[%d]: ioctl failed, res=%d\n", + sys_getpid(), res)); + close(fd); + break; + } + + if (parentpid) { + /* Ok... We are going to kill the parent. Now + is the time to break the process group... */ + setsid(); + /* Send a signal to the parent to terminate */ + kill(parentpid, SIGTERM); + parentpid = 0; + } + + close(fd); + + /* This looks wierd but we are only closing the userspace + side, the connection has already been passed to smbfs and + it has increased the usage count on the socket. + + If we don't do this we will "leak" sockets and memory on + each reconnection we have to make. */ + cli_shutdown(c); + c = NULL; + + if (!closed) { + /* redirect stdout & stderr since we can't know that + the library functions we use are using DEBUG. */ + if ( (fd = open("/dev/null", O_WRONLY)) < 0) + DEBUG(2,("mount.smbfs: can't open /dev/null\n")); + close_our_files(fd); + if (fd >= 0) { + dup2(fd, STDOUT_FILENO); + dup2(fd, STDERR_FILENO); + close(fd); + } + + /* here we are no longer interactive */ + pstrcpy(remote_machine, "smbmount"); /* sneaky ... */ + setup_logging("mount.smbfs", False); + append_log = True; + reopen_logs(); + DEBUG(0, ("mount.smbfs: entering daemon mode for service %s, pid=%d\n", the_service, sys_getpid())); + + closed = 1; + } + + /* Wait for a signal from smbfs ... but don't continue + until we actually get a new connection. */ + while (!c) { + CatchSignal(SIGUSR1, &usr1_handler); + pause(); + DEBUG(2,("mount.smbfs[%d]: got signal, getting new socket\n", sys_getpid())); + c = do_connection(the_service); + } + } + + smb_umount(mount_point); + DEBUG(2,("mount.smbfs[%d]: exit\n", sys_getpid())); + exit(1); +} + + +/** + * Mount a smbfs + **/ +static void init_mount(void) +{ + char mount_point[MAXPATHLEN+1]; + pstring tmp; + pstring svc2; + struct cli_state *c; + char *args[20]; + int i, status; + + if (realpath(mpoint, mount_point) == NULL) { + fprintf(stderr, "Could not resolve mount point %s\n", mpoint); + return; + } + + + c = do_connection(service); + if (!c) { + fprintf(stderr,"SMB connection failed\n"); + exit(1); + } + + /* + Set up to return as a daemon child and wait in the parent + until the child say it's ready... + */ + daemonize(); + + pstrcpy(svc2, service); + string_replace(svc2, '\\','/'); + string_replace(svc2, ' ','_'); + + memset(args, 0, sizeof(args[0])*20); + + i=0; + args[i++] = "smbmnt"; + + args[i++] = mount_point; + args[i++] = "-s"; + args[i++] = svc2; + + if (mount_ro) { + args[i++] = "-r"; + } + if (mount_uid) { + slprintf(tmp, sizeof(tmp)-1, "%d", mount_uid); + args[i++] = "-u"; + args[i++] = smb_xstrdup(tmp); + } + if (mount_gid) { + slprintf(tmp, sizeof(tmp)-1, "%d", mount_gid); + args[i++] = "-g"; + args[i++] = smb_xstrdup(tmp); + } + if (mount_fmask) { + slprintf(tmp, sizeof(tmp)-1, "0%o", mount_fmask); + args[i++] = "-f"; + args[i++] = smb_xstrdup(tmp); + } + if (mount_dmask) { + slprintf(tmp, sizeof(tmp)-1, "0%o", mount_dmask); + args[i++] = "-d"; + args[i++] = smb_xstrdup(tmp); + } + if (options) { + args[i++] = "-o"; + args[i++] = options; + } + + if (sys_fork() == 0) { + char *smbmnt_path; + + asprintf(&smbmnt_path, "%s/smbmnt", dyn_BINDIR); + + if (file_exist(smbmnt_path, NULL)) { + execv(smbmnt_path, args); + fprintf(stderr, + "smbfs/init_mount: execv of %s failed. Error was %s.", + smbmnt_path, strerror(errno)); + } else { + execvp("smbmnt", args); + fprintf(stderr, + "smbfs/init_mount: execv of %s failed. Error was %s.", + "smbmnt", strerror(errno)); + } + free(smbmnt_path); + exit(1); + } + + if (waitpid(-1, &status, 0) == -1) { + fprintf(stderr,"waitpid failed: Error was %s", strerror(errno) ); + /* FIXME: do some proper error handling */ + exit(1); + } + + if (WIFEXITED(status) && WEXITSTATUS(status) != 0) { + fprintf(stderr,"smbmnt failed: %d\n", WEXITSTATUS(status)); + /* FIXME: do some proper error handling */ + exit(1); + } + + /* Ok... This is the rubicon for that mount point... At any point + after this, if the connections fail and can not be reconstructed + for any reason, we will have to unmount the mount point. There + is no exit from the next call... + */ + send_fs_socket(service, mount_point, c); +} + + +/**************************************************************************** +get a password from a a file or file descriptor +exit on failure (from smbclient, move to libsmb or shared .c file?) +****************************************************************************/ +static void get_password_file(void) +{ + int fd = -1; + char *p; + BOOL close_it = False; + pstring spec; + char pass[128]; + + if ((p = getenv("PASSWD_FD")) != NULL) { + pstrcpy(spec, "descriptor "); + pstrcat(spec, p); + sscanf(p, "%d", &fd); + close_it = False; + } else if ((p = getenv("PASSWD_FILE")) != NULL) { + fd = sys_open(p, O_RDONLY, 0); + pstrcpy(spec, p); + if (fd < 0) { + fprintf(stderr, "Error opening PASSWD_FILE %s: %s\n", + spec, strerror(errno)); + exit(1); + } + close_it = True; + } + + for(p = pass, *p = '\0'; /* ensure that pass is null-terminated */ + p && p - pass < sizeof(pass);) { + switch (read(fd, p, 1)) { + case 1: + if (*p != '\n' && *p != '\0') { + *++p = '\0'; /* advance p, and null-terminate pass */ + break; + } + case 0: + if (p - pass) { + *p = '\0'; /* null-terminate it, just in case... */ + p = NULL; /* then force the loop condition to become false */ + break; + } else { + fprintf(stderr, "Error reading password from file %s: %s\n", + spec, "empty password\n"); + exit(1); + } + + default: + fprintf(stderr, "Error reading password from file %s: %s\n", + spec, strerror(errno)); + exit(1); + } + } + pstrcpy(password, pass); + if (close_it) + close(fd); +} + +/**************************************************************************** +get username and password from a credentials file +exit on failure (from smbclient, move to libsmb or shared .c file?) +****************************************************************************/ +static void read_credentials_file(char *filename) +{ + FILE *auth; + fstring buf; + uint16 len = 0; + char *ptr, *val, *param; + + if ((auth=sys_fopen(filename, "r")) == NULL) + { + /* fail if we can't open the credentials file */ + DEBUG(0,("ERROR: Unable to open credentials file!\n")); + exit (-1); + } + + while (!feof(auth)) + { + /* get a line from the file */ + if (!fgets (buf, sizeof(buf), auth)) + continue; + len = strlen(buf); + + if ((len) && (buf[len-1]=='\n')) + { + buf[len-1] = '\0'; + len--; + } + if (len == 0) + continue; + + /* break up the line into parameter & value. + will need to eat a little whitespace possibly */ + param = buf; + if (!(ptr = strchr (buf, '='))) + continue; + val = ptr+1; + *ptr = '\0'; + + /* eat leading white space */ + while ((*val!='\0') && ((*val==' ') || (*val=='\t'))) + val++; + + if (strwicmp("password", param) == 0) + { + pstrcpy(password, val); + got_pass = True; + } + else if (strwicmp("username", param) == 0) + pstrcpy(username, val); + + memset(buf, 0, sizeof(buf)); + } + fclose(auth); +} + + +/**************************************************************************** +usage on the program +****************************************************************************/ +static void usage(void) +{ + printf("Usage: mount.smbfs service mountpoint [-o options,...]\n"); + + printf("Version %s\n\n",VERSION); + + printf( +"Options:\n\ + username= SMB username\n\ + password= SMB password\n\ + credentials= file with username/password\n\ + netbiosname= source NetBIOS name\n\ + uid= mount uid or username\n\ + gid= mount gid or groupname\n\ + port= remote SMB port number\n\ + fmask= file umask\n\ + dmask= directory umask\n\ + debug= debug level\n\ + ip= destination host or IP address\n\ + workgroup= workgroup on destination\n\ + sockopt= TCP socket options\n\ + scope= NetBIOS scope\n\ + iocharset= Linux charset (iso8859-1, utf8)\n\ + codepage= server codepage (cp850)\n\ + ttl= dircache time to live\n\ + guest don't prompt for a password\n\ + ro mount read-only\n\ + rw mount read-write\n\ +\n\ +This command is designed to be run from within /bin/mount by giving\n\ +the option '-t smbfs'. For example:\n\ + mount -t smbfs -o username=tridge,password=foobar //fjall/test /data/test\n\ +"); +} + + +/**************************************************************************** + Argument parsing for mount.smbfs interface + mount will call us like this: + mount.smbfs device mountpoint -o + + is never empty, containing at least rw or ro + ****************************************************************************/ +static void parse_mount_smb(int argc, char **argv) +{ + int opt; + char *opts; + char *opteq; + extern char *optarg; + int val; + extern pstring global_scope; + char *p; + + if (argc < 2 || argv[1][0] == '-') { + usage(); + exit(1); + } + + pstrcpy(service, argv[1]); + pstrcpy(mpoint, argv[2]); + + /* Convert any '/' characters in the service name to + '\' characters */ + string_replace(service, '/','\\'); + argc -= 2; + argv += 2; + + opt = getopt(argc, argv, "o:"); + if(opt != 'o') { + return; + } + + options[0] = 0; + p = options; + + /* + * option parsing from nfsmount.c (util-linux-2.9u) + */ + for (opts = strtok(optarg, ","); opts; opts = strtok(NULL, ",")) { + DEBUG(3, ("opts: %s\n", opts)); + if ((opteq = strchr_m(opts, '='))) { + val = atoi(opteq + 1); + *opteq = '\0'; + + if (!strcmp(opts, "username") || + !strcmp(opts, "logon")) { + char *lp; + pstrcpy(username,opteq+1); + if ((lp=strchr_m(username,'%'))) { + *lp = 0; + pstrcpy(password,lp+1); + got_pass = True; + memset(strchr_m(opteq+1,'%')+1,'X',strlen(password)); + } + if ((lp=strchr_m(username,'/'))) { + *lp = 0; + pstrcpy(workgroup,lp+1); + } + } else if(!strcmp(opts, "passwd") || + !strcmp(opts, "password")) { + pstrcpy(password,opteq+1); + got_pass = True; + memset(opteq+1,'X',strlen(password)); + } else if(!strcmp(opts, "credentials")) { + pstrcpy(credentials,opteq+1); + } else if(!strcmp(opts, "netbiosname")) { + pstrcpy(my_netbios_name,opteq+1); + } else if(!strcmp(opts, "uid")) { + mount_uid = nametouid(opteq+1); + } else if(!strcmp(opts, "gid")) { + mount_gid = nametogid(opteq+1); + } else if(!strcmp(opts, "port")) { + smb_port = val; + } else if(!strcmp(opts, "fmask")) { + mount_fmask = strtol(opteq+1, NULL, 8); + } else if(!strcmp(opts, "dmask")) { + mount_dmask = strtol(opteq+1, NULL, 8); + } else if(!strcmp(opts, "debug")) { + DEBUGLEVEL = val; + } else if(!strcmp(opts, "ip")) { + dest_ip = *interpret_addr2(opteq+1); + if (is_zero_ip(dest_ip)) { + fprintf(stderr,"Can't resolve address %s\n", opteq+1); + exit(1); + } + have_ip = True; + } else if(!strcmp(opts, "workgroup")) { + pstrcpy(workgroup,opteq+1); + } else if(!strcmp(opts, "sockopt")) { + pstrcpy(user_socket_options,opteq+1); + } else if(!strcmp(opts, "scope")) { + pstrcpy(global_scope,opteq+1); + } else { + slprintf(p, sizeof(pstring) - (p - options) - 1, "%s=%s,", opts, opteq+1); + p += strlen(p); + } + } else { + val = 1; + if(!strcmp(opts, "nocaps")) { + fprintf(stderr, "Unhandled option: %s\n", opteq+1); + exit(1); + } else if(!strcmp(opts, "guest")) { + *password = '\0'; + got_pass = True; + } else if(!strcmp(opts, "rw")) { + mount_ro = 0; + } else if(!strcmp(opts, "ro")) { + mount_ro = 1; + } else { + strncpy(p, opts, sizeof(pstring) - (p - options) - 1); + p += strlen(opts); + *p++ = ','; + *p = 0; + } + } + } + + if (!*service) { + usage(); + exit(1); + } + + if (p != options) { + *(p-1) = 0; /* remove trailing , */ + DEBUG(3,("passthrough options '%s'\n", options)); + } +} + +/**************************************************************************** + main program +****************************************************************************/ + int main(int argc,char *argv[]) +{ + extern char *optarg; + extern int optind; + char *p; + + DEBUGLEVEL = 1; + + /* here we are interactive, even if run from autofs */ + setup_logging("mount.smbfs",True); + +#if 0 /* JRA - Urban says not needed ? */ + /* CLI_FORCE_ASCII=false makes smbmount negotiate unicode. The default + is to not announce any unicode capabilities as current smbfs does + not support it. */ + p = getenv("CLI_FORCE_ASCII"); + if (p && !strcmp(p, "false")) + unsetenv("CLI_FORCE_ASCII"); + else + setenv("CLI_FORCE_ASCII", "true", 1); +#endif + + in_client = True; /* Make sure that we tell lp_load we are */ + + if (getenv("USER")) { + pstrcpy(username,getenv("USER")); + + if ((p=strchr_m(username,'%'))) { + *p = 0; + pstrcpy(password,p+1); + got_pass = True; + memset(strchr_m(getenv("USER"),'%')+1,'X',strlen(password)); + } + strupper(username); + } + + if (getenv("PASSWD")) { + pstrcpy(password,getenv("PASSWD")); + got_pass = True; + } + + if (getenv("PASSWD_FD") || getenv("PASSWD_FILE")) { + get_password_file(); + got_pass = True; + } + + if (*username == 0 && getenv("LOGNAME")) { + pstrcpy(username,getenv("LOGNAME")); + } + + if (!lp_load(dyn_CONFIGFILE,True,False,False)) { + fprintf(stderr, "Can't load %s - run testparm to debug it\n", + dyn_CONFIGFILE); + } + + parse_mount_smb(argc, argv); + + if (*credentials != 0) { + read_credentials_file(credentials); + } + + DEBUG(3,("mount.smbfs started (version %s)\n", VERSION)); + + if (*workgroup == 0) { + pstrcpy(workgroup,lp_workgroup()); + } + + load_interfaces(); + if (!*my_netbios_name) { + pstrcpy(my_netbios_name, myhostname()); + } + strupper(my_netbios_name); + + init_mount(); + return 0; +} diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c new file mode 100644 index 00000000000..2a2d5cbaf59 --- /dev/null +++ b/source3/client/smbspool.c @@ -0,0 +1,412 @@ +/* + Unix SMB/CIFS implementation. + SMB backend for the Common UNIX Printing System ("CUPS") + Copyright 1999 by Easy Software Products + Copyright Andrew Tridgell 1994-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#define NO_SYSLOG + +#include "includes.h" + +/* + * Globals... + */ + +extern BOOL in_client; /* Boolean for client library */ + + +/* + * Local functions... + */ + +static void list_devices(void); +static struct cli_state *smb_connect(char *, char *, char *, char *, char *); +static int smb_print(struct cli_state *, char *, FILE *); + + +/* + * 'main()' - Main entry for SMB backend. + */ + + int /* O - Exit status */ + main(int argc, /* I - Number of command-line arguments */ + char *argv[]) /* I - Command-line arguments */ +{ + int i; /* Looping var */ + int copies; /* Number of copies */ + char uri[1024], /* URI */ + *sep, /* Pointer to separator */ + *username, /* Username */ + *password, /* Password */ + *workgroup, /* Workgroup */ + *server, /* Server name */ + *printer; /* Printer name */ + FILE *fp; /* File to print */ + int status=0; /* Status of LPD job */ + struct cli_state *cli; /* SMB interface */ + + /* we expect the URI in argv[0]. Detect the case where it is in argv[1] and cope */ + if (argc > 2 && strncmp(argv[0],"smb://", 6) && !strncmp(argv[1],"smb://", 6)) { + argv++; + argc--; + } + + if (argc == 1) + { + /* + * NEW! In CUPS 1.1 the backends are run with no arguments to list the + * available devices. These can be devices served by this backend + * or any other backends (i.e. you can have an SNMP backend that + * is only used to enumerate the available network printers... :) + */ + + list_devices(); + return (0); + } + + if (argc < 6 || argc > 7) + { + fprintf(stderr, "Usage: %s [DEVICE_URI] job-id user title copies options [file]\n", + argv[0]); + fputs(" The DEVICE_URI environment variable can also contain the\n", stderr); + fputs(" destination printer:\n", stderr); + fputs("\n", stderr); + fputs(" smb://[username:password@][workgroup/]server/printer\n", stderr); + return (1); + } + + /* + * If we have 7 arguments, print the file named on the command-line. + * Otherwise, print data from stdin... + */ + + if (argc == 6) + { + /* + * Print from Copy stdin to a temporary file... + */ + + fp = stdin; + copies = 1; + } + else if ((fp = fopen(argv[6], "rb")) == NULL) + { + perror("ERROR: Unable to open print file"); + return (1); + } + else + copies = atoi(argv[4]); + + /* + * Find the URI... + */ + + if (strncmp(argv[0], "smb://", 6) == 0) + strncpy(uri, argv[0], sizeof(uri) - 1); + else if (getenv("DEVICE_URI") != NULL) + strncpy(uri, getenv("DEVICE_URI"), sizeof(uri) - 1); + else + { + fputs("ERROR: No device URI found in argv[0] or DEVICE_URI environment variable!\n", stderr); + return (1); + } + + uri[sizeof(uri) - 1] = '\0'; + + /* + * Extract the destination from the URI... + */ + + if ((sep = strrchr_m(uri, '@')) != NULL) + { + username = uri + 6; + *sep++ = '\0'; + + server = sep; + + /* + * Extract password as needed... + */ + + if ((password = strchr_m(username, ':')) != NULL) + *password++ = '\0'; + else + password = ""; + } + else + { + username = ""; + password = ""; + server = uri + 6; + } + + if ((sep = strchr_m(server, '/')) == NULL) + { + fputs("ERROR: Bad URI - need printer name!\n", stderr); + return (1); + } + + *sep++ = '\0'; + printer = sep; + + if ((sep = strchr_m(printer, '/')) != NULL) + { + /* + * Convert to smb://[username:password@]workgroup/server/printer... + */ + + *sep++ = '\0'; + + workgroup = server; + server = printer; + printer = sep; + } + else + workgroup = NULL; + + /* + * Setup the SAMBA server state... + */ + + setup_logging("smbspool", True); + + in_client = True; /* Make sure that we tell lp_load we are */ + + if (!lp_load(dyn_CONFIGFILE, True, False, False)) + { + fprintf(stderr, "ERROR: Can't load %s - run testparm to debug it\n", dyn_CONFIGFILE); + return (1); + } + + if (workgroup == NULL) + workgroup = lp_workgroup(); + + load_interfaces(); + + do + { + if ((cli = smb_connect(workgroup, server, printer, username, password)) == NULL) + { + if (getenv("CLASS") == NULL) + { + perror("ERROR: Unable to connect to SAMBA host, will retry in 60 seconds..."); + sleep (60); + } + else + { + perror("ERROR: Unable to connect to SAMBA host, trying next printer..."); + return (1); + } + } + } + while (cli == NULL); + + /* + * Now that we are connected to the server, ignore SIGTERM so that we + * can finish out any page data the driver sends (e.g. to eject the + * current page... Only ignore SIGTERM if we are printing data from + * stdin (otherwise you can't cancel raw jobs...) + */ + + if (argc < 7) + CatchSignal(SIGTERM, SIG_IGN); + + /* + * Queue the job... + */ + + for (i = 0; i < copies; i ++) + if ((status = smb_print(cli, argv[3] /* title */, fp)) != 0) + break; + + cli_shutdown(cli); + + /* + * Return the queue status... + */ + + return (status); +} + + +/* + * 'list_devices()' - List the available printers seen on the network... + */ + +static void +list_devices(void) +{ + /* + * Eventually, search the local workgroup for available hosts and printers. + */ + + puts("network smb \"Unknown\" \"Windows Printer via SAMBA\""); +} + + +/* + * 'smb_connect()' - Return a connection to a server. + */ + +static struct cli_state * /* O - SMB connection */ +smb_connect(char *workgroup, /* I - Workgroup */ + char *server, /* I - Server */ + char *share, /* I - Printer */ + char *username, /* I - Username */ + char *password) /* I - Password */ +{ + struct cli_state *c; /* New connection */ + struct nmb_name called, /* NMB name of server */ + calling; /* NMB name of client */ + struct in_addr ip; /* IP address of server */ + pstring myname; /* Client name */ + + + /* + * Get the names and addresses of the client and server... + */ + + get_myname(myname); + + zero_ip(&ip); + + make_nmb_name(&calling, myname, 0x0); + make_nmb_name(&called, server, 0x20); + + /* + * Open a new connection to the SMB server... + */ + + if ((c = cli_initialise(NULL)) == NULL) + { + fputs("ERROR: cli_initialize() failed...\n", stderr); + return (NULL); + } + + if (!cli_connect(c, server, &ip)) + { + fputs("ERROR: cli_connect() failed...\n", stderr); + return (NULL); + } + + if (!cli_session_request(c, &calling, &called)) + { + fputs("ERROR: cli_session_request() failed...\n", stderr); + return (NULL); + } + + if (!cli_negprot(c)) + { + fputs("ERROR: SMB protocol negotiation failed\n", stderr); + cli_shutdown(c); + return (NULL); + } + + /* + * Do password stuff... + */ + + if (!cli_session_setup(c, username, + password, strlen(password), + password, strlen(password), + workgroup)) + { + fprintf(stderr, "ERROR: SMB session setup failed: %s\n", cli_errstr(c)); + return (NULL); + } + + if (!cli_send_tconX(c, share, "?????", + password, strlen(password)+1)) + { + fprintf(stderr, "ERROR: SMB tree connect failed: %s\n", cli_errstr(c)); + cli_shutdown(c); + return (NULL); + } + + /* + * Return the new connection... + */ + + return (c); +} + + +/* + * 'smb_print()' - Queue a job for printing using the SMB protocol. + */ + +static int /* O - 0 = success, non-0 = failure */ +smb_print(struct cli_state *cli, /* I - SMB connection */ + char *title, /* I - Title/job name */ + FILE *fp) /* I - File to print */ +{ + int fnum; /* File number */ + int nbytes, /* Number of bytes read */ + tbytes; /* Total bytes read */ + char buffer[8192], /* Buffer for copy */ + *ptr; /* Pointer into tile */ + + + /* + * Sanitize the title... + */ + + for (ptr = title; *ptr; ptr ++) + if (!isalnum((int)*ptr) && !isspace((int)*ptr)) + *ptr = '_'; + + /* + * Open the printer device... + */ + + if ((fnum = cli_open(cli, title, O_RDWR | O_CREAT | O_TRUNC, DENY_NONE)) == -1) + { + fprintf(stderr, "ERROR: %s opening remote file %s\n", + cli_errstr(cli), title); + return (1); + } + + /* + * Copy the file to the printer... + */ + + if (fp != stdin) + rewind(fp); + + tbytes = 0; + + while ((nbytes = fread(buffer, 1, sizeof(buffer), fp)) > 0) + { + if (cli_write(cli, fnum, 0, buffer, tbytes, nbytes) != nbytes) + { + fprintf(stderr, "ERROR: Error writing file: %s\n", cli_errstr(cli)); + break; + } + + tbytes += nbytes; + } + + if (!cli_close(cli, fnum)) + { + fprintf(stderr, "ERROR: %s closing remote file %s\n", + cli_errstr(cli), title); + return (1); + } + else + return (0); +} diff --git a/source3/client/smbumount.c b/source3/client/smbumount.c new file mode 100644 index 00000000000..983ad44fa0f --- /dev/null +++ b/source3/client/smbumount.c @@ -0,0 +1,185 @@ +/* + * smbumount.c + * + * Copyright (C) 1995-1998 by Volker Lendecke + * + */ + +#include "includes.h" + +#include + +#include +#include +#include +#include +#include + +/* This is a (hopefully) temporary hack due to the fact that + sizeof( uid_t ) != sizeof( __kernel_uid_t ) under glibc. + This may change in the future and smb.h may get fixed in the + future. In the mean time, it's ugly hack time - get over it. +*/ +#undef SMB_IOC_GETMOUNTUID +#define SMB_IOC_GETMOUNTUID _IOR('u', 1, __kernel_uid_t) + +#ifndef O_NOFOLLOW +#define O_NOFOLLOW 0400000 +#endif + +static void +usage(void) +{ + printf("usage: smbumount mountpoint\n"); +} + +static int +umount_ok(const char *mount_point) +{ + /* we set O_NOFOLLOW to prevent users playing games with symlinks to + umount filesystems they don't own */ + int fid = open(mount_point, O_RDONLY|O_NOFOLLOW, 0); + __kernel_uid_t mount_uid; + + if (fid == -1) { + fprintf(stderr, "Could not open %s: %s\n", + mount_point, strerror(errno)); + return -1; + } + + if (ioctl(fid, SMB_IOC_GETMOUNTUID, &mount_uid) != 0) { + fprintf(stderr, "%s probably not smb-filesystem\n", + mount_point); + return -1; + } + + if ((getuid() != 0) + && (mount_uid != getuid())) { + fprintf(stderr, "You are not allowed to umount %s\n", + mount_point); + return -1; + } + + close(fid); + return 0; +} + +/* Make a canonical pathname from PATH. Returns a freshly malloced string. + It is up the *caller* to ensure that the PATH is sensible. i.e. + canonicalize ("/dev/fd0/.") returns "/dev/fd0" even though ``/dev/fd0/.'' + is not a legal pathname for ``/dev/fd0'' Anything we cannot parse + we return unmodified. */ +static char * +canonicalize (char *path) +{ + char *canonical = malloc (PATH_MAX + 1); + + if (!canonical) { + fprintf(stderr, "Error! Not enough memory!\n"); + return NULL; + } + + if (strlen(path) > PATH_MAX) { + fprintf(stderr, "Mount point string too long\n"); + return NULL; + } + + if (path == NULL) + return NULL; + + if (realpath (path, canonical)) + return canonical; + + pstrcpy (canonical, path); + return canonical; +} + + +int +main(int argc, char *argv[]) +{ + int fd; + char* mount_point; + struct mntent *mnt; + FILE* mtab; + FILE* new_mtab; + + if (argc != 2) { + usage(); + exit(1); + } + + if (geteuid() != 0) { + fprintf(stderr, "smbumount must be installed suid root\n"); + exit(1); + } + + mount_point = canonicalize(argv[1]); + + if (mount_point == NULL) + { + exit(1); + } + + if (umount_ok(mount_point) != 0) { + exit(1); + } + + if (umount(mount_point) != 0) { + fprintf(stderr, "Could not umount %s: %s\n", + mount_point, strerror(errno)); + exit(1); + } + + if ((fd = open(MOUNTED"~", O_RDWR|O_CREAT|O_EXCL, 0600)) == -1) + { + fprintf(stderr, "Can't get "MOUNTED"~ lock file"); + return 1; + } + close(fd); + + if ((mtab = setmntent(MOUNTED, "r")) == NULL) { + fprintf(stderr, "Can't open " MOUNTED ": %s\n", + strerror(errno)); + return 1; + } + +#define MOUNTED_TMP MOUNTED".tmp" + + if ((new_mtab = setmntent(MOUNTED_TMP, "w")) == NULL) { + fprintf(stderr, "Can't open " MOUNTED_TMP ": %s\n", + strerror(errno)); + endmntent(mtab); + return 1; + } + + while ((mnt = getmntent(mtab)) != NULL) { + if (strcmp(mnt->mnt_dir, mount_point) != 0) { + addmntent(new_mtab, mnt); + } + } + + endmntent(mtab); + + if (fchmod (fileno (new_mtab), S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) { + fprintf(stderr, "Error changing mode of %s: %s\n", + MOUNTED_TMP, strerror(errno)); + exit(1); + } + + endmntent(new_mtab); + + if (rename(MOUNTED_TMP, MOUNTED) < 0) { + fprintf(stderr, "Cannot rename %s to %s: %s\n", + MOUNTED, MOUNTED_TMP, strerror(errno)); + exit(1); + } + + if (unlink(MOUNTED"~") == -1) + { + fprintf(stderr, "Can't remove "MOUNTED"~"); + return 1; + } + + return 0; +} diff --git a/source3/client/testsmbc.c b/source3/client/testsmbc.c new file mode 100644 index 00000000000..ec98774dcf5 --- /dev/null +++ b/source3/client/testsmbc.c @@ -0,0 +1,455 @@ +/* + Unix SMB/CIFS implementation. + SMB client library test program + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Richard Sharpe 2000 + Copyright (C) John Terpsra 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include +#include +#include +#include +#include +#include +#include + +void auth_fn(const char *server, const char *share, + char *workgroup, int wgmaxlen, char *username, int unmaxlen, + char *password, int pwmaxlen) +{ + char temp[128]; + + fprintf(stdout, "Need password for //%s/%s\n", server, share); + + fprintf(stdout, "Enter workgroup: [%s] ", workgroup); + fgets(temp, sizeof(temp), stdin); + + if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */ + temp[strlen(temp) - 1] = 0x00; + + if (temp[0]) strncpy(workgroup, temp, wgmaxlen - 1); + + fprintf(stdout, "Enter username: [%s] ", username); + fgets(temp, sizeof(temp), stdin); + + if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */ + temp[strlen(temp) - 1] = 0x00; + + if (temp[0]) strncpy(username, temp, unmaxlen - 1); + + fprintf(stdout, "Enter password: [%s] ", password); + fgets(temp, sizeof(temp), stdin); + + if (temp[strlen(temp) - 1] == 0x0a) /* A new line? */ + temp[strlen(temp) - 1] = 0x00; + + if (temp[0]) strncpy(password, temp, pwmaxlen - 1); + +} + +int global_id = 0; + +void print_list_fn(struct print_job_info *pji) +{ + + fprintf(stdout, "Print job: ID: %u, Prio: %u, Size: %u, User: %s, Name: %s\n", + pji->id, pji->priority, pji->size, pji->user, pji->name); + + global_id = pji->id; + +} + +int main(int argc, char *argv[]) +{ + int err, fd, dh1, dh2, dh3, dsize, dirc; + const char *file = "smb://samba/public/testfile.txt"; + const char *file2 = "smb://samba/public/testfile2.txt"; + char buff[256]; + char dirbuf[512]; + char *dirp; + struct stat st1, st2; + + err = smbc_init(auth_fn, 10); /* Initialize things */ + + if (err < 0) { + + fprintf(stderr, "Initializing the smbclient library ...: %s\n", strerror(errno)); + + } + + if (argc > 1) { + + /* Try to list the print jobs ... */ + + if (smbc_list_print_jobs("smb://samba/pclp", print_list_fn) < 0) { + + fprintf(stderr, "Could not list print jobs: %s, %d\n", strerror(errno), errno); + exit(1); + + } + + /* Try to delete the last job listed */ + + if (global_id > 0) { + + fprintf(stdout, "Trying to delete print job %u\n", global_id); + + if (smbc_unlink_print_job("smb://samba/pclp", global_id) < 0) { + + fprintf(stderr, "Failed to unlink job id %u, %s, %u\n", global_id, + strerror(errno), errno); + + exit(1); + + } + + } + + /* Try to print a file ... */ + + if (smbc_print_file("smb://samba/public/testfile2.txt", "smb://samba/pclp") < 0) { + + fprintf(stderr, "Failed to print job: %s %u\n", strerror(errno), errno); + exit(1); + + } + + /* Try to delete argv[1] as a file ... */ + + if (smbc_unlink(argv[1]) < 0) { + + fprintf(stderr, "Could not unlink: %s, %s, %d\n", + argv[1], strerror(errno), errno); + + exit(0); + + } + + if ((dh1 = smbc_opendir("smb://"))<1) { + + fprintf(stderr, "Could not open directory: smb://: %s\n", + strerror(errno)); + + exit(1); + + } + + if ((dh2 = smbc_opendir("smb://sambanet")) < 0) { + + fprintf(stderr, "Could not open directory: smb://sambanet: %s\n", + strerror(errno)); + + exit(1); + + } + + if ((dh3 = smbc_opendir("smb://samba")) < 0) { + + fprintf(stderr, "Could not open directory: smb://samba: %s\n", + strerror(errno)); + + exit(1); + + } + + fprintf(stdout, "Directory handles: %u, %u, %u\n", dh1, dh2, dh3); + + /* Now, list those directories, but in funny ways ... */ + + dirp = (char *)dirbuf; + + if ((dirc = smbc_getdents(dh1, (struct smbc_dirent *)dirp, + sizeof(dirbuf))) < 0) { + + fprintf(stderr, "Problems getting directory entries: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Now, process the list of names ... */ + + fprintf(stdout, "Directory listing, size = %u\n", dirc); + + while (dirc > 0) { + + dsize = ((struct smbc_dirent *)dirp)->dirlen; + fprintf(stdout, "Dir Ent, Type: %u, Name: %s, Comment: %s\n", + ((struct smbc_dirent *)dirp)->smbc_type, + ((struct smbc_dirent *)dirp)->name, + ((struct smbc_dirent *)dirp)->comment); + + dirp += dsize; + (char *)dirc -= dsize; + + } + + dirp = (char *)dirbuf; + + if ((dirc = smbc_getdents(dh2, (struct smbc_dirent *)dirp, + sizeof(dirbuf))) < 0) { + + fprintf(stderr, "Problems getting directory entries: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Now, process the list of names ... */ + + fprintf(stdout, "\nDirectory listing, size = %u\n", dirc); + + while (dirc > 0) { + + dsize = ((struct smbc_dirent *)dirp)->dirlen; + fprintf(stdout, "Dir Ent, Type: %u, Name: %s, Comment: %s\n", + ((struct smbc_dirent *)dirp)->smbc_type, + ((struct smbc_dirent *)dirp)->name, + ((struct smbc_dirent *)dirp)->comment); + + dirp += dsize; + (char *)dirc -= dsize; + + } + + dirp = (char *)dirbuf; + + if ((dirc = smbc_getdents(dh3, (struct smbc_dirent *)dirp, + sizeof(dirbuf))) < 0) { + + fprintf(stderr, "Problems getting directory entries: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Now, process the list of names ... */ + + fprintf(stdout, "Directory listing, size = %u\n", dirc); + + while (dirc > 0) { + + dsize = ((struct smbc_dirent *)dirp)->dirlen; + fprintf(stdout, "\nDir Ent, Type: %u, Name: %s, Comment: %s\n", + ((struct smbc_dirent *)dirp)->smbc_type, + ((struct smbc_dirent *)dirp)->name, + ((struct smbc_dirent *)dirp)->comment); + + (char *)dirp += dsize; + (char *)dirc -= dsize; + + } + + exit(1); + + } + + /* For now, open a file on a server that is hard coded ... later will + * read from the command line ... + */ + + fd = smbc_open(file, O_RDWR | O_CREAT | O_TRUNC, 0666); + + if (fd < 0) { + + fprintf(stderr, "Creating file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Opened or created file: %s\n", file); + + /* Now, write some date to the file ... */ + + bzero(buff, sizeof(buff)); + strcpy(buff, "Some test data for the moment ..."); + + err = smbc_write(fd, buff, sizeof(buff)); + + if (err < 0) { + + fprintf(stderr, "writing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Wrote %d bytes to file: %s\n", sizeof(buff), buff); + + /* Now, seek the file back to offset 0 */ + + err = smbc_lseek(fd, SEEK_SET, 0); + + if (err < 0) { + + fprintf(stderr, "Seeking file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Completed lseek on file: %s\n", file); + + /* Now, read the file contents back ... */ + + err = smbc_read(fd, buff, sizeof(buff)); + + if (err < 0) { + + fprintf(stderr, "Reading file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Read file: %s\n", buff); /* Should check the contents */ + + fprintf(stdout, "Now fstat'ing file: %s\n", file); + + err = smbc_fstat(fd, &st1); + + if (err < 0) { + + fprintf(stderr, "Fstat'ing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + + /* Now, close the file ... */ + + err = smbc_close(fd); + + if (err < 0) { + + fprintf(stderr, "Closing file: %s: %s\n", file, strerror(errno)); + + } + + /* Now, rename the file ... */ + + err = smbc_rename(file, file2); + + if (err < 0) { + + fprintf(stderr, "Renaming file: %s to %s: %s\n", file, file2, strerror(errno)); + + } + + fprintf(stdout, "Renamed file %s to %s\n", file, file2); + + /* Now, create a file and delete it ... */ + + fprintf(stdout, "Now, creating file: %s so we can delete it.\n", file); + + fd = smbc_open(file, O_RDWR | O_CREAT, 0666); + + if (fd < 0) { + + fprintf(stderr, "Creating file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Opened or created file: %s\n", file); + + err = smbc_close(fd); + + if (err < 0) { + + fprintf(stderr, "Closing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + /* Now, delete the file ... */ + + fprintf(stdout, "File %s created, now deleting ...\n", file); + + err = smbc_unlink(file); + + if (err < 0) { + + fprintf(stderr, "Deleting file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + /* Now, stat the file, file 2 ... */ + + fprintf(stdout, "Now stat'ing file: %s\n", file); + + err = smbc_stat(file2, &st2); + + if (err < 0) { + + fprintf(stderr, "Stat'ing file: %s: %s\n", file, strerror(errno)); + exit(0); + + } + + fprintf(stdout, "Stat'ed file: %s. Size = %d, mode = %04X\n", file2, + (int)st2.st_size, st2.st_mode); + fprintf(stdout, " time: %s\n", ctime(&st2.st_atime)); + fprintf(stdout, "Earlier stat: %s, Size = %d, mode = %04X\n", file, + (int)st1.st_size, st1.st_mode); + fprintf(stdout, " time: %s\n", ctime(&st1.st_atime)); + + /* Now, make a directory ... */ + + fprintf(stdout, "Making directory smb://samba/public/make-dir\n"); + + if (smbc_mkdir("smb://samba/public/make-dir", 0666) < 0) { + + fprintf(stderr, "Error making directory: smb://samba/public/make-dir: %s\n", + strerror(errno)); + + if (errno == EEXIST) { /* Try to delete the directory */ + + fprintf(stdout, "Trying to delete directory: smb://samba/public/make-dir\n"); + + if (smbc_rmdir("smb://samba/public/make-dir") < 0) { /* Error */ + + fprintf(stderr, "Error removing directory: smb://samba/public/make-dir: %s\n", strerror(errno)); + + exit(0); + + } + + fprintf(stdout, "Making directory: smb://samba/public/make-dir\n"); + + if (smbc_mkdir("smb://samba/public/make-dir", 666) < 0) { + + fprintf(stderr, "Error making directory: smb://samba/public/make-dir: %s\n", + strerror(errno)); + + fprintf(stderr, "I give up!\n"); + + exit(1); + + } + + } + + exit(0); + + } + + fprintf(stdout, "Made dir: make-dir\n"); + return 0; +} diff --git a/source3/client/tree.c b/source3/client/tree.c new file mode 100644 index 00000000000..94fd93c2106 --- /dev/null +++ b/source3/client/tree.c @@ -0,0 +1,811 @@ +/* + Unix SMB/CIFS implementation. + SMB client GTK+ tree-based application + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Richard Sharpe 2001 + Copyright (C) John Terpstra 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* example-gtk+ application, ripped off from the gtk+ tree.c sample */ + +#include +#include +#include +#include "libsmbclient.h" + +static GtkWidget *clist; + +struct tree_data { + + guint32 type; /* Type of tree item, an SMBC_TYPE */ + char name[256]; /* May need to change this later */ + +}; + +void error_message(gchar *message) { + + GtkWidget *dialog, *label, *okay_button; + + /* Create the widgets */ + + dialog = gtk_dialog_new(); + gtk_window_set_modal(GTK_WINDOW(dialog), True); + label = gtk_label_new (message); + okay_button = gtk_button_new_with_label("Okay"); + + /* Ensure that the dialog box is destroyed when the user clicks ok. */ + + gtk_signal_connect_object (GTK_OBJECT (okay_button), "clicked", + GTK_SIGNAL_FUNC (gtk_widget_destroy), dialog); + gtk_container_add (GTK_CONTAINER (GTK_DIALOG(dialog)->action_area), + okay_button); + + /* Add the label, and show everything we've added to the dialog. */ + + gtk_container_add (GTK_CONTAINER (GTK_DIALOG(dialog)->vbox), + label); + gtk_widget_show_all (dialog); +} + +/* + * We are given a widget, and we want to retrieve its URL so we + * can do a directory listing. + * + * We walk back up the tree, picking up pieces until we hit a server or + * workgroup type and return a path from there + */ + +static char path_string[1024]; + +char *get_path(GtkWidget *item) +{ + GtkWidget *p = item; + struct tree_data *pd; + char *comps[1024]; /* We keep pointers to the components here */ + int i = 0, j, level,type; + + /* Walk back up the tree, getting the private data */ + + level = GTK_TREE(item->parent)->level; + + /* Pick up this item's component info */ + + pd = (struct tree_data *)gtk_object_get_user_data(GTK_OBJECT(item)); + + comps[i++] = pd->name; + type = pd->type; + + while (level > 0 && type != SMBC_SERVER && type != SMBC_WORKGROUP) { + + /* Find the parent and extract the data etc ... */ + + p = GTK_WIDGET(p->parent); + p = GTK_WIDGET(GTK_TREE(p)->tree_owner); + + pd = (struct tree_data *)gtk_object_get_user_data(GTK_OBJECT(p)); + + level = GTK_TREE(item->parent)->level; + + comps[i++] = pd->name; + type = pd->type; + + } + + /* + * Got a list of comps now, should check that we did not hit a workgroup + * when we got other things as well ... Later + * + * Now, build the path + */ + + snprintf(path_string, sizeof(path_string), "smb:/"); + + for (j = i - 1; j >= 0; j--) { + + strncat(path_string, "/", sizeof(path_string) - strlen(path_string)); + strncat(path_string, comps[j], sizeof(path_string) - strlen(path_string)); + + } + + fprintf(stdout, "Path string = %s\n", path_string); + + return path_string; + +} + +struct tree_data *make_tree_data(guint32 type, const char *name) +{ + struct tree_data *p = (struct tree_data *)malloc(sizeof(struct tree_data)); + + if (p) { + + p->type = type; + strncpy(p->name, name, sizeof(p->name)); + + } + + return p; + +} + +/* Note that this is called every time the user clicks on an item, + whether it is already selected or not. */ +static void cb_select_child (GtkWidget *root_tree, GtkWidget *child, + GtkWidget *subtree) +{ + gint dh, err, dirlen; + char dirbuf[512]; + struct smbc_dirent *dirp; + struct stat st1; + char path[1024], path1[1024]; + + g_print ("select_child called for root tree %p, subtree %p, child %p\n", + root_tree, subtree, child); + + /* Now, figure out what it is, and display it in the clist ... */ + + gtk_clist_clear(GTK_CLIST(clist)); /* Clear the CLIST */ + + /* Now, get the private data for the subtree */ + + strncpy(path, get_path(child), 1024); + + if ((dh = smbc_opendir(path)) < 0) { /* Handle error */ + + g_print("cb_select_child: Could not open dir %s, %s\n", path, + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { + + g_print("cb_select_child: Could not read dir %s, %s\n", path, + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + dirp = (struct smbc_dirent *)dirbuf; + + while (err > 0) { + gchar col1[128], col2[128], col3[128], col4[128]; + gchar *rowdata[4] = {col1, col2, col3, col4}; + + dirlen = dirp->dirlen; + + /* Format each of the items ... */ + + strncpy(col1, dirp->name, 128); + + col2[0] = col3[0] = col4[0] = (char)0; + + switch (dirp->smbc_type) { + + case SMBC_WORKGROUP: + + break; + + case SMBC_SERVER: + + strncpy(col2, (dirp->comment?dirp->comment:""), 128); + + break; + + case SMBC_FILE_SHARE: + + strncpy(col2, (dirp->comment?dirp->comment:""), 128); + + break; + + case SMBC_PRINTER_SHARE: + + strncpy(col2, (dirp->comment?dirp->comment:""), 128); + break; + + case SMBC_COMMS_SHARE: + + break; + + case SMBC_IPC_SHARE: + + break; + + case SMBC_DIR: + case SMBC_FILE: + + /* Get stats on the file/dir and see what we have */ + + if ((strcmp(dirp->name, ".") != 0) && + (strcmp(dirp->name, "..") != 0)) { + + strncpy(path1, path, sizeof(path1)); + strncat(path1, "/", sizeof(path) - strlen(path)); + strncat(path1, dirp->name, sizeof(path) - strlen(path)); + + if (smbc_stat(path1, &st1) < 0) { + + if (errno != EBUSY) { + + g_print("cb_select_child: Could not stat file %s, %s\n", path1, + strerror(errno)); + + gtk_main_quit(); + + return; + + } + else { + + strncpy(col2, "Device or resource busy", sizeof(col2)); + + } + } + else { + /* Now format each of the relevant things ... */ + + snprintf(col2, sizeof(col2), "%c%c%c%c%c%c%c%c%c(%0X)", + (st1.st_mode&S_IRUSR?'r':'-'), + (st1.st_mode&S_IWUSR?'w':'-'), + (st1.st_mode&S_IXUSR?'x':'-'), + (st1.st_mode&S_IRGRP?'r':'-'), + (st1.st_mode&S_IWGRP?'w':'-'), + (st1.st_mode&S_IXGRP?'x':'-'), + (st1.st_mode&S_IROTH?'r':'-'), + (st1.st_mode&S_IWOTH?'w':'-'), + (st1.st_mode&S_IXOTH?'x':'-'), + st1.st_mode); + snprintf(col3, sizeof(col3), "%u", st1.st_size); + snprintf(col4, sizeof(col4), "%s", ctime(&st1.st_mtime)); + } + } + + break; + + default: + + break; + } + + gtk_clist_append(GTK_CLIST(clist), rowdata); + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + +} + +/* Note that this is never called */ +static void cb_unselect_child( GtkWidget *root_tree, + GtkWidget *child, + GtkWidget *subtree ) +{ + g_print ("unselect_child called for root tree %p, subtree %p, child %p\n", + root_tree, subtree, child); +} + +/* for all the GtkItem:: and GtkTreeItem:: signals */ +static void cb_itemsignal( GtkWidget *item, + gchar *signame ) +{ + GtkWidget *real_tree, *aitem, *subtree; + gchar *name; + GtkLabel *label; + gint dh, err, dirlen, level; + char dirbuf[512]; + struct smbc_dirent *dirp; + + label = GTK_LABEL (GTK_BIN (item)->child); + /* Get the text of the label */ + gtk_label_get (label, &name); + + level = GTK_TREE(item->parent)->level; + + /* Get the level of the tree which the item is in */ + g_print ("%s called for item %s->%p, level %d\n", signame, name, + item, GTK_TREE (item->parent)->level); + + real_tree = GTK_TREE_ITEM_SUBTREE(item); /* Get the subtree */ + + if (strncmp(signame, "expand", 6) == 0) { /* Expand called */ + char server[128]; + + if ((dh = smbc_opendir(get_path(item))) < 0) { /* Handle error */ + gchar errmsg[256]; + + g_print("cb_itemsignal: Could not open dir %s, %s\n", get_path(item), + strerror(errno)); + + slprintf(errmsg, sizeof(errmsg), "cb_itemsignal: Could not open dir %s, %s\n", get_path(item), strerror(errno)); + + error_message(errmsg); + + /* gtk_main_quit();*/ + + return; + + } + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { /* An error, report it */ + gchar errmsg[256]; + + g_print("cb_itemsignal: Could not read dir smbc://, %s\n", + strerror(errno)); + + slprintf(errmsg, sizeof(errmsg), "cb_itemsignal: Could not read dir smbc://, %s\n", strerror(errno)); + + error_message(errmsg); + + /* gtk_main_quit();*/ + + return; + + } + + dirp = (struct smbc_dirent *)dirbuf; + + while (err > 0) { + struct tree_data *my_data; + + dirlen = dirp->dirlen; + + my_data = make_tree_data(dirp->smbc_type, dirp->name); + + if (!my_data) { + + g_print("Could not allocate space for tree_data: %s\n", + dirp->name); + + gtk_main_quit(); + return; + + } + + aitem = gtk_tree_item_new_with_label(dirp->name); + + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(aitem), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(aitem), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(aitem), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(aitem), "expand", + GTK_SIGNAL_FUNC(cb_itemsignal), "expand"); + gtk_signal_connect (GTK_OBJECT(aitem), "collapse", + GTK_SIGNAL_FUNC(cb_itemsignal), "collapse"); + /* Add it to the parent tree */ + gtk_tree_append (GTK_TREE(real_tree), aitem); + + gtk_widget_show (aitem); + + gtk_object_set_user_data(GTK_OBJECT(aitem), (gpointer)my_data); + + fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen); + + if (dirp->smbc_type != SMBC_FILE && + dirp->smbc_type != SMBC_IPC_SHARE && + (strcmp(dirp->name, ".") != 0) && + (strcmp(dirp->name, "..") !=0)){ + + subtree = gtk_tree_new(); + gtk_tree_item_set_subtree(GTK_TREE_ITEM(aitem), subtree); + + gtk_signal_connect(GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect(GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + } + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + + smbc_closedir(dh); + + } + else if (strncmp(signame, "collapse", 8) == 0) { + GtkWidget *subtree = gtk_tree_new(); + + gtk_tree_remove_items(GTK_TREE(real_tree), GTK_TREE(real_tree)->children); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + } + +} + +static void cb_selection_changed( GtkWidget *tree ) +{ + GList *i; + + g_print ("selection_change called for tree %p\n", tree); + g_print ("selected objects are:\n"); + + i = GTK_TREE_SELECTION(tree); + while (i){ + gchar *name; + GtkLabel *label; + GtkWidget *item; + + /* Get a GtkWidget pointer from the list node */ + item = GTK_WIDGET (i->data); + label = GTK_LABEL (GTK_BIN (item)->child); + gtk_label_get (label, &name); + g_print ("\t%s on level %d\n", name, GTK_TREE + (item->parent)->level); + i = i->next; + } +} + +/* + * Expand or collapse the whole network ... + */ +static void cb_wholenet(GtkWidget *item, gchar *signame) +{ + GtkWidget *real_tree, *aitem, *subtree; + gchar *name; + GtkLabel *label; + gint dh, err, dirlen; + char dirbuf[512]; + struct smbc_dirent *dirp; + + label = GTK_LABEL (GTK_BIN (item)->child); + gtk_label_get (label, &name); + g_print ("%s called for item %s->%p, level %d\n", signame, name, + item, GTK_TREE (item->parent)->level); + + real_tree = GTK_TREE_ITEM_SUBTREE(item); /* Get the subtree */ + + if (strncmp(signame, "expand", 6) == 0) { /* Expand called */ + + if ((dh = smbc_opendir("smb://")) < 0) { /* Handle error */ + + g_print("cb_wholenet: Could not open dir smbc://, %s\n", + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { /* An error, report it */ + + g_print("cb_wholenet: Could not read dir smbc://, %s\n", + strerror(errno)); + + gtk_main_quit(); + + return; + + } + + dirp = (struct smbc_dirent *)dirbuf; + + while (err > 0) { + struct tree_data *my_data; + + dirlen = dirp->dirlen; + + my_data = make_tree_data(dirp->smbc_type, dirp->name); + + aitem = gtk_tree_item_new_with_label(dirp->name); + + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(aitem), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(aitem), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(aitem), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(aitem), "expand", + GTK_SIGNAL_FUNC(cb_itemsignal), "expand"); + gtk_signal_connect (GTK_OBJECT(aitem), "collapse", + GTK_SIGNAL_FUNC(cb_itemsignal), "collapse"); + + gtk_tree_append (GTK_TREE(real_tree), aitem); + /* Show it - this can be done at any time */ + gtk_widget_show (aitem); + + gtk_object_set_user_data(GTK_OBJECT(aitem), (gpointer)my_data); + + fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen); + + subtree = gtk_tree_new(); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(aitem), subtree); + + gtk_signal_connect(GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect(GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + + smbc_closedir(dh); + + } + else { /* Must be collapse ... FIXME ... */ + GtkWidget *subtree = gtk_tree_new(); + + gtk_tree_remove_items(GTK_TREE(real_tree), GTK_TREE(real_tree)->children); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), real_tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), real_tree); + + + } + +} + +/* Should put up a dialog box to ask the user for username and password */ + +static void +auth_fn(const char *server, const char *share, + char *workgroup, int wgmaxlen, char *username, int unmaxlen, + char *password, int pwmaxlen) +{ + + strncpy(username, "test", unmaxlen); + strncpy(password, "test", pwmaxlen); + +} + +static char *col_titles[] = { + "Name", "Attributes", "Size", "Modification Date", +}; + +int main( int argc, + char *argv[] ) +{ + GtkWidget *window, *scrolled_win, *scrolled_win2, *tree; + GtkWidget *subtree, *item, *main_hbox, *r_pane, *l_pane; + gint err, dh; + gint i; + char dirbuf[512]; + struct smbc_dirent *dirp; + + gtk_init (&argc, &argv); + + /* Init the smbclient library */ + + err = smbc_init(auth_fn, 10); + + /* Print an error response ... */ + + if (err < 0) { + + fprintf(stderr, "smbc_init returned %s (%i)\nDo you have a ~/.smb/smb.conf file?\n", strerror(errno), errno); + exit(1); + + } + + /* a generic toplevel window */ + window = gtk_window_new (GTK_WINDOW_TOPLEVEL); + gtk_widget_set_name(window, "main browser window"); + gtk_signal_connect (GTK_OBJECT(window), "delete_event", + GTK_SIGNAL_FUNC (gtk_main_quit), NULL); + gtk_window_set_title(GTK_WINDOW(window), "The Linux Windows Network Browser"); + gtk_widget_set_usize(GTK_WIDGET(window), 750, -1); + gtk_container_set_border_width (GTK_CONTAINER(window), 5); + + gtk_widget_show (window); + + /* A container for the two panes ... */ + + main_hbox = gtk_hbox_new(FALSE, 1); + gtk_container_border_width(GTK_CONTAINER(main_hbox), 1); + gtk_container_add(GTK_CONTAINER(window), main_hbox); + + gtk_widget_show(main_hbox); + + l_pane = gtk_hpaned_new(); + gtk_paned_gutter_size(GTK_PANED(l_pane), (GTK_PANED(l_pane))->handle_size); + r_pane = gtk_hpaned_new(); + gtk_paned_gutter_size(GTK_PANED(r_pane), (GTK_PANED(r_pane))->handle_size); + gtk_container_add(GTK_CONTAINER(main_hbox), l_pane); + gtk_widget_show(l_pane); + + /* A generic scrolled window */ + scrolled_win = gtk_scrolled_window_new (NULL, NULL); + gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (scrolled_win), + GTK_POLICY_AUTOMATIC, + GTK_POLICY_AUTOMATIC); + gtk_widget_set_usize (scrolled_win, 150, 200); + gtk_container_add (GTK_CONTAINER(l_pane), scrolled_win); + gtk_widget_show (scrolled_win); + + /* Another generic scrolled window */ + scrolled_win2 = gtk_scrolled_window_new (NULL, NULL); + gtk_scrolled_window_set_policy (GTK_SCROLLED_WINDOW (scrolled_win2), + GTK_POLICY_AUTOMATIC, + GTK_POLICY_AUTOMATIC); + gtk_widget_set_usize (scrolled_win2, 150, 200); + gtk_paned_add2 (GTK_PANED(l_pane), scrolled_win2); + gtk_widget_show (scrolled_win2); + + /* Create the root tree */ + tree = gtk_tree_new(); + g_print ("root tree is %p\n", tree); + /* connect all GtkTree:: signals */ + gtk_signal_connect (GTK_OBJECT(tree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), tree); + gtk_signal_connect (GTK_OBJECT(tree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), tree); + gtk_signal_connect (GTK_OBJECT(tree), "selection_changed", + GTK_SIGNAL_FUNC(cb_selection_changed), tree); + /* Add it to the scrolled window */ + gtk_scrolled_window_add_with_viewport (GTK_SCROLLED_WINDOW(scrolled_win), + tree); + /* Set the selection mode */ + gtk_tree_set_selection_mode (GTK_TREE(tree), + GTK_SELECTION_MULTIPLE); + /* Show it */ + gtk_widget_show (tree); + + /* Now, create a clist and attach it to the second pane */ + + clist = gtk_clist_new_with_titles(4, col_titles); + + gtk_container_add (GTK_CONTAINER(scrolled_win2), clist); + + gtk_widget_show(clist); + + /* Now, build the top level display ... */ + + if ((dh = smbc_opendir("smb:///")) < 0) { + + fprintf(stderr, "Could not list default workgroup: smb:///: %s\n", + strerror(errno)); + + exit(1); + + } + + /* Create a tree item for Whole Network */ + + item = gtk_tree_item_new_with_label ("Whole Network"); + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(item), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(item), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(item), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(item), "expand", + GTK_SIGNAL_FUNC(cb_wholenet), "expand"); + gtk_signal_connect (GTK_OBJECT(item), "collapse", + GTK_SIGNAL_FUNC(cb_wholenet), "collapse"); + /* Add it to the parent tree */ + gtk_tree_append (GTK_TREE(tree), item); + /* Show it - this can be done at any time */ + gtk_widget_show (item); + + subtree = gtk_tree_new(); /* A subtree for Whole Network */ + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), tree); + + /* Now, get the items in smb:/// and add them to the tree */ + + dirp = (struct smbc_dirent *)dirbuf; + + while ((err = smbc_getdents(dh, (struct smbc_dirent *)dirbuf, + sizeof(dirbuf))) != 0) { + + if (err < 0) { /* Handle the error */ + + fprintf(stderr, "Could not read directory for smbc:///: %s\n", + strerror(errno)); + + exit(1); + + } + + fprintf(stdout, "Dir len: %u\n", err); + + while (err > 0) { /* Extract each entry and make a sub-tree */ + struct tree_data *my_data; + int dirlen = dirp->dirlen; + + my_data = make_tree_data(dirp->smbc_type, dirp->name); + + item = gtk_tree_item_new_with_label(dirp->name); + /* Connect all GtkItem:: and GtkTreeItem:: signals */ + gtk_signal_connect (GTK_OBJECT(item), "select", + GTK_SIGNAL_FUNC(cb_itemsignal), "select"); + gtk_signal_connect (GTK_OBJECT(item), "deselect", + GTK_SIGNAL_FUNC(cb_itemsignal), "deselect"); + gtk_signal_connect (GTK_OBJECT(item), "toggle", + GTK_SIGNAL_FUNC(cb_itemsignal), "toggle"); + gtk_signal_connect (GTK_OBJECT(item), "expand", + GTK_SIGNAL_FUNC(cb_itemsignal), "expand"); + gtk_signal_connect (GTK_OBJECT(item), "collapse", + GTK_SIGNAL_FUNC(cb_itemsignal), "collapse"); + /* Add it to the parent tree */ + gtk_tree_append (GTK_TREE(tree), item); + /* Show it - this can be done at any time */ + gtk_widget_show (item); + + gtk_object_set_user_data(GTK_OBJECT(item), (gpointer)my_data); + + fprintf(stdout, "Added: %s, len: %u\n", dirp->name, dirlen); + + subtree = gtk_tree_new(); + + gtk_tree_item_set_subtree(GTK_TREE_ITEM(item), subtree); + + gtk_signal_connect (GTK_OBJECT(subtree), "select_child", + GTK_SIGNAL_FUNC(cb_select_child), tree); + gtk_signal_connect (GTK_OBJECT(subtree), "unselect_child", + GTK_SIGNAL_FUNC(cb_unselect_child), tree); + + (char *)dirp += dirlen; + err -= dirlen; + + } + + } + + smbc_closedir(dh); /* FIXME, check for error :-) */ + + /* Show the window and loop endlessly */ + gtk_main(); + return 0; +} +/* example-end */ diff --git a/source3/codepages/.cvsignore b/source3/codepages/.cvsignore new file mode 100644 index 00000000000..e69de29bb2d diff --git a/source3/codepages/lowcase.dat b/source3/codepages/lowcase.dat new file mode 100644 index 00000000000..62b6e2e952b Binary files /dev/null and b/source3/codepages/lowcase.dat differ diff --git a/source3/codepages/upcase.dat b/source3/codepages/upcase.dat new file mode 100644 index 00000000000..bb6f9beb4e3 Binary files /dev/null and b/source3/codepages/upcase.dat differ diff --git a/source3/codepages/valid.dat b/source3/codepages/valid.dat new file mode 100644 index 00000000000..78c14b33f0f Binary files /dev/null and b/source3/codepages/valid.dat differ diff --git a/source3/config.guess b/source3/config.guess new file mode 100755 index 00000000000..bcdc0742b73 --- /dev/null +++ b/source3/config.guess @@ -0,0 +1,1308 @@ +#! /bin/sh +# Attempt to guess a canonical system name. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. + +timestamp='2001-11-26' + +# This file is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +# +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Originally written by Per Bothner . +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# This script attempts to guess a canonical system name similar to +# config.sub. If it succeeds, it prints the system name on stdout, and +# exits with 0. Otherwise, it exits with 1. +# +# The plan is that this can be called by configure scripts if you +# don't specify an explicit build system type. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] + +Output the configuration name of the system \`$me' is run on. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.guess ($timestamp) + +Originally written by Per Bothner. +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" >&2 + exit 1 ;; + * ) + break ;; + esac +done + +if test $# != 0; then + echo "$me: too many arguments$help" >&2 + exit 1 +fi + + +dummy=dummy-$$ +trap 'rm -f $dummy.c $dummy.o $dummy.rel $dummy; exit 1' 1 2 15 + +# CC_FOR_BUILD -- compiler used by this script. +# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still +# use `HOST_CC' if defined, but it is deprecated. + +set_cc_for_build='case $CC_FOR_BUILD,$HOST_CC,$CC in + ,,) echo "int dummy(){}" > $dummy.c ; + for c in cc gcc c89 ; do + ($c $dummy.c -c -o $dummy.o) >/dev/null 2>&1 ; + if test $? = 0 ; then + CC_FOR_BUILD="$c"; break ; + fi ; + done ; + rm -f $dummy.c $dummy.o $dummy.rel ; + if test x"$CC_FOR_BUILD" = x ; then + CC_FOR_BUILD=no_compiler_found ; + fi + ;; + ,,*) CC_FOR_BUILD=$CC ;; + ,*,*) CC_FOR_BUILD=$HOST_CC ;; +esac' + +# This is needed to find uname on a Pyramid OSx when run in the BSD universe. +# (ghazi@noc.rutgers.edu 1994-08-24) +if (test -f /.attbin/uname) >/dev/null 2>&1 ; then + PATH=$PATH:/.attbin ; export PATH +fi + +UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown +UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown +UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown +UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown + +# Note: order is significant - the case branches are not exclusive. + +case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in + *:NetBSD:*:*) + # NetBSD (nbsd) targets should (where applicable) match one or + # more of the tupples: *-*-netbsdelf*, *-*-netbsdaout*, + # *-*-netbsdecoff* and *-*-netbsd*. For targets that recently + # switched to ELF, *-*-netbsd* would select the old + # object file format. This provides both forward + # compatibility and a consistent mechanism for selecting the + # object file format. + # Determine the machine/vendor (is the vendor relevant). + case "${UNAME_MACHINE}" in + amiga) machine=m68k-unknown ;; + arm32) machine=arm-unknown ;; + atari*) machine=m68k-atari ;; + sun3*) machine=m68k-sun ;; + mac68k) machine=m68k-apple ;; + macppc) machine=powerpc-apple ;; + hp3[0-9][05]) machine=m68k-hp ;; + ibmrt|romp-ibm) machine=romp-ibm ;; + sparc*) machine=`uname -p`-unknown ;; + *) machine=${UNAME_MACHINE}-unknown ;; + esac + # The Operating System including object format, if it has switched + # to ELF recently, or will in the future. + case "${UNAME_MACHINE}" in + i386|sparc|amiga|arm*|hp300|mvme68k|vax|atari|luna68k|mac68k|news68k|next68k|pc532|sun3*|x68k) + eval $set_cc_for_build + if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ + | grep __ELF__ >/dev/null + then + # Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout). + # Return netbsd for either. FIX? + os=netbsd + else + os=netbsdelf + fi + ;; + *) + os=netbsd + ;; + esac + # The OS release + release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: + # contains redundant information, the shorter form: + # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. + echo "${machine}-${os}${release}" + exit 0 ;; + amiga:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + arc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + hp300:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mac68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + macppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme68k:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvme88k:OpenBSD:*:*) + echo m88k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + mvmeppc:OpenBSD:*:*) + echo powerpc-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + pmax:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sgi:OpenBSD:*:*) + echo mipseb-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + sun3:OpenBSD:*:*) + echo m68k-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + wgrisc:OpenBSD:*:*) + echo mipsel-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + *:OpenBSD:*:*) + echo ${UNAME_MACHINE}-unknown-openbsd${UNAME_RELEASE} + exit 0 ;; + alpha:OSF1:*:*) + if test $UNAME_RELEASE = "V4.0"; then + UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'` + fi + # A Vn.n version is a released version. + # A Tn.n version is a released field test version. + # A Xn.n version is an unreleased experimental baselevel. + # 1.2 uses "1.2" for uname -r. + cat <$dummy.s + .data +\$Lformat: + .byte 37,100,45,37,120,10,0 # "%d-%x\n" + + .text + .globl main + .align 4 + .ent main +main: + .frame \$30,16,\$26,0 + ldgp \$29,0(\$27) + .prologue 1 + .long 0x47e03d80 # implver \$0 + lda \$2,-1 + .long 0x47e20c21 # amask \$2,\$1 + lda \$16,\$Lformat + mov \$0,\$17 + not \$1,\$18 + jsr \$26,printf + ldgp \$29,0(\$26) + mov 0,\$16 + jsr \$26,exit + .end main +EOF + eval $set_cc_for_build + $CC_FOR_BUILD $dummy.s -o $dummy 2>/dev/null + if test "$?" = 0 ; then + case `./$dummy` in + 0-0) + UNAME_MACHINE="alpha" + ;; + 1-0) + UNAME_MACHINE="alphaev5" + ;; + 1-1) + UNAME_MACHINE="alphaev56" + ;; + 1-101) + UNAME_MACHINE="alphapca56" + ;; + 2-303) + UNAME_MACHINE="alphaev6" + ;; + 2-307) + UNAME_MACHINE="alphaev67" + ;; + 2-1307) + UNAME_MACHINE="alphaev68" + ;; + esac + fi + rm -f $dummy.s $dummy + echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[VTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + exit 0 ;; + Alpha\ *:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # Should we change UNAME_MACHINE based on the output of uname instead + # of the specific Alpha model? + echo alpha-pc-interix + exit 0 ;; + 21064:Windows_NT:50:3) + echo alpha-dec-winnt3.5 + exit 0 ;; + Amiga*:UNIX_System_V:4.0:*) + echo m68k-unknown-sysv4 + exit 0;; + *:[Aa]miga[Oo][Ss]:*:*) + echo ${UNAME_MACHINE}-unknown-amigaos + exit 0 ;; + *:OS/390:*:*) + echo i370-ibm-openedition + exit 0 ;; + arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*) + echo arm-acorn-riscix${UNAME_RELEASE} + exit 0;; + SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*) + echo hppa1.1-hitachi-hiuxmpp + exit 0;; + Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*) + # akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE. + if test "`(/bin/universe) 2>/dev/null`" = att ; then + echo pyramid-pyramid-sysv3 + else + echo pyramid-pyramid-bsd + fi + exit 0 ;; + NILE*:*:*:dcosx) + echo pyramid-pyramid-svr4 + exit 0 ;; + sun4H:SunOS:5.*:*) + echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*) + echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + i86pc:SunOS:5.*:*) + echo i386-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:6*:*) + # According to config.sub, this is the proper way to canonicalize + # SunOS6. Hard to guess exactly what SunOS6 will be like, but + # it's likely to be more like Solaris than SunOS4. + echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + sun4*:SunOS:*:*) + case "`/usr/bin/arch -k`" in + Series*|S4*) + UNAME_RELEASE=`uname -v` + ;; + esac + # Japanese Language versions have a version number like `4.1.3-JL'. + echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'` + exit 0 ;; + sun3*:SunOS:*:*) + echo m68k-sun-sunos${UNAME_RELEASE} + exit 0 ;; + sun*:*:4.2BSD:*) + UNAME_RELEASE=`(head -1 /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null` + test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3 + case "`/bin/arch`" in + sun3) + echo m68k-sun-sunos${UNAME_RELEASE} + ;; + sun4) + echo sparc-sun-sunos${UNAME_RELEASE} + ;; + esac + exit 0 ;; + aushp:SunOS:*:*) + echo sparc-auspex-sunos${UNAME_RELEASE} + exit 0 ;; + # The situation for MiNT is a little confusing. The machine name + # can be virtually everything (everything which is not + # "atarist" or "atariste" at least should have a processor + # > m68000). The system name ranges from "MiNT" over "FreeMiNT" + # to the lowercase version "mint" (or "freemint"). Finally + # the system name "TOS" denotes a system which is actually not + # MiNT. But MiNT is downward compatible to TOS, so this should + # be no problem. + atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + *falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*) + echo m68k-atari-mint${UNAME_RELEASE} + exit 0 ;; + milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*) + echo m68k-milan-mint${UNAME_RELEASE} + exit 0 ;; + hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*) + echo m68k-hades-mint${UNAME_RELEASE} + exit 0 ;; + *:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*) + echo m68k-unknown-mint${UNAME_RELEASE} + exit 0 ;; + powerpc:machten:*:*) + echo powerpc-apple-machten${UNAME_RELEASE} + exit 0 ;; + RISC*:Mach:*:*) + echo mips-dec-mach_bsd4.3 + exit 0 ;; + RISC*:ULTRIX:*:*) + echo mips-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + VAX*:ULTRIX*:*:*) + echo vax-dec-ultrix${UNAME_RELEASE} + exit 0 ;; + 2020:CLIX:*:* | 2430:CLIX:*:*) + echo clipper-intergraph-clix${UNAME_RELEASE} + exit 0 ;; + mips:*:*:UMIPS | mips:*:*:RISCos) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif + #if defined (host_mips) && defined (MIPSEB) + #if defined (SYSTYPE_SYSV) + printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_SVR4) + printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0); + #endif + #if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD) + printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0); + #endif + #endif + exit (-1); + } +EOF + $CC_FOR_BUILD $dummy.c -o $dummy \ + && ./$dummy `echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` \ + && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy + echo mips-mips-riscos${UNAME_RELEASE} + exit 0 ;; + Motorola:PowerMAX_OS:*:*) + echo powerpc-motorola-powermax + exit 0 ;; + Night_Hawk:Power_UNIX:*:*) + echo powerpc-harris-powerunix + exit 0 ;; + m88k:CX/UX:7*:*) + echo m88k-harris-cxux7 + exit 0 ;; + m88k:*:4*:R4*) + echo m88k-motorola-sysv4 + exit 0 ;; + m88k:*:3*:R3*) + echo m88k-motorola-sysv3 + exit 0 ;; + AViiON:dgux:*:*) + # DG/UX returns AViiON for all architectures + UNAME_PROCESSOR=`/usr/bin/uname -p` + if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ] + then + if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \ + [ ${TARGET_BINARY_INTERFACE}x = x ] + then + echo m88k-dg-dgux${UNAME_RELEASE} + else + echo m88k-dg-dguxbcs${UNAME_RELEASE} + fi + else + echo i586-dg-dgux${UNAME_RELEASE} + fi + exit 0 ;; + M88*:DolphinOS:*:*) # DolphinOS (SVR3) + echo m88k-dolphin-sysv3 + exit 0 ;; + M88*:*:R3*:*) + # Delta 88k system running SVR3 + echo m88k-motorola-sysv3 + exit 0 ;; + XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3) + echo m88k-tektronix-sysv3 + exit 0 ;; + Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD) + echo m68k-tektronix-bsd + exit 0 ;; + *:IRIX*:*:*) + echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'` + exit 0 ;; + ????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX. + echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id + exit 0 ;; # Note that: echo "'`uname -s`'" gives 'AIX ' + i*86:AIX:*:*) + echo i386-ibm-aix + exit 0 ;; + ia64:AIX:*:*) + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${UNAME_MACHINE}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:2:3) + if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + + main() + { + if (!__power_pc()) + exit(1); + puts("powerpc-ibm-aix3.2.5"); + exit(0); + } +EOF + $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy + echo rs6000-ibm-aix3.2.5 + elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then + echo rs6000-ibm-aix3.2.4 + else + echo rs6000-ibm-aix3.2 + fi + exit 0 ;; + *:AIX:*:[45]) + IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | head -1 | awk '{ print $1 }'` + if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then + IBM_ARCH=rs6000 + else + IBM_ARCH=powerpc + fi + if [ -x /usr/bin/oslevel ] ; then + IBM_REV=`/usr/bin/oslevel` + else + IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} + fi + echo ${IBM_ARCH}-ibm-aix${IBM_REV} + exit 0 ;; + *:AIX:*:*) + echo rs6000-ibm-aix + exit 0 ;; + ibmrt:4.4BSD:*|romp-ibm:BSD:*) + echo romp-ibm-bsd4.4 + exit 0 ;; + ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and + echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to + exit 0 ;; # report: romp-ibm BSD 4.3 + *:BOSX:*:*) + echo rs6000-bull-bosx + exit 0 ;; + DPX/2?00:B.O.S.:*:*) + echo m68k-bull-sysv3 + exit 0 ;; + 9000/[34]??:4.3bsd:1.*:*) + echo m68k-hp-bsd + exit 0 ;; + hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*) + echo m68k-hp-bsd4.4 + exit 0 ;; + 9000/[34678]??:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + case "${UNAME_MACHINE}" in + 9000/31? ) HP_ARCH=m68000 ;; + 9000/[34]?? ) HP_ARCH=m68k ;; + 9000/[678][0-9][0-9]) + if [ -x /usr/bin/getconf ]; then + sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null` + sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null` + case "${sc_cpu_version}" in + 523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0 + 528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1 + 532) # CPU_PA_RISC2_0 + case "${sc_kernel_bits}" in + 32) HP_ARCH="hppa2.0n" ;; + 64) HP_ARCH="hppa2.0w" ;; + '') HP_ARCH="hppa2.0" ;; # HP-UX 10.20 + esac ;; + esac + fi + if [ "${HP_ARCH}" = "" ]; then + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + + #define _HPUX_SOURCE + #include + #include + + int main () + { + #if defined(_SC_KERNEL_BITS) + long bits = sysconf(_SC_KERNEL_BITS); + #endif + long cpu = sysconf (_SC_CPU_VERSION); + + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1"); break; + case CPU_PA_RISC2_0: + #if defined(_SC_KERNEL_BITS) + switch (bits) + { + case 64: puts ("hppa2.0w"); break; + case 32: puts ("hppa2.0n"); break; + default: puts ("hppa2.0"); break; + } break; + #else /* !defined(_SC_KERNEL_BITS) */ + puts ("hppa2.0"); break; + #endif + default: puts ("hppa1.0"); break; + } + exit (0); + } +EOF + (CCOPTS= $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null) && HP_ARCH=`./$dummy` + if test -z "$HP_ARCH"; then HP_ARCH=hppa; fi + rm -f $dummy.c $dummy + fi ;; + esac + echo ${HP_ARCH}-hp-hpux${HPUX_REV} + exit 0 ;; + ia64:HP-UX:*:*) + HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'` + echo ia64-hp-hpux${HPUX_REV} + exit 0 ;; + 3050*:HI-UX:*:*) + eval $set_cc_for_build + sed 's/^ //' << EOF >$dummy.c + #include + int + main () + { + long cpu = sysconf (_SC_CPU_VERSION); + /* The order matters, because CPU_IS_HP_MC68K erroneously returns + true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct + results, however. */ + if (CPU_IS_PA_RISC (cpu)) + { + switch (cpu) + { + case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break; + case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break; + case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break; + default: puts ("hppa-hitachi-hiuxwe2"); break; + } + } + else if (CPU_IS_HP_MC68K (cpu)) + puts ("m68k-hitachi-hiuxwe2"); + else puts ("unknown-hitachi-hiuxwe2"); + exit (0); + } +EOF + $CC_FOR_BUILD $dummy.c -o $dummy && ./$dummy && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy + echo unknown-hitachi-hiuxwe2 + exit 0 ;; + 9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* ) + echo hppa1.1-hp-bsd + exit 0 ;; + 9000/8??:4.3bsd:*:*) + echo hppa1.0-hp-bsd + exit 0 ;; + *9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*) + echo hppa1.0-hp-mpeix + exit 0 ;; + hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* ) + echo hppa1.1-hp-osf + exit 0 ;; + hp8??:OSF1:*:*) + echo hppa1.0-hp-osf + exit 0 ;; + i*86:OSF1:*:*) + if [ -x /usr/sbin/sysversion ] ; then + echo ${UNAME_MACHINE}-unknown-osf1mk + else + echo ${UNAME_MACHINE}-unknown-osf1 + fi + exit 0 ;; + parisc*:Lites*:*:*) + echo hppa1.1-hp-lites + exit 0 ;; + C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*) + echo c1-convex-bsd + exit 0 ;; + C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*) + echo c34-convex-bsd + exit 0 ;; + C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*) + echo c38-convex-bsd + exit 0 ;; + C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*) + echo c4-convex-bsd + exit 0 ;; + CRAY*X-MP:*:*:*) + echo xmp-cray-unicos + exit 0 ;; + CRAY*Y-MP:*:*:*) + echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*[A-Z]90:*:*:*) + echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \ + | sed -e 's/CRAY.*\([A-Z]90\)/\1/' \ + -e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \ + -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*TS:*:*:*) + echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3D:*:*:*) + echo alpha-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*T3E:*:*:*) + echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY*SV1:*:*:*) + echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/' + exit 0 ;; + CRAY-2:*:*:*) + echo cray2-cray-unicos + exit 0 ;; + F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*) + FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'` + FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'` + FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'` + echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}" + exit 0 ;; + i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*) + echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE} + exit 0 ;; + sparc*:BSD/OS:*:*) + echo sparc-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:BSD/OS:*:*) + echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE} + exit 0 ;; + *:FreeBSD:*:*) + echo ${UNAME_MACHINE}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` + exit 0 ;; + i*:CYGWIN*:*) + echo ${UNAME_MACHINE}-pc-cygwin + exit 0 ;; + i*:MINGW*:*) + echo ${UNAME_MACHINE}-pc-mingw32 + exit 0 ;; + i*:PW*:*) + echo ${UNAME_MACHINE}-pc-pw32 + exit 0 ;; + i*:Windows_NT*:* | Pentium*:Windows_NT*:*) + # How do we know it's Interix rather than the generic POSIX subsystem? + # It also conflicts with pre-2.0 versions of AT&T UWIN. Should we + # UNAME_MACHINE based on the output of uname instead of i386? + echo i386-pc-interix + exit 0 ;; + i*:UWIN*:*) + echo ${UNAME_MACHINE}-pc-uwin + exit 0 ;; + p*:CYGWIN*:*) + echo powerpcle-unknown-cygwin + exit 0 ;; + prep*:SunOS:5.*:*) + echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'` + exit 0 ;; + *:GNU:*:*) + echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-gnu`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'` + exit 0 ;; + i*86:Minix:*:*) + echo ${UNAME_MACHINE}-pc-minix + exit 0 ;; + arm*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + ia64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux + exit 0 ;; + m68*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + mips:Linux:*:*) + case `sed -n '/^byte/s/^.*: \(.*\) endian/\1/p' < /proc/cpuinfo` in + big) echo mips-unknown-linux-gnu && exit 0 ;; + little) echo mipsel-unknown-linux-gnu && exit 0 ;; + esac + ;; + ppc:Linux:*:*) + echo powerpc-unknown-linux-gnu + exit 0 ;; + ppc64:Linux:*:*) + echo powerpc64-unknown-linux-gnu + exit 0 ;; + alpha:Linux:*:*) + case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in + EV5) UNAME_MACHINE=alphaev5 ;; + EV56) UNAME_MACHINE=alphaev56 ;; + PCA56) UNAME_MACHINE=alphapca56 ;; + PCA57) UNAME_MACHINE=alphapca56 ;; + EV6) UNAME_MACHINE=alphaev6 ;; + EV67) UNAME_MACHINE=alphaev67 ;; + EV68*) UNAME_MACHINE=alphaev68 ;; + esac + objdump --private-headers /bin/sh | grep ld.so.1 >/dev/null + if test "$?" = 0 ; then LIBC="libc1" ; else LIBC="" ; fi + echo ${UNAME_MACHINE}-unknown-linux-gnu${LIBC} + exit 0 ;; + parisc:Linux:*:* | hppa:Linux:*:*) + # Look for CPU level + case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in + PA7*) echo hppa1.1-unknown-linux-gnu ;; + PA8*) echo hppa2.0-unknown-linux-gnu ;; + *) echo hppa-unknown-linux-gnu ;; + esac + exit 0 ;; + parisc64:Linux:*:* | hppa64:Linux:*:*) + echo hppa64-unknown-linux-gnu + exit 0 ;; + s390:Linux:*:* | s390x:Linux:*:*) + echo ${UNAME_MACHINE}-ibm-linux + exit 0 ;; + sh*:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + sparc:Linux:*:* | sparc64:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-gnu + exit 0 ;; + x86_64:Linux:*:*) + echo x86_64-unknown-linux-gnu + exit 0 ;; + i*86:Linux:*:*) + # The BFD linker knows what the default object file format is, so + # first see if it will tell us. cd to the root directory to prevent + # problems with other programs or directories called `ld' in the path. + ld_supported_targets=`cd /; ld --help 2>&1 \ + | sed -ne '/supported targets:/!d + s/[ ][ ]*/ /g + s/.*supported targets: *// + s/ .*// + p'` + case "$ld_supported_targets" in + elf32-i386) + TENTATIVE="${UNAME_MACHINE}-pc-linux-gnu" + ;; + a.out-i386-linux) + echo "${UNAME_MACHINE}-pc-linux-gnuaout" + exit 0 ;; + coff-i386) + echo "${UNAME_MACHINE}-pc-linux-gnucoff" + exit 0 ;; + "") + # Either a pre-BFD a.out linker (linux-gnuoldld) or + # one that does not give us useful --help. + echo "${UNAME_MACHINE}-pc-linux-gnuoldld" + exit 0 ;; + esac + # Determine whether the default compiler is a.out or elf + eval $set_cc_for_build + cat >$dummy.c < +#ifdef __cplusplus +#include /* for printf() prototype */ + int main (int argc, char *argv[]) { +#else + int main (argc, argv) int argc; char *argv[]; { +#endif +#ifdef __ELF__ +# ifdef __GLIBC__ +# if __GLIBC__ >= 2 + printf ("%s-pc-linux-gnu\n", argv[1]); +# else + printf ("%s-pc-linux-gnulibc1\n", argv[1]); +# endif +# else + printf ("%s-pc-linux-gnulibc1\n", argv[1]); +# endif +#else + printf ("%s-pc-linux-gnuaout\n", argv[1]); +#endif + return 0; +} +EOF + $CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy "${UNAME_MACHINE}" && rm -f $dummy.c $dummy && exit 0 + rm -f $dummy.c $dummy + test x"${TENTATIVE}" != x && echo "${TENTATIVE}" && exit 0 + ;; + i*86:DYNIX/ptx:4*:*) + # ptx 4.0 does uname -s correctly, with DYNIX/ptx in there. + # earlier versions are messed up and put the nodename in both + # sysname and nodename. + echo i386-sequent-sysv4 + exit 0 ;; + i*86:UNIX_SV:4.2MP:2.*) + # Unixware is an offshoot of SVR4, but it has its own version + # number series starting with 2... + # I am not positive that other SVR4 systems won't match this, + # I just have to hope. -- rms. + # Use sysv4.2uw... so that sysv4* matches it. + echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION} + exit 0 ;; + i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*) + UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'` + if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then + echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL} + else + echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL} + fi + exit 0 ;; + i*86:*:5:[78]*) + case `/bin/uname -X | grep "^Machine"` in + *486*) UNAME_MACHINE=i486 ;; + *Pentium) UNAME_MACHINE=i586 ;; + *Pent*|*Celeron) UNAME_MACHINE=i686 ;; + esac + echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION} + exit 0 ;; + i*86:*:3.2:*) + if test -f /usr/options/cb.name; then + UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then + UNAME_REL=`(/bin/uname -X|egrep Release|sed -e 's/.*= //')` + (/bin/uname -X|egrep i80486 >/dev/null) && UNAME_MACHINE=i486 + (/bin/uname -X|egrep '^Machine.*Pentium' >/dev/null) \ + && UNAME_MACHINE=i586 + (/bin/uname -X|egrep '^Machine.*Pent ?II' >/dev/null) \ + && UNAME_MACHINE=i686 + (/bin/uname -X|egrep '^Machine.*Pentium Pro' >/dev/null) \ + && UNAME_MACHINE=i686 + echo ${UNAME_MACHINE}-pc-sco$UNAME_REL + else + echo ${UNAME_MACHINE}-pc-sysv32 + fi + exit 0 ;; + i*86:*DOS:*:*) + echo ${UNAME_MACHINE}-pc-msdosdjgpp + exit 0 ;; + pc:*:*:*) + # Left here for compatibility: + # uname -m prints for DJGPP always 'pc', but it prints nothing about + # the processor, so we play safe by assuming i386. + echo i386-pc-msdosdjgpp + exit 0 ;; + Intel:Mach:3*:*) + echo i386-pc-mach3 + exit 0 ;; + paragon:*:*:*) + echo i860-intel-osf1 + exit 0 ;; + i860:*:4.*:*) # i860-SVR4 + if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then + echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4 + else # Add other i860-SVR4 vendors below as they are discovered. + echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4 + fi + exit 0 ;; + mini*:CTIX:SYS*5:*) + # "miniframe" + echo m68010-convergent-sysv + exit 0 ;; + M68*:*:R3V[567]*:*) + test -r /sysV68 && echo 'm68k-motorola-sysv' && exit 0 ;; + 3[34]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0) + OS_REL='' + test -r /etc/.relid \ + && OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid` + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4.3${OS_REL} && exit 0 + /bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \ + && echo i586-ncr-sysv4.3${OS_REL} && exit 0 ;; + 3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*) + /bin/uname -p 2>/dev/null | grep 86 >/dev/null \ + && echo i486-ncr-sysv4 && exit 0 ;; + m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*) + echo m68k-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + mc68030:UNIX_System_V:4.*:*) + echo m68k-atari-sysv4 + exit 0 ;; + i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.0*:*) + echo i386-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + TSUNAMI:LynxOS:2.*:*) + echo sparc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + rs6000:LynxOS:2.*:*) + echo rs6000-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.0*:*) + echo powerpc-unknown-lynxos${UNAME_RELEASE} + exit 0 ;; + SM[BE]S:UNIX_SV:*:*) + echo mips-dde-sysv${UNAME_RELEASE} + exit 0 ;; + RM*:ReliantUNIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + RM*:SINIX-*:*:*) + echo mips-sni-sysv4 + exit 0 ;; + *:SINIX-*:*:*) + if uname -p 2>/dev/null >/dev/null ; then + UNAME_MACHINE=`(uname -p) 2>/dev/null` + echo ${UNAME_MACHINE}-sni-sysv4 + else + echo ns32k-sni-sysv + fi + exit 0 ;; + PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort + # says + echo i586-unisys-sysv4 + exit 0 ;; + *:UNIX_System_V:4*:FTX*) + # From Gerald Hewes . + # How about differentiating between stratus architectures? -djm + echo hppa1.1-stratus-sysv4 + exit 0 ;; + *:*:*:FTX*) + # From seanf@swdc.stratus.com. + echo i860-stratus-sysv4 + exit 0 ;; + *:VOS:*:*) + # From Paul.Green@stratus.com. + echo hppa1.1-stratus-vos + exit 0 ;; + mc68*:A/UX:*:*) + echo m68k-apple-aux${UNAME_RELEASE} + exit 0 ;; + news*:NEWS-OS:6*:*) + echo mips-sony-newsos6 + exit 0 ;; + R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*) + if [ -d /usr/nec ]; then + echo mips-nec-sysv${UNAME_RELEASE} + else + echo mips-unknown-sysv${UNAME_RELEASE} + fi + exit 0 ;; + BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only. + echo powerpc-be-beos + exit 0 ;; + BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only. + echo powerpc-apple-beos + exit 0 ;; + BePC:BeOS:*:*) # BeOS running on Intel PC compatible. + echo i586-pc-beos + exit 0 ;; + SX-4:SUPER-UX:*:*) + echo sx4-nec-superux${UNAME_RELEASE} + exit 0 ;; + SX-5:SUPER-UX:*:*) + echo sx5-nec-superux${UNAME_RELEASE} + exit 0 ;; + Power*:Rhapsody:*:*) + echo powerpc-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Rhapsody:*:*) + echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE} + exit 0 ;; + *:Darwin:*:*) + echo `uname -p`-apple-darwin${UNAME_RELEASE} + exit 0 ;; + *:procnto*:*:* | *:QNX:[0123456789]*:*) + if test "${UNAME_MACHINE}" = "x86pc"; then + UNAME_MACHINE=pc + fi + echo `uname -p`-${UNAME_MACHINE}-nto-qnx + exit 0 ;; + *:QNX:*:4*) + echo i386-pc-qnx + exit 0 ;; + NSR-[GKLNPTVW]:NONSTOP_KERNEL:*:*) + echo nsr-tandem-nsk${UNAME_RELEASE} + exit 0 ;; + *:NonStop-UX:*:*) + echo mips-compaq-nonstopux + exit 0 ;; + BS2000:POSIX*:*:*) + echo bs2000-siemens-sysv + exit 0 ;; + DS/*:UNIX_System_V:*:*) + echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE} + exit 0 ;; + *:Plan9:*:*) + # "uname -m" is not consistent, so use $cputype instead. 386 + # is converted to i386 for consistency with other x86 + # operating systems. + if test "$cputype" = "386"; then + UNAME_MACHINE=i386 + else + UNAME_MACHINE="$cputype" + fi + echo ${UNAME_MACHINE}-unknown-plan9 + exit 0 ;; + i*86:OS/2:*:*) + # If we were able to find `uname', then EMX Unix compatibility + # is probably installed. + echo ${UNAME_MACHINE}-pc-os2-emx + exit 0 ;; + *:TOPS-10:*:*) + echo pdp10-unknown-tops10 + exit 0 ;; + *:TENEX:*:*) + echo pdp10-unknown-tenex + exit 0 ;; + KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*) + echo pdp10-dec-tops20 + exit 0 ;; + XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*) + echo pdp10-xkl-tops20 + exit 0 ;; + *:TOPS-20:*:*) + echo pdp10-unknown-tops20 + exit 0 ;; + *:ITS:*:*) + echo pdp10-unknown-its + exit 0 ;; + i*86:XTS-300:*:STOP) + echo ${UNAME_MACHINE}-unknown-stop + exit 0 ;; + i*86:atheos:*:*) + echo ${UNAME_MACHINE}-unknown-atheos + exit 0 ;; +esac + +#echo '(No uname command or uname output not recognized.)' 1>&2 +#echo "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" 1>&2 + +eval $set_cc_for_build +cat >$dummy.c < +# include +#endif +main () +{ +#if defined (sony) +#if defined (MIPSEB) + /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, + I don't know.... */ + printf ("mips-sony-bsd\n"); exit (0); +#else +#include + printf ("m68k-sony-newsos%s\n", +#ifdef NEWSOS4 + "4" +#else + "" +#endif + ); exit (0); +#endif +#endif + +#if defined (__arm) && defined (__acorn) && defined (__unix) + printf ("arm-acorn-riscix"); exit (0); +#endif + +#if defined (hp300) && !defined (hpux) + printf ("m68k-hp-bsd\n"); exit (0); +#endif + +#if defined (NeXT) +#if !defined (__ARCHITECTURE__) +#define __ARCHITECTURE__ "m68k" +#endif + int version; + version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; + if (version < 4) + printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); + else + printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); + exit (0); +#endif + +#if defined (MULTIMAX) || defined (n16) +#if defined (UMAXV) + printf ("ns32k-encore-sysv\n"); exit (0); +#else +#if defined (CMU) + printf ("ns32k-encore-mach\n"); exit (0); +#else + printf ("ns32k-encore-bsd\n"); exit (0); +#endif +#endif +#endif + +#if defined (__386BSD__) + printf ("i386-pc-bsd\n"); exit (0); +#endif + +#if defined (sequent) +#if defined (i386) + printf ("i386-sequent-dynix\n"); exit (0); +#endif +#if defined (ns32000) + printf ("ns32k-sequent-dynix\n"); exit (0); +#endif +#endif + +#if defined (_SEQUENT_) + struct utsname un; + + uname(&un); + + if (strncmp(un.version, "V2", 2) == 0) { + printf ("i386-sequent-ptx2\n"); exit (0); + } + if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ + printf ("i386-sequent-ptx1\n"); exit (0); + } + printf ("i386-sequent-ptx\n"); exit (0); + +#endif + +#if defined (vax) +# if !defined (ultrix) +# include +# if defined (BSD) +# if BSD == 43 + printf ("vax-dec-bsd4.3\n"); exit (0); +# else +# if BSD == 199006 + printf ("vax-dec-bsd4.3reno\n"); exit (0); +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# endif +# else + printf ("vax-dec-bsd\n"); exit (0); +# endif +# else + printf ("vax-dec-ultrix\n"); exit (0); +# endif +#endif + +#if defined (alliant) && defined (i860) + printf ("i860-alliant-bsd\n"); exit (0); +#endif + + exit (1); +} +EOF + +$CC_FOR_BUILD $dummy.c -o $dummy 2>/dev/null && ./$dummy && rm -f $dummy.c $dummy && exit 0 +rm -f $dummy.c $dummy + +# Apollos put the system type in the environment. + +test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit 0; } + +# Convex versions that predate uname can use getsysinfo(1) + +if [ -x /usr/convex/getsysinfo ] +then + case `getsysinfo -f cpu_type` in + c1*) + echo c1-convex-bsd + exit 0 ;; + c2*) + if getsysinfo -f scalar_acc + then echo c32-convex-bsd + else echo c2-convex-bsd + fi + exit 0 ;; + c34*) + echo c34-convex-bsd + exit 0 ;; + c38*) + echo c38-convex-bsd + exit 0 ;; + c4*) + echo c4-convex-bsd + exit 0 ;; + esac +fi + +cat >&2 < in order to provide the needed +information to handle your system. + +config.guess timestamp = $timestamp + +uname -m = `(uname -m) 2>/dev/null || echo unknown` +uname -r = `(uname -r) 2>/dev/null || echo unknown` +uname -s = `(uname -s) 2>/dev/null || echo unknown` +uname -v = `(uname -v) 2>/dev/null || echo unknown` + +/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null` +/bin/uname -X = `(/bin/uname -X) 2>/dev/null` + +hostinfo = `(hostinfo) 2>/dev/null` +/bin/universe = `(/bin/universe) 2>/dev/null` +/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null` +/bin/arch = `(/bin/arch) 2>/dev/null` +/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null` +/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null` + +UNAME_MACHINE = ${UNAME_MACHINE} +UNAME_RELEASE = ${UNAME_RELEASE} +UNAME_SYSTEM = ${UNAME_SYSTEM} +UNAME_VERSION = ${UNAME_VERSION} +EOF + +exit 1 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/source3/config.sub b/source3/config.sub new file mode 100755 index 00000000000..2476310dff3 --- /dev/null +++ b/source3/config.sub @@ -0,0 +1,1421 @@ +#! /bin/sh +# Configuration validation subroutine script. +# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +# Free Software Foundation, Inc. + +timestamp='2001-12-03' + +# This file is (in principle) common to ALL GNU software. +# The presence of a machine in this file suggests that SOME GNU software +# can handle that machine. It does not imply ALL GNU software can. +# +# This file is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation; either version 2 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place - Suite 330, +# Boston, MA 02111-1307, USA. + +# As a special exception to the GNU General Public License, if you +# distribute this file as part of a program that contains a +# configuration script generated by Autoconf, you may include it under +# the same distribution terms that you use for the rest of that program. + +# Please send patches to . Submit a context +# diff and a properly formatted ChangeLog entry. +# +# Configuration subroutine to validate and canonicalize a configuration type. +# Supply the specified configuration type as an argument. +# If it is invalid, we print an error message on stderr and exit with code 1. +# Otherwise, we print the canonical config type on stdout and succeed. + +# This file is supposed to be the same for all GNU packages +# and recognize all the CPU types, system types and aliases +# that are meaningful with *any* GNU software. +# Each package is responsible for reporting which valid configurations +# it does not support. The user should be able to distinguish +# a failure to support a valid configuration from a meaningless +# configuration. + +# The goal of this file is to map all the various variations of a given +# machine specification into a single specification in the form: +# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM +# or in some cases, the newer four-part form: +# CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM +# It is wrong to echo any other type of specification. + +me=`echo "$0" | sed -e 's,.*/,,'` + +usage="\ +Usage: $0 [OPTION] CPU-MFR-OPSYS + $0 [OPTION] ALIAS + +Canonicalize a configuration name. + +Operation modes: + -h, --help print this help, then exit + -t, --time-stamp print date of last modification, then exit + -v, --version print version number, then exit + +Report bugs and patches to ." + +version="\ +GNU config.sub ($timestamp) + +Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 +Free Software Foundation, Inc. + +This is free software; see the source for copying conditions. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." + +help=" +Try \`$me --help' for more information." + +# Parse command line +while test $# -gt 0 ; do + case $1 in + --time-stamp | --time* | -t ) + echo "$timestamp" ; exit 0 ;; + --version | -v ) + echo "$version" ; exit 0 ;; + --help | --h* | -h ) + echo "$usage"; exit 0 ;; + -- ) # Stop option processing + shift; break ;; + - ) # Use stdin as input. + break ;; + -* ) + echo "$me: invalid option $1$help" + exit 1 ;; + + *local*) + # First pass through any local machine types. + echo $1 + exit 0;; + + * ) + break ;; + esac +done + +case $# in + 0) echo "$me: missing argument$help" >&2 + exit 1;; + 1) ;; + *) echo "$me: too many arguments$help" >&2 + exit 1;; +esac + +# Separate what the user gave into CPU-COMPANY and OS or KERNEL-OS (if any). +# Here we must recognize all the valid KERNEL-OS combinations. +maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'` +case $maybe_os in + nto-qnx* | linux-gnu* | storm-chaos* | os2-emx* | windows32-*) + os=-$maybe_os + basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'` + ;; + *) + basic_machine=`echo $1 | sed 's/-[^-]*$//'` + if [ $basic_machine != $1 ] + then os=`echo $1 | sed 's/.*-/-/'` + else os=; fi + ;; +esac + +### Let's recognize common machines as not being operating systems so +### that things like config.sub decstation-3100 work. We also +### recognize some manufacturers as not being operating systems, so we +### can provide default operating systems below. +case $os in + -sun*os*) + # Prevent following clause from handling this invalid input. + ;; + -dec* | -mips* | -sequent* | -encore* | -pc532* | -sgi* | -sony* | \ + -att* | -7300* | -3300* | -delta* | -motorola* | -sun[234]* | \ + -unicom* | -ibm* | -next | -hp | -isi* | -apollo | -altos* | \ + -convergent* | -ncr* | -news | -32* | -3600* | -3100* | -hitachi* |\ + -c[123]* | -convex* | -sun | -crds | -omron* | -dg | -ultra | -tti* | \ + -harris | -dolphin | -highlevel | -gould | -cbm | -ns | -masscomp | \ + -apple | -axis) + os= + basic_machine=$1 + ;; + -sim | -cisco | -oki | -wec | -winbond) + os= + basic_machine=$1 + ;; + -scout) + ;; + -wrs) + os=-vxworks + basic_machine=$1 + ;; + -chorusos*) + os=-chorusos + basic_machine=$1 + ;; + -chorusrdb) + os=-chorusrdb + basic_machine=$1 + ;; + -hiux*) + os=-hiuxwe2 + ;; + -sco5) + os=-sco3.2v5 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco4) + os=-sco3.2v4 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2.[4-9]*) + os=`echo $os | sed -e 's/sco3.2./sco3.2v/'` + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco3.2v[4-9]*) + # Don't forget version if it is 3.2v4 or newer. + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -sco*) + os=-sco3.2v2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -udk*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -isc) + os=-isc2.2 + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -clix*) + basic_machine=clipper-intergraph + ;; + -isc*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-pc/'` + ;; + -lynx*) + os=-lynxos + ;; + -ptx*) + basic_machine=`echo $1 | sed -e 's/86-.*/86-sequent/'` + ;; + -windowsnt*) + os=`echo $os | sed -e 's/windowsnt/winnt/'` + ;; + -psos*) + os=-psos + ;; + -mint | -mint[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; +esac + +# Decode aliases for certain CPU-COMPANY combinations. +case $basic_machine in + # Recognize the basic CPU types without company name. + # Some are omitted here because they have special meanings below. + 1750a | 580 \ + | a29k \ + | alpha | alphaev[4-8] | alphaev56 | alphaev6[78] | alphapca5[67] \ + | arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \ + | c4x | clipper \ + | d10v | d30v | dsp16xx \ + | fr30 \ + | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ + | i370 | i860 | i960 | ia64 \ + | m32r | m68000 | m68k | m88k | mcore \ + | mips16 | mips64 | mips64el | mips64orion | mips64orionel \ + | mips64vr4100 | mips64vr4100el | mips64vr4300 \ + | mips64vr4300el | mips64vr5000 | mips64vr5000el \ + | mipsbe | mipseb | mipsel | mipsle | mipstx39 | mipstx39el \ + | mipsisa32 \ + | mn10200 | mn10300 \ + | ns16k | ns32k \ + | openrisc \ + | pdp10 | pdp11 | pj | pjl \ + | powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \ + | pyramid \ + | sh | sh[34] | sh[34]eb | shbe | shle \ + | sparc | sparc64 | sparclet | sparclite | sparcv9 | sparcv9b \ + | strongarm \ + | tahoe | thumb | tic80 | tron \ + | v850 | v850e \ + | we32k \ + | x86 | xscale | xstormy16 | xtensa \ + | z8k) + basic_machine=$basic_machine-unknown + ;; + m6811 | m68hc11 | m6812 | m68hc12) + # Motorola 68HC11/12. + basic_machine=$basic_machine-unknown + os=-none + ;; + m88110 | m680[12346]0 | m683?2 | m68360 | m5200 | v70 | w65 | z8k) + ;; + + # We use `pc' rather than `unknown' + # because (1) that's what they normally are, and + # (2) the word "unknown" tends to confuse beginning users. + i*86 | x86_64) + basic_machine=$basic_machine-pc + ;; + # Object if more than one company name word. + *-*-*) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; + # Recognize the basic CPU types with company name. + 580-* \ + | a29k-* \ + | alpha-* | alphaev[4-8]-* | alphaev56-* | alphaev6[78]-* \ + | alphapca5[67]-* | arc-* \ + | arm-* | armbe-* | armle-* | armv*-* \ + | avr-* \ + | bs2000-* \ + | c[123]* | c30-* | [cjt]90-* | c54x-* \ + | clipper-* | cray2-* | cydra-* \ + | d10v-* | d30v-* \ + | elxsi-* \ + | f30[01]-* | f700-* | fr30-* | fx80-* \ + | h8300-* | h8500-* \ + | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ + | i*86-* | i860-* | i960-* | ia64-* \ + | m32r-* \ + | m68000-* | m680[01234]0-* | m68360-* | m683?2-* | m68k-* \ + | m88110-* | m88k-* | mcore-* \ + | mips-* | mips16-* | mips64-* | mips64el-* | mips64orion-* \ + | mips64orionel-* | mips64vr4100-* | mips64vr4100el-* \ + | mips64vr4300-* | mips64vr4300el-* | mipsbe-* | mipseb-* \ + | mipsle-* | mipsel-* | mipstx39-* | mipstx39el-* \ + | none-* | np1-* | ns16k-* | ns32k-* \ + | orion-* \ + | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ + | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \ + | pyramid-* \ + | romp-* | rs6000-* \ + | sh-* | sh[34]-* | sh[34]eb-* | shbe-* | shle-* \ + | sparc-* | sparc64-* | sparc86x-* | sparclite-* \ + | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* \ + | t3e-* | tahoe-* | thumb-* | tic30-* | tic54x-* | tic80-* | tron-* \ + | v850-* | v850e-* | vax-* \ + | we32k-* \ + | x86-* | x86_64-* | xmp-* | xps100-* | xscale-* | xstormy16-* \ + | xtensa-* \ + | ymp-* \ + | z8k-*) + ;; + # Recognize the various machine names and aliases which stand + # for a CPU type and a company and sometimes even an OS. + 386bsd) + basic_machine=i386-unknown + os=-bsd + ;; + 3b1 | 7300 | 7300-att | att-7300 | pc7300 | safari | unixpc) + basic_machine=m68000-att + ;; + 3b*) + basic_machine=we32k-att + ;; + a29khif) + basic_machine=a29k-amd + os=-udi + ;; + adobe68k) + basic_machine=m68010-adobe + os=-scout + ;; + alliant | fx80) + basic_machine=fx80-alliant + ;; + altos | altos3068) + basic_machine=m68k-altos + ;; + am29k) + basic_machine=a29k-none + os=-bsd + ;; + amdahl) + basic_machine=580-amdahl + os=-sysv + ;; + amiga | amiga-*) + basic_machine=m68k-unknown + ;; + amigaos | amigados) + basic_machine=m68k-unknown + os=-amigaos + ;; + amigaunix | amix) + basic_machine=m68k-unknown + os=-sysv4 + ;; + apollo68) + basic_machine=m68k-apollo + os=-sysv + ;; + apollo68bsd) + basic_machine=m68k-apollo + os=-bsd + ;; + aux) + basic_machine=m68k-apple + os=-aux + ;; + balance) + basic_machine=ns32k-sequent + os=-dynix + ;; + convex-c1) + basic_machine=c1-convex + os=-bsd + ;; + convex-c2) + basic_machine=c2-convex + os=-bsd + ;; + convex-c32) + basic_machine=c32-convex + os=-bsd + ;; + convex-c34) + basic_machine=c34-convex + os=-bsd + ;; + convex-c38) + basic_machine=c38-convex + os=-bsd + ;; + cray | ymp) + basic_machine=ymp-cray + os=-unicos + ;; + cray2) + basic_machine=cray2-cray + os=-unicos + ;; + [cjt]90) + basic_machine=${basic_machine}-cray + os=-unicos + ;; + crds | unos) + basic_machine=m68k-crds + ;; + cris | cris-* | etrax*) + basic_machine=cris-axis + ;; + da30 | da30-*) + basic_machine=m68k-da30 + ;; + decstation | decstation-3100 | pmax | pmax-* | pmin | dec3100 | decstatn) + basic_machine=mips-dec + ;; + delta | 3300 | motorola-3300 | motorola-delta \ + | 3300-motorola | delta-motorola) + basic_machine=m68k-motorola + ;; + delta88) + basic_machine=m88k-motorola + os=-sysv3 + ;; + dpx20 | dpx20-*) + basic_machine=rs6000-bull + os=-bosx + ;; + dpx2* | dpx2*-bull) + basic_machine=m68k-bull + os=-sysv3 + ;; + ebmon29k) + basic_machine=a29k-amd + os=-ebmon + ;; + elxsi) + basic_machine=elxsi-elxsi + os=-bsd + ;; + encore | umax | mmax) + basic_machine=ns32k-encore + ;; + es1800 | OSE68k | ose68k | ose | OSE) + basic_machine=m68k-ericsson + os=-ose + ;; + fx2800) + basic_machine=i860-alliant + ;; + genix) + basic_machine=ns32k-ns + ;; + gmicro) + basic_machine=tron-gmicro + os=-sysv + ;; + go32) + basic_machine=i386-pc + os=-go32 + ;; + h3050r* | hiux*) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + h8300hms) + basic_machine=h8300-hitachi + os=-hms + ;; + h8300xray) + basic_machine=h8300-hitachi + os=-xray + ;; + h8500hms) + basic_machine=h8500-hitachi + os=-hms + ;; + harris) + basic_machine=m88k-harris + os=-sysv3 + ;; + hp300-*) + basic_machine=m68k-hp + ;; + hp300bsd) + basic_machine=m68k-hp + os=-bsd + ;; + hp300hpux) + basic_machine=m68k-hp + os=-hpux + ;; + hp3k9[0-9][0-9] | hp9[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k2[0-9][0-9] | hp9k31[0-9]) + basic_machine=m68000-hp + ;; + hp9k3[2-9][0-9]) + basic_machine=m68k-hp + ;; + hp9k6[0-9][0-9] | hp6[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hp9k7[0-79][0-9] | hp7[0-79][0-9]) + basic_machine=hppa1.1-hp + ;; + hp9k78[0-9] | hp78[0-9]) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[67]1 | hp8[67]1 | hp9k80[24] | hp80[24] | hp9k8[78]9 | hp8[78]9 | hp9k893 | hp893) + # FIXME: really hppa2.0-hp + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][13679] | hp8[0-9][13679]) + basic_machine=hppa1.1-hp + ;; + hp9k8[0-9][0-9] | hp8[0-9][0-9]) + basic_machine=hppa1.0-hp + ;; + hppa-next) + os=-nextstep3 + ;; + hppaosf) + basic_machine=hppa1.1-hp + os=-osf + ;; + hppro) + basic_machine=hppa1.1-hp + os=-proelf + ;; + i370-ibm* | ibm*) + basic_machine=i370-ibm + ;; +# I'm not sure what "Sysv32" means. Should this be sysv3.2? + i*86v32) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv32 + ;; + i*86v4*) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv4 + ;; + i*86v) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-sysv + ;; + i*86sol2) + basic_machine=`echo $1 | sed -e 's/86.*/86-pc/'` + os=-solaris2 + ;; + i386mach) + basic_machine=i386-mach + os=-mach + ;; + i386-vsta | vsta) + basic_machine=i386-unknown + os=-vsta + ;; + iris | iris4d) + basic_machine=mips-sgi + case $os in + -irix*) + ;; + *) + os=-irix4 + ;; + esac + ;; + isi68 | isi) + basic_machine=m68k-isi + os=-sysv + ;; + m88k-omron*) + basic_machine=m88k-omron + ;; + magnum | m3230) + basic_machine=mips-mips + os=-sysv + ;; + merlin) + basic_machine=ns32k-utek + os=-sysv + ;; + mingw32) + basic_machine=i386-pc + os=-mingw32 + ;; + miniframe) + basic_machine=m68000-convergent + ;; + *mint | -mint[0-9]* | *MiNT | *MiNT[0-9]*) + basic_machine=m68k-atari + os=-mint + ;; + mipsel*-linux*) + basic_machine=mipsel-unknown + os=-linux-gnu + ;; + mips*-linux*) + basic_machine=mips-unknown + os=-linux-gnu + ;; + mips3*-*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'` + ;; + mips3*) + basic_machine=`echo $basic_machine | sed -e 's/mips3/mips64/'`-unknown + ;; + mmix*) + basic_machine=mmix-knuth + os=-mmixware + ;; + monitor) + basic_machine=m68k-rom68k + os=-coff + ;; + msdos) + basic_machine=i386-pc + os=-msdos + ;; + mvs) + basic_machine=i370-ibm + os=-mvs + ;; + ncr3000) + basic_machine=i486-ncr + os=-sysv4 + ;; + netbsd386) + basic_machine=i386-unknown + os=-netbsd + ;; + netwinder) + basic_machine=armv4l-rebel + os=-linux + ;; + news | news700 | news800 | news900) + basic_machine=m68k-sony + os=-newsos + ;; + news1000) + basic_machine=m68030-sony + os=-newsos + ;; + news-3600 | risc-news) + basic_machine=mips-sony + os=-newsos + ;; + necv70) + basic_machine=v70-nec + os=-sysv + ;; + next | m*-next ) + basic_machine=m68k-next + case $os in + -nextstep* ) + ;; + -ns2*) + os=-nextstep2 + ;; + *) + os=-nextstep3 + ;; + esac + ;; + nh3000) + basic_machine=m68k-harris + os=-cxux + ;; + nh[45]000) + basic_machine=m88k-harris + os=-cxux + ;; + nindy960) + basic_machine=i960-intel + os=-nindy + ;; + mon960) + basic_machine=i960-intel + os=-mon960 + ;; + nonstopux) + basic_machine=mips-compaq + os=-nonstopux + ;; + np1) + basic_machine=np1-gould + ;; + nsr-tandem) + basic_machine=nsr-tandem + ;; + op50n-* | op60c-*) + basic_machine=hppa1.1-oki + os=-proelf + ;; + OSE68000 | ose68000) + basic_machine=m68000-ericsson + os=-ose + ;; + os68k) + basic_machine=m68k-none + os=-os68k + ;; + pa-hitachi) + basic_machine=hppa1.1-hitachi + os=-hiuxwe2 + ;; + paragon) + basic_machine=i860-intel + os=-osf + ;; + pbd) + basic_machine=sparc-tti + ;; + pbb) + basic_machine=m68k-tti + ;; + pc532 | pc532-*) + basic_machine=ns32k-pc532 + ;; + pentium | p5 | k5 | k6 | nexgen | viac3) + basic_machine=i586-pc + ;; + pentiumpro | p6 | 6x86 | athlon) + basic_machine=i686-pc + ;; + pentiumii | pentium2) + basic_machine=i686-pc + ;; + pentium-* | p5-* | k5-* | k6-* | nexgen-* | viac3-*) + basic_machine=i586-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumpro-* | p6-* | 6x86-* | athlon-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pentiumii-* | pentium2-*) + basic_machine=i686-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + pn) + basic_machine=pn-gould + ;; + power) basic_machine=power-ibm + ;; + ppc) basic_machine=powerpc-unknown + ;; + ppc-*) basic_machine=powerpc-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppcle | powerpclittle | ppc-le | powerpc-little) + basic_machine=powerpcle-unknown + ;; + ppcle-* | powerpclittle-*) + basic_machine=powerpcle-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64) basic_machine=powerpc64-unknown + ;; + ppc64-*) basic_machine=powerpc64-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ppc64le | powerpc64little | ppc64-le | powerpc64-little) + basic_machine=powerpc64le-unknown + ;; + ppc64le-* | powerpc64little-*) + basic_machine=powerpc64le-`echo $basic_machine | sed 's/^[^-]*-//'` + ;; + ps2) + basic_machine=i386-ibm + ;; + pw32) + basic_machine=i586-unknown + os=-pw32 + ;; + rom68k) + basic_machine=m68k-rom68k + os=-coff + ;; + rm[46]00) + basic_machine=mips-siemens + ;; + rtpc | rtpc-*) + basic_machine=romp-ibm + ;; + s390 | s390-*) + basic_machine=s390-ibm + ;; + s390x | s390x-*) + basic_machine=s390x-ibm + ;; + sa29200) + basic_machine=a29k-amd + os=-udi + ;; + sequent) + basic_machine=i386-sequent + ;; + sh) + basic_machine=sh-hitachi + os=-hms + ;; + sparclite-wrs | simso-wrs) + basic_machine=sparclite-wrs + os=-vxworks + ;; + sps7) + basic_machine=m68k-bull + os=-sysv2 + ;; + spur) + basic_machine=spur-unknown + ;; + st2000) + basic_machine=m68k-tandem + ;; + stratus) + basic_machine=i860-stratus + os=-sysv4 + ;; + sun2) + basic_machine=m68000-sun + ;; + sun2os3) + basic_machine=m68000-sun + os=-sunos3 + ;; + sun2os4) + basic_machine=m68000-sun + os=-sunos4 + ;; + sun3os3) + basic_machine=m68k-sun + os=-sunos3 + ;; + sun3os4) + basic_machine=m68k-sun + os=-sunos4 + ;; + sun4os3) + basic_machine=sparc-sun + os=-sunos3 + ;; + sun4os4) + basic_machine=sparc-sun + os=-sunos4 + ;; + sun4sol2) + basic_machine=sparc-sun + os=-solaris2 + ;; + sun3 | sun3-*) + basic_machine=m68k-sun + ;; + sun4) + basic_machine=sparc-sun + ;; + sun386 | sun386i | roadrunner) + basic_machine=i386-sun + ;; + sv1) + basic_machine=sv1-cray + os=-unicos + ;; + symmetry) + basic_machine=i386-sequent + os=-dynix + ;; + t3e) + basic_machine=t3e-cray + os=-unicos + ;; + tic54x | c54x*) + basic_machine=tic54x-unknown + os=-coff + ;; + tx39) + basic_machine=mipstx39-unknown + ;; + tx39el) + basic_machine=mipstx39el-unknown + ;; + tower | tower-32) + basic_machine=m68k-ncr + ;; + udi29k) + basic_machine=a29k-amd + os=-udi + ;; + ultra3) + basic_machine=a29k-nyu + os=-sym1 + ;; + v810 | necv810) + basic_machine=v810-nec + os=-none + ;; + vaxv) + basic_machine=vax-dec + os=-sysv + ;; + vms) + basic_machine=vax-dec + os=-vms + ;; + vpp*|vx|vx-*) + basic_machine=f301-fujitsu + ;; + vxworks960) + basic_machine=i960-wrs + os=-vxworks + ;; + vxworks68) + basic_machine=m68k-wrs + os=-vxworks + ;; + vxworks29k) + basic_machine=a29k-wrs + os=-vxworks + ;; + w65*) + basic_machine=w65-wdc + os=-none + ;; + w89k-*) + basic_machine=hppa1.1-winbond + os=-proelf + ;; + windows32) + basic_machine=i386-pc + os=-windows32-msvcrt + ;; + xmp) + basic_machine=xmp-cray + os=-unicos + ;; + xps | xps100) + basic_machine=xps100-honeywell + ;; + z8k-*-coff) + basic_machine=z8k-unknown + os=-sim + ;; + none) + basic_machine=none-none + os=-none + ;; + +# Here we handle the default manufacturer of certain CPU types. It is in +# some cases the only manufacturer, in others, it is the most popular. + w89k) + basic_machine=hppa1.1-winbond + ;; + op50n) + basic_machine=hppa1.1-oki + ;; + op60c) + basic_machine=hppa1.1-oki + ;; + mips) + if [ x$os = x-linux-gnu ]; then + basic_machine=mips-unknown + else + basic_machine=mips-mips + fi + ;; + romp) + basic_machine=romp-ibm + ;; + rs6000) + basic_machine=rs6000-ibm + ;; + vax) + basic_machine=vax-dec + ;; + pdp10) + # there are many clones, so DEC is not a safe bet + basic_machine=pdp10-unknown + ;; + pdp11) + basic_machine=pdp11-dec + ;; + we32k) + basic_machine=we32k-att + ;; + sh3 | sh4 | sh3eb | sh4eb) + basic_machine=sh-unknown + ;; + sparc | sparcv9 | sparcv9b) + basic_machine=sparc-sun + ;; + cydra) + basic_machine=cydra-cydrome + ;; + orion) + basic_machine=orion-highlevel + ;; + orion105) + basic_machine=clipper-highlevel + ;; + mac | mpw | mac-mpw) + basic_machine=m68k-apple + ;; + pmac | pmac-mpw) + basic_machine=powerpc-apple + ;; + c4x*) + basic_machine=c4x-none + os=-coff + ;; + *-unknown) + # Make sure to match an already-canonicalized machine name. + ;; + *) + echo Invalid configuration \`$1\': machine \`$basic_machine\' not recognized 1>&2 + exit 1 + ;; +esac + +# Here we canonicalize certain aliases for manufacturers. +case $basic_machine in + *-digital*) + basic_machine=`echo $basic_machine | sed 's/digital.*/dec/'` + ;; + *-commodore*) + basic_machine=`echo $basic_machine | sed 's/commodore.*/cbm/'` + ;; + *) + ;; +esac + +# Decode manufacturer-specific aliases for certain operating systems. + +if [ x"$os" != x"" ] +then +case $os in + # First match some system type aliases + # that might get confused with valid system types. + # -solaris* is a basic system type, with this one exception. + -solaris1 | -solaris1.*) + os=`echo $os | sed -e 's|solaris1|sunos4|'` + ;; + -solaris) + os=-solaris2 + ;; + -svr4*) + os=-sysv4 + ;; + -unixware*) + os=-sysv4.2uw + ;; + -gnu/linux*) + os=`echo $os | sed -e 's|gnu/linux|linux-gnu|'` + ;; + # First accept the basic system types. + # The portable systems comes first. + # Each alternative MUST END IN A *, to match a version number. + # -sysv* is not here because it comes later, after sysvr4. + -gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \ + | -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\ + | -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \ + | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ + | -aos* \ + | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ + | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ + | -hiux* | -386bsd* | -netbsd* | -openbsd* | -freebsd* | -riscix* \ + | -lynxos* | -bosx* | -nextstep* | -cxux* | -aout* | -elf* | -oabi* \ + | -ptx* | -coff* | -ecoff* | -winnt* | -domain* | -vsta* \ + | -udi* | -eabi* | -lites* | -ieee* | -go32* | -aux* \ + | -chorusos* | -chorusrdb* \ + | -cygwin* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ + | -mingw32* | -linux-gnu* | -uxpv* | -beos* | -mpeix* | -udk* \ + | -interix* | -uwin* | -rhapsody* | -darwin* | -opened* \ + | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ + | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ + | -os2* | -vos* | -palmos* | -uclinux* | -nucleus*) + # Remember, each alternative MUST END IN *, to match a version number. + ;; + -qnx*) + case $basic_machine in + x86-* | i*86-*) + ;; + *) + os=-nto$os + ;; + esac + ;; + -nto*) + os=-nto-qnx + ;; + -sim | -es1800* | -hms* | -xray | -os68k* | -none* | -v88r* \ + | -windows* | -osx | -abug | -netware* | -os9* | -beos* \ + | -macos* | -mpw* | -magic* | -mmixware* | -mon960* | -lnews*) + ;; + -mac*) + os=`echo $os | sed -e 's|mac|macos|'` + ;; + -linux*) + os=`echo $os | sed -e 's|linux|linux-gnu|'` + ;; + -sunos5*) + os=`echo $os | sed -e 's|sunos5|solaris2|'` + ;; + -sunos6*) + os=`echo $os | sed -e 's|sunos6|solaris3|'` + ;; + -opened*) + os=-openedition + ;; + -wince*) + os=-wince + ;; + -osfrose*) + os=-osfrose + ;; + -osf*) + os=-osf + ;; + -utek*) + os=-bsd + ;; + -dynix*) + os=-bsd + ;; + -acis*) + os=-aos + ;; + -atheos*) + os=-atheos + ;; + -386bsd) + os=-bsd + ;; + -ctix* | -uts*) + os=-sysv + ;; + -ns2 ) + os=-nextstep2 + ;; + -nsk*) + os=-nsk + ;; + # Preserve the version number of sinix5. + -sinix5.*) + os=`echo $os | sed -e 's|sinix|sysv|'` + ;; + -sinix*) + os=-sysv4 + ;; + -triton*) + os=-sysv3 + ;; + -oss*) + os=-sysv3 + ;; + -svr4) + os=-sysv4 + ;; + -svr3) + os=-sysv3 + ;; + -sysvr4) + os=-sysv4 + ;; + # This must come after -sysvr4. + -sysv*) + ;; + -ose*) + os=-ose + ;; + -es1800*) + os=-ose + ;; + -xenix) + os=-xenix + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + os=-mint + ;; + -none) + ;; + *) + # Get rid of the `-' at the beginning of $os. + os=`echo $os | sed 's/[^-]*-//'` + echo Invalid configuration \`$1\': system \`$os\' not recognized 1>&2 + exit 1 + ;; +esac +else + +# Here we handle the default operating systems that come with various machines. +# The value should be what the vendor currently ships out the door with their +# machine or put another way, the most popular os provided with the machine. + +# Note that if you're going to try to match "-MANUFACTURER" here (say, +# "-sun"), then you have to tell the case statement up towards the top +# that MANUFACTURER isn't an operating system. Otherwise, code above +# will signal an error saying that MANUFACTURER isn't an operating +# system, and we'll never get to this point. + +case $basic_machine in + *-acorn) + os=-riscix1.2 + ;; + arm*-rebel) + os=-linux + ;; + arm*-semi) + os=-aout + ;; + pdp10-*) + os=-tops20 + ;; + pdp11-*) + os=-none + ;; + *-dec | vax-*) + os=-ultrix4.2 + ;; + m68*-apollo) + os=-domain + ;; + i386-sun) + os=-sunos4.0.2 + ;; + m68000-sun) + os=-sunos3 + # This also exists in the configure program, but was not the + # default. + # os=-sunos4 + ;; + m68*-cisco) + os=-aout + ;; + mips*-cisco) + os=-elf + ;; + mips*-*) + os=-elf + ;; + *-tti) # must be before sparc entry or we get the wrong os. + os=-sysv3 + ;; + sparc-* | *-sun) + os=-sunos4.1.1 + ;; + *-be) + os=-beos + ;; + *-ibm) + os=-aix + ;; + *-wec) + os=-proelf + ;; + *-winbond) + os=-proelf + ;; + *-oki) + os=-proelf + ;; + *-hp) + os=-hpux + ;; + *-hitachi) + os=-hiux + ;; + i860-* | *-att | *-ncr | *-altos | *-motorola | *-convergent) + os=-sysv + ;; + *-cbm) + os=-amigaos + ;; + *-dg) + os=-dgux + ;; + *-dolphin) + os=-sysv3 + ;; + m68k-ccur) + os=-rtu + ;; + m88k-omron*) + os=-luna + ;; + *-next ) + os=-nextstep + ;; + *-sequent) + os=-ptx + ;; + *-crds) + os=-unos + ;; + *-ns) + os=-genix + ;; + i370-*) + os=-mvs + ;; + *-next) + os=-nextstep3 + ;; + *-gould) + os=-sysv + ;; + *-highlevel) + os=-bsd + ;; + *-encore) + os=-bsd + ;; + *-sgi) + os=-irix + ;; + *-siemens) + os=-sysv4 + ;; + *-masscomp) + os=-rtu + ;; + f30[01]-fujitsu | f700-fujitsu) + os=-uxpv + ;; + *-rom68k) + os=-coff + ;; + *-*bug) + os=-coff + ;; + *-apple) + os=-macos + ;; + *-atari*) + os=-mint + ;; + *) + os=-none + ;; +esac +fi + +# Here we handle the case where we know the os, and the CPU type, but not the +# manufacturer. We pick the logical manufacturer. +vendor=unknown +case $basic_machine in + *-unknown) + case $os in + -riscix*) + vendor=acorn + ;; + -sunos*) + vendor=sun + ;; + -aix*) + vendor=ibm + ;; + -beos*) + vendor=be + ;; + -hpux*) + vendor=hp + ;; + -mpeix*) + vendor=hp + ;; + -hiux*) + vendor=hitachi + ;; + -unos*) + vendor=crds + ;; + -dgux*) + vendor=dg + ;; + -luna*) + vendor=omron + ;; + -genix*) + vendor=ns + ;; + -mvs* | -opened*) + vendor=ibm + ;; + -ptx*) + vendor=sequent + ;; + -vxsim* | -vxworks*) + vendor=wrs + ;; + -aux*) + vendor=apple + ;; + -hms*) + vendor=hitachi + ;; + -mpw* | -macos*) + vendor=apple + ;; + -*mint | -mint[0-9]* | -*MiNT | -MiNT[0-9]*) + vendor=atari + ;; + -vos*) + vendor=stratus + ;; + esac + basic_machine=`echo $basic_machine | sed "s/unknown/$vendor/"` + ;; +esac + +echo $basic_machine$os +exit 0 + +# Local variables: +# eval: (add-hook 'write-file-hooks 'time-stamp) +# time-stamp-start: "timestamp='" +# time-stamp-format: "%:y-%02m-%02d" +# time-stamp-end: "'" +# End: diff --git a/source3/configure b/source3/configure new file mode 100755 index 00000000000..5e2416abe75 --- /dev/null +++ b/source3/configure @@ -0,0 +1,14127 @@ +#! /bin/sh + +# Guess values for system-dependent variables and create Makefiles. +# Generated automatically using autoconf version 2.13 +# Copyright (C) 1992, 93, 94, 95, 96 Free Software Foundation, Inc. +# +# This configure script is free software; the Free Software Foundation +# gives unlimited permission to copy, distribute and modify it. + +# Defaults: +ac_help= +ac_default_prefix=/usr/local +# Any additions from configure.in: +ac_default_prefix=/usr/local/samba +ac_help="$ac_help + --enable-debug turn on debugging [default=no]" +ac_help="$ac_help + --enable-developer turn on developer warnings and debugging [default=no]" +ac_help="$ac_help + --enable-krb5developer turn on developer warnings and debugging, except -Wstrict-prototypes [default=no]" +ac_help="$ac_help + --enable-dmalloc enable heap debugging [default=no]" +ac_help="$ac_help + --with-readline[=DIR] Look for readline include/libs in DIR (default=auto) " +ac_help="$ac_help + --with-libiconv=BASEDIR Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto) " +ac_help="$ac_help + --with-smbwrapper Include SMB wrapper support (default=no) " +ac_help="$ac_help + --with-afs Include AFS clear-text auth support (default=no) " +ac_help="$ac_help + --with-dce-dfs Include DCE/DFS clear-text auth support (default=no)" +ac_help="$ac_help + --with-krb5=base-dir Locate Kerberos 5 support (default=/usr)" +ac_help="$ac_help + --with-automount Include AUTOMOUNT support (default=no)" +ac_help="$ac_help + --with-smbmount Include SMBMOUNT (Linux only) support (default=no)" +ac_help="$ac_help + --with-pam Include PAM support (default=no)" +ac_help="$ac_help + --with-pam_smbpass Build a PAM module to allow other applications to use our smbpasswd file (default=no)" +ac_help="$ac_help + --with-tdbsam Include experimental TDB SAM support (default=no)" +ac_help="$ac_help + --with-ldapsam Include experimental LDAP SAM support (default=no)" +ac_help="$ac_help + --with-nisplussam Include NISPLUS SAM support (default=no)" +ac_help="$ac_help + --with-nisplus-home Include NISPLUS_HOME support (default=no)" +ac_help="$ac_help + --with-ssl Include SSL support (default=no) + --with-sslinc=DIR Where the SSL includes are (defaults to /usr/local/ssl/include) + --with-ssllib=DIR Where the SSL libraries are (defaults to /usr/local/ssl/lib)" +ac_help="$ac_help + --with-syslog Include experimental SYSLOG support (default=no)" +ac_help="$ac_help + --with-profiling-data Include gathering source code profile information (default=no)" +ac_help="$ac_help + --with-quotas Include experimental disk-quota support (default=no)" +ac_help="$ac_help + --with-utmp Include experimental utmp accounting (default=no)" +ac_help="$ac_help + --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)" +ac_help="$ac_help + --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)" +ac_help="$ac_help + --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)" +ac_help="$ac_help + --with-manpages-langs={en,ja,pl} Choose man pages' language(s). (en)" +ac_help="$ac_help + --with-spinlocks Use spin locks instead of fcntl locks (default=no) " +ac_help="$ac_help + --with-acl-support Include ACL support (default=no)" +ac_help="$ac_help + --with-winbind Build winbind (default, if supported by OS)" +ac_help="$ac_help + --with-included-popt use bundled popt library, not from system" + +# Initialize some variables set by options. +# The variables have the same names as the options, with +# dashes changed to underlines. +build=NONE +cache_file=./config.cache +exec_prefix=NONE +host=NONE +no_create= +nonopt=NONE +no_recursion= +prefix=NONE +program_prefix=NONE +program_suffix=NONE +program_transform_name=s,x,x, +silent= +site= +srcdir= +target=NONE +verbose= +x_includes=NONE +x_libraries=NONE +bindir='${exec_prefix}/bin' +sbindir='${exec_prefix}/sbin' +libexecdir='${exec_prefix}/libexec' +datadir='${prefix}/share' +sysconfdir='${prefix}/etc' +sharedstatedir='${prefix}/com' +localstatedir='${prefix}/var' +libdir='${exec_prefix}/lib' +includedir='${prefix}/include' +oldincludedir='/usr/include' +infodir='${prefix}/info' +mandir='${prefix}/man' + +# Initialize some other variables. +subdirs= +MFLAGS= MAKEFLAGS= +SHELL=${CONFIG_SHELL-/bin/sh} +# Maximum number of lines to put in a shell here document. +ac_max_here_lines=12 + +ac_prev= +for ac_option +do + + # If the previous option needs an argument, assign it. + if test -n "$ac_prev"; then + eval "$ac_prev=\$ac_option" + ac_prev= + continue + fi + + case "$ac_option" in + -*=*) ac_optarg=`echo "$ac_option" | sed 's/[-_a-zA-Z0-9]*=//'` ;; + *) ac_optarg= ;; + esac + + # Accept the important Cygnus configure options, so we can diagnose typos. + + case "$ac_option" in + + -bindir | --bindir | --bindi | --bind | --bin | --bi) + ac_prev=bindir ;; + -bindir=* | --bindir=* | --bindi=* | --bind=* | --bin=* | --bi=*) + bindir="$ac_optarg" ;; + + -build | --build | --buil | --bui | --bu) + ac_prev=build ;; + -build=* | --build=* | --buil=* | --bui=* | --bu=*) + build="$ac_optarg" ;; + + -cache-file | --cache-file | --cache-fil | --cache-fi \ + | --cache-f | --cache- | --cache | --cach | --cac | --ca | --c) + ac_prev=cache_file ;; + -cache-file=* | --cache-file=* | --cache-fil=* | --cache-fi=* \ + | --cache-f=* | --cache-=* | --cache=* | --cach=* | --cac=* | --ca=* | --c=*) + cache_file="$ac_optarg" ;; + + -datadir | --datadir | --datadi | --datad | --data | --dat | --da) + ac_prev=datadir ;; + -datadir=* | --datadir=* | --datadi=* | --datad=* | --data=* | --dat=* \ + | --da=*) + datadir="$ac_optarg" ;; + + -disable-* | --disable-*) + ac_feature=`echo $ac_option|sed -e 's/-*disable-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + eval "enable_${ac_feature}=no" ;; + + -enable-* | --enable-*) + ac_feature=`echo $ac_option|sed -e 's/-*enable-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_feature| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_feature: invalid feature name" 1>&2; exit 1; } + fi + ac_feature=`echo $ac_feature| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "enable_${ac_feature}='$ac_optarg'" ;; + + -exec-prefix | --exec_prefix | --exec-prefix | --exec-prefi \ + | --exec-pref | --exec-pre | --exec-pr | --exec-p | --exec- \ + | --exec | --exe | --ex) + ac_prev=exec_prefix ;; + -exec-prefix=* | --exec_prefix=* | --exec-prefix=* | --exec-prefi=* \ + | --exec-pref=* | --exec-pre=* | --exec-pr=* | --exec-p=* | --exec-=* \ + | --exec=* | --exe=* | --ex=*) + exec_prefix="$ac_optarg" ;; + + -gas | --gas | --ga | --g) + # Obsolete; use --with-gas. + with_gas=yes ;; + + -help | --help | --hel | --he) + # Omit some internal or obsolete options to make the list less imposing. + # This message is too long to be a string in the A/UX 3.1 sh. + cat << EOF +Usage: configure [options] [host] +Options: [defaults in brackets after descriptions] +Configuration: + --cache-file=FILE cache test results in FILE + --help print this message + --no-create do not create output files + --quiet, --silent do not print \`checking...' messages + --version print the version of autoconf that created configure +Directory and file names: + --prefix=PREFIX install architecture-independent files in PREFIX + [$ac_default_prefix] + --exec-prefix=EPREFIX install architecture-dependent files in EPREFIX + [same as prefix] + --bindir=DIR user executables in DIR [EPREFIX/bin] + --sbindir=DIR system admin executables in DIR [EPREFIX/sbin] + --libexecdir=DIR program executables in DIR [EPREFIX/libexec] + --datadir=DIR read-only architecture-independent data in DIR + [PREFIX/share] + --sysconfdir=DIR read-only single-machine data in DIR [PREFIX/etc] + --sharedstatedir=DIR modifiable architecture-independent data in DIR + [PREFIX/com] + --localstatedir=DIR modifiable single-machine data in DIR [PREFIX/var] + --libdir=DIR object code libraries in DIR [EPREFIX/lib] + --includedir=DIR C header files in DIR [PREFIX/include] + --oldincludedir=DIR C header files for non-gcc in DIR [/usr/include] + --infodir=DIR info documentation in DIR [PREFIX/info] + --mandir=DIR man documentation in DIR [PREFIX/man] + --srcdir=DIR find the sources in DIR [configure dir or ..] + --program-prefix=PREFIX prepend PREFIX to installed program names + --program-suffix=SUFFIX append SUFFIX to installed program names + --program-transform-name=PROGRAM + run sed PROGRAM on installed program names +EOF + cat << EOF +Host type: + --build=BUILD configure for building on BUILD [BUILD=HOST] + --host=HOST configure for HOST [guessed] + --target=TARGET configure for TARGET [TARGET=HOST] +Features and packages: + --disable-FEATURE do not include FEATURE (same as --enable-FEATURE=no) + --enable-FEATURE[=ARG] include FEATURE [ARG=yes] + --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] + --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) + --x-includes=DIR X include files are in DIR + --x-libraries=DIR X library files are in DIR +EOF + if test -n "$ac_help"; then + echo "--enable and --with options recognized:$ac_help" + fi + exit 0 ;; + + -host | --host | --hos | --ho) + ac_prev=host ;; + -host=* | --host=* | --hos=* | --ho=*) + host="$ac_optarg" ;; + + -includedir | --includedir | --includedi | --included | --include \ + | --includ | --inclu | --incl | --inc) + ac_prev=includedir ;; + -includedir=* | --includedir=* | --includedi=* | --included=* | --include=* \ + | --includ=* | --inclu=* | --incl=* | --inc=*) + includedir="$ac_optarg" ;; + + -infodir | --infodir | --infodi | --infod | --info | --inf) + ac_prev=infodir ;; + -infodir=* | --infodir=* | --infodi=* | --infod=* | --info=* | --inf=*) + infodir="$ac_optarg" ;; + + -libdir | --libdir | --libdi | --libd) + ac_prev=libdir ;; + -libdir=* | --libdir=* | --libdi=* | --libd=*) + libdir="$ac_optarg" ;; + + -libexecdir | --libexecdir | --libexecdi | --libexecd | --libexec \ + | --libexe | --libex | --libe) + ac_prev=libexecdir ;; + -libexecdir=* | --libexecdir=* | --libexecdi=* | --libexecd=* | --libexec=* \ + | --libexe=* | --libex=* | --libe=*) + libexecdir="$ac_optarg" ;; + + -localstatedir | --localstatedir | --localstatedi | --localstated \ + | --localstate | --localstat | --localsta | --localst \ + | --locals | --local | --loca | --loc | --lo) + ac_prev=localstatedir ;; + -localstatedir=* | --localstatedir=* | --localstatedi=* | --localstated=* \ + | --localstate=* | --localstat=* | --localsta=* | --localst=* \ + | --locals=* | --local=* | --loca=* | --loc=* | --lo=*) + localstatedir="$ac_optarg" ;; + + -mandir | --mandir | --mandi | --mand | --man | --ma | --m) + ac_prev=mandir ;; + -mandir=* | --mandir=* | --mandi=* | --mand=* | --man=* | --ma=* | --m=*) + mandir="$ac_optarg" ;; + + -nfp | --nfp | --nf) + # Obsolete; use --without-fp. + with_fp=no ;; + + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) + no_create=yes ;; + + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) + no_recursion=yes ;; + + -oldincludedir | --oldincludedir | --oldincludedi | --oldincluded \ + | --oldinclude | --oldinclud | --oldinclu | --oldincl | --oldinc \ + | --oldin | --oldi | --old | --ol | --o) + ac_prev=oldincludedir ;; + -oldincludedir=* | --oldincludedir=* | --oldincludedi=* | --oldincluded=* \ + | --oldinclude=* | --oldinclud=* | --oldinclu=* | --oldincl=* | --oldinc=* \ + | --oldin=* | --oldi=* | --old=* | --ol=* | --o=*) + oldincludedir="$ac_optarg" ;; + + -prefix | --prefix | --prefi | --pref | --pre | --pr | --p) + ac_prev=prefix ;; + -prefix=* | --prefix=* | --prefi=* | --pref=* | --pre=* | --pr=* | --p=*) + prefix="$ac_optarg" ;; + + -program-prefix | --program-prefix | --program-prefi | --program-pref \ + | --program-pre | --program-pr | --program-p) + ac_prev=program_prefix ;; + -program-prefix=* | --program-prefix=* | --program-prefi=* \ + | --program-pref=* | --program-pre=* | --program-pr=* | --program-p=*) + program_prefix="$ac_optarg" ;; + + -program-suffix | --program-suffix | --program-suffi | --program-suff \ + | --program-suf | --program-su | --program-s) + ac_prev=program_suffix ;; + -program-suffix=* | --program-suffix=* | --program-suffi=* \ + | --program-suff=* | --program-suf=* | --program-su=* | --program-s=*) + program_suffix="$ac_optarg" ;; + + -program-transform-name | --program-transform-name \ + | --program-transform-nam | --program-transform-na \ + | --program-transform-n | --program-transform- \ + | --program-transform | --program-transfor \ + | --program-transfo | --program-transf \ + | --program-trans | --program-tran \ + | --progr-tra | --program-tr | --program-t) + ac_prev=program_transform_name ;; + -program-transform-name=* | --program-transform-name=* \ + | --program-transform-nam=* | --program-transform-na=* \ + | --program-transform-n=* | --program-transform-=* \ + | --program-transform=* | --program-transfor=* \ + | --program-transfo=* | --program-transf=* \ + | --program-trans=* | --program-tran=* \ + | --progr-tra=* | --program-tr=* | --program-t=*) + program_transform_name="$ac_optarg" ;; + + -q | -quiet | --quiet | --quie | --qui | --qu | --q \ + | -silent | --silent | --silen | --sile | --sil) + silent=yes ;; + + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) + ac_prev=sbindir ;; + -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ + | --sbi=* | --sb=*) + sbindir="$ac_optarg" ;; + + -sharedstatedir | --sharedstatedir | --sharedstatedi \ + | --sharedstated | --sharedstate | --sharedstat | --sharedsta \ + | --sharedst | --shareds | --shared | --share | --shar \ + | --sha | --sh) + ac_prev=sharedstatedir ;; + -sharedstatedir=* | --sharedstatedir=* | --sharedstatedi=* \ + | --sharedstated=* | --sharedstate=* | --sharedstat=* | --sharedsta=* \ + | --sharedst=* | --shareds=* | --shared=* | --share=* | --shar=* \ + | --sha=* | --sh=*) + sharedstatedir="$ac_optarg" ;; + + -site | --site | --sit) + ac_prev=site ;; + -site=* | --site=* | --sit=*) + site="$ac_optarg" ;; + + -srcdir | --srcdir | --srcdi | --srcd | --src | --sr) + ac_prev=srcdir ;; + -srcdir=* | --srcdir=* | --srcdi=* | --srcd=* | --src=* | --sr=*) + srcdir="$ac_optarg" ;; + + -sysconfdir | --sysconfdir | --sysconfdi | --sysconfd | --sysconf \ + | --syscon | --sysco | --sysc | --sys | --sy) + ac_prev=sysconfdir ;; + -sysconfdir=* | --sysconfdir=* | --sysconfdi=* | --sysconfd=* | --sysconf=* \ + | --syscon=* | --sysco=* | --sysc=* | --sys=* | --sy=*) + sysconfdir="$ac_optarg" ;; + + -target | --target | --targe | --targ | --tar | --ta | --t) + ac_prev=target ;; + -target=* | --target=* | --targe=* | --targ=* | --tar=* | --ta=* | --t=*) + target="$ac_optarg" ;; + + -v | -verbose | --verbose | --verbos | --verbo | --verb) + verbose=yes ;; + + -version | --version | --versio | --versi | --vers) + echo "configure generated by autoconf version 2.13" + exit 0 ;; + + -with-* | --with-*) + ac_package=`echo $ac_option|sed -e 's/-*with-//' -e 's/=.*//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-_a-zA-Z0-9]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + case "$ac_option" in + *=*) ;; + *) ac_optarg=yes ;; + esac + eval "with_${ac_package}='$ac_optarg'" ;; + + -without-* | --without-*) + ac_package=`echo $ac_option|sed -e 's/-*without-//'` + # Reject names that are not valid shell variable names. + if test -n "`echo $ac_package| sed 's/[-a-zA-Z0-9_]//g'`"; then + { echo "configure: error: $ac_package: invalid package name" 1>&2; exit 1; } + fi + ac_package=`echo $ac_package| sed 's/-/_/g'` + eval "with_${ac_package}=no" ;; + + --x) + # Obsolete; use --with-x. + with_x=yes ;; + + -x-includes | --x-includes | --x-include | --x-includ | --x-inclu \ + | --x-incl | --x-inc | --x-in | --x-i) + ac_prev=x_includes ;; + -x-includes=* | --x-includes=* | --x-include=* | --x-includ=* | --x-inclu=* \ + | --x-incl=* | --x-inc=* | --x-in=* | --x-i=*) + x_includes="$ac_optarg" ;; + + -x-libraries | --x-libraries | --x-librarie | --x-librari \ + | --x-librar | --x-libra | --x-libr | --x-lib | --x-li | --x-l) + ac_prev=x_libraries ;; + -x-libraries=* | --x-libraries=* | --x-librarie=* | --x-librari=* \ + | --x-librar=* | --x-libra=* | --x-libr=* | --x-lib=* | --x-li=* | --x-l=*) + x_libraries="$ac_optarg" ;; + + -*) { echo "configure: error: $ac_option: invalid option; use --help to show usage" 1>&2; exit 1; } + ;; + + *) + if test -n "`echo $ac_option| sed 's/[-a-z0-9.]//g'`"; then + echo "configure: warning: $ac_option: invalid host type" 1>&2 + fi + if test "x$nonopt" != xNONE; then + { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } + fi + nonopt="$ac_option" + ;; + + esac +done + +if test -n "$ac_prev"; then + { echo "configure: error: missing argument to --`echo $ac_prev | sed 's/_/-/g'`" 1>&2; exit 1; } +fi + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +# File descriptor usage: +# 0 standard input +# 1 file creation +# 2 errors and warnings +# 3 some systems may open it to /dev/tty +# 4 used on the Kubota Titan +# 6 checking for... messages and results +# 5 compiler messages saved in config.log +if test "$silent" = yes; then + exec 6>/dev/null +else + exec 6>&1 +fi +exec 5>./config.log + +echo "\ +This file contains any messages produced by compilers while +running configure, to aid debugging if configure makes a mistake. +" 1>&5 + +# Strip out --no-create and --no-recursion so they do not pile up. +# Also quote any args containing shell metacharacters. +ac_configure_args= +for ac_arg +do + case "$ac_arg" in + -no-create | --no-create | --no-creat | --no-crea | --no-cre \ + | --no-cr | --no-c) ;; + -no-recursion | --no-recursion | --no-recursio | --no-recursi \ + | --no-recurs | --no-recur | --no-recu | --no-rec | --no-re | --no-r) ;; + *" "*|*" "*|*[\[\]\~\#\$\^\&\*\(\)\{\}\\\|\;\<\>\?]*) + ac_configure_args="$ac_configure_args '$ac_arg'" ;; + *) ac_configure_args="$ac_configure_args $ac_arg" ;; + esac +done + +# NLS nuisances. +# Only set these to C if already set. These must not be set unconditionally +# because not all systems understand e.g. LANG=C (notably SCO). +# Fixing LC_MESSAGES prevents Solaris sh from translating var values in `set'! +# Non-C LC_CTYPE values break the ctype check. +if test "${LANG+set}" = set; then LANG=C; export LANG; fi +if test "${LC_ALL+set}" = set; then LC_ALL=C; export LC_ALL; fi +if test "${LC_MESSAGES+set}" = set; then LC_MESSAGES=C; export LC_MESSAGES; fi +if test "${LC_CTYPE+set}" = set; then LC_CTYPE=C; export LC_CTYPE; fi + +# confdefs.h avoids OS command line length limits that DEFS can exceed. +rm -rf conftest* confdefs.h +# AIX cpp loses on an empty file, so make sure it contains at least a newline. +echo > confdefs.h + +# A filename unique to this package, relative to the directory that +# configure is in, which we can look for to find out if srcdir is correct. +ac_unique_file=include/includes.h + +# Find the source files, if location was not specified. +if test -z "$srcdir"; then + ac_srcdir_defaulted=yes + # Try the directory containing this script, then its parent. + ac_prog=$0 + ac_confdir=`echo $ac_prog|sed 's%/[^/][^/]*$%%'` + test "x$ac_confdir" = "x$ac_prog" && ac_confdir=. + srcdir=$ac_confdir + if test ! -r $srcdir/$ac_unique_file; then + srcdir=.. + fi +else + ac_srcdir_defaulted=no +fi +if test ! -r $srcdir/$ac_unique_file; then + if test "$ac_srcdir_defaulted" = yes; then + { echo "configure: error: can not find sources in $ac_confdir or .." 1>&2; exit 1; } + else + { echo "configure: error: can not find sources in $srcdir" 1>&2; exit 1; } + fi +fi +srcdir=`echo "${srcdir}" | sed 's%\([^/]\)/*$%\1%'` + +# Prefer explicitly selected file to automatically selected ones. +if test -z "$CONFIG_SITE"; then + if test "x$prefix" != xNONE; then + CONFIG_SITE="$prefix/share/config.site $prefix/etc/config.site" + else + CONFIG_SITE="$ac_default_prefix/share/config.site $ac_default_prefix/etc/config.site" + fi +fi +for ac_site_file in $CONFIG_SITE; do + if test -r "$ac_site_file"; then + echo "loading site script $ac_site_file" + . "$ac_site_file" + fi +done + +if test -r "$cache_file"; then + echo "loading cache $cache_file" + . $cache_file +else + echo "creating cache $cache_file" + > $cache_file +fi + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +ac_exeext= +ac_objext=o +if (echo "testing\c"; echo 1,2,3) | grep c >/dev/null; then + # Stardent Vistra SVR4 grep lacks -e, says ghazi@caip.rutgers.edu. + if (echo -n testing; echo 1,2,3) | sed s/-n/xn/ | grep xn >/dev/null; then + ac_n= ac_c=' +' ac_t=' ' + else + ac_n=-n ac_c= ac_t= + fi +else + ac_n= ac_c='\c' ac_t= +fi + + + +# we want to be compatible with older versions of Samba + + + + + + + + + + + + + + + + + +# compile with optimisation and without debugging by default +CFLAGS="-O ${CFLAGS}" + +# Check whether --enable-debug or --disable-debug was given. +if test "${enable_debug+set}" = set; then + enableval="$enable_debug" + if eval "test x$enable_debug = xyes"; then + CFLAGS="${CFLAGS} -g" + fi +fi + + +# Check whether --enable-developer or --disable-developer was given. +if test "${enable_developer+set}" = set; then + enableval="$enable_developer" + if eval "test x$enable_developer = xyes"; then + CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER" + fi +fi + + +# Check whether --enable-krb5developer or --disable-krb5developer was given. +if test "${enable_krb5developer+set}" = set; then + enableval="$enable_krb5developer" + if eval "test x$enable_krb5developer = xyes"; then + CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER" + fi +fi + + +# Check whether --enable-dmalloc or --disable-dmalloc was given. +if test "${enable_dmalloc+set}" = set; then + enableval="$enable_dmalloc" + : +fi + + +if test "x$enable_dmalloc" = xyes +then + cat >> confdefs.h <<\EOF +#define ENABLE_DMALLOC 1 +EOF + + cat >> confdefs.h <<\EOF +#define DMALLOC_FUNC_CHECK 1 +EOF + + LIBS="$LIBS -ldmalloc" +fi + +# Extract the first word of "gcc", so it can be a program name with args. +set dummy gcc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:662: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="gcc" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +if test -z "$CC"; then + # Extract the first word of "cc", so it can be a program name with args. +set dummy cc; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:692: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_prog_rejected=no + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + if test "$ac_dir/$ac_word" = "/usr/ucb/cc"; then + ac_prog_rejected=yes + continue + fi + ac_cv_prog_CC="cc" + break + fi + done + IFS="$ac_save_ifs" +if test $ac_prog_rejected = yes; then + # We found a bogon in the path, so make sure we never use it. + set dummy $ac_cv_prog_CC + shift + if test $# -gt 0; then + # We chose a different compiler from the bogus one. + # However, it has the same basename, so the bogon will be chosen + # first if we set CC to just the basename; use the full file name. + shift + set dummy "$ac_dir/$ac_word" "$@" + shift + ac_cv_prog_CC="$@" + fi +fi +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + + if test -z "$CC"; then + case "`uname -s`" in + *win32* | *WIN32*) + # Extract the first word of "cl", so it can be a program name with args. +set dummy cl; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:743: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_CC'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$CC"; then + ac_cv_prog_CC="$CC" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_CC="cl" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +CC="$ac_cv_prog_CC" +if test -n "$CC"; then + echo "$ac_t""$CC" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + ;; + esac + fi + test -z "$CC" && { echo "configure: error: no acceptable cc found in \$PATH" 1>&2; exit 1; } +fi + +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works""... $ac_c" 1>&6 +echo "configure:775: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) works" >&5 + +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +cat > conftest.$ac_ext << EOF + +#line 786 "configure" +#include "confdefs.h" + +main(){return(0);} +EOF +if { (eval echo configure:791: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + ac_cv_prog_cc_works=yes + # If we can't run a trivial program, we are probably using a cross compiler. + if (./conftest; exit) 2>/dev/null; then + ac_cv_prog_cc_cross=no + else + ac_cv_prog_cc_cross=yes + fi +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + ac_cv_prog_cc_works=no +fi +rm -fr conftest* +ac_ext=c +# CFLAGS is not in ac_cpp because -g, -O, etc. are not valid cpp options. +ac_cpp='$CPP $CPPFLAGS' +ac_compile='${CC-cc} -c $CFLAGS $CPPFLAGS conftest.$ac_ext 1>&5' +ac_link='${CC-cc} -o conftest${ac_exeext} $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS 1>&5' +cross_compiling=$ac_cv_prog_cc_cross + +echo "$ac_t""$ac_cv_prog_cc_works" 1>&6 +if test $ac_cv_prog_cc_works = no; then + { echo "configure: error: installation or configuration problem: C compiler cannot create executables." 1>&2; exit 1; } +fi +echo $ac_n "checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler""... $ac_c" 1>&6 +echo "configure:817: checking whether the C compiler ($CC $CFLAGS $LDFLAGS) is a cross-compiler" >&5 +echo "$ac_t""$ac_cv_prog_cc_cross" 1>&6 +cross_compiling=$ac_cv_prog_cc_cross + +echo $ac_n "checking whether we are using GNU C""... $ac_c" 1>&6 +echo "configure:822: checking whether we are using GNU C" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_gcc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.c <&5; (eval $ac_try) 2>&5; }; } | egrep yes >/dev/null 2>&1; then + ac_cv_prog_gcc=yes +else + ac_cv_prog_gcc=no +fi +fi + +echo "$ac_t""$ac_cv_prog_gcc" 1>&6 + +if test $ac_cv_prog_gcc = yes; then + GCC=yes +else + GCC= +fi + +ac_test_CFLAGS="${CFLAGS+set}" +ac_save_CFLAGS="$CFLAGS" +CFLAGS= +echo $ac_n "checking whether ${CC-cc} accepts -g""... $ac_c" 1>&6 +echo "configure:850: checking whether ${CC-cc} accepts -g" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_g'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -g -c conftest.c 2>&1`"; then + ac_cv_prog_cc_g=yes +else + ac_cv_prog_cc_g=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_g" 1>&6 +if test "$ac_test_CFLAGS" = set; then + CFLAGS="$ac_save_CFLAGS" +elif test $ac_cv_prog_cc_g = yes; then + if test "$GCC" = yes; then + CFLAGS="-g -O2" + else + CFLAGS="-g" + fi +else + if test "$GCC" = yes; then + CFLAGS="-O2" + else + CFLAGS= + fi +fi + +ac_aux_dir= +for ac_dir in $srcdir $srcdir/.. $srcdir/../..; do + if test -f $ac_dir/install-sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install-sh -c" + break + elif test -f $ac_dir/install.sh; then + ac_aux_dir=$ac_dir + ac_install_sh="$ac_aux_dir/install.sh -c" + break + fi +done +if test -z "$ac_aux_dir"; then + { echo "configure: error: can not find install-sh or install.sh in $srcdir $srcdir/.. $srcdir/../.." 1>&2; exit 1; } +fi +ac_config_guess=$ac_aux_dir/config.guess +ac_config_sub=$ac_aux_dir/config.sub +ac_configure=$ac_aux_dir/configure # This should be Cygnus configure. + +# Find a good install program. We prefer a C program (faster), +# so one script is as good as another. But avoid the broken or +# incompatible versions: +# SysV /etc/install, /usr/sbin/install +# SunOS /usr/etc/install +# IRIX /sbin/install +# AIX /bin/install +# AIX 4 /usr/bin/installbsd, which doesn't work without a -g flag +# AFS /usr/afsws/bin/install, which mishandles nonexistent args +# SVR4 /usr/ucb/install, which tries to use the nonexistent group "staff" +# ./install, which can be erroneously created by make from ./install.sh. +echo $ac_n "checking for a BSD compatible install""... $ac_c" 1>&6 +echo "configure:912: checking for a BSD compatible install" >&5 +if test -z "$INSTALL"; then +if eval "test \"`echo '$''{'ac_cv_path_install'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + IFS="${IFS= }"; ac_save_IFS="$IFS"; IFS=":" + for ac_dir in $PATH; do + # Account for people who put trailing slashes in PATH elements. + case "$ac_dir/" in + /|./|.//|/etc/*|/usr/sbin/*|/usr/etc/*|/sbin/*|/usr/afsws/bin/*|/usr/ucb/*) ;; + *) + # OSF1 and SCO ODT 3.0 have their own names for install. + # Don't use installbsd from OSF since it installs stuff as root + # by default. + for ac_prog in ginstall scoinst install; do + if test -f $ac_dir/$ac_prog; then + if test $ac_prog = install && + grep dspmsg $ac_dir/$ac_prog >/dev/null 2>&1; then + # AIX install. It has an incompatible calling convention. + : + else + ac_cv_path_install="$ac_dir/$ac_prog -c" + break 2 + fi + fi + done + ;; + esac + done + IFS="$ac_save_IFS" + +fi + if test "${ac_cv_path_install+set}" = set; then + INSTALL="$ac_cv_path_install" + else + # As a last resort, use the slow shell script. We don't cache a + # path for INSTALL within a source directory, because that will + # break other packages using the cache if that directory is + # removed, or if the path is relative. + INSTALL="$ac_install_sh" + fi +fi +echo "$ac_t""$INSTALL" 1>&6 + +# Use test -z because SunOS4 sh mishandles braces in ${var-val}. +# It thinks the first close brace ends the variable substitution. +test -z "$INSTALL_PROGRAM" && INSTALL_PROGRAM='${INSTALL}' + +test -z "$INSTALL_SCRIPT" && INSTALL_SCRIPT='${INSTALL_PROGRAM}' + +test -z "$INSTALL_DATA" && INSTALL_DATA='${INSTALL} -m 644' + +for ac_prog in mawk gawk nawk awk +do +# Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:969: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_AWK'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$AWK"; then + ac_cv_prog_AWK="$AWK" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_AWK="$ac_prog" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +AWK="$ac_cv_prog_AWK" +if test -n "$AWK"; then + echo "$ac_t""$AWK" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +test -n "$AWK" && break +done + + +echo $ac_n "checking for POSIXized ISC""... $ac_c" 1>&6 +echo "configure:1000: checking for POSIXized ISC" >&5 +if test -d /etc/conf/kconfig.d && + grep _POSIX_VERSION /usr/include/sys/unistd.h >/dev/null 2>&1 +then + echo "$ac_t""yes" 1>&6 + ISC=yes # If later tests want to check for ISC. + cat >> confdefs.h <<\EOF +#define _POSIX_SOURCE 1 +EOF + + if test "$GCC" = yes; then + CC="$CC -posix" + else + CC="$CC -Xp" + fi +else + echo "$ac_t""no" 1>&6 + ISC= +fi + + +if test "x$CC" != xcc; then + echo $ac_n "checking whether $CC and cc understand -c and -o together""... $ac_c" 1>&6 +echo "configure:1023: checking whether $CC and cc understand -c and -o together" >&5 +else + echo $ac_n "checking whether cc understands -c and -o together""... $ac_c" 1>&6 +echo "configure:1026: checking whether cc understands -c and -o together" >&5 +fi +set dummy $CC; ac_cc="`echo $2 | + sed -e 's/[^a-zA-Z0-9_]/_/g' -e 's/^[0-9]/_/'`" +if eval "test \"`echo '$''{'ac_cv_prog_cc_${ac_cc}_c_o'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'foo(){}' > conftest.c +# Make sure it works both with $CC and with simple cc. +# We do the test twice because some compilers refuse to overwrite an +# existing .o file with -o, though they will create one. +ac_try='${CC-cc} -c conftest.c -o conftest.o 1>&5' +if { (eval echo configure:1038: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } && + test -f conftest.o && { (eval echo configure:1039: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; +then + eval ac_cv_prog_cc_${ac_cc}_c_o=yes + if test "x$CC" != xcc; then + # Test first that cc exists at all. + if { ac_try='cc -c conftest.c 1>&5'; { (eval echo configure:1044: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; }; then + ac_try='cc -c conftest.c -o conftest.o 1>&5' + if { (eval echo configure:1046: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } && + test -f conftest.o && { (eval echo configure:1047: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; }; + then + # cc works too. + : + else + # cc exists but doesn't like -o. + eval ac_cv_prog_cc_${ac_cc}_c_o=no + fi + fi + fi +else + eval ac_cv_prog_cc_${ac_cc}_c_o=no +fi +rm -f conftest* + +fi +if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = yes"; then + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 + cat >> confdefs.h <<\EOF +#define NO_MINUS_C_MINUS_O 1 +EOF + +fi + +if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = no"; then + BROKEN_CC= +else + BROKEN_CC=# +fi + + +echo $ac_n "checking that the C compiler understands volatile""... $ac_c" 1>&6 +echo "configure:1081: checking that the C compiler understands volatile" >&5 +if eval "test \"`echo '$''{'samba_cv_volatile'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +volatile int i = 0 +; return 0; } +EOF +if { (eval echo configure:1094: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_volatile=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_volatile=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_volatile" 1>&6 +if test x"$samba_cv_volatile" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_VOLATILE 1 +EOF + +fi + + + +# Do some error checking and defaulting for the host and target type. +# The inputs are: +# configure --host=HOST --target=TARGET --build=BUILD NONOPT +# +# The rules are: +# 1. You are not allowed to specify --host, --target, and nonopt at the +# same time. +# 2. Host defaults to nonopt. +# 3. If nonopt is not specified, then host defaults to the current host, +# as determined by config.guess. +# 4. Target and build default to nonopt. +# 5. If nonopt is not specified, then target and build default to host. + +# The aliases save the names the user supplied, while $host etc. +# will get canonicalized. +case $host---$target---$nonopt in +NONE---*---* | *---NONE---* | *---*---NONE) ;; +*) { echo "configure: error: can only configure for one host and one target at a time" 1>&2; exit 1; } ;; +esac + + +# Make sure we can run config.sub. +if ${CONFIG_SHELL-/bin/sh} $ac_config_sub sun4 >/dev/null 2>&1; then : +else { echo "configure: error: can not run $ac_config_sub" 1>&2; exit 1; } +fi + +echo $ac_n "checking host system type""... $ac_c" 1>&6 +echo "configure:1143: checking host system type" >&5 + +host_alias=$host +case "$host_alias" in +NONE) + case $nonopt in + NONE) + if host_alias=`${CONFIG_SHELL-/bin/sh} $ac_config_guess`; then : + else { echo "configure: error: can not guess host type; you must specify one" 1>&2; exit 1; } + fi ;; + *) host_alias=$nonopt ;; + esac ;; +esac + +host=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $host_alias` +host_cpu=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +host_vendor=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +host_os=`echo $host | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$host" 1>&6 + +echo $ac_n "checking target system type""... $ac_c" 1>&6 +echo "configure:1164: checking target system type" >&5 + +target_alias=$target +case "$target_alias" in +NONE) + case $nonopt in + NONE) target_alias=$host_alias ;; + *) target_alias=$nonopt ;; + esac ;; +esac + +target=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $target_alias` +target_cpu=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +target_vendor=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +target_os=`echo $target | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$target" 1>&6 + +echo $ac_n "checking build system type""... $ac_c" 1>&6 +echo "configure:1182: checking build system type" >&5 + +build_alias=$build +case "$build_alias" in +NONE) + case $nonopt in + NONE) build_alias=$host_alias ;; + *) build_alias=$nonopt ;; + esac ;; +esac + +build=`${CONFIG_SHELL-/bin/sh} $ac_config_sub $build_alias` +build_cpu=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\1/'` +build_vendor=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\2/'` +build_os=`echo $build | sed 's/^\([^-]*\)-\([^-]*\)-\(.*\)$/\3/'` +echo "$ac_t""$build" 1>&6 + +test "$host_alias" != "$target_alias" && + test "$program_prefix$program_suffix$program_transform_name" = \ + NONENONEs,x,x, && + program_prefix=${target_alias}- + + + case "$host_os" in + *irix6*) cat >> confdefs.h <<\EOF +#include +EOF + + ;; +esac + + + + echo $ac_n "checking config.cache system type""... $ac_c" 1>&6 +echo "configure:1216: checking config.cache system type" >&5 + if { test x"${ac_cv_host_system_type+set}" = x"set" && + test x"$ac_cv_host_system_type" != x"$host"; } || + { test x"${ac_cv_build_system_type+set}" = x"set" && + test x"$ac_cv_build_system_type" != x"$build"; } || + { test x"${ac_cv_target_system_type+set}" = x"set" && + test x"$ac_cv_target_system_type" != x"$target"; }; then + echo "$ac_t""different" 1>&6 + { echo "configure: error: "you must remove config.cache and restart configure"" 1>&2; exit 1; } + else + echo "$ac_t""same" 1>&6 + fi + ac_cv_host_system_type="$host" + ac_cv_build_system_type="$build" + ac_cv_target_system_type="$target" + + +DYNEXP= + +# +# Config CPPFLAG settings for strange OS's that must be set +# before other tests. +# +case "$host_os" in +# Try to work out if this is the native HPUX compiler that uses the -Ae flag. + *hpux*) + + echo $ac_n "checking whether ${CC-cc} accepts -Ae""... $ac_c" 1>&6 +echo "configure:1244: checking whether ${CC-cc} accepts -Ae" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_cc_Ae'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + echo 'void f(){}' > conftest.c +if test -z "`${CC-cc} -Ae -c conftest.c 2>&1`"; then + ac_cv_prog_cc_Ae=yes +else + ac_cv_prog_cc_Ae=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_prog_cc_Ae" 1>&6 + # mmap on HPUX is completely broken... + cat >> confdefs.h <<\EOF +#define MMAP_BLACKLIST 1 +EOF + + if test $ac_cv_prog_cc_Ae = yes; then + CPPFLAGS="$CPPFLAGS -Ae" + fi +# +# Defines needed for HPUX support. +# HPUX has bigcrypt but (sometimes?) doesn't use it for +# password hashing - hence the USE_BOTH_CRYPT_CALLS define. +# + case `uname -r` in + *9*|*10*) + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4" + cat >> confdefs.h <<\EOF +#define USE_BOTH_CRYPT_CALLS 1 +EOF + + cat >> confdefs.h <<\EOF +#define _HPUX_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _POSIX_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _ALIGNMENT_REQUIRED 1 +EOF + + cat >> confdefs.h <<\EOF +#define _MAX_ALIGNMENT 4 +EOF + + ;; + *11*) + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_LARGEFILE64_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4" + cat >> confdefs.h <<\EOF +#define USE_BOTH_CRYPT_CALLS 1 +EOF + + cat >> confdefs.h <<\EOF +#define _HPUX_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _POSIX_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _ALIGNMENT_REQUIRED 1 +EOF + + cat >> confdefs.h <<\EOF +#define _MAX_ALIGNMENT 4 +EOF + + ;; + esac + DYNEXP="-Wl,-E" + ;; + +# +# CRAY Unicos has broken const handling + *unicos*) + echo "$ac_t""disabling const" 1>&6 + CPPFLAGS="$CPPFLAGS -Dconst=" + ;; + +# +# AIX4.x doesn't even admit to having large +# files *at all* unless the -D_LARGE_FILE or -D_LARGE_FILE_API flags are set. +# + *aix4*) + echo "$ac_t""enabling large file support" 1>&6 + CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" + cat >> confdefs.h <<\EOF +#define _LARGE_FILES 1 +EOF + + ;; +# +# Defines needed for Solaris 2.6/2.7 aka 7.0 to make it admit +# to the existance of large files.. +# Note that -D_LARGEFILE64_SOURCE is different from the Sun +# recommendations on large file support, however it makes the +# compile work using gcc 2.7 and 2.8, whereas using the Sun +# recommendation makes the compile fail on gcc2.7. JRA. +# + *solaris*) + case `uname -r` in + 5.0*|5.1*|5.2*|5.3*|5.5*) + echo "$ac_t""no large file support" 1>&6 + ;; + 5.*) + echo "$ac_t""enabling large file support" 1>&6 + if test "$ac_cv_prog_gcc" = yes; then + ${CC-cc} -v >conftest.c 2>&1 + ac_cv_gcc_compiler_version_number=`grep 'gcc version' conftest.c` + rm -fr conftest.c + case "$ac_cv_gcc_compiler_version_number" in + *"gcc version 2.6"*|*"gcc version 2.7"*) + CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE" + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + ;; + *) + CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _FILE_OFFSET_BITS 64 +EOF + + ;; + esac + else + DYNEXP="-dc -dp" + CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _FILE_OFFSET_BITS 64 +EOF + + fi + ;; + esac + ;; +# +# Tests needed for SINIX large file support. +# + *sysv4*) + if test $host = mips-sni-sysv4 ; then + echo $ac_n "checking for LFS support""... $ac_c" 1>&6 +echo "configure:1406: checking for LFS support" >&5 + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS" + if test "$cross_compiling" = yes; then + SINIX_LFS_SUPPORT=cross +else + cat > conftest.$ac_ext < +main () { +#if _LFS64_LARGEFILE == 1 +exit(0); +#else +exit(1); +#endif +} +EOF +if { (eval echo configure:1425: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + SINIX_LFS_SUPPORT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + SINIX_LFS_SUPPORT=no +fi +rm -fr conftest* +fi + + CPPFLAGS="$old_CPPFLAGS" + if test x$SINIX_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS" + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + CFLAGS="`getconf LFS64_CFLAGS` $CFLAGS" + LDFLAGS="`getconf LFS64_LDFLAGS` $LDFLAGS" + LIBS="`getconf LFS64_LIBS` $LIBS" + fi + echo "$ac_t""$SINIX_LFS_SUPPORT" 1>&6 + fi + ;; + +# Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support. +# + *linux*) + echo $ac_n "checking for LFS support""... $ac_c" 1>&6 +echo "configure:1456: checking for LFS support" >&5 + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" + if test "$cross_compiling" = yes; then + LINUX_LFS_SUPPORT=cross +else + cat > conftest.$ac_ext < +#include +main() { +#if _LFS64_LARGEFILE == 1 + struct utsname uts; + char *release; + int major, minor; + + /* Ensure this is glibc 2.2 or higher */ +#if defined(__GLIBC__) && defined(__GLIBC_MINOR__) + int libc_major = __GLIBC__; + int libc_minor = __GLIBC_MINOR__; + + if (libc_major < 2) + exit(1); + if (libc_minor < 2) + exit(1); +#endif + + /* Ensure this is kernel 2.4 or higher */ + + uname(&uts); + release = uts.release; + major = atoi(strsep(&release, ".")); + minor = atoi(strsep(&release, ".")); + + if (major > 2 || (major == 2 && minor > 3)) + exit(0); + exit(1); +#else + exit(1); +#endif +} + +EOF +if { (eval echo configure:1501: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + LINUX_LFS_SUPPORT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + LINUX_LFS_SUPPORT=no +fi +rm -fr conftest* +fi + + CPPFLAGS="$old_CPPFLAGS" + if test x$LINUX_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _FILE_OFFSET_BITS 64 +EOF + + cat >> confdefs.h <<\EOF +#define _GNU_SOURCE 1 +EOF + + fi + echo "$ac_t""$LINUX_LFS_SUPPORT" 1>&6 + ;; + + *hurd*) + echo $ac_n "checking for LFS support""... $ac_c" 1>&6 +echo "configure:1534: checking for LFS support" >&5 + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS" + if test "$cross_compiling" = yes; then + GLIBC_LFS_SUPPORT=cross +else + cat > conftest.$ac_ext < +main () { +#if _LFS64_LARGEFILE == 1 +exit(0); +#else +exit(1); +#endif +} +EOF +if { (eval echo configure:1553: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + GLIBC_LFS_SUPPORT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + GLIBC_LFS_SUPPORT=no +fi +rm -fr conftest* +fi + + CPPFLAGS="$old_CPPFLAGS" + if test x$GLIBC_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS" + cat >> confdefs.h <<\EOF +#define _LARGEFILE64_SOURCE 1 +EOF + + cat >> confdefs.h <<\EOF +#define _GNU_SOURCE 1 +EOF + + fi + echo "$ac_t""$GLIBC_LFS_SUPPORT" 1>&6 + ;; + +esac + +echo $ac_n "checking for inline""... $ac_c" 1>&6 +echo "configure:1583: checking for inline" >&5 +if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +done + +fi + +echo "$ac_t""$ac_cv_c_inline" 1>&6 +case "$ac_cv_c_inline" in + inline | yes) ;; + no) cat >> confdefs.h <<\EOF +#define inline +EOF + ;; + *) cat >> confdefs.h <&6 +echo "configure:1623: checking how to run the C preprocessor" >&5 +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then +if eval "test \"`echo '$''{'ac_cv_prog_CPP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + # This must be in double quotes, not single quotes, because CPP may get + # substituted into the Makefile and "${CC-cc}" will confuse make. + CPP="${CC-cc} -E" + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1644: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -E -traditional-cpp" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP="${CC-cc} -nologo -E" + cat > conftest.$ac_ext < +Syntax Error +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1678: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + : +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + CPP=/lib/cpp +fi +rm -f conftest* +fi +rm -f conftest* +fi +rm -f conftest* + ac_cv_prog_CPP="$CPP" +fi + CPP="$ac_cv_prog_CPP" +else + ac_cv_prog_CPP="$CPP" +fi +echo "$ac_t""$CPP" 1>&6 + +echo $ac_n "checking for ANSI C header files""... $ac_c" 1>&6 +echo "configure:1703: checking for ANSI C header files" >&5 +if eval "test \"`echo '$''{'ac_cv_header_stdc'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +#include +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:1716: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + ac_cv_header_stdc=yes +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +if test $ac_cv_header_stdc = yes; then + # SunOS 4.x string.h does not declare mem*, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "memchr" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # ISC 2.0.2 stdlib.h does not declare free, contrary to ANSI. +cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "free" >/dev/null 2>&1; then + : +else + rm -rf conftest* + ac_cv_header_stdc=no +fi +rm -f conftest* + +fi + +if test $ac_cv_header_stdc = yes; then + # /bin/cc in Irix-4.0.5 gets non-ANSI ctype macros unless using -ansi. +if test "$cross_compiling" = yes; then + : +else + cat > conftest.$ac_ext < +#define ISLOWER(c) ('a' <= (c) && (c) <= 'z') +#define TOUPPER(c) (ISLOWER(c) ? 'A' + ((c) - 'a') : (c)) +#define XOR(e, f) (((e) && !(f)) || (!(e) && (f))) +int main () { int i; for (i = 0; i < 256; i++) +if (XOR (islower (i), ISLOWER (i)) || toupper (i) != TOUPPER (i)) exit(2); +exit (0); } + +EOF +if { (eval echo configure:1783: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + : +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_header_stdc=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_header_stdc" 1>&6 +if test $ac_cv_header_stdc = yes; then + cat >> confdefs.h <<\EOF +#define STDC_HEADERS 1 +EOF + +fi + +ac_header_dirent=no +for ac_hdr in dirent.h sys/ndir.h sys/dir.h ndir.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr that defines DIR""... $ac_c" 1>&6 +echo "configure:1811: checking for $ac_hdr that defines DIR" >&5 +if eval "test \"`echo '$''{'ac_cv_header_dirent_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include <$ac_hdr> +int main() { +DIR *dirp = 0; +; return 0; } +EOF +if { (eval echo configure:1824: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + eval "ac_cv_header_dirent_$ac_safe=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_dirent_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_dirent_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done +# Two versions of opendir et al. are in -ldir and -lx on SCO Xenix. +if test $ac_header_dirent = dirent.h; then +echo $ac_n "checking for opendir in -ldir""... $ac_c" 1>&6 +echo "configure:1849: checking for opendir in -ldir" >&5 +ac_lib_var=`echo dir'_'opendir | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-ldir $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -ldir" +else + echo "$ac_t""no" 1>&6 +fi + +else +echo $ac_n "checking for opendir in -lx""... $ac_c" 1>&6 +echo "configure:1890: checking for opendir in -lx" >&5 +ac_lib_var=`echo x'_'opendir | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lx $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lx" +else + echo "$ac_t""no" 1>&6 +fi + +fi + +echo $ac_n "checking whether time.h and sys/time.h may both be included""... $ac_c" 1>&6 +echo "configure:1932: checking whether time.h and sys/time.h may both be included" >&5 +if eval "test \"`echo '$''{'ac_cv_header_time'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +int main() { +struct tm *tp; +; return 0; } +EOF +if { (eval echo configure:1946: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_time=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_time=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_time" 1>&6 +if test $ac_cv_header_time = yes; then + cat >> confdefs.h <<\EOF +#define TIME_WITH_SYS_TIME 1 +EOF + +fi + +echo $ac_n "checking for sys/wait.h that is POSIX.1 compatible""... $ac_c" 1>&6 +echo "configure:1967: checking for sys/wait.h that is POSIX.1 compatible" >&5 +if eval "test \"`echo '$''{'ac_cv_header_sys_wait_h'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#ifndef WEXITSTATUS +#define WEXITSTATUS(stat_val) ((unsigned)(stat_val) >> 8) +#endif +#ifndef WIFEXITED +#define WIFEXITED(stat_val) (((stat_val) & 255) == 0) +#endif +int main() { +int s; +wait (&s); +s = WIFEXITED (s) ? WEXITSTATUS (s) : 1; +; return 0; } +EOF +if { (eval echo configure:1988: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_sys_wait_h=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_sys_wait_h=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_header_sys_wait_h" 1>&6 +if test $ac_cv_header_sys_wait_h = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_SYS_WAIT_H 1 +EOF + +fi + +for ac_hdr in arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2012: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2022: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2052: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2062: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2092: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2102: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2132: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2142: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2172: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2182: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2212: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2222: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2252: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2262: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in security/pam_modules.h security/_pam_macros.h ldap.h lber.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2292: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2302: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +# +# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT. +# This causes configure to fail to detect it. Check for shadow separately on HPUX. +# +case "$host_os" in + *hpux*) + cat > conftest.$ac_ext < +int main() { +struct spwd testme +; return 0; } +EOF +if { (eval echo configure:2343: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_header_shadow_h=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_header_shadow_h=no +fi +rm -f conftest* + if test x"$ac_cv_header_shadow_h" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SHADOW_H 1 +EOF + + fi + ;; +esac +for ac_hdr in shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2365: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2375: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in nss.h nss_common.h ns_api.h sys/security.h security/pam_appl.h security/pam_modules.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2405: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2415: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in stropts.h poll.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2445: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2455: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/capability.h syscall.h sys/syscall.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2485: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2495: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + +for ac_hdr in sys/acl.h sys/cdefs.h glob.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2525: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2535: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +# For experimental utmp support (lastlog on some BSD-like systems) +for ac_hdr in utmp.h utmpx.h lastlog.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2567: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2577: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +# For quotas on Veritas VxFS filesystems +for ac_hdr in sys/fs/vx_quota.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2609: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2619: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +# For quotas on Linux XFS filesystems +for ac_hdr in linux/xqm.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:2651: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:2661: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +echo $ac_n "checking size of int""... $ac_c" 1>&6 +echo "configure:2689: checking size of int" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_int'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_sizeof_int=cross +else + cat > conftest.$ac_ext < +#include +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(int)); + exit(0); +} +EOF +if { (eval echo configure:2709: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_int=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_int=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_int" 1>&6 +cat >> confdefs.h <&6 +echo "configure:2729: checking size of long" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_long'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_sizeof_long=cross +else + cat > conftest.$ac_ext < +#include +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(long)); + exit(0); +} +EOF +if { (eval echo configure:2749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_long=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_long=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_long" 1>&6 +cat >> confdefs.h <&6 +echo "configure:2769: checking size of short" >&5 +if eval "test \"`echo '$''{'ac_cv_sizeof_short'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_sizeof_short=cross +else + cat > conftest.$ac_ext < +#include +main() +{ + FILE *f=fopen("conftestval", "w"); + if (!f) exit(1); + fprintf(f, "%d\n", sizeof(short)); + exit(0); +} +EOF +if { (eval echo configure:2789: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_sizeof_short=`cat conftestval` +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_sizeof_short=0 +fi +rm -fr conftest* +fi + +fi +echo "$ac_t""$ac_cv_sizeof_short" 1>&6 +cat >> confdefs.h <&6 +echo "configure:2810: checking for working const" >&5 +if eval "test \"`echo '$''{'ac_cv_c_const'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext <j = 5; +} +{ /* ULTRIX-32 V3.1 (Rev 9) vcc rejects this */ + const int foo = 10; +} + +; return 0; } +EOF +if { (eval echo configure:2864: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_const=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_const=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_c_const" 1>&6 +if test $ac_cv_c_const = no; then + cat >> confdefs.h <<\EOF +#define const +EOF + +fi + +echo $ac_n "checking for inline""... $ac_c" 1>&6 +echo "configure:2885: checking for inline" >&5 +if eval "test \"`echo '$''{'ac_cv_c_inline'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_inline=no +for ac_kw in inline __inline__ __inline; do + cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_inline=$ac_kw; break +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +done + +fi + +echo "$ac_t""$ac_cv_c_inline" 1>&6 +case "$ac_cv_c_inline" in + inline | yes) ;; + no) cat >> confdefs.h <<\EOF +#define inline +EOF + ;; + *) cat >> confdefs.h <&6 +echo "configure:2925: checking whether byte ordering is bigendian" >&5 +if eval "test \"`echo '$''{'ac_cv_c_bigendian'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_cv_c_bigendian=unknown +# See if sys/param.h defines the BYTE_ORDER macro. +cat > conftest.$ac_ext < +#include +int main() { + +#if !BYTE_ORDER || !BIG_ENDIAN || !LITTLE_ENDIAN + bogus endian macros +#endif +; return 0; } +EOF +if { (eval echo configure:2943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + # It does; now see whether it defined to BIG_ENDIAN or not. +cat > conftest.$ac_ext < +#include +int main() { + +#if BYTE_ORDER != BIG_ENDIAN + not big endian +#endif +; return 0; } +EOF +if { (eval echo configure:2958: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_c_bigendian=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_c_bigendian=no +fi +rm -f conftest* +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* +if test $ac_cv_c_bigendian = unknown; then +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_c_bigendian=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_bigendian=yes +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_c_bigendian" 1>&6 +if test $ac_cv_c_bigendian = yes; then + cat >> confdefs.h <<\EOF +#define WORDS_BIGENDIAN 1 +EOF + +fi + +echo $ac_n "checking whether char is unsigned""... $ac_c" 1>&6 +echo "configure:3015: checking whether char is unsigned" >&5 +if eval "test \"`echo '$''{'ac_cv_c_char_unsigned'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$GCC" = yes; then + # GCC predefines this symbol on systems where it applies. +cat > conftest.$ac_ext <&5 | + egrep "yes" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_c_char_unsigned=yes +else + rm -rf conftest* + ac_cv_c_char_unsigned=no +fi +rm -f conftest* + +else +if test "$cross_compiling" = yes; then + { echo "configure: error: can not run test program while cross compiling" 1>&2; exit 1; } +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_c_char_unsigned=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_c_char_unsigned=no +fi +rm -fr conftest* +fi + +fi +fi + +echo "$ac_t""$ac_cv_c_char_unsigned" 1>&6 +if test $ac_cv_c_char_unsigned = yes && test "$GCC" != yes; then + cat >> confdefs.h <<\EOF +#define __CHAR_UNSIGNED__ 1 +EOF + +fi + + +echo $ac_n "checking return type of signal handlers""... $ac_c" 1>&6 +echo "configure:3079: checking return type of signal handlers" >&5 +if eval "test \"`echo '$''{'ac_cv_type_signal'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#ifdef signal +#undef signal +#endif +#ifdef __cplusplus +extern "C" void (*signal (int, void (*)(int)))(int); +#else +void (*signal ()) (); +#endif + +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:3101: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_type_signal=void +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_type_signal=int +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_type_signal" 1>&6 +cat >> confdefs.h <&6 +echo "configure:3120: checking for uid_t in sys/types.h" >&5 +if eval "test \"`echo '$''{'ac_cv_type_uid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "uid_t" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_uid_t=yes +else + rm -rf conftest* + ac_cv_type_uid_t=no +fi +rm -f conftest* + +fi + +echo "$ac_t""$ac_cv_type_uid_t" 1>&6 +if test $ac_cv_type_uid_t = no; then + cat >> confdefs.h <<\EOF +#define uid_t int +EOF + + cat >> confdefs.h <<\EOF +#define gid_t int +EOF + +fi + +echo $ac_n "checking for mode_t""... $ac_c" 1>&6 +echo "configure:3154: checking for mode_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_mode_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])mode_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_mode_t=yes +else + rm -rf conftest* + ac_cv_type_mode_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_mode_t" 1>&6 +if test $ac_cv_type_mode_t = no; then + cat >> confdefs.h <<\EOF +#define mode_t int +EOF + +fi + +echo $ac_n "checking for off_t""... $ac_c" 1>&6 +echo "configure:3187: checking for off_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_off_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])off_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_off_t=yes +else + rm -rf conftest* + ac_cv_type_off_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_off_t" 1>&6 +if test $ac_cv_type_off_t = no; then + cat >> confdefs.h <<\EOF +#define off_t long +EOF + +fi + +echo $ac_n "checking for size_t""... $ac_c" 1>&6 +echo "configure:3220: checking for size_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_size_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])size_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_size_t=yes +else + rm -rf conftest* + ac_cv_type_size_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_size_t" 1>&6 +if test $ac_cv_type_size_t = no; then + cat >> confdefs.h <<\EOF +#define size_t unsigned +EOF + +fi + +echo $ac_n "checking for pid_t""... $ac_c" 1>&6 +echo "configure:3253: checking for pid_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_pid_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])pid_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_pid_t=yes +else + rm -rf conftest* + ac_cv_type_pid_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_pid_t" 1>&6 +if test $ac_cv_type_pid_t = no; then + cat >> confdefs.h <<\EOF +#define pid_t int +EOF + +fi + +echo $ac_n "checking for st_rdev in struct stat""... $ac_c" 1>&6 +echo "configure:3286: checking for st_rdev in struct stat" >&5 +if eval "test \"`echo '$''{'ac_cv_struct_st_rdev'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +int main() { +struct stat s; s.st_rdev; +; return 0; } +EOF +if { (eval echo configure:3299: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_struct_st_rdev=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_struct_st_rdev=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_struct_st_rdev" 1>&6 +if test $ac_cv_struct_st_rdev = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_ST_RDEV 1 +EOF + +fi + +echo $ac_n "checking for d_off in dirent""... $ac_c" 1>&6 +echo "configure:3320: checking for d_off in dirent" >&5 +if eval "test \"`echo '$''{'ac_cv_dirent_d_off'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +#include +int main() { +struct dirent d; d.d_off; +; return 0; } +EOF +if { (eval echo configure:3335: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_dirent_d_off=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_dirent_d_off=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_dirent_d_off" 1>&6 +if test $ac_cv_dirent_d_off = yes; then + cat >> confdefs.h <<\EOF +#define HAVE_DIRENT_D_OFF 1 +EOF + +fi + +echo $ac_n "checking for ino_t""... $ac_c" 1>&6 +echo "configure:3356: checking for ino_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_ino_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])ino_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_ino_t=yes +else + rm -rf conftest* + ac_cv_type_ino_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_ino_t" 1>&6 +if test $ac_cv_type_ino_t = no; then + cat >> confdefs.h <<\EOF +#define ino_t unsigned +EOF + +fi + +echo $ac_n "checking for loff_t""... $ac_c" 1>&6 +echo "configure:3389: checking for loff_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_loff_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])loff_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_loff_t=yes +else + rm -rf conftest* + ac_cv_type_loff_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_loff_t" 1>&6 +if test $ac_cv_type_loff_t = no; then + cat >> confdefs.h <<\EOF +#define loff_t off_t +EOF + +fi + +echo $ac_n "checking for offset_t""... $ac_c" 1>&6 +echo "configure:3422: checking for offset_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_offset_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])offset_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_offset_t=yes +else + rm -rf conftest* + ac_cv_type_offset_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_offset_t" 1>&6 +if test $ac_cv_type_offset_t = no; then + cat >> confdefs.h <<\EOF +#define offset_t loff_t +EOF + +fi + +echo $ac_n "checking for ssize_t""... $ac_c" 1>&6 +echo "configure:3455: checking for ssize_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_ssize_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])ssize_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_ssize_t=yes +else + rm -rf conftest* + ac_cv_type_ssize_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_ssize_t" 1>&6 +if test $ac_cv_type_ssize_t = no; then + cat >> confdefs.h <<\EOF +#define ssize_t int +EOF + +fi + +echo $ac_n "checking for wchar_t""... $ac_c" 1>&6 +echo "configure:3488: checking for wchar_t" >&5 +if eval "test \"`echo '$''{'ac_cv_type_wchar_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +EOF +if (eval "$ac_cpp conftest.$ac_ext") 2>&5 | + egrep "(^|[^a-zA-Z_0-9])wchar_t[^a-zA-Z_0-9]" >/dev/null 2>&1; then + rm -rf conftest* + ac_cv_type_wchar_t=yes +else + rm -rf conftest* + ac_cv_type_wchar_t=no +fi +rm -f conftest* + +fi +echo "$ac_t""$ac_cv_type_wchar_t" 1>&6 +if test $ac_cv_type_wchar_t = no; then + cat >> confdefs.h <<\EOF +#define wchar_t unsigned short +EOF + +fi + + +############################################ +# for cups support we need libcups, and a handful of header files + +echo $ac_n "checking for httpConnect in -lcups""... $ac_c" 1>&6 +echo "configure:3525: checking for httpConnect in -lcups" >&5 +ac_lib_var=`echo cups'_'httpConnect | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcups $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo cups | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + +# I wonder if there is a nicer way of doing this? + +if test x"$ac_cv_lib_cups_httpConnect" = x"yes"; then + for ac_hdr in cups/cups.h cups/language.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:3579: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:3589: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + if test x"$ac_cv_header_cups_cups_h" = x"yes"; then + if test x"$ac_cv_header_cups_language_h" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_CUPS 1 +EOF + + fi + fi +fi + +############################################ +# we need libdl for PAM, the password database plugins and the new VFS code +echo $ac_n "checking for dlopen in -ldl""... $ac_c" 1>&6 +echo "configure:3628: checking for dlopen in -ldl" >&5 +ac_lib_var=`echo dl'_'dlopen | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-ldl $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -ldl"; + cat >> confdefs.h <<\EOF +#define HAVE_LIBDL 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + +############################################ +# check if the compiler can do immediate structures +echo $ac_n "checking for immediate structures""... $ac_c" 1>&6 +echo "configure:3675: checking for immediate structures" >&5 +if eval "test \"`echo '$''{'samba_cv_immediate_structures'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { + + typedef struct {unsigned x;} FOOBAR; + #define X_FOOBAR(x) ((FOOBAR) { x }) + #define FOO_ONE X_FOOBAR(1) + FOOBAR f = FOO_ONE; + static struct { + FOOBAR y; + } f2[] = { + {FOO_ONE} + }; + +; return 0; } +EOF +if { (eval echo configure:3699: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_immediate_structures=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_immediate_structures=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_immediate_structures" 1>&6 +if test x"$samba_cv_immediate_structures" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_IMMEDIATE_STRUCTURES 1 +EOF + +fi + +############################################ +# check for unix domain sockets +echo $ac_n "checking for unix domain sockets""... $ac_c" 1>&6 +echo "configure:3722: checking for unix domain sockets" >&5 +if eval "test \"`echo '$''{'samba_cv_unixsocket'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#include +#include +#include +#include +int main() { + + struct sockaddr_un sunaddr; + sunaddr.sun_family = AF_UNIX; + +; return 0; } +EOF +if { (eval echo configure:3743: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_unixsocket=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_unixsocket=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_unixsocket" 1>&6 +if test x"$samba_cv_unixsocket" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UNIXSOCKET 1 +EOF + +fi + + +echo $ac_n "checking for socklen_t type""... $ac_c" 1>&6 +echo "configure:3765: checking for socklen_t type" >&5 +if eval "test \"`echo '$''{'samba_cv_socklen_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +#include +int main() { +socklen_t i = 0 +; return 0; } +EOF +if { (eval echo configure:3784: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_socklen_t=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_socklen_t=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_socklen_t" 1>&6 +if test x"$samba_cv_socklen_t" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SOCKLEN_T_TYPE 1 +EOF + +fi + +echo $ac_n "checking for sig_atomic_t type""... $ac_c" 1>&6 +echo "configure:3805: checking for sig_atomic_t type" >&5 +if eval "test \"`echo '$''{'samba_cv_sig_atomic_t'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#if STDC_HEADERS +#include +#include +#endif +#include +int main() { +sig_atomic_t i = 0 +; return 0; } +EOF +if { (eval echo configure:3824: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_sig_atomic_t=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_sig_atomic_t=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_sig_atomic_t" 1>&6 +if test x"$samba_cv_sig_atomic_t" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SIG_ATOMIC_T_TYPE 1 +EOF + +fi + +# stupid headers have the functions but no declaration. grrrr. + + echo $ac_n "checking for errno declaration""... $ac_c" 1>&6 +echo "configure:3847: checking for errno declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_errno_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)errno +; return 0; } +EOF +if { (eval echo configure:3860: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_errno_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_errno_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_errno_decl" 1>&6 + if test x"$ac_cv_have_errno_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_ERRNO_DECL 1 +EOF + + fi + + + echo $ac_n "checking for setresuid declaration""... $ac_c" 1>&6 +echo "configure:3882: checking for setresuid declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_setresuid_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)setresuid +; return 0; } +EOF +if { (eval echo configure:3895: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_setresuid_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_setresuid_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_setresuid_decl" 1>&6 + if test x"$ac_cv_have_setresuid_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SETRESUID_DECL 1 +EOF + + fi + + + echo $ac_n "checking for setresgid declaration""... $ac_c" 1>&6 +echo "configure:3917: checking for setresgid declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_setresgid_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)setresgid +; return 0; } +EOF +if { (eval echo configure:3930: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_setresgid_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_setresgid_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_setresgid_decl" 1>&6 + if test x"$ac_cv_have_setresgid_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SETRESGID_DECL 1 +EOF + + fi + + + echo $ac_n "checking for asprintf declaration""... $ac_c" 1>&6 +echo "configure:3952: checking for asprintf declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_asprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)asprintf +; return 0; } +EOF +if { (eval echo configure:3965: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_asprintf_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_asprintf_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_asprintf_decl" 1>&6 + if test x"$ac_cv_have_asprintf_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_ASPRINTF_DECL 1 +EOF + + fi + + + echo $ac_n "checking for vasprintf declaration""... $ac_c" 1>&6 +echo "configure:3987: checking for vasprintf declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_vasprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)vasprintf +; return 0; } +EOF +if { (eval echo configure:4000: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_vasprintf_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_vasprintf_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_vasprintf_decl" 1>&6 + if test x"$ac_cv_have_vasprintf_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_VASPRINTF_DECL 1 +EOF + + fi + + + echo $ac_n "checking for vsnprintf declaration""... $ac_c" 1>&6 +echo "configure:4022: checking for vsnprintf declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_vsnprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)vsnprintf +; return 0; } +EOF +if { (eval echo configure:4035: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_vsnprintf_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_vsnprintf_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_vsnprintf_decl" 1>&6 + if test x"$ac_cv_have_vsnprintf_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_VSNPRINTF_DECL 1 +EOF + + fi + + + echo $ac_n "checking for snprintf declaration""... $ac_c" 1>&6 +echo "configure:4057: checking for snprintf declaration" >&5 +if eval "test \"`echo '$''{'ac_cv_have_snprintf_decl'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +int i = (int)snprintf +; return 0; } +EOF +if { (eval echo configure:4070: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + ac_cv_have_snprintf_decl=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + ac_cv_have_snprintf_decl=no +fi +rm -f conftest* +fi + +echo "$ac_t""$ac_cv_have_snprintf_decl" 1>&6 + if test x"$ac_cv_have_snprintf_decl" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SNPRINTF_DECL 1 +EOF + + fi + + +# and glibc has setresuid under linux but the function does +# nothing until kernel 2.1.44! very dumb. +echo $ac_n "checking for real setresuid""... $ac_c" 1>&6 +echo "configure:4094: checking for real setresuid" >&5 +if eval "test \"`echo '$''{'samba_cv_have_setresuid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + if test "$cross_compiling" = yes; then + samba_cv_have_setresuid=cross +else + cat > conftest.$ac_ext < +main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);} +EOF +if { (eval echo configure:4108: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_have_setresuid=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_have_setresuid=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_have_setresuid" 1>&6 +if test x"$samba_cv_have_setresuid" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SETRESUID 1 +EOF + +fi + +# Do the same check for setresguid... +# +echo $ac_n "checking for real setresgid""... $ac_c" 1>&6 +echo "configure:4133: checking for real setresgid" >&5 +if eval "test \"`echo '$''{'samba_cv_have_setresgid'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + if test "$cross_compiling" = yes; then + samba_cv_have_setresgid=cross +else + cat > conftest.$ac_ext < +#include +main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);} +EOF +if { (eval echo configure:4148: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_have_setresgid=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_have_setresgid=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_have_setresgid" 1>&6 +if test x"$samba_cv_have_setresgid" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SETRESGID 1 +EOF + +fi + +echo $ac_n "checking for 8-bit clean memcmp""... $ac_c" 1>&6 +echo "configure:4171: checking for 8-bit clean memcmp" >&5 +if eval "test \"`echo '$''{'ac_cv_func_memcmp_clean'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + ac_cv_func_memcmp_clean=no +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + ac_cv_func_memcmp_clean=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + ac_cv_func_memcmp_clean=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$ac_cv_func_memcmp_clean" 1>&6 +test $ac_cv_func_memcmp_clean = no && LIBOBJS="$LIBOBJS memcmp.${ac_objext}" + + +############################################### +# test for where we get crypt() from +for ac_func in crypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:4212: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4240: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test x"$ac_cv_func_crypt" = x"no"; then + echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 +echo "configure:4266: checking for crypt in -lcrypt" >&5 +ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcrypt $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lcrypt"; + cat >> confdefs.h <<\EOF +#define HAVE_CRYPT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi + + +############################################### +# Readline included by default unless explicitly asked not to +test "${with_readline+set}" != "set" && with_readline=yes + +# test for where we get readline() from +echo $ac_n "checking whether to use readline""... $ac_c" 1>&6 +echo "configure:4318: checking whether to use readline" >&5 +# Check whether --with-readline or --without-readline was given. +if test "${with_readline+set}" = set; then + withval="$with_readline" + case "$with_readline" in + yes) + echo "$ac_t""yes" 1>&6 + + for ac_hdr in readline.h history.h readline/readline.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:4330: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:4340: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + for ac_hdr in readline/history.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:4370: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:4380: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + + for ac_hdr in readline.h readline/readline.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:4411: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:4421: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +echo "configure:4444: checking for tgetent in -l${termlib}" >&5 +ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-l${termlib} $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + TERMLIBS="-l${termlib}"; break +else + echo "$ac_t""no" 1>&6 +fi + + done + echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6 +echo "configure:4485: checking for rl_callback_handler_install in -lreadline" >&5 +ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lreadline $TERMLIBS $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + TERMLIBS="-lreadline $TERMLIBS" + cat >> confdefs.h <<\EOF +#define HAVE_LIBREADLINE 1 +EOF + + break +else + echo "$ac_t""no" 1>&6 +TERMLIBS= +fi + +else + echo "$ac_t""no" 1>&6 +fi +done + + ;; + no) + echo "$ac_t""no" 1>&6 + ;; + *) + echo "$ac_t""yes" 1>&6 + + # Needed for AC_CHECK_HEADERS and AC_CHECK_LIB to look at + # alternate readline path + _ldflags=${LDFLAGS} + _cppflags=${CPPFLAGS} + + # Add additional search path + LDFLAGS="-L$with_readline/lib $LDFLAGS" + CPPFLAGS="-I$with_readline/include $CPPFLAGS" + + for ac_hdr in readline.h history.h readline/readline.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:4555: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:4565: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + for ac_hdr in readline/history.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:4595: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:4605: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + + for ac_hdr in readline.h readline/readline.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:4636: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:4646: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +echo "configure:4669: checking for tgetent in -l${termlib}" >&5 +ac_lib_var=`echo ${termlib}'_'tgetent | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-l${termlib} $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + TERMLIBS="-l${termlib}"; break +else + echo "$ac_t""no" 1>&6 +fi + + done + echo $ac_n "checking for rl_callback_handler_install in -lreadline""... $ac_c" 1>&6 +echo "configure:4710: checking for rl_callback_handler_install in -lreadline" >&5 +ac_lib_var=`echo readline'_'rl_callback_handler_install | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lreadline $TERMLIBS $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + TERMLDFLAGS="-L$with_readline/lib" + TERMCPPFLAGS="-I$with_readline/include" + CPPFLAGS="-I$with_readline/include $CPPFLAGS" + TERMLIBS="-lreadline $TERMLIBS" + cat >> confdefs.h <<\EOF +#define HAVE_LIBREADLINE 1 +EOF + + break +else + echo "$ac_t""no" 1>&6 +TERMLIBS= CPPFLAGS=$_cppflags +fi + +else + echo "$ac_t""no" 1>&6 +fi +done + + + LDFLAGS=$_ldflags + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + + + +# The readline API changed slightly from readline3 to readline4, so +# code will generate warnings on one of them unless we have a few +# special cases. +echo $ac_n "checking for rl_completion_matches in -lreadline""... $ac_c" 1>&6 +echo "configure:4779: checking for rl_completion_matches in -lreadline" >&5 +ac_lib_var=`echo readline'_'rl_completion_matches | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lreadline $TERMLIBS $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_NEW_LIBREADLINE 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + +# The following test taken from the cvs sources +# If we can't find connect, try looking in -lsocket, -lnsl, and -linet. +# The Irix 5 libc.so has connect and gethostbyname, but Irix 5 also has +# libsocket.so which has a bad implementation of gethostbyname (it +# only looks in /etc/hosts), so we only look for -lsocket if we need +# it. +for ac_func in connect +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:4831: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:4859: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test x"$ac_cv_func_connect" = x"no"; then + case "$LIBS" in + *-lnsl*) ;; + *) echo $ac_n "checking for printf in -lnsl_s""... $ac_c" 1>&6 +echo "configure:4887: checking for printf in -lnsl_s" >&5 +ac_lib_var=`echo nsl_s'_'printf | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnsl_s $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo nsl_s | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + ;; + esac + case "$LIBS" in + *-lnsl*) ;; + *) echo $ac_n "checking for printf in -lnsl""... $ac_c" 1>&6 +echo "configure:4937: checking for printf in -lnsl" >&5 +ac_lib_var=`echo nsl'_'printf | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnsl $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo nsl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + ;; + esac + case "$LIBS" in + *-lsocket*) ;; + *) echo $ac_n "checking for connect in -lsocket""... $ac_c" 1>&6 +echo "configure:4987: checking for connect in -lsocket" >&5 +ac_lib_var=`echo socket'_'connect | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsocket $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo socket | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + ;; + esac + case "$LIBS" in + *-linet*) ;; + *) echo $ac_n "checking for connect in -linet""... $ac_c" 1>&6 +echo "configure:5037: checking for connect in -linet" >&5 +ac_lib_var=`echo inet'_'connect | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-linet $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo inet | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + ;; + esac + if test x"$ac_cv_lib_socket_connect" = x"yes" || + test x"$ac_cv_lib_inet_connect" = x"yes"; then + # ac_cv_func_connect=yes + # don't! it would cause AC_CHECK_FUNC to succeed next time configure is run + cat >> confdefs.h <<\EOF +#define HAVE_CONNECT 1 +EOF + + fi +fi + +############################################### +# test for where we get get_yp_default_domain() from +for ac_func in yp_get_default_domain +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5100: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5128: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then + echo $ac_n "checking for yp_get_default_domain in -lnsl""... $ac_c" 1>&6 +echo "configure:5154: checking for yp_get_default_domain in -lnsl" >&5 +ac_lib_var=`echo nsl'_'yp_get_default_domain | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lnsl $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lnsl"; + cat >> confdefs.h <<\EOF +#define HAVE_YP_GET_DEFAULT_DOMAIN 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi + +# Check if we have execl, if not we need to compile smbrun. +for ac_func in execl +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5203: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test x"$ac_cv_func_execl" = x"no"; then + RUNPROG="bin/smbrun" +else + RUNPROG="" +fi + +for ac_func in dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5264: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5292: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat setpgid +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5319: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5347: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5374: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5402: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5429: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5457: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in initgroups select poll rdchk getgrnam getgrent pathconf realpath +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5484: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5512: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5539: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5567: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5594: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5622: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5649: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5677: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5704: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5732: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in syslog vsyslog +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5759: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5787: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +# setbuffer is needed for smbtorture +for ac_func in setbuffer +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5815: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5843: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + +# syscall() is needed for smbwrapper. +for ac_func in syscall +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5872: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5900: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + +for ac_func in _dup _dup2 _opendir _readdir _seekdir _telldir _closedir +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5928: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:5956: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in __dup __dup2 __opendir __readdir __seekdir __telldir __closedir +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:5983: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in __getcwd _getcwd +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6038: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6066: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in __xstat __fxstat __lxstat +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6093: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in _stat _lstat _fstat __stat __lstat __fstat +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6148: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6176: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in _acl __acl _facl __facl _open __open _chdir __chdir +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6203: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6231: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in _close __close _fchdir __fchdir _fcntl __fcntl +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6258: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6286: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in getdents _getdents __getdents _lseek __lseek _read __read +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6313: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6341: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in _write __write _fork __fork +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6368: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6396: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in _stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6423: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6451: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in __sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6478: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6506: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in pread _pread __pread pread64 _pread64 __pread64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6533: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6561: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6588: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6616: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +for ac_func in open64 _open64 __open64 creat64 +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6643: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6671: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + +# +# stat64 family may need on some systems, notably ReliantUNIX +# + +if test x$ac_cv_func_stat64 = xno ; then + echo $ac_n "checking for stat64 in ""... $ac_c" 1>&6 +echo "configure:6702: checking for stat64 in " >&5 + cat > conftest.$ac_ext < +#endif +#include + +int main() { +struct stat64 st64; exit(stat64(".",&st64)); +; return 0; } +EOF +if { (eval echo configure:6716: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_func_stat64=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + echo "$ac_t""$ac_cv_func_stat64" 1>&6 + if test x$ac_cv_func_stat64 = xyes ; then + cat >> confdefs.h <<\EOF +#define HAVE_STAT64 1 +EOF + + fi +fi + +if test x$ac_cv_func_lstat64 = xno ; then + echo $ac_n "checking for lstat64 in ""... $ac_c" 1>&6 +echo "configure:6735: checking for lstat64 in " >&5 + cat > conftest.$ac_ext < +#endif +#include + +int main() { +struct stat64 st64; exit(lstat64(".",&st64)); +; return 0; } +EOF +if { (eval echo configure:6749: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_func_lstat64=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + echo "$ac_t""$ac_cv_func_lstat64" 1>&6 + if test x$ac_cv_func_lstat64 = xyes ; then + cat >> confdefs.h <<\EOF +#define HAVE_LSTAT64 1 +EOF + + fi +fi + +if test x$ac_cv_func_fstat64 = xno ; then + echo $ac_n "checking for fstat64 in ""... $ac_c" 1>&6 +echo "configure:6768: checking for fstat64 in " >&5 + cat > conftest.$ac_ext < +#endif +#include + +int main() { +struct stat64 st64; exit(fstat64(0,&st64)); +; return 0; } +EOF +if { (eval echo configure:6782: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + ac_cv_func_fstat64=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 +fi +rm -f conftest* + echo "$ac_t""$ac_cv_func_fstat64" 1>&6 + if test x$ac_cv_func_fstat64 = xyes ; then + cat >> confdefs.h <<\EOF +#define HAVE_FSTAT64 1 +EOF + + fi +fi + +##################################### +# we might need the resolv library on some systems +echo $ac_n "checking for dn_expand in -lresolv""... $ac_c" 1>&6 +echo "configure:6802: checking for dn_expand in -lresolv" >&5 +ac_lib_var=`echo resolv'_'dn_expand | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lresolv $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo resolv | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + +# +# Check for the functions putprpwnam, set_auth_parameters, +# getspnam, bigcrypt and getprpwnam in -lsec and -lsecurity +# Needed for OSF1 and HPUX. +# + +case "$LIBS" in + *-lsecurity*) for ac_func in putprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6859: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6887: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for putprpwnam in -lsecurity""... $ac_c" 1>&6 +echo "configure:6912: checking for putprpwnam in -lsecurity" >&5 +ac_lib_var=`echo security'_'putprpwnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsecurity $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in putprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:6961: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:6989: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + +case "$LIBS" in + *-lsec*) for ac_func in putprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7020: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7048: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for putprpwnam in -lsec""... $ac_c" 1>&6 +echo "configure:7073: checking for putprpwnam in -lsec" >&5 +ac_lib_var=`echo sec'_'putprpwnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsec $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in putprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7122: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7150: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + + +case "$LIBS" in + *-lsecurity*) for ac_func in set_auth_parameters +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7182: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7210: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for set_auth_parameters in -lsecurity""... $ac_c" 1>&6 +echo "configure:7235: checking for set_auth_parameters in -lsecurity" >&5 +ac_lib_var=`echo security'_'set_auth_parameters | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsecurity $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in set_auth_parameters +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7284: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7312: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + +case "$LIBS" in + *-lsec*) for ac_func in set_auth_parameters +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7343: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7371: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for set_auth_parameters in -lsec""... $ac_c" 1>&6 +echo "configure:7396: checking for set_auth_parameters in -lsec" >&5 +ac_lib_var=`echo sec'_'set_auth_parameters | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsec $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in set_auth_parameters +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7445: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7473: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + + +# UnixWare 7.x has its getspnam in -lgen +case "$LIBS" in + *-lgen*) for ac_func in getspnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7506: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7534: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for getspnam in -lgen""... $ac_c" 1>&6 +echo "configure:7559: checking for getspnam in -lgen" >&5 +ac_lib_var=`echo gen'_'getspnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgen $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo gen | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in getspnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7608: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7636: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + + +case "$LIBS" in + *-lsecurity*) for ac_func in getspnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7668: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7696: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for getspnam in -lsecurity""... $ac_c" 1>&6 +echo "configure:7721: checking for getspnam in -lsecurity" >&5 +ac_lib_var=`echo security'_'getspnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsecurity $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in getspnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7770: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7798: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + +case "$LIBS" in + *-lsec*) for ac_func in getspnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7829: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7857: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for getspnam in -lsec""... $ac_c" 1>&6 +echo "configure:7882: checking for getspnam in -lsec" >&5 +ac_lib_var=`echo sec'_'getspnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsec $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in getspnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7931: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:7959: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + + +case "$LIBS" in + *-lsecurity*) for ac_func in bigcrypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:7991: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8019: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for bigcrypt in -lsecurity""... $ac_c" 1>&6 +echo "configure:8044: checking for bigcrypt in -lsecurity" >&5 +ac_lib_var=`echo security'_'bigcrypt | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsecurity $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in bigcrypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8093: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8121: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + +case "$LIBS" in + *-lsec*) for ac_func in bigcrypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8152: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8180: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for bigcrypt in -lsec""... $ac_c" 1>&6 +echo "configure:8205: checking for bigcrypt in -lsec" >&5 +ac_lib_var=`echo sec'_'bigcrypt | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsec $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in bigcrypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8254: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8282: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + + +case "$LIBS" in + *-lsecurity*) for ac_func in getprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8314: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8342: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for getprpwnam in -lsecurity""... $ac_c" 1>&6 +echo "configure:8367: checking for getprpwnam in -lsecurity" >&5 +ac_lib_var=`echo security'_'getprpwnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsecurity $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo security | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in getprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8416: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8444: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + +case "$LIBS" in + *-lsec*) for ac_func in getprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8475: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8503: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + ;; + *) echo $ac_n "checking for getprpwnam in -lsec""... $ac_c" 1>&6 +echo "configure:8528: checking for getprpwnam in -lsec" >&5 +ac_lib_var=`echo sec'_'getprpwnam | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lsec $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo sec | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + for ac_func in getprpwnam +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:8577: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:8605: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + ;; + esac + + +# this bit needs to be modified for each OS that is suported by +# smbwrapper. You need to specify how to created a shared library and +# how to compile C code to produce PIC object files + +# these are the defaults, good for lots of systems +HOST_OS="$host_os" +LDSHFLAGS="-shared" +SHLD="\${CC}" +PICFLAG="" +PICSUFFIX="po" +POBAD_CC="#" +SHLIBEXT="so" +# Assume non-shared by default and override below +BLDSHARED="false" +echo $ac_n "checking ability to build shared libraries""... $ac_c" 1>&6 +echo "configure:8648: checking ability to build shared libraries" >&5 + +# and these are for particular systems +case "$host_os" in + *linux*) cat >> confdefs.h <<\EOF +#define LINUX 1 +EOF + + BLDSHARED="true" + LDSHFLAGS="-shared" + DYNEXP="-Wl,--export-dynamic" + PICFLAG="-fPIC" + cat >> confdefs.h <<\EOF +#define STAT_ST_BLOCKSIZE 512 +EOF + + ;; + *solaris*) + cat >> confdefs.h <<\EOF +#define SUNOS5 1 +EOF + + BLDSHARED="true" + LDSHFLAGS="-h \$@ -G" + if test "${ac_cv_prog_CC}" = "gcc"; then + PICFLAG="-fPIC" + else + PICFLAG="-KPIC" + POBAD_CC="" + PICSUFFIX="po.o" + fi + cat >> confdefs.h <<\EOF +#define STAT_ST_BLOCKSIZE 512 +EOF + + ;; + *sunos*) cat >> confdefs.h <<\EOF +#define SUNOS4 1 +EOF + + BLDSHARED="true" + LDSHFLAGS="-Wl,-h,\$@ -G" + PICFLAG="-KPIC" # Is this correct for SunOS + ;; + *bsd*) BLDSHARED="true" + LDSHFLAGS="-Wl,-soname,\$@ -shared" + PICFLAG="-fPIC" + cat >> confdefs.h <<\EOF +#define STAT_ST_BLOCKSIZE 512 +EOF + + ;; + *irix*) cat >> confdefs.h <<\EOF +#define IRIX 1 +EOF + + case "$host_os" in + *irix6*) cat >> confdefs.h <<\EOF +#define IRIX6 1 +EOF + + ;; + esac + ATTEMPT_WRAP32_BUILD=yes + BLDSHARED="true" + LDSHFLAGS="-soname \$@ -shared" + SHLD="\${LD}" + if test "${ac_cv_prog_CC}" = "gcc"; then + PICFLAG="-fPIC" + else + PICFLAG="-KPIC" + fi + cat >> confdefs.h <<\EOF +#define STAT_ST_BLOCKSIZE 512 +EOF + + ;; + *aix*) cat >> confdefs.h <<\EOF +#define AIX 1 +EOF + + BLDSHARED="true" + LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry" + PICFLAG="-O2 -qmaxmem=6000" + cat >> confdefs.h <<\EOF +#define STAT_ST_BLOCKSIZE DEV_BSIZE +EOF + + ;; + *hpux*) cat >> confdefs.h <<\EOF +#define HPUX 1 +EOF + + SHLIBEXT="sl" + # Use special PIC flags for the native HP-UX compiler. + if test $ac_cv_prog_cc_Ae = yes; then + SHLD="/usr/bin/ld" + BLDSHARED="true" + LDSHFLAGS="-B symbolic -b -z +h \$@" + PICFLAG="+z" + fi + DYNEXP="-Wl,-E" + cat >> confdefs.h <<\EOF +#define STAT_ST_BLOCKSIZE 8192 +EOF + + ;; + *qnx*) cat >> confdefs.h <<\EOF +#define QNX 1 +EOF +;; + *osf*) cat >> confdefs.h <<\EOF +#define OSF1 1 +EOF + + BLDSHARED="true" + LDSHFLAGS="-Wl,-soname,\$@ -shared" + PICFLAG="-fPIC" + ;; + *sco*) + cat >> confdefs.h <<\EOF +#define SCO 1 +EOF + + ;; + *unixware*) cat >> confdefs.h <<\EOF +#define UNIXWARE 1 +EOF + + BLDSHARED="true" + LDSHFLAGS="-Wl,-soname,\$@ -shared" + PICFLAG="-KPIC" + ;; + *next2*) cat >> confdefs.h <<\EOF +#define NEXT2 1 +EOF +;; + *dgux*) # Extract the first word of "groff", so it can be a program name with args. +set dummy groff; ac_word=$2 +echo $ac_n "checking for $ac_word""... $ac_c" 1>&6 +echo "configure:8788: checking for $ac_word" >&5 +if eval "test \"`echo '$''{'ac_cv_prog_ROFF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test -n "$ROFF"; then + ac_cv_prog_ROFF="$ROFF" # Let the user override the test. +else + IFS="${IFS= }"; ac_save_ifs="$IFS"; IFS=":" + ac_dummy="$PATH" + for ac_dir in $ac_dummy; do + test -z "$ac_dir" && ac_dir=. + if test -f $ac_dir/$ac_word; then + ac_cv_prog_ROFF="groff -etpsR -Tascii -man" + break + fi + done + IFS="$ac_save_ifs" +fi +fi +ROFF="$ac_cv_prog_ROFF" +if test -n "$ROFF"; then + echo "$ac_t""$ROFF" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi +;; + *sysv4*) + case "$host" in + *-univel-*) + if test "$GCC" != yes ; then + cat >> confdefs.h <<\EOF +#define HAVE_MEMSET 1 +EOF + + fi + LDSHFLAGS="-G" + DYNEXP="-Bexport" + ;; + *mips-sni-sysv4*) + cat >> confdefs.h <<\EOF +#define RELIANTUNIX 1 +EOF + + ;; + esac + ;; + + *sysv5*) + if test "$GCC" != yes ; then + cat >> confdefs.h <<\EOF +#define HAVE_MEMSET 1 +EOF + + fi + LDSHFLAGS="-G" + ;; +esac + +echo "$ac_t""$BLDSHARED" 1>&6 +echo $ac_n "checking linker flags for shared libraries""... $ac_c" 1>&6 +echo "configure:8848: checking linker flags for shared libraries" >&5 +echo "$ac_t""$LDSHFLAGS" 1>&6 +echo $ac_n "checking compiler flags for position-independent code""... $ac_c" 1>&6 +echo "configure:8851: checking compiler flags for position-independent code" >&5 +echo "$ac_t""$PICFLAGS" 1>&6 + +####################################################### +# test whether building a shared library actually works +if test $BLDSHARED = true; then +echo $ac_n "checking whether building shared libraries actually works""... $ac_c" 1>&6 +echo "configure:8858: checking whether building shared libraries actually works" >&5 +if eval "test \"`echo '$''{'ac_cv_shlib_works'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + ac_cv_shlib_works=no + # try building a trivial shared library + $CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.po ${srcdir-.}/tests/shlib.c && + $CC $CPPFLAGS $CFLAGS $LDSHFLAGS -o shlib.so shlib.po && + ac_cv_shlib_works=yes + rm -f shlib.so shlib.po + +fi + +echo "$ac_t""$ac_cv_shlib_works" 1>&6 +if test $ac_cv_shlib_works = no; then + BLDSHARED=false +fi +fi + + +# this updates our target list if we can build shared libs +if test $BLDSHARED = true; then + LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT +else + LIBSMBCLIENT_SHARED= +fi + +################ + +echo $ac_n "checking for long long""... $ac_c" 1>&6 +echo "configure:8889: checking for long long" >&5 +if eval "test \"`echo '$''{'samba_cv_have_longlong'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_have_longlong=cross +else + cat > conftest.$ac_ext < +main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); } +EOF +if { (eval echo configure:8903: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_have_longlong=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_have_longlong=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_have_longlong" 1>&6 +if test x"$samba_cv_have_longlong" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_LONGLONG 1 +EOF + +fi + +# +# Check if the compiler supports the LL prefix on long long integers. +# AIX needs this. + +echo $ac_n "checking for LL suffix on long long integers""... $ac_c" 1>&6 +echo "configure:8930: checking for LL suffix on long long integers" >&5 +if eval "test \"`echo '$''{'samba_cv_compiler_supports_ll'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +int main() { +long long i = 0x8000000000LL +; return 0; } +EOF +if { (eval echo configure:8943: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_compiler_supports_ll=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_compiler_supports_ll=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_compiler_supports_ll" 1>&6 +if test x"$samba_cv_compiler_supports_ll" = x"yes"; then + cat >> confdefs.h <<\EOF +#define COMPILER_SUPPORTS_LL 1 +EOF + +fi + + +echo $ac_n "checking for 64 bit off_t""... $ac_c" 1>&6 +echo "configure:8965: checking for 64 bit off_t" >&5 +if eval "test \"`echo '$''{'samba_cv_SIZEOF_OFF_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_SIZEOF_OFF_T=cross +else + cat > conftest.$ac_ext < +#include +main() { exit((sizeof(off_t) == 8) ? 0 : 1); } +EOF +if { (eval echo configure:8980: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_SIZEOF_OFF_T=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_SIZEOF_OFF_T=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_SIZEOF_OFF_T" 1>&6 +if test x"$samba_cv_SIZEOF_OFF_T" = x"yes"; then + cat >> confdefs.h <<\EOF +#define SIZEOF_OFF_T 8 +EOF + +fi + +echo $ac_n "checking for off64_t""... $ac_c" 1>&6 +echo "configure:9003: checking for off64_t" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_OFF64_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_OFF64_T=cross +else + cat > conftest.$ac_ext < +#endif +#include +#include +main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } +EOF +if { (eval echo configure:9022: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_OFF64_T=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_OFF64_T=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_OFF64_T" 1>&6 +if test x"$samba_cv_HAVE_OFF64_T" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_OFF64_T 1 +EOF + +fi + +echo $ac_n "checking for 64 bit ino_t""... $ac_c" 1>&6 +echo "configure:9045: checking for 64 bit ino_t" >&5 +if eval "test \"`echo '$''{'samba_cv_SIZEOF_INO_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_SIZEOF_INO_T=cross +else + cat > conftest.$ac_ext < +#include +main() { exit((sizeof(ino_t) == 8) ? 0 : 1); } +EOF +if { (eval echo configure:9060: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_SIZEOF_INO_T=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_SIZEOF_INO_T=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_SIZEOF_INO_T" 1>&6 +if test x"$samba_cv_SIZEOF_INO_T" = x"yes"; then + cat >> confdefs.h <<\EOF +#define SIZEOF_INO_T 8 +EOF + +fi + +echo $ac_n "checking for ino64_t""... $ac_c" 1>&6 +echo "configure:9083: checking for ino64_t" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_INO64_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_INO64_T=cross +else + cat > conftest.$ac_ext < +#endif +#include +#include +main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } +EOF +if { (eval echo configure:9102: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_INO64_T=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_INO64_T=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_INO64_T" 1>&6 +if test x"$samba_cv_HAVE_INO64_T" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_INO64_T 1 +EOF + +fi + +echo $ac_n "checking for dev64_t""... $ac_c" 1>&6 +echo "configure:9125: checking for dev64_t" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_DEV64_T'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_DEV64_T=cross +else + cat > conftest.$ac_ext < +#endif +#include +#include +main() { struct stat64 st; dev64_t s; if (sizeof(dev_t) == sizeof(dev64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); } +EOF +if { (eval echo configure:9144: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_DEV64_T=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_DEV64_T=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_DEV64_T" 1>&6 +if test x"$samba_cv_HAVE_DEV64_T" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_DEV64_T 1 +EOF + +fi + +echo $ac_n "checking for struct dirent64""... $ac_c" 1>&6 +echo "configure:9167: checking for struct dirent64" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_DIRENT64'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#endif +#include +#include +int main() { +struct dirent64 de; +; return 0; } +EOF +if { (eval echo configure:9185: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_STRUCT_DIRENT64=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_STRUCT_DIRENT64=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_STRUCT_DIRENT64" 1>&6 +if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_DIRENT64 1 +EOF + +fi + +echo $ac_n "checking for major macro""... $ac_c" 1>&6 +echo "configure:9206: checking for major macro" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MAJOR_FN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_DEVICE_MAJOR_FN=cross +else + cat > conftest.$ac_ext < +#endif +#include +main() { dev_t dev; int i = major(dev); return 0; } +EOF +if { (eval echo configure:9224: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_DEVICE_MAJOR_FN=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_DEVICE_MAJOR_FN=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_DEVICE_MAJOR_FN" 1>&6 +if test x"$samba_cv_HAVE_DEVICE_MAJOR_FN" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_DEVICE_MAJOR_FN 1 +EOF + +fi + +echo $ac_n "checking for minor macro""... $ac_c" 1>&6 +echo "configure:9247: checking for minor macro" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_DEVICE_MINOR_FN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_DEVICE_MINOR_FN=cross +else + cat > conftest.$ac_ext < +#endif +#include +main() { dev_t dev; int i = minor(dev); return 0; } +EOF +if { (eval echo configure:9265: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_DEVICE_MINOR_FN=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_DEVICE_MINOR_FN=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_DEVICE_MINOR_FN" 1>&6 +if test x"$samba_cv_HAVE_DEVICE_MINOR_FN" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_DEVICE_MINOR_FN 1 +EOF + +fi + +echo $ac_n "checking for unsigned char""... $ac_c" 1>&6 +echo "configure:9288: checking for unsigned char" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UNSIGNED_CHAR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_UNSIGNED_CHAR=cross +else + cat > conftest.$ac_ext < +main() { char c; c=250; exit((c > 0)?0:1); } +EOF +if { (eval echo configure:9302: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_UNSIGNED_CHAR=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_UNSIGNED_CHAR=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_UNSIGNED_CHAR" 1>&6 +if test x"$samba_cv_HAVE_UNSIGNED_CHAR" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UNSIGNED_CHAR 1 +EOF + +fi + +echo $ac_n "checking for sin_len in sock""... $ac_c" 1>&6 +echo "configure:9325: checking for sin_len in sock" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_SOCK_SIN_LEN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +#include +int main() { +struct sockaddr_in sock; sock.sin_len = sizeof(sock); +; return 0; } +EOF +if { (eval echo configure:9340: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_SOCK_SIN_LEN=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_SOCK_SIN_LEN=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_SOCK_SIN_LEN" 1>&6 +if test x"$samba_cv_HAVE_SOCK_SIN_LEN" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SOCK_SIN_LEN 1 +EOF + +fi + +echo $ac_n "checking whether seekdir returns void""... $ac_c" 1>&6 +echo "configure:9361: checking whether seekdir returns void" >&5 +if eval "test \"`echo '$''{'samba_cv_SEEKDIR_RETURNS_VOID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +void seekdir(DIR *d, long loc) { return; } +int main() { +return 0; +; return 0; } +EOF +if { (eval echo configure:9376: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_SEEKDIR_RETURNS_VOID=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_SEEKDIR_RETURNS_VOID=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_SEEKDIR_RETURNS_VOID" 1>&6 +if test x"$samba_cv_SEEKDIR_RETURNS_VOID" = x"yes"; then + cat >> confdefs.h <<\EOF +#define SEEKDIR_RETURNS_VOID 1 +EOF + +fi + +echo $ac_n "checking for __FILE__ macro""... $ac_c" 1>&6 +echo "configure:9397: checking for __FILE__ macro" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_FILE_MACRO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +int main() { +printf("%s\n", __FILE__); +; return 0; } +EOF +if { (eval echo configure:9410: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_FILE_MACRO=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_FILE_MACRO=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_FILE_MACRO" 1>&6 +if test x"$samba_cv_HAVE_FILE_MACRO" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_FILE_MACRO 1 +EOF + +fi + +echo $ac_n "checking for __FUNCTION__ macro""... $ac_c" 1>&6 +echo "configure:9431: checking for __FUNCTION__ macro" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_FUNCTION_MACRO'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +int main() { +printf("%s\n", __FUNCTION__); +; return 0; } +EOF +if { (eval echo configure:9444: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_FUNCTION_MACRO=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_FUNCTION_MACRO=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_FUNCTION_MACRO" 1>&6 +if test x"$samba_cv_HAVE_FUNCTION_MACRO" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_FUNCTION_MACRO 1 +EOF + +fi + +echo $ac_n "checking if gettimeofday takes tz argument""... $ac_c" 1>&6 +echo "configure:9465: checking if gettimeofday takes tz argument" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_GETTIMEOFDAY_TZ'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_GETTIMEOFDAY_TZ=cross +else + cat > conftest.$ac_ext < +#include +main() { struct timeval tv; exit(gettimeofday(&tv, NULL));} +EOF +if { (eval echo configure:9481: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_GETTIMEOFDAY_TZ=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_GETTIMEOFDAY_TZ=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_GETTIMEOFDAY_TZ" 1>&6 +if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_GETTIMEOFDAY_TZ 1 +EOF + +fi + +echo $ac_n "checking for C99 vsnprintf""... $ac_c" 1>&6 +echo "configure:9504: checking for C99 vsnprintf" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_C99_VSNPRINTF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_C99_VSNPRINTF=cross +else + cat > conftest.$ac_ext < +#include +void foo(const char *format, ...) { + va_list ap; + int len; + char buf[5]; + + va_start(ap, format); + len = vsnprintf(buf, 0, format, ap); + va_end(ap); + if (len != 5) exit(1); + + va_start(ap, format); + len = vsnprintf(0, 0, format, ap); + va_end(ap); + if (len != 5) exit(1); + + if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1); + + exit(0); +} +main() { foo("hello"); } + +EOF +if { (eval echo configure:9540: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_C99_VSNPRINTF=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_C99_VSNPRINTF=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_C99_VSNPRINTF" 1>&6 +if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_C99_VSNPRINTF 1 +EOF + +fi + +echo $ac_n "checking for broken readdir""... $ac_c" 1>&6 +echo "configure:9563: checking for broken readdir" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_READDIR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_BROKEN_READDIR=cross +else + cat > conftest.$ac_ext < +#include +main() { struct dirent *di; DIR *d = opendir("."); di = readdir(d); +if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 && +di->d_name[0] == 0) exit(0); exit(1);} +EOF +if { (eval echo configure:9580: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_BROKEN_READDIR=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_BROKEN_READDIR=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_BROKEN_READDIR" 1>&6 +if test x"$samba_cv_HAVE_BROKEN_READDIR" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_BROKEN_READDIR 1 +EOF + +fi + +echo $ac_n "checking for utimbuf""... $ac_c" 1>&6 +echo "configure:9603: checking for utimbuf" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UTIMBUF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utimbuf tbuf; tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf)); +; return 0; } +EOF +if { (eval echo configure:9617: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UTIMBUF=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UTIMBUF=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UTIMBUF" 1>&6 +if test x"$samba_cv_HAVE_UTIMBUF" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UTIMBUF 1 +EOF + +fi + + +for ac_func in pututline pututxline updwtmp updwtmpx getutmpx +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:9641: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:9669: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + + +echo $ac_n "checking for ut_name in utmp""... $ac_c" 1>&6 +echo "configure:9695: checking for ut_name in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_NAME'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_name[0] = 'a'; +; return 0; } +EOF +if { (eval echo configure:9709: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_NAME=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_NAME=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_NAME" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_NAME" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_NAME 1 +EOF + +fi + +echo $ac_n "checking for ut_user in utmp""... $ac_c" 1>&6 +echo "configure:9730: checking for ut_user in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_USER'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_user[0] = 'a'; +; return 0; } +EOF +if { (eval echo configure:9744: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_USER=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_USER=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_USER" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_USER" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_USER 1 +EOF + +fi + +echo $ac_n "checking for ut_id in utmp""... $ac_c" 1>&6 +echo "configure:9765: checking for ut_id in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_id[0] = 'a'; +; return 0; } +EOF +if { (eval echo configure:9779: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_ID=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_ID=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_ID" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_ID" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_ID 1 +EOF + +fi + +echo $ac_n "checking for ut_host in utmp""... $ac_c" 1>&6 +echo "configure:9800: checking for ut_host in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_HOST'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_host[0] = 'a'; +; return 0; } +EOF +if { (eval echo configure:9814: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_HOST=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_HOST=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_HOST" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_HOST" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_HOST 1 +EOF + +fi + +echo $ac_n "checking for ut_time in utmp""... $ac_c" 1>&6 +echo "configure:9835: checking for ut_time in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TIME'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; time_t t; ut.ut_time = t; +; return 0; } +EOF +if { (eval echo configure:9849: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_TIME=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_TIME=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_TIME" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_TIME" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_TIME 1 +EOF + +fi + +echo $ac_n "checking for ut_tv in utmp""... $ac_c" 1>&6 +echo "configure:9870: checking for ut_tv in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TV'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; struct timeval tv; ut.ut_tv = tv; +; return 0; } +EOF +if { (eval echo configure:9884: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_TV=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_TV=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_TV" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_TV" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_TV 1 +EOF + +fi + +echo $ac_n "checking for ut_type in utmp""... $ac_c" 1>&6 +echo "configure:9905: checking for ut_type in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_TYPE'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_type = 0; +; return 0; } +EOF +if { (eval echo configure:9919: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_TYPE=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_TYPE=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_TYPE" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_TYPE" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_TYPE 1 +EOF + +fi + +echo $ac_n "checking for ut_pid in utmp""... $ac_c" 1>&6 +echo "configure:9940: checking for ut_pid in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_PID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_pid = 0; +; return 0; } +EOF +if { (eval echo configure:9954: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_PID=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_PID=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_PID" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_PID" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_PID 1 +EOF + +fi + +echo $ac_n "checking for ut_exit in utmp""... $ac_c" 1>&6 +echo "configure:9975: checking for ut_exit in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_EXIT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_exit.e_exit = 0; +; return 0; } +EOF +if { (eval echo configure:9989: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_EXIT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_EXIT=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_EXIT" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_EXIT" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_EXIT 1 +EOF + +fi + +echo $ac_n "checking for ut_addr in utmp""... $ac_c" 1>&6 +echo "configure:10010: checking for ut_addr in utmp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UT_UT_ADDR'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmp ut; ut.ut_addr = 0; +; return 0; } +EOF +if { (eval echo configure:10024: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UT_UT_ADDR=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UT_UT_ADDR=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UT_UT_ADDR" 1>&6 +if test x"$samba_cv_HAVE_UT_UT_ADDR" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UT_UT_ADDR 1 +EOF + +fi + +if test x$ac_cv_func_pututline = xyes ; then + echo $ac_n "checking whether pututline returns pointer""... $ac_c" 1>&6 +echo "configure:10046: checking whether pututline returns pointer" >&5 +if eval "test \"`echo '$''{'samba_cv_PUTUTLINE_RETURNS_UTMP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#include +int main() { +struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg); +; return 0; } +EOF +if { (eval echo configure:10060: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_PUTUTLINE_RETURNS_UTMP=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_PUTUTLINE_RETURNS_UTMP=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_PUTUTLINE_RETURNS_UTMP" 1>&6 + if test x"$samba_cv_PUTUTLINE_RETURNS_UTMP" = x"yes"; then + cat >> confdefs.h <<\EOF +#define PUTUTLINE_RETURNS_UTMP 1 +EOF + + fi +fi + +echo $ac_n "checking for ut_syslen in utmpx""... $ac_c" 1>&6 +echo "configure:10082: checking for ut_syslen in utmpx" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UX_UT_SYSLEN'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +struct utmpx ux; ux.ut_syslen = 0; +; return 0; } +EOF +if { (eval echo configure:10096: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UX_UT_SYSLEN=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UX_UT_SYSLEN=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UX_UT_SYSLEN" 1>&6 +if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UX_UT_SYSLEN 1 +EOF + +fi + + +################################################# +# check for libiconv support +echo $ac_n "checking whether to use libiconv""... $ac_c" 1>&6 +echo "configure:10120: checking whether to use libiconv" >&5 +# Check whether --with-libiconv or --without-libiconv was given. +if test "${with_libiconv+set}" = set; then + withval="$with_libiconv" + case "$withval" in + no) + echo "$ac_t""no" 1>&6 + ;; + *) + echo "$ac_t""yes" 1>&6 + CFLAGS="$CFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + echo $ac_n "checking for iconv_open in -liconv""... $ac_c" 1>&6 +echo "configure:10133: checking for iconv_open in -liconv" >&5 +ac_lib_var=`echo iconv'_'iconv_open | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-liconv $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo iconv | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + cat >> confdefs.h <&6 + +fi + + + +############ +# check for iconv in libc +echo $ac_n "checking for working iconv""... $ac_c" 1>&6 +echo "configure:10195: checking for working iconv" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_NATIVE_ICONV'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_NATIVE_ICONV=cross +else + cat > conftest.$ac_ext < +main() { + iconv_t cd = iconv_open("ASCII", "UCS-2LE"); + if (cd == 0 || cd == (iconv_t)-1) return -1; + return 0; +} + +EOF +if { (eval echo configure:10215: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_NATIVE_ICONV=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_NATIVE_ICONV=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_NATIVE_ICONV" 1>&6 +if test x"$samba_cv_HAVE_NATIVE_ICONV" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_NATIVE_ICONV 1 +EOF + +fi + + +echo $ac_n "checking for Linux kernel oplocks""... $ac_c" 1>&6 +echo "configure:10239: checking for Linux kernel oplocks" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_LINUX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross +else + cat > conftest.$ac_ext < +#include +#ifndef F_GETLEASE +#define F_GETLEASE 1025 +#endif +main() { + int fd = open("/dev/null", O_RDONLY); + return fcntl(fd, F_GETLEASE, 0) == -1; +} + +EOF +if { (eval echo configure:10262: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" 1>&6 +if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_KERNEL_OPLOCKS_LINUX 1 +EOF + +fi + +echo $ac_n "checking for kernel change notify support""... $ac_c" 1>&6 +echo "configure:10285: checking for kernel change notify support" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_CHANGE_NOTIFY'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross +else + cat > conftest.$ac_ext < +#include +#include +#ifndef F_NOTIFY +#define F_NOTIFY 1026 +#endif +main() { + exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ? 1 : 0); +} + +EOF +if { (eval echo configure:10308: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_KERNEL_CHANGE_NOTIFY" 1>&6 +if test x"$samba_cv_HAVE_KERNEL_CHANGE_NOTIFY" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_KERNEL_CHANGE_NOTIFY 1 +EOF + +fi + +echo $ac_n "checking for kernel share modes""... $ac_c" 1>&6 +echo "configure:10331: checking for kernel share modes" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_SHARE_MODES'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_KERNEL_SHARE_MODES=cross +else + cat > conftest.$ac_ext < +#include +#include +#include +#ifndef LOCK_MAND +#define LOCK_MAND 32 +#define LOCK_READ 64 +#endif +main() { + exit(flock(open("/dev/null", O_RDWR), LOCK_MAND|LOCK_READ) != 0); +} + +EOF +if { (eval echo configure:10356: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_KERNEL_SHARE_MODES=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_KERNEL_SHARE_MODES=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_KERNEL_SHARE_MODES" 1>&6 +if test x"$samba_cv_HAVE_KERNEL_SHARE_MODES" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_KERNEL_SHARE_MODES 1 +EOF + +fi + + + + +echo $ac_n "checking for IRIX kernel oplock type definitions""... $ac_c" 1>&6 +echo "configure:10382: checking for IRIX kernel oplock type definitions" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_KERNEL_OPLOCKS_IRIX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +int main() { +oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1; +; return 0; } +EOF +if { (eval echo configure:10396: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_KERNEL_OPLOCKS_IRIX" 1>&6 +if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_IRIX" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_KERNEL_OPLOCKS_IRIX 1 +EOF + +fi + +echo $ac_n "checking for irix specific capabilities""... $ac_c" 1>&6 +echo "configure:10417: checking for irix specific capabilities" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross +else + cat > conftest.$ac_ext < +#include +main() { + cap_t cap; + if ((cap = cap_get_proc()) == NULL) + exit(1); + cap->cap_effective |= CAP_NETWORK_MGT; + cap->cap_inheritable |= CAP_NETWORK_MGT; + cap_set_proc(cap); + exit(0); +} + +EOF +if { (eval echo configure:10441: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" 1>&6 +if test x"$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_IRIX_SPECIFIC_CAPABILITIES 1 +EOF + +fi + +# +# Check for int16, uint16, int32 and uint32 in rpc/types.h included from rpc/rpc.h +# This is *really* broken but some systems (DEC OSF1) do this.... JRA. +# + +echo $ac_n "checking for int16 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +echo "configure:10469: checking for int16 typedef included by rpc/rpc.h" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_INT16_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#if defined(HAVE_RPC_RPC_H) +#include +#endif +int main() { +int16 testvar; +; return 0; } +EOF +if { (eval echo configure:10485: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_INT16_FROM_RPC_RPC_H=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_INT16_FROM_RPC_RPC_H" 1>&6 +if test x"$samba_cv_HAVE_INT16_FROM_RPC_RPC_H" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_INT16_FROM_RPC_RPC_H 1 +EOF + +fi + +echo $ac_n "checking for uint16 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +echo "configure:10506: checking for uint16 typedef included by rpc/rpc.h" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UINT16_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#if defined(HAVE_RPC_RPC_H) +#include +#endif +int main() { +uint16 testvar; +; return 0; } +EOF +if { (eval echo configure:10522: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UINT16_FROM_RPC_RPC_H" 1>&6 +if test x"$samba_cv_HAVE_UINT16_FROM_RPC_RPC_H" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UINT16_FROM_RPC_RPC_H 1 +EOF + +fi + +echo $ac_n "checking for int32 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +echo "configure:10543: checking for int32 typedef included by rpc/rpc.h" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_INT32_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#if defined(HAVE_RPC_RPC_H) +#include +#endif +int main() { +int32 testvar; +; return 0; } +EOF +if { (eval echo configure:10559: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_INT32_FROM_RPC_RPC_H=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_INT32_FROM_RPC_RPC_H" 1>&6 +if test x"$samba_cv_HAVE_INT32_FROM_RPC_RPC_H" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_INT32_FROM_RPC_RPC_H 1 +EOF + +fi + +echo $ac_n "checking for uint32 typedef included by rpc/rpc.h""... $ac_c" 1>&6 +echo "configure:10580: checking for uint32 typedef included by rpc/rpc.h" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_UINT32_FROM_RPC_RPC_H'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#if defined(HAVE_RPC_RPC_H) +#include +#endif +int main() { +uint32 testvar; +; return 0; } +EOF +if { (eval echo configure:10596: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_UINT32_FROM_RPC_RPC_H" 1>&6 +if test x"$samba_cv_HAVE_UINT32_FROM_RPC_RPC_H" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_UINT32_FROM_RPC_RPC_H 1 +EOF + +fi + + +echo $ac_n "checking for conflicting AUTH_ERROR define in rpc/rpc.h""... $ac_c" 1>&6 +echo "configure:10618: checking for conflicting AUTH_ERROR define in rpc/rpc.h" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#ifdef HAVE_SYS_SECURITY_H +#include +#include +#endif /* HAVE_SYS_SECURITY_H */ +#if defined(HAVE_RPC_RPC_H) +#include +#endif +int main() { +int testvar; +; return 0; } +EOF +if { (eval echo configure:10638: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=yes +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT" 1>&6 +if test x"$samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_RPC_AUTH_ERROR_CONFLICT 1 +EOF + +fi + +echo $ac_n "checking for test routines""... $ac_c" 1>&6 +echo "configure:10659: checking for test routines" >&5 +if test "$cross_compiling" = yes; then + echo "configure: warning: cannot run when cross-compiling" 1>&2 +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + echo "$ac_t""yes" 1>&6 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + { echo "configure: error: cant find test code. Aborting config" 1>&2; exit 1; } +fi +rm -fr conftest* +fi + + +echo $ac_n "checking for ftruncate extend""... $ac_c" 1>&6 +echo "configure:10682: checking for ftruncate extend" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_FTRUNCATE_EXTEND'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_FTRUNCATE_EXTEND=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_FTRUNCATE_EXTEND=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_FTRUNCATE_EXTEND=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_FTRUNCATE_EXTEND" 1>&6 +if test x"$samba_cv_HAVE_FTRUNCATE_EXTEND" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_FTRUNCATE_EXTEND 1 +EOF + +fi + +echo $ac_n "checking for AF_LOCAL socket support""... $ac_c" 1>&6 +echo "configure:10718: checking for AF_LOCAL socket support" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_WORKING_AF_LOCAL'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_WORKING_AF_LOCAL=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_WORKING_AF_LOCAL=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_WORKING_AF_LOCAL=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_WORKING_AF_LOCAL" 1>&6 +if test x"$samba_cv_HAVE_WORKING_AF_LOCAL" != xno +then + cat >> confdefs.h <<\EOF +#define HAVE_WORKING_AF_LOCAL 1 +EOF + +fi + +echo $ac_n "checking for broken getgroups""... $ac_c" 1>&6 +echo "configure:10755: checking for broken getgroups" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_GETGROUPS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_BROKEN_GETGROUPS=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_BROKEN_GETGROUPS=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_BROKEN_GETGROUPS=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_BROKEN_GETGROUPS" 1>&6 +if test x"$samba_cv_HAVE_BROKEN_GETGROUPS" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_BROKEN_GETGROUPS 1 +EOF + +fi + +echo $ac_n "checking whether getpass should be replaced""... $ac_c" 1>&6 +echo "configure:10791: checking whether getpass should be replaced" >&5 +if eval "test \"`echo '$''{'samba_cv_REPLACE_GETPASS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +SAVE_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper" +cat > conftest.$ac_ext <&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_REPLACE_GETPASS=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_REPLACE_GETPASS=no +fi +rm -f conftest* +CPPFLAGS="$SAVE_CPPFLAGS" + +fi + +echo "$ac_t""$samba_cv_REPLACE_GETPASS" 1>&6 +if test x"$samba_cv_REPLACE_GETPASS" = x"yes"; then + cat >> confdefs.h <<\EOF +#define REPLACE_GETPASS 1 +EOF + +fi + +echo $ac_n "checking for broken inet_ntoa""... $ac_c" 1>&6 +echo "configure:10835: checking for broken inet_ntoa" >&5 +if eval "test \"`echo '$''{'samba_cv_REPLACE_INET_NTOA'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_REPLACE_INET_NTOA=cross +else + cat > conftest.$ac_ext < +#include +#include +#ifdef HAVE_ARPA_INET_H +#include +#endif +main() { struct in_addr ip; ip.s_addr = 0x12345678; +if (strcmp(inet_ntoa(ip),"18.52.86.120") && + strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } +exit(1);} +EOF +if { (eval echo configure:10858: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_REPLACE_INET_NTOA=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_REPLACE_INET_NTOA=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_REPLACE_INET_NTOA" 1>&6 +if test x"$samba_cv_REPLACE_INET_NTOA" = x"yes"; then + cat >> confdefs.h <<\EOF +#define REPLACE_INET_NTOA 1 +EOF + +fi + +echo $ac_n "checking for secure mkstemp""... $ac_c" 1>&6 +echo "configure:10881: checking for secure mkstemp" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_SECURE_MKSTEMP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_SECURE_MKSTEMP=cross +else + cat > conftest.$ac_ext < +#include +#include +#include +main() { + struct stat st; + char tpl[20]="/tmp/test.XXXXXX"; + int fd = mkstemp(tpl); + if (fd == -1) exit(1); + unlink(tpl); + if (fstat(fd, &st) != 0) exit(1); + if ((st.st_mode & 0777) != 0600) exit(1); + exit(0); +} +EOF +if { (eval echo configure:10907: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_SECURE_MKSTEMP=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_SECURE_MKSTEMP=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_SECURE_MKSTEMP" 1>&6 +if test x"$samba_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_SECURE_MKSTEMP 1 +EOF + +fi + +echo $ac_n "checking for sysconf(_SC_NGROUPS_MAX)""... $ac_c" 1>&6 +echo "configure:10930: checking for sysconf(_SC_NGROUPS_MAX)" >&5 +if eval "test \"`echo '$''{'samba_cv_SYSCONF_SC_NGROUPS_MAX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_SYSCONF_SC_NGROUPS_MAX=cross +else + cat > conftest.$ac_ext < +main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); } +EOF +if { (eval echo configure:10944: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_SYSCONF_SC_NGROUPS_MAX=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_SYSCONF_SC_NGROUPS_MAX=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_SYSCONF_SC_NGROUPS_MAX" 1>&6 +if test x"$samba_cv_SYSCONF_SC_NGROUPS_MAX" = x"yes"; then + cat >> confdefs.h <<\EOF +#define SYSCONF_SC_NGROUPS_MAX 1 +EOF + +fi + +echo $ac_n "checking for root""... $ac_c" 1>&6 +echo "configure:10967: checking for root" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_ROOT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_ROOT=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_ROOT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_ROOT=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_ROOT" 1>&6 +if test x"$samba_cv_HAVE_ROOT" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_ROOT 1 +EOF + +else + echo "configure: warning: running as non-root will disable some tests" 1>&2 +fi + +################## +# look for a method of finding the list of network interfaces +iface=no; +echo $ac_n "checking for iface AIX""... $ac_c" 1>&6 +echo "configure:11008: checking for iface AIX" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_AIX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_IFACE_AIX=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_IFACE_AIX=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_IFACE_AIX=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_IFACE_AIX" 1>&6 +if test x"$samba_cv_HAVE_IFACE_AIX" = x"yes"; then + iface=yes;cat >> confdefs.h <<\EOF +#define HAVE_IFACE_AIX 1 +EOF + +fi + +if test $iface = no; then +echo $ac_n "checking for iface ifconf""... $ac_c" 1>&6 +echo "configure:11049: checking for iface ifconf" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFCONF'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_IFACE_IFCONF=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_IFACE_IFCONF=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_IFACE_IFCONF=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_IFACE_IFCONF" 1>&6 +if test x"$samba_cv_HAVE_IFACE_IFCONF" = x"yes"; then + iface=yes;cat >> confdefs.h <<\EOF +#define HAVE_IFACE_IFCONF 1 +EOF + +fi +fi + +if test $iface = no; then +echo $ac_n "checking for iface ifreq""... $ac_c" 1>&6 +echo "configure:11091: checking for iface ifreq" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_IFACE_IFREQ'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_IFACE_IFREQ=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_IFACE_IFREQ=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_IFACE_IFREQ=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_IFACE_IFREQ" 1>&6 +if test x"$samba_cv_HAVE_IFACE_IFREQ" = x"yes"; then + iface=yes;cat >> confdefs.h <<\EOF +#define HAVE_IFACE_IFREQ 1 +EOF + +fi +fi + + +################################################ +# look for a method of setting the effective uid +seteuid=no; +if test $seteuid = no; then +echo $ac_n "checking for setresuid""... $ac_c" 1>&6 +echo "configure:11137: checking for setresuid" >&5 +if eval "test \"`echo '$''{'samba_cv_USE_SETRESUID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_USE_SETRESUID=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_USE_SETRESUID=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_USE_SETRESUID=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_USE_SETRESUID" 1>&6 +if test x"$samba_cv_USE_SETRESUID" = x"yes"; then + seteuid=yes;cat >> confdefs.h <<\EOF +#define USE_SETRESUID 1 +EOF + +fi +fi + + +if test $seteuid = no; then +echo $ac_n "checking for setreuid""... $ac_c" 1>&6 +echo "configure:11180: checking for setreuid" >&5 +if eval "test \"`echo '$''{'samba_cv_USE_SETREUID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_USE_SETREUID=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_USE_SETREUID=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_USE_SETREUID=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_USE_SETREUID" 1>&6 +if test x"$samba_cv_USE_SETREUID" = x"yes"; then + seteuid=yes;cat >> confdefs.h <<\EOF +#define USE_SETREUID 1 +EOF + +fi +fi + +if test $seteuid = no; then +echo $ac_n "checking for seteuid""... $ac_c" 1>&6 +echo "configure:11222: checking for seteuid" >&5 +if eval "test \"`echo '$''{'samba_cv_USE_SETEUID'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_USE_SETEUID=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_USE_SETEUID=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_USE_SETEUID=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_USE_SETEUID" 1>&6 +if test x"$samba_cv_USE_SETEUID" = x"yes"; then + seteuid=yes;cat >> confdefs.h <<\EOF +#define USE_SETEUID 1 +EOF + +fi +fi + +if test $seteuid = no; then +echo $ac_n "checking for setuidx""... $ac_c" 1>&6 +echo "configure:11264: checking for setuidx" >&5 +if eval "test \"`echo '$''{'samba_cv_USE_SETUIDX'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_USE_SETUIDX=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_USE_SETUIDX=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_USE_SETUIDX=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_USE_SETUIDX" 1>&6 +if test x"$samba_cv_USE_SETUIDX" = x"yes"; then + seteuid=yes;cat >> confdefs.h <<\EOF +#define USE_SETUIDX 1 +EOF + +fi +fi + + +echo $ac_n "checking for working mmap""... $ac_c" 1>&6 +echo "configure:11306: checking for working mmap" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_MMAP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_MMAP=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_MMAP=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_MMAP=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_MMAP" 1>&6 +if test x"$samba_cv_HAVE_MMAP" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_MMAP 1 +EOF + +fi + +echo $ac_n "checking for ftruncate needs root""... $ac_c" 1>&6 +echo "configure:11342: checking for ftruncate needs root" >&5 +if eval "test \"`echo '$''{'samba_cv_FTRUNCATE_NEEDS_ROOT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_FTRUNCATE_NEEDS_ROOT=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_FTRUNCATE_NEEDS_ROOT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_FTRUNCATE_NEEDS_ROOT=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_FTRUNCATE_NEEDS_ROOT" 1>&6 +if test x"$samba_cv_FTRUNCATE_NEEDS_ROOT" = x"yes"; then + cat >> confdefs.h <<\EOF +#define FTRUNCATE_NEEDS_ROOT 1 +EOF + +fi + +echo $ac_n "checking for fcntl locking""... $ac_c" 1>&6 +echo "configure:11378: checking for fcntl locking" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_FCNTL_LOCK'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_FCNTL_LOCK=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_FCNTL_LOCK=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_FCNTL_LOCK=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_FCNTL_LOCK" 1>&6 +if test x"$samba_cv_HAVE_FCNTL_LOCK" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_FCNTL_LOCK 1 +EOF + +fi + +echo $ac_n "checking for broken (glibc2.1/x86) 64 bit fcntl locking""... $ac_c" 1>&6 +echo "configure:11414: checking for broken (glibc2.1/x86) 64 bit fcntl locking" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_BROKEN_FCNTL64_LOCKS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_BROKEN_FCNTL64_LOCKS" 1>&6 +if test x"$samba_cv_HAVE_BROKEN_FCNTL64_LOCKS" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_BROKEN_FCNTL64_LOCKS 1 +EOF + + +else + + + echo $ac_n "checking for 64 bit fcntl locking""... $ac_c" 1>&6 +echo "configure:11452: checking for 64 bit fcntl locking" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_STRUCT_FLOCK64'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + if test "$cross_compiling" = yes; then + samba_cv_HAVE_STRUCT_FLOCK64=cross +else + cat > conftest.$ac_ext < +#endif +#include +#include + +#ifdef HAVE_FCNTL_H +#include +#endif + +#ifdef HAVE_SYS_FCNTL_H +#include +#endif +main() { struct flock64 fl64; +#if defined(F_SETLKW64) && defined(F_SETLK64) && defined(F_GETLK64) +exit(0); +#else +exit(1); +#endif +} +EOF +if { (eval echo configure:11485: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_STRUCT_FLOCK64=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_STRUCT_FLOCK64=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_STRUCT_FLOCK64" 1>&6 + + if test x"$samba_cv_HAVE_STRUCT_FLOCK64" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_STRUCT_FLOCK64 1 +EOF + + fi +fi + +echo $ac_n "checking for st_blocks in struct stat""... $ac_c" 1>&6 +echo "configure:11510: checking for st_blocks in struct stat" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_STAT_ST_BLOCKS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#include +#include +int main() { +struct stat st; st.st_blocks = 0; +; return 0; } +EOF +if { (eval echo configure:11525: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_STAT_ST_BLOCKS=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_STAT_ST_BLOCKS=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_STAT_ST_BLOCKS" 1>&6 +if test x"$samba_cv_HAVE_STAT_ST_BLOCKS" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_STAT_ST_BLOCKS 1 +EOF + +fi + +case "$host_os" in +*linux*) +echo $ac_n "checking for broken RedHat 7.2 system header files""... $ac_c" 1>&6 +echo "configure:11548: checking for broken RedHat 7.2 system header files" >&5 +if eval "test \"`echo '$''{'samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_CAPABILITY_H +#include +#endif + +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:11568: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=yes +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" 1>&6 +if test x"$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" = x"yes"; then + cat >> confdefs.h <<\EOF +#define BROKEN_REDHAT_7_SYSTEM_HEADERS 1 +EOF + +fi +;; +esac + +echo $ac_n "checking for broken nisplus include files""... $ac_c" 1>&6 +echo "configure:11591: checking for broken nisplus include files" >&5 +if eval "test \"`echo '$''{'samba_cv_BROKEN_NISPLUS_INCLUDE_FILES'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +cat > conftest.$ac_ext < +#if defined(HAVE_RPCSVC_NIS_H) +#include +#endif +int main() { +int i; +; return 0; } +EOF +if { (eval echo configure:11607: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=yes +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_BROKEN_NISPLUS_INCLUDE_FILES" 1>&6 +if test x"$samba_cv_BROKEN_NISPLUS_INCLUDE_FILES" = x"yes"; then + cat >> confdefs.h <<\EOF +#define BROKEN_NISPLUS_INCLUDE_FILES 1 +EOF + +fi + + +################################################# +# check for smbwrapper support +echo $ac_n "checking whether to use smbwrapper""... $ac_c" 1>&6 +echo "configure:11631: checking whether to use smbwrapper" >&5 +# Check whether --with-smbwrapper or --without-smbwrapper was given. +if test "${with_smbwrapper+set}" = set; then + withval="$with_smbwrapper" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_SMBWRAPPER 1 +EOF + + WRAP="bin/smbsh bin/smbwrapper.$SHLIBEXT" + + if test x$ATTEMPT_WRAP32_BUILD = x; then + WRAP32="" + else + WRAP32=bin/smbwrapper.32.$SHLIBEXT + fi + +# Conditions under which smbwrapper should not be built. + + if test x$PICFLAG = x; then + echo No support for PIC code - disabling smbwrapper and smbsh + WRAP="" + WRAP32="" + elif test x$ac_cv_func_syscall = xno; then + echo "$ac_t""No syscall() -- disabling smbwrapper and smbsh" 1>&6 + WRAP="" + WRAP32="" + fi + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for AFS clear-text auth support +echo $ac_n "checking whether to use AFS clear-text auth""... $ac_c" 1>&6 +echo "configure:11675: checking whether to use AFS clear-text auth" >&5 +# Check whether --with-afs or --without-afs was given. +if test "${with_afs+set}" = set; then + withval="$with_afs" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_AFS 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + + +################################################# +# check for the DFS clear-text auth system +echo $ac_n "checking whether to use DFS clear-text auth""... $ac_c" 1>&6 +echo "configure:11701: checking whether to use DFS clear-text auth" >&5 +# Check whether --with-dfs or --without-dfs was given. +if test "${with_dfs+set}" = set; then + withval="$with_dfs" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_DFS 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + + +################################################# +# see if this box has the RedHat location for kerberos +echo $ac_n "checking for /usr/kerberos""... $ac_c" 1>&6 +echo "configure:11727: checking for /usr/kerberos" >&5 +if test -d /usr/kerberos; then + LDFLAGS="$LDFLAGS -L/usr/kerberos/lib" + CFLAGS="$CFLAGS -I/usr/kerberos/include" + CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include" + echo "$ac_t""yes" 1>&6 +else + echo "$ac_t""no" 1>&6 +fi + +################################################# +# check for location of Kerberos 5 install +echo $ac_n "checking for kerberos 5 install path""... $ac_c" 1>&6 +echo "configure:11740: checking for kerberos 5 install path" >&5 +# Check whether --with-krb5 or --without-krb5 was given. +if test "${with_krb5+set}" = set; then + withval="$with_krb5" + case "$withval" in + no) + echo "$ac_t""no" 1>&6 + ;; + *) + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lkrb5" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +# now check for krb5.h. Some systems have the libraries without the headers! +# note that this check is done here to allow for different kerberos +# include paths +for ac_hdr in krb5.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:11769: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:11779: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +# now check for gssapi headers. This is also done here to allow for +# different kerberos include paths +for ac_hdr in gssapi/gssapi_generic.h gssapi/gssapi.h +do +ac_safe=`echo "$ac_hdr" | sed 'y%./+-%__p_%'` +echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6 +echo "configure:11812: checking for $ac_hdr" >&5 +if eval "test \"`echo '$''{'ac_cv_header_$ac_safe'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +EOF +ac_try="$ac_cpp conftest.$ac_ext >/dev/null 2>conftest.out" +{ (eval echo configure:11822: \"$ac_try\") 1>&5; (eval $ac_try) 2>&5; } +ac_err=`grep -v '^ *+' conftest.out | grep -v "^conftest.${ac_ext}\$"` +if test -z "$ac_err"; then + rm -rf conftest* + eval "ac_cv_header_$ac_safe=yes" +else + echo "$ac_err" >&5 + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_header_$ac_safe=no" +fi +rm -f conftest* +fi +if eval "test \"`echo '$ac_cv_header_'$ac_safe`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_hdr=HAVE_`echo $ac_hdr | sed 'y%abcdefghijklmnopqrstuvwxyz./-%ABCDEFGHIJKLMNOPQRSTUVWXYZ___%'` + cat >> confdefs.h <&6 +fi +done + + +################################################################## +# we might need the k5crypto and com_err libraries on some systems +echo $ac_n "checking for _et_list in -lcom_err""... $ac_c" 1>&6 +echo "configure:11852: checking for _et_list in -lcom_err" >&5 +ac_lib_var=`echo com_err'_'_et_list | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcom_err $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lcom_err" +else + echo "$ac_t""no" 1>&6 +fi + +echo $ac_n "checking for krb5_encrypt_data in -lk5crypto""... $ac_c" 1>&6 +echo "configure:11892: checking for krb5_encrypt_data in -lk5crypto" >&5 +ac_lib_var=`echo k5crypto'_'krb5_encrypt_data | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lk5crypto $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lk5crypto" +else + echo "$ac_t""no" 1>&6 +fi + + +######################################################## +# now see if we can find the krb5 libs in standard paths +# or as specified above +echo $ac_n "checking for krb5_mk_req_extended in -lkrb5""... $ac_c" 1>&6 +echo "configure:11936: checking for krb5_mk_req_extended in -lkrb5" >&5 +ac_lib_var=`echo krb5'_'krb5_mk_req_extended | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lkrb5 $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lkrb5"; + cat >> confdefs.h <<\EOF +#define HAVE_KRB5 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + +######################################################## +# now see if we can find the gssapi libs in standard paths +echo $ac_n "checking for gss_display_status in -lgssapi_krb5""... $ac_c" 1>&6 +echo "configure:11983: checking for gss_display_status in -lgssapi_krb5" >&5 +ac_lib_var=`echo gssapi_krb5'_'gss_display_status | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lgssapi_krb5 $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lgssapi_krb5"; + cat >> confdefs.h <<\EOF +#define HAVE_GSSAPI 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + +################################################################## +# we might need the lber lib on some systems. To avoid link errors +# this test must be before the libldap test +echo $ac_n "checking for ber_scanf in -llber""... $ac_c" 1>&6 +echo "configure:12031: checking for ber_scanf in -llber" >&5 +ac_lib_var=`echo lber'_'ber_scanf | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-llber $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -llber" +else + echo "$ac_t""no" 1>&6 +fi + + +######################################################## +# now see if we can find the ldap libs in standard paths +if test x$have_ldap != xyes; then +echo $ac_n "checking for ldap_domain2hostlist in -lldap""... $ac_c" 1>&6 +echo "configure:12075: checking for ldap_domain2hostlist in -lldap" >&5 +ac_lib_var=`echo ldap'_'ldap_domain2hostlist | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lldap $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lldap"; + cat >> confdefs.h <<\EOF +#define HAVE_LDAP 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi + +################################################# +# check for automount support +echo $ac_n "checking whether to use AUTOMOUNT""... $ac_c" 1>&6 +echo "configure:12123: checking whether to use AUTOMOUNT" >&5 +# Check whether --with-automount or --without-automount was given. +if test "${with_automount+set}" = set; then + withval="$with_automount" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_AUTOMOUNT 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for smbmount support +echo $ac_n "checking whether to use SMBMOUNT""... $ac_c" 1>&6 +echo "configure:12148: checking whether to use SMBMOUNT" >&5 +# Check whether --with-smbmount or --without-smbmount was given. +if test "${with_smbmount+set}" = set; then + withval="$with_smbmount" + case "$withval" in + yes) + case "$host_os" in + *linux*) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_SMBMOUNT 1 +EOF + + MPROGS="bin/smbmount bin/smbmnt bin/smbumount" + ;; + *) + { echo "configure: error: not on a linux system!" 1>&2; exit 1; } + ;; + esac + ;; + *) + echo "$ac_t""no" 1>&6 + MPROGS= + ;; + esac +else + echo "$ac_t""no" 1>&6 + MPROGS= + +fi + + + +################################################# +# check for a PAM clear-text auth, accounts, password and session support +with_pam_for_crypt=no +echo $ac_n "checking whether to use PAM""... $ac_c" 1>&6 +echo "configure:12185: checking whether to use PAM" >&5 +# Check whether --with-pam or --without-pam was given. +if test "${with_pam+set}" = set; then + withval="$with_pam" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_PAM 1 +EOF + + LIBS="$LIBS -lpam" + with_pam_for_crypt=yes + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +# we can't build a pam module if we don't have pam. +echo $ac_n "checking for pam_get_data in -lpam""... $ac_c" 1>&6 +echo "configure:12211: checking for pam_get_data in -lpam" >&5 +ac_lib_var=`echo pam'_'pam_get_data | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lpam $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_LIBPAM 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + + +################################################# +# check for pam_smbpass support +echo $ac_n "checking whether to use pam_smbpass""... $ac_c" 1>&6 +echo "configure:12257: checking whether to use pam_smbpass" >&5 +# Check whether --with-pam_smbpass or --without-pam_smbpass was given. +if test "${with_pam_smbpass+set}" = set; then + withval="$with_pam_smbpass" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + +# Conditions under which pam_smbpass should not be built. + + if test x$PICFLAG = x; then + echo "$ac_t""No support for PIC code - disabling pam_smbpass" 1>&6 + PAM_MOD="" + elif test x$ac_cv_lib_pam_pam_get_data = xno; then + echo "$ac_t""No libpam found -- disabling pam_smbpass" 1>&6 + PAM_MOD="" + else + PAM_MOD="bin/pam_smbpass.so" + fi + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + + +############################################### +# test for where we get crypt() from, but only +# if not using PAM +if test $with_pam_for_crypt = no; then +for ac_func in crypt +do +echo $ac_n "checking for $ac_func""... $ac_c" 1>&6 +echo "configure:12295: checking for $ac_func" >&5 +if eval "test \"`echo '$''{'ac_cv_func_$ac_func'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +/* Override any gcc2 internal prototype to avoid an error. */ +/* We use char because int might match the return type of a gcc2 + builtin and then its argument prototype would still apply. */ +char $ac_func(); + +int main() { + +/* The GNU C library defines this for functions which it implements + to always fail with ENOSYS. Some functions are actually named + something starting with __ and the normal name is an alias. */ +#if defined (__stub_$ac_func) || defined (__stub___$ac_func) +choke me +#else +$ac_func(); +#endif + +; return 0; } +EOF +if { (eval echo configure:12323: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_func_$ac_func=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_func_$ac_func=no" +fi +rm -f conftest* +fi + +if eval "test \"`echo '$ac_cv_func_'$ac_func`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_func=HAVE_`echo $ac_func | tr 'abcdefghijklmnopqrstuvwxyz' 'ABCDEFGHIJKLMNOPQRSTUVWXYZ'` + cat >> confdefs.h <&6 +fi +done + +if test x"$ac_cv_func_crypt" = x"no"; then + echo $ac_n "checking for crypt in -lcrypt""... $ac_c" 1>&6 +echo "configure:12349: checking for crypt in -lcrypt" >&5 +ac_lib_var=`echo crypt'_'crypt | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lcrypt $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + LIBS="$LIBS -lcrypt"; + cat >> confdefs.h <<\EOF +#define HAVE_CRYPT 1 +EOF + +else + echo "$ac_t""no" 1>&6 +fi + +fi +fi + +## +## moved after the check for -lcrypt in order to +## ensure that the necessary libraries are included +## check checking for truncated salt. Wrapped by the +## $with_pam_for_crypt variable as above --jerry +## +if test $with_pam_for_crypt = no; then +echo $ac_n "checking for a crypt that needs truncated salt""... $ac_c" 1>&6 +echo "configure:12403: checking for a crypt that needs truncated salt" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_TRUNCATED_SALT'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + +if test "$cross_compiling" = yes; then + samba_cv_HAVE_TRUNCATED_SALT=cross +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + samba_cv_HAVE_TRUNCATED_SALT=no +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + samba_cv_HAVE_TRUNCATED_SALT=yes +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$samba_cv_HAVE_TRUNCATED_SALT" 1>&6 +if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_TRUNCATED_SALT 1 +EOF + +fi +fi + + + +######################################################################################## +## +## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER +## +######################################################################################## + +################################################# +# check for a TDB password database +echo $ac_n "checking whether to use TDB SAM database""... $ac_c" 1>&6 +echo "configure:12450: checking whether to use TDB SAM database" >&5 +# Check whether --with-tdbsam or --without-tdbsam was given. +if test "${with_tdbsam+set}" = set; then + withval="$with_tdbsam" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_TDB_SAM 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for a LDAP password database +echo $ac_n "checking whether to use LDAP SAM database""... $ac_c" 1>&6 +echo "configure:12475: checking whether to use LDAP SAM database" >&5 +# Check whether --with-ldapsam or --without-ldapsam was given. +if test "${with_ldapsam+set}" = set; then + withval="$with_ldapsam" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_LDAP_SAM 1 +EOF + + LIBS="-lldap -llber $LIBS" + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for a NISPLUS password database +echo $ac_n "checking whether to use NISPLUS SAM database""... $ac_c" 1>&6 +echo "configure:12501: checking whether to use NISPLUS SAM database" >&5 +# Check whether --with-nisplussam or --without-nisplussam was given. +if test "${with_nisplussam+set}" = set; then + withval="$with_nisplussam" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_NISPLUS_SAM 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +######################################################################################## +## +## END OF TESTS FOR SAM BACKENDS. +## +######################################################################################## + +################################################# +# check for a NISPLUS_HOME support +echo $ac_n "checking whether to use NISPLUS_HOME""... $ac_c" 1>&6 +echo "configure:12532: checking whether to use NISPLUS_HOME" >&5 +# Check whether --with-nisplus-home or --without-nisplus-home was given. +if test "${with_nisplus_home+set}" = set; then + withval="$with_nisplus_home" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_NISPLUS_HOME 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for the secure socket layer +echo $ac_n "checking whether to use SSL""... $ac_c" 1>&6 +echo "configure:12557: checking whether to use SSL" >&5 +# Check whether --with-ssl or --without-ssl was given. +if test "${with_ssl+set}" = set; then + withval="$with_ssl" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_SSL 1 +EOF + + withval="/usr/local/ssl" # default + + if test "${with_sslinc+set}" = set; then + + withval="$with_sslinc" + case "$withval" in + yes|no) + echo "configure: warning: --with-sslinc called without argument - will use default" 1>&w + CFLAGS="-I/usr/local/ssl/include $CFLAGS" + ;; + * ) + CFLAGS="-I${withval} $CFLAGS" + ;; + esac + + else + + CFLAGS="-I/usr/local/ssl/include $CFLAGS" + + fi + + if test "${with_ssllib+set}" = set; then + + withval="$with_ssllib" + case "$withval" in + yes|no) + echo "configure: warning: --with-ssllib called without argument - will use default" 1>&w + LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" + ;; + * ) + LDFLAGS="-L${withval}/lib $LDFLAGS" + ;; + esac + + else + + LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" + + fi + + LIBS="-lssl -lcrypto $LIBS" + +# if test ! -d ${withval}; then +# echo "configure: error: called with --with-ssl, but ssl base directory ${withval} does not exist or is not a directory. Aborting config" 1>&2 +# exit 1 +# fi + + CFLAGS="-DHAVE_CRYPT_DECL $CFLAGS" # Damn, SSLeay defines its own + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for syslog logging +echo $ac_n "checking whether to use syslog logging""... $ac_c" 1>&6 +echo "configure:12631: checking whether to use syslog logging" >&5 +# Check whether --with-syslog or --without-syslog was given. +if test "${with_syslog+set}" = set; then + withval="$with_syslog" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_SYSLOG 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# check for a shared memory profiling support +echo $ac_n "checking whether to use profiling""... $ac_c" 1>&6 +echo "configure:12656: checking whether to use profiling" >&5 +# Check whether --with-profiling-data or --without-profiling-data was given. +if test "${with_profiling_data+set}" = set; then + withval="$with_profiling_data" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_PROFILE 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + + +################################################# +# check for experimental disk-quotas support +QUOTAOBJS=smbd/noquotas.o + +echo $ac_n "checking whether to support disk-quotas""... $ac_c" 1>&6 +echo "configure:12684: checking whether to support disk-quotas" >&5 +# Check whether --with-quotas or --without-quotas was given. +if test "${with_quotas+set}" = set; then + withval="$with_quotas" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + case "$host_os" in + *linux*) + # Check for kernel 2.4.x quota braindamage... + echo $ac_n "checking for linux 2.4.x quota braindamage..""... $ac_c" 1>&6 +echo "configure:12695: checking for linux 2.4.x quota braindamage.." >&5 +if eval "test \"`echo '$''{'samba_cv_linux_2_4_quota_braindamage'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#include +#include +#include +#include +#include +int main() { +struct mem_dqblk D; +; return 0; } +EOF +if { (eval echo configure:12713: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_linux_2_4_quota_braindamage=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_linux_2_4_quota_braindamage=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_linux_2_4_quota_braindamage" 1>&6 +if test x"$samba_cv_linux_2_4_quota_braindamage" = x"yes"; then + cat >> confdefs.h <<\EOF +#define LINUX_QUOTAS_2 1 +EOF + +else + cat >> confdefs.h <<\EOF +#define LINUX_QUOTAS_1 1 +EOF + +fi + ;; + *) + ;; + esac + QUOTAOBJS=smbd/quotas.o + cat >> confdefs.h <<\EOF +#define WITH_QUOTAS 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + + +################################################# +# check for experimental utmp accounting + +echo $ac_n "checking whether to support utmp accounting""... $ac_c" 1>&6 +echo "configure:12762: checking whether to support utmp accounting" >&5 +# Check whether --with-utmp or --without-utmp was given. +if test "${with_utmp+set}" = set; then + withval="$with_utmp" + case "$withval" in + yes) + echo "$ac_t""yes" 1>&6 + cat >> confdefs.h <<\EOF +#define WITH_UTMP 1 +EOF + + ;; + *) + echo "$ac_t""no" 1>&6 + ;; + esac +else + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# set private directory location +# Check whether --with-privatedir or --without-privatedir was given. +if test "${with_privatedir+set}" = set; then + withval="$with_privatedir" + case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + echo "configure: warning: --with-privatedir called without argument - will use default" 1>&2 + privatedir='${prefix}/private' + ;; + * ) + privatedir="$withval" + ;; + esac + +else + privatedir='${prefix}/private' + + +fi + + +################################################# +# set lock directory location +# Check whether --with-lockdir or --without-lockdir was given. +if test "${with_lockdir+set}" = set; then + withval="$with_lockdir" + case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + echo "configure: warning: --with-lockdir called without argument - will use default" 1>&2 + lockdir='$(VARDIR)/locks' + ;; + * ) + lockdir="$withval" + ;; + esac + +else + lockdir='$(VARDIR)/locks' + + +fi + + +################################################# +# set SWAT directory location +# Check whether --with-swatdir or --without-swatdir was given. +if test "${with_swatdir+set}" = set; then + withval="$with_swatdir" + case "$withval" in + yes|no) + # + # Just in case anybody does it + # + echo "configure: warning: --with-swatdir called without argument - will use default" 1>&2 + swatdir='${prefix}/swat' + ;; + * ) + swatdir="$withval" + ;; + esac + +else + swatdir='${prefix}/swat' + + +fi + + +################################################# +# choose native language(s) of man pages +echo $ac_n "checking chosen man pages' language(s)""... $ac_c" 1>&6 +echo "configure:12862: checking chosen man pages' language(s)" >&5 +# Check whether --with-manpages-langs or --without-manpages-langs was given. +if test "${with_manpages_langs+set}" = set; then + withval="$with_manpages_langs" + case "$withval" in + yes|no) + echo "configure: warning: --with-manpages-langs called without argument - will use default" 1>&2 + manlangs="en" + ;; + *) + manlangs="$withval" + ;; + esac + + echo "$ac_t""$manlangs" 1>&6 + manlangs=`echo $manlangs | sed "s/,/ /"` # replacing commas with spaces to produce a list + +else + manlangs="en" + echo "$ac_t""$manlangs" 1>&6 + + +fi + + +################################################# +# these tests are taken from the GNU fileutils package +echo "checking how to get filesystem space usage" 1>&6 +echo "configure:12890: checking how to get filesystem space usage" >&5 +space=no + +# Test for statvfs64. +if test $space = no; then + # SVR4 + echo $ac_n "checking statvfs64 function (SVR4)""... $ac_c" 1>&6 +echo "configure:12897: checking statvfs64 function (SVR4)" >&5 +if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs64'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + fu_cv_sys_stat_statvfs64=cross +else + cat > conftest.$ac_ext < +#endif +#include +#include + main () + { + struct statvfs64 fsd; + exit (statvfs64 (".", &fsd)); + } +EOF +if { (eval echo configure:12919: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + fu_cv_sys_stat_statvfs64=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + fu_cv_sys_stat_statvfs64=no +fi +rm -fr conftest* +fi + +fi + +echo "$ac_t""$fu_cv_sys_stat_statvfs64" 1>&6 + if test $fu_cv_sys_stat_statvfs64 = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATVFS64 1 +EOF + + fi +fi + +# Perform only the link test since it seems there are no variants of the +# statvfs function. This check is more than just AC_CHECK_FUNCS(statvfs) +# because that got a false positive on SCO OSR5. Adding the declaration +# of a `struct statvfs' causes this test to fail (as it should) on such +# systems. That system is reported to work fine with STAT_STATFS4 which +# is what it gets when this test fails. +if test $space = no; then + # SVR4 + echo $ac_n "checking statvfs function (SVR4)""... $ac_c" 1>&6 +echo "configure:12952: checking statvfs function (SVR4)" >&5 +if eval "test \"`echo '$''{'fu_cv_sys_stat_statvfs'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + cat > conftest.$ac_ext < +#include +int main() { +struct statvfs fsd; statvfs (0, &fsd); +; return 0; } +EOF +if { (eval echo configure:12965: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + fu_cv_sys_stat_statvfs=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + fu_cv_sys_stat_statvfs=no +fi +rm -f conftest* +fi + +echo "$ac_t""$fu_cv_sys_stat_statvfs" 1>&6 + if test $fu_cv_sys_stat_statvfs = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATVFS 1 +EOF + + fi +fi + +if test $space = no; then + # DEC Alpha running OSF/1 + echo $ac_n "checking for 3-argument statfs function (DEC OSF/1)""... $ac_c" 1>&6 +echo "configure:12990: checking for 3-argument statfs function (DEC OSF/1)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs3_osf1'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + fu_cv_sys_stat_statfs3_osf1=no +else + cat > conftest.$ac_ext < +#include +#include + main () + { + struct statfs fsd; + fsd.f_fsize = 0; + exit (statfs (".", &fsd, sizeof (struct statfs))); + } +EOF +if { (eval echo configure:13011: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + fu_cv_sys_stat_statfs3_osf1=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + fu_cv_sys_stat_statfs3_osf1=no +fi +rm -fr conftest* +fi + +fi + + echo "$ac_t""$fu_cv_sys_stat_statfs3_osf1" 1>&6 + if test $fu_cv_sys_stat_statfs3_osf1 = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATFS3_OSF1 1 +EOF + + fi +fi + +if test $space = no; then +# AIX + echo $ac_n "checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)""... $ac_c" 1>&6 +echo "configure:13038: checking for two-argument statfs with statfs.bsize member (AIX, 4.3BSD)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_bsize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + fu_cv_sys_stat_statfs2_bsize=no +else + cat > conftest.$ac_ext < +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif + main () + { + struct statfs fsd; + fsd.f_bsize = 0; + exit (statfs (".", &fsd)); + } +EOF +if { (eval echo configure:13065: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + fu_cv_sys_stat_statfs2_bsize=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + fu_cv_sys_stat_statfs2_bsize=no +fi +rm -fr conftest* +fi + +fi + + echo "$ac_t""$fu_cv_sys_stat_statfs2_bsize" 1>&6 + if test $fu_cv_sys_stat_statfs2_bsize = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATFS2_BSIZE 1 +EOF + + fi +fi + +if test $space = no; then +# SVR3 + echo $ac_n "checking for four-argument statfs (AIX-3.2.5, SVR3)""... $ac_c" 1>&6 +echo "configure:13092: checking for four-argument statfs (AIX-3.2.5, SVR3)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs4'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + fu_cv_sys_stat_statfs4=no +else + cat > conftest.$ac_ext < +#include + main () + { + struct statfs fsd; + exit (statfs (".", &fsd, sizeof fsd, 0)); + } +EOF +if { (eval echo configure:13110: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + fu_cv_sys_stat_statfs4=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + fu_cv_sys_stat_statfs4=no +fi +rm -fr conftest* +fi + +fi + + echo "$ac_t""$fu_cv_sys_stat_statfs4" 1>&6 + if test $fu_cv_sys_stat_statfs4 = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATFS4 1 +EOF + + fi +fi + +if test $space = no; then +# 4.4BSD and NetBSD + echo $ac_n "checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)""... $ac_c" 1>&6 +echo "configure:13137: checking for two-argument statfs with statfs.fsize member (4.4BSD and NetBSD)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_statfs2_fsize'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + fu_cv_sys_stat_statfs2_fsize=no +else + cat > conftest.$ac_ext < +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif + main () + { + struct statfs fsd; + fsd.f_fsize = 0; + exit (statfs (".", &fsd)); + } +EOF +if { (eval echo configure:13161: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + fu_cv_sys_stat_statfs2_fsize=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + fu_cv_sys_stat_statfs2_fsize=no +fi +rm -fr conftest* +fi + +fi + + echo "$ac_t""$fu_cv_sys_stat_statfs2_fsize" 1>&6 + if test $fu_cv_sys_stat_statfs2_fsize = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATFS2_FSIZE 1 +EOF + + fi +fi + +if test $space = no; then + # Ultrix + echo $ac_n "checking for two-argument statfs with struct fs_data (Ultrix)""... $ac_c" 1>&6 +echo "configure:13188: checking for two-argument statfs with struct fs_data (Ultrix)" >&5 + if eval "test \"`echo '$''{'fu_cv_sys_stat_fs_data'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + if test "$cross_compiling" = yes; then + fu_cv_sys_stat_fs_data=no +else + cat > conftest.$ac_ext < +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_FS_TYPES_H +#include +#endif + main () + { + struct fs_data fsd; + /* Ultrix's statfs returns 1 for success, + 0 for not mounted, -1 for failure. */ + exit (statfs (".", &fsd) != 1); + } +EOF +if { (eval echo configure:13216: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + fu_cv_sys_stat_fs_data=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + fu_cv_sys_stat_fs_data=no +fi +rm -fr conftest* +fi + +fi + + echo "$ac_t""$fu_cv_sys_stat_fs_data" 1>&6 + if test $fu_cv_sys_stat_fs_data = yes; then + space=yes + cat >> confdefs.h <<\EOF +#define STAT_STATFS2_FS_DATA 1 +EOF + + fi +fi + +# +# As a gating factor for large file support, in order to +# use <4GB files we must have the following minimal support +# available. +# long long, and a 64 bit off_t or off64_t. +# If we don't have all of these then disable large +# file support. +# +echo $ac_n "checking if large file support can be enabled""... $ac_c" 1>&6 +echo "configure:13249: checking if large file support can be enabled" >&5 +cat > conftest.$ac_ext < +#else +__COMPILE_ERROR_ +#endif + +int main() { +int i +; return 0; } +EOF +if { (eval echo configure:13264: \"$ac_compile\") 1>&5; (eval $ac_compile) 2>&5; }; then + rm -rf conftest* + samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=no +fi +rm -f conftest* +if test x"$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_EXPLICIT_LARGEFILE_SUPPORT 1 +EOF + +fi +echo "$ac_t""$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT" 1>&6 + +# Check whether --with-spinlocks or --without-spinlocks was given. +if test "${with_spinlocks+set}" = set; then + withval="$with_spinlocks" + : +fi + +if test "x$with_spinlocks" = "xyes"; then + cat >> confdefs.h <<\EOF +#define USE_SPINLOCKS 1 +EOF + + + case "$host_cpu" in + sparc) + cat >> confdefs.h <<\EOF +#define SPARC_SPINLOCKS 1 +EOF + + ;; + + i386|i486|i586|i686) + cat >> confdefs.h <<\EOF +#define INTEL_SPINLOCKS 1 +EOF + + ;; + + mips) + cat >> confdefs.h <<\EOF +#define MIPS_SPINLOCKS 1 +EOF + + ;; + + powerpc) + cat >> confdefs.h <<\EOF +#define POWERPC_SPINLOCKS 1 +EOF + + ;; + esac +fi + +################################################# +# check for ACL support + +echo $ac_n "checking whether to support ACLs""... $ac_c" 1>&6 +echo "configure:13329: checking whether to support ACLs" >&5 +# Check whether --with-acl-support or --without-acl-support was given. +if test "${with_acl_support+set}" = set; then + withval="$with_acl_support" + case "$withval" in + yes) + + case "$host_os" in + *sysv5*) + echo "$ac_t""Using UnixWare ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_UNIXWARE_ACLS 1 +EOF + + ;; + *solaris*) + echo "$ac_t""Using solaris ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_SOLARIS_ACLS 1 +EOF + + ;; + *hpux*) + echo "$ac_t""Using HPUX ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_HPUX_ACLS 1 +EOF + + ;; + *irix*) + echo "$ac_t""Using IRIX ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_IRIX_ACLS 1 +EOF + + ;; + *aix*) + echo "$ac_t""Using AIX ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_AIX_ACLS 1 +EOF + + ;; + *osf*) + echo "$ac_t""Using Tru64 ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_TRU64_ACLS 1 +EOF + + LIBS="$LIBS -lpacl" + ;; + *) + echo $ac_n "checking for acl_get_file in -lacl""... $ac_c" 1>&6 +echo "configure:13382: checking for acl_get_file in -lacl" >&5 +ac_lib_var=`echo acl'_'acl_get_file | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lacl $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + ac_tr_lib=HAVE_LIB`echo acl | sed -e 's/[^a-zA-Z0-9_]/_/g' \ + -e 'y/abcdefghijklmnopqrstuvwxyz/ABCDEFGHIJKLMNOPQRSTUVWXYZ/'` + cat >> confdefs.h <&6 +fi + + echo $ac_n "checking for ACL support""... $ac_c" 1>&6 +echo "configure:13429: checking for ACL support" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_POSIX_ACLS'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#include +int main() { + acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p); +; return 0; } +EOF +if { (eval echo configure:13443: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + samba_cv_HAVE_POSIX_ACLS=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_POSIX_ACLS=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_POSIX_ACLS" 1>&6 + if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then + echo "$ac_t""Using posix ACLs" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_POSIX_ACLS 1 +EOF + + echo $ac_n "checking for acl_get_perm_np""... $ac_c" 1>&6 +echo "configure:13463: checking for acl_get_perm_np" >&5 +if eval "test \"`echo '$''{'samba_cv_HAVE_ACL_GET_PERM_NP'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + + cat > conftest.$ac_ext < +#include +int main() { + acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm); +; return 0; } +EOF +if { (eval echo configure:13477: \"$ac_link\") 1>&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + samba_cv_HAVE_ACL_GET_PERM_NP=yes +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + samba_cv_HAVE_ACL_GET_PERM_NP=no +fi +rm -f conftest* +fi + +echo "$ac_t""$samba_cv_HAVE_ACL_GET_PERM_NP" 1>&6 + if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then + cat >> confdefs.h <<\EOF +#define HAVE_ACL_GET_PERM_NP 1 +EOF + + fi + fi + ;; + esac + ;; + *) + echo "$ac_t""no" 1>&6 + cat >> confdefs.h <<\EOF +#define HAVE_NO_ACLS 1 +EOF + + ;; + esac +else + cat >> confdefs.h <<\EOF +#define HAVE_NO_ACLS 1 +EOF + + echo "$ac_t""no" 1>&6 + +fi + + +################################################# +# Check whether winbind is supported on this platform. If so we need to +# build and install client programs (WINBIND_TARGETS), sbin programs +# (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS). + +echo $ac_n "checking whether to build winbind""... $ac_c" 1>&6 +echo "configure:13524: checking whether to build winbind" >&5 + +# Initially, the value of $host_os decides whether winbind is supported + +case "$host_os" in + *linux*|*irix*) + HAVE_WINBIND=yes + ;; + *solaris*) + HAVE_WINBIND=yes + WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o" + WINBIND_NSS_EXTRA_LIBS="-lsocket" + ;; + *hpux11*) + HAVE_WINBIND=yes + WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o" + ;; + *) + HAVE_WINBIND=no + winbind_no_reason=", unsupported on $host_os" + ;; +esac + +# Check the setting of --with-winbindd + +# Check whether --with-winbind or --without-winbind was given. +if test "${with_winbind+set}" = set; then + withval="$with_winbind" + + case "$withval" in + yes) + HAVE_WINBIND=yes + ;; + no) + HAVE_WINBIND=no + winbind_reason="" + ;; + esac +fi + + +# We need unix domain sockets for winbind + +if test x"$HAVE_WINBIND" = x"yes"; then + if test x"$samba_cv_unixsocket" = x"no"; then + winbind_no_reason=", no unix domain socket support on $host_os" + HAVE_WINBIND=no + fi +fi + +# Display test results + +WINBIND_TARGETS="" +WINBIND_STARGETS="" +WINBIND_LTARGETS="" +WINBIND_PAM_PROGS="" + +if test x"$HAVE_WINBIND" = x"yes"; then + echo "$ac_t""yes" 1>&6 + + WINBIND_TARGETS="bin/wbinfo" + WINBIND_STARGETS="bin/winbindd" + if test x"$BLDSHARED" = x"true"; then + WINBIND_LTARGETS="nsswitch/libnss_winbind.so" + if test x"$with_pam" = x"yes"; then + WINBIND_PAM_TARGETS="nsswitch/pam_winbind.so" + fi + fi +else + echo "$ac_t""no$winbind_no_reason" 1>&6 +fi + +# Substitution time! + + + + + + + + +################################################# +# Check to see if we should use the included popt + +# Check whether --with-included-popt or --without-included-popt was given. +if test "${with_included_popt+set}" = set; then + withval="$with_included_popt" + + case "$withval" in + yes) + INCLUDED_POPT=yes + ;; + no) + INCLUDED_POPT=no + ;; + esac +fi + +if test x"$INCLUDED_POPT" != x"yes"; then + echo $ac_n "checking for poptGetContext in -lpopt""... $ac_c" 1>&6 +echo "configure:13624: checking for poptGetContext in -lpopt" >&5 +ac_lib_var=`echo popt'_'poptGetContext | sed 'y%./+-%__p_%'` +if eval "test \"`echo '$''{'ac_cv_lib_$ac_lib_var'+set}'`\" = set"; then + echo $ac_n "(cached) $ac_c" 1>&6 +else + ac_save_LIBS="$LIBS" +LIBS="-lpopt $LIBS" +cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext}; then + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=yes" +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -rf conftest* + eval "ac_cv_lib_$ac_lib_var=no" +fi +rm -f conftest* +LIBS="$ac_save_LIBS" + +fi +if eval "test \"`echo '$ac_cv_lib_'$ac_lib_var`\" = yes"; then + echo "$ac_t""yes" 1>&6 + INCLUDED_POPT=no +else + echo "$ac_t""no" 1>&6 +INCLUDED_POPT=yes +fi + +fi + +echo $ac_n "checking whether to use included popt""... $ac_c" 1>&6 +echo "configure:13667: checking whether to use included popt" >&5 +if test x"$INCLUDED_POPT" = x"yes"; then + echo "$ac_t""$srcdir/popt" 1>&6 + BUILD_POPT='$(POPT_OBJS)' + FLAGS1="-I$srcdir/popt" +else + echo "$ac_t""no" 1>&6 + LIBS="$LIBS -lpopt" +fi + + + +################################################# +# do extra things if we are running insure + +if test "${ac_cv_prog_CC}" = "insure"; then + CPPFLAGS="$CPPFLAGS -D__INSURE__" +fi + +################################################# +# final configure stuff + +echo $ac_n "checking configure summary""... $ac_c" 1>&6 +echo "configure:13690: checking configure summary" >&5 +if test "$cross_compiling" = yes; then + echo "configure: warning: cannot run when cross-compiling" 1>&2 +else + cat > conftest.$ac_ext <&5; (eval $ac_link) 2>&5; } && test -s conftest${ac_exeext} && (./conftest; exit) 2>/dev/null +then + echo "$ac_t""yes" 1>&6 +else + echo "configure: failed program was:" >&5 + cat conftest.$ac_ext >&5 + rm -fr conftest* + { echo "configure: error: summary failure. Aborting config" 1>&2; exit 1; }; exit 1; +fi +rm -fr conftest* +fi + + +builddir=`pwd` + + +trap '' 1 2 15 +cat > confcache <<\EOF +# This file is a shell script that caches the results of configure +# tests run on this system so they can be shared between configure +# scripts and configure runs. It is not useful on other systems. +# If it contains results you don't want to keep, you may remove or edit it. +# +# By default, configure uses ./config.cache as the cache file, +# creating it if it does not exist already. You can give configure +# the --cache-file=FILE option to use a different cache file; that is +# what configure does when it calls configure scripts in +# subdirectories, so they share the cache. +# Giving --cache-file=/dev/null disables caching, for debugging configure. +# config.status only pays attention to the cache file if you give it the +# --recheck option to rerun configure. +# +EOF +# The following way of writing the cache mishandles newlines in values, +# but we know of no workaround that is simple, portable, and efficient. +# So, don't put newlines in cache variables' values. +# Ultrix sh set writes to stderr and can't be redirected directly, +# and sets the high bit in the cache file unless we assign to the vars. +(set) 2>&1 | + case `(ac_space=' '; set | grep ac_space) 2>&1` in + *ac_space=\ *) + # `set' does not quote correctly, so add quotes (double-quote substitution + # turns \\\\ into \\, and sed turns \\ into \). + sed -n \ + -e "s/'/'\\\\''/g" \ + -e "s/^\\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\\)=\\(.*\\)/\\1=\${\\1='\\2'}/p" + ;; + *) + # `set' quotes correctly as required by POSIX, so do not add quotes. + sed -n -e 's/^\([a-zA-Z0-9_]*_cv_[a-zA-Z0-9_]*\)=\(.*\)/\1=${\1=\2}/p' + ;; + esac >> confcache +if cmp -s $cache_file confcache; then + : +else + if test -w $cache_file; then + echo "updating cache $cache_file" + cat confcache > $cache_file + else + echo "not updating unwritable cache $cache_file" + fi +fi +rm -f confcache + +trap 'rm -fr conftest* confdefs* core core.* *.core $ac_clean_files; exit 1' 1 2 15 + +test "x$prefix" = xNONE && prefix=$ac_default_prefix +# Let make expand exec_prefix. +test "x$exec_prefix" = xNONE && exec_prefix='${prefix}' + +# Any assignment to VPATH causes Sun make to only execute +# the first set of double-colon rules, so remove it if not needed. +# If there is a colon in the path, we need to keep it. +if test "x$srcdir" = x.; then + ac_vpsub='/^[ ]*VPATH[ ]*=[^:]*$/d' +fi + +trap 'rm -f $CONFIG_STATUS conftest*; exit 1' 1 2 15 + +DEFS=-DHAVE_CONFIG_H + +# Without the "./", some shells look in PATH for config.status. +: ${CONFIG_STATUS=./config.status} + +echo creating $CONFIG_STATUS +rm -f $CONFIG_STATUS +cat > $CONFIG_STATUS </dev/null | sed 1q`: +# +# $0 $ac_configure_args +# +# Compiler output produced by configure, useful for debugging +# configure, is in ./config.log if it exists. + +ac_cs_usage="Usage: $CONFIG_STATUS [--recheck] [--version] [--help]" +for ac_option +do + case "\$ac_option" in + -recheck | --recheck | --rechec | --reche | --rech | --rec | --re | --r) + echo "running \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion" + exec \${CONFIG_SHELL-/bin/sh} $0 $ac_configure_args --no-create --no-recursion ;; + -version | --version | --versio | --versi | --vers | --ver | --ve | --v) + echo "$CONFIG_STATUS generated by autoconf version 2.13" + exit 0 ;; + -help | --help | --hel | --he | --h) + echo "\$ac_cs_usage"; exit 0 ;; + *) echo "\$ac_cs_usage"; exit 1 ;; + esac +done + +ac_given_srcdir=$srcdir +ac_given_INSTALL="$INSTALL" + +trap 'rm -fr `echo "include/stamp-h Makefile include/config.h" | sed "s/:[^ ]*//g"` conftest*; exit 1' 1 2 15 +EOF +cat >> $CONFIG_STATUS < conftest.subs <<\\CEOF +$ac_vpsub +$extrasub +s%@SHELL@%$SHELL%g +s%@CFLAGS@%$CFLAGS%g +s%@CPPFLAGS@%$CPPFLAGS%g +s%@CXXFLAGS@%$CXXFLAGS%g +s%@FFLAGS@%$FFLAGS%g +s%@DEFS@%$DEFS%g +s%@LDFLAGS@%$LDFLAGS%g +s%@LIBS@%$LIBS%g +s%@exec_prefix@%$exec_prefix%g +s%@prefix@%$prefix%g +s%@program_transform_name@%$program_transform_name%g +s%@bindir@%$bindir%g +s%@sbindir@%$sbindir%g +s%@libexecdir@%$libexecdir%g +s%@datadir@%$datadir%g +s%@sysconfdir@%$sysconfdir%g +s%@sharedstatedir@%$sharedstatedir%g +s%@localstatedir@%$localstatedir%g +s%@libdir@%$libdir%g +s%@includedir@%$includedir%g +s%@oldincludedir@%$oldincludedir%g +s%@infodir@%$infodir%g +s%@mandir@%$mandir%g +s%@RUNPROG@%$RUNPROG%g +s%@MPROGS@%$MPROGS%g +s%@LDSHFLAGS@%$LDSHFLAGS%g +s%@SHLD@%$SHLD%g +s%@HOST_OS@%$HOST_OS%g +s%@PAM_MOD@%$PAM_MOD%g +s%@WRAP@%$WRAP%g +s%@WRAP32@%$WRAP32%g +s%@PICFLAG@%$PICFLAG%g +s%@PICSUFFIX@%$PICSUFFIX%g +s%@POBAD_CC@%$POBAD_CC%g +s%@SHLIBEXT@%$SHLIBEXT%g +s%@LIBSMBCLIENT_SHARED@%$LIBSMBCLIENT_SHARED%g +s%@CC@%$CC%g +s%@INSTALL_PROGRAM@%$INSTALL_PROGRAM%g +s%@INSTALL_SCRIPT@%$INSTALL_SCRIPT%g +s%@INSTALL_DATA@%$INSTALL_DATA%g +s%@AWK@%$AWK%g +s%@BROKEN_CC@%$BROKEN_CC%g +s%@host@%$host%g +s%@host_alias@%$host_alias%g +s%@host_cpu@%$host_cpu%g +s%@host_vendor@%$host_vendor%g +s%@host_os@%$host_os%g +s%@target@%$target%g +s%@target_alias@%$target_alias%g +s%@target_cpu@%$target_cpu%g +s%@target_vendor@%$target_vendor%g +s%@target_os@%$target_os%g +s%@build@%$build%g +s%@build_alias@%$build_alias%g +s%@build_cpu@%$build_cpu%g +s%@build_vendor@%$build_vendor%g +s%@build_os@%$build_os%g +s%@CPP@%$CPP%g +s%@LIBOBJS@%$LIBOBJS%g +s%@TERMLIBS@%$TERMLIBS%g +s%@TERMLDFLAGS@%$TERMLDFLAGS%g +s%@ROFF@%$ROFF%g +s%@DYNEXP@%$DYNEXP%g +s%@QUOTAOBJS@%$QUOTAOBJS%g +s%@privatedir@%$privatedir%g +s%@lockdir@%$lockdir%g +s%@swatdir@%$swatdir%g +s%@manlangs@%$manlangs%g +s%@WINBIND_TARGETS@%$WINBIND_TARGETS%g +s%@WINBIND_STARGETS@%$WINBIND_STARGETS%g +s%@WINBIND_LTARGETS@%$WINBIND_LTARGETS%g +s%@WINBIND_PAM_TARGETS@%$WINBIND_PAM_TARGETS%g +s%@WINBIND_NSS_EXTRA_OBJS@%$WINBIND_NSS_EXTRA_OBJS%g +s%@WINBIND_NSS_EXTRA_LIBS@%$WINBIND_NSS_EXTRA_LIBS%g +s%@BUILD_POPT@%$BUILD_POPT%g +s%@FLAGS1@%$FLAGS1%g +s%@builddir@%$builddir%g + +CEOF +EOF + +cat >> $CONFIG_STATUS <<\EOF + +# Split the substitutions into bite-sized pieces for seds with +# small command number limits, like on Digital OSF/1 and HP-UX. +ac_max_sed_cmds=90 # Maximum number of lines to put in a sed script. +ac_file=1 # Number of current file. +ac_beg=1 # First line for current file. +ac_end=$ac_max_sed_cmds # Line after last line for current file. +ac_more_lines=: +ac_sed_cmds="" +while $ac_more_lines; do + if test $ac_beg -gt 1; then + sed "1,${ac_beg}d; ${ac_end}q" conftest.subs > conftest.s$ac_file + else + sed "${ac_end}q" conftest.subs > conftest.s$ac_file + fi + if test ! -s conftest.s$ac_file; then + ac_more_lines=false + rm -f conftest.s$ac_file + else + if test -z "$ac_sed_cmds"; then + ac_sed_cmds="sed -f conftest.s$ac_file" + else + ac_sed_cmds="$ac_sed_cmds | sed -f conftest.s$ac_file" + fi + ac_file=`expr $ac_file + 1` + ac_beg=$ac_end + ac_end=`expr $ac_end + $ac_max_sed_cmds` + fi +done +if test -z "$ac_sed_cmds"; then + ac_sed_cmds=cat +fi +EOF + +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +for ac_file in .. $CONFIG_FILES; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + # Adjust a relative srcdir, top_srcdir, and INSTALL for subdirectories. + + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + ac_dir_suffix="/`echo $ac_dir|sed 's%^\./%%'`" + # A "../" for each directory in $ac_dir_suffix. + ac_dots=`echo $ac_dir_suffix|sed 's%/[^/]*%../%g'` + else + ac_dir_suffix= ac_dots= + fi + + case "$ac_given_srcdir" in + .) srcdir=. + if test -z "$ac_dots"; then top_srcdir=. + else top_srcdir=`echo $ac_dots|sed 's%/$%%'`; fi ;; + /*) srcdir="$ac_given_srcdir$ac_dir_suffix"; top_srcdir="$ac_given_srcdir" ;; + *) # Relative path. + srcdir="$ac_dots$ac_given_srcdir$ac_dir_suffix" + top_srcdir="$ac_dots$ac_given_srcdir" ;; + esac + + case "$ac_given_INSTALL" in + [/$]*) INSTALL="$ac_given_INSTALL" ;; + *) INSTALL="$ac_dots$ac_given_INSTALL" ;; + esac + + echo creating "$ac_file" + rm -f "$ac_file" + configure_input="Generated automatically from `echo $ac_file_in|sed 's%.*/%%'` by configure." + case "$ac_file" in + *Makefile*) ac_comsub="1i\\ +# $configure_input" ;; + *) ac_comsub= ;; + esac + + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + sed -e "$ac_comsub +s%@configure_input@%$configure_input%g +s%@srcdir@%$srcdir%g +s%@top_srcdir@%$top_srcdir%g +s%@INSTALL@%$INSTALL%g +" $ac_file_inputs | (eval "$ac_sed_cmds") > $ac_file +fi; done +rm -f conftest.s* + +# These sed commands are passed to sed as "A NAME B NAME C VALUE D", where +# NAME is the cpp macro being defined and VALUE is the value it is being given. +# +# ac_d sets the value in "#define NAME VALUE" lines. +ac_dA='s%^\([ ]*\)#\([ ]*define[ ][ ]*\)' +ac_dB='\([ ][ ]*\)[^ ]*%\1#\2' +ac_dC='\3' +ac_dD='%g' +# ac_u turns "#undef NAME" with trailing blanks into "#define NAME VALUE". +ac_uA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_uB='\([ ]\)%\1#\2define\3' +ac_uC=' ' +ac_uD='\4%g' +# ac_e turns "#undef NAME" without trailing blanks into "#define NAME VALUE". +ac_eA='s%^\([ ]*\)#\([ ]*\)undef\([ ][ ]*\)' +ac_eB='$%\1#\2define\3' +ac_eC=' ' +ac_eD='%g' + +if test "${CONFIG_HEADERS+set}" != set; then +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF +fi +for ac_file in .. $CONFIG_HEADERS; do if test "x$ac_file" != x..; then + # Support "outfile[:infile[:infile...]]", defaulting infile="outfile.in". + case "$ac_file" in + *:*) ac_file_in=`echo "$ac_file"|sed 's%[^:]*:%%'` + ac_file=`echo "$ac_file"|sed 's%:.*%%'` ;; + *) ac_file_in="${ac_file}.in" ;; + esac + + echo creating $ac_file + + rm -f conftest.frag conftest.in conftest.out + ac_file_inputs=`echo $ac_file_in|sed -e "s%^%$ac_given_srcdir/%" -e "s%:% $ac_given_srcdir/%g"` + cat $ac_file_inputs > conftest.in + +EOF + +# Transform confdefs.h into a sed script conftest.vals that substitutes +# the proper values into config.h.in to produce config.h. And first: +# Protect against being on the right side of a sed subst in config.status. +# Protect against being in an unquoted here document in config.status. +rm -f conftest.vals +cat > conftest.hdr <<\EOF +s/[\\&%]/\\&/g +s%[\\$`]%\\&%g +s%#define \([A-Za-z_][A-Za-z0-9_]*\) *\(.*\)%${ac_dA}\1${ac_dB}\1${ac_dC}\2${ac_dD}%gp +s%ac_d%ac_u%gp +s%ac_u%ac_e%gp +EOF +sed -n -f conftest.hdr confdefs.h > conftest.vals +rm -f conftest.hdr + +# This sed command replaces #undef with comments. This is necessary, for +# example, in the case of _POSIX_SOURCE, which is predefined and required +# on some systems where configure will not decide to define it. +cat >> conftest.vals <<\EOF +s%^[ ]*#[ ]*undef[ ][ ]*[a-zA-Z_][a-zA-Z_0-9]*%/* & */% +EOF + +# Break up conftest.vals because some shells have a limit on +# the size of here documents, and old seds have small limits too. + +rm -f conftest.tail +while : +do + ac_lines=`grep -c . conftest.vals` + # grep -c gives empty output for an empty file on some AIX systems. + if test -z "$ac_lines" || test "$ac_lines" -eq 0; then break; fi + # Write a limited-size here document to conftest.frag. + echo ' cat > conftest.frag <> $CONFIG_STATUS + sed ${ac_max_here_lines}q conftest.vals >> $CONFIG_STATUS + echo 'CEOF + sed -f conftest.frag conftest.in > conftest.out + rm -f conftest.in + mv conftest.out conftest.in +' >> $CONFIG_STATUS + sed 1,${ac_max_here_lines}d conftest.vals > conftest.tail + rm -f conftest.vals + mv conftest.tail conftest.vals +done +rm -f conftest.vals + +cat >> $CONFIG_STATUS <<\EOF + rm -f conftest.frag conftest.h + echo "/* $ac_file. Generated automatically by configure. */" > conftest.h + cat conftest.in >> conftest.h + rm -f conftest.in + if cmp -s $ac_file conftest.h 2>/dev/null; then + echo "$ac_file is unchanged" + rm -f conftest.h + else + # Remove last slash and all that follows it. Not all systems have dirname. + ac_dir=`echo $ac_file|sed 's%/[^/][^/]*$%%'` + if test "$ac_dir" != "$ac_file" && test "$ac_dir" != .; then + # The file is in a subdirectory. + test ! -d "$ac_dir" && mkdir "$ac_dir" + fi + rm -f $ac_file + mv conftest.h $ac_file + fi +fi; done + +EOF +cat >> $CONFIG_STATUS <> $CONFIG_STATUS <<\EOF + +exit 0 +EOF +chmod +x $CONFIG_STATUS +rm -fr confdefs* $ac_clean_files +test "$no_create" = yes || ${CONFIG_SHELL-/bin/sh} $CONFIG_STATUS || exit 1 + + +################################################# +# Print very concise instructions on building/use +if test "x$enable_dmalloc" = xyes +then + echo "$ac_t""Note: The dmalloc debug library will be included. To turn it on use" 1>&6 + echo "$ac_t"" \$ eval \`dmalloc samba\`." 1>&6 +fi diff --git a/source3/configure.developer b/source3/configure.developer new file mode 100755 index 00000000000..0409a750615 --- /dev/null +++ b/source3/configure.developer @@ -0,0 +1,2 @@ +#!/bin/sh +`dirname $0`/configure --enable-developer $* diff --git a/source3/configure.in b/source3/configure.in new file mode 100644 index 00000000000..bbfdc2e382a --- /dev/null +++ b/source3/configure.in @@ -0,0 +1,2727 @@ +dnl -*- mode: m4-mode -*- +dnl Process this file with autoconf to produce a configure script. +AC_INIT(include/includes.h) +AC_CONFIG_HEADER(include/config.h) +# we want to be compatible with older versions of Samba +AC_PREFIX_DEFAULT(/usr/local/samba) + +dnl Unique-to-Samba variables we'll be playing with. +AC_SUBST(SHELL) +AC_SUBST(RUNPROG) +AC_SUBST(MPROGS) +AC_SUBST(LDSHFLAGS) +AC_SUBST(SHLD) +AC_SUBST(HOST_OS) +AC_SUBST(PAM_MOD) +AC_SUBST(WRAP) +AC_SUBST(WRAP32) +AC_SUBST(PICFLAG) +AC_SUBST(PICSUFFIX) +AC_SUBST(POBAD_CC) +AC_SUBST(SHLIBEXT) +AC_SUBST(LIBSMBCLIENT_SHARED) + +# compile with optimisation and without debugging by default +CFLAGS="-O ${CFLAGS}" + +AC_ARG_ENABLE(debug, [ --enable-debug turn on debugging [default=no]], + [if eval "test x$enable_debug = xyes"; then + CFLAGS="${CFLAGS} -g" + fi]) + +AC_ARG_ENABLE(developer, [ --enable-developer turn on developer warnings and debugging [default=no]], + [if eval "test x$enable_developer = xyes"; then + CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER" + fi]) + +AC_ARG_ENABLE(krb5developer, [ --enable-krb5developer turn on developer warnings and debugging, except -Wstrict-prototypes [default=no]], + [if eval "test x$enable_krb5developer = xyes"; then + CFLAGS="${CFLAGS} -g -Wall -Wshadow -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD -DDEVELOPER" + fi]) + +AC_ARG_ENABLE(dmalloc, [ --enable-dmalloc enable heap debugging [default=no]]) + +if test "x$enable_dmalloc" = xyes +then + AC_DEFINE(ENABLE_DMALLOC, 1, [Define to turn on dmalloc debugging]) + AC_DEFINE(DMALLOC_FUNC_CHECK, 1, + [Define to check invariants around some common functions]) + LIBS="$LIBS -ldmalloc" +fi + +dnl Checks for programs. +AC_PROG_CC +AC_PROG_INSTALL +AC_PROG_AWK + +dnl needed before AC_TRY_COMPILE +AC_ISC_POSIX + +dnl Check if C compiler understands -c and -o at the same time +AC_PROG_CC_C_O +if eval "test \"`echo '$ac_cv_prog_cc_'${ac_cc}_c_o`\" = no"; then + BROKEN_CC= +else + BROKEN_CC=# +fi +AC_SUBST(BROKEN_CC) + +dnl Check if the C compiler understands volatile (it should, being ANSI). +AC_CACHE_CHECK([that the C compiler understands volatile],samba_cv_volatile, [ + AC_TRY_COMPILE([#include ],[volatile int i = 0], + samba_cv_volatile=yes,samba_cv_volatile=no)]) +if test x"$samba_cv_volatile" = x"yes"; then + AC_DEFINE(HAVE_VOLATILE) +fi + + +AC_CANONICAL_SYSTEM + +dnl Add #include for broken IRIX header files + case "$host_os" in + *irix6*) AC_ADD_INCLUDE() + ;; +esac + +AC_VALIDATE_CACHE_SYSTEM_TYPE + +DYNEXP= + +# +# Config CPPFLAG settings for strange OS's that must be set +# before other tests. +# +case "$host_os" in +# Try to work out if this is the native HPUX compiler that uses the -Ae flag. + *hpux*) + + AC_PROG_CC_FLAG(Ae) + # mmap on HPUX is completely broken... + AC_DEFINE(MMAP_BLACKLIST) + if test $ac_cv_prog_cc_Ae = yes; then + CPPFLAGS="$CPPFLAGS -Ae" + fi +# +# Defines needed for HPUX support. +# HPUX has bigcrypt but (sometimes?) doesn't use it for +# password hashing - hence the USE_BOTH_CRYPT_CALLS define. +# + case `uname -r` in + *9*|*10*) + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4" + AC_DEFINE(USE_BOTH_CRYPT_CALLS) + AC_DEFINE(_HPUX_SOURCE) + AC_DEFINE(_POSIX_SOURCE) + AC_DEFINE(_ALIGNMENT_REQUIRED,1) + AC_DEFINE(_MAX_ALIGNMENT,4) + ;; + *11*) + CPPFLAGS="$CPPFLAGS -D_HPUX_SOURCE -D_POSIX_SOURCE -D_LARGEFILE64_SOURCE -D_ALIGNMENT_REQUIRED=1 -D_MAX_ALIGNMENT=4" + AC_DEFINE(USE_BOTH_CRYPT_CALLS) + AC_DEFINE(_HPUX_SOURCE) + AC_DEFINE(_POSIX_SOURCE) + AC_DEFINE(_LARGEFILE64_SOURCE) + AC_DEFINE(_ALIGNMENT_REQUIRED,1) + AC_DEFINE(_MAX_ALIGNMENT,4) + ;; + esac + DYNEXP="-Wl,-E" + ;; + +# +# CRAY Unicos has broken const handling + *unicos*) + AC_MSG_RESULT([disabling const]) + CPPFLAGS="$CPPFLAGS -Dconst=" + ;; + +# +# AIX4.x doesn't even admit to having large +# files *at all* unless the -D_LARGE_FILE or -D_LARGE_FILE_API flags are set. +# + *aix4*) + AC_MSG_RESULT([enabling large file support]) + CPPFLAGS="$CPPFLAGS -D_LARGE_FILES" + AC_DEFINE(_LARGE_FILES) + ;; +# +# Defines needed for Solaris 2.6/2.7 aka 7.0 to make it admit +# to the existance of large files.. +# Note that -D_LARGEFILE64_SOURCE is different from the Sun +# recommendations on large file support, however it makes the +# compile work using gcc 2.7 and 2.8, whereas using the Sun +# recommendation makes the compile fail on gcc2.7. JRA. +# + *solaris*) + case `uname -r` in + 5.0*|5.1*|5.2*|5.3*|5.5*) + AC_MSG_RESULT([no large file support]) + ;; + 5.*) + AC_MSG_RESULT([enabling large file support]) + if test "$ac_cv_prog_gcc" = yes; then + ${CC-cc} -v >conftest.c 2>&1 + ac_cv_gcc_compiler_version_number=`grep 'gcc version' conftest.c` + rm -fr conftest.c + case "$ac_cv_gcc_compiler_version_number" in + *"gcc version 2.6"*|*"gcc version 2.7"*) + CPPFLAGS="$CPPFLAGS -D_LARGEFILE64_SOURCE" + AC_DEFINE(_LARGEFILE64_SOURCE) + ;; + *) + CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + AC_DEFINE(_LARGEFILE64_SOURCE) + AC_DEFINE(_FILE_OFFSET_BITS,64) + ;; + esac + else + DYNEXP="-dc -dp" + CPPFLAGS="$CPPFLAGS -D_LARGEFILE_SOURCE -D_FILE_OFFSET_BITS=64" + AC_DEFINE(_LARGEFILE64_SOURCE) + AC_DEFINE(_FILE_OFFSET_BITS,64) + fi + ;; + esac + ;; +# +# Tests needed for SINIX large file support. +# + *sysv4*) + if test $host = mips-sni-sysv4 ; then + AC_MSG_CHECKING([for LFS support]) + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS" + AC_TRY_RUN([ +#include +main () { +#if _LFS64_LARGEFILE == 1 +exit(0); +#else +exit(1); +#endif +}], [SINIX_LFS_SUPPORT=yes], [SINIX_LFS_SUPPORT=no], [SINIX_LFS_SUPPORT=cross]) + CPPFLAGS="$old_CPPFLAGS" + if test x$SINIX_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE $CPPFLAGS" + AC_DEFINE(_LARGEFILE64_SOURCE) + CFLAGS="`getconf LFS64_CFLAGS` $CFLAGS" + LDFLAGS="`getconf LFS64_LDFLAGS` $LDFLAGS" + LIBS="`getconf LFS64_LIBS` $LIBS" + fi + AC_MSG_RESULT([$SINIX_LFS_SUPPORT]) + fi + ;; + +# Tests for linux LFS support. Need kernel 2.4 and glibc2.2 or greater support. +# + *linux*) + AC_MSG_CHECKING([for LFS support]) + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" + AC_TRY_RUN([ +#include +#include +main() { +#if _LFS64_LARGEFILE == 1 + struct utsname uts; + char *release; + int major, minor; + + /* Ensure this is glibc 2.2 or higher */ +#if defined(__GLIBC__) && defined(__GLIBC_MINOR__) + int libc_major = __GLIBC__; + int libc_minor = __GLIBC_MINOR__; + + if (libc_major < 2) + exit(1); + if (libc_minor < 2) + exit(1); +#endif + + /* Ensure this is kernel 2.4 or higher */ + + uname(&uts); + release = uts.release; + major = atoi(strsep(&release, ".")); + minor = atoi(strsep(&release, ".")); + + if (major > 2 || (major == 2 && minor > 3)) + exit(0); + exit(1); +#else + exit(1); +#endif +} +], [LINUX_LFS_SUPPORT=yes], [LINUX_LFS_SUPPORT=no], [LINUX_LFS_SUPPORT=cross]) + CPPFLAGS="$old_CPPFLAGS" + if test x$LINUX_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -D_GNU_SOURCE $CPPFLAGS" + AC_DEFINE(_LARGEFILE64_SOURCE) + AC_DEFINE(_FILE_OFFSET_BITS,64) + AC_DEFINE(_GNU_SOURCE) + fi + AC_MSG_RESULT([$LINUX_LFS_SUPPORT]) + ;; + + *hurd*) + AC_MSG_CHECKING([for LFS support]) + old_CPPFLAGS="$CPPFLAGS" + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS" + AC_TRY_RUN([ +#include +main () { +#if _LFS64_LARGEFILE == 1 +exit(0); +#else +exit(1); +#endif +}], [GLIBC_LFS_SUPPORT=yes], [GLIBC_LFS_SUPPORT=no], [GLIBC_LFS_SUPPORT=cross]) + CPPFLAGS="$old_CPPFLAGS" + if test x$GLIBC_LFS_SUPPORT = xyes ; then + CPPFLAGS="-D_LARGEFILE64_SOURCE -D_GNU_SOURCE $CPPFLAGS" + AC_DEFINE(_LARGEFILE64_SOURCE) + AC_DEFINE(_GNU_SOURCE) + fi + AC_MSG_RESULT([$GLIBC_LFS_SUPPORT]) + ;; + +esac + +AC_INLINE +AC_HEADER_STDC +AC_HEADER_DIRENT +AC_HEADER_TIME +AC_HEADER_SYS_WAIT +AC_CHECK_HEADERS(arpa/inet.h sys/fcntl.h sys/select.h fcntl.h sys/time.h sys/unistd.h) +AC_CHECK_HEADERS(unistd.h utime.h grp.h sys/id.h limits.h memory.h net/if.h) +AC_CHECK_HEADERS(compat.h rpc/rpc.h rpcsvc/nis.h rpcsvc/yp_prot.h rpcsvc/ypclnt.h) +AC_CHECK_HEADERS(sys/param.h ctype.h sys/wait.h sys/resource.h sys/ioctl.h sys/ipc.h sys/mode.h) +AC_CHECK_HEADERS(sys/mman.h sys/filio.h sys/priv.h sys/shm.h string.h strings.h stdlib.h sys/socket.h) +AC_CHECK_HEADERS(sys/mount.h sys/vfs.h sys/fs/s5param.h sys/filsys.h termios.h termio.h) +AC_CHECK_HEADERS(sys/termio.h sys/statfs.h sys/dustat.h sys/statvfs.h stdarg.h sys/sockio.h) +AC_CHECK_HEADERS(security/pam_modules.h security/_pam_macros.h ldap.h lber.h) + +# +# HPUX has a bug in that including shadow.h causes a re-definition of MAXINT. +# This causes configure to fail to detect it. Check for shadow separately on HPUX. +# +case "$host_os" in + *hpux*) + AC_TRY_COMPILE([#include ],[struct spwd testme], + ac_cv_header_shadow_h=yes,ac_cv_header_shadow_h=no) + if test x"$ac_cv_header_shadow_h" = x"yes"; then + AC_DEFINE(HAVE_SHADOW_H) + fi + ;; +esac +AC_CHECK_HEADERS(shadow.h netinet/ip.h netinet/tcp.h netinet/in_systm.h netinet/in_ip.h) +AC_CHECK_HEADERS(nss.h nss_common.h ns_api.h sys/security.h security/pam_appl.h security/pam_modules.h) +AC_CHECK_HEADERS(stropts.h poll.h) +AC_CHECK_HEADERS(sys/capability.h syscall.h sys/syscall.h) +AC_CHECK_HEADERS(sys/acl.h sys/cdefs.h glob.h) + +# For experimental utmp support (lastlog on some BSD-like systems) +AC_CHECK_HEADERS(utmp.h utmpx.h lastlog.h) + +# For quotas on Veritas VxFS filesystems +AC_CHECK_HEADERS(sys/fs/vx_quota.h) + +# For quotas on Linux XFS filesystems +AC_CHECK_HEADERS(linux/xqm.h) + +AC_CHECK_SIZEOF(int,cross) +AC_CHECK_SIZEOF(long,cross) +AC_CHECK_SIZEOF(short,cross) + +AC_C_CONST +AC_C_INLINE +AC_C_BIGENDIAN +AC_C_CHAR_UNSIGNED + +AC_TYPE_SIGNAL +AC_TYPE_UID_T +AC_TYPE_MODE_T +AC_TYPE_OFF_T +AC_TYPE_SIZE_T +AC_TYPE_PID_T +AC_STRUCT_ST_RDEV +AC_DIRENT_D_OFF +AC_CHECK_TYPE(ino_t,unsigned) +AC_CHECK_TYPE(loff_t,off_t) +AC_CHECK_TYPE(offset_t,loff_t) +AC_CHECK_TYPE(ssize_t, int) +AC_CHECK_TYPE(wchar_t, unsigned short) + +############################################ +# for cups support we need libcups, and a handful of header files + +AC_CHECK_LIB(cups,httpConnect) + +# I wonder if there is a nicer way of doing this? + +if test x"$ac_cv_lib_cups_httpConnect" = x"yes"; then + AC_CHECK_HEADERS(cups/cups.h cups/language.h) + if test x"$ac_cv_header_cups_cups_h" = x"yes"; then + if test x"$ac_cv_header_cups_language_h" = x"yes"; then + AC_DEFINE(HAVE_CUPS) + fi + fi +fi + +############################################ +# we need libdl for PAM, the password database plugins and the new VFS code +AC_CHECK_LIB(dl, dlopen, [LIBS="$LIBS -ldl"; + AC_DEFINE(HAVE_LIBDL)]) + +############################################ +# check if the compiler can do immediate structures +AC_CACHE_CHECK([for immediate structures],samba_cv_immediate_structures, [ + AC_TRY_COMPILE([ +#include ], +[ + typedef struct {unsigned x;} FOOBAR; + #define X_FOOBAR(x) ((FOOBAR) { x }) + #define FOO_ONE X_FOOBAR(1) + FOOBAR f = FOO_ONE; + static struct { + FOOBAR y; + } f2[] = { + {FOO_ONE} + }; +], + samba_cv_immediate_structures=yes,samba_cv_immediate_structures=no)]) +if test x"$samba_cv_immediate_structures" = x"yes"; then + AC_DEFINE(HAVE_IMMEDIATE_STRUCTURES) +fi + +############################################ +# check for unix domain sockets +AC_CACHE_CHECK([for unix domain sockets],samba_cv_unixsocket, [ + AC_TRY_COMPILE([ +#include +#include +#include +#include +#include ], +[ + struct sockaddr_un sunaddr; + sunaddr.sun_family = AF_UNIX; +], + samba_cv_unixsocket=yes,samba_cv_unixsocket=no)]) +if test x"$samba_cv_unixsocket" = x"yes"; then + AC_DEFINE(HAVE_UNIXSOCKET) +fi + + +AC_CACHE_CHECK([for socklen_t type],samba_cv_socklen_t, [ + AC_TRY_COMPILE([ +#include +#if STDC_HEADERS +#include +#include +#endif +#include ],[socklen_t i = 0], + samba_cv_socklen_t=yes,samba_cv_socklen_t=no)]) +if test x"$samba_cv_socklen_t" = x"yes"; then + AC_DEFINE(HAVE_SOCKLEN_T_TYPE) +fi + +AC_CACHE_CHECK([for sig_atomic_t type],samba_cv_sig_atomic_t, [ + AC_TRY_COMPILE([ +#include +#if STDC_HEADERS +#include +#include +#endif +#include ],[sig_atomic_t i = 0], + samba_cv_sig_atomic_t=yes,samba_cv_sig_atomic_t=no)]) +if test x"$samba_cv_sig_atomic_t" = x"yes"; then + AC_DEFINE(HAVE_SIG_ATOMIC_T_TYPE) +fi + +# stupid headers have the functions but no declaration. grrrr. +AC_HAVE_DECL(errno, [#include ]) +AC_HAVE_DECL(setresuid, [#include ]) +AC_HAVE_DECL(setresgid, [#include ]) +AC_HAVE_DECL(asprintf, [#include ]) +AC_HAVE_DECL(vasprintf, [#include ]) +AC_HAVE_DECL(vsnprintf, [#include ]) +AC_HAVE_DECL(snprintf, [#include ]) + +# and glibc has setresuid under linux but the function does +# nothing until kernel 2.1.44! very dumb. +AC_CACHE_CHECK([for real setresuid],samba_cv_have_setresuid,[ + AC_TRY_RUN([#include +main() { setresuid(1,1,1); setresuid(2,2,2); exit(errno==EPERM?0:1);}], + samba_cv_have_setresuid=yes,samba_cv_have_setresuid=no,samba_cv_have_setresuid=cross)]) +if test x"$samba_cv_have_setresuid" = x"yes"; then + AC_DEFINE(HAVE_SETRESUID) +fi + +# Do the same check for setresguid... +# +AC_CACHE_CHECK([for real setresgid],samba_cv_have_setresgid,[ + AC_TRY_RUN([#include +#include +main() { errno = 0; setresgid(1,1,1); exit(errno != 0 ? (errno==EPERM ? 0 : 1) : 0);}], + samba_cv_have_setresgid=yes,samba_cv_have_setresgid=no,samba_cv_have_setresgid=cross)]) +if test x"$samba_cv_have_setresgid" = x"yes"; then + AC_DEFINE(HAVE_SETRESGID) +fi + +AC_FUNC_MEMCMP + +############################################### +# test for where we get crypt() from +AC_CHECK_FUNCS(crypt) +if test x"$ac_cv_func_crypt" = x"no"; then + AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt"; + AC_DEFINE(HAVE_CRYPT)]) +fi + + +############################################### +# Readline included by default unless explicitly asked not to +test "${with_readline+set}" != "set" && with_readline=yes + +# test for where we get readline() from +AC_MSG_CHECKING(whether to use readline) +AC_ARG_WITH(readline, +[ --with-readline[=DIR] Look for readline include/libs in DIR (default=auto) ], +[ case "$with_readline" in + yes) + AC_MSG_RESULT(yes) + + AC_CHECK_HEADERS(readline.h history.h readline/readline.h) + AC_CHECK_HEADERS(readline/history.h) + + AC_CHECK_HEADERS(readline.h readline/readline.h,[ + for termlib in ncurses curses termcap terminfo termlib; do + AC_CHECK_LIB(${termlib}, tgetent, [TERMLIBS="-l${termlib}"; break]) + done + AC_CHECK_LIB(readline, rl_callback_handler_install, + [TERMLIBS="-lreadline $TERMLIBS" + AC_DEFINE(HAVE_LIBREADLINE) + break], [TERMLIBS=], $TERMLIBS)]) + ;; + no) + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(yes) + + # Needed for AC_CHECK_HEADERS and AC_CHECK_LIB to look at + # alternate readline path + _ldflags=${LDFLAGS} + _cppflags=${CPPFLAGS} + + # Add additional search path + LDFLAGS="-L$with_readline/lib $LDFLAGS" + CPPFLAGS="-I$with_readline/include $CPPFLAGS" + + AC_CHECK_HEADERS(readline.h history.h readline/readline.h) + AC_CHECK_HEADERS(readline/history.h) + + AC_CHECK_HEADERS(readline.h readline/readline.h,[ + for termlib in ncurses curses termcap terminfo termlib; do + AC_CHECK_LIB(${termlib}, tgetent, [TERMLIBS="-l${termlib}"; break]) + done + AC_CHECK_LIB(readline, rl_callback_handler_install, + [TERMLDFLAGS="-L$with_readline/lib" + TERMCPPFLAGS="-I$with_readline/include" + CPPFLAGS="-I$with_readline/include $CPPFLAGS" + TERMLIBS="-lreadline $TERMLIBS" + AC_DEFINE(HAVE_LIBREADLINE) + break], [TERMLIBS= CPPFLAGS=$_cppflags], $TERMLIBS)]) + + LDFLAGS=$_ldflags + ;; + esac], + AC_MSG_RESULT(no) +) +AC_SUBST(TERMLIBS) +AC_SUBST(TERMLDFLAGS) + +# The readline API changed slightly from readline3 to readline4, so +# code will generate warnings on one of them unless we have a few +# special cases. +AC_CHECK_LIB(readline, rl_completion_matches, + [AC_DEFINE(HAVE_NEW_LIBREADLINE, 1, + [Do we have rl_completion_matches?])], + [], + [$TERMLIBS]) + +# The following test taken from the cvs sources +# If we can't find connect, try looking in -lsocket, -lnsl, and -linet. +# The Irix 5 libc.so has connect and gethostbyname, but Irix 5 also has +# libsocket.so which has a bad implementation of gethostbyname (it +# only looks in /etc/hosts), so we only look for -lsocket if we need +# it. +AC_CHECK_FUNCS(connect) +if test x"$ac_cv_func_connect" = x"no"; then + case "$LIBS" in + *-lnsl*) ;; + *) AC_CHECK_LIB(nsl_s, printf) ;; + esac + case "$LIBS" in + *-lnsl*) ;; + *) AC_CHECK_LIB(nsl, printf) ;; + esac + case "$LIBS" in + *-lsocket*) ;; + *) AC_CHECK_LIB(socket, connect) ;; + esac + case "$LIBS" in + *-linet*) ;; + *) AC_CHECK_LIB(inet, connect) ;; + esac + dnl We can't just call AC_CHECK_FUNCS(connect) here, because the value + dnl has been cached. + if test x"$ac_cv_lib_socket_connect" = x"yes" || + test x"$ac_cv_lib_inet_connect" = x"yes"; then + # ac_cv_func_connect=yes + # don't! it would cause AC_CHECK_FUNC to succeed next time configure is run + AC_DEFINE(HAVE_CONNECT) + fi +fi + +############################################### +# test for where we get get_yp_default_domain() from +AC_CHECK_FUNCS(yp_get_default_domain) +if test x"$ac_cv_func_yp_get_default_domain" = x"no"; then + AC_CHECK_LIB(nsl, yp_get_default_domain, [LIBS="$LIBS -lnsl"; + AC_DEFINE(HAVE_YP_GET_DEFAULT_DOMAIN)]) +fi + +# Check if we have execl, if not we need to compile smbrun. +AC_CHECK_FUNCS(execl) +if test x"$ac_cv_func_execl" = x"no"; then + RUNPROG="bin/smbrun" +else + RUNPROG="" +fi + +AC_CHECK_FUNCS(dlopen dlclose dlsym dlerror waitpid getcwd strdup strndup strtoul strerror chown fchown chmod fchmod chroot link mknod mknod64) +AC_CHECK_FUNCS(fstat strchr utime utimes getrlimit fsync bzero memset strlcpy strlcat setpgid) +AC_CHECK_FUNCS(memmove vsnprintf snprintf asprintf vasprintf setsid glob strpbrk pipe crypt16 getauthuid) +AC_CHECK_FUNCS(strftime sigprocmask sigblock sigaction sigset innetgr setnetgrent getnetgrent endnetgrent) +AC_CHECK_FUNCS(initgroups select poll rdchk getgrnam getgrent pathconf realpath) +AC_CHECK_FUNCS(setpriv setgidx setuidx setgroups sysconf mktime rename ftruncate stat64 fstat64) +AC_CHECK_FUNCS(lstat64 fopen64 atexit grantpt dup2 lseek64 ftruncate64 readdir64) +AC_CHECK_FUNCS(fseek64 fseeko64 ftell64 ftello64 setluid getpwanam setlinebuf) +AC_CHECK_FUNCS(srandom random srand rand setenv usleep strcasecmp fcvt fcvtl symlink readlink) +AC_CHECK_FUNCS(syslog vsyslog) +# setbuffer is needed for smbtorture +AC_CHECK_FUNCS(setbuffer) + +# syscall() is needed for smbwrapper. +AC_CHECK_FUNCS(syscall) + +AC_CHECK_FUNCS(_dup _dup2 _opendir _readdir _seekdir _telldir _closedir) +AC_CHECK_FUNCS(__dup __dup2 __opendir __readdir __seekdir __telldir __closedir) +AC_CHECK_FUNCS(__getcwd _getcwd) +AC_CHECK_FUNCS(__xstat __fxstat __lxstat) +AC_CHECK_FUNCS(_stat _lstat _fstat __stat __lstat __fstat) +AC_CHECK_FUNCS(_acl __acl _facl __facl _open __open _chdir __chdir) +AC_CHECK_FUNCS(_close __close _fchdir __fchdir _fcntl __fcntl) +AC_CHECK_FUNCS(getdents _getdents __getdents _lseek __lseek _read __read) +AC_CHECK_FUNCS(_write __write _fork __fork) +AC_CHECK_FUNCS(_stat64 __stat64 _fstat64 __fstat64 _lstat64 __lstat64) +AC_CHECK_FUNCS(__sys_llseek llseek _llseek __llseek readdir64 _readdir64 __readdir64) +AC_CHECK_FUNCS(pread _pread __pread pread64 _pread64 __pread64) +AC_CHECK_FUNCS(pwrite _pwrite __pwrite pwrite64 _pwrite64 __pwrite64) +AC_CHECK_FUNCS(open64 _open64 __open64 creat64) + +# +# stat64 family may need on some systems, notably ReliantUNIX +# + +if test x$ac_cv_func_stat64 = xno ; then + AC_MSG_CHECKING([for stat64 in ]) + AC_TRY_LINK([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +], [struct stat64 st64; exit(stat64(".",&st64));], [ac_cv_func_stat64=yes]) + AC_MSG_RESULT([$ac_cv_func_stat64]) + if test x$ac_cv_func_stat64 = xyes ; then + AC_DEFINE(HAVE_STAT64) + fi +fi + +if test x$ac_cv_func_lstat64 = xno ; then + AC_MSG_CHECKING([for lstat64 in ]) + AC_TRY_LINK([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +], [struct stat64 st64; exit(lstat64(".",&st64));], [ac_cv_func_lstat64=yes]) + AC_MSG_RESULT([$ac_cv_func_lstat64]) + if test x$ac_cv_func_lstat64 = xyes ; then + AC_DEFINE(HAVE_LSTAT64) + fi +fi + +if test x$ac_cv_func_fstat64 = xno ; then + AC_MSG_CHECKING([for fstat64 in ]) + AC_TRY_LINK([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +], [struct stat64 st64; exit(fstat64(0,&st64));], [ac_cv_func_fstat64=yes]) + AC_MSG_RESULT([$ac_cv_func_fstat64]) + if test x$ac_cv_func_fstat64 = xyes ; then + AC_DEFINE(HAVE_FSTAT64) + fi +fi + +##################################### +# we might need the resolv library on some systems +AC_CHECK_LIB(resolv, dn_expand) + +# +# Check for the functions putprpwnam, set_auth_parameters, +# getspnam, bigcrypt and getprpwnam in -lsec and -lsecurity +# Needed for OSF1 and HPUX. +# + +AC_LIBTESTFUNC(security, putprpwnam) +AC_LIBTESTFUNC(sec, putprpwnam) + +AC_LIBTESTFUNC(security, set_auth_parameters) +AC_LIBTESTFUNC(sec, set_auth_parameters) + +# UnixWare 7.x has its getspnam in -lgen +AC_LIBTESTFUNC(gen, getspnam) + +AC_LIBTESTFUNC(security, getspnam) +AC_LIBTESTFUNC(sec, getspnam) + +AC_LIBTESTFUNC(security, bigcrypt) +AC_LIBTESTFUNC(sec, bigcrypt) + +AC_LIBTESTFUNC(security, getprpwnam) +AC_LIBTESTFUNC(sec, getprpwnam) + +# this bit needs to be modified for each OS that is suported by +# smbwrapper. You need to specify how to created a shared library and +# how to compile C code to produce PIC object files + +# these are the defaults, good for lots of systems +HOST_OS="$host_os" +LDSHFLAGS="-shared" +SHLD="\${CC}" +PICFLAG="" +PICSUFFIX="po" +POBAD_CC="#" +SHLIBEXT="so" +# Assume non-shared by default and override below +BLDSHARED="false" +AC_MSG_CHECKING([ability to build shared libraries]) + +# and these are for particular systems +case "$host_os" in + *linux*) AC_DEFINE(LINUX) + BLDSHARED="true" + LDSHFLAGS="-shared" + DYNEXP="-Wl,--export-dynamic" + PICFLAG="-fPIC" + AC_DEFINE(STAT_ST_BLOCKSIZE,512) + ;; + *solaris*) + AC_DEFINE(SUNOS5) + BLDSHARED="true" + LDSHFLAGS="-h \$@ -G" + if test "${ac_cv_prog_CC}" = "gcc"; then + PICFLAG="-fPIC" + else + PICFLAG="-KPIC" + POBAD_CC="" + PICSUFFIX="po.o" + fi + AC_DEFINE(STAT_ST_BLOCKSIZE,512) + ;; + *sunos*) AC_DEFINE(SUNOS4) + BLDSHARED="true" + LDSHFLAGS="-Wl,-h,\$@ -G" + PICFLAG="-KPIC" # Is this correct for SunOS + ;; + *bsd*) BLDSHARED="true" + LDSHFLAGS="-Wl,-soname,\$@ -shared" + PICFLAG="-fPIC" + AC_DEFINE(STAT_ST_BLOCKSIZE,512) + ;; + *irix*) AC_DEFINE(IRIX) + case "$host_os" in + *irix6*) AC_DEFINE(IRIX6) + ;; + esac + ATTEMPT_WRAP32_BUILD=yes + BLDSHARED="true" + LDSHFLAGS="-soname \$@ -shared" + SHLD="\${LD}" + if test "${ac_cv_prog_CC}" = "gcc"; then + PICFLAG="-fPIC" + else + PICFLAG="-KPIC" + fi + AC_DEFINE(STAT_ST_BLOCKSIZE,512) + ;; + *aix*) AC_DEFINE(AIX) + BLDSHARED="true" + LDSHFLAGS="-Wl,-bexpall,-bM:SRE,-bnoentry" + PICFLAG="-O2 -qmaxmem=6000" + AC_DEFINE(STAT_ST_BLOCKSIZE,DEV_BSIZE) + ;; + *hpux*) AC_DEFINE(HPUX) + SHLIBEXT="sl" + # Use special PIC flags for the native HP-UX compiler. + if test $ac_cv_prog_cc_Ae = yes; then + SHLD="/usr/bin/ld" + BLDSHARED="true" + LDSHFLAGS="-B symbolic -b -z +h \$@" + PICFLAG="+z" + fi + DYNEXP="-Wl,-E" + AC_DEFINE(STAT_ST_BLOCKSIZE,8192) + ;; + *qnx*) AC_DEFINE(QNX);; + *osf*) AC_DEFINE(OSF1) + BLDSHARED="true" + LDSHFLAGS="-Wl,-soname,\$@ -shared" + PICFLAG="-fPIC" + ;; + *sco*) + AC_DEFINE(SCO) + ;; + *unixware*) AC_DEFINE(UNIXWARE) + BLDSHARED="true" + LDSHFLAGS="-Wl,-soname,\$@ -shared" + PICFLAG="-KPIC" + ;; + *next2*) AC_DEFINE(NEXT2);; + *dgux*) AC_CHECK_PROG( ROFF, groff, [groff -etpsR -Tascii -man]);; + *sysv4*) + case "$host" in + *-univel-*) + if [ test "$GCC" != yes ]; then + AC_DEFINE(HAVE_MEMSET) + fi + LDSHFLAGS="-G" + DYNEXP="-Bexport" + ;; + *mips-sni-sysv4*) + AC_DEFINE(RELIANTUNIX) + ;; + esac + ;; + + *sysv5*) + if [ test "$GCC" != yes ]; then + AC_DEFINE(HAVE_MEMSET) + fi + LDSHFLAGS="-G" + ;; +esac +AC_SUBST(DYNEXP) +AC_MSG_RESULT($BLDSHARED) +AC_MSG_CHECKING([linker flags for shared libraries]) +AC_MSG_RESULT([$LDSHFLAGS]) +AC_MSG_CHECKING([compiler flags for position-independent code]) +AC_MSG_RESULT([$PICFLAGS]) + +####################################################### +# test whether building a shared library actually works +if test $BLDSHARED = true; then +AC_CACHE_CHECK([whether building shared libraries actually works], + [ac_cv_shlib_works],[ + ac_cv_shlib_works=no + # try building a trivial shared library + $CC $CPPFLAGS $CFLAGS $PICFLAG -c -o shlib.po ${srcdir-.}/tests/shlib.c && + $CC $CPPFLAGS $CFLAGS $LDSHFLAGS -o shlib.so shlib.po && + ac_cv_shlib_works=yes + rm -f shlib.so shlib.po +]) +if test $ac_cv_shlib_works = no; then + BLDSHARED=false +fi +fi + + +# this updates our target list if we can build shared libs +if test $BLDSHARED = true; then + LIBSMBCLIENT_SHARED=bin/libsmbclient.$SHLIBEXT +else + LIBSMBCLIENT_SHARED= +fi + +################ + +AC_CACHE_CHECK([for long long],samba_cv_have_longlong,[ +AC_TRY_RUN([#include +main() { long long x = 1000000; x *= x; exit(((x/1000000) == 1000000)? 0: 1); }], +samba_cv_have_longlong=yes,samba_cv_have_longlong=no,samba_cv_have_longlong=cross)]) +if test x"$samba_cv_have_longlong" = x"yes"; then + AC_DEFINE(HAVE_LONGLONG) +fi + +# +# Check if the compiler supports the LL prefix on long long integers. +# AIX needs this. + +AC_CACHE_CHECK([for LL suffix on long long integers],samba_cv_compiler_supports_ll, [ + AC_TRY_COMPILE([#include ],[long long i = 0x8000000000LL], + samba_cv_compiler_supports_ll=yes,samba_cv_compiler_supports_ll=no)]) +if test x"$samba_cv_compiler_supports_ll" = x"yes"; then + AC_DEFINE(COMPILER_SUPPORTS_LL) +fi + + +AC_CACHE_CHECK([for 64 bit off_t],samba_cv_SIZEOF_OFF_T,[ +AC_TRY_RUN([#include +#include +main() { exit((sizeof(off_t) == 8) ? 0 : 1); }], +samba_cv_SIZEOF_OFF_T=yes,samba_cv_SIZEOF_OFF_T=no,samba_cv_SIZEOF_OFF_T=cross)]) +if test x"$samba_cv_SIZEOF_OFF_T" = x"yes"; then + AC_DEFINE(SIZEOF_OFF_T,8) +fi + +AC_CACHE_CHECK([for off64_t],samba_cv_HAVE_OFF64_T,[ +AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +#include +main() { struct stat64 st; off64_t s; if (sizeof(off_t) == sizeof(off64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], +samba_cv_HAVE_OFF64_T=yes,samba_cv_HAVE_OFF64_T=no,samba_cv_HAVE_OFF64_T=cross)]) +if test x"$samba_cv_HAVE_OFF64_T" = x"yes"; then + AC_DEFINE(HAVE_OFF64_T) +fi + +AC_CACHE_CHECK([for 64 bit ino_t],samba_cv_SIZEOF_INO_T,[ +AC_TRY_RUN([#include +#include +main() { exit((sizeof(ino_t) == 8) ? 0 : 1); }], +samba_cv_SIZEOF_INO_T=yes,samba_cv_SIZEOF_INO_T=no,samba_cv_SIZEOF_INO_T=cross)]) +if test x"$samba_cv_SIZEOF_INO_T" = x"yes"; then + AC_DEFINE(SIZEOF_INO_T,8) +fi + +AC_CACHE_CHECK([for ino64_t],samba_cv_HAVE_INO64_T,[ +AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +#include +main() { struct stat64 st; ino64_t s; if (sizeof(ino_t) == sizeof(ino64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], +samba_cv_HAVE_INO64_T=yes,samba_cv_HAVE_INO64_T=no,samba_cv_HAVE_INO64_T=cross)]) +if test x"$samba_cv_HAVE_INO64_T" = x"yes"; then + AC_DEFINE(HAVE_INO64_T) +fi + +AC_CACHE_CHECK([for dev64_t],samba_cv_HAVE_DEV64_T,[ +AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +#include +main() { struct stat64 st; dev64_t s; if (sizeof(dev_t) == sizeof(dev64_t)) exit(1); exit((lstat64("/dev/null", &st)==0)?0:1); }], +samba_cv_HAVE_DEV64_T=yes,samba_cv_HAVE_DEV64_T=no,samba_cv_HAVE_DEV64_T=cross)]) +if test x"$samba_cv_HAVE_DEV64_T" = x"yes"; then + AC_DEFINE(HAVE_DEV64_T) +fi + +AC_CACHE_CHECK([for struct dirent64],samba_cv_HAVE_STRUCT_DIRENT64,[ +AC_TRY_COMPILE([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +#include ], +[struct dirent64 de;], +samba_cv_HAVE_STRUCT_DIRENT64=yes,samba_cv_HAVE_STRUCT_DIRENT64=no)]) +if test x"$samba_cv_HAVE_STRUCT_DIRENT64" = x"yes"; then + AC_DEFINE(HAVE_STRUCT_DIRENT64) +fi + +AC_CACHE_CHECK([for major macro],samba_cv_HAVE_DEVICE_MAJOR_FN,[ +AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +main() { dev_t dev; int i = major(dev); return 0; }], +samba_cv_HAVE_DEVICE_MAJOR_FN=yes,samba_cv_HAVE_DEVICE_MAJOR_FN=no,samba_cv_HAVE_DEVICE_MAJOR_FN=cross)]) +if test x"$samba_cv_HAVE_DEVICE_MAJOR_FN" = x"yes"; then + AC_DEFINE(HAVE_DEVICE_MAJOR_FN) +fi + +AC_CACHE_CHECK([for minor macro],samba_cv_HAVE_DEVICE_MINOR_FN,[ +AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +main() { dev_t dev; int i = minor(dev); return 0; }], +samba_cv_HAVE_DEVICE_MINOR_FN=yes,samba_cv_HAVE_DEVICE_MINOR_FN=no,samba_cv_HAVE_DEVICE_MINOR_FN=cross)]) +if test x"$samba_cv_HAVE_DEVICE_MINOR_FN" = x"yes"; then + AC_DEFINE(HAVE_DEVICE_MINOR_FN) +fi + +AC_CACHE_CHECK([for unsigned char],samba_cv_HAVE_UNSIGNED_CHAR,[ +AC_TRY_RUN([#include +main() { char c; c=250; exit((c > 0)?0:1); }], +samba_cv_HAVE_UNSIGNED_CHAR=yes,samba_cv_HAVE_UNSIGNED_CHAR=no,samba_cv_HAVE_UNSIGNED_CHAR=cross)]) +if test x"$samba_cv_HAVE_UNSIGNED_CHAR" = x"yes"; then + AC_DEFINE(HAVE_UNSIGNED_CHAR) +fi + +AC_CACHE_CHECK([for sin_len in sock],samba_cv_HAVE_SOCK_SIN_LEN,[ +AC_TRY_COMPILE([#include +#include +#include ], +[struct sockaddr_in sock; sock.sin_len = sizeof(sock);], +samba_cv_HAVE_SOCK_SIN_LEN=yes,samba_cv_HAVE_SOCK_SIN_LEN=no)]) +if test x"$samba_cv_HAVE_SOCK_SIN_LEN" = x"yes"; then + AC_DEFINE(HAVE_SOCK_SIN_LEN) +fi + +AC_CACHE_CHECK([whether seekdir returns void],samba_cv_SEEKDIR_RETURNS_VOID,[ +AC_TRY_COMPILE([#include +#include +void seekdir(DIR *d, long loc) { return; }],[return 0;], +samba_cv_SEEKDIR_RETURNS_VOID=yes,samba_cv_SEEKDIR_RETURNS_VOID=no)]) +if test x"$samba_cv_SEEKDIR_RETURNS_VOID" = x"yes"; then + AC_DEFINE(SEEKDIR_RETURNS_VOID) +fi + +AC_CACHE_CHECK([for __FILE__ macro],samba_cv_HAVE_FILE_MACRO,[ +AC_TRY_COMPILE([#include ], [printf("%s\n", __FILE__);], +samba_cv_HAVE_FILE_MACRO=yes,samba_cv_HAVE_FILE_MACRO=no)]) +if test x"$samba_cv_HAVE_FILE_MACRO" = x"yes"; then + AC_DEFINE(HAVE_FILE_MACRO) +fi + +AC_CACHE_CHECK([for __FUNCTION__ macro],samba_cv_HAVE_FUNCTION_MACRO,[ +AC_TRY_COMPILE([#include ], [printf("%s\n", __FUNCTION__);], +samba_cv_HAVE_FUNCTION_MACRO=yes,samba_cv_HAVE_FUNCTION_MACRO=no)]) +if test x"$samba_cv_HAVE_FUNCTION_MACRO" = x"yes"; then + AC_DEFINE(HAVE_FUNCTION_MACRO) +fi + +AC_CACHE_CHECK([if gettimeofday takes tz argument],samba_cv_HAVE_GETTIMEOFDAY_TZ,[ +AC_TRY_RUN([ +#include +#include +main() { struct timeval tv; exit(gettimeofday(&tv, NULL));}], + samba_cv_HAVE_GETTIMEOFDAY_TZ=yes,samba_cv_HAVE_GETTIMEOFDAY_TZ=no,samba_cv_HAVE_GETTIMEOFDAY_TZ=cross)]) +if test x"$samba_cv_HAVE_GETTIMEOFDAY_TZ" = x"yes"; then + AC_DEFINE(HAVE_GETTIMEOFDAY_TZ) +fi + +AC_CACHE_CHECK([for C99 vsnprintf],samba_cv_HAVE_C99_VSNPRINTF,[ +AC_TRY_RUN([ +#include +#include +void foo(const char *format, ...) { + va_list ap; + int len; + char buf[5]; + + va_start(ap, format); + len = vsnprintf(buf, 0, format, ap); + va_end(ap); + if (len != 5) exit(1); + + va_start(ap, format); + len = vsnprintf(0, 0, format, ap); + va_end(ap); + if (len != 5) exit(1); + + if (snprintf(buf, 3, "hello") != 5 || strcmp(buf, "he") != 0) exit(1); + + exit(0); +} +main() { foo("hello"); } +], +samba_cv_HAVE_C99_VSNPRINTF=yes,samba_cv_HAVE_C99_VSNPRINTF=no,samba_cv_HAVE_C99_VSNPRINTF=cross)]) +if test x"$samba_cv_HAVE_C99_VSNPRINTF" = x"yes"; then + AC_DEFINE(HAVE_C99_VSNPRINTF) +fi + +AC_CACHE_CHECK([for broken readdir],samba_cv_HAVE_BROKEN_READDIR,[ +AC_TRY_RUN([#include +#include +main() { struct dirent *di; DIR *d = opendir("."); di = readdir(d); +if (di && di->d_name[-2] == '.' && di->d_name[-1] == 0 && +di->d_name[0] == 0) exit(0); exit(1);} ], +samba_cv_HAVE_BROKEN_READDIR=yes,samba_cv_HAVE_BROKEN_READDIR=no,samba_cv_HAVE_BROKEN_READDIR=cross)]) +if test x"$samba_cv_HAVE_BROKEN_READDIR" = x"yes"; then + AC_DEFINE(HAVE_BROKEN_READDIR) +fi + +AC_CACHE_CHECK([for utimbuf],samba_cv_HAVE_UTIMBUF,[ +AC_TRY_COMPILE([#include +#include ], +[struct utimbuf tbuf; tbuf.actime = 0; tbuf.modtime = 1; exit(utime("foo.c",&tbuf));], +samba_cv_HAVE_UTIMBUF=yes,samba_cv_HAVE_UTIMBUF=no,samba_cv_HAVE_UTIMBUF=cross)]) +if test x"$samba_cv_HAVE_UTIMBUF" = x"yes"; then + AC_DEFINE(HAVE_UTIMBUF) +fi + +dnl utmp and utmpx come in many flavours +dnl We need to check for many of them +dnl But we don't need to do each and every one, because our code uses +dnl mostly just the utmp (not utmpx) fields. + +AC_CHECK_FUNCS(pututline pututxline updwtmp updwtmpx getutmpx) + +AC_CACHE_CHECK([for ut_name in utmp],samba_cv_HAVE_UT_UT_NAME,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_name[0] = 'a';], +samba_cv_HAVE_UT_UT_NAME=yes,samba_cv_HAVE_UT_UT_NAME=no,samba_cv_HAVE_UT_UT_NAME=cross)]) +if test x"$samba_cv_HAVE_UT_UT_NAME" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_NAME) +fi + +AC_CACHE_CHECK([for ut_user in utmp],samba_cv_HAVE_UT_UT_USER,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_user[0] = 'a';], +samba_cv_HAVE_UT_UT_USER=yes,samba_cv_HAVE_UT_UT_USER=no,samba_cv_HAVE_UT_UT_USER=cross)]) +if test x"$samba_cv_HAVE_UT_UT_USER" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_USER) +fi + +AC_CACHE_CHECK([for ut_id in utmp],samba_cv_HAVE_UT_UT_ID,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_id[0] = 'a';], +samba_cv_HAVE_UT_UT_ID=yes,samba_cv_HAVE_UT_UT_ID=no,samba_cv_HAVE_UT_UT_ID=cross)]) +if test x"$samba_cv_HAVE_UT_UT_ID" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_ID) +fi + +AC_CACHE_CHECK([for ut_host in utmp],samba_cv_HAVE_UT_UT_HOST,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_host[0] = 'a';], +samba_cv_HAVE_UT_UT_HOST=yes,samba_cv_HAVE_UT_UT_HOST=no,samba_cv_HAVE_UT_UT_HOST=cross)]) +if test x"$samba_cv_HAVE_UT_UT_HOST" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_HOST) +fi + +AC_CACHE_CHECK([for ut_time in utmp],samba_cv_HAVE_UT_UT_TIME,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; time_t t; ut.ut_time = t;], +samba_cv_HAVE_UT_UT_TIME=yes,samba_cv_HAVE_UT_UT_TIME=no,samba_cv_HAVE_UT_UT_TIME=cross)]) +if test x"$samba_cv_HAVE_UT_UT_TIME" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_TIME) +fi + +AC_CACHE_CHECK([for ut_tv in utmp],samba_cv_HAVE_UT_UT_TV,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; struct timeval tv; ut.ut_tv = tv;], +samba_cv_HAVE_UT_UT_TV=yes,samba_cv_HAVE_UT_UT_TV=no,samba_cv_HAVE_UT_UT_TV=cross)]) +if test x"$samba_cv_HAVE_UT_UT_TV" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_TV) +fi + +AC_CACHE_CHECK([for ut_type in utmp],samba_cv_HAVE_UT_UT_TYPE,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_type = 0;], +samba_cv_HAVE_UT_UT_TYPE=yes,samba_cv_HAVE_UT_UT_TYPE=no,samba_cv_HAVE_UT_UT_TYPE=cross)]) +if test x"$samba_cv_HAVE_UT_UT_TYPE" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_TYPE) +fi + +AC_CACHE_CHECK([for ut_pid in utmp],samba_cv_HAVE_UT_UT_PID,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_pid = 0;], +samba_cv_HAVE_UT_UT_PID=yes,samba_cv_HAVE_UT_UT_PID=no,samba_cv_HAVE_UT_UT_PID=cross)]) +if test x"$samba_cv_HAVE_UT_UT_PID" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_PID) +fi + +AC_CACHE_CHECK([for ut_exit in utmp],samba_cv_HAVE_UT_UT_EXIT,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_exit.e_exit = 0;], +samba_cv_HAVE_UT_UT_EXIT=yes,samba_cv_HAVE_UT_UT_EXIT=no,samba_cv_HAVE_UT_UT_EXIT=cross)]) +if test x"$samba_cv_HAVE_UT_UT_EXIT" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_EXIT) +fi + +AC_CACHE_CHECK([for ut_addr in utmp],samba_cv_HAVE_UT_UT_ADDR,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmp ut; ut.ut_addr = 0;], +samba_cv_HAVE_UT_UT_ADDR=yes,samba_cv_HAVE_UT_UT_ADDR=no,samba_cv_HAVE_UT_UT_ADDR=cross)]) +if test x"$samba_cv_HAVE_UT_UT_ADDR" = x"yes"; then + AC_DEFINE(HAVE_UT_UT_ADDR) +fi + +if test x$ac_cv_func_pututline = xyes ; then + AC_CACHE_CHECK([whether pututline returns pointer],samba_cv_PUTUTLINE_RETURNS_UTMP,[ + AC_TRY_COMPILE([#include +#include ], + [struct utmp utarg; struct utmp *utreturn; utreturn = pututline(&utarg);], + samba_cv_PUTUTLINE_RETURNS_UTMP=yes,samba_cv_PUTUTLINE_RETURNS_UTMP=no)]) + if test x"$samba_cv_PUTUTLINE_RETURNS_UTMP" = x"yes"; then + AC_DEFINE(PUTUTLINE_RETURNS_UTMP) + fi +fi + +AC_CACHE_CHECK([for ut_syslen in utmpx],samba_cv_HAVE_UX_UT_SYSLEN,[ +AC_TRY_COMPILE([#include +#include ], +[struct utmpx ux; ux.ut_syslen = 0;], +samba_cv_HAVE_UX_UT_SYSLEN=yes,samba_cv_HAVE_UX_UT_SYSLEN=no,samba_cv_HAVE_UX_UT_SYSLEN=cross)]) +if test x"$samba_cv_HAVE_UX_UT_SYSLEN" = x"yes"; then + AC_DEFINE(HAVE_UX_UT_SYSLEN) +fi + + +################################################# +# check for libiconv support +AC_MSG_CHECKING(whether to use libiconv) +AC_ARG_WITH(libiconv, +[ --with-libiconv=BASEDIR Use libiconv in BASEDIR/lib and BASEDIR/include (default=auto) ], +[ case "$withval" in + no) + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(yes) + CFLAGS="$CFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + AC_CHECK_LIB(iconv, iconv_open) + AC_DEFINE_UNQUOTED(WITH_LIBICONV, "${withval}") + ;; + esac ], + AC_MSG_RESULT(no) +) + + +############ +# check for iconv in libc +AC_CACHE_CHECK([for working iconv],samba_cv_HAVE_NATIVE_ICONV,[ +AC_TRY_RUN([ +#include +main() { + iconv_t cd = iconv_open("ASCII", "UCS-2LE"); + if (cd == 0 || cd == (iconv_t)-1) return -1; + return 0; +} +], +samba_cv_HAVE_NATIVE_ICONV=yes,samba_cv_HAVE_NATIVE_ICONV=no,samba_cv_HAVE_NATIVE_ICONV=cross)]) +if test x"$samba_cv_HAVE_NATIVE_ICONV" = x"yes"; then + AC_DEFINE(HAVE_NATIVE_ICONV) +fi + + +AC_CACHE_CHECK([for Linux kernel oplocks],samba_cv_HAVE_KERNEL_OPLOCKS_LINUX,[ +AC_TRY_RUN([ +#include +#include +#ifndef F_GETLEASE +#define F_GETLEASE 1025 +#endif +main() { + int fd = open("/dev/null", O_RDONLY); + return fcntl(fd, F_GETLEASE, 0) == -1; +} +], +samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=no,samba_cv_HAVE_KERNEL_OPLOCKS_LINUX=cross)]) +if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_LINUX" = x"yes"; then + AC_DEFINE(HAVE_KERNEL_OPLOCKS_LINUX) +fi + +AC_CACHE_CHECK([for kernel change notify support],samba_cv_HAVE_KERNEL_CHANGE_NOTIFY,[ +AC_TRY_RUN([ +#include +#include +#include +#ifndef F_NOTIFY +#define F_NOTIFY 1026 +#endif +main() { + exit(fcntl(open("/tmp", O_RDONLY), F_NOTIFY, 0) == -1 ? 1 : 0); +} +], +samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=yes,samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=no,samba_cv_HAVE_KERNEL_CHANGE_NOTIFY=cross)]) +if test x"$samba_cv_HAVE_KERNEL_CHANGE_NOTIFY" = x"yes"; then + AC_DEFINE(HAVE_KERNEL_CHANGE_NOTIFY) +fi + +AC_CACHE_CHECK([for kernel share modes],samba_cv_HAVE_KERNEL_SHARE_MODES,[ +AC_TRY_RUN([ +#include +#include +#include +#include +#ifndef LOCK_MAND +#define LOCK_MAND 32 +#define LOCK_READ 64 +#endif +main() { + exit(flock(open("/dev/null", O_RDWR), LOCK_MAND|LOCK_READ) != 0); +} +], +samba_cv_HAVE_KERNEL_SHARE_MODES=yes,samba_cv_HAVE_KERNEL_SHARE_MODES=no,samba_cv_HAVE_KERNEL_SHARE_MODES=cross)]) +if test x"$samba_cv_HAVE_KERNEL_SHARE_MODES" = x"yes"; then + AC_DEFINE(HAVE_KERNEL_SHARE_MODES) +fi + + + + +AC_CACHE_CHECK([for IRIX kernel oplock type definitions],samba_cv_HAVE_KERNEL_OPLOCKS_IRIX,[ +AC_TRY_COMPILE([#include +#include ], +[oplock_stat_t t; t.os_state = OP_REVOKE; t.os_dev = 1; t.os_ino = 1;], +samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=yes,samba_cv_HAVE_KERNEL_OPLOCKS_IRIX=no)]) +if test x"$samba_cv_HAVE_KERNEL_OPLOCKS_IRIX" = x"yes"; then + AC_DEFINE(HAVE_KERNEL_OPLOCKS_IRIX) +fi + +AC_CACHE_CHECK([for irix specific capabilities],samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES,[ +AC_TRY_RUN([#include +#include +main() { + cap_t cap; + if ((cap = cap_get_proc()) == NULL) + exit(1); + cap->cap_effective |= CAP_NETWORK_MGT; + cap->cap_inheritable |= CAP_NETWORK_MGT; + cap_set_proc(cap); + exit(0); +} +], +samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=yes,samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=no,samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES=cross)]) +if test x"$samba_cv_HAVE_IRIX_SPECIFIC_CAPABILITIES" = x"yes"; then + AC_DEFINE(HAVE_IRIX_SPECIFIC_CAPABILITIES) +fi + +# +# Check for int16, uint16, int32 and uint32 in rpc/types.h included from rpc/rpc.h +# This is *really* broken but some systems (DEC OSF1) do this.... JRA. +# + +AC_CACHE_CHECK([for int16 typedef included by rpc/rpc.h],samba_cv_HAVE_INT16_FROM_RPC_RPC_H,[ +AC_TRY_COMPILE([#include +#if defined(HAVE_RPC_RPC_H) +#include +#endif], +[int16 testvar;], +samba_cv_HAVE_INT16_FROM_RPC_RPC_H=yes,samba_cv_HAVE_INT16_FROM_RPC_RPC_H=no)]) +if test x"$samba_cv_HAVE_INT16_FROM_RPC_RPC_H" = x"yes"; then + AC_DEFINE(HAVE_INT16_FROM_RPC_RPC_H) +fi + +AC_CACHE_CHECK([for uint16 typedef included by rpc/rpc.h],samba_cv_HAVE_UINT16_FROM_RPC_RPC_H,[ +AC_TRY_COMPILE([#include +#if defined(HAVE_RPC_RPC_H) +#include +#endif], +[uint16 testvar;], +samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=yes,samba_cv_HAVE_UINT16_FROM_RPC_RPC_H=no)]) +if test x"$samba_cv_HAVE_UINT16_FROM_RPC_RPC_H" = x"yes"; then + AC_DEFINE(HAVE_UINT16_FROM_RPC_RPC_H) +fi + +AC_CACHE_CHECK([for int32 typedef included by rpc/rpc.h],samba_cv_HAVE_INT32_FROM_RPC_RPC_H,[ +AC_TRY_COMPILE([#include +#if defined(HAVE_RPC_RPC_H) +#include +#endif], +[int32 testvar;], +samba_cv_HAVE_INT32_FROM_RPC_RPC_H=yes,samba_cv_HAVE_INT32_FROM_RPC_RPC_H=no)]) +if test x"$samba_cv_HAVE_INT32_FROM_RPC_RPC_H" = x"yes"; then + AC_DEFINE(HAVE_INT32_FROM_RPC_RPC_H) +fi + +AC_CACHE_CHECK([for uint32 typedef included by rpc/rpc.h],samba_cv_HAVE_UINT32_FROM_RPC_RPC_H,[ +AC_TRY_COMPILE([#include +#if defined(HAVE_RPC_RPC_H) +#include +#endif], +[uint32 testvar;], +samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=yes,samba_cv_HAVE_UINT32_FROM_RPC_RPC_H=no)]) +if test x"$samba_cv_HAVE_UINT32_FROM_RPC_RPC_H" = x"yes"; then + AC_DEFINE(HAVE_UINT32_FROM_RPC_RPC_H) +fi + +dnl +dnl Some systems (SCO) have a problem including +dnl and due to AUTH_ERROR being defined +dnl as a #define in and as part of an enum +dnl in . +dnl + +AC_CACHE_CHECK([for conflicting AUTH_ERROR define in rpc/rpc.h],samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT,[ +AC_TRY_COMPILE([#include +#ifdef HAVE_SYS_SECURITY_H +#include +#include +#endif /* HAVE_SYS_SECURITY_H */ +#if defined(HAVE_RPC_RPC_H) +#include +#endif], +[int testvar;], +samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=no,samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT=yes)]) +if test x"$samba_cv_HAVE_RPC_AUTH_ERROR_CONFLICT" = x"yes"; then + AC_DEFINE(HAVE_RPC_AUTH_ERROR_CONFLICT) +fi + +AC_MSG_CHECKING([for test routines]) +AC_TRY_RUN([#include "${srcdir-.}/tests/trivial.c"], + AC_MSG_RESULT(yes), + AC_MSG_ERROR([cant find test code. Aborting config]), + AC_MSG_WARN([cannot run when cross-compiling])) + +AC_CACHE_CHECK([for ftruncate extend],samba_cv_HAVE_FTRUNCATE_EXTEND,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/ftruncate.c"], + samba_cv_HAVE_FTRUNCATE_EXTEND=yes,samba_cv_HAVE_FTRUNCATE_EXTEND=no,samba_cv_HAVE_FTRUNCATE_EXTEND=cross)]) +if test x"$samba_cv_HAVE_FTRUNCATE_EXTEND" = x"yes"; then + AC_DEFINE(HAVE_FTRUNCATE_EXTEND) +fi + +AC_CACHE_CHECK([for AF_LOCAL socket support], samba_cv_HAVE_WORKING_AF_LOCAL, [ +AC_TRY_RUN([#include "${srcdir-.}/tests/unixsock.c"], + samba_cv_HAVE_WORKING_AF_LOCAL=yes, + samba_cv_HAVE_WORKING_AF_LOCAL=no, + samba_cv_HAVE_WORKING_AF_LOCAL=cross)]) +if test x"$samba_cv_HAVE_WORKING_AF_LOCAL" != xno +then + AC_DEFINE(HAVE_WORKING_AF_LOCAL, 1, [Define if you have working AF_LOCAL sockets]) +fi + +AC_CACHE_CHECK([for broken getgroups],samba_cv_HAVE_BROKEN_GETGROUPS,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/getgroups.c"], + samba_cv_HAVE_BROKEN_GETGROUPS=yes,samba_cv_HAVE_BROKEN_GETGROUPS=no,samba_cv_HAVE_BROKEN_GETGROUPS=cross)]) +if test x"$samba_cv_HAVE_BROKEN_GETGROUPS" = x"yes"; then + AC_DEFINE(HAVE_BROKEN_GETGROUPS) +fi + +AC_CACHE_CHECK([whether getpass should be replaced],samba_cv_REPLACE_GETPASS,[ +SAVE_CPPFLAGS="$CPPFLAGS" +CPPFLAGS="$CPPFLAGS -I${srcdir-.}/ -I${srcdir-.}/include -I${srcdir-.}/ubiqx -I${srcdir-.}/smbwrapper" +AC_TRY_COMPILE([ +#define REPLACE_GETPASS 1 +#define NO_CONFIG_H 1 +#define main dont_declare_main +#include "${srcdir-.}/lib/getsmbpass.c" +#undef main +],[],samba_cv_REPLACE_GETPASS=yes,samba_cv_REPLACE_GETPASS=no) +CPPFLAGS="$SAVE_CPPFLAGS" +]) +if test x"$samba_cv_REPLACE_GETPASS" = x"yes"; then + AC_DEFINE(REPLACE_GETPASS) +fi + +AC_CACHE_CHECK([for broken inet_ntoa],samba_cv_REPLACE_INET_NTOA,[ +AC_TRY_RUN([ +#include +#include +#include +#ifdef HAVE_ARPA_INET_H +#include +#endif +main() { struct in_addr ip; ip.s_addr = 0x12345678; +if (strcmp(inet_ntoa(ip),"18.52.86.120") && + strcmp(inet_ntoa(ip),"120.86.52.18")) { exit(0); } +exit(1);}], + samba_cv_REPLACE_INET_NTOA=yes,samba_cv_REPLACE_INET_NTOA=no,samba_cv_REPLACE_INET_NTOA=cross)]) +if test x"$samba_cv_REPLACE_INET_NTOA" = x"yes"; then + AC_DEFINE(REPLACE_INET_NTOA) +fi + +AC_CACHE_CHECK([for secure mkstemp],samba_cv_HAVE_SECURE_MKSTEMP,[ +AC_TRY_RUN([#include +#include +#include +#include +main() { + struct stat st; + char tpl[20]="/tmp/test.XXXXXX"; + int fd = mkstemp(tpl); + if (fd == -1) exit(1); + unlink(tpl); + if (fstat(fd, &st) != 0) exit(1); + if ((st.st_mode & 0777) != 0600) exit(1); + exit(0); +}], +samba_cv_HAVE_SECURE_MKSTEMP=yes, +samba_cv_HAVE_SECURE_MKSTEMP=no, +samba_cv_HAVE_SECURE_MKSTEMP=cross)]) +if test x"$samba_cv_HAVE_SECURE_MKSTEMP" = x"yes"; then + AC_DEFINE(HAVE_SECURE_MKSTEMP) +fi + +AC_CACHE_CHECK([for sysconf(_SC_NGROUPS_MAX)],samba_cv_SYSCONF_SC_NGROUPS_MAX,[ +AC_TRY_RUN([#include +main() { exit(sysconf(_SC_NGROUPS_MAX) == -1 ? 1 : 0); }], +samba_cv_SYSCONF_SC_NGROUPS_MAX=yes,samba_cv_SYSCONF_SC_NGROUPS_MAX=no,samba_cv_SYSCONF_SC_NGROUPS_MAX=cross)]) +if test x"$samba_cv_SYSCONF_SC_NGROUPS_MAX" = x"yes"; then + AC_DEFINE(SYSCONF_SC_NGROUPS_MAX) +fi + +AC_CACHE_CHECK([for root],samba_cv_HAVE_ROOT,[ +AC_TRY_RUN([main() { exit(getuid() != 0); }], + samba_cv_HAVE_ROOT=yes,samba_cv_HAVE_ROOT=no,samba_cv_HAVE_ROOT=cross)]) +if test x"$samba_cv_HAVE_ROOT" = x"yes"; then + AC_DEFINE(HAVE_ROOT) +else + AC_MSG_WARN(running as non-root will disable some tests) +fi + +################## +# look for a method of finding the list of network interfaces +iface=no; +AC_CACHE_CHECK([for iface AIX],samba_cv_HAVE_IFACE_AIX,[ +AC_TRY_RUN([ +#define HAVE_IFACE_AIX 1 +#define AUTOCONF_TEST 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/interfaces.c"], + samba_cv_HAVE_IFACE_AIX=yes,samba_cv_HAVE_IFACE_AIX=no,samba_cv_HAVE_IFACE_AIX=cross)]) +if test x"$samba_cv_HAVE_IFACE_AIX" = x"yes"; then + iface=yes;AC_DEFINE(HAVE_IFACE_AIX) +fi + +if test $iface = no; then +AC_CACHE_CHECK([for iface ifconf],samba_cv_HAVE_IFACE_IFCONF,[ +AC_TRY_RUN([ +#define HAVE_IFACE_IFCONF 1 +#define AUTOCONF_TEST 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/interfaces.c"], + samba_cv_HAVE_IFACE_IFCONF=yes,samba_cv_HAVE_IFACE_IFCONF=no,samba_cv_HAVE_IFACE_IFCONF=cross)]) +if test x"$samba_cv_HAVE_IFACE_IFCONF" = x"yes"; then + iface=yes;AC_DEFINE(HAVE_IFACE_IFCONF) +fi +fi + +if test $iface = no; then +AC_CACHE_CHECK([for iface ifreq],samba_cv_HAVE_IFACE_IFREQ,[ +AC_TRY_RUN([ +#define HAVE_IFACE_IFREQ 1 +#define AUTOCONF_TEST 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/interfaces.c"], + samba_cv_HAVE_IFACE_IFREQ=yes,samba_cv_HAVE_IFACE_IFREQ=no,samba_cv_HAVE_IFACE_IFREQ=cross)]) +if test x"$samba_cv_HAVE_IFACE_IFREQ" = x"yes"; then + iface=yes;AC_DEFINE(HAVE_IFACE_IFREQ) +fi +fi + + +################################################ +# look for a method of setting the effective uid +seteuid=no; +if test $seteuid = no; then +AC_CACHE_CHECK([for setresuid],samba_cv_USE_SETRESUID,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETRESUID 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETRESUID=yes,samba_cv_USE_SETRESUID=no,samba_cv_USE_SETRESUID=cross)]) +if test x"$samba_cv_USE_SETRESUID" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETRESUID) +fi +fi + + +if test $seteuid = no; then +AC_CACHE_CHECK([for setreuid],samba_cv_USE_SETREUID,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETREUID 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETREUID=yes,samba_cv_USE_SETREUID=no,samba_cv_USE_SETREUID=cross)]) +if test x"$samba_cv_USE_SETREUID" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETREUID) +fi +fi + +if test $seteuid = no; then +AC_CACHE_CHECK([for seteuid],samba_cv_USE_SETEUID,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETEUID 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETEUID=yes,samba_cv_USE_SETEUID=no,samba_cv_USE_SETEUID=cross)]) +if test x"$samba_cv_USE_SETEUID" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETEUID) +fi +fi + +if test $seteuid = no; then +AC_CACHE_CHECK([for setuidx],samba_cv_USE_SETUIDX,[ +AC_TRY_RUN([ +#define AUTOCONF_TEST 1 +#define USE_SETUIDX 1 +#include "confdefs.h" +#include "${srcdir-.}/lib/util_sec.c"], + samba_cv_USE_SETUIDX=yes,samba_cv_USE_SETUIDX=no,samba_cv_USE_SETUIDX=cross)]) +if test x"$samba_cv_USE_SETUIDX" = x"yes"; then + seteuid=yes;AC_DEFINE(USE_SETUIDX) +fi +fi + + +AC_CACHE_CHECK([for working mmap],samba_cv_HAVE_MMAP,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/shared_mmap.c"], + samba_cv_HAVE_MMAP=yes,samba_cv_HAVE_MMAP=no,samba_cv_HAVE_MMAP=cross)]) +if test x"$samba_cv_HAVE_MMAP" = x"yes"; then + AC_DEFINE(HAVE_MMAP) +fi + +AC_CACHE_CHECK([for ftruncate needs root],samba_cv_FTRUNCATE_NEEDS_ROOT,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/ftruncroot.c"], + samba_cv_FTRUNCATE_NEEDS_ROOT=yes,samba_cv_FTRUNCATE_NEEDS_ROOT=no,samba_cv_FTRUNCATE_NEEDS_ROOT=cross)]) +if test x"$samba_cv_FTRUNCATE_NEEDS_ROOT" = x"yes"; then + AC_DEFINE(FTRUNCATE_NEEDS_ROOT) +fi + +AC_CACHE_CHECK([for fcntl locking],samba_cv_HAVE_FCNTL_LOCK,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/fcntl_lock.c"], + samba_cv_HAVE_FCNTL_LOCK=yes,samba_cv_HAVE_FCNTL_LOCK=no,samba_cv_HAVE_FCNTL_LOCK=cross)]) +if test x"$samba_cv_HAVE_FCNTL_LOCK" = x"yes"; then + AC_DEFINE(HAVE_FCNTL_LOCK) +fi + +AC_CACHE_CHECK([for broken (glibc2.1/x86) 64 bit fcntl locking],samba_cv_HAVE_BROKEN_FCNTL64_LOCKS,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/fcntl_lock64.c"], + samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=yes,samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=no,samba_cv_HAVE_BROKEN_FCNTL64_LOCKS=cross)]) +if test x"$samba_cv_HAVE_BROKEN_FCNTL64_LOCKS" = x"yes"; then + AC_DEFINE(HAVE_BROKEN_FCNTL64_LOCKS) + +else + +dnl +dnl Don't check for 64 bit fcntl locking if we know that the +dnl glibc2.1 broken check has succeeded. +dnl + + AC_CACHE_CHECK([for 64 bit fcntl locking],samba_cv_HAVE_STRUCT_FLOCK64,[ + AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +#include + +#ifdef HAVE_FCNTL_H +#include +#endif + +#ifdef HAVE_SYS_FCNTL_H +#include +#endif +main() { struct flock64 fl64; +#if defined(F_SETLKW64) && defined(F_SETLK64) && defined(F_GETLK64) +exit(0); +#else +exit(1); +#endif +}], + samba_cv_HAVE_STRUCT_FLOCK64=yes,samba_cv_HAVE_STRUCT_FLOCK64=no,samba_cv_HAVE_STRUCT_FLOCK64=cross)]) + + if test x"$samba_cv_HAVE_STRUCT_FLOCK64" = x"yes"; then + AC_DEFINE(HAVE_STRUCT_FLOCK64) + fi +fi + +AC_CACHE_CHECK([for st_blocks in struct stat],samba_cv_HAVE_STAT_ST_BLOCKS,[ +AC_TRY_COMPILE([#include +#include +#include ], +[struct stat st; st.st_blocks = 0;], +samba_cv_HAVE_STAT_ST_BLOCKS=yes,samba_cv_HAVE_STAT_ST_BLOCKS=no,samba_cv_HAVE_STAT_ST_BLOCKS=cross)]) +if test x"$samba_cv_HAVE_STAT_ST_BLOCKS" = x"yes"; then + AC_DEFINE(HAVE_STAT_ST_BLOCKS) +fi + +case "$host_os" in +*linux*) +AC_CACHE_CHECK([for broken RedHat 7.2 system header files],samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS,[ +AC_TRY_COMPILE([ +#ifdef HAVE_SYS_VFS_H +#include +#endif +#ifdef HAVE_SYS_CAPABILITY_H +#include +#endif +],[int i;], + samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=no,samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS=yes)]) +if test x"$samba_cv_BROKEN_REDHAT_7_SYSTEM_HEADERS" = x"yes"; then + AC_DEFINE(BROKEN_REDHAT_7_SYSTEM_HEADERS) +fi +;; +esac + +AC_CACHE_CHECK([for broken nisplus include files],samba_cv_BROKEN_NISPLUS_INCLUDE_FILES,[ +AC_TRY_COMPILE([#include +#if defined(HAVE_RPCSVC_NIS_H) +#include +#endif], +[int i;], +samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=no,samba_cv_BROKEN_NISPLUS_INCLUDE_FILES=yes)]) +if test x"$samba_cv_BROKEN_NISPLUS_INCLUDE_FILES" = x"yes"; then + AC_DEFINE(BROKEN_NISPLUS_INCLUDE_FILES) +fi + + +################################################# +# check for smbwrapper support +AC_MSG_CHECKING(whether to use smbwrapper) +AC_ARG_WITH(smbwrapper, +[ --with-smbwrapper Include SMB wrapper support (default=no) ], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_SMBWRAPPER) + WRAP="bin/smbsh bin/smbwrapper.$SHLIBEXT" + + if test x$ATTEMPT_WRAP32_BUILD = x; then + WRAP32="" + else + WRAP32=bin/smbwrapper.32.$SHLIBEXT + fi + +# Conditions under which smbwrapper should not be built. + + if test x$PICFLAG = x; then + echo No support for PIC code - disabling smbwrapper and smbsh + WRAP="" + WRAP32="" + elif test x$ac_cv_func_syscall = xno; then + AC_MSG_RESULT([No syscall() -- disabling smbwrapper and smbsh]) + WRAP="" + WRAP32="" + fi + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for AFS clear-text auth support +AC_MSG_CHECKING(whether to use AFS clear-text auth) +AC_ARG_WITH(afs, +[ --with-afs Include AFS clear-text auth support (default=no) ], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_AFS) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + + +################################################# +# check for the DFS clear-text auth system +AC_MSG_CHECKING(whether to use DFS clear-text auth) +AC_ARG_WITH(dfs, +[ --with-dce-dfs Include DCE/DFS clear-text auth support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_DFS) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + + +################################################# +# see if this box has the RedHat location for kerberos +AC_MSG_CHECKING(for /usr/kerberos) +if test -d /usr/kerberos; then + LDFLAGS="$LDFLAGS -L/usr/kerberos/lib" + CFLAGS="$CFLAGS -I/usr/kerberos/include" + CPPFLAGS="$CPPFLAGS -I/usr/kerberos/include" + AC_MSG_RESULT(yes) +else + AC_MSG_RESULT(no) +fi + +################################################# +# check for location of Kerberos 5 install +AC_MSG_CHECKING(for kerberos 5 install path) +AC_ARG_WITH(krb5, +[ --with-krb5=base-dir Locate Kerberos 5 support (default=/usr)], +[ case "$withval" in + no) + AC_MSG_RESULT(no) + ;; + *) + AC_MSG_RESULT(yes) + LIBS="$LIBS -lkrb5" + CFLAGS="$CFLAGS -I$withval/include" + CPPFLAGS="$CPPFLAGS -I$withval/include" + LDFLAGS="$LDFLAGS -L$withval/lib" + ;; + esac ], + AC_MSG_RESULT(no) +) + +# now check for krb5.h. Some systems have the libraries without the headers! +# note that this check is done here to allow for different kerberos +# include paths +AC_CHECK_HEADERS(krb5.h) + +# now check for gssapi headers. This is also done here to allow for +# different kerberos include paths +AC_CHECK_HEADERS(gssapi/gssapi_generic.h gssapi/gssapi.h) + +################################################################## +# we might need the k5crypto and com_err libraries on some systems +AC_CHECK_LIB(com_err, _et_list, [LIBS="$LIBS -lcom_err"]) +AC_CHECK_LIB(k5crypto, krb5_encrypt_data, [LIBS="$LIBS -lk5crypto"]) + +######################################################## +# now see if we can find the krb5 libs in standard paths +# or as specified above +AC_CHECK_LIB(krb5, krb5_mk_req_extended, [LIBS="$LIBS -lkrb5"; + AC_DEFINE(HAVE_KRB5)]) + +######################################################## +# now see if we can find the gssapi libs in standard paths +AC_CHECK_LIB(gssapi_krb5, gss_display_status, [LIBS="$LIBS -lgssapi_krb5"; + AC_DEFINE(HAVE_GSSAPI)]) + +################################################################## +# we might need the lber lib on some systems. To avoid link errors +# this test must be before the libldap test +AC_CHECK_LIB(lber, ber_scanf, [LIBS="$LIBS -llber"]) + +######################################################## +# now see if we can find the ldap libs in standard paths +if test x$have_ldap != xyes; then +AC_CHECK_LIB(ldap, ldap_domain2hostlist, [LIBS="$LIBS -lldap"; + AC_DEFINE(HAVE_LDAP)]) +fi + +################################################# +# check for automount support +AC_MSG_CHECKING(whether to use AUTOMOUNT) +AC_ARG_WITH(automount, +[ --with-automount Include AUTOMOUNT support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_AUTOMOUNT) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for smbmount support +AC_MSG_CHECKING(whether to use SMBMOUNT) +AC_ARG_WITH(smbmount, +[ --with-smbmount Include SMBMOUNT (Linux only) support (default=no)], +[ case "$withval" in + yes) + case "$host_os" in + *linux*) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_SMBMOUNT) + MPROGS="bin/smbmount bin/smbmnt bin/smbumount" + ;; + *) + AC_MSG_ERROR(not on a linux system!) + ;; + esac + ;; + *) + AC_MSG_RESULT(no) + MPROGS= + ;; + esac ], + AC_MSG_RESULT(no) + MPROGS= +) + + +################################################# +# check for a PAM clear-text auth, accounts, password and session support +with_pam_for_crypt=no +AC_MSG_CHECKING(whether to use PAM) +AC_ARG_WITH(pam, +[ --with-pam Include PAM support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_PAM) + LIBS="$LIBS -lpam" + with_pam_for_crypt=yes + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +# we can't build a pam module if we don't have pam. +AC_CHECK_LIB(pam, pam_get_data, [AC_DEFINE(HAVE_LIBPAM)]) + +################################################# +# check for pam_smbpass support +AC_MSG_CHECKING(whether to use pam_smbpass) +AC_ARG_WITH(pam_smbpass, +[ --with-pam_smbpass Build a PAM module to allow other applications to use our smbpasswd file (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + +# Conditions under which pam_smbpass should not be built. + + if test x$PICFLAG = x; then + AC_MSG_RESULT([No support for PIC code - disabling pam_smbpass]) + PAM_MOD="" + elif test x$ac_cv_lib_pam_pam_get_data = xno; then + AC_MSG_RESULT([No libpam found -- disabling pam_smbpass]) + PAM_MOD="" + else + PAM_MOD="bin/pam_smbpass.so" + fi + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + + +############################################### +# test for where we get crypt() from, but only +# if not using PAM +if test $with_pam_for_crypt = no; then +AC_CHECK_FUNCS(crypt) +if test x"$ac_cv_func_crypt" = x"no"; then + AC_CHECK_LIB(crypt, crypt, [LIBS="$LIBS -lcrypt"; + AC_DEFINE(HAVE_CRYPT)]) +fi +fi + +## +## moved after the check for -lcrypt in order to +## ensure that the necessary libraries are included +## check checking for truncated salt. Wrapped by the +## $with_pam_for_crypt variable as above --jerry +## +if test $with_pam_for_crypt = no; then +AC_CACHE_CHECK([for a crypt that needs truncated salt],samba_cv_HAVE_TRUNCATED_SALT,[ +AC_TRY_RUN([#include "${srcdir-.}/tests/crypttest.c"], + samba_cv_HAVE_TRUNCATED_SALT=no,samba_cv_HAVE_TRUNCATED_SALT=yes,samba_cv_HAVE_TRUNCATED_SALT=cross)]) +if test x"$samba_cv_HAVE_TRUNCATED_SALT" = x"yes"; then + AC_DEFINE(HAVE_TRUNCATED_SALT) +fi +fi + + + +######################################################################################## +## +## TESTS FOR SAM BACKENDS. KEEP THESE GROUPED TOGETHER +## +######################################################################################## + +################################################# +# check for a TDB password database +AC_MSG_CHECKING(whether to use TDB SAM database) +AC_ARG_WITH(tdbsam, +[ --with-tdbsam Include experimental TDB SAM support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_TDB_SAM) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for a LDAP password database +AC_MSG_CHECKING(whether to use LDAP SAM database) +AC_ARG_WITH(ldapsam, +[ --with-ldapsam Include experimental LDAP SAM support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_LDAP_SAM) + LIBS="-lldap -llber $LIBS" + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for a NISPLUS password database +AC_MSG_CHECKING(whether to use NISPLUS SAM database) +AC_ARG_WITH(nisplussam, +[ --with-nisplussam Include NISPLUS SAM support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_NISPLUS_SAM) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +######################################################################################## +## +## END OF TESTS FOR SAM BACKENDS. +## +######################################################################################## + +################################################# +# check for a NISPLUS_HOME support +AC_MSG_CHECKING(whether to use NISPLUS_HOME) +AC_ARG_WITH(nisplus-home, +[ --with-nisplus-home Include NISPLUS_HOME support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_NISPLUS_HOME) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for the secure socket layer +AC_MSG_CHECKING(whether to use SSL) +AC_ARG_WITH(ssl, +[ --with-ssl Include SSL support (default=no) + --with-sslinc=DIR Where the SSL includes are (defaults to /usr/local/ssl/include) + --with-ssllib=DIR Where the SSL libraries are (defaults to /usr/local/ssl/lib)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_SSL) + withval="/usr/local/ssl" # default + + if test "${with_sslinc+set}" = set; then + + withval="$with_sslinc" + case "$withval" in + yes|no) + echo "configure: warning: --with-sslinc called without argument - will use default" 1>&w + CFLAGS="-I/usr/local/ssl/include $CFLAGS" + ;; + * ) + CFLAGS="-I${withval} $CFLAGS" + ;; + esac + + else + + CFLAGS="-I/usr/local/ssl/include $CFLAGS" + + fi + + if test "${with_ssllib+set}" = set; then + + withval="$with_ssllib" + case "$withval" in + yes|no) + echo "configure: warning: --with-ssllib called without argument - will use default" 1>&w + LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" + ;; + * ) + LDFLAGS="-L${withval}/lib $LDFLAGS" + ;; + esac + + else + + LDFLAGS="-L/usr/local/ssl/lib $LDFLAGS" + + fi + + LIBS="-lssl -lcrypto $LIBS" + +# if test ! -d ${withval}; then +# echo "configure: error: called with --with-ssl, but ssl base directory ${withval} does not exist or is not a directory. Aborting config" 1>&2 +# exit 1 +# fi + + CFLAGS="-DHAVE_CRYPT_DECL $CFLAGS" # Damn, SSLeay defines its own + + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for syslog logging +AC_MSG_CHECKING(whether to use syslog logging) +AC_ARG_WITH(syslog, +[ --with-syslog Include experimental SYSLOG support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_SYSLOG) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# check for a shared memory profiling support +AC_MSG_CHECKING(whether to use profiling) +AC_ARG_WITH(profiling-data, +[ --with-profiling-data Include gathering source code profile information (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_PROFILE) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + + +################################################# +# check for experimental disk-quotas support +QUOTAOBJS=smbd/noquotas.o + +AC_MSG_CHECKING(whether to support disk-quotas) +AC_ARG_WITH(quotas, +[ --with-quotas Include experimental disk-quota support (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + case "$host_os" in + *linux*) + # Check for kernel 2.4.x quota braindamage... + AC_CACHE_CHECK([for linux 2.4.x quota braindamage..],samba_cv_linux_2_4_quota_braindamage, [ + AC_TRY_COMPILE([#include +#include +#include +#include +#include +#include ],[struct mem_dqblk D;], + samba_cv_linux_2_4_quota_braindamage=yes,samba_cv_linux_2_4_quota_braindamage=no)]) +if test x"$samba_cv_linux_2_4_quota_braindamage" = x"yes"; then + AC_DEFINE(LINUX_QUOTAS_2) +else + AC_DEFINE(LINUX_QUOTAS_1) +fi + ;; + *) + ;; + esac + QUOTAOBJS=smbd/quotas.o + AC_DEFINE(WITH_QUOTAS) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) +AC_SUBST(QUOTAOBJS) + +################################################# +# check for experimental utmp accounting + +AC_MSG_CHECKING(whether to support utmp accounting) +AC_ARG_WITH(utmp, +[ --with-utmp Include experimental utmp accounting (default=no)], +[ case "$withval" in + yes) + AC_MSG_RESULT(yes) + AC_DEFINE(WITH_UTMP) + ;; + *) + AC_MSG_RESULT(no) + ;; + esac ], + AC_MSG_RESULT(no) +) + +################################################# +# set private directory location +AC_ARG_WITH(privatedir, +[ --with-privatedir=DIR Where to put smbpasswd ($ac_default_prefix/private)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-privatedir called without argument - will use default]) + privatedir='${prefix}/private' + ;; + * ) + privatedir="$withval" + ;; + esac + AC_SUBST(privatedir)], + [privatedir='${prefix}/private' + AC_SUBST(privatedir)] +) + +################################################# +# set lock directory location +AC_ARG_WITH(lockdir, +[ --with-lockdir=DIR Where to put lock files ($ac_default_prefix/var/locks)], +[ case "$withval" in + yes|no) + # + # Just in case anybody calls it without argument + # + AC_MSG_WARN([--with-lockdir called without argument - will use default]) + lockdir='$(VARDIR)/locks' + ;; + * ) + lockdir="$withval" + ;; + esac + AC_SUBST(lockdir)], + [lockdir='$(VARDIR)/locks' + AC_SUBST(lockdir)] +) + +################################################# +# set SWAT directory location +AC_ARG_WITH(swatdir, +[ --with-swatdir=DIR Where to put SWAT files ($ac_default_prefix/swat)], +[ case "$withval" in + yes|no) + # + # Just in case anybody does it + # + AC_MSG_WARN([--with-swatdir called without argument - will use default]) + swatdir='${prefix}/swat' + ;; + * ) + swatdir="$withval" + ;; + esac + AC_SUBST(swatdir)], + [swatdir='${prefix}/swat' + AC_SUBST(swatdir)] +) + +################################################# +# choose native language(s) of man pages +AC_MSG_CHECKING(chosen man pages' language(s)) +AC_ARG_WITH(manpages-langs, +[ --with-manpages-langs={en,ja,pl} Choose man pages' language(s). (en)], +[ case "$withval" in + yes|no) + AC_MSG_WARN(--with-manpages-langs called without argument - will use default) + manlangs="en" + ;; + *) + manlangs="$withval" + ;; + esac + + AC_MSG_RESULT($manlangs) + manlangs=`echo $manlangs | sed "s/,/ /"` # replacing commas with spaces to produce a list + AC_SUBST(manlangs)], + + [manlangs="en" + AC_MSG_RESULT($manlangs) + AC_SUBST(manlangs)] +) + +################################################# +# these tests are taken from the GNU fileutils package +AC_CHECKING(how to get filesystem space usage) +space=no + +# Test for statvfs64. +if test $space = no; then + # SVR4 + AC_CACHE_CHECK([statvfs64 function (SVR4)], fu_cv_sys_stat_statvfs64, + [AC_TRY_RUN([ +#if defined(HAVE_UNISTD_H) +#include +#endif +#include +#include + main () + { + struct statvfs64 fsd; + exit (statvfs64 (".", &fsd)); + }], + fu_cv_sys_stat_statvfs64=yes, + fu_cv_sys_stat_statvfs64=no, + fu_cv_sys_stat_statvfs64=cross)]) + if test $fu_cv_sys_stat_statvfs64 = yes; then + space=yes + AC_DEFINE(STAT_STATVFS64) + fi +fi + +# Perform only the link test since it seems there are no variants of the +# statvfs function. This check is more than just AC_CHECK_FUNCS(statvfs) +# because that got a false positive on SCO OSR5. Adding the declaration +# of a `struct statvfs' causes this test to fail (as it should) on such +# systems. That system is reported to work fine with STAT_STATFS4 which +# is what it gets when this test fails. +if test $space = no; then + # SVR4 + AC_CACHE_CHECK([statvfs function (SVR4)], fu_cv_sys_stat_statvfs, + [AC_TRY_LINK([#include +#include ], + [struct statvfs fsd; statvfs (0, &fsd);], + fu_cv_sys_stat_statvfs=yes, + fu_cv_sys_stat_statvfs=no)]) + if test $fu_cv_sys_stat_statvfs = yes; then + space=yes + AC_DEFINE(STAT_STATVFS) + fi +fi + +if test $space = no; then + # DEC Alpha running OSF/1 + AC_MSG_CHECKING([for 3-argument statfs function (DEC OSF/1)]) + AC_CACHE_VAL(fu_cv_sys_stat_statfs3_osf1, + [AC_TRY_RUN([ +#include +#include +#include + main () + { + struct statfs fsd; + fsd.f_fsize = 0; + exit (statfs (".", &fsd, sizeof (struct statfs))); + }], + fu_cv_sys_stat_statfs3_osf1=yes, + fu_cv_sys_stat_statfs3_osf1=no, + fu_cv_sys_stat_statfs3_osf1=no)]) + AC_MSG_RESULT($fu_cv_sys_stat_statfs3_osf1) + if test $fu_cv_sys_stat_statfs3_osf1 = yes; then + space=yes + AC_DEFINE(STAT_STATFS3_OSF1) + fi +fi + +if test $space = no; then +# AIX + AC_MSG_CHECKING([for two-argument statfs with statfs.bsize dnl +member (AIX, 4.3BSD)]) + AC_CACHE_VAL(fu_cv_sys_stat_statfs2_bsize, + [AC_TRY_RUN([ +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_VFS_H +#include +#endif + main () + { + struct statfs fsd; + fsd.f_bsize = 0; + exit (statfs (".", &fsd)); + }], + fu_cv_sys_stat_statfs2_bsize=yes, + fu_cv_sys_stat_statfs2_bsize=no, + fu_cv_sys_stat_statfs2_bsize=no)]) + AC_MSG_RESULT($fu_cv_sys_stat_statfs2_bsize) + if test $fu_cv_sys_stat_statfs2_bsize = yes; then + space=yes + AC_DEFINE(STAT_STATFS2_BSIZE) + fi +fi + +if test $space = no; then +# SVR3 + AC_MSG_CHECKING([for four-argument statfs (AIX-3.2.5, SVR3)]) + AC_CACHE_VAL(fu_cv_sys_stat_statfs4, + [AC_TRY_RUN([#include +#include + main () + { + struct statfs fsd; + exit (statfs (".", &fsd, sizeof fsd, 0)); + }], + fu_cv_sys_stat_statfs4=yes, + fu_cv_sys_stat_statfs4=no, + fu_cv_sys_stat_statfs4=no)]) + AC_MSG_RESULT($fu_cv_sys_stat_statfs4) + if test $fu_cv_sys_stat_statfs4 = yes; then + space=yes + AC_DEFINE(STAT_STATFS4) + fi +fi + +if test $space = no; then +# 4.4BSD and NetBSD + AC_MSG_CHECKING([for two-argument statfs with statfs.fsize dnl +member (4.4BSD and NetBSD)]) + AC_CACHE_VAL(fu_cv_sys_stat_statfs2_fsize, + [AC_TRY_RUN([#include +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif + main () + { + struct statfs fsd; + fsd.f_fsize = 0; + exit (statfs (".", &fsd)); + }], + fu_cv_sys_stat_statfs2_fsize=yes, + fu_cv_sys_stat_statfs2_fsize=no, + fu_cv_sys_stat_statfs2_fsize=no)]) + AC_MSG_RESULT($fu_cv_sys_stat_statfs2_fsize) + if test $fu_cv_sys_stat_statfs2_fsize = yes; then + space=yes + AC_DEFINE(STAT_STATFS2_FSIZE) + fi +fi + +if test $space = no; then + # Ultrix + AC_MSG_CHECKING([for two-argument statfs with struct fs_data (Ultrix)]) + AC_CACHE_VAL(fu_cv_sys_stat_fs_data, + [AC_TRY_RUN([#include +#ifdef HAVE_SYS_PARAM_H +#include +#endif +#ifdef HAVE_SYS_MOUNT_H +#include +#endif +#ifdef HAVE_SYS_FS_TYPES_H +#include +#endif + main () + { + struct fs_data fsd; + /* Ultrix's statfs returns 1 for success, + 0 for not mounted, -1 for failure. */ + exit (statfs (".", &fsd) != 1); + }], + fu_cv_sys_stat_fs_data=yes, + fu_cv_sys_stat_fs_data=no, + fu_cv_sys_stat_fs_data=no)]) + AC_MSG_RESULT($fu_cv_sys_stat_fs_data) + if test $fu_cv_sys_stat_fs_data = yes; then + space=yes + AC_DEFINE(STAT_STATFS2_FS_DATA) + fi +fi + +# +# As a gating factor for large file support, in order to +# use <4GB files we must have the following minimal support +# available. +# long long, and a 64 bit off_t or off64_t. +# If we don't have all of these then disable large +# file support. +# +AC_MSG_CHECKING([if large file support can be enabled]) +AC_TRY_COMPILE([ +#if defined(HAVE_LONGLONG) && (defined(HAVE_OFF64_T) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8))) +#include +#else +__COMPILE_ERROR_ +#endif +], +[int i], +samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=yes,samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT=no) +if test x"$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT" = x"yes"; then + AC_DEFINE(HAVE_EXPLICIT_LARGEFILE_SUPPORT) +fi +AC_MSG_RESULT([$samba_cv_HAVE_EXPLICIT_LARGEFILE_SUPPORT]) + +AC_ARG_WITH(spinlocks, +[ --with-spinlocks Use spin locks instead of fcntl locks (default=no) ]) +if test "x$with_spinlocks" = "xyes"; then + AC_DEFINE(USE_SPINLOCKS) + + case "$host_cpu" in + sparc) + AC_DEFINE(SPARC_SPINLOCKS) + ;; + + i386|i486|i586|i686) + AC_DEFINE(INTEL_SPINLOCKS) + ;; + + mips) + AC_DEFINE(MIPS_SPINLOCKS) + ;; + + powerpc) + AC_DEFINE(POWERPC_SPINLOCKS) + ;; + esac +fi + +################################################# +# check for ACL support + +AC_MSG_CHECKING(whether to support ACLs) +AC_ARG_WITH(acl-support, +[ --with-acl-support Include ACL support (default=no)], +[ case "$withval" in + yes) + + case "$host_os" in + *sysv5*) + AC_MSG_RESULT(Using UnixWare ACLs) + AC_DEFINE(HAVE_UNIXWARE_ACLS) + ;; + *solaris*) + AC_MSG_RESULT(Using solaris ACLs) + AC_DEFINE(HAVE_SOLARIS_ACLS) + ;; + *hpux*) + AC_MSG_RESULT(Using HPUX ACLs) + AC_DEFINE(HAVE_HPUX_ACLS) + ;; + *irix*) + AC_MSG_RESULT(Using IRIX ACLs) + AC_DEFINE(HAVE_IRIX_ACLS) + ;; + *aix*) + AC_MSG_RESULT(Using AIX ACLs) + AC_DEFINE(HAVE_AIX_ACLS) + ;; + *osf*) + AC_MSG_RESULT(Using Tru64 ACLs) + AC_DEFINE(HAVE_TRU64_ACLS) + LIBS="$LIBS -lpacl" + ;; + *) + AC_CHECK_LIB(acl,acl_get_file) + AC_CACHE_CHECK([for ACL support],samba_cv_HAVE_POSIX_ACLS,[ + AC_TRY_LINK([#include +#include ], +[ acl_t acl; int entry_id; acl_entry_t *entry_p; return acl_get_entry( acl, entry_id, entry_p);], +samba_cv_HAVE_POSIX_ACLS=yes,samba_cv_HAVE_POSIX_ACLS=no)]) + if test x"$samba_cv_HAVE_POSIX_ACLS" = x"yes"; then + AC_MSG_RESULT(Using posix ACLs) + AC_DEFINE(HAVE_POSIX_ACLS) + AC_CACHE_CHECK([for acl_get_perm_np],samba_cv_HAVE_ACL_GET_PERM_NP,[ + AC_TRY_LINK([#include +#include ], +[ acl_permset_t permset_d; acl_perm_t perm; return acl_get_perm_np( permset_d, perm);], +samba_cv_HAVE_ACL_GET_PERM_NP=yes,samba_cv_HAVE_ACL_GET_PERM_NP=no)]) + if test x"$samba_cv_HAVE_ACL_GET_PERM_NP" = x"yes"; then + AC_DEFINE(HAVE_ACL_GET_PERM_NP) + fi + fi + ;; + esac + ;; + *) + AC_MSG_RESULT(no) + AC_DEFINE(HAVE_NO_ACLS) + ;; + esac ], + AC_DEFINE(HAVE_NO_ACLS) + AC_MSG_RESULT(no) +) + +################################################# +# Check whether winbind is supported on this platform. If so we need to +# build and install client programs (WINBIND_TARGETS), sbin programs +# (WINBIND_STARGETS) and shared libraries (WINBIND_LTARGETS). + +AC_MSG_CHECKING(whether to build winbind) + +# Initially, the value of $host_os decides whether winbind is supported + +case "$host_os" in + *linux*|*irix*) + HAVE_WINBIND=yes + ;; + *solaris*) + HAVE_WINBIND=yes + WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o" + WINBIND_NSS_EXTRA_LIBS="-lsocket" + ;; + *hpux11*) + HAVE_WINBIND=yes + WINBIND_NSS_EXTRA_OBJS="nsswitch/winbind_nss_solaris.o" + ;; + *) + HAVE_WINBIND=no + winbind_no_reason=", unsupported on $host_os" + ;; +esac + +# Check the setting of --with-winbindd + +AC_ARG_WITH(winbind, +[ --with-winbind Build winbind (default, if supported by OS)], +[ + case "$withval" in + yes) + HAVE_WINBIND=yes + ;; + no) + HAVE_WINBIND=no + winbind_reason="" + ;; + esac ], +) + +# We need unix domain sockets for winbind + +if test x"$HAVE_WINBIND" = x"yes"; then + if test x"$samba_cv_unixsocket" = x"no"; then + winbind_no_reason=", no unix domain socket support on $host_os" + HAVE_WINBIND=no + fi +fi + +# Display test results + +WINBIND_TARGETS="" +WINBIND_STARGETS="" +WINBIND_LTARGETS="" +WINBIND_PAM_PROGS="" + +if test x"$HAVE_WINBIND" = x"yes"; then + AC_MSG_RESULT(yes) + + WINBIND_TARGETS="bin/wbinfo" + WINBIND_STARGETS="bin/winbindd" + if test x"$BLDSHARED" = x"true"; then + WINBIND_LTARGETS="nsswitch/libnss_winbind.so" + if test x"$with_pam" = x"yes"; then + WINBIND_PAM_TARGETS="nsswitch/pam_winbind.so" + fi + fi +else + AC_MSG_RESULT(no$winbind_no_reason) +fi + +# Substitution time! + +AC_SUBST(WINBIND_TARGETS) +AC_SUBST(WINBIND_STARGETS) +AC_SUBST(WINBIND_LTARGETS) +AC_SUBST(WINBIND_PAM_TARGETS) +AC_SUBST(WINBIND_NSS_EXTRA_OBJS) +AC_SUBST(WINBIND_NSS_EXTRA_LIBS) + +################################################# +# Check to see if we should use the included popt + +AC_ARG_WITH(included-popt, +[ --with-included-popt use bundled popt library, not from system], +[ + case "$withval" in + yes) + INCLUDED_POPT=yes + ;; + no) + INCLUDED_POPT=no + ;; + esac ], +) +if test x"$INCLUDED_POPT" != x"yes"; then + AC_CHECK_LIB(popt, poptGetContext, + INCLUDED_POPT=no, INCLUDED_POPT=yes) +fi + +AC_MSG_CHECKING(whether to use included popt) +if test x"$INCLUDED_POPT" = x"yes"; then + AC_MSG_RESULT($srcdir/popt) + BUILD_POPT='$(POPT_OBJS)' + FLAGS1="-I$srcdir/popt" +else + AC_MSG_RESULT(no) + LIBS="$LIBS -lpopt" +fi +AC_SUBST(BUILD_POPT) +AC_SUBST(FLAGS1) + +################################################# +# do extra things if we are running insure + +if test "${ac_cv_prog_CC}" = "insure"; then + CPPFLAGS="$CPPFLAGS -D__INSURE__" +fi + +################################################# +# final configure stuff + +AC_MSG_CHECKING([configure summary]) +AC_TRY_RUN([#include "${srcdir-.}/tests/summary.c"], + AC_MSG_RESULT(yes), + AC_MSG_ERROR([summary failure. Aborting config]); exit 1;, + AC_MSG_WARN([cannot run when cross-compiling])) + +builddir=`pwd` +AC_SUBST(builddir) + +AC_OUTPUT(include/stamp-h Makefile) + +################################################# +# Print very concise instructions on building/use +if test "x$enable_dmalloc" = xyes +then + AC_MSG_RESULT([Note: The dmalloc debug library will be included. To turn it on use]) + AC_MSG_RESULT([ \$ eval \`dmalloc samba\`.]) +fi diff --git a/source3/configure.nodebug.developer b/source3/configure.nodebug.developer new file mode 100755 index 00000000000..65e21b4bdf4 --- /dev/null +++ b/source3/configure.nodebug.developer @@ -0,0 +1,3 @@ +#!/bin/sh +CFLAGS="-Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -DDEBUG_PASSWORD"; export CFLAGS +./configure $* diff --git a/source3/dynconfig.c b/source3/dynconfig.c new file mode 100644 index 00000000000..76b5bce5c98 --- /dev/null +++ b/source3/dynconfig.c @@ -0,0 +1,73 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) 2001 by Martin Pool + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/** + * @file dynconfig.c + * + * @brief Global configurations, initialized to configured defaults. + * + * This file should be the only file that depends on path + * configuration (--prefix, etc), so that if ./configure is re-run, + * all programs will be appropriately updated. Everything else in + * Samba should import extern variables from here, rather than relying + * on preprocessor macros. + * + * Eventually some of these may become even more variable, so that + * they can for example consistently be set across the whole of Samba + * by command-line parameters, config file entries, or environment + * variables. + * + * @todo Perhaps eventually these should be merged into the parameter + * table? There's kind of a chicken-and-egg situation there... + **/ + +char const *dyn_SBINDIR = SBINDIR, + *dyn_BINDIR = BINDIR, + *dyn_SWATDIR = SWATDIR; + +pstring dyn_CONFIGFILE = CONFIGFILE; /**< Location of smb.conf file. **/ + +/** Log file directory. **/ +pstring dyn_LOGFILEBASE = LOGFILEBASE; + +/** Statically configured LanMan hosts. **/ +pstring dyn_LMHOSTSFILE = LMHOSTSFILE; + +/** + * @brief Samba library directory. + * + * @sa lib_path() to get the path to a file inside the LIBDIR. + **/ +pstring dyn_LIBDIR = LIBDIR; + +/** + * @brief Directory holding lock files. + * + * Not writable, but used to set a default in the parameter table. + **/ +const pstring dyn_LOCKDIR = LOCKDIR; + +const pstring dyn_DRIVERFILE = DRIVERFILE; + +const pstring dyn_SMB_PASSWD_FILE = SMB_PASSWD_FILE; +const pstring dyn_PRIVATE_DIR = PRIVATE_DIR; + + diff --git a/source3/groupdb/aliasdb.c b/source3/groupdb/aliasdb.c new file mode 100644 index 00000000000..718bf1d7ce1 --- /dev/null +++ b/source3/groupdb/aliasdb.c @@ -0,0 +1,385 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Jeremy Allison 1996-1998 + Copyright (C) Luke Kenneth Caseson Leighton 1996-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mases Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +extern fstring global_sam_name; + +/* + * NOTE. All these functions are abstracted into a structure + * that points to the correct function for the selected database. JRA. + */ + +static struct aliasdb_ops *aldb_ops; + +/*************************************************************** + Initialise the alias db operations. +***************************************************************/ + +BOOL initialise_alias_db(void) +{ + if (aldb_ops) + { + return True; + } + +#ifdef WITH_NISPLUS + aldb_ops = nisplus_initialise_alias_db(); +#elif defined(WITH_LDAP) + aldb_ops = ldap_initialise_alias_db(); +#else + aldb_ops = file_initialise_alias_db(); +#endif + + return (aldb_ops != NULL); +} + +/* + * Functions that return/manipulate a LOCAL_GRP. + */ + +/************************************************************************ + Utility function to search alias database by gid: the LOCAL_GRP + structure does not have a gid member, so we have to convert here + from gid to alias rid. +*************************************************************************/ +LOCAL_GRP *iterate_getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + return iterate_getaliasrid(pwdb_gid_to_alias_rid(gid), mem, num_mem); +} + +/************************************************************************ + Utility function to search alias database by rid. use this if your database + does not have search facilities. +*************************************************************************/ +LOCAL_GRP *iterate_getaliasrid(uint32 rid, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + LOCAL_GRP *als = NULL; + void *fp = NULL; + + DEBUG(10, ("search by rid: 0x%x\n", rid)); + + /* Open the alias database file - not for update. */ + fp = startaliasent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open alias database.\n")); + return NULL; + } + + while ((als = getaliasent(fp, mem, num_mem)) != NULL && als->rid != rid) + { + } + + if (als != NULL) + { + DEBUG(10, ("found alias %s by rid: 0x%x\n", als->name, rid)); + } + + endaliasent(fp); + return als; +} + +/************************************************************************ + Utility function to search alias database by name. use this if your database + does not have search facilities. +*************************************************************************/ +LOCAL_GRP *iterate_getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + LOCAL_GRP *als = NULL; + void *fp = NULL; + + DEBUG(10, ("search by name: %s\n", name)); + + /* Open the alias database file - not for update. */ + fp = startaliasent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open alias database.\n")); + return NULL; + } + + while ((als = getaliasent(fp, mem, num_mem)) != NULL && !strequal(als->name, name)) + { + } + + if (als != NULL) + { + DEBUG(10, ("found by name: %s\n", name)); + } + + endaliasent(fp); + return als; +} + +/************************************************************************* + Routine to return the next entry in the smbdomainalias list. + *************************************************************************/ +BOOL add_domain_alias(LOCAL_GRP **alss, int *num_alss, LOCAL_GRP *als) +{ + LOCAL_GRP *talss; + + if (alss == NULL || num_alss == NULL || als == NULL) + return False; + + talss = Realloc((*alss), ((*num_alss)+1) * sizeof(LOCAL_GRP)); + if (talss == NULL) { + SAFE_FREE(*alss); + return False; + } else + (*alss) = talss; + + DEBUG(10,("adding alias %s(%s)\n", als->name, als->comment)); + + fstrcpy((*alss)[(*num_alss)].name , als->name); + fstrcpy((*alss)[(*num_alss)].comment, als->comment); + (*alss)[(*num_alss)].rid = als->rid; + + (*num_alss)++; + + return True; +} + +/************************************************************************* + checks to see if a user is a member of a domain alias + *************************************************************************/ +static BOOL user_is_member(char *user_name, LOCAL_GRP_MEMBER *mem, int num_mem) +{ + int i; + pstring name; + slprintf(name, sizeof(name)-1, "\\%s\\%s", global_sam_name, user_name); + + for (i = 0; i < num_mem; i++) + { + DEBUG(10,("searching against user %s...\n", mem[i].name)); + if (strequal(mem[i].name, name)) + { + DEBUG(10,("searching for user %s: found\n", name)); + return True; + } + } + DEBUG(10,("searching for user %s: not found\n", name)); + return False; +} + +/************************************************************************* + gets an array of aliases that a user is in. use this if your database + does not have search facilities + *************************************************************************/ +BOOL iterate_getuseraliasnam(char *user_name, LOCAL_GRP **alss, int *num_alss) +{ + LOCAL_GRP *als; + LOCAL_GRP_MEMBER *mem = NULL; + int num_mem = 0; + void *fp = NULL; + + DEBUG(10, ("search for useralias by name: %s\n", user_name)); + + if (user_name == NULL || als == NULL || num_alss == NULL) + { + return False; + } + + (*alss) = NULL; + (*num_alss) = 0; + + /* Open the alias database file - not for update. */ + fp = startaliasent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open alias database.\n")); + return False; + } + + /* iterate through all aliases. search members for required user */ + while ((als = getaliasent(fp, &mem, &num_mem)) != NULL) + { + DEBUG(5,("alias name %s members: %d\n", als->name, num_mem)); + if (num_mem != 0 && mem != NULL) + { + BOOL ret = True; + if (user_is_member(user_name, mem, num_mem)) + { + ret = add_domain_alias(alss, num_alss, als); + } + + SAFE_FREE(mem); + num_mem = 0; + + if (!ret) + { + (*num_alss) = 0; + break; + } + } + } + + if ((*num_alss) != 0) + { + DEBUG(10, ("found %d user aliases:\n", (*num_alss))); + } + + endaliasent(fp); + return True; +} + +/************************************************************************* + gets an array of aliases that a user is in. use this if your database + does not have search facilities + *************************************************************************/ +BOOL enumdomaliases(LOCAL_GRP **alss, int *num_alss) +{ + LOCAL_GRP *als; + void *fp = NULL; + + DEBUG(10, ("enum user aliases\n")); + + if (als == NULL || num_alss == NULL) + { + return False; + } + + (*alss) = NULL; + (*num_alss) = 0; + + /* Open the alias database file - not for update. */ + fp = startaliasent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open alias database.\n")); + return False; + } + + /* iterate through all aliases. */ + while ((als = getaliasent(fp, NULL, NULL)) != NULL) + { + if (!add_domain_alias(alss, num_alss, als)) + { + DEBUG(0,("unable to add alias while enumerating\n")); + return False; + } + } + + if ((*num_alss) != 0) + { + DEBUG(10, ("found %d user aliases:\n", (*num_alss))); + } + + endaliasent(fp); + return True; +} + +/*************************************************************** + Start to enumerate the alias database list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +void *startaliasent(BOOL update) +{ + return aldb_ops->startaliasent(update); +} + +/*************************************************************** + End enumeration of the alias database list. +****************************************************************/ + +void endaliasent(void *vp) +{ + aldb_ops->endaliasent(vp); +} + +/************************************************************************* + Routine to return the next entry in the alias database list. + *************************************************************************/ + +LOCAL_GRP *getaliasent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + return aldb_ops->getaliasent(vp, mem, num_mem); +} + +/************************************************************************ + Routine to add an entry to the alias database file. +*************************************************************************/ + +BOOL add_alias_entry(LOCAL_GRP *newals) +{ + return aldb_ops->add_alias_entry(newals); +} + +/************************************************************************ + Routine to search the alias database file for an entry matching the aliasname. + and then replace the entry. +************************************************************************/ + +BOOL mod_alias_entry(LOCAL_GRP* als) +{ + return aldb_ops->mod_alias_entry(als); +} + +/************************************************************************ + Routine to search alias database by name. +*************************************************************************/ + +LOCAL_GRP *getaliasnam(char *name, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + return aldb_ops->getaliasnam(name, mem, num_mem); +} + +/************************************************************************ + Routine to search alias database by alias rid. +*************************************************************************/ + +LOCAL_GRP *getaliasrid(uint32 alias_rid, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + return aldb_ops->getaliasrid(alias_rid, mem, num_mem); +} + +/************************************************************************ + Routine to search alias database by gid. +*************************************************************************/ + +LOCAL_GRP *getaliasgid(gid_t gid, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + return aldb_ops->getaliasgid(gid, mem, num_mem); +} + +/************************************************************************* + gets an array of aliases that a user is in. + *************************************************************************/ +BOOL getuseraliasnam(char *user_name, LOCAL_GRP **als, int *num_alss) +{ + return aldb_ops->getuseraliasnam(user_name, als, num_alss); +} + +/************************************************************* + initialises a LOCAL_GRP. + **************************************************************/ + +void aldb_init_als(LOCAL_GRP *als) +{ + if (als == NULL) return; + ZERO_STRUCTP(als); +} + diff --git a/source3/groupdb/aliasfile.c b/source3/groupdb/aliasfile.c new file mode 100644 index 00000000000..77189fd8227 --- /dev/null +++ b/source3/groupdb/aliasfile.c @@ -0,0 +1,290 @@ +/* + * Unix SMB/CIFS implementation. + * SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef USE_SMBPASS_DB + +static int al_file_lock_depth = 0; + +static char s_readbuf[1024]; + +/*************************************************************** + Start to enumerate the aliasdb list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +static void *startalsfilepwent(BOOL update) +{ + return startfilepwent(lp_smb_alias_file(), + s_readbuf, sizeof(s_readbuf), + &al_file_lock_depth, update); +} + +/*************************************************************** + End enumeration of the aliasdb list. +****************************************************************/ + +static void endalsfilepwent(void *vp) +{ + endfilepwent(vp, &al_file_lock_depth); +} + +/************************************************************************* + Return the current position in the aliasdb list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static SMB_BIG_UINT getalsfilepwpos(void *vp) +{ + return getfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the aliasdb list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static BOOL setalsfilepwpos(void *vp, SMB_BIG_UINT tok) +{ + return setfilepwpos(vp, tok); +} + +static BOOL make_alias_line(char *p, int max_len, + LOCAL_GRP *als, + LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + int i; + int len; + len = slprintf(p, max_len-1, "%s:%s:%d:", als->name, als->comment, als->rid); + + if (len == -1) + { + DEBUG(0,("make_alias_line: cannot create entry\n")); + return False; + } + + p += len; + max_len -= len; + + if (mem == NULL || num_mem == NULL) + { + return True; + } + + for (i = 0; i < (*num_mem); i++) + { + len = strlen((*mem)[i].name); + p = safe_strcpy(p, (*mem)[i].name, max_len); + + if (p == NULL) + { + DEBUG(0, ("make_alias_line: out of space for aliases!\n")); + return False; + } + + max_len -= len; + + if (i != (*num_mem)-1) + { + *p = ','; + p++; + max_len--; + } + } + + return True; +} + +/************************************************************************* + Routine to return the next entry in the smbdomainalias list. + *************************************************************************/ +static char *get_alias_members(char *p, int *num_mem, LOCAL_GRP_MEMBER **members) +{ + fstring name; + + if (num_mem == NULL || members == NULL) + return NULL; + + (*num_mem) = 0; + (*members) = NULL; + + while (next_token(&p, name, ",", sizeof(fstring))) { + LOCAL_GRP_MEMBER *mbrs; + DOM_SID sid; + uint8 type; + + if (lookup_sid(name, &sid, &type)) { + mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(LOCAL_GRP_MEMBER)); + (*num_mem)++; + } else { + DEBUG(0,("alias database: could not resolve alias named %s\n", name)); + continue; + } + if (mbrs == NULL) { + SAFE_FREE(*members); + return NULL; + } else + (*members) = mbrs; + + fstrcpy((*members)[(*num_mem)-1].name, name); + (*members)[(*num_mem)-1].sid_use = type; + sid_copy(&(*members)[(*num_mem)-1].sid, &sid); + } + return p; +} + +/************************************************************************* + Routine to return the next entry in the smbdomainalias list. + *************************************************************************/ +static LOCAL_GRP *getalsfilepwent(void *vp, LOCAL_GRP_MEMBER **mem, int *num_mem) +{ + /* Static buffers we will return. */ + static LOCAL_GRP al_buf; + + int gidval; + + pstring linebuf; + char *p; + size_t linebuf_len; + + aldb_init_als(&al_buf); + + /* + * Scan the file, a line at a time and check if the name matches. + */ + while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) + { + /* get alias name */ + + p = strncpyn(al_buf.name, linebuf, sizeof(al_buf.name), ':'); + if (p == NULL) + { + DEBUG(0, ("getalsfilepwent: malformed alias entry (no :)\n")); + continue; + } + + /* Go past ':' */ + p++; + + /* get alias comment */ + + p = strncpyn(al_buf.comment, p, sizeof(al_buf.comment), ':'); + if (p == NULL) + { + DEBUG(0, ("getalsfilepwent: malformed alias entry (no :)\n")); + continue; + } + + /* Go past ':' */ + p++; + + /* Get alias gid. */ + + p = Atoic(p, &gidval, ":"); + + if (p == NULL) + { + DEBUG(0, ("getalsfilepwent: malformed alias entry (no : after uid)\n")); + continue; + } + + /* Go past ':' */ + p++; + + /* now get the user's aliases. there are a maximum of 32 */ + + if (mem != NULL && num_mem != NULL) + { + (*mem) = NULL; + (*num_mem) = 0; + + p = get_alias_members(p, num_mem, mem); + if (p == NULL) + { + DEBUG(0, ("getalsfilepwent: malformed alias entry (no : after members)\n")); + } + } + + /* ok, set up the static data structure and return it */ + + al_buf.rid = pwdb_gid_to_alias_rid((gid_t)gidval); + + make_alias_line(linebuf, sizeof(linebuf), &al_buf, mem, num_mem); + DEBUG(10,("line: '%s'\n", linebuf)); + + return &al_buf; + } + + DEBUG(5,("getalsfilepwent: end of file reached.\n")); + return NULL; +} + +/************************************************************************ + Routine to add an entry to the aliasdb file. +*************************************************************************/ + +static BOOL add_alsfileals_entry(LOCAL_GRP *newals) +{ + DEBUG(0, ("add_alsfileals_entry: NOT IMPLEMENTED\n")); + return False; +} + +/************************************************************************ + Routine to search the aliasdb file for an entry matching the aliasname. + and then modify its alias entry. We can't use the startalspwent()/ + getalspwent()/endalspwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out alias or NO PASS +************************************************************************/ + +static BOOL mod_alsfileals_entry(LOCAL_GRP* als) +{ + DEBUG(0, ("mod_alsfileals_entry: NOT IMPLEMENTED\n")); + return False; +} + + +static struct aliasdb_ops file_ops = +{ + startalsfilepwent, + endalsfilepwent, + getalsfilepwpos, + setalsfilepwpos, + + iterate_getaliasnam, /* In aliasdb.c */ + iterate_getaliasgid, /* In aliasdb.c */ + iterate_getaliasrid, /* In aliasdb.c */ + getalsfilepwent, + + add_alsfileals_entry, + mod_alsfileals_entry, + + iterate_getuseraliasnam /* in aliasdb.c */ +}; + +struct aliasdb_ops *file_initialise_alias_db(void) +{ + return &file_ops; +} + +#else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void als_dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ diff --git a/source3/groupdb/groupdb.c b/source3/groupdb/groupdb.c new file mode 100644 index 00000000000..c18463741d9 --- /dev/null +++ b/source3/groupdb/groupdb.c @@ -0,0 +1,381 @@ +/* + Unix SMB/CIFS implementation. + Password and authentication handling + Copyright (C) Jeremy Allison 1996-1998 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + * NOTE. All these functions are abstracted into a structure + * that points to the correct function for the selected database. JRA. + */ + +static struct groupdb_ops *gpdb_ops; + +/*************************************************************** + Initialise the group db operations. +***************************************************************/ + +BOOL initialise_group_db(void) +{ + if (gpdb_ops) + { + return True; + } + +#ifdef WITH_NISPLUS + gpdb_ops = nisplus_initialise_group_db(); +#elif defined(WITH_LDAP) + gpdb_ops = ldap_initialise_group_db(); +#else + gpdb_ops = file_initialise_group_db(); +#endif + + return (gpdb_ops != NULL); +} + +/* + * Functions that return/manipulate a DOMAIN_GRP. + */ + +/************************************************************************ + Utility function to search group database by gid: the DOMAIN_GRP + structure does not have a gid member, so we have to convert here + from gid to group rid. +*************************************************************************/ +DOMAIN_GRP *iterate_getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + return iterate_getgrouprid(pwdb_gid_to_group_rid(gid), mem, num_mem); +} + +/************************************************************************ + Utility function to search group database by rid. use this if your database + does not have search facilities. +*************************************************************************/ +DOMAIN_GRP *iterate_getgrouprid(uint32 rid, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + DOMAIN_GRP *grp = NULL; + void *fp = NULL; + + DEBUG(10, ("search by rid: 0x%x\n", rid)); + + /* Open the group database file - not for update. */ + fp = startgroupent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open group database.\n")); + return NULL; + } + + while ((grp = getgroupent(fp, mem, num_mem)) != NULL && grp->rid != rid) + { + } + + if (grp != NULL) + { + DEBUG(10, ("found group %s by rid: 0x%x\n", grp->name, rid)); + } + + endgroupent(fp); + return grp; +} + +/************************************************************************ + Utility function to search group database by name. use this if your database + does not have search facilities. +*************************************************************************/ +DOMAIN_GRP *iterate_getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + DOMAIN_GRP *grp = NULL; + void *fp = NULL; + + DEBUG(10, ("search by name: %s\n", name)); + + /* Open the group database file - not for update. */ + fp = startgroupent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open group database.\n")); + return NULL; + } + + while ((grp = getgroupent(fp, mem, num_mem)) != NULL && !strequal(grp->name, name)) + { + } + + if (grp != NULL) + { + DEBUG(10, ("found by name: %s\n", name)); + } + + endgroupent(fp); + return grp; +} + +/************************************************************************* + Routine to return the next entry in the smbdomaingroup list. + *************************************************************************/ +BOOL add_domain_group(DOMAIN_GRP **grps, int *num_grps, DOMAIN_GRP *grp) +{ + DOMAIN_GRP *tgrps; + + if (grps == NULL || num_grps == NULL || grp == NULL) + return False; + + tgrps = Realloc((*grps), ((*num_grps)+1) * sizeof(DOMAIN_GRP)); + if (tgrps == NULL) { + SAFE_FREE(*grps); + return False; + } else + (*grps) = tgrps; + + DEBUG(10,("adding group %s(%s)\n", grp->name, grp->comment)); + + fstrcpy((*grps)[(*num_grps)].name , grp->name); + fstrcpy((*grps)[(*num_grps)].comment, grp->comment); + (*grps)[(*num_grps)].attr = grp->attr; + (*grps)[(*num_grps)].rid = grp->rid ; + + (*num_grps)++; + + return True; +} + +/************************************************************************* + checks to see if a user is a member of a domain group + *************************************************************************/ +static BOOL user_is_member(char *user_name, DOMAIN_GRP_MEMBER *mem, int num_mem) +{ + int i; + for (i = 0; i < num_mem; i++) + { + DEBUG(10,("searching against user %s...\n", mem[i].name)); + if (strequal(mem[i].name, user_name)) + { + DEBUG(10,("searching for user %s: found\n", user_name)); + return True; + } + } + DEBUG(10,("searching for user %s: not found\n", user_name)); + return False; +} + +/************************************************************************* + gets an array of groups that a user is in. use this if your database + does not have search facilities + *************************************************************************/ +BOOL iterate_getusergroupsnam(char *user_name, DOMAIN_GRP **grps, int *num_grps) +{ + DOMAIN_GRP *grp; + DOMAIN_GRP_MEMBER *mem = NULL; + int num_mem = 0; + void *fp = NULL; + + DEBUG(10, ("search for usergroups by name: %s\n", user_name)); + + if (user_name == NULL || grp == NULL || num_grps == NULL) + { + return False; + } + + (*grps) = NULL; + (*num_grps) = 0; + + /* Open the group database file - not for update. */ + fp = startgroupent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open group database.\n")); + return False; + } + + /* iterate through all groups. search members for required user */ + while ((grp = getgroupent(fp, &mem, &num_mem)) != NULL) + { + DEBUG(5,("group name %s members: %d\n", grp->name, num_mem)); + if (num_mem != 0 && mem != NULL) + { + BOOL ret = True; + if (user_is_member(user_name, mem, num_mem)) + { + ret = add_domain_group(grps, num_grps, grp); + } + + SAFE_FREE(mem); + num_mem = 0; + + if (!ret) + { + (*num_grps) = 0; + break; + } + } + } + + if ((*num_grps) != 0) + { + DEBUG(10, ("found %d user groups:\n", (*num_grps))); + } + + endgroupent(fp); + return True; +} + +/************************************************************************* + gets an array of groups that a user is in. use this if your database + does not have search facilities + *************************************************************************/ +BOOL enumdomgroups(DOMAIN_GRP **grps, int *num_grps) +{ + DOMAIN_GRP *grp; + void *fp = NULL; + + DEBUG(10, ("enum user groups\n")); + + if (grp == NULL || num_grps == NULL) + { + return False; + } + + (*grps) = NULL; + (*num_grps) = 0; + + /* Open the group database file - not for update. */ + fp = startgroupent(False); + + if (fp == NULL) + { + DEBUG(0, ("unable to open group database.\n")); + return False; + } + + /* iterate through all groups. */ + while ((grp = getgroupent(fp, NULL, NULL)) != NULL) + { + if (!add_domain_group(grps, num_grps, grp)) + { + DEBUG(0,("unable to add group while enumerating\n")); + return False; + } + } + + if ((*num_grps) != 0) + { + DEBUG(10, ("found %d user groups:\n", (*num_grps))); + } + + endgroupent(fp); + return True; +} + +/*************************************************************** + Start to enumerate the group database list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +void *startgroupent(BOOL update) +{ + return gpdb_ops->startgroupent(update); +} + +/*************************************************************** + End enumeration of the group database list. +****************************************************************/ + +void endgroupent(void *vp) +{ + gpdb_ops->endgroupent(vp); +} + +/************************************************************************* + Routine to return the next entry in the group database list. + *************************************************************************/ + +DOMAIN_GRP *getgroupent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + return gpdb_ops->getgroupent(vp, mem, num_mem); +} + +/************************************************************************ + Routine to add an entry to the group database file. +*************************************************************************/ + +BOOL add_group_entry(DOMAIN_GRP *newgrp) +{ + return gpdb_ops->add_group_entry(newgrp); +} + +/************************************************************************ + Routine to search the group database file for an entry matching the groupname. + and then replace the entry. +************************************************************************/ + +BOOL mod_group_entry(DOMAIN_GRP* grp) +{ + return gpdb_ops->mod_group_entry(grp); +} + +/************************************************************************ + Routine to search group database by name. +*************************************************************************/ + +DOMAIN_GRP *getgroupnam(char *name, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + return gpdb_ops->getgroupnam(name, mem, num_mem); +} + +/************************************************************************ + Routine to search group database by group rid. +*************************************************************************/ + +DOMAIN_GRP *getgrouprid(uint32 group_rid, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + return gpdb_ops->getgrouprid(group_rid, mem, num_mem); +} + +/************************************************************************ + Routine to search group database by gid. +*************************************************************************/ + +DOMAIN_GRP *getgroupgid(gid_t gid, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + return gpdb_ops->getgroupgid(gid, mem, num_mem); +} + +/************************************************************************* + gets an array of groups that a user is in. + *************************************************************************/ +BOOL getusergroupsnam(char *user_name, DOMAIN_GRP **grp, int *num_grps) +{ + return gpdb_ops->getusergroupsnam(user_name, grp, num_grps); +} + +/************************************************************* + initialises a DOMAIN_GRP. + **************************************************************/ + +void gpdb_init_grp(DOMAIN_GRP *grp) +{ + if (grp == NULL) return; + ZERO_STRUCTP(grp); +} + diff --git a/source3/groupdb/groupfile.c b/source3/groupdb/groupfile.c new file mode 100644 index 00000000000..4502b190aa3 --- /dev/null +++ b/source3/groupdb/groupfile.c @@ -0,0 +1,285 @@ +/* + * Unix SMB/CIFS implementation. + * SMB parameters and setup + * Copyright (C) Andrew Tridgell 1992-1998 Modified by Jeremy Allison 1995. + * + * This program is free software; you can redistribute it and/or modify it under + * the terms of the GNU General Public License as published by the Free + * Software Foundation; either version 2 of the License, or (at your option) + * any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +#ifdef USE_SMBPASS_DB + +static int gp_file_lock_depth = 0; + +static char s_readbuf[1024]; + +/*************************************************************** + Start to enumerate the grppasswd list. Returns a void pointer + to ensure no modification outside this module. +****************************************************************/ + +static void *startgrpfilepwent(BOOL update) +{ + return startfilepwent(lp_smb_group_file(), + s_readbuf, sizeof(s_readbuf), + &gp_file_lock_depth, update); +} + +/*************************************************************** + End enumeration of the grppasswd list. +****************************************************************/ + +static void endgrpfilepwent(void *vp) +{ + endfilepwent(vp, &gp_file_lock_depth); +} + +/************************************************************************* + Return the current position in the grppasswd list as an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static SMB_BIG_UINT getgrpfilepwpos(void *vp) +{ + return getfilepwpos(vp); +} + +/************************************************************************* + Set the current position in the grppasswd list from an SMB_BIG_UINT. + This must be treated as an opaque token. +*************************************************************************/ +static BOOL setgrpfilepwpos(void *vp, SMB_BIG_UINT tok) +{ + return setfilepwpos(vp, tok); +} + +static BOOL make_group_line(char *p, int max_len, + DOMAIN_GRP *grp, + DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + int i; + int len; + len = slprintf(p, max_len-1, "%s:%s:%d:", grp->name, grp->comment, grp->rid); + + if (len == -1) + { + DEBUG(0,("make_group_line: cannot create entry\n")); + return False; + } + + p += len; + max_len -= len; + + if (mem == NULL || num_mem == NULL) + { + return True; + } + + for (i = 0; i < (*num_mem); i++) + { + len = strlen((*mem)[i].name); + p = safe_strcpy(p, (*mem)[i].name, max_len); + + if (p == NULL) + { + DEBUG(0, ("make_group_line: out of space for groups!\n")); + return False; + } + + max_len -= len; + + if (i != (*num_mem)-1) + { + *p = ','; + p++; + max_len--; + } + } + + return True; +} + +/************************************************************************* + Routine to return the next entry in the smbdomaingroup list. + *************************************************************************/ +static char *get_group_members(char *p, int *num_mem, DOMAIN_GRP_MEMBER **members) +{ + fstring name; + + if (num_mem == NULL || members == NULL) + { + return NULL; + } + + (*num_mem) = 0; + (*members) = NULL; + + while (next_token(&p, name, ",", sizeof(fstring))) + { + DOMAIN_GRP_MEMBER *mbrs; + + mbrs = Realloc((*members), ((*num_mem)+1) * sizeof(DOMAIN_GRP_MEMBER)); + if (mbrs == NULL) { + SAFE_FREE(*members); + return NULL; + } + else (*members) = mbrs; + fstrcpy((*members)[(*num_mem)].name, name); + (*members)[(*num_mem)].attr = 0x07; + (*num_mem)++; + } + return p; +} + +/************************************************************************* + Routine to return the next entry in the smbdomaingroup list. + *************************************************************************/ +static DOMAIN_GRP *getgrpfilepwent(void *vp, DOMAIN_GRP_MEMBER **mem, int *num_mem) +{ + /* Static buffers we will return. */ + static DOMAIN_GRP gp_buf; + + int gidval; + + pstring linebuf; + char *p; + size_t linebuf_len; + + gpdb_init_grp(&gp_buf); + + /* + * Scan the file, a line at a time and check if the name matches. + */ + while ((linebuf_len = getfileline(vp, linebuf, sizeof(linebuf))) > 0) + { + /* get group name */ + + p = strncpyn(gp_buf.name, linebuf, sizeof(gp_buf.name), ':'); + if (p == NULL) + { + DEBUG(0, ("getgrpfilepwent: malformed group entry (no :)\n")); + continue; + } + + /* Go past ':' */ + p++; + + /* get group comment */ + + p = strncpyn(gp_buf.comment, p, sizeof(gp_buf.comment), ':'); + if (p == NULL) + { + DEBUG(0, ("getgrpfilepwent: malformed group entry (no :)\n")); + continue; + } + + /* Go past ':' */ + p++; + + /* Get group gid. */ + + p = Atoic(p, &gidval, ":"); + + if (p == NULL) + { + DEBUG(0, ("getgrpfilepwent: malformed group entry (no : after uid)\n")); + continue; + } + + /* Go past ':' */ + p++; + + /* now get the user's groups. there are a maximum of 32 */ + + if (mem != NULL && num_mem != NULL) + { + (*mem) = NULL; + (*num_mem) = 0; + + p = get_group_members(p, num_mem, mem); + if (p == NULL) + { + DEBUG(0, ("getgrpfilepwent: malformed group entry (no : after members)\n")); + } + } + + /* ok, set up the static data structure and return it */ + + gp_buf.rid = pwdb_gid_to_group_rid((gid_t)gidval); + gp_buf.attr = 0x07; + + make_group_line(linebuf, sizeof(linebuf), &gp_buf, mem, num_mem); + DEBUG(10,("line: '%s'\n", linebuf)); + + return &gp_buf; + } + + DEBUG(5,("getgrpfilepwent: end of file reached.\n")); + return NULL; +} + +/************************************************************************ + Routine to add an entry to the grppasswd file. +*************************************************************************/ + +static BOOL add_grpfilegrp_entry(DOMAIN_GRP *newgrp) +{ + DEBUG(0, ("add_grpfilegrp_entry: NOT IMPLEMENTED\n")); + return False; +} + +/************************************************************************ + Routine to search the grppasswd file for an entry matching the groupname. + and then modify its group entry. We can't use the startgrppwent()/ + getgrppwent()/endgrppwent() interfaces here as we depend on looking + in the actual file to decide how much room we have to write data. + override = False, normal + override = True, override XXXXXXXX'd out group or NO PASS +************************************************************************/ + +static BOOL mod_grpfilegrp_entry(DOMAIN_GRP* grp) +{ + DEBUG(0, ("mod_grpfilegrp_entry: NOT IMPLEMENTED\n")); + return False; +} + + +static struct groupdb_ops file_ops = +{ + startgrpfilepwent, + endgrpfilepwent, + getgrpfilepwpos, + setgrpfilepwpos, + + iterate_getgroupnam, /* In groupdb.c */ + iterate_getgroupgid, /* In groupdb.c */ + iterate_getgrouprid, /* In groupdb.c */ + getgrpfilepwent, + + add_grpfilegrp_entry, + mod_grpfilegrp_entry, + + iterate_getusergroupsnam /* in groupdb.c */ +}; + +struct groupdb_ops *file_initialise_group_db(void) +{ + return &file_ops; +} + +#else + /* Do *NOT* make this function static. It breaks the compile on gcc. JRA */ + void grppass_dummy_function(void) { } /* stop some compilers complaining */ +#endif /* USE_SMBPASS_DB */ diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c new file mode 100644 index 00000000000..99ccffb4644 --- /dev/null +++ b/source3/groupdb/mapping.c @@ -0,0 +1,1225 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#include "includes.h" + +extern DOM_SID global_sam_sid; + +static TDB_CONTEXT *tdb; /* used for driver files */ + +#define DATABASE_VERSION_V1 1 /* native byte format. */ +#define DATABASE_VERSION_V2 2 /* le format. */ + +#define GROUP_PREFIX "UNIXGROUP/" + +PRIVS privs[] = { + {SE_PRIV_NONE, "no_privs", "No privilege" }, /* this one MUST be first */ + {SE_PRIV_ADD_MACHINES, "SeMachineAccountPrivilege", "Add workstations to the domain" }, + {SE_PRIV_SEC_PRIV, "SeSecurityPrivilege", "Manage the audit logs" }, + {SE_PRIV_TAKE_OWNER, "SeTakeOwnershipPrivilege", "Take ownership of file" }, + {SE_PRIV_ADD_USERS, "SaAddUsers", "Add users to the domain - Samba" }, + {SE_PRIV_PRINT_OPERATOR, "SaPrintOp", "Add or remove printers - Samba" }, + {SE_PRIV_ALL, "SaAllPrivs", "all privileges" } +}; +/* +PRIVS privs[] = { + { 2, "SeCreateTokenPrivilege" }, + { 3, "SeAssignPrimaryTokenPrivilege" }, + { 4, "SeLockMemoryPrivilege" }, + { 5, "SeIncreaseQuotaPrivilege" }, + { 6, "SeMachineAccountPrivilege" }, + { 7, "SeTcbPrivilege" }, + { 8, "SeSecurityPrivilege" }, + { 9, "SeTakeOwnershipPrivilege" }, + { 10, "SeLoadDriverPrivilege" }, + { 11, "SeSystemProfilePrivilege" }, + { 12, "SeSystemtimePrivilege" }, + { 13, "SeProfileSingleProcessPrivilege" }, + { 14, "SeIncreaseBasePriorityPrivilege" }, + { 15, "SeCreatePagefilePrivilege" }, + { 16, "SeCreatePermanentPrivilege" }, + { 17, "SeBackupPrivilege" }, + { 18, "SeRestorePrivilege" }, + { 19, "SeShutdownPrivilege" }, + { 20, "SeDebugPrivilege" }, + { 21, "SeAuditPrivilege" }, + { 22, "SeSystemEnvironmentPrivilege" }, + { 23, "SeChangeNotifyPrivilege" }, + { 24, "SeRemoteShutdownPrivilege" }, + { 25, "SeUndockPrivilege" }, + { 26, "SeSyncAgentPrivilege" }, + { 27, "SeEnableDelegationPrivilege" }, +}; +*/ + + /* + * Those are not really privileges like the other ones. + * They are handled in a special case and called + * system privileges. + * + * SeNetworkLogonRight + * SeUnsolicitedInputPrivilege + * SeBatchLogonRight + * SeServiceLogonRight + * SeInteractiveLogonRight + * SeDenyInteractiveLogonRight + * SeDenyNetworkLogonRight + * SeDenyBatchLogonRight + * SeDenyBatchLogonRight + */ + +#if 0 +/**************************************************************************** +check if the user has the required privilege. +****************************************************************************/ +static BOOL se_priv_access_check(NT_USER_TOKEN *token, uint32 privilege) +{ + /* no token, no privilege */ + if (token==NULL) + return False; + + if ((token->privilege & privilege)==privilege) + return True; + + return False; +} +#endif + +/**************************************************************************** +dump the mapping group mapping to a text file +****************************************************************************/ +char *decode_sid_name_use(fstring group, enum SID_NAME_USE name_use) +{ + static fstring group_type; + + switch(name_use) { + case SID_NAME_USER: + fstrcpy(group_type,"User"); + break; + case SID_NAME_DOM_GRP: + fstrcpy(group_type,"Domain group"); + break; + case SID_NAME_DOMAIN: + fstrcpy(group_type,"Domain"); + break; + case SID_NAME_ALIAS: + fstrcpy(group_type,"Local group"); + break; + case SID_NAME_WKN_GRP: + fstrcpy(group_type,"Builtin group"); + break; + case SID_NAME_DELETED: + fstrcpy(group_type,"Deleted"); + break; + case SID_NAME_INVALID: + fstrcpy(group_type,"Invalid"); + break; + case SID_NAME_UNKNOWN: + default: + fstrcpy(group_type,"Unknown type"); + break; + } + + fstrcpy(group, group_type); + return group_type; +} + +/**************************************************************************** +initialise first time the mapping list - called from init_group_mapping() +****************************************************************************/ +static BOOL default_group_mapping(void) +{ + DOM_SID sid_admins; + DOM_SID sid_users; + DOM_SID sid_guests; + fstring str_admins; + fstring str_users; + fstring str_guests; + LUID_ATTR set; + + PRIVILEGE_SET privilege_none; + PRIVILEGE_SET privilege_all; + PRIVILEGE_SET privilege_print_op; + + init_privilege(&privilege_none); + init_privilege(&privilege_all); + init_privilege(&privilege_print_op); + + set.attr=0; + set.luid.high=0; + set.luid.low=SE_PRIV_PRINT_OPERATOR; + add_privilege(&privilege_print_op, set); + + add_all_privilege(&privilege_all); + + /* Add the Wellknown groups */ + + add_initial_entry(-1, "S-1-5-32-544", SID_NAME_ALIAS, "Administrators", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-545", SID_NAME_ALIAS, "Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-546", SID_NAME_ALIAS, "Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + add_initial_entry(-1, "S-1-5-32-547", SID_NAME_ALIAS, "Power Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + add_initial_entry(-1, "S-1-5-32-548", SID_NAME_ALIAS, "Account Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-549", SID_NAME_ALIAS, "System Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-550", SID_NAME_ALIAS, "Print Operators", "", privilege_print_op, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + add_initial_entry(-1, "S-1-5-32-551", SID_NAME_ALIAS, "Backup Operators", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + add_initial_entry(-1, "S-1-5-32-552", SID_NAME_ALIAS, "Replicators", "", privilege_none, PR_ACCESS_FROM_NETWORK); + + /* Add the defaults domain groups */ + + sid_copy(&sid_admins, &global_sam_sid); + sid_append_rid(&sid_admins, DOMAIN_GROUP_RID_ADMINS); + sid_to_string(str_admins, &sid_admins); + add_initial_entry(-1, str_admins, SID_NAME_DOM_GRP, "Domain Admins", "", privilege_all, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + sid_copy(&sid_users, &global_sam_sid); + sid_append_rid(&sid_users, DOMAIN_GROUP_RID_USERS); + sid_to_string(str_users, &sid_users); + add_initial_entry(-1, str_users, SID_NAME_DOM_GRP, "Domain Users", "", privilege_none, PR_ACCESS_FROM_NETWORK|PR_LOG_ON_LOCALLY); + + sid_copy(&sid_guests, &global_sam_sid); + sid_append_rid(&sid_guests, DOMAIN_GROUP_RID_GUESTS); + sid_to_string(str_guests, &sid_guests); + add_initial_entry(-1, str_guests, SID_NAME_DOM_GRP, "Domain Guests", "", privilege_none, PR_ACCESS_FROM_NETWORK); + + return True; +} + +/**************************************************************************** + Open the group mapping tdb. +****************************************************************************/ + +static BOOL init_group_mapping(void) +{ + static pid_t local_pid; + char *vstring = "INFO/version"; + int32 vers_id; + + if (tdb && local_pid == sys_getpid()) + return True; + tdb = tdb_open_log(lock_path("group_mapping.tdb"), 0, TDB_DEFAULT, O_RDWR|O_CREAT, 0600); + if (!tdb) { + DEBUG(0,("Failed to open group mapping database\n")); + return False; + } + + local_pid = sys_getpid(); + + /* handle a Samba upgrade */ + tdb_lock_bystring(tdb, vstring); + + /* Cope with byte-reversed older versions of the db. */ + vers_id = tdb_fetch_int32(tdb, vstring); + if ((vers_id == DATABASE_VERSION_V1) || (IREV(vers_id) == DATABASE_VERSION_V1)) { + /* Written on a bigendian machine with old fetch_int code. Save as le. */ + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + vers_id = DATABASE_VERSION_V2; + } + + if (vers_id != DATABASE_VERSION_V2) { + tdb_traverse(tdb, tdb_traverse_delete_fn, NULL); + tdb_store_int32(tdb, vstring, DATABASE_VERSION_V2); + } + + tdb_unlock_bystring(tdb, vstring); + + /* write a list of default groups */ + if(!default_group_mapping()) + return False; + + return True; +} + +/**************************************************************************** +****************************************************************************/ +BOOL add_mapping_entry(GROUP_MAP *map, int flag) +{ + TDB_DATA kbuf, dbuf; + pstring key, buf; + fstring string_sid=""; + int len; + int i; + PRIVILEGE_SET *set; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + sid_to_string(string_sid, &map->sid); + + len = tdb_pack(buf, sizeof(buf), "ddffd", + map->gid, map->sid_name_use, map->nt_name, map->comment, map->systemaccount); + + /* write the privilege list in the TDB database */ + + set=&map->priv_set; + len += tdb_pack(buf+len, sizeof(buf)-len, "d", set->count); + for (i=0; icount; i++) + len += tdb_pack(buf+len, sizeof(buf)-len, "ddd", + set->set[i].luid.low, set->set[i].luid.high, set->set[i].attr); + + if (len > sizeof(buf)) + return False; + + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dsize = strlen(key)+1; + kbuf.dptr = key; + dbuf.dsize = len; + dbuf.dptr = buf; + if (tdb_store(tdb, kbuf, dbuf, flag) != 0) return False; + + return True; +} + +/**************************************************************************** +initialise first time the mapping list +****************************************************************************/ +BOOL add_initial_entry(gid_t gid, fstring sid, enum SID_NAME_USE sid_name_use, + fstring nt_name, fstring comment, PRIVILEGE_SET priv_set, uint32 systemaccount) +{ + GROUP_MAP map; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + map.gid=gid; + string_to_sid(&map.sid, sid); + map.sid_name_use=sid_name_use; + fstrcpy(map.nt_name, nt_name); + fstrcpy(map.comment, comment); + map.systemaccount=systemaccount; + + map.priv_set.count=priv_set.count; + map.priv_set.set=priv_set.set; + + add_mapping_entry(&map, TDB_INSERT); + + return True; +} + +/**************************************************************************** +initialise a privilege list +****************************************************************************/ +void init_privilege(PRIVILEGE_SET *priv_set) +{ + priv_set->count=0; + priv_set->control=0; + priv_set->set=NULL; +} + +/**************************************************************************** +free a privilege list +****************************************************************************/ +BOOL free_privilege(PRIVILEGE_SET *priv_set) +{ + if (priv_set->count==0) { + DEBUG(100,("free_privilege: count=0, nothing to clear ?\n")); + return False; + } + + if (priv_set->set==NULL) { + DEBUG(0,("free_privilege: list ptr is NULL, very strange !\n")); + return False; + } + + safe_free(priv_set->set); + priv_set->count=0; + priv_set->control=0; + priv_set->set=NULL; + + return True; +} + +/**************************************************************************** +add a privilege to a privilege array +****************************************************************************/ +BOOL add_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + LUID_ATTR *new_set; + + /* check if the privilege is not already in the list */ + if (check_priv_in_privilege(priv_set, set)) + return False; + + /* we can allocate memory to add the new privilege */ + + new_set=(LUID_ATTR *)Realloc(priv_set->set, (priv_set->count+1)*(sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("add_privilege: could not Realloc memory to add a new privilege\n")); + return False; + } + + new_set[priv_set->count].luid.high=set.luid.high; + new_set[priv_set->count].luid.low=set.luid.low; + new_set[priv_set->count].attr=set.attr; + + priv_set->count++; + priv_set->set=new_set; + + return True; +} + +/**************************************************************************** +add all the privileges to a privilege array +****************************************************************************/ +BOOL add_all_privilege(PRIVILEGE_SET *priv_set) +{ + LUID_ATTR set; + + set.attr=0; + set.luid.high=0; + + set.luid.low=SE_PRIV_ADD_USERS; + add_privilege(priv_set, set); + + set.luid.low=SE_PRIV_ADD_MACHINES; + add_privilege(priv_set, set); + + set.luid.low=SE_PRIV_PRINT_OPERATOR; + add_privilege(priv_set, set); + + return True; +} + +/**************************************************************************** +check if the privilege list is empty +****************************************************************************/ +BOOL check_empty_privilege(PRIVILEGE_SET *priv_set) +{ + return (priv_set->count == 0); +} + +/**************************************************************************** +check if the privilege is in the privilege list +****************************************************************************/ +BOOL check_priv_in_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + int i; + + /* if the list is empty, obviously we can't have it */ + if (check_empty_privilege(priv_set)) + return False; + + for (i=0; icount; i++) { + LUID_ATTR *cur_set; + + cur_set=&priv_set->set[i]; + /* check only the low and high part. Checking the attr field has no meaning */ + if( (cur_set->luid.low==set.luid.low) && (cur_set->luid.high==set.luid.high) ) + return True; + } + + return False; +} + +/**************************************************************************** +remove a privilege to a privilege array +****************************************************************************/ +BOOL remove_privilege(PRIVILEGE_SET *priv_set, LUID_ATTR set) +{ + LUID_ATTR *new_set; + LUID_ATTR *old_set; + int i,j; + + /* check if the privilege is in the list */ + if (!check_priv_in_privilege(priv_set, set)) + return False; + + /* special case if it's the only privilege in the list */ + if (priv_set->count==1) { + free_privilege(priv_set); + init_privilege(priv_set); + + return True; + } + + /* + * the privilege is there, create a new list, + * and copy the other privileges + */ + + old_set=priv_set->set; + + new_set=(LUID_ATTR *)malloc((priv_set->count-1)*(sizeof(LUID_ATTR))); + if (new_set==NULL) { + DEBUG(0,("remove_privilege: could not malloc memory for new privilege list\n")); + return False; + } + + for (i=0, j=0; icount; i++) { + if ((old_set[i].luid.low==set.luid.low) && + (old_set[i].luid.high==set.luid.high)) { + continue; + } + + new_set[j].luid.low=old_set[i].luid.low; + new_set[j].luid.high=old_set[i].luid.high; + new_set[j].attr=old_set[i].attr; + + j++; + } + + if (j!=priv_set->count-1) { + DEBUG(0,("remove_privilege: mismatch ! difference is not -1\n")); + DEBUGADD(0,("old count:%d, new count:%d\n", priv_set->count, j)); + safe_free(new_set); + return False; + } + + /* ok everything is fine */ + + priv_set->count--; + priv_set->set=new_set; + + safe_free(old_set); + + return True; +} + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + int ret; + int i; + PRIVILEGE_SET *set; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) return False; + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); + + set=&map->priv_set; + init_privilege(set); + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); + + DEBUG(10,("get_group_map_from_sid: %d privileges\n", map->priv_set.count)); + + set->set = NULL; + if (set->count) { + set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR)); + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + + SAFE_FREE(dbuf.dptr); + if (ret != dbuf.dsize) { + DEBUG(0,("get_group_map_from_sid: group mapping TDB corrupted ?\n")); + free_privilege(set); + return False; + } + + /* we don't want the privileges */ + if (with_priv==MAPPING_WITHOUT_PRIV) + free_privilege(set); + + sid_copy(&map->sid, &sid); + + return True; +} + + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; + int i; + PRIVILEGE_SET *set; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + /* we need to enumerate the TDB to find the GID */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); + + set=&map->priv_set; + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); + set->set = NULL; + if (set->count) { + set->set=(LUID_ATTR *)smb_xmalloc(set->count*sizeof(LUID_ATTR)); + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + + SAFE_FREE(dbuf.dptr); + if (ret != dbuf.dsize){ + free_privilege(set); + continue; + } + + if (gid==map->gid) { + if (!with_priv) + free_privilege(&map->priv_set); + return True; + } + + free_privilege(set); + } + + return False; +} + +/**************************************************************************** +return the sid and the type of the unix group +****************************************************************************/ +BOOL get_group_map_from_ntname(char *name, GROUP_MAP *map, BOOL with_priv) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + int ret; + int i; + PRIVILEGE_SET *set; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + /* we need to enumerate the TDB to find the name */ + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + string_to_sid(&map->sid, string_sid); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map->gid, &map->sid_name_use, &map->nt_name, &map->comment, &map->systemaccount); + + set=&map->priv_set; + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); + + set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); + if (set->set==NULL) { + DEBUG(0,("get_group_map_from_ntname: could not allocate memory for privileges\n")); + return False; + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + + SAFE_FREE(dbuf.dptr); + if (ret != dbuf.dsize) { + free_privilege(set); + continue; + } + + if (StrCaseCmp(name, map->nt_name)==0) { + if (!with_priv) + free_privilege(&map->priv_set); + return True; + } + + free_privilege(set); + } + + return False; +} + +/**************************************************************************** + remove a group mapping entry +****************************************************************************/ +BOOL group_map_remove(DOM_SID sid) +{ + TDB_DATA kbuf, dbuf; + pstring key; + fstring string_sid; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + /* the key is the SID, retrieving is direct */ + + sid_to_string(string_sid, &sid); + slprintf(key, sizeof(key), "%s%s", GROUP_PREFIX, string_sid); + + kbuf.dptr = key; + kbuf.dsize = strlen(key)+1; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) return False; + + SAFE_FREE(dbuf.dptr); + + if(tdb_delete(tdb, kbuf) != TDB_SUCCESS) + return False; + + return True; +} + + +/**************************************************************************** +enumerate the group mapping +****************************************************************************/ +BOOL enum_group_mapping(enum SID_NAME_USE sid_name_use, GROUP_MAP **rmap, + int *num_entries, BOOL unix_only, BOOL with_priv) +{ + TDB_DATA kbuf, dbuf, newkey; + fstring string_sid; + fstring group_type; + GROUP_MAP map; + GROUP_MAP *mapt; + int ret; + int entries=0; + int i; + PRIVILEGE_SET *set; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + *num_entries=0; + *rmap=NULL; + + for (kbuf = tdb_firstkey(tdb); + kbuf.dptr; + newkey = tdb_nextkey(tdb, kbuf), safe_free(kbuf.dptr), kbuf=newkey) { + + if (strncmp(kbuf.dptr, GROUP_PREFIX, strlen(GROUP_PREFIX)) != 0) + continue; + + dbuf = tdb_fetch(tdb, kbuf); + if (!dbuf.dptr) + continue; + + fstrcpy(string_sid, kbuf.dptr+strlen(GROUP_PREFIX)); + + ret = tdb_unpack(dbuf.dptr, dbuf.dsize, "ddffd", + &map.gid, &map.sid_name_use, &map.nt_name, &map.comment, &map.systemaccount); + + set=&map.priv_set; + init_privilege(set); + + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "d", &set->count); + + if (set->count!=0) { + set->set=(LUID_ATTR *)malloc(set->count*sizeof(LUID_ATTR)); + if (set->set==NULL) { + DEBUG(0,("enum_group_mapping: could not allocate memory for privileges\n")); + return False; + } + } + + for (i=0; icount; i++) + ret += tdb_unpack(dbuf.dptr+ret, dbuf.dsize-ret, "ddd", + &(set->set[i].luid.low), &(set->set[i].luid.high), &(set->set[i].attr)); + + SAFE_FREE(dbuf.dptr); + if (ret != dbuf.dsize) { + DEBUG(11,("enum_group_mapping: error in memory size\n")); + free_privilege(set); + continue; + } + + /* list only the type or everything if UNKNOWN */ + if (sid_name_use!=SID_NAME_UNKNOWN && sid_name_use!=map.sid_name_use) { + DEBUG(11,("enum_group_mapping: group %s is not of the requested type\n", map.nt_name)); + free_privilege(set); + continue; + } + + if (unix_only==ENUM_ONLY_MAPPED && map.gid==-1) { + DEBUG(11,("enum_group_mapping: group %s is non mapped\n", map.nt_name)); + free_privilege(set); + continue; + } + + string_to_sid(&map.sid, string_sid); + + decode_sid_name_use(group_type, map.sid_name_use); + DEBUG(11,("enum_group_mapping: returning group %s of type %s\n", map.nt_name ,group_type)); + + mapt=(GROUP_MAP *)Realloc((*rmap), (entries+1)*sizeof(GROUP_MAP)); + if (!mapt) { + DEBUG(0,("enum_group_mapping: Unable to enlarge group map!\n")); + SAFE_FREE(*rmap); + free_privilege(set); + return False; + } + else + (*rmap) = mapt; + + mapt[entries].gid = map.gid; + sid_copy( &mapt[entries].sid, &map.sid); + mapt[entries].sid_name_use = map.sid_name_use; + fstrcpy(mapt[entries].nt_name, map.nt_name); + fstrcpy(mapt[entries].comment, map.comment); + mapt[entries].systemaccount=map.systemaccount; + mapt[entries].priv_set.count=set->count; + mapt[entries].priv_set.control=set->control; + mapt[entries].priv_set.set=set->set; + if (!with_priv) + free_privilege(&(mapt[entries].priv_set)); + + entries++; + } + + *num_entries=entries; + return True; +} + + +/**************************************************************************** +convert a privilege string to a privilege array +****************************************************************************/ +void convert_priv_from_text(PRIVILEGE_SET *se_priv, char *privilege) +{ + pstring tok; + char *p = privilege; + int i; + LUID_ATTR set; + + /* By default no privilege */ + init_privilege(se_priv); + + if (privilege==NULL) + return; + + while(next_token(&p, tok, " ", sizeof(tok)) ) { + for (i=0; i<=PRIV_ALL_INDEX; i++) { + if (StrCaseCmp(privs[i].priv, tok)==0) { + set.attr=0; + set.luid.high=0; + set.luid.low=privs[i].se_priv; + add_privilege(se_priv, set); + } + } + } +} + +/**************************************************************************** +convert a privilege array to a privilege string +****************************************************************************/ +void convert_priv_to_text(PRIVILEGE_SET *se_priv, char *privilege) +{ + int i,j; + + if (privilege==NULL) + return; + + ZERO_STRUCTP(privilege); + + if (check_empty_privilege(se_priv)) { + fstrcat(privilege, "No privilege"); + return; + } + + for(i=0; icount; i++) { + j=1; + while (privs[j].se_priv!=se_priv->set[i].luid.low && j<=PRIV_ALL_INDEX) { + j++; + } + + fstrcat(privilege, privs[j].priv); + fstrcat(privilege, " "); + } +} + + +/* + * + * High level functions + * better to use them than the lower ones. + * + * we are checking if the group is in the mapping file + * and if the group is an existing unix group + * + */ + +/* get a domain group from it's SID */ + +BOOL get_domain_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +{ + struct group *grp; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + DEBUG(10, ("get_domain_group_from_sid\n")); + + /* if the group is NOT in the database, it CAN NOT be a domain group */ + if(!get_group_map_from_sid(sid, map, with_priv)) + return False; + + DEBUG(10, ("get_domain_group_from_sid: SID found in the TDB\n")); + + /* if it's not a domain group, continue */ + if (map->sid_name_use!=SID_NAME_DOM_GRP) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + DEBUG(10, ("get_domain_group_from_sid: SID is a domain group\n")); + + if (map->gid==-1) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + DEBUG(10, ("get_domain_group_from_sid: SID is mapped to gid:%d\n",map->gid)); + + if ( (grp=getgrgid(map->gid)) == NULL) { + DEBUG(10, ("get_domain_group_from_sid: gid DOESN'T exist in UNIX security\n")); + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + DEBUG(10, ("get_domain_group_from_sid: gid exists in UNIX security\n")); + + return True; +} + + +/* get a local (alias) group from it's SID */ + +BOOL get_local_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +{ + struct group *grp; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + /* The group is in the mapping table */ + if(get_group_map_from_sid(sid, map, with_priv)) { + if (map->sid_name_use!=SID_NAME_ALIAS) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + if (map->gid==-1) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + if ( (grp=getgrgid(map->gid)) == NULL) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + } else { + /* the group isn't in the mapping table. + * make one based on the unix information */ + uint32 alias_rid; + + sid_peek_rid(&sid, &alias_rid); + map->gid=pdb_group_rid_to_gid(alias_rid); + + if ((grp=getgrgid(map->gid)) == NULL) + return False; + + map->sid_name_use=SID_NAME_ALIAS; + map->systemaccount=PR_ACCESS_FROM_NETWORK; + + fstrcpy(map->nt_name, grp->gr_name); + fstrcpy(map->comment, "Local Unix Group"); + + init_privilege(&map->priv_set); + + sid_copy(&map->sid, &sid); + } + + return True; +} + +/* get a builtin group from it's SID */ + +BOOL get_builtin_group_from_sid(DOM_SID sid, GROUP_MAP *map, BOOL with_priv) +{ + struct group *grp; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + if(!get_group_map_from_sid(sid, map, with_priv)) + return False; + + if (map->sid_name_use!=SID_NAME_WKN_GRP) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + if (map->gid==-1) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + if ( (grp=getgrgid(map->gid)) == NULL) { + if (with_priv) + free_privilege(&map->priv_set); + return False; + } + + return True; +} + + + +/**************************************************************************** +Returns a GROUP_MAP struct based on the gid. +****************************************************************************/ +BOOL get_group_from_gid(gid_t gid, GROUP_MAP *map, BOOL with_priv) +{ + struct group *grp; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + /* + * make a group map from scratch if doesn't exist. + */ + if (!get_group_map_from_gid(gid, map, with_priv)) { + map->gid=gid; + map->sid_name_use=SID_NAME_ALIAS; + map->systemaccount=PR_ACCESS_FROM_NETWORK; + init_privilege(&map->priv_set); + + /* interim solution until we have a last RID allocated */ + + sid_copy(&map->sid, &global_sam_sid); + sid_append_rid(&map->sid, pdb_gid_to_group_rid(gid)); + + fstrcpy(map->nt_name, grp->gr_name); + fstrcpy(map->comment, "Local Unix Group"); + } + + return True; +} + + + + +/**************************************************************************** + Get the member users of a group and + all the users who have that group as primary. + + give back an array of uid + return the grand number of users + + + TODO: sort the list and remove duplicate. JFM. + +****************************************************************************/ + +BOOL get_uid_list_of_group(gid_t gid, uid_t **uid, int *num_uids) +{ + struct group *grp; + struct passwd *pwd; + int i=0; + char *gr; + uid_t *u; + + if(!init_group_mapping()) { + DEBUG(0,("failed to initialize group mapping")); + return(False); + } + + *num_uids = 0; + *uid=NULL; + + if ( (grp=getgrgid(gid)) == NULL) + return False; + + gr = grp->gr_mem[0]; + DEBUG(10, ("getting members\n")); + + while (gr && (*gr != (char)'\0')) { + u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + if (!u) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + return False; + } + else (*uid) = u; + + if( (pwd=getpwnam_alloc(gr)) !=NULL) { + (*uid)[*num_uids]=pwd->pw_uid; + (*num_uids)++; + } + passwd_free(&pwd); + gr = grp->gr_mem[++i]; + } + DEBUG(10, ("got [%d] members\n", *num_uids)); + + setpwent(); + while ((pwd=getpwent()) != NULL) { + if (pwd->pw_gid==gid) { + u = Realloc((*uid), sizeof(uid_t)*(*num_uids+1)); + if (!u) { + DEBUG(0,("get_uid_list_of_group: unable to enlarge uid list!\n")); + return False; + } + else (*uid) = u; + (*uid)[*num_uids]=pwd->pw_uid; + + (*num_uids)++; + } + } + endpwent(); + DEBUG(10, ("got primary groups, members: [%d]\n", *num_uids)); + + return True; +} + +/**************************************************************************** + Create a UNIX group on demand. +****************************************************************************/ + +int smb_create_group(char *unix_group) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_addgroup_script()); + if (! *add_script) return -1; + pstring_sub(add_script, "%g", unix_group); + ret = smbrun(add_script,NULL); + DEBUG(3,("smb_create_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX group on demand. +****************************************************************************/ + +int smb_delete_group(char *unix_group) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_delgroup_script()); + if (! *del_script) return -1; + pstring_sub(del_script, "%g", unix_group); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} + +/**************************************************************************** + Create a UNIX group on demand. +****************************************************************************/ + +int smb_add_user_group(char *unix_group, char *unix_user) +{ + pstring add_script; + int ret; + + pstrcpy(add_script, lp_addusertogroup_script()); + if (! *add_script) return -1; + pstring_sub(add_script, "%g", unix_group); + pstring_sub(add_script, "%u", unix_user); + ret = smbrun(add_script,NULL); + DEBUG(3,("smb_add_user_group: Running the command `%s' gave %d\n",add_script,ret)); + return ret; +} + +/**************************************************************************** + Delete a UNIX group on demand. +****************************************************************************/ + +int smb_delete_user_group(const char *unix_group, const char *unix_user) +{ + pstring del_script; + int ret; + + pstrcpy(del_script, lp_deluserfromgroup_script()); + if (! *del_script) return -1; + pstring_sub(del_script, "%g", unix_group); + pstring_sub(del_script, "%u", unix_user); + ret = smbrun(del_script,NULL); + DEBUG(3,("smb_delete_user_group: Running the command `%s' gave %d\n",del_script,ret)); + return ret; +} diff --git a/source3/include/.cvsignore b/source3/include/.cvsignore new file mode 100644 index 00000000000..60afd373158 --- /dev/null +++ b/source3/include/.cvsignore @@ -0,0 +1,5 @@ +build_env.h +config.h +stamp-h +proto.h +wrepld_proto.h diff --git a/source3/include/MacExtensions.h b/source3/include/MacExtensions.h new file mode 100644 index 00000000000..d09370ed9f7 --- /dev/null +++ b/source3/include/MacExtensions.h @@ -0,0 +1,246 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) John H Terpstra 1996-1998 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Paul Ashton 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ +#ifndef _MAC_EXTENSIONS_H +#define _MAC_EXTENSIONS_H + +/* Folder that holds the stream info */ +#define STREAM_FOLDER ".streams" +#define STREAM_FOLDER_SLASH ".streams/" + +/* Common Streams Names*/ +#define DefaultStreamTestLen 6 +#define DefaultStreamTest ":$DATA" +#define AFPDATA_STREAM "::$DATA" +#define AFPINFO_STREAM ":AFP_AfpInfo:$DATA" +#define AFPRESOURCE_STREAM ":AFP_Resource:$DATA" +#define AFPCOMMENTS_STREAM ":Comments:$DATA" +#define AFPDESKTOP_STREAM ":AFP_DeskTop:$DATA" +#define AFPIDINDEX_STREAM ":AFP_IdIndex:$DATA" + +/* +** NT's AFP_AfpInfo stream structure +*/ +#define APF_INFO_SIZE 0x3c +#define AFP_Signature 0x41465000 +#define AFP_Version 0x00000100 +#define AFP_BackupTime 0x00000080 +#define AFP_FinderSize 32 +/* +** Orginal AFP_AfpInfo stream used by NT +** We needed a way to store the create date so SAMBA +** AFP_AfpInfo adds for bytes to this structrure +** and call's it _SambaAfpInfo +*/ +typedef struct _AfpInfo +{ + uint32 afpi_Signature; /* Must be *(PDWORD)"AFP" */ + uint32 afpi_Version; /* Must be 0x00010000 */ + uint32 afpi_Reserved1; + uint32 afpi_BackupTime; /* Backup time for the file/dir */ + unsigned char afpi_FinderInfo[AFP_FinderSize]; /* Finder Info (32 bytes) */ + unsigned char afpi_ProDosInfo[6]; /* ProDos Info (6 bytes) # */ + unsigned char afpi_Reserved2[6]; +} AfpInfo; + +typedef struct _SambaAfpInfo +{ + AfpInfo afp; + unsigned long createtime; +} SambaAfpInfo; + +/* +** On SAMBA this structrue is followed by 4 bytes that store the create +** date of the file or folder asociated with it. +*/ + +/* +** These extentions are only supported with the NT LM 0.12 Dialect. These extentions +** will be process on a share by share bases. +*/ + +/* +** Trans2_Query_FS_Information Call is used by the MacCIFS extentions for three reasons. +** First to see if the remote server share supports the basic Macintosh CIFS extentions. +** Second to return some basic need information about the share to the Macintosh. +** Third to see if this share support any other Macintosh extentions. +** +** We will be using infromation levels that are betwwen 0x300 and 0x399 for all Macintosh +** extentions calls. The first of these will be the SMB_MAC_QUERY_FS_INFO level which +** will allow the server to return the MacQueryFSInfo structure. All fields are Little +** Endian unless other wise specified. +*/ +#define SMB_MAC_QUERY_FS_INFO 0x301 + + + +/* +** The server will return folder access control in the Trans2_Find_First2 +** and Trans2_Find_Next2 message described later in this document. +*/ +#define SUPPORT_MAC_ACCESS_CNTRL 0x0010 +/* +** The server supports setting/getting comments using the mechanism in this +** document instead of using the NTFS format described in the Introduction. +*/ +#define SUPPORT_MAC_GETSETCOMMENTS 0x0020 +/* +** The Server supports setting and getting Macintosh desktop database information +** using the mechanism in this document. +*/ +#define SUPPORT_MAC_DESKTOPDB_CALLS 0x0040 +/* +** The server will return a unique id for files and directories in the +** Trans2_Find_First2 and Trans2_Find_Next2 message described later in this document. +*/ +#define SUPPORT_MAC_UNIQUE_IDS 0x0080 +/* +** The server will return this flag telling the client that the server does +** not support streams or the Macintosh extensions. The rest of this message +** will be ignored by the client. +*/ +#define NO_STREAMS_OR_MAC_SUPPORT 0x0100 + +/* +** We will be adding a new info level to the Trans2_Find_First2 and Trans2_Find_Next2. +** This info level will be SMB_MAC_FIND_BOTH_HFS_INFO and will support the server +** return additional information need by the Macintosh. All fields are Little +** Endian unless other wise specified. +*/ + +#define SMB_MAC_FIND_BOTH_HFS_INFO 0x302 + +enum { + ownerRead = 0x0400, + ownerWrite = 0x0200, + ownerSearch = 0x0100, + groupRead = 0x0040, + groupWrite = 0x0020, + groupSearch = 0x0010, + otherRead = 0x0004, + otherWrite = 0x0002, + otherSearch = 0x0001, + Owner = 0x0800 +}; + + +/* +** We will be adding a new info level to the Trans2_Set_Path_Information. +** This info level will be SMB_MAC_SET_FINDER_INFO and will support the client +** setting information on the server need by the Macintosh. All fields are Little +** Endian unless other wise specified. +*/ + +#define SMB_MAC_SET_FINDER_INFO 0x303 + +enum { + SetCreateDate = 0x01, /* If this is set then set the create date of the file/folder */ + SetModDate = 0x02, /* If this is set then set the modify date of the file/folder */ + SetFLAttrib = 0x04, /* If this is set then set the Macintosh lock bit of the file/folder */ + FndrInfo1 = 0x08, /* If this is set then set the first 16 bytes of finder info */ + FndrInfo2 = 0x10, /* If this is set then set the second 16 bytes of finder info */ + SetHidden = 0x20 /* We are either setting or unsetting the hidden bit */ +}; + + +/* +** We will be adding some new info level to the Trans2_Set_Path_Information and Trans2_Query_Path_Information. +** These info levels will allow the client to add, get, and remove desktop inforamtion from the +** server. How the server stores this information is up to them. +*/ + +/* +** We need to be able to store an application name and its creator in a database. We send a +** Trans2_Set_Path_Information call with the full path of the application in the path field. +** We will send an info level that represents adding an application name and creator to the database. +** We will pass the File Creator in the data message. +** +** The server should just respond with no error or an error. +*/ +#define SMB_MAC_DT_ADD_APPL 0x304 + +/* +** We need to be able to remove an application name and its creator from a database. We send a +** Trans2_Set_Path_Information call with the full path of the application in the path field. +** We will send an info level that represents removing an application name and creator from the database. +** We will pass the File Creator in the data message. +** +** The server should just respond with no error or an error. +*/ +#define SMB_MAC_DT_REMOVE_APPL 0x305 + + +/* +** We need to be able to get an application name and its creator from a database. We send a +** Trans2_Query_Path_Information call in which the name field is just ignore. +** We will send an info level that represents getting an application name with a structure that +** contains the File Creator and index. Were index has the following meaning. +** Index = 0; Get the application path from the database with the most current date. +** Index > 0; Use the index to find the application path from the database. +** e.g. index of 5 means get the fifth entry of this application name in the database. +** if not entry return an error. +** +** The server returns with a structure that contains the full path to the appication and +** its creator's date. +*/ +#define SMB_MAC_DT_GET_APPL 0x306 + + +/* +** We need to be able to get an icon from a database. We send a Trans2_Query_Path_Information call in +** which the path name is ignore. We will send an info level that represents getting an icon with a structure +** that contains the Requested size of the icon, the Icon type, File Creator, and File Type. +** +** The server returns with a structure that contains the actual size of the icon +** (must be less than requested length) and the icon bit map. +*/ +#define SMB_MAC_DT_GET_ICON 0x307 + + +/* +** We need to be able to get an icon from a database. We send a Trans2_Query_Path_Information call in +** which the path name is ignore. We will send an info level that represents getting an icon with a structure +** that contains the index and File Creator. The index allows the client to make repeated calls to the server +** gathering all icon stored by this file creator. +** +** +** The server returns with a structure that contains the actual size of the icon +** (must be less than requested length) and the icon bit map, File Type, and Icon Type. +*/ +#define SMB_MAC_DT_GET_ICON_INFO 0x308 + + + +/* +** We need to be able to add an icon to a database. We send a Trans2_Set_Path_Information call in +** which the path name is ignore. We will send an info level that represents setting an icon with a structure +** that contains the icon data, icon size, icon type, the file type, and file creator. +** +** +** The server returns only that the call was succesfull or not. +*/ +#define SMB_MAC_DT_ADD_ICON 0x309 + +#endif /* _MAC_EXTENSIONS_H */ + +/* _MAC_EXTENSIONS_H */ + diff --git a/source3/include/ads.h b/source3/include/ads.h new file mode 100644 index 00000000000..8658e72f6ac --- /dev/null +++ b/source3/include/ads.h @@ -0,0 +1,130 @@ +/* + header for ads (active directory) library routines + + basically this is a wrapper around ldap +*/ + +typedef struct { + void *ld; + char *realm; + char *ldap_server; + char *ldap_server_name; + char *kdc_server; + int ldap_port; + char *bind_path; + time_t last_attempt; + char *password; + char *user_name; + char *server_realm; +} ADS_STRUCT; + +typedef struct { + char *printerName; + char *serverName; + char *shortServerName; + char *versionNumber; + char *uNCName; + char **description; + char *assetNumber; + char *bytesPerMinute; + char *defaultPriority; + char *driverName; + char *driverVersion; + char *location; + char *operatingSystem; + char *operatingSystemHotfix; + char *operatingSystemServicePack; + char *operatingSystemVersion; + char *physicalLocationObject; + char **portName; + char *printAttributes; + char **printBinNames; + char *printCollate; + char *printColor; + char *printDuplexSupported; + char *printEndTime; + char *printFOrmName; + char *printKeepPrintedJobs; + char **printLanguage; + char *printMACAddress; + char *printMaxCopies; + char *printMaxResolutionSupported; + char *printMaxXExtent; + char *printMaxYExtent; + char **printMediaReady; + char **printMediaSupported; + char *printMemory; + char *printMinXExtent; + char *printMinYExtent; + char *printNetworkAddress; + char *printNotify; + char *printNumberUp; + char **printOrientationsSupported; + char *printOwner; + char *printPagesPerMinute; + char *printRate; + char *printRateUnit; + char *printSeparatorFile; + char **printShareName; + char *printSpooling; + char *printStaplingSupported; + char *printStartTime; + char *printStatus; + char *priority; +} ADS_PRINTER_ENTRY; + +/* there are 4 possible types of errors the ads subsystem can produce */ +enum ads_error_type {ADS_ERROR_KRB5, ADS_ERROR_GSS, + ADS_ERROR_LDAP, ADS_ERROR_SYSTEM}; + +typedef struct { + enum ads_error_type error_type; + int rc; + /* For error_type = ADS_ERROR_GSS minor_status describe GSS API error */ + /* Where rc represents major_status of GSS API error */ + int minor_status; +} ADS_STATUS; + +#ifdef HAVE_ADS +typedef LDAPMod **ADS_MODLIST; +#else +typedef void **ADS_MODLIST; +#endif + +/* macros to simplify error returning */ +#define ADS_ERROR(rc) ads_build_error(ADS_ERROR_LDAP, rc, 0) +#define ADS_ERROR_SYSTEM(rc) ads_build_error(ADS_ERROR_SYSTEM, rc, 0) +#define ADS_ERROR_KRB5(rc) ads_build_error(ADS_ERROR_KRB5, rc, 0) +#define ADS_ERROR_GSS(rc, minor) ads_build_error(ADS_ERROR_GSS, rc, minor) + +#define ADS_ERR_OK(status) ((status).rc == 0) +#define ADS_SUCCESS ADS_ERROR(0) + +/* time between reconnect attempts */ +#define ADS_RECONNECT_TIME 5 + +/* timeout on searches */ +#define ADS_SEARCH_TIMEOUT 10 + +/* ldap control oids */ +#define ADS_PAGE_CTL_OID "1.2.840.113556.1.4.319" +#define ADS_NO_REFERRALS_OID "1.2.840.113556.1.4.1339" +#define ADS_SERVER_SORT_OID "1.2.840.113556.1.4.473" + +#define UF_DONT_EXPIRE_PASSWD 0x10000 +#define UF_MNS_LOGON_ACCOUNT 0x20000 +#define UF_SMARTCARD_REQUIRED 0x40000 +#define UF_TRUSTED_FOR_DELEGATION 0x80000 +#define UF_NOT_DELEGATED 0x100000 +#define UF_USE_DES_KEY_ONLY 0x200000 +#define UF_DONT_REQUIRE_PREAUTH 0x400000 + +#define UF_TEMP_DUPLICATE_ACCOUNT 0x0100 +#define UF_NORMAL_ACCOUNT 0x0200 +#define UF_INTERDOMAIN_TRUST_ACCOUNT 0x0800 +#define UF_WORKSTATION_TRUST_ACCOUNT 0x1000 +#define UF_SERVER_TRUST_ACCOUNT 0x2000 + +/* account types */ +#define ATYPE_GROUP 0x10000000 +#define ATYPE_USER 0x30000000 diff --git a/source3/include/asn_1.h b/source3/include/asn_1.h new file mode 100644 index 00000000000..090c5459d18 --- /dev/null +++ b/source3/include/asn_1.h @@ -0,0 +1,57 @@ +/* + Unix SMB/CIFS implementation. + simple ASN1 code + Copyright (C) Andrew Tridgell 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _ASN_1_H +#define _ASN_1_H + +struct nesting { + off_t start; + size_t taglen; /* for parsing */ + struct nesting *next; +}; + +typedef struct { + uint8 *data; + size_t length; + off_t ofs; + struct nesting *nesting; + BOOL has_error; +} ASN1_DATA; + + +#define ASN1_APPLICATION(x) ((x)+0x60) +#define ASN1_SEQUENCE(x) ((x)+0x30) +#define ASN1_CONTEXT(x) ((x)+0xa0) +#define ASN1_GENERAL_STRING 0x1b +#define ASN1_OCTET_STRING 0x4 +#define ASN1_OID 0x6 +#define ASN1_BOOLEAN 0x1 +#define ASN1_INTEGER 0x2 +#define ASN1_ENUMERATED 0xa + +#define ASN1_MAX_OIDS 20 + +/* some well known object IDs */ +#define OID_SPNEGO "1 3 6 1 5 5 2" +#define OID_NTLMSSP "1 3 6 1 4 1 311 2 2 10" +#define OID_KERBEROS5_OLD "1 2 840 48018 1 2 2" +#define OID_KERBEROS5 "1 2 840 113554 1 2 2" + +#endif /* _ASN_1_H */ diff --git a/source3/include/auth.h b/source3/include/auth.h new file mode 100644 index 00000000000..5c8bc8edfe6 --- /dev/null +++ b/source3/include/auth.h @@ -0,0 +1,151 @@ +#ifndef _SMBAUTH_H_ +#define _SMBAUTH_H_ +/* + Unix SMB/CIFS implementation. + Standardised Authentication types + Copyright (C) Andrew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* AUTH_STR - string */ +typedef struct normal_string +{ + int len; + char *str; +} AUTH_STR; + +/* AUTH_UNISTR - unicode string or buffer */ +typedef struct unicode_string +{ + int len; + uchar *unistr; +} AUTH_UNISTR; + +typedef struct interactive_password +{ + OWF_INFO lm_owf; /* LM OWF Password */ + OWF_INFO nt_owf; /* NT OWF Password */ +} auth_interactive_password; + +#define AUTH_FLAG_NONE 0x000000 +#define AUTH_FLAG_PLAINTEXT 0x000001 +#define AUTH_FLAG_LM_RESP 0x000002 +#define AUTH_FLAG_NTLM_RESP 0x000004 +#define AUTH_FLAG_NTLMv2_RESP 0x000008 + +typedef struct auth_usersupplied_info +{ + + DATA_BLOB lm_resp; + DATA_BLOB nt_resp; + auth_interactive_password * interactive_password; + DATA_BLOB plaintext_password; + + BOOL encrypted; + + uint32 auth_flags; + + AUTH_STR client_domain; /* domain name string */ + AUTH_STR domain; /* domain name after mapping */ + AUTH_STR internal_username; /* username after mapping */ + AUTH_STR smb_name; /* username before mapping */ + AUTH_STR wksta_name; /* workstation name (netbios calling name) unicode string */ + +} auth_usersupplied_info; + +#define SAM_FILL_NAME 0x01 +#define SAM_FILL_INFO3 0x02 +#define SAM_FILL_SAM 0x04 +#define SAM_FILL_UNIX 0x08 +#define SAM_FILL_ALL (SAM_FILL_NAME | SAM_FILL_INFO3 | SAM_FILL_SAM | SAM_FILL_UNIX) + +typedef struct auth_serversupplied_info +{ + BOOL guest; + + /* This groups info is needed for when we become_user() for this uid */ + int n_groups; + gid_t *groups; + + /* NT group information taken from the info3 structure */ + + NT_USER_TOKEN *ptok; + + uint8 session_key[16]; + + uint8 first_8_lm_hash[8]; + + uint32 sam_fill_level; /* How far is this structure filled? */ + + SAM_ACCOUNT *sam_account; + + void *pam_handle; + +} auth_serversupplied_info; + +struct auth_context { + DATA_BLOB challenge; + + /* Who set this up in the first place? */ + char *challenge_set_by; + + struct auth_methods *challenge_set_method; + /* What order are the various methods in? Try to stop it changing under us */ + struct auth_methods *auth_method_list; + + TALLOC_CTX *mem_ctx; + const uint8 *(*get_ntlm_challenge)(struct auth_context *auth_context); + NTSTATUS (*check_ntlm_password)(const struct auth_context *auth_context, + const struct auth_usersupplied_info *user_info, + struct auth_serversupplied_info **server_info); + NTSTATUS (*nt_status_squash)(NTSTATUS nt_status); + void (*free)(struct auth_context **auth_context); +}; + +typedef struct auth_methods +{ + struct auth_methods *prev, *next; + char *name; /* What name got this module */ + + NTSTATUS (*auth)(const struct auth_context *auth_context, + void *my_private_data, + TALLOC_CTX *mem_ctx, + const struct auth_usersupplied_info *user_info, + auth_serversupplied_info **server_info); + + DATA_BLOB (*get_chal)(const struct auth_context *auth_context, + void **my_private_data, + TALLOC_CTX *mem_ctx); + + /* Used to keep tabs on things like the cli for SMB server authentication */ + void *private_data; + + /* Function to clean up the above arbitary structure */ + void (*free_private_data)(void **private_data); + + /* Function to send a keepalive message on the above structure */ + void (*send_keepalive)(void **private_data); + +} auth_methods; + +struct auth_init_function { + char *name; + /* Function to create a member of the authmethods list */ + BOOL (*init)(struct auth_context *auth_context, struct auth_methods **auth_method); +}; + + +#endif /* _SMBAUTH_H_ */ diff --git a/source3/include/byteorder.h b/source3/include/byteorder.h index 899cd6c4991..1abf1854f36 100644 --- a/source3/include/byteorder.h +++ b/source3/include/byteorder.h @@ -1,8 +1,7 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. SMB Byte handling - Copyright (C) Andrew Tridgell 1992-1995 + Copyright (C) Andrew Tridgell 1992-1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,9 +18,79 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +#ifndef _BYTEORDER_H +#define _BYTEORDER_H + /* This file implements macros for machine independent short and int manipulation + +Here is a description of this file that I emailed to the samba list once: + +> I am confused about the way that byteorder.h works in Samba. I have +> looked at it, and I would have thought that you might make a distinction +> between LE and BE machines, but you only seem to distinguish between 386 +> and all other architectures. +> +> Can you give me a clue? + +sure. + +The distinction between 386 and other architectures is only there as +an optimisation. You can take it out completely and it will make no +difference. The routines (macros) in byteorder.h are totally byteorder +independent. The 386 optimsation just takes advantage of the fact that +the x86 processors don't care about alignment, so we don't have to +align ints on int boundaries etc. If there are other processors out +there that aren't alignment sensitive then you could also define +CAREFUL_ALIGNMENT=0 on those processors as well. + +Ok, now to the macros themselves. I'll take a simple example, say we +want to extract a 2 byte integer from a SMB packet and put it into a +type called uint16 that is in the local machines byte order, and you +want to do it with only the assumption that uint16 is _at_least_ 16 +bits long (this last condition is very important for architectures +that don't have any int types that are 2 bytes long) + +You do this: + +#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) +#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) +#define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) + +then to extract a uint16 value at offset 25 in a buffer you do this: + +char *buffer = foo_bar(); +uint16 xx = SVAL(buffer,25); + +We are using the byteoder independence of the ANSI C bitshifts to do +the work. A good optimising compiler should turn this into efficient +code, especially if it happens to have the right byteorder :-) + +I know these macros can be made a bit tidier by removing some of the +casts, but you need to look at byteorder.h as a whole to see the +reasoning behind them. byteorder.h defines the following macros: + +SVAL(buf,pos) - extract a 2 byte SMB value +IVAL(buf,pos) - extract a 4 byte SMB value +SVALS(buf,pos) signed version of SVAL() +IVALS(buf,pos) signed version of IVAL() + +SSVAL(buf,pos,val) - put a 2 byte SMB value into a buffer +SIVAL(buf,pos,val) - put a 4 byte SMB value into a buffer +SSVALS(buf,pos,val) - signed version of SSVAL() +SIVALS(buf,pos,val) - signed version of SIVAL() + +RSVAL(buf,pos) - like SVAL() but for NMB byte ordering +RSVALS(buf,pos) - like SVALS() but for NMB byte ordering +RIVAL(buf,pos) - like IVAL() but for NMB byte ordering +RIVALS(buf,pos) - like IVALS() but for NMB byte ordering +RSSVAL(buf,pos,val) - like SSVAL() but for NMB ordering +RSIVAL(buf,pos,val) - like SIVAL() but for NMB ordering +RSIVALS(buf,pos,val) - like SIVALS() but for NMB ordering + +it also defines lots of intermediate macros, just ignore those :-) + */ #undef CAREFUL_ALIGNMENT @@ -36,45 +105,68 @@ #define CAREFUL_ALIGNMENT 1 #endif -#define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) -#define PVAL(buf,pos) ((unsigned)CVAL(buf,pos)) -#define SCVAL(buf,pos,val) (CVAL(buf,pos) = (val)) +#define CVAL(buf,pos) (((const unsigned char *)(buf))[pos]) +#define CVAL_NC(buf,pos) (((unsigned char *)(buf))[pos]) /* Non-const version of CVAL */ +#define PVAL(buf,pos) ((const unsigned)CVAL(buf,pos)) +#define PVAL_NC(buf,pos) ((unsigned)CVAL(buf,pos)) /* Non const version of PVAL */ +#define SCVAL(buf,pos,val) (CVAL_NC(buf,pos) = (val)) #if CAREFUL_ALIGNMENT + #define SVAL(buf,pos) (PVAL(buf,pos)|PVAL(buf,(pos)+1)<<8) #define IVAL(buf,pos) (SVAL(buf,pos)|SVAL(buf,(pos)+2)<<16) -#define SSVALX(buf,pos,val) (CVAL(buf,pos)=(val)&0xFF,CVAL(buf,pos+1)=(val)>>8) +#define SSVALX(buf,pos,val) (CVAL_NC(buf,pos)=(unsigned char)((val)&0xFF),CVAL_NC(buf,pos+1)=(unsigned char)((val)>>8)) #define SIVALX(buf,pos,val) (SSVALX(buf,pos,val&0xFFFF),SSVALX(buf,pos+2,val>>16)) -#define SVALS(buf,pos) ((int16)SVAL(buf,pos)) -#define IVALS(buf,pos) ((int32)IVAL(buf,pos)) -#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((uint16)(val))) -#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((uint32)(val))) -#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((int16)(val))) -#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((int32)(val))) -#else +#define SVALS(buf,pos) ((const int16)SVAL(buf,pos)) +#define IVALS(buf,pos) ((const int32)IVAL(buf,pos)) +#define SSVAL(buf,pos,val) SSVALX((buf),(pos),((const uint16)(val))) +#define SIVAL(buf,pos,val) SIVALX((buf),(pos),((const uint32)(val))) +#define SSVALS(buf,pos,val) SSVALX((buf),(pos),((const int16)(val))) +#define SIVALS(buf,pos,val) SIVALX((buf),(pos),((const int32)(val))) + +#else /* CAREFUL_ALIGNMENT */ + /* this handles things for architectures like the 386 that can handle alignment errors */ /* WARNING: This section is dependent on the length of int16 and int32 being correct */ -#define SVAL(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) -#define IVAL(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) -#define SVALS(buf,pos) (*(int16 *)((char *)(buf) + (pos))) -#define IVALS(buf,pos) (*(int32 *)((char *)(buf) + (pos))) -#define SSVAL(buf,pos,val) SVAL(buf,pos)=((uint16)(val)) -#define SIVAL(buf,pos,val) IVAL(buf,pos)=((uint32)(val)) -#define SSVALS(buf,pos,val) SVALS(buf,pos)=((int16)(val)) -#define SIVALS(buf,pos,val) IVALS(buf,pos)=((int32)(val)) -#endif +/* get single value from an SMB buffer */ +#define SVAL(buf,pos) (*(const uint16 *)((const char *)(buf) + (pos))) +#define SVAL_NC(buf,pos) (*(uint16 *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define IVAL(buf,pos) (*(const uint32 *)((const char *)(buf) + (pos))) +#define IVAL_NC(buf,pos) (*(uint32 *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define SVALS(buf,pos) (*(const int16 *)((const char *)(buf) + (pos))) +#define SVALS_NC(buf,pos) (*(int16 *)((char *)(buf) + (pos))) /* Non const version of above. */ +#define IVALS(buf,pos) (*(const int32 *)((const char *)(buf) + (pos))) +#define IVALS_NC(buf,pos) (*(int32 *)((char *)(buf) + (pos))) /* Non const version of above. */ + +/* store single value in an SMB buffer */ +#define SSVAL(buf,pos,val) SVAL_NC(buf,pos)=((const uint16)(val)) +#define SIVAL(buf,pos,val) IVAL_NC(buf,pos)=((const uint32)(val)) +#define SSVALS(buf,pos,val) SVALS_NC(buf,pos)=((const int16)(val)) +#define SIVALS(buf,pos,val) IVALS_NC(buf,pos)=((const int32)(val)) + +#endif /* CAREFUL_ALIGNMENT */ /* now the reverse routines - these are used in nmb packets (mostly) */ #define SREV(x) ((((x)&0xFF)<<8) | (((x)>>8)&0xFF)) #define IREV(x) ((SREV(x)<<16) | (SREV((x)>>16))) #define RSVAL(buf,pos) SREV(SVAL(buf,pos)) +#define RSVALS(buf,pos) SREV(SVALS(buf,pos)) #define RIVAL(buf,pos) IREV(IVAL(buf,pos)) +#define RIVALS(buf,pos) IREV(IVALS(buf,pos)) #define RSSVAL(buf,pos,val) SSVAL(buf,pos,SREV(val)) +#define RSSVALS(buf,pos,val) SSVALS(buf,pos,SREV(val)) #define RSIVAL(buf,pos,val) SIVAL(buf,pos,IREV(val)) +#define RSIVALS(buf,pos,val) SIVALS(buf,pos,IREV(val)) + +/* Alignment macros. */ +#define ALIGN4(p,base) ((p) + ((4 - (PTR_DIFF((p), (base)) & 3)) & 3)) +#define ALIGN2(p,base) ((p) + ((2 - (PTR_DIFF((p), (base)) & 1)) & 1)) + +#endif /* _BYTEORDER_H */ diff --git a/source3/include/charset.h b/source3/include/charset.h index 7091732223a..07d5e2d5993 100644 --- a/source3/include/charset.h +++ b/source3/include/charset.h @@ -1,8 +1,7 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. - Character set handling - Copyright (C) Andrew Tridgell 1992-1995 + Unix SMB/CIFS implementation. + charset defines + Copyright (C) Andrew Tridgell 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,43 +18,7 @@ Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -#ifndef CHARSET_C - -extern char *dos_char_map; -extern char *upper_char_map; -extern char *lower_char_map; -extern void add_char_string(char *s); -extern void charset_initialise(void); - -#ifdef toupper -#undef toupper -#endif - -#ifdef tolower -#undef tolower -#endif - -#ifdef isupper -#undef isupper -#endif - -#ifdef islower -#undef islower -#endif - -#ifdef isdoschar -#undef isdoschar -#endif - -#ifdef isspace -#undef isspace -#endif - -#define toupper(c) upper_char_map[(char)(c)] -#define tolower(c) lower_char_map[(char)(c)] -#define isupper(c) (((char)(c)) != tolower(c)) -#define islower(c) (((char)(c)) != toupper(c)) -#define isdoschar(c) (dos_char_map[(char)(c)] != 0) -#define isspace(c) ((c)==' ' || (c) == '\t') -#endif +/* this defines the charset types used in samba */ +typedef enum {CH_UCS2=0, CH_UNIX=1, CH_DISPLAY=2, CH_DOS=3, CH_UTF8=4} charset_t; +#define NUM_CHARSETS 5 diff --git a/source3/include/client.h b/source3/include/client.h new file mode 100644 index 00000000000..0974cd06664 --- /dev/null +++ b/source3/include/client.h @@ -0,0 +1,148 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Jeremy Allison 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _CLIENT_H +#define _CLIENT_H + +/* the client asks for a smaller buffer to save ram and also to get more + overlap on the wire. This size gives us a nice read/write size, which + will be a multiple of the page size on almost any system */ +#define CLI_BUFFER_SIZE (0xFFFF) + + +/* + * These definitions depend on smb.h + */ + +typedef struct file_info +{ + SMB_OFF_T size; + uint16 mode; + uid_t uid; + gid_t gid; + /* these times are normally kept in GMT */ + time_t mtime; + time_t atime; + time_t ctime; + pstring name; + char short_name[13*3]; /* the *3 is to cope with multi-byte */ +} file_info; + +struct print_job_info +{ + uint16 id; + uint16 priority; + size_t size; + fstring user; + fstring name; + time_t t; +}; + +struct cli_state { + int port; + int fd; + uint16 cnum; + uint16 pid; + uint16 mid; + uint16 vuid; + int protocol; + int sec_mode; + int rap_error; + int privileges; + + fstring eff_name; + fstring desthost; + fstring user_name; + fstring domain; + + /* + * The following strings are the + * ones returned by the server if + * the protocol > NT1. + */ + fstring server_type; + fstring server_os; + fstring server_domain; + + fstring share; + fstring dev; + struct nmb_name called; + struct nmb_name calling; + fstring full_dest_host_name; + struct in_addr dest_ip; + + struct pwd_info pwd; + DATA_BLOB secblob; /* cryptkey or negTokenInit */ + uint32 sesskey; + int serverzone; + uint32 servertime; + int readbraw_supported; + int writebraw_supported; + int timeout; /* in milliseconds. */ + int max_xmit; + int max_mux; + char *outbuf; + char *inbuf; + int bufsize; + int initialised; + int win95; + uint32 capabilities; + + TALLOC_CTX *mem_ctx; + + /* + * Only used in NT domain calls. + */ + + uint16 nt_pipe_fnum; /* Pipe handle. */ + unsigned char sess_key[16]; /* Current session key. */ + unsigned char ntlmssp_hash[258]; /* ntlmssp data. */ + uint32 ntlmssp_cli_flgs; /* ntlmssp client flags */ + uint32 ntlmssp_srv_flgs; /* ntlmssp server flags */ + uint32 ntlmssp_seq_num; /* ntlmssp sequence number */ + DOM_CRED clnt_cred; /* Client credential. */ + fstring mach_acct; /* MYNAME$. */ + fstring srv_name_slash; /* \\remote server. */ + fstring clnt_name_slash; /* \\local client. */ + uint16 max_xmit_frag; + uint16 max_recv_frag; + uint32 ntlmssp_flags; + BOOL use_kerberos; + BOOL use_spnego; + + BOOL use_oplocks; /* should we use oplocks? */ + BOOL use_level_II_oplocks; /* should we use level II oplocks? */ + + /* a oplock break request handler */ + BOOL (*oplock_handler)(struct cli_state *cli, int fnum, unsigned char level); + + BOOL force_dos_errors; + + /* was this structure allocated by cli_initialise? If so, then + free in cli_shutdown() */ + BOOL allocated; + + /* Name of the pipe we're talking to, if any */ + fstring pipe_name; +}; + +#endif /* _CLIENT_H */ diff --git a/source3/include/clitar.h b/source3/include/clitar.h index 2305fceeec7..b7731172d61 100644 --- a/source3/include/clitar.h +++ b/source3/include/clitar.h @@ -1,3 +1,25 @@ +/* + * Unix SMB/CIFS implementation. + * clitar file format + * Copyright (C) Andrew Tridgell 2000 + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _CLITAR_H +#define _CLITAR_H #define TBLOCK 512 #define NAMSIZ 100 @@ -15,3 +37,5 @@ union hblock { char linkname[NAMSIZ]; } dbuf; }; + +#endif /* _CLITAR_H */ diff --git a/source3/include/config.h.in b/source3/include/config.h.in new file mode 100644 index 00000000000..7328d022c1a --- /dev/null +++ b/source3/include/config.h.in @@ -0,0 +1,1159 @@ +/* include/config.h.in. Generated automatically from configure.in by autoheader 2.13. */ + +/* Define if on AIX 3. + System headers sometimes define this. + We just want to avoid a redefinition error message. */ +#ifndef _ALL_SOURCE +#undef _ALL_SOURCE +#endif + +/* Define if type char is unsigned and you are not using gcc. */ +#ifndef __CHAR_UNSIGNED__ +#undef __CHAR_UNSIGNED__ +#endif + +/* Define to empty if the keyword does not work. */ +#undef const + +/* Define to `int' if doesn't define. */ +#undef gid_t + +/* Define if you have a working `mmap' system call. */ +#undef HAVE_MMAP + +/* Define if your struct stat has st_rdev. */ +#undef HAVE_ST_RDEV + +/* Define if you have that is POSIX.1 compatible. */ +#undef HAVE_SYS_WAIT_H + +/* Define as __inline if that's what the C compiler calls it. */ +#undef inline + +/* Define to `int' if doesn't define. */ +#undef mode_t + +/* Define if your C compiler doesn't accept -c and -o together. */ +#undef NO_MINUS_C_MINUS_O + +/* Define to `long' if doesn't define. */ +#undef off_t + +/* Define to `int' if doesn't define. */ +#undef pid_t + +/* Define if you need to in order for stat and other things to work. */ +#undef _POSIX_SOURCE + +/* Define as the return type of signal handlers (int or void). */ +#undef RETSIGTYPE + +/* Define to `unsigned' if doesn't define. */ +#undef size_t + +/* Define if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define if you can safely include both and . */ +#undef TIME_WITH_SYS_TIME + +/* Define to `int' if doesn't define. */ +#undef uid_t + +/* Define if your processor stores words with the most significant + byte first (like Motorola and SPARC, unlike Intel and VAX). */ +#undef WORDS_BIGENDIAN + +#undef HAVE_VOLATILE +#undef HAVE_BROKEN_READDIR +#undef HAVE_C99_VSNPRINTF +#undef HAVE_ERRNO_DECL +#undef HAVE_LONGLONG +#undef HAVE_OFF64_T +#undef HAVE_REMSH +#undef HAVE_UNSIGNED_CHAR +#undef HAVE_UTIMBUF +#undef HAVE_SIG_ATOMIC_T_TYPE +#undef HAVE_SOCKLEN_T_TYPE +#undef ssize_t +#undef ino_t +#undef ssize_t +#undef loff_t +#undef offset_t +#undef aclent_t +#undef wchar_t +#undef HAVE_CONNECT +#undef HAVE_SHORT_INO_T +#undef WITH_SMBWRAPPER +#undef WITH_AFS +#undef WITH_DFS +#undef SUNOS5 +#undef SUNOS4 +#undef LINUX +#undef AIX +#undef BSD +#undef IRIX +#undef IRIX6 +#undef HPUX +#undef QNX +#undef SCO +#undef OSF1 +#undef NEXT2 +#undef RELIANTUNIX +#undef HAVE_MMAP +#undef HAVE_FCNTL_LOCK +#undef HAVE_FTRUNCATE_EXTEND +#undef FTRUNCATE_NEEDS_ROOT +#undef HAVE_TRAPDOOR_UID +#undef HAVE_ROOT +#undef HAVE_GETTIMEOFDAY_TZ +#undef HAVE_SOCK_SIN_LEN +#undef STAT_READ_FILSYS +#undef STAT_STATFS2_BSIZE +#undef STAT_STATFS2_FSIZE +#undef STAT_STATFS2_FS_DATA +#undef STAT_STATFS3_OSF1 +#undef STAT_STATFS4 +#undef STAT_STATVFS +#undef STAT_STATVFS64 +#undef HAVE_IFACE_AIX +#undef HAVE_IFACE_IFCONF +#undef HAVE_IFACE_IFREQ +#undef HAVE_CRYPT +#undef HAVE_PUTPRPWNAM +#undef HAVE_SET_AUTH_PARAMETERS +#undef WITH_SYSLOG +#undef WITH_PROFILE +#undef WITH_SSL +#undef SSL_DIR +#undef WITH_PAM +#undef WITH_NISPLUS_HOME +#undef WITH_AUTOMOUNT +#undef WITH_SMBMOUNT +#undef WITH_QUOTAS +#undef WITH_WINBIND +#undef HAVE_BROKEN_GETGROUPS +#undef REPLACE_GETPASS +#undef REPLACE_INET_NTOA +#undef HAVE_FILE_MACRO +#undef HAVE_FUNCTION_MACRO +#undef HAVE_SETRESUID_DECL +#undef HAVE_SETRESUID +#undef WITH_NETATALK +#undef WITH_UTMP +#undef WITH_MSDFS +#undef WITH_LIBICONV +#undef HAVE_INO64_T +#undef HAVE_DEV64_T +#undef HAVE_STRUCT_FLOCK64 +#undef SIZEOF_INO_T +#undef SIZEOF_OFF_T +#undef STAT_STATVFS64 +#undef HAVE_LIBREADLINE +#undef HAVE_KERNEL_SHARE_MODES +#undef HAVE_KERNEL_OPLOCKS_IRIX +#undef HAVE_KERNEL_OPLOCKS_LINUX +#undef HAVE_KERNEL_CHANGE_NOTIFY +#undef HAVE_IRIX_SPECIFIC_CAPABILITIES +#undef HAVE_INT16_FROM_RPC_RPC_H +#undef HAVE_UINT16_FROM_RPC_RPC_H +#undef HAVE_INT32_FROM_RPC_RPC_H +#undef HAVE_UINT32_FROM_RPC_RPC_H +#undef KRB4_AUTH +#undef KRB5_AUTH +#undef KRB4_DIR +#undef KRB5_DIR +#undef SEEKDIR_RETURNS_VOID +#undef HAVE_DIRENT_D_OFF +#undef HAVE_GETSPNAM +#undef HAVE_BIGCRYPT +#undef HAVE_GETPRPWNAM +#undef HAVE_FSTAT64 +#undef HAVE_LSTAT64 +#undef HAVE_STAT64 +#undef HAVE_SETRESGID +#undef HAVE_SETRESGID_DECL +#undef HAVE_SHADOW_H +#undef HAVE_CUPS +#undef HAVE_MEMSET +#undef HAVE_STRCASECMP +#undef HAVE_STRUCT_DIRENT64 +#undef HAVE_TRUNCATED_SALT +#undef BROKEN_NISPLUS_INCLUDE_FILES +#undef HAVE_RPC_AUTH_ERROR_CONFLICT +#undef HAVE_EXPLICIT_LARGEFILE_SUPPORT +#undef USE_BOTH_CRYPT_CALLS +#undef HAVE_BROKEN_FCNTL64_LOCKS +#undef HAVE_SECURE_MKSTEMP +#undef HAVE_FNMATCH +#undef USE_SETEUID +#undef USE_SETRESUID +#undef USE_SETREUID +#undef USE_SETUIDX +#undef HAVE_LIBDL +#undef SYSCONF_SC_NGROUPS_MAX +#undef HAVE_UT_UT_NAME +#undef HAVE_UT_UT_USER +#undef HAVE_UT_UT_ID +#undef HAVE_UT_UT_HOST +#undef HAVE_UT_UT_TIME +#undef HAVE_UT_UT_TV +#undef HAVE_UT_UT_TYPE +#undef HAVE_UT_UT_PID +#undef HAVE_UT_UT_EXIT +#undef HAVE_UT_UT_ADDR +#undef HAVE_UX_UT_SYSLEN +#undef PUTUTLINE_RETURNS_UTMP +#undef COMPILER_SUPPORTS_LL +#undef HAVE_YP_GET_DEFAULT_DOMAIN +#undef USE_SPINLOCKS +#undef SPARC_SPINLOCKS +#undef INTEL_SPINLOCKS +#undef MIPS_SPINLOCKS +#undef POWERPC_SPINLOCKS +#undef HAVE_POSIX_ACLS +#undef HAVE_ACL_GET_PERM_NP +#undef HAVE_UNIXWARE_ACLS +#undef HAVE_SOLARIS_ACLS +#undef HAVE_HPUX_ACLS +#undef HAVE_IRIX_ACLS +#undef HAVE_AIX_ACLS +#undef HAVE_TRU64_ACLS +#undef HAVE_NO_ACLS +#undef HAVE_LIBPAM +#undef HAVE_ASPRINTF_DECL +#undef HAVE_VASPRINTF_DECL +#undef HAVE_SNPRINTF_DECL +#undef HAVE_VSNPRINTF_DECL +#undef HAVE_NATIVE_ICONV +#undef HAVE_UNIXSOCKET +#undef MMAP_BLACKLIST +#undef HAVE_IMMEDIATE_STRUCTURES +#undef HAVE_CUPS +#undef WITH_LDAP_SAM +#undef WITH_NISPLUS_SAM +#undef WITH_TDB_SAM +#undef LINUX_QUOTAS_1 +#undef LINUX_QUOTAS_2 +#undef PACKAGE +#undef VERSION +#undef HAVE_LC_MESSAGES +#undef ENABLE_NLS +#undef HAVE_CATGETS +#undef HAVE_GETTEXT +#undef HAVE_STPCPY +#undef I18N_SWAT +#undef I18N_DEFAULT_PREF_LANG +#undef HAVE_KRB5 +#undef HAVE_GSSAPI +#undef BROKEN_REDHAT_7_SYSTEM_HEADERS +#undef HAVE_LDAP +#undef HAVE_STAT_ST_BLOCKS +#undef STAT_ST_BLOCKSIZE +#undef HAVE_DEVICE_MAJOR_FN +#undef HAVE_DEVICE_MINOR_FN +/* + * Add these definitions to allow VFS modules to + * see the CPPFLAGS defines. + */ +#ifndef _HPUX_SOURCE +#undef _HPUX_SOURCE +#endif +#ifndef _POSIX_SOURCE +#undef _POSIX_SOURCE +#endif +#ifndef _LARGEFILE64_SOURCE +#undef _LARGEFILE64_SOURCE +#endif +#ifndef _ALIGNMENT_REQUIRED +#undef _ALIGNMENT_REQUIRED +#endif +#ifndef _MAX_ALIGNMENT +#undef _MAX_ALIGNMENT +#endif +#ifndef _LARGE_FILES +#undef _LARGE_FILES +#endif +#ifndef _FILE_OFFSET_BITS +#undef _FILE_OFFSET_BITS +#endif +#ifndef _GNU_SOURCE +#undef _GNU_SOURCE +#endif + +/* The number of bytes in a int. */ +#undef SIZEOF_INT + +/* The number of bytes in a long. */ +#undef SIZEOF_LONG + +/* The number of bytes in a short. */ +#undef SIZEOF_SHORT + +/* Define if you have the __acl function. */ +#undef HAVE___ACL + +/* Define if you have the __chdir function. */ +#undef HAVE___CHDIR + +/* Define if you have the __close function. */ +#undef HAVE___CLOSE + +/* Define if you have the __closedir function. */ +#undef HAVE___CLOSEDIR + +/* Define if you have the __dup function. */ +#undef HAVE___DUP + +/* Define if you have the __dup2 function. */ +#undef HAVE___DUP2 + +/* Define if you have the __facl function. */ +#undef HAVE___FACL + +/* Define if you have the __fchdir function. */ +#undef HAVE___FCHDIR + +/* Define if you have the __fcntl function. */ +#undef HAVE___FCNTL + +/* Define if you have the __fork function. */ +#undef HAVE___FORK + +/* Define if you have the __fstat function. */ +#undef HAVE___FSTAT + +/* Define if you have the __fstat64 function. */ +#undef HAVE___FSTAT64 + +/* Define if you have the __fxstat function. */ +#undef HAVE___FXSTAT + +/* Define if you have the __getcwd function. */ +#undef HAVE___GETCWD + +/* Define if you have the __getdents function. */ +#undef HAVE___GETDENTS + +/* Define if you have the __llseek function. */ +#undef HAVE___LLSEEK + +/* Define if you have the __lseek function. */ +#undef HAVE___LSEEK + +/* Define if you have the __lstat function. */ +#undef HAVE___LSTAT + +/* Define if you have the __lstat64 function. */ +#undef HAVE___LSTAT64 + +/* Define if you have the __lxstat function. */ +#undef HAVE___LXSTAT + +/* Define if you have the __open function. */ +#undef HAVE___OPEN + +/* Define if you have the __open64 function. */ +#undef HAVE___OPEN64 + +/* Define if you have the __opendir function. */ +#undef HAVE___OPENDIR + +/* Define if you have the __pread function. */ +#undef HAVE___PREAD + +/* Define if you have the __pread64 function. */ +#undef HAVE___PREAD64 + +/* Define if you have the __pwrite function. */ +#undef HAVE___PWRITE + +/* Define if you have the __pwrite64 function. */ +#undef HAVE___PWRITE64 + +/* Define if you have the __read function. */ +#undef HAVE___READ + +/* Define if you have the __readdir function. */ +#undef HAVE___READDIR + +/* Define if you have the __readdir64 function. */ +#undef HAVE___READDIR64 + +/* Define if you have the __seekdir function. */ +#undef HAVE___SEEKDIR + +/* Define if you have the __stat function. */ +#undef HAVE___STAT + +/* Define if you have the __stat64 function. */ +#undef HAVE___STAT64 + +/* Define if you have the __sys_llseek function. */ +#undef HAVE___SYS_LLSEEK + +/* Define if you have the __telldir function. */ +#undef HAVE___TELLDIR + +/* Define if you have the __write function. */ +#undef HAVE___WRITE + +/* Define if you have the __xstat function. */ +#undef HAVE___XSTAT + +/* Define if you have the _acl function. */ +#undef HAVE__ACL + +/* Define if you have the _chdir function. */ +#undef HAVE__CHDIR + +/* Define if you have the _close function. */ +#undef HAVE__CLOSE + +/* Define if you have the _closedir function. */ +#undef HAVE__CLOSEDIR + +/* Define if you have the _dup function. */ +#undef HAVE__DUP + +/* Define if you have the _dup2 function. */ +#undef HAVE__DUP2 + +/* Define if you have the _facl function. */ +#undef HAVE__FACL + +/* Define if you have the _fchdir function. */ +#undef HAVE__FCHDIR + +/* Define if you have the _fcntl function. */ +#undef HAVE__FCNTL + +/* Define if you have the _fork function. */ +#undef HAVE__FORK + +/* Define if you have the _fstat function. */ +#undef HAVE__FSTAT + +/* Define if you have the _fstat64 function. */ +#undef HAVE__FSTAT64 + +/* Define if you have the _getcwd function. */ +#undef HAVE__GETCWD + +/* Define if you have the _getdents function. */ +#undef HAVE__GETDENTS + +/* Define if you have the _llseek function. */ +#undef HAVE__LLSEEK + +/* Define if you have the _lseek function. */ +#undef HAVE__LSEEK + +/* Define if you have the _lstat function. */ +#undef HAVE__LSTAT + +/* Define if you have the _lstat64 function. */ +#undef HAVE__LSTAT64 + +/* Define if you have the _open function. */ +#undef HAVE__OPEN + +/* Define if you have the _open64 function. */ +#undef HAVE__OPEN64 + +/* Define if you have the _opendir function. */ +#undef HAVE__OPENDIR + +/* Define if you have the _pread function. */ +#undef HAVE__PREAD + +/* Define if you have the _pread64 function. */ +#undef HAVE__PREAD64 + +/* Define if you have the _pwrite function. */ +#undef HAVE__PWRITE + +/* Define if you have the _pwrite64 function. */ +#undef HAVE__PWRITE64 + +/* Define if you have the _read function. */ +#undef HAVE__READ + +/* Define if you have the _readdir function. */ +#undef HAVE__READDIR + +/* Define if you have the _readdir64 function. */ +#undef HAVE__READDIR64 + +/* Define if you have the _seekdir function. */ +#undef HAVE__SEEKDIR + +/* Define if you have the _stat function. */ +#undef HAVE__STAT + +/* Define if you have the _stat64 function. */ +#undef HAVE__STAT64 + +/* Define if you have the _telldir function. */ +#undef HAVE__TELLDIR + +/* Define if you have the _write function. */ +#undef HAVE__WRITE + +/* Define if you have the asprintf function. */ +#undef HAVE_ASPRINTF + +/* Define if you have the atexit function. */ +#undef HAVE_ATEXIT + +/* Define if you have the bigcrypt function. */ +#undef HAVE_BIGCRYPT + +/* Define if you have the bzero function. */ +#undef HAVE_BZERO + +/* Define if you have the chmod function. */ +#undef HAVE_CHMOD + +/* Define if you have the chown function. */ +#undef HAVE_CHOWN + +/* Define if you have the chroot function. */ +#undef HAVE_CHROOT + +/* Define if you have the connect function. */ +#undef HAVE_CONNECT + +/* Define if you have the creat64 function. */ +#undef HAVE_CREAT64 + +/* Define if you have the crypt function. */ +#undef HAVE_CRYPT + +/* Define if you have the crypt16 function. */ +#undef HAVE_CRYPT16 + +/* Define if you have the dlclose function. */ +#undef HAVE_DLCLOSE + +/* Define if you have the dlerror function. */ +#undef HAVE_DLERROR + +/* Define if you have the dlopen function. */ +#undef HAVE_DLOPEN + +/* Define if you have the dlsym function. */ +#undef HAVE_DLSYM + +/* Define if you have the dup2 function. */ +#undef HAVE_DUP2 + +/* Define if you have the endnetgrent function. */ +#undef HAVE_ENDNETGRENT + +/* Define if you have the execl function. */ +#undef HAVE_EXECL + +/* Define if you have the fchmod function. */ +#undef HAVE_FCHMOD + +/* Define if you have the fchown function. */ +#undef HAVE_FCHOWN + +/* Define if you have the fcvt function. */ +#undef HAVE_FCVT + +/* Define if you have the fcvtl function. */ +#undef HAVE_FCVTL + +/* Define if you have the fopen64 function. */ +#undef HAVE_FOPEN64 + +/* Define if you have the fseek64 function. */ +#undef HAVE_FSEEK64 + +/* Define if you have the fseeko64 function. */ +#undef HAVE_FSEEKO64 + +/* Define if you have the fstat function. */ +#undef HAVE_FSTAT + +/* Define if you have the fstat64 function. */ +#undef HAVE_FSTAT64 + +/* Define if you have the fsync function. */ +#undef HAVE_FSYNC + +/* Define if you have the ftell64 function. */ +#undef HAVE_FTELL64 + +/* Define if you have the ftello64 function. */ +#undef HAVE_FTELLO64 + +/* Define if you have the ftruncate function. */ +#undef HAVE_FTRUNCATE + +/* Define if you have the ftruncate64 function. */ +#undef HAVE_FTRUNCATE64 + +/* Define if you have the getauthuid function. */ +#undef HAVE_GETAUTHUID + +/* Define if you have the getcwd function. */ +#undef HAVE_GETCWD + +/* Define if you have the getdents function. */ +#undef HAVE_GETDENTS + +/* Define if you have the getgrent function. */ +#undef HAVE_GETGRENT + +/* Define if you have the getgrnam function. */ +#undef HAVE_GETGRNAM + +/* Define if you have the getnetgrent function. */ +#undef HAVE_GETNETGRENT + +/* Define if you have the getprpwnam function. */ +#undef HAVE_GETPRPWNAM + +/* Define if you have the getpwanam function. */ +#undef HAVE_GETPWANAM + +/* Define if you have the getrlimit function. */ +#undef HAVE_GETRLIMIT + +/* Define if you have the getspnam function. */ +#undef HAVE_GETSPNAM + +/* Define if you have the getutmpx function. */ +#undef HAVE_GETUTMPX + +/* Define if you have the glob function. */ +#undef HAVE_GLOB + +/* Define if you have the grantpt function. */ +#undef HAVE_GRANTPT + +/* Define if you have the initgroups function. */ +#undef HAVE_INITGROUPS + +/* Define if you have the innetgr function. */ +#undef HAVE_INNETGR + +/* Define if you have the link function. */ +#undef HAVE_LINK + +/* Define if you have the llseek function. */ +#undef HAVE_LLSEEK + +/* Define if you have the lseek64 function. */ +#undef HAVE_LSEEK64 + +/* Define if you have the lstat64 function. */ +#undef HAVE_LSTAT64 + +/* Define if you have the memmove function. */ +#undef HAVE_MEMMOVE + +/* Define if you have the memset function. */ +#undef HAVE_MEMSET + +/* Define if you have the mknod function. */ +#undef HAVE_MKNOD + +/* Define if you have the mknod64 function. */ +#undef HAVE_MKNOD64 + +/* Define if you have the mktime function. */ +#undef HAVE_MKTIME + +/* Define if you have the open64 function. */ +#undef HAVE_OPEN64 + +/* Define if you have the pathconf function. */ +#undef HAVE_PATHCONF + +/* Define if you have the pipe function. */ +#undef HAVE_PIPE + +/* Define if you have the poll function. */ +#undef HAVE_POLL + +/* Define if you have the pread function. */ +#undef HAVE_PREAD + +/* Define if you have the pread64 function. */ +#undef HAVE_PREAD64 + +/* Define if you have the putprpwnam function. */ +#undef HAVE_PUTPRPWNAM + +/* Define if you have the pututline function. */ +#undef HAVE_PUTUTLINE + +/* Define if you have the pututxline function. */ +#undef HAVE_PUTUTXLINE + +/* Define if you have the pwrite function. */ +#undef HAVE_PWRITE + +/* Define if you have the pwrite64 function. */ +#undef HAVE_PWRITE64 + +/* Define if you have the rand function. */ +#undef HAVE_RAND + +/* Define if you have the random function. */ +#undef HAVE_RANDOM + +/* Define if you have the rdchk function. */ +#undef HAVE_RDCHK + +/* Define if you have the readdir64 function. */ +#undef HAVE_READDIR64 + +/* Define if you have the readlink function. */ +#undef HAVE_READLINK + +/* Define if you have the realpath function. */ +#undef HAVE_REALPATH + +/* Define if you have the rename function. */ +#undef HAVE_RENAME + +/* Define if you have the select function. */ +#undef HAVE_SELECT + +/* Define if you have the set_auth_parameters function. */ +#undef HAVE_SET_AUTH_PARAMETERS + +/* Define if you have the setbuffer function. */ +#undef HAVE_SETBUFFER + +/* Define if you have the setenv function. */ +#undef HAVE_SETENV + +/* Define if you have the setgidx function. */ +#undef HAVE_SETGIDX + +/* Define if you have the setgroups function. */ +#undef HAVE_SETGROUPS + +/* Define if you have the setlinebuf function. */ +#undef HAVE_SETLINEBUF + +/* Define if you have the setluid function. */ +#undef HAVE_SETLUID + +/* Define if you have the setnetgrent function. */ +#undef HAVE_SETNETGRENT + +/* Define if you have the setpgid function. */ +#undef HAVE_SETPGID + +/* Define if you have the setpriv function. */ +#undef HAVE_SETPRIV + +/* Define if you have the setsid function. */ +#undef HAVE_SETSID + +/* Define if you have the setuidx function. */ +#undef HAVE_SETUIDX + +/* Define if you have the sigaction function. */ +#undef HAVE_SIGACTION + +/* Define if you have the sigblock function. */ +#undef HAVE_SIGBLOCK + +/* Define if you have the sigprocmask function. */ +#undef HAVE_SIGPROCMASK + +/* Define if you have the sigset function. */ +#undef HAVE_SIGSET + +/* Define if you have the snprintf function. */ +#undef HAVE_SNPRINTF + +/* Define if you have the srand function. */ +#undef HAVE_SRAND + +/* Define if you have the srandom function. */ +#undef HAVE_SRANDOM + +/* Define if you have the stat64 function. */ +#undef HAVE_STAT64 + +/* Define if you have the strcasecmp function. */ +#undef HAVE_STRCASECMP + +/* Define if you have the strchr function. */ +#undef HAVE_STRCHR + +/* Define if you have the strdup function. */ +#undef HAVE_STRDUP + +/* Define if you have the strerror function. */ +#undef HAVE_STRERROR + +/* Define if you have the strftime function. */ +#undef HAVE_STRFTIME + +/* Define if you have the strlcat function. */ +#undef HAVE_STRLCAT + +/* Define if you have the strlcpy function. */ +#undef HAVE_STRLCPY + +/* Define if you have the strndup function. */ +#undef HAVE_STRNDUP + +/* Define if you have the strpbrk function. */ +#undef HAVE_STRPBRK + +/* Define if you have the strtoul function. */ +#undef HAVE_STRTOUL + +/* Define if you have the symlink function. */ +#undef HAVE_SYMLINK + +/* Define if you have the syscall function. */ +#undef HAVE_SYSCALL + +/* Define if you have the sysconf function. */ +#undef HAVE_SYSCONF + +/* Define if you have the syslog function. */ +#undef HAVE_SYSLOG + +/* Define if you have the updwtmp function. */ +#undef HAVE_UPDWTMP + +/* Define if you have the updwtmpx function. */ +#undef HAVE_UPDWTMPX + +/* Define if you have the usleep function. */ +#undef HAVE_USLEEP + +/* Define if you have the utime function. */ +#undef HAVE_UTIME + +/* Define if you have the utimes function. */ +#undef HAVE_UTIMES + +/* Define if you have the vasprintf function. */ +#undef HAVE_VASPRINTF + +/* Define if you have the vsnprintf function. */ +#undef HAVE_VSNPRINTF + +/* Define if you have the vsyslog function. */ +#undef HAVE_VSYSLOG + +/* Define if you have the waitpid function. */ +#undef HAVE_WAITPID + +/* Define if you have the yp_get_default_domain function. */ +#undef HAVE_YP_GET_DEFAULT_DOMAIN + +/* Define if you have the header file. */ +#undef HAVE_ARPA_INET_H + +/* Define if you have the header file. */ +#undef HAVE_COMPAT_H + +/* Define if you have the header file. */ +#undef HAVE_CTYPE_H + +/* Define if you have the header file. */ +#undef HAVE_CUPS_CUPS_H + +/* Define if you have the header file. */ +#undef HAVE_CUPS_LANGUAGE_H + +/* Define if you have the header file. */ +#undef HAVE_DIRENT_H + +/* Define if you have the header file. */ +#undef HAVE_FCNTL_H + +/* Define if you have the header file. */ +#undef HAVE_GLOB_H + +/* Define if you have the header file. */ +#undef HAVE_GRP_H + +/* Define if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_H + +/* Define if you have the header file. */ +#undef HAVE_GSSAPI_GSSAPI_GENERIC_H + +/* Define if you have the header file. */ +#undef HAVE_HISTORY_H + +/* Define if you have the header file. */ +#undef HAVE_KRB5_H + +/* Define if you have the header file. */ +#undef HAVE_LASTLOG_H + +/* Define if you have the header file. */ +#undef HAVE_LBER_H + +/* Define if you have the header file. */ +#undef HAVE_LDAP_H + +/* Define if you have the header file. */ +#undef HAVE_LIMITS_H + +/* Define if you have the header file. */ +#undef HAVE_LINUX_XQM_H + +/* Define if you have the header file. */ +#undef HAVE_MEMORY_H + +/* Define if you have the header file. */ +#undef HAVE_NDIR_H + +/* Define if you have the header file. */ +#undef HAVE_NET_IF_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IN_IP_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IN_SYSTM_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_IP_H + +/* Define if you have the header file. */ +#undef HAVE_NETINET_TCP_H + +/* Define if you have the header file. */ +#undef HAVE_NS_API_H + +/* Define if you have the header file. */ +#undef HAVE_NSS_H + +/* Define if you have the header file. */ +#undef HAVE_NSS_COMMON_H + +/* Define if you have the header file. */ +#undef HAVE_POLL_H + +/* Define if you have the header file. */ +#undef HAVE_READLINE_H + +/* Define if you have the header file. */ +#undef HAVE_READLINE_HISTORY_H + +/* Define if you have the header file. */ +#undef HAVE_READLINE_READLINE_H + +/* Define if you have the header file. */ +#undef HAVE_RPC_RPC_H + +/* Define if you have the header file. */ +#undef HAVE_RPCSVC_NIS_H + +/* Define if you have the header file. */ +#undef HAVE_RPCSVC_YP_PROT_H + +/* Define if you have the header file. */ +#undef HAVE_RPCSVC_YPCLNT_H + +/* Define if you have the header file. */ +#undef HAVE_SECURITY__PAM_MACROS_H + +/* Define if you have the header file. */ +#undef HAVE_SECURITY_PAM_APPL_H + +/* Define if you have the header file. */ +#undef HAVE_SECURITY_PAM_MODULES_H + +/* Define if you have the header file. */ +#undef HAVE_SHADOW_H + +/* Define if you have the header file. */ +#undef HAVE_STDARG_H + +/* Define if you have the header file. */ +#undef HAVE_STDLIB_H + +/* Define if you have the header file. */ +#undef HAVE_STRING_H + +/* Define if you have the header file. */ +#undef HAVE_STRINGS_H + +/* Define if you have the header file. */ +#undef HAVE_STROPTS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_ACL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_CAPABILITY_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_CDEFS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_DIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_DUSTAT_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FCNTL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FILIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FILSYS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FS_S5PARAM_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_FS_VX_QUOTA_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_ID_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_IOCTL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_IPC_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_MMAN_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_MODE_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_MOUNT_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_NDIR_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_PARAM_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_PRIV_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_RESOURCE_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SECURITY_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SELECT_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SHM_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SOCKET_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SOCKIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STATFS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_STATVFS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_SYSCALL_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TERMIO_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_TIME_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_UNISTD_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_VFS_H + +/* Define if you have the header file. */ +#undef HAVE_SYS_WAIT_H + +/* Define if you have the header file. */ +#undef HAVE_SYSCALL_H + +/* Define if you have the header file. */ +#undef HAVE_TERMIO_H + +/* Define if you have the header file. */ +#undef HAVE_TERMIOS_H + +/* Define if you have the header file. */ +#undef HAVE_UNISTD_H + +/* Define if you have the header file. */ +#undef HAVE_UTIME_H + +/* Define if you have the header file. */ +#undef HAVE_UTMP_H + +/* Define if you have the header file. */ +#undef HAVE_UTMPX_H + +/* Define if you have the acl library (-lacl). */ +#undef HAVE_LIBACL + +/* Define if you have the cups library (-lcups). */ +#undef HAVE_LIBCUPS + +/* Define if you have the gen library (-lgen). */ +#undef HAVE_LIBGEN + +/* Define if you have the iconv library (-liconv). */ +#undef HAVE_LIBICONV + +/* Define if you have the inet library (-linet). */ +#undef HAVE_LIBINET + +/* Define if you have the nsl library (-lnsl). */ +#undef HAVE_LIBNSL + +/* Define if you have the nsl_s library (-lnsl_s). */ +#undef HAVE_LIBNSL_S + +/* Define if you have the resolv library (-lresolv). */ +#undef HAVE_LIBRESOLV + +/* Define if you have the sec library (-lsec). */ +#undef HAVE_LIBSEC + +/* Define if you have the security library (-lsecurity). */ +#undef HAVE_LIBSECURITY + +/* Define if you have the socket library (-lsocket). */ +#undef HAVE_LIBSOCKET + +/* Define to turn on dmalloc debugging */ +#undef ENABLE_DMALLOC + +/* Define to check invariants around some common functions */ +#undef DMALLOC_FUNC_CHECK + +/* Do we have rl_completion_matches? */ +#undef HAVE_NEW_LIBREADLINE + +/* Define if you have working AF_LOCAL sockets */ +#undef HAVE_WORKING_AF_LOCAL + diff --git a/source3/include/debug.h b/source3/include/debug.h new file mode 100644 index 00000000000..235fbf70c4e --- /dev/null +++ b/source3/include/debug.h @@ -0,0 +1,197 @@ +/* + Unix SMB/CIFS implementation. + SMB debug stuff + Copyright (C) Andrew Tridgell 1992-1998 + Copyright (C) John H Terpstra 1996-1998 + Copyright (C) Luke Kenneth Casson Leighton 1996-1998 + Copyright (C) Paul Ashton 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _DEBUG_H +#define _DEBUG_H + +/* -------------------------------------------------------------------------- ** + * Debugging code. See also debug.c + */ + +/* mkproto.awk has trouble with ifdef'd function definitions (it ignores + * the #ifdef directive and will read both definitions, thus creating two + * diffferent prototype declarations), so we must do these by hand. + */ +/* I know the __attribute__ stuff is ugly, but it does ensure we get the + arguemnts to DEBUG() right. We have got them wrong too often in the + past. + */ +int Debug1( char *, ... ) PRINTF_ATTRIBUTE(1,2); +BOOL dbgtext( char *, ... ) PRINTF_ATTRIBUTE(1,2); + +extern XFILE *dbf; + +/* If we have these macros, we can add additional info to the header. */ +#ifdef HAVE_FILE_MACRO +#define FILE_MACRO (__FILE__) +#else +#define FILE_MACRO ("") +#endif + +#ifdef HAVE_FUNCTION_MACRO +#define FUNCTION_MACRO (__FUNCTION__) +#else +#define FUNCTION_MACRO ("") +#endif + +/* + * Redefine DEBUGLEVEL because so we don't have to change every source file + * that *unnecessarily* references it. Source files neeed not extern reference + * DEBUGLEVEL, as it's extern in includes.h (which all source files include). + * Eventually, all these references should be removed, and all references to + * DEBUGLEVEL should be references to DEBUGLEVEL_CLASS[DBGC_ALL]. This could + * still be through a macro still called DEBUGLEVEL. This cannot be done now + * because some references would expand incorrectly. + */ +#define DEBUGLEVEL *debug_level + + +/* + * Define all new debug classes here. A class is represented by an entry in + * the DEBUGLEVEL_CLASS array. Index zero of this arrray is equivalent to the + * old DEBUGLEVEL. Any source file that does NOT add the following lines: + * + * #undef DBGC_CLASS + * #define DBGC_CLASS DBGC_ + * + * at the start of the file (after #include "includes.h") will default to + * using index zero, so it will behaive just like it always has. + */ +#define DBGC_CLASS 0 /* override as shown above */ +#define DBGC_ALL 0 /* index equivalent to DEBUGLEVEL */ + +#define DBGC_TDB 1 +#define DBGC_PRINTDRIVERS 2 +#define DBGC_LANMAN 3 +#define DBGC_SMB 4 +#define DBGC_RPC 5 +#define DBGC_RPC_HDR 6 +#define DBGC_BDC 7 + +#define DBGC_LAST 8 /* MUST be last class value + 1 */ + +extern int DEBUGLEVEL_CLASS[DBGC_LAST]; +extern BOOL DEBUGLEVEL_CLASS_ISSET[DBGC_LAST]; + +struct debuglevel_message { + int debuglevel_class[DBGC_LAST]; + BOOL debuglevel_class_isset[DBGC_LAST]; +}; + +/* Debugging macros + * + * DEBUGLVL() + * If the 'file specific' debug class level >= level OR the system-wide + * DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then + * generate a header using the default macros for file, line, and + * function name. Returns True if the debug level was <= DEBUGLEVEL. + * + * Example: if( DEBUGLVL( 2 ) ) dbgtext( "Some text.\n" ); + * + * DEBUGLVLC() + * If the 'macro specified' debug class level >= level OR the system-wide + * DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then + * generate a header using the default macros for file, line, and + * function name. Returns True if the debug level was <= DEBUGLEVEL. + * + * Example: if( DEBUGLVLC( DBGC_TDB, 2 ) ) dbgtext( "Some text.\n" ); + * + * DEBUG() + * If the 'file specific' debug class level >= level OR the system-wide + * DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then + * generate a header using the default macros for file, line, and + * function name. Each call to DEBUG() generates a new header *unless* the + * previous debug output was unterminated (i.e. no '\n'). + * See debug.c:dbghdr() for more info. + * + * Example: DEBUG( 2, ("Some text and a value %d.\n", value) ); + * + * DEBUGC() + * If the 'macro specified' debug class level >= level OR the system-wide + * DEBUGLEVEL (synomym for DEBUGLEVEL_CLASS[ DBGC_ALL ]) >= level then + * generate a header using the default macros for file, line, and + * function name. Each call to DEBUG() generates a new header *unless* the + * previous debug output was unterminated (i.e. no '\n'). + * See debug.c:dbghdr() for more info. + * + * Example: DEBUGC( DBGC_TDB, 2, ("Some text and a value %d.\n", value) ); + * + * DEBUGADD(), DEBUGADDC() + * Same as DEBUG() and DEBUGC() except the text is appended to the previous + * DEBUG(), DEBUGC(), DEBUGADD(), DEBUGADDC() with out another interviening + * header. + * + * Example: DEBUGADD( 2, ("Some text and a value %d.\n", value) ); + * DEBUGADDC( DBGC_TDB, 2, ("Some text and a value %d.\n", value) ); + * + * Note: If the debug class has not be redeined (see above) then the optimizer + * will remove the extra conditional test. + */ + +#define DEBUGLVL( level ) \ + ( ((level) <= MAX_DEBUG_LEVEL) && \ + ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ + (!DEBUGLEVEL_CLASS[ DBGC_CLASS ] && \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) + + +#define DEBUGLVLC( dbgc_class, level ) \ + ( ((level) <= MAX_DEBUG_LEVEL) && \ + ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ + (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + && dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) ) ) + + +#define DEBUG( level, body ) \ + (void)( ((level) <= MAX_DEBUG_LEVEL) && \ + ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ + (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \ + && (dbgtext body) ) + +#define DEBUGC( dbgc_class, level, body ) \ + (void)( ((level) <= MAX_DEBUG_LEVEL) && \ + ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ + (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + && (dbghdr( level, FILE_MACRO, FUNCTION_MACRO, (__LINE__) )) \ + && (dbgtext body) ) + +#define DEBUGADD( level, body ) \ + (void)( ((level) <= MAX_DEBUG_LEVEL) && \ + ((DEBUGLEVEL_CLASS[ DBGC_CLASS ] >= (level))|| \ + (!DEBUGLEVEL_CLASS_ISSET[ DBGC_CLASS ] && \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + && (dbgtext body) ) + +#define DEBUGADDC( dbgc_class, level, body ) \ + (void)( ((level) <= MAX_DEBUG_LEVEL) && \ + ((DEBUGLEVEL_CLASS[ dbgc_class ] >= (level))|| \ + (!DEBUGLEVEL_CLASS_ISSET[ dbgc_class ] && \ + DEBUGLEVEL_CLASS[ DBGC_ALL ] >= (level)) ) \ + && (dbgtext body) ) + +#endif diff --git a/source3/include/dlinklist.h b/source3/include/dlinklist.h new file mode 100644 index 00000000000..794aea75766 --- /dev/null +++ b/source3/include/dlinklist.h @@ -0,0 +1,78 @@ +/* + Unix SMB/CIFS implementation. + some simple double linked list macros + Copyright (C) Andrew Tridgell 1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* To use these macros you must have a structure containing a next and + prev pointer */ + + +/* hook into the front of the list */ +#define DLIST_ADD(list, p) \ +{ \ + if (!(list)) { \ + (list) = (p); \ + (p)->next = (p)->prev = NULL; \ + } else { \ + (list)->prev = (p); \ + (p)->next = (list); \ + (p)->prev = NULL; \ + (list) = (p); \ + }\ +} + +/* remove an element from a list - element doesn't have to be in list. */ +#define DLIST_REMOVE(list, p) \ +{ \ + if ((p) == (list)) { \ + (list) = (p)->next; \ + if (list) (list)->prev = NULL; \ + } else { \ + if ((p)->prev) (p)->prev->next = (p)->next; \ + if ((p)->next) (p)->next->prev = (p)->prev; \ + } \ + if ((p) && ((p) != (list))) (p)->next = (p)->prev = NULL; \ +} + +/* promote an element to the top of the list */ +#define DLIST_PROMOTE(list, p) \ +{ \ + DLIST_REMOVE(list, p) \ + DLIST_ADD(list, p) \ +} + +/* hook into the end of the list - needs a tmp pointer */ +#define DLIST_ADD_END(list, p, tmp) \ +{ \ + if (!(list)) { \ + (list) = (p); \ + (p)->next = (p)->prev = NULL; \ + } else { \ + for ((tmp) = (list); (tmp)->next; (tmp) = (tmp)->next) ; \ + (tmp)->next = (p); \ + (p)->next = NULL; \ + (p)->prev = (tmp); \ + } \ +} + +/* demote an element to the top of the list, needs a tmp pointer */ +#define DLIST_DEMOTE(list, p, tmp) \ +{ \ + DLIST_REMOVE(list, p) \ + DLIST_ADD_END(list, p, tmp) \ +} diff --git a/source3/include/doserr.h b/source3/include/doserr.h new file mode 100644 index 00000000000..4945bc69d72 --- /dev/null +++ b/source3/include/doserr.h @@ -0,0 +1,193 @@ +/* + Unix SMB/CIFS implementation. + DOS error code constants + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) John H Terpstra 1996-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Paul Ashton 1998-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _DOSERR_H +#define _DOSERR_H + +/* Error classes */ + +#define ERRDOS 0x01 /* Error is from the core DOS operating system set. */ +#define ERRSRV 0x02 /* Error is generated by the server network file manager.*/ +#define ERRHRD 0x03 /* Error is an hardware error. */ +#define ERRCMD 0xFF /* Command was not in the "SMB" format. */ + +/* SMB X/Open error codes for the ERRDOS error class */ +#define ERRsuccess 0 /* No error */ +#define ERRbadfunc 1 /* Invalid function (or system call) */ +#define ERRbadfile 2 /* File not found (pathname error) */ +#define ERRbadpath 3 /* Directory not found */ +#define ERRnofids 4 /* Too many open files */ +#define ERRnoaccess 5 /* Access denied */ +#define ERRbadfid 6 /* Invalid fid */ +#define ERRbadmcb 7 /* Memory control blocks destroyed. */ +#define ERRnomem 8 /* Out of memory */ +#define ERRbadmem 9 /* Invalid memory block address */ +#define ERRbadenv 10 /* Invalid environment */ +#define ERRbadaccess 12 /* Invalid open mode */ +#define ERRbaddata 13 /* Invalid data (only from ioctl call) */ +#define ERRres 14 /* reserved */ +#define ERRbaddrive 15 /* Invalid drive */ +#define ERRremcd 16 /* Attempt to delete current directory */ +#define ERRdiffdevice 17 /* rename/move across different filesystems */ +#define ERRnofiles 18 /* no more files found in file search */ +#define ERRgeneral 31 /* General failure */ +#define ERRbadshare 32 /* Share mode on file conflict with open mode */ +#define ERRlock 33 /* Lock request conflicts with existing lock */ +#define ERRunsup 50 /* Request unsupported, returned by Win 95, RJS 20Jun98 */ +#define ERRnetnamedel 64 /* Network name deleted or not available */ +#define ERRnosuchshare 67 /* You specified an invalid share name */ +#define ERRfilexists 80 /* File in operation already exists */ +#define ERRinvalidparam 87 +#define ERRcannotopen 110 /* Cannot open the file specified */ +#define ERRinsufficientbuffer 122 +#define ERRinvalidname 123 /* Invalid name */ +#define ERRunknownlevel 124 +#define ERRnotlocked 158 /* This region is not locked by this locking context. */ +#define ERRrename 183 +#define ERRbadpipe 230 /* Named pipe invalid */ +#define ERRpipebusy 231 /* All instances of pipe are busy */ +#define ERRpipeclosing 232 /* named pipe close in progress */ +#define ERRnotconnected 233 /* No process on other end of named pipe */ +#define ERRmoredata 234 /* More data to be returned */ +#define ERRnomoreitems 259 +#define ERRbaddirectory 267 /* Invalid directory name in a path. */ +#define ERReasnotsupported 282 /* Extended attributes */ +#define ERRlogonfailure 1326 /* Unknown username or bad password */ +#define ERRbuftoosmall 2123 +#define ERRunknownipc 2142 +#define ERRnosuchprintjob 2151 +#define ERRinvgroup 2455 + +/* here's a special one from observing NT */ +#define ERRnoipc 66 /* don't support ipc */ + +/* These errors seem to be only returned by the NT printer driver system */ + +#define ERRunknownprinterdriver 1797 /* ERROR_UNKNOWN_PRINTER_DRIVER */ +#define ERRinvalidprintername 1801 /* ERROR_INVALID_PRINTER_NAME */ +#define ERRprinteralreadyexists 1802 /* ERROR_PRINTER_ALREADY_EXISTS */ +#define ERRinvaliddatatype 1804 /* ERROR_INVALID_DATATYPE */ +#define ERRinvalidenvironment 1805 /* ERROR_INVALID_ENVIRONMENT */ +#define ERRprinterdriverinuse 3001 /* ERROR_PRINTER_DRIVER_IN_USE */ + +/* Error codes for the ERRSRV class */ + +#define ERRerror 1 /* Non specific error code */ +#define ERRbadpw 2 /* Bad password */ +#define ERRbadtype 3 /* reserved */ +#define ERRaccess 4 /* No permissions to do the requested operation */ +#define ERRinvnid 5 /* tid invalid */ +#define ERRinvnetname 6 /* Invalid servername */ +#define ERRinvdevice 7 /* Invalid device */ +#define ERRqfull 49 /* Print queue full */ +#define ERRqtoobig 50 /* Queued item too big */ +#define ERRinvpfid 52 /* Invalid print file in smb_fid */ +#define ERRsmbcmd 64 /* Unrecognised command */ +#define ERRsrverror 65 /* smb server internal error */ +#define ERRfilespecs 67 /* fid and pathname invalid combination */ +#define ERRbadlink 68 /* reserved */ +#define ERRbadpermits 69 /* Access specified for a file is not valid */ +#define ERRbadpid 70 /* reserved */ +#define ERRsetattrmode 71 /* attribute mode invalid */ +#define ERRpaused 81 /* Message server paused */ +#define ERRmsgoff 82 /* Not receiving messages */ +#define ERRnoroom 83 /* No room for message */ +#define ERRrmuns 87 /* too many remote usernames */ +#define ERRtimeout 88 /* operation timed out */ +#define ERRnoresource 89 /* No resources currently available for request. */ +#define ERRtoomanyuids 90 /* too many userids */ +#define ERRbaduid 91 /* bad userid */ +#define ERRuseMPX 250 /* temporarily unable to use raw mode, use MPX mode */ +#define ERRuseSTD 251 /* temporarily unable to use raw mode, use standard mode */ +#define ERRcontMPX 252 /* resume MPX mode */ +#define ERRbadPW /* reserved */ +#define ERRnosupport 0xFFFF +#define ERRunknownsmb 22 /* from NT 3.5 response */ + +/* Error codes for the ERRHRD class */ + +#define ERRnowrite 19 /* read only media */ +#define ERRbadunit 20 /* Unknown device */ +#define ERRnotready 21 /* Drive not ready */ +#define ERRbadcmd 22 /* Unknown command */ +#define ERRdata 23 /* Data (CRC) error */ +#define ERRbadreq 24 /* Bad request structure length */ +#define ERRseek 25 +#define ERRbadmedia 26 +#define ERRbadsector 27 +#define ERRnopaper 28 +#define ERRwrite 29 /* write fault */ +#define ERRread 30 /* read fault */ +#define ERRgeneral 31 /* General hardware failure */ +#define ERRwrongdisk 34 +#define ERRFCBunavail 35 +#define ERRsharebufexc 36 /* share buffer exceeded */ +#define ERRdiskfull 39 + + +/* these are win32 error codes. There are only a few places where + these matter for Samba, primarily in the NT printing code */ +#define WERR_OK W_ERROR(0) +#define WERR_BADFILE W_ERROR(2) +#define WERR_ACCESS_DENIED W_ERROR(5) +#define WERR_BADFID W_ERROR(6) +#define WERR_BADFUNC W_ERROR(1) +#define WERR_INSUFFICIENT_BUFFER W_ERROR(122) +#define WERR_NO_SUCH_SHARE W_ERROR(67) +#define WERR_ALREADY_EXISTS W_ERROR(80) +#define WERR_INVALID_PARAM W_ERROR(87) +#define WERR_NOT_SUPPORTED W_ERROR(50) +#define WERR_BAD_PASSWORD W_ERROR(86) +#define WERR_NOMEM W_ERROR(8) +#define WERR_INVALID_NAME W_ERROR(123) +#define WERR_UNKNOWN_LEVEL W_ERROR(124) +#define WERR_OBJECT_PATH_INVALID W_ERROR(161) +#define WERR_NO_MORE_ITEMS W_ERROR(259) +#define WERR_MORE_DATA W_ERROR(234) +#define WERR_UNKNOWN_PRINTER_DRIVER W_ERROR(1797) +#define WERR_INVALID_PRINTER_NAME W_ERROR(1801) +#define WERR_PRINTER_ALREADY_EXISTS W_ERROR(1802) +#define WERR_INVALID_DATATYPE W_ERROR(1804) +#define WERR_INVALID_ENVIRONMENT W_ERROR(1805) +#define WERR_INVALID_FORM_NAME W_ERROR(1902) +#define WERR_INVALID_FORM_SIZE W_ERROR(1903) +#define WERR_BUF_TOO_SMALL W_ERROR(2123) +#define WERR_JOB_NOT_FOUND W_ERROR(2151) +#define WERR_DEST_NOT_FOUND W_ERROR(2152) +#define WERR_NOT_LOCAL_DOMAIN W_ERROR(2320) +#define WERR_PRINTER_DRIVER_IN_USE W_ERROR(3001) +#define WERR_STATUS_MORE_ENTRIES W_ERROR(0x0105) + +/* DFS errors */ + +#ifndef NERR_BASE +#define NERR_BASE (2100) +#endif + +#define WERR_DFS_NO_SUCH_VOL W_ERROR(NERR_BASE+562) +#define WERR_DFS_NO_SUCH_SHARE W_ERROR(NERR_BASE+565) +#define WERR_DFS_NO_SUCH_SERVER W_ERROR(NERR_BASE+573) +#define WERR_DFS_INTERNAL_ERROR W_ERROR(NERR_BASE+590) +#define WERR_DFS_CANT_CREATE_JUNCT W_ERROR(NERR_BASE+569) + +#endif /* _DOSERR_H */ diff --git a/source3/include/dynconfig.h b/source3/include/dynconfig.h new file mode 100644 index 00000000000..eaa3a0568d3 --- /dev/null +++ b/source3/include/dynconfig.h @@ -0,0 +1,36 @@ +/* + Unix SMB/CIFS implementation. + Copyright (C) 2001 by Martin Pool + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/** + * @file dynconfig.h + * + * @brief Exported global configurations. + **/ + +extern char const *dyn_SBINDIR, + *dyn_BINDIR, + *dyn_SWATDIR; + +extern pstring dyn_CONFIGFILE; +extern pstring dyn_LOGFILEBASE, dyn_LMHOSTSFILE; +extern pstring dyn_LIBDIR; +extern const pstring dyn_LOCKDIR; +extern const pstring dyn_DRIVERFILE; +extern const pstring dyn_SMB_PASSWD_FILE; +extern const pstring dyn_PRIVATE_DIR; diff --git a/source3/include/hash.h b/source3/include/hash.h new file mode 100644 index 00000000000..c327c971ab8 --- /dev/null +++ b/source3/include/hash.h @@ -0,0 +1,74 @@ +/* + Unix SMB/CIFS implementation. + + Copyright (C) Ying Chen 2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _HASH_H_ +#define _HASH_H_ + +#define MAX_HASH_TABLE_SIZE 16384 +#define HASH_TABLE_INCREMENT 2 + +typedef int (*compare_function)(char *, char *); +typedef int (*hash_function)(int, char *); + +/* + * lru_link: links the node to the LRU list. + * hash_elem: the pointer to the element that is tied onto the link. + */ +typedef struct lru_node { + ubi_dlNode lru_link; + void *hash_elem; +} lru_node; + +/* + * bucket_link: link the hash element to the bucket chain that it belongs to. + * lru_link: this element ties the hash element to the lru list. + * bucket: a pointer to the hash bucket that this element belongs to. + * value: a pointer to the hash element content. It can be anything. + * key: stores the string key. The hash_element is always allocated with + * more memory space than the structure shown below to accomodate the space + * used for the whole string. But the memory is always appended at the + * end of the structure, so keep "key" at the end of the structure. + * Don't move it. + */ +typedef struct hash_element { + ubi_dlNode bucket_link; + lru_node lru_link; + ubi_dlList *bucket; + void *value; + char key[1]; +} hash_element; + +/* + * buckets: a list of buckets, implemented as a dLinkList. + * lru_chain: the lru list of all the hash elements. + * num_elements: the # of elements in the hash table. + * size: the hash table size. + * comp_func: the compare function used during hash key comparisons. + */ + +typedef struct hash_table { + ubi_dlList *buckets; + ubi_dlList lru_chain; + int num_elements; + int size; + compare_function comp_func; +} hash_table; + +#endif /* _HASH_H_ */ diff --git a/source3/include/hmacmd5.h b/source3/include/hmacmd5.h new file mode 100644 index 00000000000..6b53a6fd074 --- /dev/null +++ b/source3/include/hmacmd5.h @@ -0,0 +1,32 @@ +/* + Unix SMB/CIFS implementation. + Interface header: Scheduler service + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + Copyright (C) Andrew Tridgell 1992-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _HMAC_MD5_H + +typedef struct +{ + struct MD5Context ctx; + uchar k_ipad[65]; + uchar k_opad[65]; + +} HMACMD5Context; + +#endif /* _HMAC_MD5_H */ diff --git a/source3/include/includes.h b/source3/include/includes.h index cc2bbbfad7c..5da1c1d9972 100644 --- a/source3/include/includes.h +++ b/source3/include/includes.h @@ -1,10 +1,10 @@ #ifndef _INCLUDES_H #define _INCLUDES_H /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. Machine customisation and include handling - Copyright (C) Andrew Tridgell 1994-1995 + Copyright (C) Andrew Tridgell 1994-1998 + Copyright (C) 2002 by Martin Pool This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,1135 +20,1140 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ -/* - This file does all the #includes's. This makes it easier to - port to a new unix. Hopefully a port will only have to edit the Makefile - and add a section for the new unix below. -*/ +#ifndef NO_CONFIG_H /* for some tests */ +#include "config.h" +#endif -/* the first OS dependent section is to setup what includes will be used. - the main OS dependent section comes later on -*/ +#include "local.h" -#ifdef ALTOS -#define NO_UTIMEH +#ifdef AIX +#define DEFAULT_PRINTING PRINT_AIX +#define PRINTCAP_NAME "/etc/qconfig" #endif -#ifdef MIPS -#define POSIX_H -#define NO_UTIMEH +#ifdef HPUX +#define DEFAULT_PRINTING PRINT_HPUX #endif -#ifdef sun386 -#define NO_UTIMEH +#ifdef QNX +#define DEFAULT_PRINTING PRINT_QNX #endif -#ifdef NEXT2 -#define NO_UTIMEH +#ifdef SUNOS4 +/* on SUNOS4 termios.h conflicts with sys/ioctl.h */ +#undef HAVE_TERMIOS_H #endif -#ifdef NEXT3_0 -#define NO_UTIMEH -#define NO_UNISTDH +#ifdef LINUX +#ifndef DEFAULT_PRINTING +#define DEFAULT_PRINTING PRINT_BSD #endif - -#ifdef APOLLO -#define NO_UTIMEH -#define NO_SYSMOUNTH -#define NO_UNISTDH +#ifndef PRINTCAP_NAME +#define PRINTCAP_NAME "/etc/printcap" #endif - -#ifdef AIX -#define NO_SYSMOUNTH #endif -#ifdef M88K_R3 -#define SVR3H -#define NO_RESOURCEH +#ifdef __GNUC__ +/** Use gcc attribute to check printf fns. a1 is the 1-based index of + * the parameter containing the format, and a2 the index of the first + * argument. **/ +#define PRINTF_ATTRIBUTE(a1, a2) __attribute__ ((format (__printf__, a1, a2))) +#else +#define PRINTF_ATTRIBUTE(a1, a2) #endif -#ifdef DNIX -#define NO_SYSMOUNTH -#define NO_NETIFH -#define NO_RESOURCEH -#define PRIME_NMBD 0 -#define NO_SETGROUPS +#ifdef __GNUC__ +/** gcc attribute used on function parameters so that it does not emit + * warnings about them being unused. **/ +# define UNUSED(param) param __attribute__ ((unused)) +#else +# define UNUSED(param) param +/** Feel free to add definitions for other compilers here. */ #endif - -#ifdef ISC -#define SYSSTREAMH -#define NO_RESOURCEH +#ifdef RELIANTUNIX +/* + * has to be included before any other to get + * large file support on Reliant UNIX. Yes, it's broken :-). + */ +#ifdef HAVE_UNISTD_H +#include #endif +#endif /* RELIANTUNIX */ -#ifdef QNX -#define NO_RESOURCEH -#define NO_SYSMOUNTH -#define USE_MMAP 1 -#ifdef __386__ - #define __i386__ -#endif -#endif +#include -#ifdef NEWS42 -#define NO_UTIMEH -#define NO_STRFTIME -#define NO_UTIMBUF -#define REPLACE_MKTIME -#define NO_TM_NAME +#ifdef TIME_WITH_SYS_TIME +#include +#include +#else +#ifdef HAVE_SYS_TIME_H +#include +#else +#include +#endif #endif -#ifdef OS2 -#define NO_SYSMOUNTH -#define NO_NETIFH +#ifdef HAVE_SYS_RESOURCE_H +#include #endif -#ifdef LYNX -#define NO_SYSMOUNTH +#ifdef HAVE_UNISTD_H +#include #endif +#include +#include -#if (defined(SHADOW_PWD)||defined(OSF1_ENH_SEC)||defined(SecureWare)||defined(PWDAUTH)) -#define PASSWORD_LENGTH 16 +#ifdef HAVE_SYS_PARAM_H +#include #endif -/* here is the general includes section - with some ifdefs generated - by the previous section -*/ -#include "local.h" -#include -#ifdef POSIX_STDLIBH -#include -#else +#ifdef HAVE_STDLIB_H #include #endif -#include -#include -#ifndef NO_UTIMEH -#include + +#ifdef HAVE_SYS_SOCKET_H +#include #endif -#include -#ifdef SVR3H -#include -#include -#include -#include -#include +#ifdef HAVE_UNIXSOCKET +#include #endif -#include -#include -#include -#ifdef POSIX_H -#include -#include -#include -#else -#include -#include -#endif -#include -#include -#include -#include -#include -#include -#include -#ifndef NO_RESOURCEH -#include +#ifdef HAVE_SYS_SYSCALL_H +#include +#elif HAVE_SYSCALL_H +#include #endif -#ifndef NO_SYSMOUNTH -#include + +#ifdef HAVE_STRING_H +#include #endif -#include -#ifdef __STDC__ -#include -#else -#include + +#ifdef HAVE_STRINGS_H +#include #endif -#ifndef NO_UNISTDH -#include + +#ifdef HAVE_MEMORY_H +#include #endif -#include -#ifdef SYSSTREAMH -#include + +#ifdef HAVE_MALLOC_H +#include #endif -#ifndef NO_NETIFH -#ifdef POSIX_H -#include + +#ifdef HAVE_FCNTL_H +#include #else -#include +#ifdef HAVE_SYS_FCNTL_H +#include #endif #endif -#if USE_MMAP -#include +#include + +#ifdef HAVE_LIMITS_H +#include #endif -#if defined(GETPWANAM) -#include -#include -#include -#include +#ifdef HAVE_SYS_IOCTL_H +#include #endif -#if defined(SHADOW_PWD) && !defined(NETBSD) && !defined(CONVEX) -#include +#ifdef HAVE_SYS_FILIO_H +#include #endif -/* this might be different on different systems */ -#ifdef QUOTAS -#ifdef LINUX -#ifdef __KERNEL__ -#undef __KERNEL__ -#include -#define __KERNEL__ -#else -#include +#include + +#ifdef HAVE_SYS_WAIT_H +#include #endif -#include -#else -#include -#ifndef CRAY -#include -#else -#include +#ifdef HAVE_CTYPE_H +#include #endif +#ifdef HAVE_GRP_H +#include #endif +#ifdef HAVE_SYS_PRIV_H +#include #endif - -#ifdef SYSLOG -#include +#ifdef HAVE_SYS_ID_H +#include #endif +#include +#ifdef HAVE_UTIME_H +#include +#endif -/*************************************************************************** -Here come some platform specific sections -***************************************************************************/ - - -#ifdef LINUX -#include -#include -#include -#include -#include -#ifndef NO_ASMSIGNALH -#include +#ifdef HAVE_SYS_SELECT_H +#include #endif -#define SIGNAL_CAST (__sighandler_t) -#define USE_GETCWD -#define USE_SETSID -#define HAVE_BZERO -#define HAVE_MEMMOVE -#ifdef SHADOW_PWD -#ifndef crypt -#define crypt pw_encrypt + +#ifdef HAVE_SYS_MODE_H +/* apparently AIX needs this for S_ISLNK */ +#ifndef S_ISLNK +#include #endif #endif + +#ifdef HAVE_GLOB_H +#include #endif -#ifdef SUNOS4 -#define SIGNAL_CAST (void (*)(int)) -#include -#include -#include -#include -#include -#include -#include -#include -/* #include */ -#ifdef sun386 -#define NO_STRFTIME -#define NO_UTIMBUF -#define mktime timelocal -typedef unsigned short mode_t; +#include + +#ifdef HAVE_STDARG_H +#include #else -#include -#define NO_STRERROR -#endif -#define REPLACE_GETPASS -#define BSD_TERMIO +#include #endif +#include +#include +#include +#include +#include -#ifdef SUNOS5 -#include -#include -#include -#include -#include -#include -#include -#include +#ifdef HAVE_NETINET_TCP_H #include -#include -#include -#include -#include -#include -#include -extern int gettimeofday (struct timeval *, void *); -extern int gethostname (char *name, int namelen); -extern int innetgr (const char *, const char *, const char *, const char *); -#define USE_SETVBUF -#define SIGNAL_CAST (void (*)(int)) -#ifndef SYSV -#define SYSV -#endif -#define USE_WAITPID -#define REPLACE_STRLEN -#define USE_STATVFS -#define USE_GETCWD -#define USE_SETSID -#define REPLACE_GETPASS #endif +/* + * The next three defines are needed to access the IPTOS_* options + * on some systems. + */ -#ifdef ULTRIX -#include -#include -#include -#include -#ifdef ULTRIX_AUTH -#include +#ifdef HAVE_NETINET_IN_SYSTM_H +#include #endif -char *getwd(char *); -#define NOSTRDUP -#ifdef __STDC__ -#define SIGNAL_CAST (void(*)(int)) + +#ifdef HAVE_NETINET_IN_IP_H +#include #endif -#define USE_DIRECT + +#ifdef HAVE_NETINET_IP_H +#include #endif -#ifdef SGI -#include -#include -#include -#include -#ifndef SYSV -#define SYSV +#if defined(HAVE_TERMIOS_H) +/* POSIX terminal handling. */ +#include +#elif defined(HAVE_TERMIO_H) +/* Older SYSV terminal handling - don't use if we can avoid it. */ +#include +#elif defined(HAVE_SYS_TERMIO_H) +/* Older SYSV terminal handling - don't use if we can avoid it. */ +#include #endif -#define SIGNAL_CAST (void (*)()) -#define STATFS4 -#define USE_WAITPID -#define USE_DIRECT + +#if HAVE_DIRENT_H +# include +# define NAMLEN(dirent) strlen((dirent)->d_name) +#else +# define dirent direct +# define NAMLEN(dirent) (dirent)->d_namlen +# if HAVE_SYS_NDIR_H +# include +# endif +# if HAVE_SYS_DIR_H +# include +# endif +# if HAVE_NDIR_H +# include +# endif +#endif + +#ifdef HAVE_SYS_MMAN_H +#include #endif -#ifdef SGI5 -#include -#include -#include -#include -#include -#define USE_WAITPID -#define NETGROUP -#ifndef SYSV -#define SYSV +#ifdef HAVE_NET_IF_H +#include #endif -#define SIGNAL_CAST (void (*)()) -#define USE_STATVFS -#define USE_WAITPID + + +#ifdef HAVE_SYS_MOUNT_H +#include #endif +#ifdef HAVE_SYS_VFS_H +#include +#endif -#ifdef MIPS -#include -#include -#include -#include -#include -#include -#include -#define SIGNAL_CAST (void (*)()) -typedef int mode_t; -extern struct group *getgrnam(); -extern struct passwd *getpwnam(); -#define STATFS4 -#define NO_STRERROR -#define REPLACE_STRSTR -#endif /* MIPS */ +#ifdef HAVE_SYS_ACL_H +#include +#endif +#ifdef HAVE_SYS_FS_S5PARAM_H +#include +#endif +#if defined (HAVE_SYS_FILSYS_H) && !defined (_CRAY) +#include +#endif -#ifdef DGUX -#include -#include -#include -#include -#include -#include -#define SYSV -#define USE_WAITPID -#define SIGNAL_CAST (void (*)(int)) -#define STATFS4 -#define USE_GETCWD +#ifdef HAVE_SYS_STATFS_H +# include #endif +#ifdef HAVE_DUSTAT_H +#include +#endif -#ifdef SVR4 -#include -#include -#include -#include +#ifdef HAVE_SYS_STATVFS_H #include -#include -#include -#include -#include -#include -#include -#include -#define SYSV -#define USE_WAITPID -#define SIGNAL_CAST (void (*)(int)) -#define USE_STATVFS -#define USE_GETCWD -#define USE_SETSID #endif +#ifdef HAVE_SHADOW_H +#include +#endif -#ifdef OSF1 -#include -#include -#include -char *getwd(char *); -char *mktemp(char *); /* No standard include */ -#include -#include /* both for inet_ntoa */ -#define SIGNAL_CAST ( void (*) (int) ) -#define STATFS3 -#define USE_F_FSIZE -#include -#ifdef OSF1_ENH_SEC -#include -#include +#ifdef HAVE_GETPWANAM +#include +#include +#include +#endif + +#ifdef HAVE_SYS_SECURITY_H #include #include -#include #define PASSWORD_LENGTH 16 -#define NEED_AUTH_PARAMETERS -#endif /* OSF1_ENH_SEC */ +#endif /* HAVE_SYS_SECURITY_H */ + +#ifdef HAVE_COMPAT_H +#include #endif +#ifdef HAVE_STROPTS_H +#include +#endif -#ifdef CLIX -#include -#define SIGNAL_CAST (void (*)()) -#include -#include -#include -#define NO_EID -#define USE_WAITPID -#define STATFS4 -#define NO_FSYNC -#define USE_GETCWD -#define USE_SETSID -#define REPLACE_GETPASS -#define NO_GETRLIMIT -#endif /* CLIX */ +#ifdef HAVE_POLL_H +#include +#endif +#ifdef HAVE_SYS_CAPABILITY_H +#if defined(BROKEN_REDHAT_7_SYSTEM_HEADERS) && !defined(_I386_STATFS_H) +#define _I386_STATFS_H +#define BROKEN_REDHAT_7_STATFS_WORKAROUND +#endif -#ifdef BSDI -#include -#include -#define SIGNAL_CAST (void (*)()) -#define USE_DIRECT +#include + +#ifdef BROKEN_REDHAT_7_STATFS_WORKAROUND +#undef _I386_STATFS_H +#undef BROKEN_REDHAT_7_STATFS_WORKAROUND #endif +#endif -#ifdef NETBSD -#include -#include -/* you may not need this */ -#define NO_GETSPNAM -#define SIGNAL_CAST (void (*)()) -#define USE_DIRECT -#define REPLACE_INNETGR -#endif +#if defined(HAVE_RPC_RPC_H) +/* + * Check for AUTH_ERROR define conflict with rpc/rpc.h in prot.h. + */ +#if defined(HAVE_SYS_SECURITY_H) && defined(HAVE_RPC_AUTH_ERROR_CONFLICT) +#undef AUTH_ERROR +#endif +#include +#endif +#if defined(HAVE_YP_GET_DEFAULT_DOMAIN) && defined(HAVE_SETNETGRENT) && defined(HAVE_ENDNETGRENT) && defined(HAVE_GETNETGRENT) +#define HAVE_NETGROUP 1 +#endif +#if defined (HAVE_NETGROUP) +#if defined(HAVE_RPCSVC_YP_PROT_H) +#include +#endif +#if defined(HAVE_RPCSVC_YPCLNT_H) +#include +#endif +#endif /* HAVE_NETGROUP */ -#ifdef FreeBSD -#include -#include -#include -#include -#define SIGNAL_CAST (void (*)()) -#define USE_DIRECT -#define REPLACE_INNETGR -#endif +#if defined(HAVE_SYS_IPC_H) +#include +#endif /* HAVE_SYS_IPC_H */ +#if defined(HAVE_SYS_SHM_H) +#include +#endif /* HAVE_SYS_SHM_H */ +#ifdef HAVE_NATIVE_ICONV +#include +#endif -#ifdef AIX -#include -#include -#include -#include -#include -#include -#include -#include -#include -#define SYSV -#define USE_WAITPID -#define SIGNAL_CAST (void (*)()) -#define DEFAULT_PRINTING PRINT_AIX +#if HAVE_KRB5_H +#include +#else +#undef HAVE_KRB5 #endif +#if HAVE_LBER_H +#include +#endif -#ifdef HPUX -#include -#include -#include -#include -#include -#include -#include -#ifdef HPUX_10_TRUSTED -#include -#include -#define NEED_AUTH_PARAMETERS -#endif -#define SIGNAL_CAST (void (*)(__harg)) -#define SELECT_CAST (int *) -#define SYSV -#define USE_WAITPID -#define WAIT3_CAST2 (int *) -#define USE_GETCWD -#define USE_SETSID -#define USE_SETRES -#define DEFAULT_PRINTING PRINT_HPUX -#define SIGCLD_IGNORE +#if HAVE_LDAP_H +#include +#else +#undef HAVE_LDAP #endif +#if HAVE_GSSAPI_GSSAPI_H +#include +#else +#undef HAVE_KRB5 +#endif -#ifdef SEQUENT -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#define SIGNAL_CAST (void (*)(int)) -#define USE_WAITPID -#define USE_GETCWD -#define NO_EID -#define STATFS4 -#define USE_DIRECT +#if HAVE_GSSAPI_GSSAPI_GENERIC_H +#include +#else +#undef HAVE_KRB5 #endif -#ifdef NEXT2 -#include -#include -#include -#include -#define bzero(b,len) memset(b,0,len) -#define mode_t int -#define NO_UTIMBUF -#include -#define NOSTRDUP -#define USE_DIRECT -#define USE_WAITPID -#endif +/* we support ADS if we have krb5 and ldap libs */ +#if defined(HAVE_KRB5) && defined(HAVE_LDAP) && defined(HAVE_GSSAPI) +#define HAVE_ADS +#endif +/* + * Define VOLATILE if needed. + */ -#ifdef NEXT3_0 -#include -#include -#include -#define bzero(b,len) memset(b,0,len) -#define NO_UTIMBUF -#include -#define NOSTRDUP -#define USE_DIRECT -#define mode_t int -#define GID_TYPE int -#define gid_t int -#define SIGNAL_CAST (void (*)(int)) -#define WAIT3_CAST1 (union wait *) -#define HAVE_GMTOFF +#if defined(HAVE_VOLATILE) +#define VOLATILE volatile +#else +#define VOLATILE #endif +/* + * Define additional missing types + */ +#ifndef HAVE_SIG_ATOMIC_T_TYPE +typedef int sig_atomic_t; +#endif +#ifndef HAVE_SOCKLEN_T_TYPE +typedef int socklen_t; +#endif -#ifdef APOLLO -#include -#include -#include -#define NO_UTIMBUF -#define USE_DIRECT -#define USE_GETCWD -#define SIGNAL_CAST (void (*)()) -#define HAVE_FCNTL_LOCK 0 -#define HAVE_GETTIMEOFDAY -#define STATFS4 + +#ifndef uchar +#define uchar unsigned char #endif +#ifdef HAVE_UNSIGNED_CHAR +#define schar signed char +#else +#define schar char +#endif +/* + Samba needs type definitions for int16, int32, uint16 and uint32. -#ifdef SCO -#include -#include -#include -#include -#include -#include -#include -#include -#include -#ifdef EVEREST -#include + Normally these are signed and unsigned 16 and 32 bit integers, but + they actually only need to be at least 16 and 32 bits + respectively. Thus if your word size is 8 bytes just defining them + as signed and unsigned int will work. +*/ + +#ifndef uint8 +#define uint8 unsigned char #endif -#ifdef NETGROUP -#include + +#if !defined(int16) && !defined(HAVE_INT16_FROM_RPC_RPC_H) +#if (SIZEOF_SHORT == 4) +#define int16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; +#else /* SIZEOF_SHORT != 4 */ +#define int16 short +#endif /* SIZEOF_SHORT != 4 */ #endif -#ifdef SecureWare -#include -#include -#include -#define crypt bigcrypt -#endif -#ifndef EVEREST - #define ftruncate(f,l) syscall(0x0a28,f,l) -#endif -#define SIGNAL_CAST (void (*)(int)) -#define USE_WAITPID -#define USE_GETCWD -#define USE_SETSID -#ifdef SCO3_2_2 -#define NO_EID + +/* + * Note we duplicate the size tests in the unsigned + * case as int16 may be a typedef from rpc/rpc.h + */ + +#if !defined(uint16) && !defined(HAVE_UINT16_FROM_RPC_RPC_H) +#if (SIZEOF_SHORT == 4) +#define uint16 __ERROR___CANNOT_DETERMINE_TYPE_FOR_INT16; +#else /* SIZEOF_SHORT != 4 */ +#define uint16 unsigned short +#endif /* SIZEOF_SHORT != 4 */ +#endif + +#if !defined(int32) && !defined(HAVE_INT32_FROM_RPC_RPC_H) +#if (SIZEOF_INT == 4) +#define int32 int +#elif (SIZEOF_LONG == 4) +#define int32 long +#elif (SIZEOF_SHORT == 4) +#define int32 short #else -#ifndef EVEREST -#define USE_IFREQ +/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */ +#define int32 int #endif #endif -#define STATFS4 -#define NO_FSYNC -#ifndef EVEREST -#define NO_INITGROUPS + +/* + * Note we duplicate the size tests in the unsigned + * case as int32 may be a typedef from rpc/rpc.h + */ + +#if !defined(uint32) && !defined(HAVE_UINT32_FROM_RPC_RPC_H) +#if (SIZEOF_INT == 4) +#define uint32 unsigned int +#elif (SIZEOF_LONG == 4) +#define uint32 unsigned long +#elif (SIZEOF_SHORT == 4) +#define uint32 unsigned short +#else +/* uggh - no 32 bit type?? probably a CRAY. just hope this works ... */ +#define uint32 unsigned #endif -#define HAVE_PATHCONF -#define NO_GETRLIMIT #endif +/* + * Types for devices, inodes and offsets. + */ +#ifndef SMB_DEV_T +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_DEV64_T) +# define SMB_DEV_T dev64_t +# else +# define SMB_DEV_T dev_t +# endif +#endif -/* Definitions for RiscIX */ -#ifdef RiscIX -#define SIGNAL_CAST (void (*)(int)) -#include -#include -#include -#include -#include -#include -#define HAVE_GETTIMEOFDAY -#define NOSTRCASECMP -#define NOSTRDUP +/* + * Setup the correctly sized inode type. + */ + +#ifndef SMB_INO_T +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_INO64_T) +# define SMB_INO_T ino64_t +# else +# define SMB_INO_T ino_t +# endif #endif +#ifndef LARGE_SMB_INO_T +# if (defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_INO64_T)) || (defined(SIZEOF_INO_T) && (SIZEOF_INO_T == 8)) +# define LARGE_SMB_INO_T 1 +# endif +#endif +#ifdef LARGE_SMB_INO_T +#define SINO_T(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,(v)>>32)) +#else +#define SINO_T(p, ofs, v) (SIVAL(p,ofs,v),SIVAL(p,(ofs)+4,0)) +#endif -#ifdef ISC -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#define FIONREAD FIORDCHK -#define SYSV -#define USE_WAITPID -#define SIGNAL_CAST (void (*)(int)) -#define USE_GETCWD -#define USE_SETSID -#define USE_IFREQ -#define NO_FTRUNCATE -#define STATFS4 -#define NO_FSYNC +#ifndef SMB_OFF_T +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T) +# define SMB_OFF_T off64_t +# else +# define SMB_OFF_T off_t +# endif #endif +/* this should really be a 64 bit type if possible */ +#define br_off SMB_BIG_UINT +#define SMB_OFF_T_BITS (sizeof(SMB_OFF_T)*8) -#ifdef AUX -#include -#include -#include -#include -#include -#include -#define SYSV -#define USE_WAITPID -#define SIGNAL_CAST (void (*)(int)) -char *strdup (char *); -#define USE_GETCWD -#endif +/* + * Set the define that tells us if we can do 64 bit + * NT SMB calls. + */ +#ifndef LARGE_SMB_OFF_T +# if (defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_OFF64_T)) || (defined(SIZEOF_OFF_T) && (SIZEOF_OFF_T == 8)) +# define LARGE_SMB_OFF_T 1 +# endif +#endif -#ifdef M88K_R3 -#include -#include -#include -#include -#define STATFS4 -#define SYSV -#define USE_WAITPID -#define SIGNAL_CAST (void (*)(int)) -char *strdup (char *); -#define USE_GETCWD -#define NO_FSYNC -#define NO_EID +#ifdef LARGE_SMB_OFF_T +#define SOFF_T(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,(v)>>32)) +#define SOFF_T_R(p, ofs, v) (SIVAL(p,(ofs)+4,(v)&0xFFFFFFFF), SIVAL(p,ofs,(v)>>32)) +#else +#define SOFF_T(p, ofs, v) (SIVAL(p,ofs,v),SIVAL(p,(ofs)+4,0)) +#define SOFF_T_R(p, ofs, v) (SIVAL(p,(ofs)+4,v),SIVAL(p,ofs,0)) #endif +/* + * Type for stat structure. + */ -#ifdef DNIX -#include -#include -#include -#include -#include -#define NO_GET_BROADCAST -#define USE_WAITPID -#define USE_GETCWD -#define USE_SETSID -#define STATFS4 -#define NO_EID -#define PF_INET AF_INET -#define NO_STRERROR -#define ftruncate(f,l) chsize(f,l) -#endif /* DNIX */ - -#ifdef CONVEX -#define SIGNAL_CAST (void (*)(int)) -#include -#include -#include -#include -#include -#include -#define DONT_REINSTALL_SIG -#define USE_SIGBLOCK -#define USE_WAITPID -#define SIGNAL_CAST (_SigFunc_Ptr_t) -#define NO_GETSPNAM -#define HAVE_MEMMOVE -extern char *mktemp(char *); -extern int fsync(int); -extern int seteuid(uid_t); -extern int setgroups(int, int *); -extern int initgroups(char *, int); -extern int statfs(char *, struct statfs *); -extern int setegid(gid_t); -extern int getopt(int, char *const *, const char *); -extern int chroot(char *); -extern int gettimeofday(struct timeval *, struct timezone *); -extern int gethostname(char *, int); -extern char *crypt(char *, char *); -extern char *getpass(char *); -#endif - - -#ifdef CRAY -#define MAXPATHLEN 1024 -#include -#include -#include -#include -#define SIGNAL_CAST (void (*)(int)) -#define SIGCLD_IGNORE -#define HAVE_FCNTL_LOCK 1 -#define USE_SETSID -#define STATFS4 +#ifndef SMB_STRUCT_STAT +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STAT64) && defined(HAVE_OFF64_T) +# define SMB_STRUCT_STAT struct stat64 +# else +# define SMB_STRUCT_STAT struct stat +# endif #endif +/* + * Type for dirent structure. + */ -#ifdef ALTOS -#include -#include -#include -#include -#include -#define const -#define uid_t int -#define gid_t int -#define mode_t int -#define ptrdiff_t int -#define HAVE_GETGRNAM 0 -#define NO_EID -#define NO_FSYNC -#define NO_FTRUNCATE -#define NO_GETRLIMIT -#define NO_INITGROUPS -#define NO_SELECT -#define NO_SETGROUPS -#define NO_STRERROR -#define NO_STRFTIME -#define NO_TM_NAME -#define NO_UTIMEH -#define NOSTRCASECMP -#define REPLACE_MKTIME -#define REPLACE_RENAME -#define REPLACE_STRSTR -#define STATFS4 -#define USE_GETCWD +#ifndef SMB_STRUCT_DIRENT +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_DIRENT64) +# define SMB_STRUCT_DIRENT struct dirent64 +# else +# define SMB_STRUCT_DIRENT struct dirent +# endif #endif -#ifdef QNX -#define STATFS4 -#include -#include -#include -#include -#define SIGNAL_CAST (void (*)()) -#define USE_WAITPID -#define NO_INITGROUPS -#define NO_SETGROUPS -#define HAVE_TIMEZONE -#define USE_GETCWD -#define USE_SETSID -#define HAVE_FCNTL_LOCK 1 -#define DEFAULT_PRINTING PRINT_QNX +/* + * Defines for 64 bit fcntl locks. + */ + +#ifndef SMB_STRUCT_FLOCK +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T) +# define SMB_STRUCT_FLOCK struct flock64 +# else +# define SMB_STRUCT_FLOCK struct flock +# endif #endif +#ifndef SMB_F_SETLKW +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T) +# define SMB_F_SETLKW F_SETLKW64 +# else +# define SMB_F_SETLKW F_SETLKW +# endif +#endif -#ifdef NEWS42 -#include -#include -#include -#include -typedef int mode_t; +#ifndef SMB_F_SETLK +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T) +# define SMB_F_SETLK F_SETLK64 +# else +# define SMB_F_SETLK F_SETLK +# endif #endif -#ifdef OS2 -#include -#include -#include -#include -#define SIGNAL_CAST (void (*)()) -#define HAVE_FCNTL_LOCK 0 -#define USE_WAITPID -#define NO_GET_BROADCAST -#define NO_EID -#define NO_SETGROUPS -#define NO_INITGROUPS -#define NO_CRYPT -#define NO_STATFS -#define NO_CHROOT -#define NO_CHOWN -#define strcasecmp stricmp -#define strncasecmp strnicmp -#endif - - -#ifdef LYNX -#define SIGNAL_CAST (void (*)()) -#define WAIT3_CAST1 (union wait *) -#define STATFS4 -#include -#include -#include -#include -#include -#include -#define USE_GETCWD -#define USE_GETSID +#ifndef SMB_F_GETLK +# if defined(HAVE_EXPLICIT_LARGEFILE_SUPPORT) && defined(HAVE_STRUCT_FLOCK64) && defined(HAVE_OFF64_T) +# define SMB_F_GETLK F_GETLK64 +# else +# define SMB_F_GETLK F_GETLK +# endif #endif +#if defined(HAVE_LONGLONG) +#define SMB_BIG_UINT unsigned long long +#define SMB_BIG_INT long long +#define SBIG_UINT(p, ofs, v) (SIVAL(p,ofs,(v)&0xFFFFFFFF), SIVAL(p,(ofs)+4,(v)>>32)) +#else +#define SMB_BIG_UINT unsigned long +#define SMB_BIG_INT long +#define SBIG_UINT(p, ofs, v) (SIVAL(p,ofs,v),SIVAL(p,(ofs)+4,0)) +#endif -/******************************************************************* -end of the platform specific sections -********************************************************************/ +#define SMB_BIG_UINT_BITS (sizeof(SMB_BIG_UINT)*8) -#ifdef SecureWare -#define NEED_AUTH_PARAMETERS +#ifndef MIN +#define MIN(a,b) ((a)<(b)?(a):(b)) #endif -#ifdef REPLACE_GETPASS -extern char *getsmbpass(char *); -#define getpass(s) getsmbpass(s) +#ifndef MAX +#define MAX(a,b) ((a)>(b)?(a):(b)) #endif -#ifdef REPLACE_INNETGR -#define innetgr(group,host,user,dom) InNetGr(group,host,user,dom) +#ifndef HAVE_STRERROR +extern char *sys_errlist[]; +#define strerror(i) sys_errlist[i] #endif -#ifndef FD_SETSIZE -#define FD_SETSIZE 255 +#ifndef HAVE_ERRNO_DECL +extern int errno; #endif -#ifndef MAXINT -#define MAXINT ((((unsigned)1)<<(sizeof(int)*8-1))-1) +#ifdef HAVE_BROKEN_GETGROUPS +#define GID_T int +#else +#define GID_T gid_t #endif -#ifndef __STDC__ -#define const +#ifndef NGROUPS_MAX +#define NGROUPS_MAX 32 /* Guess... */ +#endif + +/* Our own pstrings and fstrings */ +#include "pstring.h" + +/* Lists, trees, caching, database... */ +#include "xfile.h" +#include "intl.h" +#include "ubi_sLinkList.h" +#include "ubi_dLinkList.h" +#include "dlinklist.h" +#include "../tdb/tdb.h" +#include "../tdb/spinlock.h" +#include "talloc.h" +#include "ads.h" +#include "interfaces.h" +#include "hash.h" +#include "trans2.h" +#include "nterr.h" +#include "messages.h" +#include "charset.h" +#include "dynconfig.h" + +#include "util_getent.h" + +#ifndef UBI_BINTREE_H +#include "ubi_Cache.h" +#endif /* UBI_BINTREE_H */ + +#include "debugparse.h" + +#include "version.h" +#include "smb.h" +#include "smbw.h" +#include "nameserv.h" + +#include "secrets.h" + +#include "byteorder.h" + +#include "ntdomain.h" + +#include "msdfs.h" + +#include "smbprofile.h" + +#include "mapping.h" + +#include "rap.h" + +#include "md5.h" +#include "hmacmd5.h" + +#include "auth.h" + +#include "passdb.h" + +#include "session.h" + +#include "asn_1.h" + +#include "popt.h" + +#include "mangle.h" + +#ifndef MAXCODEPAGELINES +#define MAXCODEPAGELINES 256 #endif -/* Now for some other grungy stuff */ -#ifdef NO_GETSPNAM -struct spwd { /* fake shadow password structure */ - char *sp_pwdp; +/* + * Type for wide character dirent structure. + * Only d_name is defined by POSIX. + */ + +typedef struct smb_wdirent { + wpstring d_name; +} SMB_STRUCT_WDIRENT; + +/* + * Type for wide character passwd structure. + */ + +typedef struct smb_wpasswd { + wfstring pw_name; + char *pw_passwd; + uid_t pw_uid; + gid_t pw_gid; + wpstring pw_gecos; + wpstring pw_dir; + wpstring pw_shell; +} SMB_STRUCT_WPASSWD; + +/* used in net.c */ +struct functable { + char *funcname; + int (*fn)(int argc, const char **argv); }; -#endif -#ifndef HAVE_BZERO -#ifndef bzero -#define bzero(p,s) memset(p,0,s) -#endif -#endif -#ifndef HAVE_MEMMOVE -#ifndef memmove -#define memmove(d,s,n) MemMove(d,s,n) -#endif -#endif +/* Defines for wisXXX functions. */ +#define UNI_UPPER 0x1 +#define UNI_LOWER 0x2 +#define UNI_DIGIT 0x4 +#define UNI_XDIGIT 0x8 +#define UNI_SPACE 0x10 -#ifdef USE_DIRECT -#include -#endif +#include "nsswitch/nss.h" + +/***** automatically generated prototypes *****/ +#include "proto.h" -/* some unixes have ENOTTY instead of TIOCNOTTY */ -#ifndef TIOCNOTTY -#ifdef ENOTTY -#define TIOCNOTTY ENOTTY +/* String routines */ + +#include "safe_string.h" + +#ifdef __COMPAR_FN_T +#define QSORT_CAST (__compar_fn_t) #endif + +#ifndef QSORT_CAST +#define QSORT_CAST (int (*)(const void *, const void *)) #endif -#ifndef SIGHUP -#define SIGHUP 1 +/* this guess needs to be improved (tridge) */ +#if (defined(STAT_STATVFS) || defined(STAT_STATVFS64)) && !defined(SYSV) +#define SYSV 1 #endif -/* if undefined then use bsd or sysv printing */ #ifndef DEFAULT_PRINTING -#ifdef SYSV +#ifdef HAVE_CUPS +#define DEFAULT_PRINTING PRINT_CUPS +#define PRINTCAP_NAME "cups" +#elif defined(SYSV) #define DEFAULT_PRINTING PRINT_SYSV +#define PRINTCAP_NAME "lpstat" #else #define DEFAULT_PRINTING PRINT_BSD +#define PRINTCAP_NAME "/etc/printcap" #endif #endif +#ifndef PRINTCAP_NAME +#define PRINTCAP_NAME "/etc/printcap" +#endif -#ifdef AFS_AUTH -#include -#include +#ifndef SIGCLD +#define SIGCLD SIGCHLD #endif -#ifdef DFS_AUTH -#include -#include +#ifndef MAP_FILE +#define MAP_FILE 0 #endif -#ifdef NO_UTIMBUF -struct utimbuf { - time_t actime; - time_t modtime; -}; +#if (!defined(WITH_NISPLUS) && !defined(WITH_LDAP) && !defined(WITH_TDB_SAM)) +#define USE_SMBPASS_DB 1 #endif -#ifdef NO_STRERROR -#ifndef strerror -extern char *sys_errlist[]; -#define strerror(i) sys_errlist[i] +#if defined(HAVE_PUTPRPWNAM) && defined(AUTH_CLEARTEXT_SEG_CHARS) +#define OSF1_ENH_SEC 1 +#endif + +#ifndef ALLOW_CHANGE_PASSWORD +#if (defined(HAVE_TERMIOS_H) && defined(HAVE_DUP2) && defined(HAVE_SETSID)) +#define ALLOW_CHANGE_PASSWORD 1 #endif #endif -#ifndef perror -#define perror(m) printf("%s: %s\n",m,strerror(errno)) +/* what is the longest significant password available on your system? + Knowing this speeds up password searches a lot */ +#ifndef PASSWORD_LENGTH +#define PASSWORD_LENGTH 8 #endif -#ifndef MAXHOSTNAMELEN -#define MAXHOSTNAMELEN 255 +#ifdef REPLACE_INET_NTOA +#define inet_ntoa rep_inet_ntoa #endif -#include "version.h" -#include "smb.h" -#include "byteorder.h" -#ifdef SMB_PASSWD -#include "smbpass.h" +#ifndef HAVE_PIPE +#define SYNC_DNS 1 #endif -#include "kanji.h" -#include "charset.h" +#ifndef MAXPATHLEN +#define MAXPATHLEN 256 +#endif -#ifndef S_IFREG -#define S_IFREG 0100000 +#ifndef SEEK_SET +#define SEEK_SET 0 #endif -#ifndef S_ISREG -#define S_ISREG(x) ((S_IFREG & x)!=0) +#ifndef INADDR_LOOPBACK +#define INADDR_LOOPBACK 0x7f000001 #endif -#ifndef S_ISDIR -#define S_ISDIR(x) ((S_IFDIR & x)!=0) +#ifndef INADDR_NONE +#define INADDR_NONE 0xffffffff #endif -#ifdef UFC_CRYPT +#ifndef HAVE_CRYPT #define crypt ufc_crypt #endif -#ifdef REPLACE_STRLEN -#define strlen(s) Strlen(s) +#ifndef O_ACCMODE +#define O_ACCMODE (O_RDONLY | O_WRONLY | O_RDWR) #endif -#ifdef REPLACE_STRSTR -#define strstr(s,p) Strstr(s,p) +#if defined(HAVE_CRYPT16) && defined(HAVE_GETAUTHUID) +#define ULTRIX_AUTH 1 #endif -#ifdef REPLACE_MKTIME -#define mktime(t) Mktime(t) +#ifdef HAVE_LIBREADLINE +# ifdef HAVE_READLINE_READLINE_H +# include +# ifdef HAVE_READLINE_HISTORY_H +# include +# endif +# else +# ifdef HAVE_READLINE_H +# include +# ifdef HAVE_HISTORY_H +# include +# endif +# else +# undef HAVE_LIBREADLINE +# endif +# endif #endif -#ifndef NGROUPS_MAX -#define NGROUPS_MAX 128 +#ifndef HAVE_STRDUP +char *strdup(const char *s); #endif -#ifndef EDQUOT -#define EDQUOT ENOSPC +#ifndef HAVE_MEMMOVE +void *memmove(void *dest,const void *src,int size); #endif -#ifndef HAVE_GETGRNAM -#define HAVE_GETGRNAM 1 +#ifndef HAVE_INITGROUPS +int initgroups(char *name,gid_t id); #endif -#ifndef SOL_TCP -#define SOL_TCP 6 +#ifndef HAVE_RENAME +int rename(const char *zfrom, const char *zto); #endif -/* default to using ftruncate workaround as this is safer than assuming -it works and getting lots of bug reports */ -#ifndef FTRUNCATE_CAN_EXTEND -#define FTRUNCATE_CAN_EXTEND 0 +#ifndef HAVE_MKTIME +time_t mktime(struct tm *t); #endif -/* maybe this unix doesn't separate RD and WR locks? */ -#ifndef F_RDLCK -#define F_RDLCK F_WRLCK +#ifndef HAVE_STRLCPY +size_t strlcpy(char *d, const char *s, size_t bufsize); #endif -#ifndef ENOTSOCK -#define ENOTSOCK EINVAL +#ifndef HAVE_STRLCAT +size_t strlcat(char *d, const char *s, size_t bufsize); #endif -#ifndef SIGCLD -#define SIGCLD SIGCHLD -#endif +#ifndef HAVE_FTRUNCATE +int ftruncate(int f,long l); +#endif -#ifndef HAVE_FCNTL_LOCK -#define HAVE_FCNTL_LOCK 1 +#ifndef HAVE_STRTOUL +unsigned long strtoul(const char *nptr, char **endptr, int base); #endif -#ifndef WAIT3_CAST2 -#define WAIT3_CAST2 (struct rusage *) +#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESUID_DECL)) +/* stupid glibc */ +int setresuid(uid_t ruid, uid_t euid, uid_t suid); +#endif +#if (defined(USE_SETRESUID) && !defined(HAVE_SETRESGID_DECL)) +int setresgid(gid_t rgid, gid_t egid, gid_t sgid); +#endif +#ifndef HAVE_VASPRINTF_DECL +int vasprintf(char **ptr, const char *format, va_list ap); #endif -#ifndef WAIT3_CAST1 -#define WAIT3_CAST1 (int *) +#if !defined(HAVE_BZERO) && defined(HAVE_MEMSET) +#define bzero(a,b) memset((a),'\0',(b)) #endif -#ifndef QSORT_CAST -#define QSORT_CAST (int (*)()) +#ifdef REPLACE_GETPASS +#define getpass(prompt) getsmbpass((prompt)) #endif -/* this is a rough check to see if this machine has a lstat() call. - it is not guaranteed to work */ -#if !(defined(S_ISLNK) || defined(S_IFLNK)) -#define lstat stat +/* + * Some older systems seem not to have MAXHOSTNAMELEN + * defined. + */ +#ifndef MAXHOSTNAMELEN +#define MAXHOSTNAMELEN 254 #endif -/* Not all systems declare ERRNO in errno.h... and some systems #define it! */ -#ifndef errno -extern int errno; -#endif +/* yuck, I'd like a better way of doing this */ +#define DIRP_SIZE (256 + 32) +/* + * glibc on linux doesn't seem to have MSG_WAITALL + * defined. I think the kernel has it though.. + */ -#ifdef NO_EID -#define geteuid() getuid() -#define getegid() getgid() -#define seteuid(x) setuid(x) -#define setegid(x) setgid(x) +#ifndef MSG_WAITALL +#define MSG_WAITALL 0 #endif +/* default socket options. Dave Miller thinks we should default to TCP_NODELAY + given the socket IO pattern that Samba uses */ +#ifdef TCP_NODELAY +#define DEFAULT_SOCKET_OPTIONS "TCP_NODELAY" +#else +#define DEFAULT_SOCKET_OPTIONS "" +#endif -#if (HAVE_FCNTL_LOCK == 0) -/* since there is no locking available, system includes */ -/* for DomainOS 10.4 do not contain any of the following */ -/* #define's. So, to satisfy the compiler, add these */ -/* #define's, although they arn't really necessary. */ -#define F_GETLK 0 -#define F_SETLK 0 -#define F_WRLCK 0 -#define F_UNLCK 0 -#endif /* HAVE_FCNTL_LOCK == 0 */ +/* Load header file for libdl stuff */ -#ifdef NOSTRCASECMP -#define strcasecmp(s1,s2) StrCaseCmp(s1,s2) -#define strncasecmp(s1,s2,n) StrnCaseCmp(s1,s2,n) +#ifdef HAVE_LIBDL +#include #endif -#ifndef strcpy -#define strcpy(dest,src) StrCpy(dest,src) +/* dmalloc -- free heap debugger (dmalloc.org). This should be near + * the *bottom* of include files so as not to conflict. */ +#ifdef ENABLE_DMALLOC +# include #endif -/* possibly wrap the malloc calls */ -#if WRAP_MALLOC +/* Some POSIX definitions for those without */ + +#ifndef S_IFDIR +#define S_IFDIR 0x4000 +#endif +#ifndef S_ISDIR +#define S_ISDIR(mode) ((mode & 0xF000) == S_IFDIR) +#endif +#ifndef S_IRWXU +#define S_IRWXU 00700 /* read, write, execute: owner */ +#endif +#ifndef S_IRUSR +#define S_IRUSR 00400 /* read permission: owner */ +#endif +#ifndef S_IWUSR +#define S_IWUSR 00200 /* write permission: owner */ +#endif +#ifndef S_IXUSR +#define S_IXUSR 00100 /* execute permission: owner */ +#endif +#ifndef S_IRWXG +#define S_IRWXG 00070 /* read, write, execute: group */ +#endif +#ifndef S_IRGRP +#define S_IRGRP 00040 /* read permission: group */ +#endif +#ifndef S_IWGRP +#define S_IWGRP 00020 /* write permission: group */ +#endif +#ifndef S_IXGRP +#define S_IXGRP 00010 /* execute permission: group */ +#endif +#ifndef S_IRWXO +#define S_IRWXO 00007 /* read, write, execute: other */ +#endif +#ifndef S_IROTH +#define S_IROTH 00004 /* read permission: other */ +#endif +#ifndef S_IWOTH +#define S_IWOTH 00002 /* write permission: other */ +#endif +#ifndef S_IXOTH +#define S_IXOTH 00001 /* execute permission: other */ +#endif + +/* For sys_adminlog(). */ +#ifndef LOG_EMERG +#define LOG_EMERG 0 /* system is unusable */ +#endif + +#ifndef LOG_ALERT +#define LOG_ALERT 1 /* action must be taken immediately */ +#endif + +#ifndef LOG_CRIT +#define LOG_CRIT 2 /* critical conditions */ +#endif + +#ifndef LOG_ERR +#define LOG_ERR 3 /* error conditions */ +#endif + +#ifndef LOG_WARNING +#define LOG_WARNING 4 /* warning conditions */ +#endif + +#ifndef LOG_NOTICE +#define LOG_NOTICE 5 /* normal but significant condition */ +#endif -/* undo the old malloc def if necessary */ -#ifdef malloc -#define xx_old_malloc malloc -#undef malloc +#ifndef LOG_INFO +#define LOG_INFO 6 /* informational */ #endif -#define malloc(size) malloc_wrapped(size,__FILE__,__LINE__) +#ifndef LOG_DEBUG +#define LOG_DEBUG 7 /* debug-level messages */ +#endif -/* undo the old realloc def if necessary */ -#ifdef realloc -#define xx_old_realloc realloc -#undef realloc +/* NetBSD doesn't have these */ +#ifndef SHM_R +#define SHM_R 0400 #endif -#define realloc(ptr,size) realloc_wrapped(ptr,size,__FILE__,__LINE__) +#ifndef SHM_W +#define SHM_W 0200 +#endif -/* undo the old free def if necessary */ -#ifdef free -#define xx_old_free free -#undef free +#if HAVE_KERNEL_SHARE_MODES +#ifndef LOCK_MAND +#define LOCK_MAND 32 /* This is a mandatory flock */ +#define LOCK_READ 64 /* ... Which allows concurrent read operations */ +#define LOCK_WRITE 128 /* ... Which allows concurrent write operations */ +#define LOCK_RW 192 /* ... Which allows concurrent read & write ops */ +#endif #endif -#define free(ptr) free_wrapped(ptr,__FILE__,__LINE__) +extern int DEBUGLEVEL; + +#define MAX_SEC_CTX_DEPTH 8 /* Maximum number of security contexts */ + + +#ifdef GLIBC_HACK_FCNTL64 +/* this is a gross hack. 64 bit locking is completely screwed up on + i386 Linux in glibc 2.1.95 (which ships with RedHat 7.0). This hack + "fixes" the problem with the current 2.4.0test kernels +*/ +#define fcntl fcntl64 +#undef F_SETLKW +#undef F_SETLK +#define F_SETLK 13 +#define F_SETLKW 14 +#endif -/* and the malloc prototypes */ -void *malloc_wrapped(int,char *,int); -void *realloc_wrapped(void *,int,char *,int); -void free_wrapped(void *,char *,int); +/* Needed for sys_dlopen/sys_dlsym/sys_dlclose */ +#ifndef RTLD_GLOBAL +#define RTLD_GLOBAL 0 #endif +#ifndef RTLD_LAZY +#define RTLD_LAZY 0 +#endif -#if WRAP_MEMCPY -/* undo the old memcpy def if necessary */ -#ifdef memcpy -#define xx_old_memcpy memcpy -#undef memcpy +#ifndef RTLD_NOW +#define RTLD_NOW 0 #endif -#define memcpy(d,s,l) memcpy_wrapped(d,s,l,__FILE__,__LINE__) -void *memcpy_wrapped(void *d,void *s,int l,char *fname,int line); +/* needed for some systems without iconv. Doesn't really matter + what error code we use */ +#ifndef EILSEQ +#define EILSEQ EIO #endif +/* add varargs prototypes with printf checking */ +int fdprintf(int , const char *, ...) PRINTF_ATTRIBUTE(2,3); +int d_printf(const char *, ...) PRINTF_ATTRIBUTE(1,2); +int d_fprintf(FILE *f, const char *, ...) PRINTF_ATTRIBUTE(2,3); +#ifndef HAVE_SNPRINTF_DECL +int snprintf(char *,size_t ,const char *, ...) PRINTF_ATTRIBUTE(3,4); +#endif +#ifndef HAVE_ASPRINTF_DECL +int asprintf(char **,const char *, ...) PRINTF_ATTRIBUTE(2,3); #endif + +/* we used to use these fns, but now we have good replacements + for snprintf and vsnprintf */ +#define slprintf snprintf +#define vslprintf vsnprintf + +#endif /* _INCLUDES_H */ + diff --git a/source3/include/interfaces.h b/source3/include/interfaces.h new file mode 100644 index 00000000000..3b786f1ebcb --- /dev/null +++ b/source3/include/interfaces.h @@ -0,0 +1,12 @@ +/* + This structure is used by lib/interfaces.c to return the list of network + interfaces on the machine +*/ + +#define MAX_INTERFACES 128 + +struct iface_struct { + char name[16]; + struct in_addr ip; + struct in_addr netmask; +}; diff --git a/source3/include/intl.h b/source3/include/intl.h new file mode 100644 index 00000000000..5b56d9aa2c9 --- /dev/null +++ b/source3/include/intl.h @@ -0,0 +1,24 @@ +/* + Unix SMB/CIFS implementation. + internationalisation headers + Copyright (C) Andrew Tridgell 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +/* ideally we would have a static mapping, but that precludes + dynamic loading. This is a reasonable compromise */ +#define _(x) lang_msg_rotate(x) diff --git a/source3/include/kanji.h b/source3/include/kanji.h deleted file mode 100644 index 4f18305c637..00000000000 --- a/source3/include/kanji.h +++ /dev/null @@ -1,130 +0,0 @@ -/* - Unix SMB/Netbios implementation. - Version 1.9. - Kanji Extensions - Copyright (C) Andrew Tridgell 1992-1994 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - - Adding for Japanese language by 1994.9.5 - and extend coding system to EUC/SJIS/JIS/HEX at 1994.10.11 - and add all jis codes sequence at 1995.8.16 - Notes: Hexadecimal code by -*/ -#ifndef _KANJI_H_ -#define _KANJI_H_ - -#ifdef KANJI - -/* FOR SHIFT JIS CODE */ -#define is_shift_jis(c) \ - ((0x81 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0x9f) \ - || (0xe0 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0xef)) -#define is_shift_jis2(c) \ - (0x40 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0xfc \ - && ((unsigned char) (c)) != 0x7f) -#define is_kana(c) ((0xa0 <= ((unsigned char) (c)) && ((unsigned char) (c)) <= 0xdf)) - -#ifdef _KANJI_C_ -/* FOR EUC CODE */ -#define euc_kana (0x8e) -#define is_euc_kana(c) (((unsigned char) (c)) == euc_kana) -#define is_euc(c) (0xa0 < ((unsigned char) (c)) && ((unsigned char) (c)) < 0xff) - -/* FOR JIS CODE */ -/* default jis third shift code, use for output */ -#ifndef JIS_KSO -#define JIS_KSO 'B' -#endif -#ifndef JIS_KSI -#define JIS_KSI 'J' -#endif -/* in: \E$B or \E$@ */ -/* out: \E(J or \E(B or \E(H */ -#define jis_esc (0x1b) -#define jis_so (0x0e) -#define jis_so1 ('$') -#define jis_so2 ('B') -#define jis_si (0x0f) -#define jis_si1 ('(') -#define jis_si2 ('J') -#define is_esc(c) (((unsigned char) (c)) == jis_esc) -#define is_so1(c) (((unsigned char) (c)) == jis_so1) -#define is_so2(c) (((unsigned char) (c)) == jis_so2 || ((unsigned char) (c)) == '@') -#define is_si1(c) (((unsigned char) (c)) == jis_si1) -#define is_si2(c) (((unsigned char) (c)) == jis_si2 || ((unsigned char) (c)) == 'B' \ - || ((unsigned char) (c)) == 'H') -#define is_so(c) (((unsigned char) (c)) == jis_so) -#define is_si(c) (((unsigned char) (c)) == jis_si) -#define junet_kana1 ('(') -#define junet_kana2 ('I') -#define is_juk1(c) (((unsigned char) (c)) == junet_kana1) -#define is_juk2(c) (((unsigned char) (c)) == junet_kana2) - -#define _KJ_ROMAN (0) -#define _KJ_KANJI (1) -#define _KJ_KANA (2) - -/* FOR HEX */ -#define HEXTAG ':' -#define hex2bin(x) \ - ( ((int) '0' <= ((int) (x)) && ((int) (x)) <= (int)'9')? \ - (((int) (x))-(int)'0'): \ - ((int) 'a'<= ((int) (x)) && ((int) (x))<= (int) 'f')? \ - (((int) (x)) - (int)'a'+10): \ - (((int) (x)) - (int)'A'+10) ) -#define bin2hex(x) \ - ( (((int) (x)) >= 10)? (((int) (x))-10 + (int) 'a'): (((int) (x)) + (int) '0') ) - -#else /* not _KANJI_C_ */ - -extern char* (*_dos_to_unix) (const char *str, BOOL overwrite); -extern char* (*_unix_to_dos) (const char *str, BOOL overwrite); - -#define unix_to_dos (*_unix_to_dos) -#define dos_to_unix (*_dos_to_unix) - -extern char *sj_strtok (char *s1, const char *s2); -extern char *sj_strchr (const char *s, int c); -extern char *sj_strrchr (const char *s, int c); -extern char *sj_strstr (const char *s1, const char *s2); - -#define strchr sj_strchr -#define strrchr sj_strrchr -#define strstr sj_strstr -#define strtok sj_strtok - -#endif /* _KANJI_C_ */ - -#define UNKNOWN_CODE (-1) -#define SJIS_CODE (0) -#define EUC_CODE (1) -#define JIS7_CODE (2) -#define JIS8_CODE (3) -#define JUNET_CODE (4) -#define HEX_CODE (5) -#define CAP_CODE (6) -#define DOSV_CODE SJIS_CODE - -int interpret_coding_system (char *str, int def); - -#else - -#define unix_to_dos(x,y) (x) -#define dos_to_unix(x,y) (x) - -#endif /* not KANJI */ - -#endif /* _KANJI_H_ */ diff --git a/source3/include/libsmbclient.h b/source3/include/libsmbclient.h new file mode 100644 index 00000000000..e343b876d33 --- /dev/null +++ b/source3/include/libsmbclient.h @@ -0,0 +1,790 @@ +/*===================================================================== + Unix SMB/CIFS implementation. + SMB client library API definitions + Copyright (C) Andrew Tridgell 1998 + Copyright (C) Richard Sharpe 2000 + Copyright (C) John Terpsra 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + =====================================================================*/ + +#ifndef SMBCLIENT_H_INCLUDED +#define SMBCLIENT_H_INCLUDED + +/*-------------------------------------------------------------------*/ +/* The following are special comments to instruct DOXYGEN (automated + * documentation tool: +*/ +/** \defgroup libsmbclient +*/ +/** \defgroup structure Data Structures Type and Constants +* \ingroup libsmbclient +* Data structures, types, and constants +*/ +/** \defgroup file File Functions +* \ingroup libsmbclient +* Functions used to access individual file contents +*/ +/** \defgroup directory Directory Functions +* \ingroup libsmbclient +* Functions used to access directory entries +*/ +/** \defgroup attribute Attributes Functions +* \ingroup libsmbclient +* Functions used to view or change file and directory attributes +*/ +/** \defgroup print Print Functions +* \ingroup libsmbclient +* Functions used to access printing functionality +*/ +/** \defgroup attribute Miscellaneous Functions +* \ingroup libsmbclient +* Functions that don't fit in to other categories +*/ +/*-------------------------------------------------------------------*/ + +/* Make sure we have the following includes for now ... */ +#include +#include +#include + +#define SMBC_MAX_NAME 1023 +#define SMBC_WORKGROUP 1 +#define SMBC_SERVER 2 +#define SMBC_FILE_SHARE 3 +#define SMBC_PRINTER_SHARE 4 +#define SMBC_COMMS_SHARE 5 +#define SMBC_IPC_SHARE 6 +#define SMBC_DIR 7 +#define SMBC_FILE 8 +#define SMBC_LINK 9 + +#define SMBC_FILE_MODE (S_IFREG | 0444) +#define SMBC_DIR_MODE (S_IFDIR | 0555) + +#define SMBC_MAX_FD 10000 + + +/**@ingroup structure + * Structure that represents a directory entry. + * + */ +struct smbc_dirent +{ + /** Type of entity. + SMBC_WORKGROUP=1, + SMBC_SERVER=2, + SMBC_FILE_SHARE=3, + SMBC_PRINTER_SHARE=4, + SMBC_COMMS_SHARE=5, + SMBC_IPC_SHARE=6, + SMBC_DIR=7, + SMBC_FILE=8, + SMBC_LINK=9,*/ + uint smbc_type; + + /** Length of this smbc_dirent in bytes + */ + uint dirlen; + /** The length of the comment string in bytes (includes null + * terminator) + */ + uint commentlen; + /** Points to the null terminated comment string + */ + char *comment; + /** The length of the name string in bytes (includes null + * terminator) + */ + uint namelen; + /** Points to the null terminated name string + */ + char name[1]; +}; + + +#ifndef _CLIENT_H +typedef unsigned short uint16; + +/**@ingroup structure + * Structure that represents a print job. + * + */ +struct print_job_info +{ + /** numeric ID of the print job + */ + uint16 id; + + /** represents print job priority (lower numbers mean higher priority) + */ + uint16 priority; + + /** Size of the print job + */ + size_t size; + + /** Name of the user that owns the print job + */ + char user[128]; + + /** Name of the print job. This will have no name if an anonymous print + * file was opened. Ie smb://server/printer + */ + char name[128]; + + /** Time the print job was spooled + */ + time_t t; +}; +#endif + + +/**@ingroup structure + * Authentication callback function type. + * + * Type for the the authentication function called by the library to + * obtain authentication credentals + * + * @param srv Server being authenticated to + * + * @param shr Share being authenticated to + * + * @param wg Pointer to buffer containing a "hint" for the + * workgroup to be authenticated. Should be filled in + * with the correct workgroup if the hint is wrong. + * + * @param wglen The size of the workgroup buffer in bytes + * + * @param un Pointer to buffer containing a "hint" for the + * user name to be use for authentication. Should be + * filled in with the correct workgroup if the hint is + * wrong. + * + * @param unlen The size of the username buffer in bytes + * + * @param pw Pointer to buffer containing to which password + * copied + * + * @param pwlen The size of the password buffer in bytes + * + */ +typedef void (*smbc_get_auth_data_fn)(const char *srv, + const char *shr, + char *wg, int wglen, + char *un, int unlen, + char *pw, int pwlen); + + +/**@ingroup structure + * Print job info callback function type. + * + * @param i pointer to print job information structure + * + */ +typedef void (*smbc_get_print_job_info)(struct print_job_info *i); + + +/**@ingroup misc + * Initialize the samba client library. + * + * Must be called before using any of the smbclient API function + * + * @param fn The function that will be called to obtaion + * authentication credentials. + * + * @param debug Allows caller to set the debug level. Can be + * changed in smb.conf file. Allows caller to set + * debugging if no smb.conf. + * + * @return 0 on success, < 0 on error with errno set: + * - ENOMEM Out of memory + * - ENOENT The smb.conf file would not load + * + */ +int smbc_init(smbc_get_auth_data_fn fn, int debug); + + +/**@ingroup file + * Open a file on an SMB server. + * + * @param furl The smb url of the file to be opened. + * + * @param flags Is one of O_RDONLY, O_WRONLY or O_RDWR which + * request opening the file read-only,write-only + * or read/write. flags may also be bitwise-or'd with + * one or more of the following: + * O_CREAT - If the file does not exist it will be + * created. + * O_EXCL - When used with O_CREAT, if the file + * already exists it is an error and the open will + * fail. + * O_TRUNC - If the file already exists it will be + * truncated. + * O_APPEND The file is opened in append mode + * + * @param mode mode specifies the permissions to use if a new + * file is created. It is modified by the + * process's umask in the usual way: the permissions + * of the created file are (mode & ~umask) + * + * Not currently use, but there for future use. + * We will map this to SYSTEM, HIDDEN, etc bits + * that reverses the mapping that smbc_fstat does. + * + * @return Valid file handle, < 0 on error with errno set: + * - ENOMEM Out of memory + * - EINVAL if an invalid parameter passed, like no + * file, or smbc_init not called. + * - EEXIST pathname already exists and O_CREAT and + * O_EXCL were used. + * - EISDIR pathname refers to a directory and + * the access requested involved writing. + * - EACCES The requested access to the file is not + * allowed + * - ENODEV The requested share does not exist + * - ENOTDIR A file on the path is not a directory + * - ENOENT A directory component in pathname does + * not exist. + * + * @see smbc_creat() + * + * @note This call uses an underlying routine that may create + * a new connection to the server specified in the URL. + * If the credentials supplied in the URL, or via the + * auth_fn in the smbc_init call, fail, this call will + * try again with an empty username and password. This + * often gets mapped to the guest account on some machines. + */ +int smbc_open(const char *furl, int flags, mode_t mode); + + +/**@ingroup file + * Create a file on an SMB server. + * + * Same as calling smbc_open() with flags = O_CREAT|O_WRONLY|O_TRUNC + * + * @param furl The smb url of the file to be created + * + * @param mode mode specifies the permissions to use if a new + * file is created. It is modified by the + * process's umask in the usual way: the permissions + * of the created file are (mode & ~umask) + * + * NOTE, the above is not true. We are dealing with + * an SMB server, which has no concept of a umask! + * + * @return Valid file handle, < 0 on error with errno set: + * - ENOMEM Out of memory + * - EINVAL if an invalid parameter passed, like no + * file, or smbc_init not called. + * - EEXIST pathname already exists and O_CREAT and + * O_EXCL were used. + * - EISDIR pathname refers to a directory and + * the access requested involved writing. + * - EACCES The requested access to the file is not + * allowed + * - ENOENT A directory component in pathname does + * not exist. + * - ENODEV The requested share does not exist. + * @see smbc_open() + * + */ +int smbc_creat(const char *furl, mode_t mode); + + +/**@ingroup file + * Read from a file using an opened file handle. + * + * @param fd Open file handle from smbc_open() or smbc_creat() + * + * @param buf Pointer to buffer to recieve read data + * + * @param bufsize Size of buf in bytes + * + * @return Number of bytes read, < 0 on error with errno set: + * - EISDIR fd refers to a directory + * - EBADF fd is not a valid file descriptor or + * is not open for reading. + * - EINVAL fd is attached to an object which is + * unsuitable for reading, or no buffer passed or + * smbc_init not called. + * + * @see smbc_open(), smbc_write() + * + */ +ssize_t smbc_read(int fd, void *buf, size_t bufsize); + + +/**@ingroup file + * Write to a file using an opened file handle. + * + * @param fd Open file handle from smbc_open() or smbc_creat() + * + * @param buf Pointer to buffer to recieve read data + * + * @param bufsize Size of buf in bytes + * + * @return Number of bytes written, < 0 on error with errno set: + * - EISDIR fd refers to a directory. + * - EBADF fd is not a valid file descriptor or + * is not open for reading. + * - EINVAL fd is attached to an object which is + * unsuitable for reading, or no buffer passed or + * smbc_init not called. + * + * @see smbc_open(), smbc_read() + * + */ +ssize_t smbc_write(int fd, void *buf, size_t bufsize); + + +/**@ingroup file + * Seek to a specific location in a file. + * + * @param fd Open file handle from smbc_open() or smbc_creat() + * + * @param offset Offset in bytes from whence + * + * @param whence A location in the file: + * - SEEK_SET The offset is set to offset bytes from + * the beginning of the file + * - SEEK_CUR The offset is set to current location + * plus offset bytes. + * - SEEK_END The offset is set to the size of the + * file plus offset bytes. + * + * @return Upon successful completion, lseek returns the + * resulting offset location as measured in bytes + * from the beginning of the file. Otherwise, a value + * of (off_t)-1 is returned and errno is set to + * indicate the error: + * - EBADF Fildes is not an open file descriptor. + * - EINVAL Whence is not a proper value or smbc_init + * not called. + * + * @todo Are all the whence values really supported? + * + * @todo Are errno values complete and correct? + */ +off_t smbc_lseek(int fd, off_t offset, int whence); + + +/**@ingroup file + * Close an open file handle. + * + * @param fd The file handle to close + * + * @return 0 on success, < 0 on error with errno set: + * - EBADF fd isn't a valid open file descriptor + * - EINVAL smbc_init() failed or has not been called + * + * @see smbc_open(), smbc_creat() + */ +int smbc_close(int fd); + + +/**@ingroup directory + * Unlink (delete) a file or directory. + * + * @param furl The smb url of the file to delete + * + * @return 0 on success, < 0 on error with errno set: + * - EACCES or EPERM Write access to the directory + * containing pathname is not allowed or one + * of the directories in pathname did not allow + * search (execute) permission + * - ENOENT A directory component in pathname does + * not exist + * - EINVAL NULL was passed in the file param or + * smbc_init not called. + * - EACCES You do not have access to the file + * - ENOMEM Insufficient kernel memory was available + * + * @see smbc_rmdir()s + * + * @todo Are errno values complete and correct? + */ +int smbc_unlink(const char *furl); + + +/**@ingroup directory + * Rename or move a file or directory. + * + * @param ourl The original smb url (source url) of file or + * directory to be moved + * + * @param nurl The new smb url (destination url) of the file + * or directory after the move. Currently nurl must + * be on the same share as ourl. + * + * @return 0 on success, < 0 on error with errno set: + * - EISDIR nurl is an existing directory, but ourl is + * not a directory. + * - EEXIST nurl is a non-empty directory, + * i.e., contains entries other than "." and ".." + * - EINVAL The new url contained a path prefix + * of the old, or, more generally, an attempt was + * made to make a directory a subdirectory of itself + * or smbc_init not called. + * - ENOTDIR A component used as a directory in ourl + * or nurl path is not, in fact, a directory. Or, + * ourl is a directory, and newpath exists but is not + * a directory. + * - EACCES or EPERM Write access to the directory + * containing ourl or nurl is not allowed for the + * process's effective uid, or one of the + * directories in ourl or nurl did not allow search + * (execute) permission, or ourl was a directory + * and did not allow write permission. + * - ENOENT A directory component in ourl or nurl + * does not exist. + * - EXDEV Rename across shares not supported. + * - ENOMEM Insufficient kernel memory was available. + * - EEXIST The target file, nurl, already exists. + * + * + * @todo Are we going to support copying when urls are not on the same + * share? I say no... NOTE. I agree for the moment. + * + */ +int smbc_rename(const char *ourl, const char *nurl); + + +/**@ingroup directory + * Open a directory used to obtain directory entries. + * + * @param durl The smb url of the directory to open + * + * @return Valid directory handle. < 0 on error with errno set: + * - EACCES Permission denied. + * - EINVAL A NULL file/URL was passed, or the URL would + * not parse, or was of incorrect form or smbc_init not + * called. + * - ENOENT durl does not exist, or name is an + * - ENOMEM Insufficient memory to complete the + * operation. + * - ENOTDIR name is not a directory. + * - EPERM the workgroup could not be found. + * - ENODEV the workgroup or server could not be found. + * + * @see smbc_getdents(), smbc_readdir(), smbc_closedir() + * + */ +int smbc_opendir(const char *durl); + + +/**@ingroup directory + * Close a directory handle opened by smbc_opendir(). + * + * @param dh Directory handle to close + * + * @return 0 on success, < 0 on error with errno set: + * - EBADF dh is an invalid directory handle + * + * @see smbc_opendir() + */ +int smbc_closedir(int dh); + + +/**@ingroup directory + * Get multiple directory entries. + * + * smbc_getdents() reads as many dirent structures from the an open + * directory handle into a specified memory area as will fit. + * + * @param dh Valid directory as returned by smbc_opendir() + * + * @param dirp pointer to buffer that will receive the directory + * entries. + * + * @param count The size of the dirp buffer in bytes + * + * @returns If any dirents returned, return will indicate the + * total size. If there were no more dirents available, + * 0 is returned. < 0 indicates an error. + * - EBADF Invalid directory handle + * - EINVAL Result buffer is too small or smbc_init + * not called. + * - ENOENT No such directory. + * @see , smbc_dirent, smbc_readdir(), smbc_open() + * + * @todo Are errno values complete and correct? + * + * @todo Add example code so people know how to parse buffers. + */ +int smbc_getdents(unsigned int dh, struct smbc_dirent *dirp, int count); + + +/**@ingroup directory + * Get a single directory entry. + * + * @param dh Valid directory as returned by smbc_opendir() + * + * @return A pointer to a smbc_dirent structure, or NULL if an + * error occurs or end-of-directory is reached: + * - EBADF Invalid directory handle + * - EINVAL smbc_init() failed or has not been called + * + * @see smbc_dirent, smbc_getdents(), smbc_open() + */ +struct smbc_dirent* smbc_readdir(unsigned int dh); + + +/**@ingroup directory + * Get the current directory offset. + * + * smbc_telldir() may be used in conjunction with smbc_readdir() and + * smbc_lseekdir(). + * + * @param dh Valid directory as returned by smbc_opendir() + * + * @return The current location in the directory stream or -1 + * if an error occur. The current location is not + * an offset. Becuase of the implementation, it is a + * handle that allows the library to find the entry + * later. + * - EBADF dh is not a valid directory handle + * - EINVAL smbc_init() failed or has not been called + * - ENOTDIR if dh is not a directory + * + * @see smbc_readdir() + * + */ +off_t smbc_telldir(int dh); + + +/**@ingroup directory + * lseek on directories. + * + * smbc_lseekdir() may be used in conjunction with smbc_readdir() and + * smbc_telldir(). (rewind by smbc_lseekdir(fd, NULL)) + * + * @param fd Valid directory as returned by smbc_opendir() + * + * @param offset The offset (as returned by smbc_telldir). Can be + * NULL, in which case we will rewind + * + * @return 0 on success, -1 on failure + * - EBADF dh is not a valid directory handle + * - ENOTDIR if dh is not a directory + * - EINVAL offset did not refer to a valid dirent or + * smbc_init not called. + * + * @see smbc_telldir() + * + * + * @todo In what does the reture and errno values mean? + */ +int smbc_lseekdir(int fd, off_t offset); + +/**@ingroup directory + * Create a directory. + * + * @param durl The url of the directory to create + * + * @param mode Specifies the permissions to use. It is modified + * by the process's umask in the usual way: the + * permissions of the created file are (mode & ~umask). + * + * @return 0 on success, < 0 on error with errno set: + * - EEXIST directory url already exists + * - EACCES The parent directory does not allow write + * permission to the process, or one of the directories + * - ENOENT A directory component in pathname does not + * exist. + * - EINVAL NULL durl passed or smbc_init not called. + * - ENOMEM Insufficient memory was available. + * + * @see smbc_rmdir() + * + */ +int smbc_mkdir(const char *durl, mode_t mode); + + +/**@ingroup directory + * Remove a directory. + * + * @param durl The smb url of the directory to remove + * + * @return 0 on success, < 0 on error with errno set: + * - EACCES or EPERM Write access to the directory + * containing pathname was not allowed. + * - EINVAL durl is NULL or smbc_init not called. + * - ENOENT A directory component in pathname does not + * exist. + * - ENOTEMPTY directory contains entries. + * - ENOMEM Insufficient kernel memory was available. + * + * @see smbc_mkdir(), smbc_unlink() + * + * @todo Are errno values complete and correct? + */ +int smbc_rmdir(const char *durl); + + +/**@ingroup attribute + * Get information about a file or directory. + * + * @param url The smb url to get information for + * + * @param st pointer to a buffer that will be filled with + * standard Unix struct stat information. + * + * @return 0 on success, < 0 on error with errno set: + * - ENOENT A component of the path file_name does not + * exist. + * - EINVAL a NULL url was passed or smbc_init not called. + * - EACCES Permission denied. + * - ENOMEM Out of memory + * - ENOTDIR The target dir, url, is not a directory. + * + * @see Unix stat() + * + */ +int smbc_stat(const char *url, struct stat *st); + + +/**@ingroup attribute + * Get file information via an file descriptor. + * + * @param fd Open file handle from smbc_open() or smbc_creat() + * + * @param st pointer to a buffer that will be filled with + * standard Unix struct stat information. + * + * @return EBADF filedes is bad. + * - EACCES Permission denied. + * - EBADF fd is not a valid file descriptor + * - EINVAL Problems occurred in the underlying routines + * or smbc_init not called. + * - ENOMEM Out of memory + * + * @see smbc_stat(), Unix stat() + * + */ +int smbc_fstat(int fd, struct stat *st); + + +/**@ingroup attribue + * Change the ownership of a file or directory. + * + * @param url The smb url of the file or directory to change + * ownership of. + * + * @param owner I have no idea? + * + * @param group I have not idea? + * + * @return 0 on success, < 0 on error with errno set: + * - EPERM The effective UID does not match the owner + * of the file, and is not zero; or the owner or group + * were specified incorrectly. + * - ENOENT The file does not exist. + * - ENOMEM Insufficient was available. + * - ENOENT file or directory does not exist + * + * @todo Are we actually going to be able to implement this function + * + * @todo How do we abstract owner and group uid and gid? + * + */ +int smbc_chown(const char *url, uid_t owner, gid_t group); + + +/**@ingroup attribute + * Change the permissions of a file. + * + * @param url The smb url of the file or directory to change + * permissions of + * + * @param mode The permissions to set: + * - Put good explaination of permissions here! + * + * @return 0 on success, < 0 on error with errno set: + * - EPERM The effective UID does not match the owner + * of the file, and is not zero + * - ENOENT The file does not exist. + * - ENOMEM Insufficient was available. + * - ENOENT file or directory does not exist + * + * @todo Actually implement this fuction? + * + * @todo Are errno values complete and correct? + */ +int smbc_chmod(const char *url, mode_t mode); + + +/**@ingroup print + * Print a file given the name in fname. It would be a URL ... + * + * @param fname The URL of a file on a remote SMB server that the + * caller wants printed + * + * @param printq The URL of the print share to print the file to. + * + * @return 0 on success, < 0 on error with errno set: + * + * - EINVAL fname or printq was NULL or smbc_init not + * not called. + * and errors returned by smbc_open + * + */ +int smbc_print_file(const char *fname, const char *printq); + +/**@ingroup print + * Open a print file that can be written to by other calls. This simply + * does an smbc_open call after checking if there is a file name on the + * URI. If not, a temporary name is added ... + * + * @param fname The URL of the print share to print to? + * + * @returns A file handle for the print file if successful. + * Returns -1 if an error ocurred and errno has the values + * - EINVAL fname was NULL or smbc_init not called. + * - all errors returned by smbc_open + * + */ +int smbc_open_print_job(const char *fname); + +/**@ingroup print + * List the print jobs on a print share, for the moment, pass a callback + * + * @param purl The url of the print share to list the jobs of + * + * @param fn Callback function the receives printjob info + * + * @return 0 on success, < 0 on error with errno set: + * - EINVAL fname was NULL or smbc_init not called + * - EACCES ??? + */ +int smbc_list_print_jobs(const char *purl, smbc_get_print_job_info fn); + +/**@ingroup print + * Delete a print job + * + * @param purl Url of the print share + * + * @param id The id of the job to delete + * + * @return 0 on success, < 0 on error with errno set: + * - EINVAL fname was NULL or smbc_init not called + * + * @todo what errno values are possible here? + */ +int smbc_unlink_print_job(const char *purl, int id); + + +#endif /* SMBCLIENT_H_INCLUDED */ diff --git a/source3/include/local.h b/source3/include/local.h index 2775453e150..1ecd63738ec 100644 --- a/source3/include/local.h +++ b/source3/include/local.h @@ -1,7 +1,24 @@ +/* Copyright (C) 1995-1998 Samba-Team */ +/* Copyright (C) 1998 John H Terpstra */ + /* local definitions for file server */ #ifndef _LOCAL_H #define _LOCAL_H +/* The default workgroup - usually overridden in smb.conf */ +#ifndef WORKGROUP +#define WORKGROUP "WORKGROUP" +#endif + +/* the maximum debug level to compile into the code. This assumes a good + optimising compiler that can remove unused code + for embedded or low-memory systems set this to a value like 2 to get + only important messages. This gives *much* smaller binaries +*/ +#ifndef MAX_DEBUG_LEVEL +#define MAX_DEBUG_LEVEL 1000 +#endif + /* This defines the section name in the configuration file that will contain */ /* global parameters - that is, parameters relating to the whole server, not */ /* just services. This name is then reserved, and may not be used as a */ @@ -17,57 +34,57 @@ refer to the special "printers" service */ #define PRINTERS_NAME "printers" -/* This defines the name of the printcap file. It is MOST UNLIKELY that - this will change BUT! Specifying a file with the format of a printcap - file but containing only a subset of the printers actually in your real - printcap file is a quick-n-dirty way to allow dynamic access to a subset - of available printers. -*/ -#define PRINTCAP_NAME "/etc/printcap" - -/* set these to define the limits of the server. NOTE These are on a - per-client basis. Thus any one machine can't connect to more than - MAX_CONNECTIONS services, but any number of machines may connect at - one time. */ -#define MAX_CONNECTIONS 127 -#define MAX_OPEN_FILES 100 - -/* the max number of connections that the smbstatus program will show */ -#define MAXSTATUS 1000 +/* Yves Gaige requested this set this */ +/* to a maximum of 8 if old smb clients break because of long printer names. */ +#define MAXPRINTERLEN 15 /* max number of directories open at once */ /* note that with the new directory code this no longer requires a file handle per directory, but large numbers do use more memory */ -#define MAXDIR 64 +#define MAX_OPEN_DIRECTORIES 256 + +/* max number of directory handles */ +/* As this now uses the bitmap code this can be + quite large. */ +#define MAX_DIRECTORY_HANDLES 2048 + +/* maximum number of file caches per smbd */ +#define MAX_WRITE_CACHES 10 + +/* define what facility to use for syslog */ +#ifndef SYSLOG_FACILITY +#define SYSLOG_FACILITY LOG_DAEMON +#endif + +/* + * Default number of maximum open files per smbd. This is + * also limited by the maximum available file descriptors + * per process and can also be set in smb.conf as "max open files" + * in the [global] section. + */ + +#ifndef MAX_OPEN_FILES +#define MAX_OPEN_FILES 10000 +#endif + +/* the max number of simultanous connections to the server by all clients */ +/* zero means no limit. */ +#define MAXSTATUS 0 #define WORDMAX 0xFFFF +/* the maximum password length before we declare a likely attack */ +#define MAX_PASS_LEN 200 /* separators for lists */ #define LIST_SEP " \t,;:\n\r" -#ifndef LOCKDIR -#define LOCKDIR "/tmp/samba" -#endif +/* wchar separators for lists */ +#define LIST_SEP_W wchar_list_sep /* this is where browse lists are kept in the lock dir */ #define SERVER_LIST "browse.dat" -/* the print command on the server, %s is replaced with the filename */ -/* note that the -r removes the file after printing - you'll run out */ -/* of disk pretty quickly if you don't. This command is only used as */ -/* the default - it can be overridden in the configuration file. */ -#define PRINT_COMMAND "lpr -r %s" - -/* the lpq command on the server. the printername is passed as an argument */ -#ifndef LPQ_COMMAND -#define LPQ_COMMAND "lpq -P" -#endif - -/* shall guest entries in printer queues get changed to user entries, - so they can be deleted using the windows print manager? */ -#define LPQ_GUEST_TO_USER - /* shall filenames with illegal chars in them get mangled in long filename listings? */ #define MANGLE_LONG_FILENAMES @@ -79,43 +96,18 @@ /* the size of the directory cache */ #define DIRCACHESIZE 20 -/* what type of filesystem do we want this to show up as in a NT file - manager window? */ -#define FSTYPE_STRING "Samba" - -/* we have two time standards - local and GMT. This will try to sort them out. - */ - -#define LOCAL_TO_GMT 1 -#define GMT_TO_LOCAL (-1) +/* what default type of filesystem do we want this to show up as in a + NT file manager window? */ +#define FSTYPE_STRING "NTFS" -/* do you want smbd to send a 1 byte packet to nmbd to trigger it to start - when smbd starts? */ -#ifndef PRIME_NMBD -#define PRIME_NMBD 1 +/* the default guest account - normally set in the Makefile or smb.conf */ +#ifndef GUEST_ACCOUNT +#define GUEST_ACCOUNT "nobody" #endif -/* do you want session setups at user level security with a invalid - password to be rejected or allowed in as guest? WinNT rejects them - but it can be a pain as it means "net view" needs to use a password - - You have 3 choices: - - GUEST_SESSSETUP = 0 means session setups with an invalid password - are rejected. - - GUEST_SESSSETUP = 1 means session setups with an invalid password - are rejected, unless the username does not exist, in which case it - is treated as a guest login - - GUEST_SESSSETUP = 2 means session setups with an invalid password - are treated as a guest login - - Note that GUEST_SESSSETUP only has an effect in user or server - level security. - */ -#ifndef GUEST_SESSSETUP -#define GUEST_SESSSETUP 0 +/* user to test password server with as invalid in security=server mode. */ +#ifndef INVALID_USER_PREFIX +#define INVALID_USER_PREFIX "sambatest" #endif /* the default pager to use for the client "more" command. Users can @@ -130,18 +122,19 @@ /* the following control timings of various actions. Don't change them unless you know what you are doing. These are all in seconds */ #define DEFAULT_SMBD_TIMEOUT (60*60*24*7) -#define SMBD_RELOAD_CHECK (10) -#define SHARE_MODES_CHECK (10) -#define SHARE_MODES_CLEAN (300) +#define SMBD_RELOAD_CHECK (180) #define IDLE_CLOSED_TIMEOUT (60) #define DPTR_IDLE_TIMEOUT (120) -#define SMBD_SELECT_LOOP (10) +#define SMBD_SELECT_TIMEOUT (60) +#define SMBD_SELECT_TIMEOUT_WITH_PENDING_LOCKS (10) #define NMBD_SELECT_LOOP (10) #define BROWSE_INTERVAL (60) #define REGISTRATION_INTERVAL (10*60) #define NMBD_INETD_TIMEOUT (120) #define NMBD_MAX_TTL (24*60*60) #define LPQ_LOCK_TIMEOUT (5) +#define NMBD_INTERFACES_RELOAD (120) +#define NMBD_UNEXPECTED_TIMEOUT (15) /* the following are in milliseconds */ #define LOCK_RETRY_TIMEOUT (100) @@ -151,17 +144,63 @@ accessible to root */ #define DUMP_CORE 1 -/* what is the longest significant password available on your system? - Knowing this speeds up password searches a lot */ -#ifndef PASSWORD_LENGTH -#define PASSWORD_LENGTH 8 +/* shall we support browse requests via a FIFO to nmbd? */ +#define ENABLE_FIFO 1 + +/* how long (in miliseconds) to wait for a socket connect to happen */ +#define LONG_CONNECT_TIMEOUT 30000 +#define SHORT_CONNECT_TIMEOUT 5000 + +/* the default netbios keepalive timeout */ +#define DEFAULT_KEEPALIVE 300 + +/* the directory to sit in when idle */ +/* #define IDLE_DIR "/" */ + +/* Timout (in seconds) to wait for an oplock break + message to return from the client. */ + +#define OPLOCK_BREAK_TIMEOUT 30 + +/* Timout (in seconds) to add to the oplock break timeout + to wait for the smbd to smbd message to return. */ + +#define OPLOCK_BREAK_TIMEOUT_FUDGEFACTOR 2 + +/* the read preciction code has been disabled until some problems with + it are worked out */ +#define USE_READ_PREDICTION 0 + +/* name of directory that netatalk uses to store macintosh resource forks */ +#define APPLEDOUBLE ".AppleDouble/" + +/* + * Default passwd chat script. + */ + +#define DEFAULT_PASSWD_CHAT "*new*password* %n\\n *new*password* %n\\n *changed*" + +/* Minimum length of allowed password when changing UNIX password. */ +#define MINPASSWDLENGTH 5 + +/* maximum ID number used for session control. This cannot be larger + than 62*62 for the current code */ +#define MAX_SESSION_ID 3000 + +#ifndef SESSION_TEMPLATE +#define SESSION_TEMPLATE "smb/%d" #endif -#define SMB_ALIGNMENT 1 +/* the maximum age in seconds of a password. Should be a lp_ parameter */ +#define MAX_PASSWORD_AGE (21*24*60*60) +/* Allocation roundup. */ +#define SMB_ROUNDUP_ALLOCATION_SIZE 0x100000 -/* shall we support browse requests via a FIFO to nmbd? */ -#define ENABLE_FIFO 1 +/* shall we deny oplocks to clients that get timeouts? */ +#define FASCIST_OPLOCK_BACKOFF 1 +/* this enables the "rabbit pellet" fix for SMBwritebraw */ +#define RABBIT_PELLET_FIX 1 #endif diff --git a/source3/include/mangle.h b/source3/include/mangle.h new file mode 100644 index 00000000000..d3218519f88 --- /dev/null +++ b/source3/include/mangle.h @@ -0,0 +1,11 @@ +/* + header for 8.3 name mangling interface +*/ + +struct mangle_fns { + BOOL (*is_mangled)(const char *s); + BOOL (*is_8_3)(const char *fname, BOOL check_case); + void (*reset)(void); + BOOL (*check_cache)(char *s); + BOOL (*name_map)(char *OutName, BOOL need83, BOOL cache83); +}; diff --git a/source3/include/mapping.h b/source3/include/mapping.h new file mode 100644 index 00000000000..5ef5c19dd27 --- /dev/null +++ b/source3/include/mapping.h @@ -0,0 +1,60 @@ +/* + * Unix SMB/CIFS implementation. + * RPC Pipe client / server routines + * Copyright (C) Andrew Tridgell 1992-2000, + * Copyright (C) Jean François Micouleau 1998-2001. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 2 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + */ + +#define PRIV_ALL_INDEX 5 + +#define SE_PRIV_NONE 0x0000 +#define SE_PRIV_ADD_MACHINES 0x0006 +#define SE_PRIV_SEC_PRIV 0x0008 +#define SE_PRIV_TAKE_OWNER 0x0009 +#define SE_PRIV_ADD_USERS 0xff01 +#define SE_PRIV_PRINT_OPERATOR 0xff03 +#define SE_PRIV_ALL 0xffff + +#define ENUM_ONLY_MAPPED True +#define ENUM_ALL_MAPPED False + +#define MAPPING_WITH_PRIV True +#define MAPPING_WITHOUT_PRIV False + +#define PR_NONE 0x0000 +#define PR_LOG_ON_LOCALLY 0x0001 +#define PR_ACCESS_FROM_NETWORK 0x0002 +#define PR_LOG_ON_BATCH_JOB 0x0004 +#define PR_LOG_ON_SERVICE 0x0010 + + +typedef struct _GROUP_MAP { + gid_t gid; + DOM_SID sid; + enum SID_NAME_USE sid_name_use; + fstring nt_name; + fstring comment; + uint32 systemaccount; + PRIVILEGE_SET priv_set; +} GROUP_MAP; + +typedef struct _PRIVS { + uint32 se_priv; + char *priv; + char *description; +} PRIVS; + diff --git a/source3/include/md5.h b/source3/include/md5.h new file mode 100644 index 00000000000..dc2f2dd207f --- /dev/null +++ b/source3/include/md5.h @@ -0,0 +1,25 @@ +#ifndef MD5_H +#define MD5_H +#ifndef HEADER_MD5_H +/* Try to avoid clashes with OpenSSL */ +#define HEADER_MD5_H +#endif + +struct MD5Context { + uint32 buf[4]; + uint32 bits[2]; + unsigned char in[64]; +}; + +void MD5Init(struct MD5Context *context); +void MD5Update(struct MD5Context *context, unsigned char const *buf, + unsigned len); +void MD5Final(unsigned char digest[16], struct MD5Context *context); +void MD5Transform(uint32 buf[4], uint32 const in[16]); + +/* + * This is needed to make RSAREF happy on some MS-DOS compilers. + */ +typedef struct MD5Context MD5_CTX; + +#endif /* !MD5_H */ diff --git a/source3/include/messages.h b/source3/include/messages.h new file mode 100644 index 00000000000..9868b5de099 --- /dev/null +++ b/source3/include/messages.h @@ -0,0 +1,60 @@ +/* + Unix SMB/CIFS implementation. + messages.c header + Copyright (C) Andrew Tridgell 2000 + Copyright (C) 2001, 2002 by Martin Pool + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _MESSAGES_H_ +#define _MESSAGES_H_ + +/* general messages */ +#define MSG_DEBUG 1 +#define MSG_PING 2 +#define MSG_PONG 3 +#define MSG_PROFILE 4 +#define MSG_REQ_DEBUGLEVEL 5 +#define MSG_DEBUGLEVEL 6 +#define MSG_REQ_PROFILELEVEL 7 +#define MSG_PROFILELEVEL 8 +#define MSG_REQ_POOL_USAGE 9 +#define MSG_POOL_USAGE 10 + +/* If dmalloc is included, set a steady-state mark */ +#define MSG_REQ_DMALLOC_MARK 11 + +/* If dmalloc is included, dump to the dmalloc log a description of + * what has changed since the last MARK */ +#define MSG_REQ_DMALLOC_LOG_CHANGED 12 + +#define MSG_SHUTDOWN 13 + +/* nmbd messages */ +#define MSG_FORCE_ELECTION 1001 +#define MSG_WINS_NEW_ENTRY 1002 + +/* rpc messages */ +#define MSG_PRINTER_NOTIFY 2001 +#define MSG_PRINTER_UPDATE 2002 + +/* smbd messages */ +#define MSG_SMB_CONF_UPDATED 3001 +#define MSG_SMB_FORCE_TDIS 3002 +#define MSG_SMB_SAM_SYNC 3003 +#define MSG_SMB_SAM_REPL 3004 + +#endif diff --git a/source3/include/msdfs.h b/source3/include/msdfs.h new file mode 100644 index 00000000000..ab56ae4af44 --- /dev/null +++ b/source3/include/msdfs.h @@ -0,0 +1,77 @@ +/* + Unix SMB/CIFS implementation. + MSDfs services for Samba + Copyright (C) Shirish Kalele 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _MSDFS_H +#define _MSDFS_H + +#define REFERRAL_TTL 600 + +/* Flags used in trans2 Get Referral reply */ +#define DFSREF_REFERRAL_SERVER 0x1 +#define DFSREF_STORAGE_SERVER 0x2 + +/* Referral sizes */ +#define VERSION2_REFERRAL_SIZE 0x16 +#define VERSION3_REFERRAL_SIZE 0x22 +#define REFERRAL_HEADER_SIZE 0x08 + +/* Maximum number of referrals for each Dfs volume */ +#define MAX_REFERRAL_COUNT 256 + +struct referral +{ + pstring alternate_path; /* contains the path referred */ + uint32 proximity; + uint32 ttl; /* how long should client cache referral */ +}; + +struct junction_map +{ + pstring service_name; + pstring volume_name; + int referral_count; + struct referral* referral_list; +}; + +struct dfs_path +{ + pstring hostname; + pstring servicename; + pstring volumename; + pstring restofthepath; +}; + +#define RESOLVE_DFSPATH(name, conn, inbuf, outbuf) \ +{ if(((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES)) && \ + dfs_redirect(name,conn)) \ + return ERROR_NT(NT_STATUS_PATH_NOT_COVERED); } + +#define RESOLVE_FINDFIRST_DFSPATH(name, conn, inbuf, outbuf) \ +{ if((SVAL(inbuf,smb_flg2) & FLAGS2_DFS_PATHNAMES) || \ + get_remote_arch()==RA_WIN95) \ + if(dfs_findfirst_redirect(directory,conn)) \ + return ERROR_NT(NT_STATUS_PATH_NOT_COVERED); } + +#define init_dfsroot(conn, inbuf, outbuf) \ +{ if(lp_msdfs_root(SNUM(conn)) && lp_host_msdfs()) \ + SSVAL(outbuf, smb_vwv2, SMB_SHARE_IN_DFS | SMB_SUPPORT_SEARCH_BITS); \ +} + +#endif /* _MSDFS_H */ diff --git a/source3/include/nameserv.h b/source3/include/nameserv.h index 168dd4ba866..53a5a3b5d8a 100644 --- a/source3/include/nameserv.h +++ b/source3/include/nameserv.h @@ -1,8 +1,9 @@ +#ifndef _NAMESERV_H_ +#define _NAMESERV_H_ /* - Unix SMB/Netbios implementation. - Version 1.9. + Unix SMB/CIFS implementation. NBT netbios header - version 2 - Copyright (C) Andrew Tridgell 1994-1995 + Copyright (C) Andrew Tridgell 1994-1998 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -20,59 +21,434 @@ */ -#define MAX_DGRAM_SIZE 576 +#define INFO_VERSION "INFO/version" +#define INFO_COUNT "INFO/num_entries" +#define INFO_ID_HIGH "INFO/id_high" +#define INFO_ID_LOW "INFO/id_low" +#define ENTRY_PREFIX "ENTRY/" + +#define PERMANENT_TTL 0 + +/* NTAS uses 2, NT uses 1, WfWg uses 0 */ +#define MAINTAIN_LIST 2 +#define ELECTION_VERSION 1 + +#define MAX_DGRAM_SIZE (576) /* tcp/ip datagram limit is 576 bytes */ #define MIN_DGRAM_SIZE 12 -#define NMB_PORT 137 -#define DGRAM_PORT 138 -#define SMB_PORT 139 +/********************************************************* + Types of reply packet. +**********************************************************/ + +enum netbios_reply_type_code { NMB_QUERY, NMB_STATUS, NMB_REG, NMB_REG_REFRESH, + NMB_REL, NMB_WAIT_ACK, NMB_MULTIHOMED_REG, + WINS_REG, WINS_QUERY }; + +/* From rfc1002, 4.2.1.2 */ +/* Question types. */ +#define QUESTION_TYPE_NB_QUERY 0x20 +#define QUESTION_TYPE_NB_STATUS 0x21 + +/* Question class */ +#define QUESTION_CLASS_IN 0x1 + +/* Opcode definitions */ +#define NMB_NAME_QUERY_OPCODE 0x0 +#define NMB_NAME_REG_OPCODE 0x05 /* see rfc1002.txt 4.2.2,3,5,6,7,8 */ +#define NMB_NAME_RELEASE_OPCODE 0x06 /* see rfc1002.txt 4.2.9,10,11 */ +#define NMB_WACK_OPCODE 0x07 /* see rfc1002.txt 4.2.16 */ +/* Ambiguity in rfc1002 about which of these is correct. */ +/* WinNT uses 8 by default but can be made to use 9. */ +#define NMB_NAME_REFRESH_OPCODE_8 0x08 /* see rfc1002.txt 4.2.4 */ +#define NMB_NAME_REFRESH_OPCODE_9 0x09 /* see rfc1002.txt 4.2.4 */ +#define NMB_NAME_MULTIHOMED_REG_OPCODE 0x0F /* Invented by Microsoft. */ + +/* XXXX what about all the other types?? 0x1, 0x2, 0x3, 0x4, 0x8? */ + +/* Resource record types. rfc1002 4.2.1.3 */ +#define RR_TYPE_A 0x1 +#define RR_TYPE_NS 0x2 +#define RR_TYPE_NULL 0xA +#define RR_TYPE_NB 0x20 +#define RR_TYPE_NBSTAT 0x21 + +/* Resource record class. */ +#define RR_CLASS_IN 0x1 + +/* NetBIOS flags */ +#define NB_GROUP 0x80 +#define NB_PERM 0x02 +#define NB_ACTIVE 0x04 +#define NB_CONFL 0x08 +#define NB_DEREG 0x10 +#define NB_BFLAG 0x00 /* Broadcast node type. */ +#define NB_PFLAG 0x20 /* Point-to-point node type. */ +#define NB_MFLAG 0x40 /* Mixed bcast & p-p node type. */ +#define NB_HFLAG 0x60 /* Microsoft 'hybrid' node type. */ +#define NB_NODETYPEMASK 0x60 +/* Mask applied to outgoing NetBIOS flags. */ +#define NB_FLGMSK 0xE0 + +/* The wins flags. Looks like the nbflags ! */ +#define WINS_UNIQUE 0x00 /* Unique record */ +#define WINS_NGROUP 0x01 /* Normal Group eg: 1B */ +#define WINS_SGROUP 0x02 /* Special Group eg: 1C */ +#define WINS_MHOMED 0x03 /* MultiHomed */ + +#define WINS_ACTIVE 0x00 /* active record */ +#define WINS_RELEASED 0x04 /* released record */ +#define WINS_TOMBSTONED 0x08 /* tombstoned record */ +#define WINS_DELETED 0x0C /* deleted record */ + +#define WINS_STATE_MASK 0x0C + +#define WINS_LOCAL 0x00 /* local record */ +#define WINS_REMOTE 0x10 /* remote record */ + +#define WINS_BNODE 0x00 /* Broadcast node */ +#define WINS_PNODE 0x20 /* PtP node */ +#define WINS_MNODE 0x40 /* Mixed node */ +#define WINS_HNODE 0x60 /* Hybrid node */ -enum name_source {LMHOSTS, REGISTER, SELF, DNS, DNSFAIL}; +#define WINS_NONSTATIC 0x00 /* dynamic record */ +#define WINS_STATIC 0x80 /* static record */ + +#define WINS_STATE_ACTIVE(p) (((p)->data.wins_flags & WINS_STATE_MASK) == WINS_ACTIVE) + + +/* NetBIOS flag identifier. */ +#define NAME_GROUP(p) ((p)->data.nb_flags & NB_GROUP) +#define NAME_BFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_BFLAG) +#define NAME_PFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_PFLAG) +#define NAME_MFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_MFLAG) +#define NAME_HFLAG(p) (((p)->data.nb_flags & NB_NODETYPEMASK) == NB_HFLAG) + +/* Samba name state for a name in a namelist. */ +#define NAME_IS_ACTIVE(p) ((p)->data.nb_flags & NB_ACTIVE) +#define NAME_IN_CONFLICT(p) ((p)->data.nb_flags & NB_CONFL) +#define NAME_IS_DEREGISTERING(p) ((p)->data.nb_flags & NB_DEREG) + +/* Error codes for NetBIOS requests. */ +#define FMT_ERR 0x1 /* Packet format error. */ +#define SRV_ERR 0x2 /* Internal server error. */ +#define NAM_ERR 0x3 /* Name does not exist. */ +#define IMP_ERR 0x4 /* Request not implemented. */ +#define RFS_ERR 0x5 /* Request refused. */ +#define ACT_ERR 0x6 /* Active error - name owned by another host. */ +#define CFT_ERR 0x7 /* Name in conflict error. */ + +#define REFRESH_TIME (15*60) +#define NAME_POLL_REFRESH_TIME (5*60) +#define NAME_POLL_INTERVAL 15 + +/* Workgroup state identifiers. */ +#define AM_POTENTIAL_MASTER_BROWSER(work) ((work)->mst_state == MST_POTENTIAL) +#define AM_LOCAL_MASTER_BROWSER(work) ((work)->mst_state == MST_BROWSER) +#define AM_DOMAIN_MASTER_BROWSER(work) ((work)->dom_state == DOMAIN_MST) +#define AM_DOMAIN_MEMBER(work) ((work)->log_state == LOGON_SRV) + +/* Microsoft browser NetBIOS name. */ +#define MSBROWSE "\001\002__MSBROWSE__\002" + +/* Mail slots. */ +#define BROWSE_MAILSLOT "\\MAILSLOT\\BROWSE" +#define NET_LOGON_MAILSLOT "\\MAILSLOT\\NET\\NETLOGON" +#define NT_LOGON_MAILSLOT "\\MAILSLOT\\NET\\NTLOGON" +#define LANMAN_MAILSLOT "\\MAILSLOT\\LANMAN" + +/* Samba definitions for find_name_on_subnet(). */ +#define FIND_ANY_NAME 0 +#define FIND_SELF_NAME 1 + +/* + * The different name types that can be in namelists. + * + * SELF_NAME should only be on the broadcast and unicast subnets. + * LMHOSTS_NAME should only be in the remote_broadcast_subnet. + * REGISTER_NAME, DNS_NAME, DNSFAIL_NAME should only be in the wins_server_subnet. + * WINS_PROXY_NAME should only be on the broadcast subnets. + * PERMANENT_NAME can be on all subnets except remote_broadcast_subnet. + * + */ + +enum name_source {LMHOSTS_NAME, REGISTER_NAME, SELF_NAME, DNS_NAME, + DNSFAIL_NAME, PERMANENT_NAME, WINS_PROXY_NAME}; enum node_type {B_NODE=0, P_NODE=1, M_NODE=2, NBDD_NODE=3}; enum packet_type {NMB_PACKET, DGRAM_PACKET}; -/* a netbios name structure */ -struct nmb_name { - char name[17]; - char scope[64]; - int name_type; +enum master_state +{ + MST_NONE, + MST_POTENTIAL, + MST_BACKUP, + MST_MSB, + MST_BROWSER, + MST_UNBECOMING_MASTER }; -/* this is the structure used for the local netbios name list */ -struct name_record +enum domain_state { - struct name_record *next; - struct name_record *prev; - struct nmb_name name; - time_t death_time; - struct in_addr ip; - BOOL unique; - enum name_source source; + DOMAIN_NONE, + DOMAIN_WAIT, + DOMAIN_MST }; -/* this is used by the list of domains */ -struct domain_record +enum logon_state { - struct domain_record *next; - struct domain_record *prev; - fstring name; - time_t lastannounce_time; - int announce_interval; - struct in_addr bcast_ip; + LOGON_NONE, + LOGON_WAIT, + LOGON_SRV +}; + +struct subnet_record; + +struct nmb_data +{ + uint16 nb_flags; /* Netbios flags. */ + int num_ips; /* Number of ip entries. */ + struct in_addr *ip; /* The ip list for this name. */ + + enum name_source source; /* Where the name came from. */ + + time_t death_time; /* The time the record must be removed (do not remove if 0). */ + time_t refresh_time; /* The time the record should be refreshed. */ + + SMB_BIG_UINT id; /* unique id */ + struct in_addr wins_ip; /* the adress of the wins server this record comes from */ + + int wins_flags; /* similar to the netbios flags but different ! */ }; -/* this is used to hold the list of servers in my domain */ +/* This structure represents an entry in a local netbios name list. */ +struct name_record + { + ubi_trNode node[1]; + struct subnet_record *subnet; + struct nmb_name name; /* The netbios name. */ + struct nmb_data data; /* The netbios data. */ + }; + +/* Browser cache for synchronising browse lists. */ +struct browse_cache_record + { + ubi_dlNode node[1]; + pstring lmb_name; + pstring work_group; + struct in_addr ip; + time_t sync_time; + time_t death_time; /* The time the record must be removed. */ + }; + +/* This is used to hold the list of servers in my domain, and is + contained within lists of domains. */ + struct server_record { struct server_record *next; struct server_record *prev; - fstring name; - fstring comment; - uint32 servertype; + + struct subnet_record *subnet; + + struct server_info_struct serv; time_t death_time; }; -/* a resource record */ +/* A workgroup structure. It contains a list of servers. */ +struct work_record +{ + struct work_record *next; + struct work_record *prev; + + struct subnet_record *subnet; + + struct server_record *serverlist; + + /* Stage of development from non-local-master up to local-master browser. */ + enum master_state mst_state; + + /* Stage of development from non-domain-master to domain-master browser. */ + enum domain_state dom_state; + + /* Stage of development from non-logon-server to logon server. */ + enum logon_state log_state; + + /* Work group info. */ + fstring work_group; + int token; /* Used when communicating with backup browsers. */ + fstring local_master_browser_name; /* Current local master browser. */ + + /* Announce info. */ + time_t lastannounce_time; + int announce_interval; + BOOL needannounce; + + /* Timeout time for this workgroup. 0 means permanent. */ + time_t death_time; + + /* Election info */ + BOOL RunningElection; + BOOL needelection; + int ElectionCount; + uint32 ElectionCriterion; + + /* Domain master browser info. Used for efficient syncs. */ + struct nmb_name dmb_name; + struct in_addr dmb_addr; +}; + +/* typedefs needed to define copy & free functions for userdata. */ +struct userdata_struct; + +typedef struct userdata_struct * (*userdata_copy_fn)(struct userdata_struct *); +typedef void (*userdata_free_fn)(struct userdata_struct *); + +/* Structure to define any userdata passed around. */ + +struct userdata_struct { + userdata_copy_fn copy_fn; + userdata_free_fn free_fn; + unsigned int userdata_len; + char data[16]; /* 16 is to ensure alignment/padding on all systems */ +}; + +struct response_record; +struct packet_struct; +struct res_rec; + +/* typedef to define the function called when this response packet comes in. */ +typedef void (*response_function)(struct subnet_record *, struct response_record *, + struct packet_struct *); + +/* typedef to define the function called when this response record times out. */ +typedef void (*timeout_response_function)(struct subnet_record *, + struct response_record *); + +/* typedef to define the function called when the request that caused this + response record to be created is successful. */ +typedef void (*success_function)(struct subnet_record *, struct userdata_struct *, ...); + +/* typedef to define the function called when the request that caused this + response record to be created is unsuccessful. */ +typedef void (*fail_function)(struct subnet_record *, struct response_record *, ...); + +/* List of typedefs for success and fail functions of the different query + types. Used to catch any compile time prototype errors. */ + +typedef void (*register_name_success_function)( struct subnet_record *, + struct userdata_struct *, + struct nmb_name *, + uint16, + int, + struct in_addr); +typedef void (*register_name_fail_function)( struct subnet_record *, + struct response_record *, + struct nmb_name *); + +typedef void (*release_name_success_function)( struct subnet_record *, + struct userdata_struct *, + struct nmb_name *, + struct in_addr); +typedef void (*release_name_fail_function)( struct subnet_record *, + struct response_record *, + struct nmb_name *); + +typedef void (*refresh_name_success_function)( struct subnet_record *, + struct userdata_struct *, + struct nmb_name *, + uint16, + int, + struct in_addr); +typedef void (*refresh_name_fail_function)( struct subnet_record *, + struct response_record *, + struct nmb_name *); + +typedef void (*query_name_success_function)( struct subnet_record *, + struct userdata_struct *, + struct nmb_name *, + struct in_addr, + struct res_rec *answers); + +typedef void (*query_name_fail_function)( struct subnet_record *, + struct response_record *, + struct nmb_name *, + int); + +typedef void (*node_status_success_function)( struct subnet_record *, + struct userdata_struct *, + struct res_rec *, + struct in_addr); +typedef void (*node_status_fail_function)( struct subnet_record *, + struct response_record *); + +/* Initiated name queries are recorded in this list to track any responses. */ + +struct response_record +{ + struct response_record *next; + struct response_record *prev; + + uint16 response_id; + + /* Callbacks for packets received or not. */ + response_function resp_fn; + timeout_response_function timeout_fn; + + /* Callbacks for the request succeeding or not. */ + success_function success_fn; + fail_function fail_fn; + + struct packet_struct *packet; + + struct userdata_struct *userdata; + + int num_msgs; + + time_t repeat_time; + time_t repeat_interval; + int repeat_count; + + /* Recursion protection. */ + BOOL in_expiration_processing; +}; + +/* A subnet structure. It contains a list of workgroups and netbios names. */ + +/* + B nodes will have their own, totally separate subnet record, with their + own netbios name set. These do NOT interact with other subnet records' + netbios names. +*/ + +enum subnet_type { + NORMAL_SUBNET = 0, /* Subnet listed in interfaces list. */ + UNICAST_SUBNET = 1, /* Subnet for unicast packets. */ + REMOTE_BROADCAST_SUBNET = 2, /* Subnet for remote broadcasts. */ + WINS_SERVER_SUBNET = 3 /* Only created if we are a WINS server. */ +}; + +struct subnet_record +{ + struct subnet_record *next; + struct subnet_record *prev; + + char *subnet_name; /* For Debug identification. */ + enum subnet_type type; /* To catagorize the subnet. */ + + struct work_record *workgrouplist; /* List of workgroups. */ + ubi_trRoot namelist[1]; /* List of netbios names. */ + struct response_record *responselist; /* List of responses expected. */ + + BOOL namelist_changed; + BOOL work_changed; + + struct in_addr bcast_ip; + struct in_addr mask_ip; + struct in_addr myip; + int nmb_sock; /* socket to listen for unicast 137. */ + int dgram_sock; /* socket to listen for unicast 138. */ +}; + +/* A resource record. */ struct res_rec { struct nmb_name rr_name; int rr_type; @@ -82,7 +458,7 @@ struct res_rec { char rdata[MAX_DGRAM_SIZE]; }; -/* define a nmb packet. */ +/* An nmb packet. */ struct nmb_packet { struct { @@ -114,8 +490,18 @@ struct nmb_packet struct res_rec *additional; }; +/* msg_type field options - from rfc1002. */ + +#define DGRAM_UNIQUE 0x10 +#define DGRAM_GROUP 0x11 +#define DGRAM_BROADCAST 0x12 +#define DGRAM_ERROR 0x13 +#define DGRAM_QUERY_REQUEST 0x14 +#define DGRAM_POSITIVE_QUERY_RESPONSE 0x15 +#define DGRAM_NEGATIVE_QUERT_RESPONSE 0x16 + +/* A datagram - this normally contains SMB data in the data[] array. */ -/* a datagram - this normally contains SMB data in the data[] array */ struct dgram_packet { struct { int msg_type; @@ -136,12 +522,14 @@ struct dgram_packet { char data[MAX_DGRAM_SIZE]; }; -/* define a structure used to queue packets. this will be a linked - list of nmb packets */ +/* Define a structure used to queue packets. This will be a linked + list of nmb packets. */ + struct packet_struct { struct packet_struct *next; struct packet_struct *prev; + BOOL locked; struct in_addr ip; int port; int fd; @@ -153,32 +541,88 @@ struct packet_struct } packet; }; +/* NETLOGON opcodes */ -/* this defines a list of network interfaces */ -struct net_interface { - struct net_interface *next; - struct in_addr ip; - struct in_addr bcast; - struct in_addr netmask; -}; +#define QUERYFORPDC 7 /* Query for PDC. */ +#define SAM_UAS_CHANGE 10 /* Announce change to UAS or SAM. */ +#define QUERYFORPDC_R 12 /* Response to Query for PDC. */ +#define SAMLOGON 18 +#define SAMLOGON_R 19 +#define SAMLOGON_UNK_R 21 + +/* Ids for netbios packet types. */ + +#define ANN_HostAnnouncement 1 +#define ANN_AnnouncementRequest 2 +#define ANN_Election 8 +#define ANN_GetBackupListReq 9 +#define ANN_GetBackupListResp 10 +#define ANN_BecomeBackup 11 +#define ANN_DomainAnnouncement 12 +#define ANN_MasterAnnouncement 13 +#define ANN_ResetBrowserState 14 +#define ANN_LocalMasterAnnouncement 15 + + +/* Broadcast packet announcement intervals, in minutes. */ + +/* Attempt to add domain logon and domain master names. */ +#define CHECK_TIME_ADD_DOM_NAMES 5 + +/* Search for master browsers of workgroups samba knows about, + except default. */ +#define CHECK_TIME_MST_BROWSE 5 + +/* Request backup browser announcements from other servers. */ +#define CHECK_TIME_ANNOUNCE_BACKUP 15 + +/* Request host announcements from other servers: min and max of interval. */ +#define CHECK_TIME_MIN_HOST_ANNCE 3 +#define CHECK_TIME_MAX_HOST_ANNCE 12 + +/* Announce as master to WINS server and any Primary Domain Controllers. */ +#define CHECK_TIME_MST_ANNOUNCE 15 + +/* Time between syncs from domain master browser to local master browsers. */ +#define CHECK_TIME_DMB_TO_LMB_SYNC 15 + +/* Do all remote announcements this often. */ +#define REMOTE_ANNOUNCE_INTERVAL 180 + +/* what is the maximum period between name refreshes. Note that this only + affects non-permanent self names (in seconds) */ +#define MAX_REFRESH_TIME (60*20) + +/* The Extinction interval: 4 days, time a node will stay in released state */ +#define EXTINCTION_INTERVAL (4*24*60*60) + +/* The Extinction time-out: 1 day, time a node will stay in deleted state */ +#define EXTINCTION_TIMEOUT (24*60*60) + +/* Macro's to enumerate subnets either with or without + the UNICAST subnet. */ + +extern struct subnet_record *subnetlist; +extern struct subnet_record *unicast_subnet; +extern struct subnet_record *wins_server_subnet; +extern struct subnet_record *remote_broadcast_subnet; + +#define FIRST_SUBNET subnetlist +#define NEXT_SUBNET_EXCLUDING_UNICAST(x) ((x)->next) +#define NEXT_SUBNET_INCLUDING_UNICAST(x) (get_next_subnet_maybe_unicast((x))) +/* wins replication record used between nmbd and wrepld */ +typedef struct _WINS_RECORD { + char name[17]; + char type; + int nb_flags; + int wins_flags; + SMB_BIG_UINT id; + int num_ips; + struct in_addr ip[25]; + struct in_addr wins_ip; +} WINS_RECORD; -/* prototypes */ -void free_nmb_packet(struct nmb_packet *nmb); -void free_packet(struct packet_struct *packet); -struct packet_struct *read_packet(int fd,enum packet_type packet_type); -BOOL send_packet(struct packet_struct *p); -struct packet_struct *receive_packet(int fd,enum packet_type type,int timeout); -void make_nmb_name(struct nmb_name *n,char *name,int type,char *this_scope); -BOOL name_query(int fd,char *name,int name_type, - BOOL bcast,BOOL recurse, - struct in_addr to_ip, struct in_addr *ip,void (*fn)()); -BOOL name_status(int fd,char *name,int name_type,BOOL recurse, - struct in_addr to_ip,char *master,char *rname, - void (*fn)()); -BOOL send_mailslot_reply(char *mailslot,int fd,char *buf,int len, - char *srcname,char *dstname, - int src_type,int dest_type, - struct in_addr dest_ip, - struct in_addr src_ip); -char *namestr(struct nmb_name *n); +/* To be removed. */ +enum state_type { TEST }; +#endif /* _NAMESERV_H_ */ diff --git a/source3/include/nt_printing.h b/source3/include/nt_printing.h new file mode 100644 index 00000000000..90ac45412d9 --- /dev/null +++ b/source3/include/nt_printing.h @@ -0,0 +1,334 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-2000, + Copyright (C) Jean Francois Micouleau 1998-2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef NT_PRINTING_H_ +#define NT_PRINTING_H_ + +#define ORIENTATION 0x00000001L +#define PAPERSIZE 0x00000002L +#define PAPERLENGTH 0x00000004L +#define PAPERWIDTH 0x00000008L +#define SCALE 0x00000010L +#define COPIES 0x00000100L +#define DEFAULTSOURCE 0x00000200L +#define PRINTQUALITY 0x00000400L +#define COLOR 0x00000800L +#define DUPLEX 0x00001000L +#define YRESOLUTION 0x00002000L +#define TTOPTION 0x00004000L +#define COLLATE 0x00008000L +#define FORMNAME 0x00010000L +#define LOGPIXELS 0x00020000L +#define BITSPERPEL 0x00040000L +#define PELSWIDTH 0x00080000L +#define PELSHEIGHT 0x00100000L +#define DISPLAYFLAGS 0x00200000L +#define DISPLAYFREQUENCY 0x00400000L +#define PANNINGWIDTH 0x00800000L +#define PANNINGHEIGHT 0x01000000L + +#define ORIENT_PORTRAIT 1 +#define ORIENT_LANDSCAPE 2 + +#define PAPER_FIRST PAPER_LETTER +#define PAPER_LETTER 1 /* Letter 8 1/2 x 11 in */ +#define PAPER_LETTERSMALL 2 /* Letter Small 8 1/2 x 11 in */ +#define PAPER_TABLOID 3 /* Tabloid 11 x 17 in */ +#define PAPER_LEDGER 4 /* Ledger 17 x 11 in */ +#define PAPER_LEGAL 5 /* Legal 8 1/2 x 14 in */ +#define PAPER_STATEMENT 6 /* Statement 5 1/2 x 8 1/2 in */ +#define PAPER_EXECUTIVE 7 /* Executive 7 1/4 x 10 1/2 in */ +#define PAPER_A3 8 /* A3 297 x 420 mm */ +#define PAPER_A4 9 /* A4 210 x 297 mm */ +#define PAPER_A4SMALL 10 /* A4 Small 210 x 297 mm */ +#define PAPER_A5 11 /* A5 148 x 210 mm */ +#define PAPER_B4 12 /* B4 (JIS) 250 x 354 */ +#define PAPER_B5 13 /* B5 (JIS) 182 x 257 mm */ +#define PAPER_FOLIO 14 /* Folio 8 1/2 x 13 in */ +#define PAPER_QUARTO 15 /* Quarto 215 x 275 mm */ +#define PAPER_10X14 16 /* 10x14 in */ +#define PAPER_11X17 17 /* 11x17 in */ +#define PAPER_NOTE 18 /* Note 8 1/2 x 11 in */ +#define PAPER_ENV_9 19 /* Envelope #9 3 7/8 x 8 7/8 */ +#define PAPER_ENV_10 20 /* Envelope #10 4 1/8 x 9 1/2 */ +#define PAPER_ENV_11 21 /* Envelope #11 4 1/2 x 10 3/8 */ +#define PAPER_ENV_12 22 /* Envelope #12 4 \276 x 11 */ +#define PAPER_ENV_14 23 /* Envelope #14 5 x 11 1/2 */ +#define PAPER_CSHEET 24 /* C size sheet */ +#define PAPER_DSHEET 25 /* D size sheet */ +#define PAPER_ESHEET 26 /* E size sheet */ +#define PAPER_ENV_DL 27 /* Envelope DL 110 x 220mm */ +#define PAPER_ENV_C5 28 /* Envelope C5 162 x 229 mm */ +#define PAPER_ENV_C3 29 /* Envelope C3 324 x 458 mm */ +#define PAPER_ENV_C4 30 /* Envelope C4 229 x 324 mm */ +#define PAPER_ENV_C6 31 /* Envelope C6 114 x 162 mm */ +#define PAPER_ENV_C65 32 /* Envelope C65 114 x 229 mm */ +#define PAPER_ENV_B4 33 /* Envelope B4 250 x 353 mm */ +#define PAPER_ENV_B5 34 /* Envelope B5 176 x 250 mm */ +#define PAPER_ENV_B6 35 /* Envelope B6 176 x 125 mm */ +#define PAPER_ENV_ITALY 36 /* Envelope 110 x 230 mm */ +#define PAPER_ENV_MONARCH 37 /* Envelope Monarch 3.875 x 7.5 in */ +#define PAPER_ENV_PERSONAL 38 /* 6 3/4 Envelope 3 5/8 x 6 1/2 in */ +#define PAPER_FANFOLD_US 39 /* US Std Fanfold 14 7/8 x 11 in */ +#define PAPER_FANFOLD_STD_GERMAN 40 /* German Std Fanfold 8 1/2 x 12 in */ +#define PAPER_FANFOLD_LGL_GERMAN 41 /* German Legal Fanfold 8 1/2 x 13 in */ + +#define PAPER_LAST PAPER_FANFOLD_LGL_GERMAN +#define PAPER_USER 256 + +#define BIN_FIRST BIN_UPPER +#define BIN_UPPER 1 +#define BIN_ONLYONE 1 +#define BIN_LOWER 2 +#define BIN_MIDDLE 3 +#define BIN_MANUAL 4 +#define BIN_ENVELOPE 5 +#define BIN_ENVMANUAL 6 +#define BIN_AUTO 7 +#define BIN_TRACTOR 8 +#define BIN_SMALLFMT 9 +#define BIN_LARGEFMT 10 +#define BIN_LARGECAPACITY 11 +#define BIN_CASSETTE 14 +#define BIN_FORMSOURCE 15 +#define BIN_LAST BIN_FORMSOURCE + +#define BIN_USER 256 /* device specific bins start here */ + +#define RES_DRAFT (-1) +#define RES_LOW (-2) +#define RES_MEDIUM (-3) +#define RES_HIGH (-4) + +#define COLOR_MONOCHROME 1 +#define COLOR_COLOR 2 + +#define DUP_SIMPLEX 1 +#define DUP_VERTICAL 2 +#define DUP_HORIZONTAL 3 + +#define TT_BITMAP 1 /* print TT fonts as graphics */ +#define TT_DOWNLOAD 2 /* download TT fonts as soft fonts */ +#define TT_SUBDEV 3 /* substitute device fonts for TT fonts */ + +#define COLLATE_FALSE 0 +#define COLLATE_TRUE 1 + +typedef struct nt_printer_driver_info_level_3 +{ + uint32 cversion; + + fstring name; + fstring environment; + fstring driverpath; + fstring datafile; + fstring configfile; + fstring helpfile; + fstring monitorname; + fstring defaultdatatype; + fstring *dependentfiles; +} NT_PRINTER_DRIVER_INFO_LEVEL_3; + +/* SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 structure */ +typedef struct { + uint32 version; + fstring name; + fstring environment; + fstring driverpath; + fstring datafile; + fstring configfile; + fstring helpfile; + fstring monitorname; + fstring defaultdatatype; + fstring mfgname; + fstring oemurl; + fstring hardwareid; + fstring provider; + fstring *dependentfiles; + fstring *previousnames; +} NT_PRINTER_DRIVER_INFO_LEVEL_6; + + +typedef struct nt_printer_driver_info_level +{ + NT_PRINTER_DRIVER_INFO_LEVEL_3 *info_3; + NT_PRINTER_DRIVER_INFO_LEVEL_6 *info_6; +} NT_PRINTER_DRIVER_INFO_LEVEL; + +typedef struct nt_printer_param +{ + fstring value; + uint32 type; + uint8 *data; + int data_len; + struct nt_printer_param *next; +} NT_PRINTER_PARAM; + +typedef struct ntdevicemode +{ + fstring devicename; + fstring formname; + + uint16 specversion; + uint16 driverversion; + uint16 size; + uint16 driverextra; + uint16 orientation; + uint16 papersize; + uint16 paperlength; + uint16 paperwidth; + uint16 scale; + uint16 copies; + uint16 defaultsource; + uint16 printquality; + uint16 color; + uint16 duplex; + uint16 yresolution; + uint16 ttoption; + uint16 collate; + uint16 logpixels; + + uint32 fields; + uint32 bitsperpel; + uint32 pelswidth; + uint32 pelsheight; + uint32 displayflags; + uint32 displayfrequency; + uint32 icmmethod; + uint32 icmintent; + uint32 mediatype; + uint32 dithertype; + uint32 reserved1; + uint32 reserved2; + uint32 panningwidth; + uint32 panningheight; + uint8 *private; +} NT_DEVICEMODE; + +typedef struct nt_printer_info_level_2 +{ + uint32 attributes; + uint32 priority; + uint32 default_priority; + uint32 starttime; + uint32 untiltime; + uint32 status; + uint32 cjobs; + uint32 averageppm; + fstring servername; + fstring printername; + fstring sharename; + fstring portname; + fstring drivername; + pstring comment; + fstring location; + NT_DEVICEMODE *devmode; + fstring sepfile; + fstring printprocessor; + fstring datatype; + fstring parameters; + NT_PRINTER_PARAM *specific; + SEC_DESC_BUF *secdesc_buf; + /* not used but ... and how ??? */ + uint32 changeid; + uint32 c_setprinter; + uint32 setuptime; +} NT_PRINTER_INFO_LEVEL_2; + +typedef struct nt_printer_info_level +{ + NT_PRINTER_INFO_LEVEL_2 *info_2; +} NT_PRINTER_INFO_LEVEL; + +typedef struct +{ + fstring name; + uint32 flag; + uint32 width; + uint32 length; + uint32 left; + uint32 top; + uint32 right; + uint32 bottom; +} nt_forms_struct; + +/* +typedef struct _form +{ + uint32 flags; + uint32 name_ptr; + uint32 size_x; + uint32 size_y; + uint32 left; + uint32 top; + uint32 right; + uint32 bottom; + UNISTR2 name; +} FORM; +*/ + +#ifndef SAMBA_PRINTER_PORT_NAME +#define SAMBA_PRINTER_PORT_NAME "Samba Printer Port" +#endif + +/* DOS header format */ +#define DOS_HEADER_SIZE 64 +#define DOS_HEADER_MAGIC_OFFSET 0 +#define DOS_HEADER_MAGIC 0x5A4D +#define DOS_HEADER_LFANEW_OFFSET 60 + +/* New Executable format (Win or OS/2 1.x segmented) */ +#define NE_HEADER_SIZE 64 +#define NE_HEADER_SIGNATURE_OFFSET 0 +#define NE_HEADER_SIGNATURE 0x454E +#define NE_HEADER_TARGET_OS_OFFSET 54 +#define NE_HEADER_TARGOS_WIN 0x02 +#define NE_HEADER_MINOR_VER_OFFSET 62 +#define NE_HEADER_MAJOR_VER_OFFSET 63 + +/* Portable Executable format */ +#define PE_HEADER_SIZE 248 +#define PE_HEADER_SIGNATURE_OFFSET 0 +#define PE_HEADER_SIGNATURE 0x00004550 +#define PE_HEADER_MACHINE_OFFSET 4 +#define PE_HEADER_MACHINE_I386 0x14c +#define PE_HEADER_NUMBER_OF_SECTIONS 6 +#define PE_HEADER_MAJOR_OS_VER_OFFSET 64 +#define PE_HEADER_MINOR_OS_VER_OFFSET 66 +#define PE_HEADER_MAJOR_IMG_VER_OFFSET 68 +#define PE_HEADER_MINOR_IMG_VER_OFFSET 70 +#define PE_HEADER_MAJOR_SS_VER_OFFSET 72 +#define PE_HEADER_MINOR_SS_VER_OFFSET 74 +#define PE_HEADER_SECT_HEADER_SIZE 40 +#define PE_HEADER_SECT_NAME_OFFSET 0 +#define PE_HEADER_SECT_SIZE_DATA_OFFSET 16 +#define PE_HEADER_SECT_PTR_DATA_OFFSET 20 + +/* Microsoft file version format */ +#define VS_SIGNATURE "VS_VERSION_INFO" +#define VS_MAGIC_VALUE 0xfeef04bd +#define VS_MAJOR_OFFSET 8 +#define VS_MINOR_OFFSET 12 +#define VS_VERSION_INFO_UNICODE_SIZE (sizeof(VS_SIGNATURE)*2+4+VS_MINOR_OFFSET+4) /* not true size! */ +#define VS_VERSION_INFO_SIZE (sizeof(VS_SIGNATURE)+4+VS_MINOR_OFFSET+4) /* not true size! */ +#define VS_NE_BUF_SIZE 4096 /* Must be > 2*VS_VERSION_INFO_SIZE */ + +#endif /* NT_PRINTING_H_ */ diff --git a/source3/include/ntdomain.h b/source3/include/ntdomain.h new file mode 100644 index 00000000000..57eb4f43311 --- /dev/null +++ b/source3/include/ntdomain.h @@ -0,0 +1,379 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _NT_DOMAIN_H /* _NT_DOMAIN_H */ +#define _NT_DOMAIN_H + +/* dce/rpc support */ +#include "rpc_dce.h" + +/* miscellaneous structures / defines */ +#include "rpc_misc.h" + +#include "rpc_creds.h" + +#include "talloc.h" + +/* + * A bunch of stuff that was put into smb.h + * in the NTDOM branch - it didn't belong there. + */ + +typedef struct _prs_struct +{ + BOOL io; /* parsing in or out of data stream */ + /* + * If the (incoming) data is big-endian. On output we are + * always little-endian. + */ + BOOL bigendian_data; + uint8 align; /* data alignment */ + BOOL is_dynamic; /* Do we own this memory or not ? */ + uint32 data_offset; /* Current working offset into data. */ + uint32 buffer_size; /* Current allocated size of the buffer. */ + uint32 grow_size; /* size requested via prs_grow() calls */ + char *data_p; /* The buffer itself. */ + TALLOC_CTX *mem_ctx; /* When unmarshalling, use this.... */ +} prs_struct; + +/* + * Defines for io member of prs_struct. + */ + +#define MARSHALL 0 +#define UNMARSHALL 1 + +#define MARSHALLING(ps) (!(ps)->io) +#define UNMARSHALLING(ps) ((ps)->io) + +#define RPC_BIG_ENDIAN 1 +#define RPC_LITTLE_ENDIAN 0 + +#define RPC_PARSE_ALIGN 4 + +typedef struct _output_data { + /* + * Raw RPC output data. This does not include RPC headers or footers. + */ + prs_struct rdata; + + /* The amount of data sent from the current rdata struct. */ + uint32 data_sent_length; + + /* + * The current PDU being returned. This inclues + * headers, data and authentication footer. + */ + unsigned char current_pdu[MAX_PDU_FRAG_LEN]; + + /* The amount of data in the current_pdu buffer. */ + uint32 current_pdu_len; + + /* The amount of data sent from the current PDU. */ + uint32 current_pdu_sent; +} output_data; + +typedef struct _input_data { + /* + * This is the current incoming pdu. The data here + * is collected via multiple writes until a complete + * pdu is seen, then the data is copied into the in_data + * structure. The maximum size of this is 0x1630 (MAX_PDU_FRAG_LEN). + */ + unsigned char current_in_pdu[MAX_PDU_FRAG_LEN]; + + /* + * The amount of data needed to complete the in_pdu. + * If this is zero, then we are at the start of a new + * pdu. + */ + uint32 pdu_needed_len; + + /* + * The amount of data received so far in the in_pdu. + * If this is zero, then we are at the start of a new + * pdu. + */ + uint32 pdu_received_len; + + /* + * This is the collection of input data with all + * the rpc headers and auth footers removed. + * The maximum length of this (1Mb) is strictly enforced. + */ + prs_struct data; +} input_data; + +/* + * Handle database - stored per pipe. + */ + +struct policy +{ + struct policy *next, *prev; + + POLICY_HND pol_hnd; + + void *data_ptr; + void (*free_fn)(void *); + +}; + +struct handle_list { + struct policy *Policy; /* List of policies. */ + size_t count; /* Current number of handles. */ + size_t pipe_ref_count; /* Number of pipe handles referring to this list. */ +}; + +/* Domain controller authentication protocol info */ +struct dcinfo +{ + DOM_CHAL clnt_chal; /* Initial challenge received from client */ + DOM_CHAL srv_chal; /* Initial server challenge */ + DOM_CRED clnt_cred; /* Last client credential */ + DOM_CRED srv_cred; /* Last server credential */ + + uchar sess_key[8]; /* Session key */ + uchar md4pw[16]; /* md4(machine password) */ + + fstring mach_acct; /* Machine name we've authenticated. */ + + fstring remote_machine; /* Machine name we've authenticated. */ + + BOOL challenge_sent; + BOOL got_session_key; + BOOL authenticated; + +}; + +/* + * DCE/RPC-specific samba-internal-specific handling of data on + * NamedPipes. + * + */ + +typedef struct pipes_struct +{ + struct pipes_struct *next, *prev; + + connection_struct *conn; + uint16 vuid; /* points to the unauthenticated user that opened this pipe. */ + + fstring name; + fstring pipe_srv_name; + + RPC_HDR hdr; /* Incoming RPC header. */ + RPC_HDR_REQ hdr_req; /* Incoming request header. */ + + uint32 ntlmssp_chal_flags; /* Client challenge flags. */ + BOOL ntlmssp_auth_requested; /* If the client wanted authenticated rpc. */ + BOOL ntlmssp_auth_validated; /* If the client *got* authenticated rpc. */ + unsigned char challenge[8]; + unsigned char ntlmssp_hash[258]; + uint32 ntlmssp_seq_num; + struct dcinfo dc; /* Keeps the creds data. */ + + /* + * Windows user info. + */ + fstring user_name; + fstring domain; + fstring wks; + + /* + * Unix user name and credentials. + */ + + fstring pipe_user_name; + struct current_user pipe_user; + + uint8 session_key[16]; + + /* + * Set to true when an RPC bind has been done on this pipe. + */ + + BOOL pipe_bound; + + /* + * Set to true when we should return fault PDU's for everything. + */ + + BOOL fault_state; + + /* + * Set to true when we should return fault PDU's for a bad handle. + */ + + BOOL bad_handle_fault_state; + + /* + * Set to RPC_BIG_ENDIAN when dealing with big-endian PDU's + */ + + BOOL endian; + + /* + * Struct to deal with multiple pdu inputs. + */ + + input_data in_data; + + /* + * Struct to deal with multiple pdu outputs. + */ + + output_data out_data; + + /* talloc context to use when allocating memory on this pipe. */ + TALLOC_CTX *mem_ctx; + + /* handle database to use on this pipe. */ + struct handle_list *pipe_handles; + +} pipes_struct; + +typedef struct smb_np_struct +{ + struct smb_np_struct *next, *prev; + int pnum; + connection_struct *conn; + uint16 vuid; /* points to the unauthenticated user that opened this pipe. */ + BOOL open; /* open connection */ + uint16 device_state; + uint16 priority; + fstring name; + + /* When replying to an SMBtrans, this is the maximum amount of + data that can be sent in the initial reply. */ + int max_trans_reply; + + /* + * NamedPipe state information. + * + * (e.g. typecast a np_struct, above). + */ + void *np_state; + + /* + * NamedPipe functions, to be called to perform + * Named Pipe transactions on request from an + * SMB client. + */ + + /* call to create a named pipe connection. + * returns: state information representing the connection. + * is stored in np_state, above. + */ + void * (*namedpipe_create)(char *pipe_name, + connection_struct *conn, uint16 vuid); + + /* call to perform a write / read namedpipe transaction. + * TransactNamedPipe is weird: it returns whether there + * is more data outstanding to be read, and the + * caller is expected to take note and follow up with + * read requests. + */ + ssize_t (*namedpipe_transact)(void *np_state, + char *data, int len, + char *rdata, int rlen, + BOOL *pipe_outstanding); + + /* call to perform a write namedpipe operation + */ + ssize_t (*namedpipe_write)(void * np_state, + char *data, size_t n); + + /* call to perform a read namedpipe operation. + * + * NOTE: the only reason that the pipe_outstanding + * argument is here is because samba does not use + * the namedpipe_transact function yet: instead, + * it performs the same as what namedpipe_transact + * does - a write, followed by a read. + * + * when samba is modified to use namedpipe_transact, + * the pipe_outstanding argument may be removed. + */ + ssize_t (*namedpipe_read)(void * np_state, + char *data, size_t max_len, + BOOL *pipe_outstanding); + + /* call to close a namedpipe. + * function is expected to perform all cleanups + * necessary, free all memory etc. + * + * returns True if cleanup was successful (not that + * we particularly care). + */ + BOOL (*namedpipe_close)(void * np_state); + +} smb_np_struct; + +struct api_struct +{ + char *name; + uint8 opnum; + BOOL (*fn) (pipes_struct *); +}; + +typedef struct +{ + uint32 rid; + char *name; + +} rid_name; + +struct acct_info +{ + fstring acct_name; /* account name */ + fstring acct_desc; /* account name */ + uint32 rid; /* domain-relative RID */ +}; + +/* + * higher order functions for use with msrpc client code + */ + +#define PRINT_INFO_FN(fn)\ + void (*fn)(const char*, uint32, uint32, void *const *const) +#define JOB_INFO_FN(fn)\ + void (*fn)(const char*, const char*, uint32, uint32, void *const *const) + +/* end higher order functions */ + + +/* security descriptor structures */ +#include "rpc_secdes.h" + +/* different dce/rpc pipes */ +#include "rpc_lsa.h" +#include "rpc_netlogon.h" +#include "rpc_reg.h" +#include "rpc_samr.h" +#include "rpc_srvsvc.h" +#include "rpc_wkssvc.h" +#include "rpc_spoolss.h" +#include "rpc_dfs.h" +#include "sids.h" + +#endif /* _NT_DOMAIN_H */ diff --git a/source3/include/nterr.h b/source3/include/nterr.h new file mode 100644 index 00000000000..ef8e6bd27f5 --- /dev/null +++ b/source3/include/nterr.h @@ -0,0 +1,562 @@ +/* + Unix SMB/CIFS implementation. + NT error code constants + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) John H Terpstra 1996-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Paul Ashton 1998-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _NTERR_H +#define _NTERR_H + +/* Win32 Status codes. */ + +#define STATUS_BUFFER_OVERFLOW NT_STATUS(0x80000005) +#define NT_STATUS_NO_MORE_ENTRIES NT_STATUS(0x8000001a) + +#define STATUS_MORE_ENTRIES NT_STATUS(0x0105) +#define ERROR_INVALID_PARAMETER NT_STATUS(0x0057) +#define ERROR_INSUFFICIENT_BUFFER NT_STATUS(0x007a) +#define STATUS_NOTIFY_ENUM_DIR NT_STATUS(0x010c) +#define ERROR_INVALID_DATATYPE NT_STATUS(0x070c) + +/* Win32 Error codes extracted using a loop in smbclient then printing a + netmon sniff to a file. */ + +/* + -------------- + / \ + / REST \ + / IN \ + / PEACE \ + / \ + | NT_STATUS_NOPROBLEMO | + | | + | | + | 4 September | + | | + | 2001 | + *| * * * | * + _________)/\\_//(\/(/\)/\//\/\///|_)_______ +*/ + +#define NT_STATUS_OK NT_STATUS(0x0000) +#define NT_STATUS_UNSUCCESSFUL NT_STATUS(0xC0000000 | 0x0001) +#define NT_STATUS_NOT_IMPLEMENTED NT_STATUS(0xC0000000 | 0x0002) +#define NT_STATUS_INVALID_INFO_CLASS NT_STATUS(0xC0000000 | 0x0003) +#define NT_STATUS_INFO_LENGTH_MISMATCH NT_STATUS(0xC0000000 | 0x0004) +#define NT_STATUS_ACCESS_VIOLATION NT_STATUS(0xC0000000 | 0x0005) +#define NT_STATUS_IN_PAGE_ERROR NT_STATUS(0xC0000000 | 0x0006) +#define NT_STATUS_PAGEFILE_QUOTA NT_STATUS(0xC0000000 | 0x0007) +#define NT_STATUS_INVALID_HANDLE NT_STATUS(0xC0000000 | 0x0008) +#define NT_STATUS_BAD_INITIAL_STACK NT_STATUS(0xC0000000 | 0x0009) +#define NT_STATUS_BAD_INITIAL_PC NT_STATUS(0xC0000000 | 0x000a) +#define NT_STATUS_INVALID_CID NT_STATUS(0xC0000000 | 0x000b) +#define NT_STATUS_TIMER_NOT_CANCELED NT_STATUS(0xC0000000 | 0x000c) +#define NT_STATUS_INVALID_PARAMETER NT_STATUS(0xC0000000 | 0x000d) +#define NT_STATUS_NO_SUCH_DEVICE NT_STATUS(0xC0000000 | 0x000e) +#define NT_STATUS_NO_SUCH_FILE NT_STATUS(0xC0000000 | 0x000f) +#define NT_STATUS_INVALID_DEVICE_REQUEST NT_STATUS(0xC0000000 | 0x0010) +#define NT_STATUS_END_OF_FILE NT_STATUS(0xC0000000 | 0x0011) +#define NT_STATUS_WRONG_VOLUME NT_STATUS(0xC0000000 | 0x0012) +#define NT_STATUS_NO_MEDIA_IN_DEVICE NT_STATUS(0xC0000000 | 0x0013) +#define NT_STATUS_UNRECOGNIZED_MEDIA NT_STATUS(0xC0000000 | 0x0014) +#define NT_STATUS_NONEXISTENT_SECTOR NT_STATUS(0xC0000000 | 0x0015) +#define NT_STATUS_MORE_PROCESSING_REQUIRED NT_STATUS(0xC0000000 | 0x0016) +#define NT_STATUS_NO_MEMORY NT_STATUS(0xC0000000 | 0x0017) +#define NT_STATUS_CONFLICTING_ADDRESSES NT_STATUS(0xC0000000 | 0x0018) +#define NT_STATUS_NOT_MAPPED_VIEW NT_STATUS(0xC0000000 | 0x0019) +#define NT_STATUS_UNABLE_TO_FREE_VM NT_STATUS(0xC0000000 | 0x001a) +#define NT_STATUS_UNABLE_TO_DELETE_SECTION NT_STATUS(0xC0000000 | 0x001b) +#define NT_STATUS_INVALID_SYSTEM_SERVICE NT_STATUS(0xC0000000 | 0x001c) +#define NT_STATUS_ILLEGAL_INSTRUCTION NT_STATUS(0xC0000000 | 0x001d) +#define NT_STATUS_INVALID_LOCK_SEQUENCE NT_STATUS(0xC0000000 | 0x001e) +#define NT_STATUS_INVALID_VIEW_SIZE NT_STATUS(0xC0000000 | 0x001f) +#define NT_STATUS_INVALID_FILE_FOR_SECTION NT_STATUS(0xC0000000 | 0x0020) +#define NT_STATUS_ALREADY_COMMITTED NT_STATUS(0xC0000000 | 0x0021) +#define NT_STATUS_ACCESS_DENIED NT_STATUS(0xC0000000 | 0x0022) +#define NT_STATUS_BUFFER_TOO_SMALL NT_STATUS(0xC0000000 | 0x0023) +#define NT_STATUS_OBJECT_TYPE_MISMATCH NT_STATUS(0xC0000000 | 0x0024) +#define NT_STATUS_NONCONTINUABLE_EXCEPTION NT_STATUS(0xC0000000 | 0x0025) +#define NT_STATUS_INVALID_DISPOSITION NT_STATUS(0xC0000000 | 0x0026) +#define NT_STATUS_UNWIND NT_STATUS(0xC0000000 | 0x0027) +#define NT_STATUS_BAD_STACK NT_STATUS(0xC0000000 | 0x0028) +#define NT_STATUS_INVALID_UNWIND_TARGET NT_STATUS(0xC0000000 | 0x0029) +#define NT_STATUS_NOT_LOCKED NT_STATUS(0xC0000000 | 0x002a) +#define NT_STATUS_PARITY_ERROR NT_STATUS(0xC0000000 | 0x002b) +#define NT_STATUS_UNABLE_TO_DECOMMIT_VM NT_STATUS(0xC0000000 | 0x002c) +#define NT_STATUS_NOT_COMMITTED NT_STATUS(0xC0000000 | 0x002d) +#define NT_STATUS_INVALID_PORT_ATTRIBUTES NT_STATUS(0xC0000000 | 0x002e) +#define NT_STATUS_PORT_MESSAGE_TOO_LONG NT_STATUS(0xC0000000 | 0x002f) +#define NT_STATUS_INVALID_PARAMETER_MIX NT_STATUS(0xC0000000 | 0x0030) +#define NT_STATUS_INVALID_QUOTA_LOWER NT_STATUS(0xC0000000 | 0x0031) +#define NT_STATUS_DISK_CORRUPT_ERROR NT_STATUS(0xC0000000 | 0x0032) +#define NT_STATUS_OBJECT_NAME_INVALID NT_STATUS(0xC0000000 | 0x0033) +#define NT_STATUS_OBJECT_NAME_NOT_FOUND NT_STATUS(0xC0000000 | 0x0034) +#define NT_STATUS_OBJECT_NAME_COLLISION NT_STATUS(0xC0000000 | 0x0035) +#define NT_STATUS_HANDLE_NOT_WAITABLE NT_STATUS(0xC0000000 | 0x0036) +#define NT_STATUS_PORT_DISCONNECTED NT_STATUS(0xC0000000 | 0x0037) +#define NT_STATUS_DEVICE_ALREADY_ATTACHED NT_STATUS(0xC0000000 | 0x0038) +#define NT_STATUS_OBJECT_PATH_INVALID NT_STATUS(0xC0000000 | 0x0039) +#define NT_STATUS_OBJECT_PATH_NOT_FOUND NT_STATUS(0xC0000000 | 0x003a) +#define NT_STATUS_OBJECT_PATH_SYNTAX_BAD NT_STATUS(0xC0000000 | 0x003b) +#define NT_STATUS_DATA_OVERRUN NT_STATUS(0xC0000000 | 0x003c) +#define NT_STATUS_DATA_LATE_ERROR NT_STATUS(0xC0000000 | 0x003d) +#define NT_STATUS_DATA_ERROR NT_STATUS(0xC0000000 | 0x003e) +#define NT_STATUS_CRC_ERROR NT_STATUS(0xC0000000 | 0x003f) +#define NT_STATUS_SECTION_TOO_BIG NT_STATUS(0xC0000000 | 0x0040) +#define NT_STATUS_PORT_CONNECTION_REFUSED NT_STATUS(0xC0000000 | 0x0041) +#define NT_STATUS_INVALID_PORT_HANDLE NT_STATUS(0xC0000000 | 0x0042) +#define NT_STATUS_SHARING_VIOLATION NT_STATUS(0xC0000000 | 0x0043) +#define NT_STATUS_QUOTA_EXCEEDED NT_STATUS(0xC0000000 | 0x0044) +#define NT_STATUS_INVALID_PAGE_PROTECTION NT_STATUS(0xC0000000 | 0x0045) +#define NT_STATUS_MUTANT_NOT_OWNED NT_STATUS(0xC0000000 | 0x0046) +#define NT_STATUS_SEMAPHORE_LIMIT_EXCEEDED NT_STATUS(0xC0000000 | 0x0047) +#define NT_STATUS_PORT_ALREADY_SET NT_STATUS(0xC0000000 | 0x0048) +#define NT_STATUS_SECTION_NOT_IMAGE NT_STATUS(0xC0000000 | 0x0049) +#define NT_STATUS_SUSPEND_COUNT_EXCEEDED NT_STATUS(0xC0000000 | 0x004a) +#define NT_STATUS_THREAD_IS_TERMINATING NT_STATUS(0xC0000000 | 0x004b) +#define NT_STATUS_BAD_WORKING_SET_LIMIT NT_STATUS(0xC0000000 | 0x004c) +#define NT_STATUS_INCOMPATIBLE_FILE_MAP NT_STATUS(0xC0000000 | 0x004d) +#define NT_STATUS_SECTION_PROTECTION NT_STATUS(0xC0000000 | 0x004e) +#define NT_STATUS_EAS_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x004f) +#define NT_STATUS_EA_TOO_LARGE NT_STATUS(0xC0000000 | 0x0050) +#define NT_STATUS_NONEXISTENT_EA_ENTRY NT_STATUS(0xC0000000 | 0x0051) +#define NT_STATUS_NO_EAS_ON_FILE NT_STATUS(0xC0000000 | 0x0052) +#define NT_STATUS_EA_CORRUPT_ERROR NT_STATUS(0xC0000000 | 0x0053) +#define NT_STATUS_FILE_LOCK_CONFLICT NT_STATUS(0xC0000000 | 0x0054) +#define NT_STATUS_LOCK_NOT_GRANTED NT_STATUS(0xC0000000 | 0x0055) +#define NT_STATUS_DELETE_PENDING NT_STATUS(0xC0000000 | 0x0056) +#define NT_STATUS_CTL_FILE_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x0057) +#define NT_STATUS_UNKNOWN_REVISION NT_STATUS(0xC0000000 | 0x0058) +#define NT_STATUS_REVISION_MISMATCH NT_STATUS(0xC0000000 | 0x0059) +#define NT_STATUS_INVALID_OWNER NT_STATUS(0xC0000000 | 0x005a) +#define NT_STATUS_INVALID_PRIMARY_GROUP NT_STATUS(0xC0000000 | 0x005b) +#define NT_STATUS_NO_IMPERSONATION_TOKEN NT_STATUS(0xC0000000 | 0x005c) +#define NT_STATUS_CANT_DISABLE_MANDATORY NT_STATUS(0xC0000000 | 0x005d) +#define NT_STATUS_NO_LOGON_SERVERS NT_STATUS(0xC0000000 | 0x005e) +#define NT_STATUS_NO_SUCH_LOGON_SESSION NT_STATUS(0xC0000000 | 0x005f) +#define NT_STATUS_NO_SUCH_PRIVILEGE NT_STATUS(0xC0000000 | 0x0060) +#define NT_STATUS_PRIVILEGE_NOT_HELD NT_STATUS(0xC0000000 | 0x0061) +#define NT_STATUS_INVALID_ACCOUNT_NAME NT_STATUS(0xC0000000 | 0x0062) +#define NT_STATUS_USER_EXISTS NT_STATUS(0xC0000000 | 0x0063) +#define NT_STATUS_NO_SUCH_USER NT_STATUS(0xC0000000 | 0x0064) +#define NT_STATUS_GROUP_EXISTS NT_STATUS(0xC0000000 | 0x0065) +#define NT_STATUS_NO_SUCH_GROUP NT_STATUS(0xC0000000 | 0x0066) +#define NT_STATUS_MEMBER_IN_GROUP NT_STATUS(0xC0000000 | 0x0067) +#define NT_STATUS_MEMBER_NOT_IN_GROUP NT_STATUS(0xC0000000 | 0x0068) +#define NT_STATUS_LAST_ADMIN NT_STATUS(0xC0000000 | 0x0069) +#define NT_STATUS_WRONG_PASSWORD NT_STATUS(0xC0000000 | 0x006a) +#define NT_STATUS_ILL_FORMED_PASSWORD NT_STATUS(0xC0000000 | 0x006b) +#define NT_STATUS_PASSWORD_RESTRICTION NT_STATUS(0xC0000000 | 0x006c) +#define NT_STATUS_LOGON_FAILURE NT_STATUS(0xC0000000 | 0x006d) +#define NT_STATUS_ACCOUNT_RESTRICTION NT_STATUS(0xC0000000 | 0x006e) +#define NT_STATUS_INVALID_LOGON_HOURS NT_STATUS(0xC0000000 | 0x006f) +#define NT_STATUS_INVALID_WORKSTATION NT_STATUS(0xC0000000 | 0x0070) +#define NT_STATUS_PASSWORD_EXPIRED NT_STATUS(0xC0000000 | 0x0071) +#define NT_STATUS_ACCOUNT_DISABLED NT_STATUS(0xC0000000 | 0x0072) +#define NT_STATUS_NONE_MAPPED NT_STATUS(0xC0000000 | 0x0073) +#define NT_STATUS_TOO_MANY_LUIDS_REQUESTED NT_STATUS(0xC0000000 | 0x0074) +#define NT_STATUS_LUIDS_EXHAUSTED NT_STATUS(0xC0000000 | 0x0075) +#define NT_STATUS_INVALID_SUB_AUTHORITY NT_STATUS(0xC0000000 | 0x0076) +#define NT_STATUS_INVALID_ACL NT_STATUS(0xC0000000 | 0x0077) +#define NT_STATUS_INVALID_SID NT_STATUS(0xC0000000 | 0x0078) +#define NT_STATUS_INVALID_SECURITY_DESCR NT_STATUS(0xC0000000 | 0x0079) +#define NT_STATUS_PROCEDURE_NOT_FOUND NT_STATUS(0xC0000000 | 0x007a) +#define NT_STATUS_INVALID_IMAGE_FORMAT NT_STATUS(0xC0000000 | 0x007b) +#define NT_STATUS_NO_TOKEN NT_STATUS(0xC0000000 | 0x007c) +#define NT_STATUS_BAD_INHERITANCE_ACL NT_STATUS(0xC0000000 | 0x007d) +#define NT_STATUS_RANGE_NOT_LOCKED NT_STATUS(0xC0000000 | 0x007e) +#define NT_STATUS_DISK_FULL NT_STATUS(0xC0000000 | 0x007f) +#define NT_STATUS_SERVER_DISABLED NT_STATUS(0xC0000000 | 0x0080) +#define NT_STATUS_SERVER_NOT_DISABLED NT_STATUS(0xC0000000 | 0x0081) +#define NT_STATUS_TOO_MANY_GUIDS_REQUESTED NT_STATUS(0xC0000000 | 0x0082) +#define NT_STATUS_GUIDS_EXHAUSTED NT_STATUS(0xC0000000 | 0x0083) +#define NT_STATUS_INVALID_ID_AUTHORITY NT_STATUS(0xC0000000 | 0x0084) +#define NT_STATUS_AGENTS_EXHAUSTED NT_STATUS(0xC0000000 | 0x0085) +#define NT_STATUS_INVALID_VOLUME_LABEL NT_STATUS(0xC0000000 | 0x0086) +#define NT_STATUS_SECTION_NOT_EXTENDED NT_STATUS(0xC0000000 | 0x0087) +#define NT_STATUS_NOT_MAPPED_DATA NT_STATUS(0xC0000000 | 0x0088) +#define NT_STATUS_RESOURCE_DATA_NOT_FOUND NT_STATUS(0xC0000000 | 0x0089) +#define NT_STATUS_RESOURCE_TYPE_NOT_FOUND NT_STATUS(0xC0000000 | 0x008a) +#define NT_STATUS_RESOURCE_NAME_NOT_FOUND NT_STATUS(0xC0000000 | 0x008b) +#define NT_STATUS_ARRAY_BOUNDS_EXCEEDED NT_STATUS(0xC0000000 | 0x008c) +#define NT_STATUS_FLOAT_DENORMAL_OPERAND NT_STATUS(0xC0000000 | 0x008d) +#define NT_STATUS_FLOAT_DIVIDE_BY_ZERO NT_STATUS(0xC0000000 | 0x008e) +#define NT_STATUS_FLOAT_INEXACT_RESULT NT_STATUS(0xC0000000 | 0x008f) +#define NT_STATUS_FLOAT_INVALID_OPERATION NT_STATUS(0xC0000000 | 0x0090) +#define NT_STATUS_FLOAT_OVERFLOW NT_STATUS(0xC0000000 | 0x0091) +#define NT_STATUS_FLOAT_STACK_CHECK NT_STATUS(0xC0000000 | 0x0092) +#define NT_STATUS_FLOAT_UNDERFLOW NT_STATUS(0xC0000000 | 0x0093) +#define NT_STATUS_INTEGER_DIVIDE_BY_ZERO NT_STATUS(0xC0000000 | 0x0094) +#define NT_STATUS_INTEGER_OVERFLOW NT_STATUS(0xC0000000 | 0x0095) +#define NT_STATUS_PRIVILEGED_INSTRUCTION NT_STATUS(0xC0000000 | 0x0096) +#define NT_STATUS_TOO_MANY_PAGING_FILES NT_STATUS(0xC0000000 | 0x0097) +#define NT_STATUS_FILE_INVALID NT_STATUS(0xC0000000 | 0x0098) +#define NT_STATUS_ALLOTTED_SPACE_EXCEEDED NT_STATUS(0xC0000000 | 0x0099) +#define NT_STATUS_INSUFFICIENT_RESOURCES NT_STATUS(0xC0000000 | 0x009a) +#define NT_STATUS_DFS_EXIT_PATH_FOUND NT_STATUS(0xC0000000 | 0x009b) +#define NT_STATUS_DEVICE_DATA_ERROR NT_STATUS(0xC0000000 | 0x009c) +#define NT_STATUS_DEVICE_NOT_CONNECTED NT_STATUS(0xC0000000 | 0x009d) +#define NT_STATUS_DEVICE_POWER_FAILURE NT_STATUS(0xC0000000 | 0x009e) +#define NT_STATUS_FREE_VM_NOT_AT_BASE NT_STATUS(0xC0000000 | 0x009f) +#define NT_STATUS_MEMORY_NOT_ALLOCATED NT_STATUS(0xC0000000 | 0x00a0) +#define NT_STATUS_WORKING_SET_QUOTA NT_STATUS(0xC0000000 | 0x00a1) +#define NT_STATUS_MEDIA_WRITE_PROTECTED NT_STATUS(0xC0000000 | 0x00a2) +#define NT_STATUS_DEVICE_NOT_READY NT_STATUS(0xC0000000 | 0x00a3) +#define NT_STATUS_INVALID_GROUP_ATTRIBUTES NT_STATUS(0xC0000000 | 0x00a4) +#define NT_STATUS_BAD_IMPERSONATION_LEVEL NT_STATUS(0xC0000000 | 0x00a5) +#define NT_STATUS_CANT_OPEN_ANONYMOUS NT_STATUS(0xC0000000 | 0x00a6) +#define NT_STATUS_BAD_VALIDATION_CLASS NT_STATUS(0xC0000000 | 0x00a7) +#define NT_STATUS_BAD_TOKEN_TYPE NT_STATUS(0xC0000000 | 0x00a8) +#define NT_STATUS_BAD_MASTER_BOOT_RECORD NT_STATUS(0xC0000000 | 0x00a9) +#define NT_STATUS_INSTRUCTION_MISALIGNMENT NT_STATUS(0xC0000000 | 0x00aa) +#define NT_STATUS_INSTANCE_NOT_AVAILABLE NT_STATUS(0xC0000000 | 0x00ab) +#define NT_STATUS_PIPE_NOT_AVAILABLE NT_STATUS(0xC0000000 | 0x00ac) +#define NT_STATUS_INVALID_PIPE_STATE NT_STATUS(0xC0000000 | 0x00ad) +#define NT_STATUS_PIPE_BUSY NT_STATUS(0xC0000000 | 0x00ae) +#define NT_STATUS_ILLEGAL_FUNCTION NT_STATUS(0xC0000000 | 0x00af) +#define NT_STATUS_PIPE_DISCONNECTED NT_STATUS(0xC0000000 | 0x00b0) +#define NT_STATUS_PIPE_CLOSING NT_STATUS(0xC0000000 | 0x00b1) +#define NT_STATUS_PIPE_CONNECTED NT_STATUS(0xC0000000 | 0x00b2) +#define NT_STATUS_PIPE_LISTENING NT_STATUS(0xC0000000 | 0x00b3) +#define NT_STATUS_INVALID_READ_MODE NT_STATUS(0xC0000000 | 0x00b4) +#define NT_STATUS_IO_TIMEOUT NT_STATUS(0xC0000000 | 0x00b5) +#define NT_STATUS_FILE_FORCED_CLOSED NT_STATUS(0xC0000000 | 0x00b6) +#define NT_STATUS_PROFILING_NOT_STARTED NT_STATUS(0xC0000000 | 0x00b7) +#define NT_STATUS_PROFILING_NOT_STOPPED NT_STATUS(0xC0000000 | 0x00b8) +#define NT_STATUS_COULD_NOT_INTERPRET NT_STATUS(0xC0000000 | 0x00b9) +#define NT_STATUS_FILE_IS_A_DIRECTORY NT_STATUS(0xC0000000 | 0x00ba) +#define NT_STATUS_NOT_SUPPORTED NT_STATUS(0xC0000000 | 0x00bb) +#define NT_STATUS_REMOTE_NOT_LISTENING NT_STATUS(0xC0000000 | 0x00bc) +#define NT_STATUS_DUPLICATE_NAME NT_STATUS(0xC0000000 | 0x00bd) +#define NT_STATUS_BAD_NETWORK_PATH NT_STATUS(0xC0000000 | 0x00be) +#define NT_STATUS_NETWORK_BUSY NT_STATUS(0xC0000000 | 0x00bf) +#define NT_STATUS_DEVICE_DOES_NOT_EXIST NT_STATUS(0xC0000000 | 0x00c0) +#define NT_STATUS_TOO_MANY_COMMANDS NT_STATUS(0xC0000000 | 0x00c1) +#define NT_STATUS_ADAPTER_HARDWARE_ERROR NT_STATUS(0xC0000000 | 0x00c2) +#define NT_STATUS_INVALID_NETWORK_RESPONSE NT_STATUS(0xC0000000 | 0x00c3) +#define NT_STATUS_UNEXPECTED_NETWORK_ERROR NT_STATUS(0xC0000000 | 0x00c4) +#define NT_STATUS_BAD_REMOTE_ADAPTER NT_STATUS(0xC0000000 | 0x00c5) +#define NT_STATUS_PRINT_QUEUE_FULL NT_STATUS(0xC0000000 | 0x00c6) +#define NT_STATUS_NO_SPOOL_SPACE NT_STATUS(0xC0000000 | 0x00c7) +#define NT_STATUS_PRINT_CANCELLED NT_STATUS(0xC0000000 | 0x00c8) +#define NT_STATUS_NETWORK_NAME_DELETED NT_STATUS(0xC0000000 | 0x00c9) +#define NT_STATUS_NETWORK_ACCESS_DENIED NT_STATUS(0xC0000000 | 0x00ca) +#define NT_STATUS_BAD_DEVICE_TYPE NT_STATUS(0xC0000000 | 0x00cb) +#define NT_STATUS_BAD_NETWORK_NAME NT_STATUS(0xC0000000 | 0x00cc) +#define NT_STATUS_TOO_MANY_NAMES NT_STATUS(0xC0000000 | 0x00cd) +#define NT_STATUS_TOO_MANY_SESSIONS NT_STATUS(0xC0000000 | 0x00ce) +#define NT_STATUS_SHARING_PAUSED NT_STATUS(0xC0000000 | 0x00cf) +#define NT_STATUS_REQUEST_NOT_ACCEPTED NT_STATUS(0xC0000000 | 0x00d0) +#define NT_STATUS_REDIRECTOR_PAUSED NT_STATUS(0xC0000000 | 0x00d1) +#define NT_STATUS_NET_WRITE_FAULT NT_STATUS(0xC0000000 | 0x00d2) +#define NT_STATUS_PROFILING_AT_LIMIT NT_STATUS(0xC0000000 | 0x00d3) +#define NT_STATUS_NOT_SAME_DEVICE NT_STATUS(0xC0000000 | 0x00d4) +#define NT_STATUS_FILE_RENAMED NT_STATUS(0xC0000000 | 0x00d5) +#define NT_STATUS_VIRTUAL_CIRCUIT_CLOSED NT_STATUS(0xC0000000 | 0x00d6) +#define NT_STATUS_NO_SECURITY_ON_OBJECT NT_STATUS(0xC0000000 | 0x00d7) +#define NT_STATUS_CANT_WAIT NT_STATUS(0xC0000000 | 0x00d8) +#define NT_STATUS_PIPE_EMPTY NT_STATUS(0xC0000000 | 0x00d9) +#define NT_STATUS_CANT_ACCESS_DOMAIN_INFO NT_STATUS(0xC0000000 | 0x00da) +#define NT_STATUS_CANT_TERMINATE_SELF NT_STATUS(0xC0000000 | 0x00db) +#define NT_STATUS_INVALID_SERVER_STATE NT_STATUS(0xC0000000 | 0x00dc) +#define NT_STATUS_INVALID_DOMAIN_STATE NT_STATUS(0xC0000000 | 0x00dd) +#define NT_STATUS_INVALID_DOMAIN_ROLE NT_STATUS(0xC0000000 | 0x00de) +#define NT_STATUS_NO_SUCH_DOMAIN NT_STATUS(0xC0000000 | 0x00df) +#define NT_STATUS_DOMAIN_EXISTS NT_STATUS(0xC0000000 | 0x00e0) +#define NT_STATUS_DOMAIN_LIMIT_EXCEEDED NT_STATUS(0xC0000000 | 0x00e1) +#define NT_STATUS_OPLOCK_NOT_GRANTED NT_STATUS(0xC0000000 | 0x00e2) +#define NT_STATUS_INVALID_OPLOCK_PROTOCOL NT_STATUS(0xC0000000 | 0x00e3) +#define NT_STATUS_INTERNAL_DB_CORRUPTION NT_STATUS(0xC0000000 | 0x00e4) +#define NT_STATUS_INTERNAL_ERROR NT_STATUS(0xC0000000 | 0x00e5) +#define NT_STATUS_GENERIC_NOT_MAPPED NT_STATUS(0xC0000000 | 0x00e6) +#define NT_STATUS_BAD_DESCRIPTOR_FORMAT NT_STATUS(0xC0000000 | 0x00e7) +#define NT_STATUS_INVALID_USER_BUFFER NT_STATUS(0xC0000000 | 0x00e8) +#define NT_STATUS_UNEXPECTED_IO_ERROR NT_STATUS(0xC0000000 | 0x00e9) +#define NT_STATUS_UNEXPECTED_MM_CREATE_ERR NT_STATUS(0xC0000000 | 0x00ea) +#define NT_STATUS_UNEXPECTED_MM_MAP_ERROR NT_STATUS(0xC0000000 | 0x00eb) +#define NT_STATUS_UNEXPECTED_MM_EXTEND_ERR NT_STATUS(0xC0000000 | 0x00ec) +#define NT_STATUS_NOT_LOGON_PROCESS NT_STATUS(0xC0000000 | 0x00ed) +#define NT_STATUS_LOGON_SESSION_EXISTS NT_STATUS(0xC0000000 | 0x00ee) +#define NT_STATUS_INVALID_PARAMETER_1 NT_STATUS(0xC0000000 | 0x00ef) +#define NT_STATUS_INVALID_PARAMETER_2 NT_STATUS(0xC0000000 | 0x00f0) +#define NT_STATUS_INVALID_PARAMETER_3 NT_STATUS(0xC0000000 | 0x00f1) +#define NT_STATUS_INVALID_PARAMETER_4 NT_STATUS(0xC0000000 | 0x00f2) +#define NT_STATUS_INVALID_PARAMETER_5 NT_STATUS(0xC0000000 | 0x00f3) +#define NT_STATUS_INVALID_PARAMETER_6 NT_STATUS(0xC0000000 | 0x00f4) +#define NT_STATUS_INVALID_PARAMETER_7 NT_STATUS(0xC0000000 | 0x00f5) +#define NT_STATUS_INVALID_PARAMETER_8 NT_STATUS(0xC0000000 | 0x00f6) +#define NT_STATUS_INVALID_PARAMETER_9 NT_STATUS(0xC0000000 | 0x00f7) +#define NT_STATUS_INVALID_PARAMETER_10 NT_STATUS(0xC0000000 | 0x00f8) +#define NT_STATUS_INVALID_PARAMETER_11 NT_STATUS(0xC0000000 | 0x00f9) +#define NT_STATUS_INVALID_PARAMETER_12 NT_STATUS(0xC0000000 | 0x00fa) +#define NT_STATUS_REDIRECTOR_NOT_STARTED NT_STATUS(0xC0000000 | 0x00fb) +#define NT_STATUS_REDIRECTOR_STARTED NT_STATUS(0xC0000000 | 0x00fc) +#define NT_STATUS_STACK_OVERFLOW NT_STATUS(0xC0000000 | 0x00fd) +#define NT_STATUS_NO_SUCH_PACKAGE NT_STATUS(0xC0000000 | 0x00fe) +#define NT_STATUS_BAD_FUNCTION_TABLE NT_STATUS(0xC0000000 | 0x00ff) +#define NT_STATUS_DIRECTORY_NOT_EMPTY NT_STATUS(0xC0000000 | 0x0101) +#define NT_STATUS_FILE_CORRUPT_ERROR NT_STATUS(0xC0000000 | 0x0102) +#define NT_STATUS_NOT_A_DIRECTORY NT_STATUS(0xC0000000 | 0x0103) +#define NT_STATUS_BAD_LOGON_SESSION_STATE NT_STATUS(0xC0000000 | 0x0104) +#define NT_STATUS_LOGON_SESSION_COLLISION NT_STATUS(0xC0000000 | 0x0105) +#define NT_STATUS_NAME_TOO_LONG NT_STATUS(0xC0000000 | 0x0106) +#define NT_STATUS_FILES_OPEN NT_STATUS(0xC0000000 | 0x0107) +#define NT_STATUS_CONNECTION_IN_USE NT_STATUS(0xC0000000 | 0x0108) +#define NT_STATUS_MESSAGE_NOT_FOUND NT_STATUS(0xC0000000 | 0x0109) +#define NT_STATUS_PROCESS_IS_TERMINATING NT_STATUS(0xC0000000 | 0x010a) +#define NT_STATUS_INVALID_LOGON_TYPE NT_STATUS(0xC0000000 | 0x010b) +#define NT_STATUS_NO_GUID_TRANSLATION NT_STATUS(0xC0000000 | 0x010c) +#define NT_STATUS_CANNOT_IMPERSONATE NT_STATUS(0xC0000000 | 0x010d) +#define NT_STATUS_IMAGE_ALREADY_LOADED NT_STATUS(0xC0000000 | 0x010e) +#define NT_STATUS_ABIOS_NOT_PRESENT NT_STATUS(0xC0000000 | 0x010f) +#define NT_STATUS_ABIOS_LID_NOT_EXIST NT_STATUS(0xC0000000 | 0x0110) +#define NT_STATUS_ABIOS_LID_ALREADY_OWNED NT_STATUS(0xC0000000 | 0x0111) +#define NT_STATUS_ABIOS_NOT_LID_OWNER NT_STATUS(0xC0000000 | 0x0112) +#define NT_STATUS_ABIOS_INVALID_COMMAND NT_STATUS(0xC0000000 | 0x0113) +#define NT_STATUS_ABIOS_INVALID_LID NT_STATUS(0xC0000000 | 0x0114) +#define NT_STATUS_ABIOS_SELECTOR_NOT_AVAILABLE NT_STATUS(0xC0000000 | 0x0115) +#define NT_STATUS_ABIOS_INVALID_SELECTOR NT_STATUS(0xC0000000 | 0x0116) +#define NT_STATUS_NO_LDT NT_STATUS(0xC0000000 | 0x0117) +#define NT_STATUS_INVALID_LDT_SIZE NT_STATUS(0xC0000000 | 0x0118) +#define NT_STATUS_INVALID_LDT_OFFSET NT_STATUS(0xC0000000 | 0x0119) +#define NT_STATUS_INVALID_LDT_DESCRIPTOR NT_STATUS(0xC0000000 | 0x011a) +#define NT_STATUS_INVALID_IMAGE_NE_FORMAT NT_STATUS(0xC0000000 | 0x011b) +#define NT_STATUS_RXACT_INVALID_STATE NT_STATUS(0xC0000000 | 0x011c) +#define NT_STATUS_RXACT_COMMIT_FAILURE NT_STATUS(0xC0000000 | 0x011d) +#define NT_STATUS_MAPPED_FILE_SIZE_ZERO NT_STATUS(0xC0000000 | 0x011e) +#define NT_STATUS_TOO_MANY_OPENED_FILES NT_STATUS(0xC0000000 | 0x011f) +#define NT_STATUS_CANCELLED NT_STATUS(0xC0000000 | 0x0120) +#define NT_STATUS_CANNOT_DELETE NT_STATUS(0xC0000000 | 0x0121) +#define NT_STATUS_INVALID_COMPUTER_NAME NT_STATUS(0xC0000000 | 0x0122) +#define NT_STATUS_FILE_DELETED NT_STATUS(0xC0000000 | 0x0123) +#define NT_STATUS_SPECIAL_ACCOUNT NT_STATUS(0xC0000000 | 0x0124) +#define NT_STATUS_SPECIAL_GROUP NT_STATUS(0xC0000000 | 0x0125) +#define NT_STATUS_SPECIAL_USER NT_STATUS(0xC0000000 | 0x0126) +#define NT_STATUS_MEMBERS_PRIMARY_GROUP NT_STATUS(0xC0000000 | 0x0127) +#define NT_STATUS_FILE_CLOSED NT_STATUS(0xC0000000 | 0x0128) +#define NT_STATUS_TOO_MANY_THREADS NT_STATUS(0xC0000000 | 0x0129) +#define NT_STATUS_THREAD_NOT_IN_PROCESS NT_STATUS(0xC0000000 | 0x012a) +#define NT_STATUS_TOKEN_ALREADY_IN_USE NT_STATUS(0xC0000000 | 0x012b) +#define NT_STATUS_PAGEFILE_QUOTA_EXCEEDED NT_STATUS(0xC0000000 | 0x012c) +#define NT_STATUS_COMMITMENT_LIMIT NT_STATUS(0xC0000000 | 0x012d) +#define NT_STATUS_INVALID_IMAGE_LE_FORMAT NT_STATUS(0xC0000000 | 0x012e) +#define NT_STATUS_INVALID_IMAGE_NOT_MZ NT_STATUS(0xC0000000 | 0x012f) +#define NT_STATUS_INVALID_IMAGE_PROTECT NT_STATUS(0xC0000000 | 0x0130) +#define NT_STATUS_INVALID_IMAGE_WIN_16 NT_STATUS(0xC0000000 | 0x0131) +#define NT_STATUS_LOGON_SERVER_CONFLICT NT_STATUS(0xC0000000 | 0x0132) +#define NT_STATUS_TIME_DIFFERENCE_AT_DC NT_STATUS(0xC0000000 | 0x0133) +#define NT_STATUS_SYNCHRONIZATION_REQUIRED NT_STATUS(0xC0000000 | 0x0134) +#define NT_STATUS_DLL_NOT_FOUND NT_STATUS(0xC0000000 | 0x0135) +#define NT_STATUS_OPEN_FAILED NT_STATUS(0xC0000000 | 0x0136) +#define NT_STATUS_IO_PRIVILEGE_FAILED NT_STATUS(0xC0000000 | 0x0137) +#define NT_STATUS_ORDINAL_NOT_FOUND NT_STATUS(0xC0000000 | 0x0138) +#define NT_STATUS_ENTRYPOINT_NOT_FOUND NT_STATUS(0xC0000000 | 0x0139) +#define NT_STATUS_CONTROL_C_EXIT NT_STATUS(0xC0000000 | 0x013a) +#define NT_STATUS_LOCAL_DISCONNECT NT_STATUS(0xC0000000 | 0x013b) +#define NT_STATUS_REMOTE_DISCONNECT NT_STATUS(0xC0000000 | 0x013c) +#define NT_STATUS_REMOTE_RESOURCES NT_STATUS(0xC0000000 | 0x013d) +#define NT_STATUS_LINK_FAILED NT_STATUS(0xC0000000 | 0x013e) +#define NT_STATUS_LINK_TIMEOUT NT_STATUS(0xC0000000 | 0x013f) +#define NT_STATUS_INVALID_CONNECTION NT_STATUS(0xC0000000 | 0x0140) +#define NT_STATUS_INVALID_ADDRESS NT_STATUS(0xC0000000 | 0x0141) +#define NT_STATUS_DLL_INIT_FAILED NT_STATUS(0xC0000000 | 0x0142) +#define NT_STATUS_MISSING_SYSTEMFILE NT_STATUS(0xC0000000 | 0x0143) +#define NT_STATUS_UNHANDLED_EXCEPTION NT_STATUS(0xC0000000 | 0x0144) +#define NT_STATUS_APP_INIT_FAILURE NT_STATUS(0xC0000000 | 0x0145) +#define NT_STATUS_PAGEFILE_CREATE_FAILED NT_STATUS(0xC0000000 | 0x0146) +#define NT_STATUS_NO_PAGEFILE NT_STATUS(0xC0000000 | 0x0147) +#define NT_STATUS_INVALID_LEVEL NT_STATUS(0xC0000000 | 0x0148) +#define NT_STATUS_WRONG_PASSWORD_CORE NT_STATUS(0xC0000000 | 0x0149) +#define NT_STATUS_ILLEGAL_FLOAT_CONTEXT NT_STATUS(0xC0000000 | 0x014a) +#define NT_STATUS_PIPE_BROKEN NT_STATUS(0xC0000000 | 0x014b) +#define NT_STATUS_REGISTRY_CORRUPT NT_STATUS(0xC0000000 | 0x014c) +#define NT_STATUS_REGISTRY_IO_FAILED NT_STATUS(0xC0000000 | 0x014d) +#define NT_STATUS_NO_EVENT_PAIR NT_STATUS(0xC0000000 | 0x014e) +#define NT_STATUS_UNRECOGNIZED_VOLUME NT_STATUS(0xC0000000 | 0x014f) +#define NT_STATUS_SERIAL_NO_DEVICE_INITED NT_STATUS(0xC0000000 | 0x0150) +#define NT_STATUS_NO_SUCH_ALIAS NT_STATUS(0xC0000000 | 0x0151) +#define NT_STATUS_MEMBER_NOT_IN_ALIAS NT_STATUS(0xC0000000 | 0x0152) +#define NT_STATUS_MEMBER_IN_ALIAS NT_STATUS(0xC0000000 | 0x0153) +#define NT_STATUS_ALIAS_EXISTS NT_STATUS(0xC0000000 | 0x0154) +#define NT_STATUS_LOGON_NOT_GRANTED NT_STATUS(0xC0000000 | 0x0155) +#define NT_STATUS_TOO_MANY_SECRETS NT_STATUS(0xC0000000 | 0x0156) +#define NT_STATUS_SECRET_TOO_LONG NT_STATUS(0xC0000000 | 0x0157) +#define NT_STATUS_INTERNAL_DB_ERROR NT_STATUS(0xC0000000 | 0x0158) +#define NT_STATUS_FULLSCREEN_MODE NT_STATUS(0xC0000000 | 0x0159) +#define NT_STATUS_TOO_MANY_CONTEXT_IDS NT_STATUS(0xC0000000 | 0x015a) +#define NT_STATUS_LOGON_TYPE_NOT_GRANTED NT_STATUS(0xC0000000 | 0x015b) +#define NT_STATUS_NOT_REGISTRY_FILE NT_STATUS(0xC0000000 | 0x015c) +#define NT_STATUS_NT_CROSS_ENCRYPTION_REQUIRED NT_STATUS(0xC0000000 | 0x015d) +#define NT_STATUS_DOMAIN_CTRLR_CONFIG_ERROR NT_STATUS(0xC0000000 | 0x015e) +#define NT_STATUS_FT_MISSING_MEMBER NT_STATUS(0xC0000000 | 0x015f) +#define NT_STATUS_ILL_FORMED_SERVICE_ENTRY NT_STATUS(0xC0000000 | 0x0160) +#define NT_STATUS_ILLEGAL_CHARACTER NT_STATUS(0xC0000000 | 0x0161) +#define NT_STATUS_UNMAPPABLE_CHARACTER NT_STATUS(0xC0000000 | 0x0162) +#define NT_STATUS_UNDEFINED_CHARACTER NT_STATUS(0xC0000000 | 0x0163) +#define NT_STATUS_FLOPPY_VOLUME NT_STATUS(0xC0000000 | 0x0164) +#define NT_STATUS_FLOPPY_ID_MARK_NOT_FOUND NT_STATUS(0xC0000000 | 0x0165) +#define NT_STATUS_FLOPPY_WRONG_CYLINDER NT_STATUS(0xC0000000 | 0x0166) +#define NT_STATUS_FLOPPY_UNKNOWN_ERROR NT_STATUS(0xC0000000 | 0x0167) +#define NT_STATUS_FLOPPY_BAD_REGISTERS NT_STATUS(0xC0000000 | 0x0168) +#define NT_STATUS_DISK_RECALIBRATE_FAILED NT_STATUS(0xC0000000 | 0x0169) +#define NT_STATUS_DISK_OPERATION_FAILED NT_STATUS(0xC0000000 | 0x016a) +#define NT_STATUS_DISK_RESET_FAILED NT_STATUS(0xC0000000 | 0x016b) +#define NT_STATUS_SHARED_IRQ_BUSY NT_STATUS(0xC0000000 | 0x016c) +#define NT_STATUS_FT_ORPHANING NT_STATUS(0xC0000000 | 0x016d) +#define NT_STATUS_PARTITION_FAILURE NT_STATUS(0xC0000000 | 0x0172) +#define NT_STATUS_INVALID_BLOCK_LENGTH NT_STATUS(0xC0000000 | 0x0173) +#define NT_STATUS_DEVICE_NOT_PARTITIONED NT_STATUS(0xC0000000 | 0x0174) +#define NT_STATUS_UNABLE_TO_LOCK_MEDIA NT_STATUS(0xC0000000 | 0x0175) +#define NT_STATUS_UNABLE_TO_UNLOAD_MEDIA NT_STATUS(0xC0000000 | 0x0176) +#define NT_STATUS_EOM_OVERFLOW NT_STATUS(0xC0000000 | 0x0177) +#define NT_STATUS_NO_MEDIA NT_STATUS(0xC0000000 | 0x0178) +#define NT_STATUS_NO_SUCH_MEMBER NT_STATUS(0xC0000000 | 0x017a) +#define NT_STATUS_INVALID_MEMBER NT_STATUS(0xC0000000 | 0x017b) +#define NT_STATUS_KEY_DELETED NT_STATUS(0xC0000000 | 0x017c) +#define NT_STATUS_NO_LOG_SPACE NT_STATUS(0xC0000000 | 0x017d) +#define NT_STATUS_TOO_MANY_SIDS NT_STATUS(0xC0000000 | 0x017e) +#define NT_STATUS_LM_CROSS_ENCRYPTION_REQUIRED NT_STATUS(0xC0000000 | 0x017f) +#define NT_STATUS_KEY_HAS_CHILDREN NT_STATUS(0xC0000000 | 0x0180) +#define NT_STATUS_CHILD_MUST_BE_VOLATILE NT_STATUS(0xC0000000 | 0x0181) +#define NT_STATUS_DEVICE_CONFIGURATION_ERROR NT_STATUS(0xC0000000 | 0x0182) +#define NT_STATUS_DRIVER_INTERNAL_ERROR NT_STATUS(0xC0000000 | 0x0183) +#define NT_STATUS_INVALID_DEVICE_STATE NT_STATUS(0xC0000000 | 0x0184) +#define NT_STATUS_IO_DEVICE_ERROR NT_STATUS(0xC0000000 | 0x0185) +#define NT_STATUS_DEVICE_PROTOCOL_ERROR NT_STATUS(0xC0000000 | 0x0186) +#define NT_STATUS_BACKUP_CONTROLLER NT_STATUS(0xC0000000 | 0x0187) +#define NT_STATUS_LOG_FILE_FULL NT_STATUS(0xC0000000 | 0x0188) +#define NT_STATUS_TOO_LATE NT_STATUS(0xC0000000 | 0x0189) +#define NT_STATUS_NO_TRUST_LSA_SECRET NT_STATUS(0xC0000000 | 0x018a) +#define NT_STATUS_NO_TRUST_SAM_ACCOUNT NT_STATUS(0xC0000000 | 0x018b) +#define NT_STATUS_TRUSTED_DOMAIN_FAILURE NT_STATUS(0xC0000000 | 0x018c) +#define NT_STATUS_TRUSTED_RELATIONSHIP_FAILURE NT_STATUS(0xC0000000 | 0x018d) +#define NT_STATUS_EVENTLOG_FILE_CORRUPT NT_STATUS(0xC0000000 | 0x018e) +#define NT_STATUS_EVENTLOG_CANT_START NT_STATUS(0xC0000000 | 0x018f) +#define NT_STATUS_TRUST_FAILURE NT_STATUS(0xC0000000 | 0x0190) +#define NT_STATUS_MUTANT_LIMIT_EXCEEDED NT_STATUS(0xC0000000 | 0x0191) +#define NT_STATUS_NETLOGON_NOT_STARTED NT_STATUS(0xC0000000 | 0x0192) +#define NT_STATUS_ACCOUNT_EXPIRED NT_STATUS(0xC0000000 | 0x0193) +#define NT_STATUS_POSSIBLE_DEADLOCK NT_STATUS(0xC0000000 | 0x0194) +#define NT_STATUS_NETWORK_CREDENTIAL_CONFLICT NT_STATUS(0xC0000000 | 0x0195) +#define NT_STATUS_REMOTE_SESSION_LIMIT NT_STATUS(0xC0000000 | 0x0196) +#define NT_STATUS_EVENTLOG_FILE_CHANGED NT_STATUS(0xC0000000 | 0x0197) +#define NT_STATUS_NOLOGON_INTERDOMAIN_TRUST_ACCOUNT NT_STATUS(0xC0000000 | 0x0198) +#define NT_STATUS_NOLOGON_WORKSTATION_TRUST_ACCOUNT NT_STATUS(0xC0000000 | 0x0199) +#define NT_STATUS_NOLOGON_SERVER_TRUST_ACCOUNT NT_STATUS(0xC0000000 | 0x019a) +#define NT_STATUS_DOMAIN_TRUST_INCONSISTENT NT_STATUS(0xC0000000 | 0x019b) +#define NT_STATUS_FS_DRIVER_REQUIRED NT_STATUS(0xC0000000 | 0x019c) +#define NT_STATUS_NO_USER_SESSION_KEY NT_STATUS(0xC0000000 | 0x0202) +#define NT_STATUS_USER_SESSION_DELETED NT_STATUS(0xC0000000 | 0x0203) +#define NT_STATUS_RESOURCE_LANG_NOT_FOUND NT_STATUS(0xC0000000 | 0x0204) +#define NT_STATUS_INSUFF_SERVER_RESOURCES NT_STATUS(0xC0000000 | 0x0205) +#define NT_STATUS_INVALID_BUFFER_SIZE NT_STATUS(0xC0000000 | 0x0206) +#define NT_STATUS_INVALID_ADDRESS_COMPONENT NT_STATUS(0xC0000000 | 0x0207) +#define NT_STATUS_INVALID_ADDRESS_WILDCARD NT_STATUS(0xC0000000 | 0x0208) +#define NT_STATUS_TOO_MANY_ADDRESSES NT_STATUS(0xC0000000 | 0x0209) +#define NT_STATUS_ADDRESS_ALREADY_EXISTS NT_STATUS(0xC0000000 | 0x020a) +#define NT_STATUS_ADDRESS_CLOSED NT_STATUS(0xC0000000 | 0x020b) +#define NT_STATUS_CONNECTION_DISCONNECTED NT_STATUS(0xC0000000 | 0x020c) +#define NT_STATUS_CONNECTION_RESET NT_STATUS(0xC0000000 | 0x020d) +#define NT_STATUS_TOO_MANY_NODES NT_STATUS(0xC0000000 | 0x020e) +#define NT_STATUS_TRANSACTION_ABORTED NT_STATUS(0xC0000000 | 0x020f) +#define NT_STATUS_TRANSACTION_TIMED_OUT NT_STATUS(0xC0000000 | 0x0210) +#define NT_STATUS_TRANSACTION_NO_RELEASE NT_STATUS(0xC0000000 | 0x0211) +#define NT_STATUS_TRANSACTION_NO_MATCH NT_STATUS(0xC0000000 | 0x0212) +#define NT_STATUS_TRANSACTION_RESPONDED NT_STATUS(0xC0000000 | 0x0213) +#define NT_STATUS_TRANSACTION_INVALID_ID NT_STATUS(0xC0000000 | 0x0214) +#define NT_STATUS_TRANSACTION_INVALID_TYPE NT_STATUS(0xC0000000 | 0x0215) +#define NT_STATUS_NOT_SERVER_SESSION NT_STATUS(0xC0000000 | 0x0216) +#define NT_STATUS_NOT_CLIENT_SESSION NT_STATUS(0xC0000000 | 0x0217) +#define NT_STATUS_CANNOT_LOAD_REGISTRY_FILE NT_STATUS(0xC0000000 | 0x0218) +#define NT_STATUS_DEBUG_ATTACH_FAILED NT_STATUS(0xC0000000 | 0x0219) +#define NT_STATUS_SYSTEM_PROCESS_TERMINATED NT_STATUS(0xC0000000 | 0x021a) +#define NT_STATUS_DATA_NOT_ACCEPTED NT_STATUS(0xC0000000 | 0x021b) +#define NT_STATUS_NO_BROWSER_SERVERS_FOUND NT_STATUS(0xC0000000 | 0x021c) +#define NT_STATUS_VDM_HARD_ERROR NT_STATUS(0xC0000000 | 0x021d) +#define NT_STATUS_DRIVER_CANCEL_TIMEOUT NT_STATUS(0xC0000000 | 0x021e) +#define NT_STATUS_REPLY_MESSAGE_MISMATCH NT_STATUS(0xC0000000 | 0x021f) +#define NT_STATUS_MAPPED_ALIGNMENT NT_STATUS(0xC0000000 | 0x0220) +#define NT_STATUS_IMAGE_CHECKSUM_MISMATCH NT_STATUS(0xC0000000 | 0x0221) +#define NT_STATUS_LOST_WRITEBEHIND_DATA NT_STATUS(0xC0000000 | 0x0222) +#define NT_STATUS_CLIENT_SERVER_PARAMETERS_INVALID NT_STATUS(0xC0000000 | 0x0223) +#define NT_STATUS_PASSWORD_MUST_CHANGE NT_STATUS(0xC0000000 | 0x0224) +#define NT_STATUS_NOT_FOUND NT_STATUS(0xC0000000 | 0x0225) +#define NT_STATUS_NOT_TINY_STREAM NT_STATUS(0xC0000000 | 0x0226) +#define NT_STATUS_RECOVERY_FAILURE NT_STATUS(0xC0000000 | 0x0227) +#define NT_STATUS_STACK_OVERFLOW_READ NT_STATUS(0xC0000000 | 0x0228) +#define NT_STATUS_FAIL_CHECK NT_STATUS(0xC0000000 | 0x0229) +#define NT_STATUS_DUPLICATE_OBJECTID NT_STATUS(0xC0000000 | 0x022a) +#define NT_STATUS_OBJECTID_EXISTS NT_STATUS(0xC0000000 | 0x022b) +#define NT_STATUS_CONVERT_TO_LARGE NT_STATUS(0xC0000000 | 0x022c) +#define NT_STATUS_RETRY NT_STATUS(0xC0000000 | 0x022d) +#define NT_STATUS_FOUND_OUT_OF_SCOPE NT_STATUS(0xC0000000 | 0x022e) +#define NT_STATUS_ALLOCATE_BUCKET NT_STATUS(0xC0000000 | 0x022f) +#define NT_STATUS_PROPSET_NOT_FOUND NT_STATUS(0xC0000000 | 0x0230) +#define NT_STATUS_MARSHALL_OVERFLOW NT_STATUS(0xC0000000 | 0x0231) +#define NT_STATUS_INVALID_VARIANT NT_STATUS(0xC0000000 | 0x0232) +#define NT_STATUS_DOMAIN_CONTROLLER_NOT_FOUND NT_STATUS(0xC0000000 | 0x0233) +#define NT_STATUS_ACCOUNT_LOCKED_OUT NT_STATUS(0xC0000000 | 0x0234) +#define NT_STATUS_HANDLE_NOT_CLOSABLE NT_STATUS(0xC0000000 | 0x0235) +#define NT_STATUS_CONNECTION_REFUSED NT_STATUS(0xC0000000 | 0x0236) +#define NT_STATUS_GRACEFUL_DISCONNECT NT_STATUS(0xC0000000 | 0x0237) +#define NT_STATUS_ADDRESS_ALREADY_ASSOCIATED NT_STATUS(0xC0000000 | 0x0238) +#define NT_STATUS_ADDRESS_NOT_ASSOCIATED NT_STATUS(0xC0000000 | 0x0239) +#define NT_STATUS_CONNECTION_INVALID NT_STATUS(0xC0000000 | 0x023a) +#define NT_STATUS_CONNECTION_ACTIVE NT_STATUS(0xC0000000 | 0x023b) +#define NT_STATUS_NETWORK_UNREACHABLE NT_STATUS(0xC0000000 | 0x023c) +#define NT_STATUS_HOST_UNREACHABLE NT_STATUS(0xC0000000 | 0x023d) +#define NT_STATUS_PROTOCOL_UNREACHABLE NT_STATUS(0xC0000000 | 0x023e) +#define NT_STATUS_PORT_UNREACHABLE NT_STATUS(0xC0000000 | 0x023f) +#define NT_STATUS_REQUEST_ABORTED NT_STATUS(0xC0000000 | 0x0240) +#define NT_STATUS_CONNECTION_ABORTED NT_STATUS(0xC0000000 | 0x0241) +#define NT_STATUS_BAD_COMPRESSION_BUFFER NT_STATUS(0xC0000000 | 0x0242) +#define NT_STATUS_USER_MAPPED_FILE NT_STATUS(0xC0000000 | 0x0243) +#define NT_STATUS_AUDIT_FAILED NT_STATUS(0xC0000000 | 0x0244) +#define NT_STATUS_TIMER_RESOLUTION_NOT_SET NT_STATUS(0xC0000000 | 0x0245) +#define NT_STATUS_CONNECTION_COUNT_LIMIT NT_STATUS(0xC0000000 | 0x0246) +#define NT_STATUS_LOGIN_TIME_RESTRICTION NT_STATUS(0xC0000000 | 0x0247) +#define NT_STATUS_LOGIN_WKSTA_RESTRICTION NT_STATUS(0xC0000000 | 0x0248) +#define NT_STATUS_IMAGE_MP_UP_MISMATCH NT_STATUS(0xC0000000 | 0x0249) +#define NT_STATUS_INSUFFICIENT_LOGON_INFO NT_STATUS(0xC0000000 | 0x0250) +#define NT_STATUS_BAD_DLL_ENTRYPOINT NT_STATUS(0xC0000000 | 0x0251) +#define NT_STATUS_BAD_SERVICE_ENTRYPOINT NT_STATUS(0xC0000000 | 0x0252) +#define NT_STATUS_LPC_REPLY_LOST NT_STATUS(0xC0000000 | 0x0253) +#define NT_STATUS_IP_ADDRESS_CONFLICT1 NT_STATUS(0xC0000000 | 0x0254) +#define NT_STATUS_IP_ADDRESS_CONFLICT2 NT_STATUS(0xC0000000 | 0x0255) +#define NT_STATUS_REGISTRY_QUOTA_LIMIT NT_STATUS(0xC0000000 | 0x0256) +#define NT_STATUS_PATH_NOT_COVERED NT_STATUS(0xC0000000 | 0x0257) +#define NT_STATUS_NO_CALLBACK_ACTIVE NT_STATUS(0xC0000000 | 0x0258) +#define NT_STATUS_LICENSE_QUOTA_EXCEEDED NT_STATUS(0xC0000000 | 0x0259) +#define NT_STATUS_PWD_TOO_SHORT NT_STATUS(0xC0000000 | 0x025a) +#define NT_STATUS_PWD_TOO_RECENT NT_STATUS(0xC0000000 | 0x025b) +#define NT_STATUS_PWD_HISTORY_CONFLICT NT_STATUS(0xC0000000 | 0x025c) +#define NT_STATUS_PLUGPLAY_NO_DEVICE NT_STATUS(0xC0000000 | 0x025e) +#define NT_STATUS_UNSUPPORTED_COMPRESSION NT_STATUS(0xC0000000 | 0x025f) +#define NT_STATUS_INVALID_HW_PROFILE NT_STATUS(0xC0000000 | 0x0260) +#define NT_STATUS_INVALID_PLUGPLAY_DEVICE_PATH NT_STATUS(0xC0000000 | 0x0261) +#define NT_STATUS_DRIVER_ORDINAL_NOT_FOUND NT_STATUS(0xC0000000 | 0x0262) +#define NT_STATUS_DRIVER_ENTRYPOINT_NOT_FOUND NT_STATUS(0xC0000000 | 0x0263) +#define NT_STATUS_RESOURCE_NOT_OWNED NT_STATUS(0xC0000000 | 0x0264) +#define NT_STATUS_TOO_MANY_LINKS NT_STATUS(0xC0000000 | 0x0265) +#define NT_STATUS_QUOTA_LIST_INCONSISTENT NT_STATUS(0xC0000000 | 0x0266) +#define NT_STATUS_FILE_IS_OFFLINE NT_STATUS(0xC0000000 | 0x0267) +#define NT_STATUS_NO_SUCH_JOB NT_STATUS(0xC0000000 | 0xEDE) /* scheduler */ + +#endif /* _NTERR_H */ diff --git a/source3/include/passdb.h b/source3/include/passdb.h new file mode 100644 index 00000000000..f17b043fb27 --- /dev/null +++ b/source3/include/passdb.h @@ -0,0 +1,97 @@ +/* + Unix SMB/CIFS implementation. + passdb structures and parameters + Copyright (C) Gerald Carter 2001 + Copyright (C) Luke Kenneth Casson Leighton 1998 - 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _PASSDB_H +#define _PASSDB_H + + +/***************************************************************** + Functions to be implemented by the new (v2) passdb API +****************************************************************/ + +typedef struct pdb_context +{ + struct pdb_methods *pdb_selected; + + /* These functions are wrappers for the functions listed above. + They may do extra things like re-reading a SAM_ACCOUNT on update */ + + BOOL (*pdb_setsampwent)(struct pdb_context *, BOOL update); + + void (*pdb_endsampwent)(struct pdb_context *); + + BOOL (*pdb_getsampwent)(struct pdb_context *, SAM_ACCOUNT *user); + + BOOL (*pdb_getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); + + BOOL (*pdb_getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid); + + BOOL (*pdb_add_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); + + BOOL (*pdb_update_sam_account)(struct pdb_context *, SAM_ACCOUNT *sampass); + + BOOL (*pdb_delete_sam_account)(struct pdb_context *, SAM_ACCOUNT *username); + + void (*free_fn)(struct pdb_context **); + + TALLOC_CTX *mem_ctx; + +} PDB_CONTEXT; + +typedef struct pdb_methods +{ + const char *name; /* What name got this module */ + + BOOL (*setsampwent)(struct pdb_context *, BOOL update); + + void (*endsampwent)(struct pdb_context *); + + BOOL (*getsampwent)(struct pdb_context *, SAM_ACCOUNT *user); + + BOOL (*getsampwnam)(struct pdb_context *, SAM_ACCOUNT *sam_acct, const char *username); + + BOOL (*getsampwrid)(struct pdb_context *, SAM_ACCOUNT *sam_acct, uint32 rid); + + BOOL (*add_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass); + + BOOL (*update_sam_account)(struct pdb_context *, const SAM_ACCOUNT *sampass); + + BOOL (*delete_sam_account)(struct pdb_context *, const SAM_ACCOUNT *username); + + void *private_data; /* Private data of some kind */ + + void (*free_private_data)(void **); + +} PDB_METHODS; + +typedef NTSTATUS (*pdb_init_function)(struct pdb_context *, + struct pdb_methods **, + const char *); + +struct pdb_init_function_entry { + char *name; + /* Function to create a member of the authmethods list */ + NTSTATUS (*init)(struct pdb_context *pdb_context, + struct pdb_methods **pdb_method, + const char *location); +}; + +#endif /* _PASSDB_H */ diff --git a/source3/include/printing.h b/source3/include/printing.h new file mode 100644 index 00000000000..b99f2aeffb9 --- /dev/null +++ b/source3/include/printing.h @@ -0,0 +1,76 @@ +#ifndef PRINTING_H_ +#define PRINTING_H_ + +/* + Unix SMB/CIFS implementation. + printing definitions + Copyright (C) Andrew Tridgell 1992-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "includes.h" + +/* + This file defines the low-level printing system interfaces used by the + SAMBA printing subsystem. +*/ + +/* Information for print jobs */ +struct printjob { + pid_t pid; /* which process launched the job */ + int sysjob; /* the system (lp) job number */ + int fd; /* file descriptor of open file if open */ + time_t starttime; /* when the job started spooling */ + int status; /* the status of this job */ + size_t size; /* the size of the job so far */ + int page_count; /* then number of pages so far */ + BOOL spooled; /* has it been sent to the spooler yet? */ + BOOL smbjob; /* set if the job is a SMB job */ + fstring filename; /* the filename used to spool the file */ + fstring jobname; /* the job name given to us by the client */ + fstring user; /* the user who started the job */ + fstring queuename; /* service number of printer for this job */ +}; + +/* Information for print interfaces */ +struct printif +{ + int (*queue_get)(int snum, print_queue_struct **q, + print_status_struct *status); + int (*queue_pause)(int snum); + int (*queue_resume)(int snum); + int (*job_delete)(int snum, struct printjob *pjob); + int (*job_pause)(int snum, struct printjob *pjob); + int (*job_resume)(int snum, struct printjob *pjob); + int (*job_submit)(int snum, struct printjob *pjob); +}; + +extern struct printif generic_printif; + +#ifdef HAVE_CUPS +extern struct printif cups_printif; +#endif /* HAVE_CUPS */ + +#define PRINT_MAX_JOBID 10000 +#define UNIX_JOB_START PRINT_MAX_JOBID +#define NEXT_JOBID(j) ((j+1) % PRINT_MAX_JOBID > 0 ? (j+1) % PRINT_MAX_JOBID : 1) + +#define MAX_CACHE_VALID_TIME 3600 + +#define PRINT_SPOOL_PREFIX "smbprn." +#define PRINT_DATABASE_VERSION 4 + +#endif /* PRINTING_H_ */ diff --git a/source3/include/pstring.h b/source3/include/pstring.h new file mode 100644 index 00000000000..92870e4cae5 --- /dev/null +++ b/source3/include/pstring.h @@ -0,0 +1,36 @@ +/* + samba -- Unix SMB/CIFS implementation. + Safe standardized string types + + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) John H Terpstra 1996-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Paul Ashton 1998-2000 + Copyright (C) Martin Pool 2002 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _PSTRING + +#define PSTRING_LEN 1024 +#define FSTRING_LEN 256 + +typedef char pstring[PSTRING_LEN]; +typedef char fstring[FSTRING_LEN]; + +#define _PSTRING + +#endif /* ndef _PSTRING */ diff --git a/source3/include/rap.h b/source3/include/rap.h new file mode 100755 index 00000000000..993dfa7e335 --- /dev/null +++ b/source3/include/rap.h @@ -0,0 +1,507 @@ +/* + Samba Unix/Linux SMB client library + RAP (SMB Remote Procedure Calls) defines and structures + Copyright (C) Steve French 2001 (sfrench@us.ibm.com) + Copyright (C) Jim McDonough 2001 (jmcd@us.ibm.com) + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RAP_H_ +#define _RAP_H_ + +/*****************************************************/ +/* */ +/* Additional RAP functionality */ +/* */ +/* RAP is the original SMB RPC, documented */ +/* by Microsoft and X/Open in the 1990s and */ +/* supported by most SMB/CIFS servers although */ +/* it is unlikely that any one implementation */ +/* supports all RAP command codes since some */ +/* are quite obsolete and a few are specific */ +/* to a particular network operating system */ +/* */ +/* Although it has largely been replaced */ +/* for complex remote admistration and management */ +/* (of servers) by the relatively newer */ +/* DCE/RPC based remote API (which better handles */ +/* large >64K data structures), there are many */ +/* important administrative and resource location */ +/* tasks and user tasks (e.g. password change) */ +/* that are performed via RAP. */ +/* */ +/* Although a few of the RAP calls are implemented */ +/* in the Samba client library already (clirap.c) */ +/* the new ones are in clirap2.c for easy patching */ +/* and integration and a corresponding header */ +/* file, rap.h, has been created. */ +/* */ +/* This is based on data from the CIFS spec */ +/* and the LAN Server and LAN Manager */ +/* Programming Reference books and published */ +/* RAP document and CIFS forum postings and */ +/* lots of trial and error. Additional */ +/* background information is available from the */ +/* X/Open reference book in their PC Interworking */ +/* series "IPC for SMB" and also from the */ +/* interoperability documentation in */ +/* ftp://ftp.microsoft.com/developr/drg/cifs */ +/* */ +/* Function names changed from API_ (as they are */ +/* in the CIFS specification to RAP_ in order */ +/* to avoid confusion with other API calls */ +/* sent via DCE RPC */ +/* */ +/*****************************************************/ + +/*****************************************************/ +/* */ +/* Although without pound defines (of this header) */ +/* cifsrap.c already includes support for: */ +/* */ +/* WshareEnum (API number 0, level 1) */ +/* NetServerEnum2 (API num 104, level 1) */ +/* WWkstaUserLogon (132) */ +/* SamOEMchgPasswordUser2_P (214) */ +/* */ +/* and cifsprint.c already includes support for: */ +/* */ +/* WPrintJobEnum (API num 76, level 2) */ +/* WPrintJobDel (API num 81) */ +/* */ +/*****************************************************/ + +#define RAP_WshareEnum 0 +#define RAP_WshareGetInfo 1 +#define RAP_WshareSetInfo 2 +#define RAP_WshareAdd 3 +#define RAP_WshareDel 4 +#define RAP_NetShareCheck 5 +#define RAP_WsessionEnum 6 +#define RAP_WsessionGetInfo 7 +#define RAP_WsessionDel 8 +#define RAP_WconnectionEnum 9 +#define RAP_WfileEnum 10 +#define RAP_WfileGetInfo 11 +#define RAP_WfileClose 12 +#define RAP_WserverGetInfo 13 +#define RAP_WserverSetInfo 14 +#define RAP_WserverDiskEnum 15 +#define RAP_WserverAdminCommand 16 +#define RAP_NetAuditOpen 17 +#define RAP_WauditClear 18 +#define RAP_NetErrorLogOpen 19 +#define RAP_WerrorLogClear 20 +#define RAP_NetCharDevEnum 21 +#define RAP_NetCharDevGetInfo 22 +#define RAP_WCharDevControl 23 +#define RAP_NetCharDevQEnum 24 +#define RAP_NetCharDevQGetInfo 25 +#define RAP_WCharDevQSetInfo 26 +#define RAP_WCharDevQPurge 27 +#define RAP_WCharDevQPurgeSelf 28 +#define RAP_WMessageNameEnum 29 +#define RAP_WMessageNameGetInfo 30 +#define RAP_WMessageNameAdd 31 +#define RAP_WMessageNameDel 32 +#define RAP_WMessageNameFwd 33 +#define RAP_WMessageNameUnFwd 34 +#define RAP_WMessageBufferSend 35 +#define RAP_WMessageFileSend 36 +#define RAP_WMessageLogFileSet 37 +#define RAP_WMessageLogFileGet 38 +#define RAP_WServiceEnum 39 +#define RAP_WServiceInstall 40 +#define RAP_WServiceControl 41 +#define RAP_WAccessEnum 42 +#define RAP_WAccessGetInfo 43 +#define RAP_WAccessSetInfo 44 +#define RAP_WAccessAdd 45 +#define RAP_WAccessDel 46 +#define RAP_WGroupEnum 47 +#define RAP_WGroupAdd 48 +#define RAP_WGroupDel 49 +#define RAP_WGroupAddUser 50 +#define RAP_WGroupDelUser 51 +#define RAP_WGroupGetUsers 52 +#define RAP_WUserEnum 53 +#define RAP_WUserAdd 54 +#define RAP_WUserDel 55 +#define RAP_WUserGetInfo 56 +#define RAP_WUserSetInfo 57 +#define RAP_WUserPasswordSet 58 +#define RAP_WUserGetGroups 59 +#define RAP_WWkstaSetUID 62 +#define RAP_WWkstaGetInfo 63 +#define RAP_WWkstaSetInfo 64 +#define RAP_WUseEnum 65 +#define RAP_WUseAdd 66 +#define RAP_WUseDel 67 +#define RAP_WUseGetInfo 68 +#define RAP_WPrintQEnum 69 +#define RAP_WPrintQGetInfo 70 +#define RAP_WPrintQSetInfo 71 +#define RAP_WPrintQAdd 72 +#define RAP_WPrintQDel 73 +#define RAP_WPrintQPause 74 +#define RAP_WPrintQContinue 75 +#define RAP_WPrintJobEnum 76 +#define RAP_WPrintJobGetInfo 77 +#define RAP_WPrintJobSetInfo_OLD 78 +#define RAP_WPrintJobDel 81 +#define RAP_WPrintJobPause 82 +#define RAP_WPrintJobContinue 83 +#define RAP_WPrintDestEnum 84 +#define RAP_WPrintDestGetInfo 85 +#define RAP_WPrintDestControl 86 +#define RAP_WProfileSave 87 +#define RAP_WProfileLoad 88 +#define RAP_WStatisticsGet 89 +#define RAP_WStatisticsClear 90 +#define RAP_NetRemoteTOD 91 +#define RAP_WNetBiosEnum 92 +#define RAP_WNetBiosGetInfo 93 +#define RAP_NetServerEnum 94 +#define RAP_I_NetServerEnum 95 +#define RAP_WServiceGetInfo 96 +#define RAP_WPrintQPurge 103 +#define RAP_NetServerEnum2 104 +#define RAP_WAccessGetUserPerms 105 +#define RAP_WGroupGetInfo 106 +#define RAP_WGroupSetInfo 107 +#define RAP_WGroupSetUsers 108 +#define RAP_WUserSetGroups 109 +#define RAP_WUserModalsGet 110 +#define RAP_WUserModalsSet 111 +#define RAP_WFileEnum2 112 +#define RAP_WUserAdd2 113 +#define RAP_WUserSetInfo2 114 +#define RAP_WUserPasswordSet2 115 +#define RAP_I_NetServerEnum2 116 +#define RAP_WConfigGet2 117 +#define RAP_WConfigGetAll2 118 +#define RAP_WGetDCName 119 +#define RAP_NetHandleGetInfo 120 +#define RAP_NetHandleSetInfo 121 +#define RAP_WStatisticsGet2 122 +#define RAP_WBuildGetInfo 123 +#define RAP_WFileGetInfo2 124 +#define RAP_WFileClose2 125 +#define RAP_WNetServerReqChallenge 126 +#define RAP_WNetServerAuthenticate 127 +#define RAP_WNetServerPasswordSet 128 +#define RAP_WNetAccountDeltas 129 +#define RAP_WNetAccountSync 130 +#define RAP_WUserEnum2 131 +#define RAP_WWkstaUserLogon 132 +#define RAP_WWkstaUserLogoff 133 +#define RAP_WLogonEnum 134 +#define RAP_WErrorLogRead 135 +#define RAP_NetPathType 136 +#define RAP_NetPathCanonicalize 137 +#define RAP_NetPathCompare 138 +#define RAP_NetNameValidate 139 +#define RAP_NetNameCanonicalize 140 +#define RAP_NetNameCompare 141 +#define RAP_WAuditRead 142 +#define RAP_WPrintDestAdd 143 +#define RAP_WPrintDestSetInfo 144 +#define RAP_WPrintDestDel 145 +#define RAP_WUserValidate2 146 +#define RAP_WPrintJobSetInfo 147 +#define RAP_TI_NetServerDiskEnum 148 +#define RAP_TI_NetServerDiskGetInfo 149 +#define RAP_TI_FTVerifyMirror 150 +#define RAP_TI_FTAbortVerify 151 +#define RAP_TI_FTGetInfo 152 +#define RAP_TI_FTSetInfo 153 +#define RAP_TI_FTLockDisk 154 +#define RAP_TI_FTFixError 155 +#define RAP_TI_FTAbortFix 156 +#define RAP_TI_FTDiagnoseError 157 +#define RAP_TI_FTGetDriveStats 158 +#define RAP_TI_FTErrorGetInfo 160 +#define RAP_NetAccessCheck 163 +#define RAP_NetAlertRaise 164 +#define RAP_NetAlertStart 165 +#define RAP_NetAlertStop 166 +#define RAP_NetAuditWrite 167 +#define RAP_NetIRemoteAPI 168 +#define RAP_NetServiceStatus 169 +#define RAP_NetServerRegister 170 +#define RAP_NetServerDeregister 171 +#define RAP_NetSessionEntryMake 172 +#define RAP_NetSessionEntryClear 173 +#define RAP_NetSessionEntryGetInfo 174 +#define RAP_NetSessionEntrySetInfo 175 +#define RAP_NetConnectionEntryMake 176 +#define RAP_NetConnectionEntryClear 177 +#define RAP_NetConnectionEntrySetInfo 178 +#define RAP_NetConnectionEntryGetInfo 179 +#define RAP_NetFileEntryMake 180 +#define RAP_NetFileEntryClear 181 +#define RAP_NetFileEntrySetInfo 182 +#define RAP_NetFileEntryGetInfo 183 +#define RAP_AltSrvMessageBufferSend 184 +#define RAP_AltSrvMessageFileSend 185 +#define RAP_wI_NetRplWkstaEnum 186 +#define RAP_wI_NetRplWkstaGetInfo 187 +#define RAP_wI_NetRplWkstaSetInfo 188 +#define RAP_wI_NetRplWkstaAdd 189 +#define RAP_wI_NetRplWkstaDel 190 +#define RAP_wI_NetRplProfileEnum 191 +#define RAP_wI_NetRplProfileGetInfo 192 +#define RAP_wI_NetRplProfileSetInfo 193 +#define RAP_wI_NetRplProfileAdd 194 +#define RAP_wI_NetRplProfileDel 195 +#define RAP_wI_NetRplProfileClone 196 +#define RAP_wI_NetRplBaseProfileEnum 197 +#define RAP_WIServerSetInfo 201 +#define RAP_WPrintDriverEnum 205 +#define RAP_WPrintQProcessorEnum 206 +#define RAP_WPrintPortEnum 207 +#define RAP_WNetWriteUpdateLog 208 +#define RAP_WNetAccountUpdate 209 +#define RAP_WNetAccountConfirmUpdate 210 +#define RAP_WConfigSet 211 +#define RAP_WAccountsReplicate 212 +#define RAP_SamOEMChgPasswordUser2_P 214 +#define RAP_NetServerEnum3 215 +#define RAP_WprintDriverGetInfo 250 +#define RAP_WprintDriverSetInfo 251 +#define RAP_WaliasAdd 252 +#define RAP_WaliasDel 253 +#define RAP_WaliasGetInfo 254 +#define RAP_WaliasSetInfo 255 +#define RAP_WaliasEnum 256 +#define RAP_WuserGetLogonAsn 257 +#define RAP_WuserSetLogonAsn 258 +#define RAP_WuserGetAppSel 259 +#define RAP_WuserSetAppSel 260 +#define RAP_WappAdd 261 +#define RAP_WappDel 262 +#define RAP_WappGetInfo 263 +#define RAP_WappSetInfo 264 +#define RAP_WappEnum 265 +#define RAP_WUserDCDBInit 266 +#define RAP_WDASDAdd 267 +#define RAP_WDASDDel 268 +#define RAP_WDASDGetInfo 269 +#define RAP_WDASDSetInfo 270 +#define RAP_WDASDEnum 271 +#define RAP_WDASDCheck 272 +#define RAP_WDASDCtl 273 +#define RAP_WuserRemoteLogonCheck 274 +#define RAP_WUserPasswordSet3 275 +#define RAP_WCreateRIPLMachine 276 +#define RAP_WDeleteRIPLMachine 277 +#define RAP_WGetRIPLMachineInfo 278 +#define RAP_WSetRIPLMachineInfo 279 +#define RAP_WEnumRIPLMachine 280 +#define RAP_I_ShareAdd 281 +#define RAP_AliasEnum 282 +#define RAP_WaccessApply 283 +#define RAP_WPrt16Query 284 +#define RAP_WPrt16Set 285 +#define RAP_WUserDel100 286 +#define RAP_WUserRemoteLogonCheck2 287 +#define RAP_WRemoteTODSet 294 +#define RAP_WprintJobMoveAll 295 +#define RAP_W16AppParmAdd 296 +#define RAP_W16AppParmDel 297 +#define RAP_W16AppParmGet 298 +#define RAP_W16AppParmSet 299 +#define RAP_W16RIPLMachineCreate 300 +#define RAP_W16RIPLMachineGetInfo 301 +#define RAP_W16RIPLMachineSetInfo 302 +#define RAP_W16RIPLMachineEnum 303 +#define RAP_W16RIPLMachineListParmEnum 304 +#define RAP_W16RIPLMachClassGetInfo 305 +#define RAP_W16RIPLMachClassEnum 306 +#define RAP_W16RIPLMachClassCreate 307 +#define RAP_W16RIPLMachClassSetInfo 308 +#define RAP_W16RIPLMachClassDelete 309 +#define RAP_W16RIPLMachClassLPEnum 310 +#define RAP_W16RIPLMachineDelete 311 +#define RAP_W16WSLevelGetInfo 312 +#define RAP_WserverNameAdd 313 +#define RAP_WserverNameDel 314 +#define RAP_WserverNameEnum 315 +#define RAP_I_WDASDEnum 316 +#define RAP_WDASDEnumTerminate 317 +#define RAP_WDASDSetInfo2 318 +#define MAX_API 318 + + +/* Parameter description strings for RAP calls */ +/* Names are defined name for RAP call with _REQ */ +/* appended to end. */ + +#define RAP_WFileEnum2_REQ "zzWrLehb8g8" +#define RAP_WFileGetInfo2_REQ "DWrLh" +#define RAP_WFileClose2_REQ "D" + +#define RAP_NetGroupEnum_REQ "WrLeh" +#define RAP_NetGroupAdd_REQ "WsT" +#define RAP_NetGroupDel_REQ "z" +#define RAP_NetGroupAddUser_REQ "zz" +#define RAP_NetGroupDelUser_REQ "zz" +#define RAP_NetGroupGetUsers_REQ "zWrLeh" +#define RAP_NetGroupSetUsers_REQ "zWsTW" + +#define RAP_NetUserAdd2_REQ "WsTWW" +#define RAP_NetUserEnum_REQ "WrLeh" +#define RAP_NetUserEnum2_REQ "WrLDieh" +#define RAP_NetUserGetGroups_REQ "zWrLeh" +#define RAP_NetUserSetGroups_REQ "zWsTW" +#define RAP_NetUserPasswordSet_REQ "zb16b16w" +#define RAP_NetUserPasswordSet2_REQ "zb16b16WW" +#define RAP_SAMOEMChgPasswordUser2_REQ "B516B16" +#define RAP_NetUserValidate2_REQ "Wb62WWrLhWW" + +#define RAP_NetServerEnum2_REQ "WrLehDz" +#define RAP_WserverGetInfo_REQ "WrLh" +#define RAP_NetWkstatGetInfo "WrLh" + +#define RAP_WShareAdd_REQ "WsT" +#define RAP_WShareEnum_REQ "WrLeh" +#define RAP_WShareDel_REQ "zW" +#define RAP_WWkstaGetInfo_REQ "WrLh" + +#define RAP_NetPrintQEnum_REQ "WrLeh" +#define RAP_NetPrintQGetInfo_REQ "zWrLh" + +#define RAP_NetServerAdminCommand_REQ "zhrLeh" +#define RAP_NetServiceEnum_REQ "WrLeh" +#define RAP_NetServiceControl_REQ "zWWrL" +#define RAP_NetServiceInstall_REQ "zF88sg88T" +#define RAP_NetServiceGetInfo_REQ "zWrLh" +#define RAP_NetSessionEnum_REQ "WrLeh" +#define RAP_NetSessionGetInfo_REQ "zWrLh" +#define RAP_NetSessionDel_REQ "zW" + +#define RAP_NetConnectionEnum_REQ "zWrLeh" + +#define RAP_NetWkstaUserLogoff_REQ "zzWb38WrLh" + +/* Description strings for returned data in RAP calls */ +/* I use all caps here in part to avoid accidental */ +/* name collisions */ + +#define RAP_FILE_INFO_L2 "D" +#define RAP_FILE_INFO_L3 "DWWzz" + +#define RAP_GROUP_INFO_L0 "B21" +#define RAP_GROUP_INFO_L1 "B21Bz" +#define RAP_GROUP_USERS_INFO_0 "B21" +#define RAP_GROUP_USERS_INFO_1 "B21BN" + +#define RAP_USER_INFO_L0 "B21" +#define RAP_USER_INFO_L1 "B21BB16DWzzWz" + +#define RAP_SERVER_INFO_L0 "B16" +#define RAP_SERVER_INFO_L1 "B16BBDz" +#define RAP_SERVER_INFO_L2 "B16BBDzDDDWWzWWWWWWWB21BzWWWWWWWWWWWWWWWWWWWWWWz" +#define RAP_SERVER_INFO_L3 "B16BBDzDDDWWzWWWWWWWB21BzWWWWWWWWWWWWWWWWWWWWWWzDWz" +#define RAP_SERVICE_INFO_L0 "B16" +#define RAP_SERVICE_INFO_L2 "B16WDWB64" +#define RAP_SHARE_INFO_L0 "B13" +#define RAP_SHARE_INFO_L1 "B13BWz" +#define RAP_SHARE_INFO_L2 "B13BWzWWWzB9B" + +#define RAP_PRINTQ_INFO_L2 "B13BWWWzzzzzWN" +#define RAP_SMB_PRINT_JOB_L1 "WB21BB16B10zWWzDDz" + +#define RAP_SESSION_INFO_L2 "zzWWWDDDz" +#define RAP_CONNECTION_INFO_L1 "WWWWDzz" + +#define RAP_USER_LOGOFF_INFO_L1 "WDW" + +#define RAP_WKSTA_INFO_L1 "WDzzzzBBDWDWWWWWWWWWWWWWWWWWWWzzWzzW" +#define RAP_WKSTA_INFO_L10 "zzzBBzz" + +/* BB explicit packing would help in structs below */ + +/* sizes of fixed-length fields, including null terminator */ +#define RAP_GROUPNAME_LEN 21 +#define RAP_USERNAME_LEN 21 +#define RAP_SHARENAME_LEN 13 +#define RAP_UPASSWD_LEN 16 /* user password */ +#define RAP_SPASSWD_LEN 9 /* share password */ +#define RAP_MACHNAME_LEN 16 +#define RAP_SRVCNAME_LEN 16 +#define RAP_SRVCCMNT_LEN 64 +#define RAP_DATATYPE_LEN 10 + + +typedef struct rap_group_info_1 +{ + char group_name[RAP_GROUPNAME_LEN]; + char reserved1; + char * comment; +} RAP_GROUP_INFO_1; + +typedef struct rap_user_info_1 +{ + char user_name[RAP_USERNAME_LEN]; + char reserved1; + char passwrd[RAP_UPASSWD_LEN]; + uint32 pwage; + uint16 priv; + char * home_dir; + char * comment; + uint16 userflags; + char * logon_script; +} RAP_USER_INFO_1; + +typedef struct rap_service_info_2 +{ + char service_name[RAP_SRVCNAME_LEN]; + uint16 status; + uint32 installcode; + uint16 process_num; + char * comment; +} RAP_SERVICE_INFO_2; + + +typedef struct rap_share_info_0 +{ + char share_name[RAP_SHARENAME_LEN]; +} RAP_SHARE_INFO_0; + +typedef struct rap_share_info_1 +{ + char share_name[RAP_SHARENAME_LEN]; + char reserved1; + uint16 share_type; + char * comment; +} RAP_SHARE_INFO_1; + +typedef struct rap_share_info_2 +{ + char share_name[RAP_SHARENAME_LEN]; + char reserved1; + uint16 share_type; + char * comment; + uint16 perms; + uint16 maximum_users; + uint16 active_users; + char * path; + char password[RAP_SPASSWD_LEN]; + char reserved2; +} RAP_SHARE_INFO_2; + +#endif /* _RAP_H_ */ diff --git a/source3/include/rpc_brs.h b/source3/include/rpc_brs.h new file mode 100644 index 00000000000..cd0928d470f --- /dev/null +++ b/source3/include/rpc_brs.h @@ -0,0 +1,80 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_BRS_H /* _RPC_BRS_H */ +#define _RPC_BRS_H + + +/* brssvc pipe */ +#define BRS_QUERY_INFO 0x02 + + +/* BRS_Q_QUERY_INFO - probably a capabilities request */ +typedef struct q_brs_query_info_info +{ + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* unicode server name starting with '\\' */ + + uint16 switch_value1; /* info level 100 (0x64) */ + /* align */ + uint16 switch_value2; /* info level 100 (0x64) */ + + uint32 ptr; + uint32 pad1; + uint32 pad2; + +} BRS_Q_QUERY_INFO; + + +/* BRS_INFO_100 - level 100 info */ +typedef struct brs_info_100_info +{ + uint32 pad1; + uint32 ptr2; + uint32 pad2; + uint32 pad3; + +} BRS_INFO_100; + + +/* BRS_R_QUERY_INFO - probably a capabilities request */ +typedef struct r_brs_query_info_info +{ + uint16 switch_value1; /* 100 (0x64) - switch value */ + /* align */ + uint16 switch_value2; /* info level 100 (0x64) */ + + /* for now, only level 100 is supported. this should be an enum container */ + uint32 ptr_1; /* pointer 1 */ + + union + { + BRS_INFO_100 *brs100; /* browser info level 100 */ + void *id; + + } info; + + NTSTATUS status; /* return status */ + +} BRS_R_QUERY_INFO; + +#endif /* _RPC_BRS_H */ + diff --git a/source3/include/rpc_client.h b/source3/include/rpc_client.h new file mode 100644 index 00000000000..bce9ec7f273 --- /dev/null +++ b/source3/include/rpc_client.h @@ -0,0 +1,28 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Elrond 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_CLIENT_H +#define _RPC_CLIENT_H + +#if 0 /* JERRY */ +#include "rpc_client_proto.h" +#endif + +#endif /* _RPC_CLIENT_H */ diff --git a/source3/include/rpc_creds.h b/source3/include/rpc_creds.h new file mode 100644 index 00000000000..3022b172899 --- /dev/null +++ b/source3/include/rpc_creds.h @@ -0,0 +1,96 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1999 + Copyright (C) Luke Kenneth Casson Leighton 1996-1999 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + + +#ifndef _RPC_CREDS_H /* _RPC_CREDS_H */ +#define _RPC_CREDS_H + +typedef struct ntuser_creds +{ + fstring user_name; + fstring domain; + struct pwd_info pwd; + + uint32 ntlmssp_flags; + +} CREDS_NT; + +typedef struct unixuser_creds +{ + fstring user_name; + fstring requested_name; + fstring real_name; + BOOL guest; + +} CREDS_UNIX; + +typedef struct unixsec_creds +{ + uint32 uid; + uint32 gid; + int num_grps; + uint32 *grps; + +} CREDS_UNIX_SEC; + +typedef struct ntsec_creds +{ + DOM_SID sid; + uint32 num_grps; + uint32 *grp_rids; + +} CREDS_NT_SEC; + +typedef struct user_creds +{ + BOOL reuse; + + uint32 ptr_ntc; + uint32 ptr_uxc; + uint32 ptr_nts; + uint32 ptr_uxs; + uint32 ptr_ssk; + + CREDS_NT ntc; + CREDS_UNIX uxc; + + CREDS_NT_SEC nts; + CREDS_UNIX_SEC uxs; + + uchar usr_sess_key[16]; + +} CREDS_HYBRID; + +typedef struct cred_command +{ + uint16 version; + uint16 command; + uint32 pid; /* unique process id */ + + fstring name; + + uint32 ptr_creds; + CREDS_HYBRID *cred; + +} CREDS_CMD; + +#endif /* _RPC_CREDS_H */ + diff --git a/source3/include/rpc_dce.h b/source3/include/rpc_dce.h new file mode 100644 index 00000000000..01d974d41dd --- /dev/null +++ b/source3/include/rpc_dce.h @@ -0,0 +1,344 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _DCE_RPC_H /* _DCE_RPC_H */ +#define _DCE_RPC_H + +#include "rpc_misc.h" /* this only pulls in STRHDR */ + + +/* DCE/RPC packet types */ + +enum RPC_PKT_TYPE +{ + RPC_REQUEST = 0x00, + RPC_RESPONSE = 0x02, + RPC_FAULT = 0x03, + RPC_BIND = 0x0B, + RPC_BINDACK = 0x0C, + RPC_BINDNACK = 0x0D, + RPC_ALTCONT = 0x0E, + RPC_ALTCONTRESP = 0x0F, + RPC_BINDRESP = 0x10 /* not the real name! this is undocumented! */ +}; + +/* DCE/RPC flags */ +#define RPC_FLG_FIRST 0x01 +#define RPC_FLG_LAST 0x02 +#define RPC_FLG_NOCALL 0x20 + +/* NTLMSSP message types */ +enum NTLM_MESSAGE_TYPE +{ + NTLMSSP_NEGOTIATE = 1, + NTLMSSP_CHALLENGE = 2, + NTLMSSP_AUTH = 3, + NTLMSSP_UNKNOWN = 4 +}; + +/* NTLMSSP negotiation flags */ +#define NTLMSSP_NEGOTIATE_UNICODE 0x00000001 +#define NTLMSSP_NEGOTIATE_OEM 0x00000002 +#define NTLMSSP_REQUEST_TARGET 0x00000004 +#define NTLMSSP_NEGOTIATE_SIGN 0x00000010 +#define NTLMSSP_NEGOTIATE_SEAL 0x00000020 +#define NTLMSSP_NEGOTIATE_LM_KEY 0x00000080 +#define NTLMSSP_NEGOTIATE_NTLM 0x00000200 +#define NTLMSSP_NEGOTIATE_00001000 0x00001000 +#define NTLMSSP_NEGOTIATE_00002000 0x00002000 +#define NTLMSSP_NEGOTIATE_ALWAYS_SIGN 0x00008000 +#define NTLMSSP_NEGOTIATE_NTLM2 0x00080000 +#define NTLMSSP_NEGOTIATE_TARGET_INFO 0x00800000 +#define NTLMSSP_NEGOTIATE_128 0x20000000 +#define NTLMSSP_NEGOTIATE_KEY_EXCH 0x40000000 + +#define SMBD_NTLMSSP_NEG_FLAGS 0x000082b1 + +/* NTLMSSP signature version */ +#define NTLMSSP_SIGN_VERSION 0x01 + +/* NTLMSSP auth type and level. */ +#define NTLMSSP_AUTH_TYPE 0xa +#define NTLMSSP_AUTH_LEVEL 0x6 + +/* Maximum PDU fragment size. */ +#define MAX_PDU_FRAG_LEN 0x1630 + +/* + * Actual structure of a DCE UUID + */ + +typedef struct rpc_uuid +{ + uint32 time_low; + uint16 time_mid; + uint16 time_hi_and_version; + uint8 remaining[8]; +} RPC_UUID; + +#define RPC_UUID_LEN 16 + +/* RPC_IFACE */ +typedef struct rpc_iface_info +{ + RPC_UUID uuid; /* 16 bytes of rpc interface identification */ + uint32 version; /* the interface version number */ + +} RPC_IFACE; + +#define RPC_IFACE_LEN (RPC_UUID_LEN + 4) + +struct pipe_id_info +{ + /* the names appear not to matter: the syntaxes _do_ matter */ + + char *client_pipe; + RPC_IFACE abstr_syntax; /* this one is the abstract syntax id */ + + char *server_pipe; /* this one is the secondary syntax name */ + RPC_IFACE trans_syntax; /* this one is the primary syntax id */ +}; + +/* RPC_HDR - dce rpc header */ +typedef struct rpc_hdr_info +{ + uint8 major; /* 5 - RPC major version */ + uint8 minor; /* 0 - RPC minor version */ + uint8 pkt_type; /* RPC_PKT_TYPE - RPC response packet */ + uint8 flags; /* DCE/RPC flags */ + uint8 pack_type[4]; /* 0x1000 0000 - little-endian packed data representation */ + uint16 frag_len; /* fragment length - data size (bytes) inc header and tail. */ + uint16 auth_len; /* 0 - authentication length */ + uint32 call_id; /* call identifier. matches 12th uint32 of incoming RPC data. */ + +} RPC_HDR; + +#define RPC_HEADER_LEN 16 + +/* RPC_HDR_REQ - ms request rpc header */ +typedef struct rpc_hdr_req_info +{ + uint32 alloc_hint; /* allocation hint - data size (bytes) minus header and tail. */ + uint16 context_id; /* 0 - presentation context identifier */ + uint16 opnum; /* opnum */ + +} RPC_HDR_REQ; + +#define RPC_HDR_REQ_LEN 8 + +/* RPC_HDR_RESP - ms response rpc header */ +typedef struct rpc_hdr_resp_info +{ + uint32 alloc_hint; /* allocation hint - data size (bytes) minus header and tail. */ + uint16 context_id; /* 0 - presentation context identifier */ + uint8 cancel_count; /* 0 - cancel count */ + uint8 reserved; /* 0 - reserved. */ + +} RPC_HDR_RESP; + +#define RPC_HDR_RESP_LEN 8 + +/* RPC_HDR_FAULT - fault rpc header */ +typedef struct rpc_hdr_fault_info +{ + NTSTATUS status; + uint32 reserved; /* 0x0000 0000 */ +} RPC_HDR_FAULT; + +#define RPC_HDR_FAULT_LEN 8 + +/* this seems to be the same string name depending on the name of the pipe, + * but is more likely to be linked to the interface name + * "srvsvc", "\\PIPE\\ntsvcs" + * "samr", "\\PIPE\\lsass" + * "wkssvc", "\\PIPE\\wksvcs" + * "NETLOGON", "\\PIPE\\NETLOGON" + */ +/* RPC_ADDR_STR */ +typedef struct rpc_addr_info +{ + uint16 len; /* length of the string including null terminator */ + fstring str; /* the string above in single byte, null terminated form */ + +} RPC_ADDR_STR; + +/* RPC_HDR_BBA */ +typedef struct rpc_hdr_bba_info +{ + uint16 max_tsize; /* maximum transmission fragment size (0x1630) */ + uint16 max_rsize; /* max receive fragment size (0x1630) */ + uint32 assoc_gid; /* associated group id (0x0) */ + +} RPC_HDR_BBA; + +#define RPC_HDR_BBA_LEN 8 + +/* RPC_HDR_AUTHA */ +typedef struct rpc_hdr_autha_info +{ + uint16 max_tsize; /* maximum transmission fragment size (0x1630) */ + uint16 max_rsize; /* max receive fragment size (0x1630) */ + + uint8 auth_type; /* 0x0a */ + uint8 auth_level; /* 0x06 */ + uint8 stub_type_len; /* don't know */ + uint8 padding; /* padding */ + + uint32 unknown; /* 0x0014a0c0 */ + +} RPC_HDR_AUTHA; + +#define RPC_HDR_AUTHA_LEN 12 + +/* RPC_HDR_AUTH */ +typedef struct rpc_hdr_auth_info +{ + uint8 auth_type; /* 0x0a */ + uint8 auth_level; /* 0x06 */ + uint8 stub_type_len; /* don't know */ + uint8 padding; /* padding */ + + uint32 unknown; /* pointer */ + +} RPC_HDR_AUTH; + +#define RPC_HDR_AUTH_LEN 8 + +/* RPC_BIND_REQ - ms req bind */ +typedef struct rpc_bind_req_info +{ + RPC_HDR_BBA bba; + + uint32 num_elements; /* the number of elements (0x1) */ + uint16 context_id; /* presentation context identifier (0x0) */ + uint8 num_syntaxes; /* the number of syntaxes (has always been 1?)(0x1) */ + + RPC_IFACE abstract; /* num and vers. of interface client is using */ + RPC_IFACE transfer; /* num and vers. of interface to use for replies */ + +} RPC_HDR_RB; + +/* + * The following length is 8 bytes RPC_HDR_BBA_LEN, 8 bytes internals + * (with 3 bytes padding), + 2 x RPC_IFACE_LEN bytes for RPC_IFACE structs. + */ + +#define RPC_HDR_RB_LEN (RPC_HDR_BBA_LEN + 8 + (2*RPC_IFACE_LEN)) + +/* RPC_RESULTS - can only cope with one reason, right now... */ +typedef struct rpc_results_info +{ +/* uint8[] # 4-byte alignment padding, against SMB header */ + + uint8 num_results; /* the number of results (0x01) */ + +/* uint8[] # 4-byte alignment padding, against SMB header */ + + uint16 result; /* result (0x00 = accept) */ + uint16 reason; /* reason (0x00 = no reason specified) */ + +} RPC_RESULTS; + +/* RPC_HDR_BA */ +typedef struct rpc_hdr_ba_info +{ + RPC_HDR_BBA bba; + + RPC_ADDR_STR addr ; /* the secondary address string, as described earlier */ + RPC_RESULTS res ; /* results and reasons */ + RPC_IFACE transfer; /* the transfer syntax from the request */ + +} RPC_HDR_BA; + +/* RPC_AUTH_VERIFIER */ +typedef struct rpc_auth_verif_info +{ + fstring signature; /* "NTLMSSP" */ + uint32 msg_type; /* NTLMSSP_MESSAGE_TYPE (1,2,3) */ + +} RPC_AUTH_VERIFIER; + +/* this is TEMPORARILY coded up as a specific structure */ +/* this structure comes after the bind request */ +/* RPC_AUTH_NTLMSSP_NEG */ +typedef struct rpc_auth_ntlmssp_neg_info +{ + uint32 neg_flgs; /* 0x0000 b2b3 */ + + STRHDR hdr_myname; /* offset is against START of this structure */ + STRHDR hdr_domain; /* offset is against START of this structure */ + + fstring myname; /* calling workstation's name */ + fstring domain; /* calling workstations's domain */ + +} RPC_AUTH_NTLMSSP_NEG; + +/* this is TEMPORARILY coded up as a specific structure */ +/* this structure comes after the bind acknowledgement */ +/* RPC_AUTH_NTLMSSP_CHAL */ +typedef struct rpc_auth_ntlmssp_chal_info +{ + uint32 unknown_1; /* 0x0000 0000 */ + uint32 unknown_2; /* 0x0000 0028 */ + uint32 neg_flags; /* 0x0000 82b1 */ + + uint8 challenge[8]; /* ntlm challenge */ + uint8 reserved [8]; /* zeros */ + +} RPC_AUTH_NTLMSSP_CHAL; + + +/* RPC_AUTH_NTLMSSP_RESP */ +typedef struct rpc_auth_ntlmssp_resp_info +{ + STRHDR hdr_lm_resp; /* 24 byte response */ + STRHDR hdr_nt_resp; /* 24 byte response */ + STRHDR hdr_domain; + STRHDR hdr_usr; + STRHDR hdr_wks; + STRHDR hdr_sess_key; /* NULL unless negotiated */ + uint32 neg_flags; /* 0x0000 82b1 */ + + fstring sess_key; + fstring wks; + fstring user; + fstring domain; + fstring nt_resp; + fstring lm_resp; + +} RPC_AUTH_NTLMSSP_RESP; + +/* attached to the end of encrypted rpc requests and responses */ +/* RPC_AUTH_NTLMSSP_CHK */ +typedef struct rpc_auth_ntlmssp_chk_info +{ + uint32 ver; /* 0x0000 0001 */ + uint32 reserved; + uint32 crc32; /* checksum using 0xEDB8 8320 as a polynomial */ + uint32 seq_num; + +} RPC_AUTH_NTLMSSP_CHK; + +#define RPC_AUTH_NTLMSSP_CHK_LEN 16 + + +#endif /* _DCE_RPC_H */ diff --git a/source3/include/rpc_dfs.h b/source3/include/rpc_dfs.h new file mode 100644 index 00000000000..39316a5d541 --- /dev/null +++ b/source3/include/rpc_dfs.h @@ -0,0 +1,197 @@ +/* + Unix SMB/CIFS implementation. + Samba parameters and setup + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996 - 2000 + Copyright (C) Shirish Kalele 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_DFS_H +#define _RPC_DFS_H + +/* NETDFS pipe: calls */ +#define DFS_EXIST 0x00 +#define DFS_ADD 0x01 +#define DFS_REMOVE 0x02 +#define DFS_GET_INFO 0x04 +#define DFS_ENUM 0x05 + +/* dfsadd flags */ +#define DFSFLAG_ADD_VOLUME 0x00000001 +#define DFSFLAG_RESTORE_VOLUME 0x00000002 + +typedef struct dfs_q_dfs_exist +{ + uint32 dummy; +} +DFS_Q_DFS_EXIST; + +/* status == 1 if dfs exists. */ +typedef struct dfs_r_dfs_exist +{ + uint32 status; /* Not a WERROR or NTSTATUS code */ +} +DFS_R_DFS_EXIST; + +typedef struct dfs_q_dfs_add +{ + uint32 ptr_DfsEntryPath; + UNISTR2 DfsEntryPath; + uint32 ptr_ServerName; + UNISTR2 ServerName; + uint32 ptr_ShareName; + UNISTR2 ShareName; + uint32 ptr_Comment; + UNISTR2 Comment; + uint32 Flags; +} +DFS_Q_DFS_ADD; + +typedef struct dfs_r_dfs_add +{ + WERROR status; +} +DFS_R_DFS_ADD; + +/********************************************/ +typedef struct dfs_q_dfs_remove +{ + UNISTR2 DfsEntryPath; + uint32 ptr_ServerName; + UNISTR2 ServerName; + uint32 ptr_ShareName; + UNISTR2 ShareName; +} +DFS_Q_DFS_REMOVE; + +typedef struct dfs_r_dfs_remove +{ + WERROR status; +} +DFS_R_DFS_REMOVE; + +/********************************************/ +typedef struct dfs_info_1 +{ + uint32 ptr_entrypath; + UNISTR2 entrypath; +} +DFS_INFO_1; + +typedef struct dfs_info_2 +{ + uint32 ptr_entrypath; + UNISTR2 entrypath; + uint32 ptr_comment; + UNISTR2 comment; + uint32 state; + uint32 num_storages; +} +DFS_INFO_2; + +typedef struct dfs_storage_info +{ + uint32 state; + uint32 ptr_servername; + UNISTR2 servername; + uint32 ptr_sharename; + UNISTR2 sharename; +} +DFS_STORAGE_INFO; + +typedef struct dfs_info_3 +{ + uint32 ptr_entrypath; + UNISTR2 entrypath; + uint32 ptr_comment; + UNISTR2 comment; + uint32 state; + uint32 num_storages; + uint32 ptr_storages; + uint32 num_storage_infos; + DFS_STORAGE_INFO* storages; +} +DFS_INFO_3; + +typedef struct dfs_info_ctr +{ + + uint32 switch_value; + uint32 num_entries; + uint32 ptr_dfs_ctr; /* pointer to dfs info union */ + union + { + DFS_INFO_1 *info1; + DFS_INFO_2 *info2; + DFS_INFO_3 *info3; + } dfs; +} +DFS_INFO_CTR; + +typedef struct dfs_q_dfs_get_info +{ + UNISTR2 uni_path; + + uint32 ptr_server; + UNISTR2 uni_server; + + uint32 ptr_share; + UNISTR2 uni_share; + + uint32 level; +} +DFS_Q_DFS_GET_INFO; + +typedef struct dfs_r_dfs_get_info +{ + uint32 level; + uint32 ptr_ctr; + DFS_INFO_CTR ctr; + WERROR status; +} +DFS_R_DFS_GET_INFO; + +typedef struct dfs_q_dfs_enum +{ + uint32 level; + uint32 maxpreflen; + uint32 ptr_buffer; + uint32 level2; + uint32 ptr_num_entries; + uint32 num_entries; + uint32 ptr_num_entries2; + uint32 num_entries2; + ENUM_HND reshnd; +} +DFS_Q_DFS_ENUM; + +typedef struct dfs_r_dfs_enum +{ + DFS_INFO_CTR *ctr; + uint32 ptr_buffer; + uint32 level; + uint32 level2; + uint32 ptr_num_entries; + uint32 num_entries; + uint32 ptr_num_entries2; + uint32 num_entries2; + ENUM_HND reshnd; + WERROR status; +} +DFS_R_DFS_ENUM; + +#endif diff --git a/source3/include/rpc_lsa.h b/source3/include/rpc_lsa.h new file mode 100644 index 00000000000..ccdce6f2636 --- /dev/null +++ b/source3/include/rpc_lsa.h @@ -0,0 +1,672 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_LSA_H /* _RPC_LSA_H */ +#define _RPC_LSA_H + +#include "rpc_misc.h" + +enum SID_NAME_USE +{ + SID_NAME_USE_NONE = 0,/* NOTUSED */ + SID_NAME_USER = 1, /* user */ + SID_NAME_DOM_GRP = 2, /* domain group */ + SID_NAME_DOMAIN = 3, /* domain: don't know what this is */ + SID_NAME_ALIAS = 4, /* local group */ + SID_NAME_WKN_GRP = 5, /* well-known group */ + SID_NAME_DELETED = 6, /* deleted account: needed for c2 rating */ + SID_NAME_INVALID = 7, /* invalid account */ + SID_NAME_UNKNOWN = 8 /* oops. */ +}; + +/* Opcodes available on PIPE_LSARPC */ + +#define LSA_CLOSE 0x00 +#define LSA_DELETE 0x01 +#define LSA_ENUM_PRIVS 0x02 +#define LSA_QUERYSECOBJ 0x03 +#define LSA_SETSECOBJ 0x04 +#define LSA_CHANGEPASSWORD 0x05 +#define LSA_OPENPOLICY 0x06 +#define LSA_QUERYINFOPOLICY 0x07 +#define LSA_SETINFOPOLICY 0x08 +#define LSA_CLEARAUDITLOG 0x09 +#define LSA_CREATEACCOUNT 0x0a +#define LSA_ENUM_ACCOUNTS 0x0b +#define LSA_CREATETRUSTDOM 0x0c +#define LSA_ENUMTRUSTDOM 0x0d +#define LSA_LOOKUPNAMES 0x0e +#define LSA_LOOKUPSIDS 0x0f +#define LSA_CREATESECRET 0x10 +#define LSA_OPENACCOUNT 0x11 +#define LSA_ENUMPRIVSACCOUNT 0x12 +#define LSA_ADDPRIVS 0x13 +#define LSA_REMOVEPRIVS 0x14 +#define LSA_GETQUOTAS 0x15 +#define LSA_SETQUOTAS 0x16 +#define LSA_GETSYSTEMACCOUNT 0x17 +#define LSA_SETSYSTEMACCOUNT 0x18 +#define LSA_OPENTRUSTDOM 0x19 +#define LSA_QUERYTRUSTDOM 0x1a +#define LSA_SETINFOTRUSTDOM 0x1b +#define LSA_OPENSECRET 0x1c +#define LSA_SETSECRET 0x1d +#define LSA_QUERYSECRET 0x1e +#define LSA_LOOKUPPRIVVALUE 0x1f +#define LSA_LOOKUPPRIVNAME 0x20 +#define LSA_PRIV_GET_DISPNAME 0x21 +#define LSA_DELETEOBJECT 0x22 +#define LSA_ENUMACCTWITHRIGHT 0x23 +#define LSA_ENUMACCTRIGHTS 0x24 +#define LSA_ADDACCTRIGHTS 0x25 +#define LSA_REMOVEACCTRIGHTS 0x26 +#define LSA_QUERYTRUSTDOMINFO 0x27 +#define LSA_SETTRUSTDOMINFO 0x28 +#define LSA_DELETETRUSTDOM 0x29 +#define LSA_STOREPRIVDATA 0x2a +#define LSA_RETRPRIVDATA 0x2b +#define LSA_OPENPOLICY2 0x2c +#define LSA_UNK_GET_CONNUSER 0x2d /* LsaGetConnectedCredentials ? */ + +/* XXXX these are here to get a compile! */ +#define LSA_LOOKUPRIDS 0xFD + +/* DOM_QUERY - info class 3 and 5 LSA Query response */ +typedef struct dom_query_info +{ + uint16 uni_dom_max_len; /* domain name string length * 2 */ + uint16 uni_dom_str_len; /* domain name string length * 2 */ + uint32 buffer_dom_name; /* undocumented domain name string buffer pointer */ + uint32 buffer_dom_sid; /* undocumented domain SID string buffer pointer */ + UNISTR2 uni_domain_name; /* domain name (unicode string) */ + DOM_SID2 dom_sid; /* domain SID */ + +} DOM_QUERY; + +/* level 5 is same as level 3. */ +typedef DOM_QUERY DOM_QUERY_3; +typedef DOM_QUERY DOM_QUERY_5; + +/* level 2 is auditing settings */ +typedef struct dom_query_2 +{ + uint32 auditing_enabled; + uint32 count1; /* usualy 7, at least on nt4sp4 */ + uint32 count2; /* the same */ + uint32 *auditsettings; +} DOM_QUERY_2; + +/* level 6 is server role information */ +typedef struct dom_query_6 +{ + uint16 server_role; /* 2=backup, 3=primary */ +} DOM_QUERY_6; + +typedef struct seq_qos_info +{ + uint32 len; /* 12 */ + uint16 sec_imp_level; /* 0x02 - impersonation level */ + uint8 sec_ctxt_mode; /* 0x01 - context tracking mode */ + uint8 effective_only; /* 0x00 - effective only */ + +} LSA_SEC_QOS; + +typedef struct obj_attr_info +{ + uint32 len; /* 0x18 - length (in bytes) inc. the length field. */ + uint32 ptr_root_dir; /* 0 - root directory (pointer) */ + uint32 ptr_obj_name; /* 0 - object name (pointer) */ + uint32 attributes; /* 0 - attributes (undocumented) */ + uint32 ptr_sec_desc; /* 0 - security descriptior (pointer) */ + uint32 ptr_sec_qos; /* security quality of service */ + LSA_SEC_QOS *sec_qos; + +} LSA_OBJ_ATTR; + +/* LSA_Q_OPEN_POL - LSA Query Open Policy */ +typedef struct lsa_q_open_pol_info +{ + uint32 ptr; /* undocumented buffer pointer */ + uint16 system_name; /* 0x5c - system name */ + LSA_OBJ_ATTR attr ; /* object attributes */ + + uint32 des_access; /* desired access attributes */ + +} LSA_Q_OPEN_POL; + +/* LSA_R_OPEN_POL - response to LSA Open Policy */ +typedef struct lsa_r_open_pol_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return code */ + +} LSA_R_OPEN_POL; + +/* LSA_Q_OPEN_POL2 - LSA Query Open Policy */ +typedef struct lsa_q_open_pol2_info +{ + uint32 ptr; /* undocumented buffer pointer */ + UNISTR2 uni_server_name; /* server name, starting with two '\'s */ + LSA_OBJ_ATTR attr ; /* object attributes */ + + uint32 des_access; /* desired access attributes */ + +} LSA_Q_OPEN_POL2; + +/* LSA_R_OPEN_POL2 - response to LSA Open Policy */ +typedef struct lsa_r_open_pol2_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return code */ + +} LSA_R_OPEN_POL2; + + +#define POLICY_VIEW_LOCAL_INFORMATION 0x00000001 +#define POLICY_VIEW_AUDIT_INFORMATION 0x00000002 +#define POLICY_GET_PRIVATE_INFORMATION 0x00000004 +#define POLICY_TRUST_ADMIN 0x00000008 +#define POLICY_CREATE_ACCOUNT 0x00000010 +#define POLICY_CREATE_SECRET 0x00000020 +#define POLICY_CREATE_PRIVILEGE 0x00000040 +#define POLICY_SET_DEFAULT_QUOTA_LIMITS 0x00000080 +#define POLICY_SET_AUDIT_REQUIREMENTS 0x00000100 +#define POLICY_AUDIT_LOG_ADMIN 0x00000200 +#define POLICY_SERVER_ADMIN 0x00000400 +#define POLICY_LOOKUP_NAMES 0x00000800 + +#define POLICY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED_ACCESS |\ + POLICY_VIEW_LOCAL_INFORMATION |\ + POLICY_VIEW_AUDIT_INFORMATION |\ + POLICY_GET_PRIVATE_INFORMATION |\ + POLICY_TRUST_ADMIN |\ + POLICY_CREATE_ACCOUNT |\ + POLICY_CREATE_SECRET |\ + POLICY_CREATE_PRIVILEGE |\ + POLICY_SET_DEFAULT_QUOTA_LIMITS |\ + POLICY_SET_AUDIT_REQUIREMENTS |\ + POLICY_AUDIT_LOG_ADMIN |\ + POLICY_SERVER_ADMIN |\ + POLICY_LOOKUP_NAMES ) + + +#define POLICY_READ ( STANDARD_RIGHTS_READ_ACCESS |\ + POLICY_VIEW_AUDIT_INFORMATION |\ + POLICY_GET_PRIVATE_INFORMATION) + +#define POLICY_WRITE ( STANDARD_RIGHTS_WRITE_ACCESS |\ + POLICY_TRUST_ADMIN |\ + POLICY_CREATE_ACCOUNT |\ + POLICY_CREATE_SECRET |\ + POLICY_CREATE_PRIVILEGE |\ + POLICY_SET_DEFAULT_QUOTA_LIMITS |\ + POLICY_SET_AUDIT_REQUIREMENTS |\ + POLICY_AUDIT_LOG_ADMIN |\ + POLICY_SERVER_ADMIN) + +#define POLICY_EXECUTE ( STANDARD_RIGHTS_EXECUTE_ACCESS |\ + POLICY_VIEW_LOCAL_INFORMATION |\ + POLICY_LOOKUP_NAMES ) + +/* LSA_Q_QUERY_SEC_OBJ - LSA query security */ +typedef struct lsa_query_sec_obj_info +{ + POLICY_HND pol; /* policy handle */ + uint32 sec_info; + +} LSA_Q_QUERY_SEC_OBJ; + +/* LSA_R_QUERY_SEC_OBJ - probably an open */ +typedef struct r_lsa_query_sec_obj_info +{ + uint32 ptr; + SEC_DESC_BUF *buf; + + NTSTATUS status; /* return status */ + +} LSA_R_QUERY_SEC_OBJ; + +/* LSA_Q_QUERY_INFO - LSA query info policy */ +typedef struct lsa_query_info +{ + POLICY_HND pol; /* policy handle */ + uint16 info_class; /* info class */ + +} LSA_Q_QUERY_INFO; + +/* LSA_INFO_UNION */ +typedef union lsa_info_union +{ + DOM_QUERY_2 id2; + DOM_QUERY_3 id3; + DOM_QUERY_5 id5; + DOM_QUERY_6 id6; +} LSA_INFO_UNION; + +/* LSA_R_QUERY_INFO - response to LSA query info policy */ +typedef struct lsa_r_query_info +{ + uint32 undoc_buffer; /* undocumented buffer pointer */ + uint16 info_class; /* info class (same as info class in request) */ + + LSA_INFO_UNION dom; + + NTSTATUS status; /* return code */ + +} LSA_R_QUERY_INFO; + +/* LSA_Q_ENUM_TRUST_DOM - LSA enumerate trusted domains */ +typedef struct lsa_enum_trust_dom_info +{ + POLICY_HND pol; /* policy handle */ + uint32 enum_context; /* enumeration context handle */ + uint32 preferred_len; /* preferred maximum length */ + +} LSA_Q_ENUM_TRUST_DOM; + +/* LSA_R_ENUM_TRUST_DOM - response to LSA enumerate trusted domains */ +typedef struct lsa_r_enum_trust_dom_info +{ + uint32 enum_context; /* enumeration context handle */ + uint32 num_domains; /* number of domains */ + uint32 ptr_enum_domains; /* buffer pointer to num domains */ + + /* this lot is only added if ptr_enum_domains is non-NULL */ + uint32 num_domains2; /* number of domains */ + UNIHDR2 *hdr_domain_name; + UNISTR2 *uni_domain_name; + DOM_SID2 *domain_sid; + + NTSTATUS status; /* return code */ + +} LSA_R_ENUM_TRUST_DOM; + +/* LSA_Q_CLOSE */ +typedef struct lsa_q_close_info +{ + POLICY_HND pol; /* policy handle */ + +} LSA_Q_CLOSE; + +/* LSA_R_CLOSE */ +typedef struct lsa_r_close_info +{ + POLICY_HND pol; /* policy handle. should be all zeros. */ + + NTSTATUS status; /* return code */ + +} LSA_R_CLOSE; + + +#define MAX_REF_DOMAINS 32 + +/* DOM_TRUST_HDR */ +typedef struct dom_trust_hdr +{ + UNIHDR hdr_dom_name; /* referenced domain unicode string headers */ + uint32 ptr_dom_sid; + +} DOM_TRUST_HDR; + +/* DOM_TRUST_INFO */ +typedef struct dom_trust_info +{ + UNISTR2 uni_dom_name; /* domain name unicode string */ + DOM_SID2 ref_dom ; /* referenced domain SID */ + +} DOM_TRUST_INFO; + +/* DOM_R_REF */ +typedef struct dom_ref_info +{ + uint32 num_ref_doms_1; /* num referenced domains */ + uint32 ptr_ref_dom; /* pointer to referenced domains */ + uint32 max_entries; /* 32 - max number of entries */ + uint32 num_ref_doms_2; /* num referenced domains */ + + DOM_TRUST_HDR hdr_ref_dom[MAX_REF_DOMAINS]; /* referenced domains */ + DOM_TRUST_INFO ref_dom [MAX_REF_DOMAINS]; /* referenced domains */ + +} DOM_R_REF; + +/* the domain_idx points to a SID associated with the name */ + +/* LSA_TRANS_NAME - translated name */ +typedef struct lsa_trans_name_info +{ + uint16 sid_name_use; /* value is 5 for a well-known group; 2 for a domain group; 1 for a user... */ + UNIHDR hdr_name; + uint32 domain_idx; /* index into DOM_R_REF array of SIDs */ + +} LSA_TRANS_NAME; + +/* This number purly arbitary - just to prevent a client from requesting large amounts of memory */ +#define MAX_LOOKUP_SIDS 256 + +/* LSA_TRANS_NAME_ENUM - LSA Translated Name Enumeration container */ +typedef struct lsa_trans_name_enum_info +{ + uint32 num_entries; + uint32 ptr_trans_names; + uint32 num_entries2; + + LSA_TRANS_NAME *name; /* translated names */ + UNISTR2 *uni_name; + +} LSA_TRANS_NAME_ENUM; + +/* LSA_SID_ENUM - LSA SID enumeration container */ +typedef struct lsa_sid_enum_info +{ + uint32 num_entries; + uint32 ptr_sid_enum; + uint32 num_entries2; + + uint32 *ptr_sid; /* domain SID pointers to be looked up. */ + DOM_SID2 *sid; /* domain SIDs to be looked up. */ + +} LSA_SID_ENUM; + +/* LSA_Q_LOOKUP_SIDS - LSA Lookup SIDs */ +typedef struct lsa_q_lookup_sids +{ + POLICY_HND pol; /* policy handle */ + LSA_SID_ENUM sids; + LSA_TRANS_NAME_ENUM names; + LOOKUP_LEVEL level; + uint32 mapped_count; + +} LSA_Q_LOOKUP_SIDS; + +/* LSA_R_LOOKUP_SIDS - response to LSA Lookup SIDs */ +typedef struct lsa_r_lookup_sids +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + LSA_TRANS_NAME_ENUM *names; + uint32 mapped_count; + + NTSTATUS status; /* return code */ + +} LSA_R_LOOKUP_SIDS; + +/* LSA_Q_LOOKUP_NAMES - LSA Lookup NAMEs */ +typedef struct lsa_q_lookup_names +{ + POLICY_HND pol; /* policy handle */ + uint32 num_entries; + uint32 num_entries2; + UNIHDR *hdr_name; /* name buffer pointers */ + UNISTR2 *uni_name; /* names to be looked up */ + + uint32 num_trans_entries; + uint32 ptr_trans_sids; /* undocumented domain SID buffer pointer */ + uint32 lookup_level; + uint32 mapped_count; + +} LSA_Q_LOOKUP_NAMES; + +/* LSA_R_LOOKUP_NAMES - response to LSA Lookup NAMEs by name */ +typedef struct lsa_r_lookup_names +{ + uint32 ptr_dom_ref; + DOM_R_REF *dom_ref; /* domain reference info */ + + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + DOM_RID2 *dom_rid; /* domain RIDs being looked up */ + + uint32 mapped_count; + + NTSTATUS status; /* return code */ +} LSA_R_LOOKUP_NAMES; + +/* This is probably a policy handle but at the moment we + never read it - so use a dummy struct. */ + +typedef struct lsa_q_open_secret +{ + uint32 dummy; +} LSA_Q_OPEN_SECRET; + +/* We always return "not found" at present - so just marshal the minimum. */ + +typedef struct lsa_r_open_secret +{ + uint32 dummy1; + uint32 dummy2; + uint32 dummy3; + uint32 dummy4; + NTSTATUS status; +} LSA_R_OPEN_SECRET; + +typedef struct lsa_enum_priv_entry +{ + UNIHDR hdr_name; + uint32 luid_low; + uint32 luid_high; + UNISTR2 name; + +} LSA_PRIV_ENTRY; + +/* LSA_Q_ENUM_PRIVS - LSA enum privileges */ +typedef struct lsa_q_enum_privs +{ + POLICY_HND pol; /* policy handle */ + uint32 enum_context; + uint32 pref_max_length; +} LSA_Q_ENUM_PRIVS; + +typedef struct lsa_r_enum_privs +{ + uint32 enum_context; + uint32 count; + uint32 ptr; + uint32 count1; + + LSA_PRIV_ENTRY *privs; + + NTSTATUS status; +} LSA_R_ENUM_PRIVS; + +/* LSA_Q_PRIV_GET_DISPNAME - LSA get privilege display name */ +typedef struct lsa_q_priv_get_dispname +{ + POLICY_HND pol; /* policy handle */ + UNIHDR hdr_name; + UNISTR2 name; + uint16 lang_id; + uint16 lang_id_sys; +} LSA_Q_PRIV_GET_DISPNAME; + +typedef struct lsa_r_priv_get_dispname +{ + uint32 ptr_info; + UNIHDR hdr_desc; + UNISTR2 desc; + /* Don't align ! */ + uint16 lang_id; + /* align */ + NTSTATUS status; +} LSA_R_PRIV_GET_DISPNAME; + +/* LSA_Q_ENUM_ACCOUNTS */ +typedef struct lsa_q_enum_accounts +{ + POLICY_HND pol; /* policy handle */ + uint32 enum_context; + uint32 pref_max_length; +} LSA_Q_ENUM_ACCOUNTS; + +/* LSA_R_ENUM_ACCOUNTS */ +typedef struct lsa_r_enum_accounts +{ + uint32 enum_context; + LSA_SID_ENUM sids; + NTSTATUS status; +} LSA_R_ENUM_ACCOUNTS; + +/* LSA_Q_UNK_GET_CONNUSER - gets username\domain of connected user + called when "Take Ownership" is clicked -SK */ +typedef struct lsa_q_unk_get_connuser +{ + uint32 ptr_srvname; + UNISTR2 uni2_srvname; + uint32 unk1; /* 3 unknown uint32's are seen right after uni2_srvname */ + uint32 unk2; /* unk2 appears to be a ptr, unk1 = unk3 = 0 usually */ + uint32 unk3; +} LSA_Q_UNK_GET_CONNUSER; + +/* LSA_R_UNK_GET_CONNUSER */ +typedef struct lsa_r_unk_get_connuser +{ + uint32 ptr_user_name; + UNIHDR hdr_user_name; + UNISTR2 uni2_user_name; + + uint32 unk1; + + uint32 ptr_dom_name; + UNIHDR hdr_dom_name; + UNISTR2 uni2_dom_name; + + NTSTATUS status; +} LSA_R_UNK_GET_CONNUSER; + + +typedef struct lsa_q_openaccount +{ + POLICY_HND pol; /* policy handle */ + DOM_SID2 sid; + uint32 access; /* desired access */ +} LSA_Q_OPENACCOUNT; + +typedef struct lsa_r_openaccount +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; +} LSA_R_OPENACCOUNT; + +typedef struct lsa_q_enumprivsaccount +{ + POLICY_HND pol; /* policy handle */ +} LSA_Q_ENUMPRIVSACCOUNT; + + +typedef struct LUID +{ + uint32 low; + uint32 high; +} LUID; + +typedef struct LUID_ATTR +{ + LUID luid; + uint32 attr; +} LUID_ATTR ; + +typedef struct privilege_set +{ + uint32 count; + uint32 control; + LUID_ATTR *set; +} PRIVILEGE_SET; + +typedef struct lsa_r_enumprivsaccount +{ + uint32 ptr; + uint32 count; + PRIVILEGE_SET set; + NTSTATUS status; +} LSA_R_ENUMPRIVSACCOUNT; + +typedef struct lsa_q_getsystemaccount +{ + POLICY_HND pol; /* policy handle */ +} LSA_Q_GETSYSTEMACCOUNT; + +typedef struct lsa_r_getsystemaccount +{ + uint32 access; + NTSTATUS status; +} LSA_R_GETSYSTEMACCOUNT; + + +typedef struct lsa_q_setsystemaccount +{ + POLICY_HND pol; /* policy handle */ + uint32 access; +} LSA_Q_SETSYSTEMACCOUNT; + +typedef struct lsa_r_setsystemaccount +{ + NTSTATUS status; +} LSA_R_SETSYSTEMACCOUNT; + + +typedef struct lsa_q_lookupprivvalue +{ + POLICY_HND pol; /* policy handle */ + UNIHDR hdr_right; + UNISTR2 uni2_right; +} LSA_Q_LOOKUPPRIVVALUE; + +typedef struct lsa_r_lookupprivvalue +{ + LUID luid; + NTSTATUS status; +} LSA_R_LOOKUPPRIVVALUE; + + +typedef struct lsa_q_addprivs +{ + POLICY_HND pol; /* policy handle */ + uint32 count; + PRIVILEGE_SET set; +} LSA_Q_ADDPRIVS; + +typedef struct lsa_r_addprivs +{ + NTSTATUS status; +} LSA_R_ADDPRIVS; + + +typedef struct lsa_q_removeprivs +{ + POLICY_HND pol; /* policy handle */ + uint32 allrights; + uint32 ptr; + uint32 count; + PRIVILEGE_SET set; +} LSA_Q_REMOVEPRIVS; + +typedef struct lsa_r_removeprivs +{ + NTSTATUS status; +} LSA_R_REMOVEPRIVS; + + +#endif /* _RPC_LSA_H */ + + diff --git a/source3/include/rpc_misc.h b/source3/include/rpc_misc.h new file mode 100644 index 00000000000..e47853c2a22 --- /dev/null +++ b/source3/include/rpc_misc.h @@ -0,0 +1,397 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#include "ntdomain.h" +#include "rpc_dce.h" + +#ifndef _RPC_MISC_H /* _RPC_MISC_H */ +#define _RPC_MISC_H + + + +/* well-known RIDs - Relative IDs */ + +/* RIDs - Well-known users ... */ +#define DOMAIN_USER_RID_ADMIN (0x000001F4L) +#define DOMAIN_USER_RID_GUEST (0x000001F5L) +#define DOMAIN_USER_RID_KRBTGT (0x000001F6L) + +/* RIDs - well-known groups ... */ +#define DOMAIN_GROUP_RID_ADMINS (0x00000200L) +#define DOMAIN_GROUP_RID_USERS (0x00000201L) +#define DOMAIN_GROUP_RID_GUESTS (0x00000202L) +#define DOMAIN_GROUP_RID_COMPUTERS (0x00000203L) + +#define DOMAIN_GROUP_RID_CONTROLLERS (0x00000204L) +#define DOMAIN_GROUP_RID_CERT_ADMINS (0x00000205L) +#define DOMAIN_GROUP_RID_SCHEMA_ADMINS (0x00000206L) +#define DOMAIN_GROUP_RID_ENTERPRISE_ADMINS (0x00000207L) + +/* is the following the right number? I bet it is --simo +#define DOMAIN_GROUP_RID_POLICY_ADMINS (0x00000208L) +*/ + +/* RIDs - well-known aliases ... */ +#define BUILTIN_ALIAS_RID_ADMINS (0x00000220L) +#define BUILTIN_ALIAS_RID_USERS (0x00000221L) +#define BUILTIN_ALIAS_RID_GUESTS (0x00000222L) +#define BUILTIN_ALIAS_RID_POWER_USERS (0x00000223L) + +#define BUILTIN_ALIAS_RID_ACCOUNT_OPS (0x00000224L) +#define BUILTIN_ALIAS_RID_SYSTEM_OPS (0x00000225L) +#define BUILTIN_ALIAS_RID_PRINT_OPS (0x00000226L) +#define BUILTIN_ALIAS_RID_BACKUP_OPS (0x00000227L) + +#define BUILTIN_ALIAS_RID_REPLICATOR (0x00000228L) +#define BUILTIN_ALIAS_RID_RAS_SERVERS (0x00000229L) + +/* + * Masks for mappings between unix uid and gid types and + * NT RIDS. + */ + + +#define BASE_RID (0x000003E8L) + +/* Take the bottom bit. */ +#define RID_TYPE_MASK 1 +#define RID_MULTIPLIER 2 + +/* The two common types. */ +#define USER_RID_TYPE 0 +#define GROUP_RID_TYPE 1 + +/* ENUM_HND */ +typedef struct enum_hnd_info +{ + uint32 ptr_hnd; /* pointer to enumeration handle */ + uint32 handle; /* enumeration handle */ + +} ENUM_HND; + +/* LOOKUP_LEVEL - switch value */ +typedef struct lookup_level_info +{ + uint16 value; + +} LOOKUP_LEVEL; + +/* DOM_SID2 - security id */ +typedef struct sid_info_2 +{ + uint32 num_auths; /* length, bytes, including length of len :-) */ + + DOM_SID sid; + +} DOM_SID2; + +/* STRHDR - string header */ +typedef struct header_info +{ + uint16 str_str_len; + uint16 str_max_len; + uint32 buffer; /* non-zero */ + +} STRHDR; + +/* UNIHDR - unicode string header */ +typedef struct unihdr_info +{ + uint16 uni_str_len; + uint16 uni_max_len; + uint32 buffer; /* usually has a value of 4 */ + +} UNIHDR; + +/* UNIHDR2 - unicode string header and undocumented buffer */ +typedef struct unihdr2_info +{ + UNIHDR unihdr; + uint32 buffer; /* 32 bit buffer pointer */ + +} UNIHDR2; + +/* clueless as to what maximum length should be */ +#define MAX_UNISTRLEN 256 +#define MAX_STRINGLEN 256 +#define MAX_BUFFERLEN 512 + +/* UNISTR - unicode string size and buffer */ +typedef struct unistr_info +{ + /* unicode characters. ***MUST*** be little-endian. ***MUST*** be null-terminated */ + uint16 *buffer; +} UNISTR; + +/* BUFHDR - buffer header */ +typedef struct bufhdr_info +{ + uint32 buf_max_len; + uint32 buf_len; + +} BUFHDR; + +/* BUFFER2 - unicode string, size (in uint8 ascii chars) and buffer */ +/* pathetic. some stupid team of \PIPE\winreg writers got the concept */ +/* of a unicode string different from the other \PIPE\ writers */ +typedef struct buffer2_info +{ + uint32 buf_max_len; + uint32 undoc; + uint32 buf_len; + /* unicode characters. ***MUST*** be little-endian. **NOT** necessarily null-terminated */ + uint16 *buffer; + +} BUFFER2; + +/* BUFFER3 */ +typedef struct buffer3_info +{ + uint32 buf_max_len; + uint8 *buffer; /* Data */ + uint32 buf_len; + +} BUFFER3; + +/* BUFFER5 */ +typedef struct buffer5_info +{ + uint32 buf_len; + uint16 *buffer; /* data */ +} BUFFER5; + +/* UNISTR2 - unicode string size (in uint16 unicode chars) and buffer */ +typedef struct unistr2_info +{ + uint32 uni_max_len; + uint32 undoc; + uint32 uni_str_len; + /* unicode characters. ***MUST*** be little-endian. + **must** be null-terminated and the uni_str_len should include + the NULL character */ + uint16 *buffer; + +} UNISTR2; + +/* STRING2 - string size (in uint8 chars) and buffer */ +typedef struct string2_info +{ + uint32 str_max_len; + uint32 undoc; + uint32 str_str_len; + uint8 *buffer; /* uint8 characters. **NOT** necessarily null-terminated */ + +} STRING2; + +/* UNISTR3 - XXXX not sure about this structure */ +typedef struct unistr3_info +{ + uint32 uni_str_len; + UNISTR str; + +} UNISTR3; + + +/* DOM_RID2 - domain RID structure for ntlsa pipe */ +typedef struct domrid2_info +{ + uint8 type; /* value is SID_NAME_USE enum */ + uint32 rid; + uint32 rid_idx; /* referenced domain index */ + +} DOM_RID2; + +/* DOM_RID3 - domain RID structure for samr pipe */ +typedef struct domrid3_info +{ + uint32 rid; /* domain-relative (to a SID) id */ + uint32 type1; /* value is 0x1 */ + uint32 ptr_type; /* undocumented pointer */ + uint32 type2; /* value is 0x1 */ + uint32 unk; /* value is 0x2 */ + +} DOM_RID3; + +/* DOM_RID4 - rid + user attributes */ +typedef struct domrid4_info +{ + uint32 unknown; + uint16 attr; + uint32 rid; /* user RID */ + +} DOM_RID4; + +/* DOM_CLNT_SRV - client / server names */ +typedef struct clnt_srv_info +{ + uint32 undoc_buffer; /* undocumented 32 bit buffer pointer */ + UNISTR2 uni_logon_srv; /* logon server name */ + uint32 undoc_buffer2; /* undocumented 32 bit buffer pointer */ + UNISTR2 uni_comp_name; /* client machine name */ + +} DOM_CLNT_SRV; + +/* DOM_LOG_INFO - login info */ +typedef struct log_info +{ + uint32 undoc_buffer; /* undocumented 32 bit buffer pointer */ + UNISTR2 uni_logon_srv; /* logon server name */ + UNISTR2 uni_acct_name; /* account name */ + uint16 sec_chan; /* secure channel type */ + UNISTR2 uni_comp_name; /* client machine name */ + +} DOM_LOG_INFO; + +/* DOM_CHAL - challenge info */ +typedef struct chal_info +{ + uchar data[8]; /* credentials */ +} DOM_CHAL; + +/* DOM_CREDs - timestamped client or server credentials */ +typedef struct cred_info +{ + DOM_CHAL challenge; /* credentials */ + UTIME timestamp; /* credential time-stamp */ +} DOM_CRED; + +/* DOM_CLNT_INFO - client info */ +typedef struct clnt_info +{ + DOM_LOG_INFO login; + DOM_CRED cred; + +} DOM_CLNT_INFO; + +/* DOM_CLNT_INFO2 - client info */ +typedef struct clnt_info2 +{ + DOM_CLNT_SRV login; + uint32 ptr_cred; + DOM_CRED cred; + +} DOM_CLNT_INFO2; + +/* DOM_LOGON_ID - logon id */ +typedef struct logon_info +{ + uint32 low; + uint32 high; + +} DOM_LOGON_ID; + +/* OWF INFO */ +typedef struct owf_info +{ + uint8 data[16]; + +} OWF_INFO; + + +/* DOM_GID - group id + user attributes */ +typedef struct gid_info +{ + uint32 g_rid; /* a group RID */ + uint32 attr; + +} DOM_GID; + +/* POLICY_HND */ +typedef struct lsa_policy_info +{ + uint32 data1; + uint32 data2; + uint16 data3; + uint16 data4; + uint8 data5[8]; + +#ifdef __INSURE__ + + /* To prevent the leakage of policy handles mallocate a bit of + memory when a policy handle is created and free it when the + handle is closed. This should cause Insure to flag an error + when policy handles are overwritten or fall out of scope without + being freed. */ + + char *marker; +#endif + +} POLICY_HND; + +/* + * A client connection's state, pipe name, + * user credentials, etc... + */ +typedef struct _cli_auth_fns cli_auth_fns; +struct user_creds; +struct cli_connection { + + char *srv_name; + char *pipe_name; + struct user_creds usr_creds; + + struct cli_state *pCli_state; + + cli_auth_fns *auth; + + void *auth_info; + void *auth_creds; +}; + + +/* + * Associate a POLICY_HND with a cli_connection + */ +typedef struct rpc_hnd_node { + + POLICY_HND hnd; + struct cli_connection *cli; + +} RPC_HND_NODE; + +typedef struct uint64_s +{ + uint32 low; + uint32 high; +} UINT64_S; + +/* BUFHDR2 - another buffer header, with info level */ +typedef struct bufhdr2_info +{ + uint32 info_level; + uint32 length; /* uint8 chars */ + uint32 buffer; + +} +BUFHDR2; + +/* BUFFER4 - simple length and buffer */ +typedef struct buffer4_info +{ + uint32 buf_len; + uint8 buffer[MAX_BUFFERLEN]; + +} +BUFFER4; + + +#endif /* _RPC_MISC_H */ diff --git a/source3/include/rpc_netlogon.h b/source3/include/rpc_netlogon.h new file mode 100644 index 00000000000..80b00fbaad4 --- /dev/null +++ b/source3/include/rpc_netlogon.h @@ -0,0 +1,905 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_NETLOGON_H /* _RPC_NETLOGON_H */ +#define _RPC_NETLOGON_H + + +/* NETLOGON pipe */ +#define NET_SAMLOGON 0x02 +#define NET_SAMLOGOFF 0x03 +#define NET_REQCHAL 0x04 +#define NET_AUTH 0x05 +#define NET_SRVPWSET 0x06 +#define NET_SAM_DELTAS 0x07 +#define NET_LOGON_CTRL 0x0c +#define NET_AUTH2 0x0f +#define NET_LOGON_CTRL2 0x0e +#define NET_SAM_SYNC 0x10 +#define NET_TRUST_DOM_LIST 0x13 + +/* Secure Channel types. used in NetrServerAuthenticate negotiation */ +#define SEC_CHAN_WKSTA 2 +#define SEC_CHAN_DOMAIN 4 +#define SEC_CHAN_BDC 6 + +/* Returned delta types */ +#define SAM_DELTA_DOMAIN_INFO 0x01 /* Domain */ +#define SAM_DELTA_GROUP_INFO 0x02 /* Domain groups */ +#define SAM_DELTA_ACCOUNT_INFO 0x05 /* Users */ +#define SAM_DELTA_GROUP_MEM 0x08 /* Group membership */ +#define SAM_DELTA_ALIAS_INFO 0x09 /* Local groups */ +#define SAM_DELTA_ALIAS_MEM 0x0C /* Local group membership */ +#define SAM_DELTA_DOM_INFO 0x0D /* Privilige stuff */ +#define SAM_DELTA_UNK0E_INFO 0x0e /* Privilige stuff */ +#define SAM_DELTA_PRIVS_INFO 0x10 /* Privilige stuff */ +#define SAM_DELTA_UNK12_INFO 0x12 /* Privilige stuff */ +#define SAM_DELTA_SAM_STAMP 0x16 /* Some kind of journal record? */ + +/* SAM database types */ +#define SAM_DATABASE_DOMAIN 0x00 /* Domain users and groups */ +#define SAM_DATABASE_BUILTIN 0x01 /* BUILTIN users and groups */ +#define SAM_DATABASE_PRIVS 0x02 /* Priviliges? */ + +#if 0 +/* I think this is correct - it's what gets parsed on the wire. JRA. */ +/* NET_USER_INFO_2 */ +typedef struct net_user_info_2 +{ + uint32 ptr_user_info; + + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* username unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_logon_script; /* logon script unicode string header */ + UNIHDR hdr_profile_path; /* profile path unicode string header */ + UNIHDR hdr_home_dir; /* home directory unicode string header */ + UNIHDR hdr_dir_drive; /* home directory drive unicode string header */ + + uint16 logon_count; /* logon count */ + uint16 bad_pw_count; /* bad password count */ + + uint32 user_id; /* User ID */ + uint32 group_id; /* Group ID */ + uint32 num_groups; /* num groups */ + uint32 buffer_groups; /* undocumented buffer pointer to groups. */ + uint32 user_flgs; /* user flags */ + + uint8 user_sess_key[16]; /* unused user session key */ + + UNIHDR hdr_logon_srv; /* logon server unicode string header */ + UNIHDR hdr_logon_dom; /* logon domain unicode string header */ + + uint32 buffer_dom_id; /* undocumented logon domain id pointer */ + uint8 padding[40]; /* unused padding bytes. expansion room */ + + UNISTR2 uni_user_name; /* username unicode string */ + UNISTR2 uni_full_name; /* user's full name unicode string */ + UNISTR2 uni_logon_script; /* logon script unicode string */ + UNISTR2 uni_profile_path; /* profile path unicode string */ + UNISTR2 uni_home_dir; /* home directory unicode string */ + UNISTR2 uni_dir_drive; /* home directory drive unicode string */ + + uint32 num_groups2; /* num groups */ + DOM_GID *gids; /* group info */ + + UNISTR2 uni_logon_srv; /* logon server unicode string */ + UNISTR2 uni_logon_dom; /* logon domain unicode string */ + + DOM_SID2 dom_sid; /* domain SID */ + + uint32 num_other_groups; /* other groups */ + DOM_GID *other_gids; /* group info */ + DOM_SID2 *other_sids; /* undocumented - domain SIDs */ + +} NET_USER_INFO_2; +#endif + +/* NET_USER_INFO_3 */ +typedef struct net_user_info_3 +{ + uint32 ptr_user_info; + + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* username unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_logon_script; /* logon script unicode string header */ + UNIHDR hdr_profile_path; /* profile path unicode string header */ + UNIHDR hdr_home_dir; /* home directory unicode string header */ + UNIHDR hdr_dir_drive; /* home directory drive unicode string header */ + + uint16 logon_count; /* logon count */ + uint16 bad_pw_count; /* bad password count */ + + uint32 user_rid; /* User RID */ + uint32 group_rid; /* Group RID */ + + uint32 num_groups; /* num groups */ + uint32 buffer_groups; /* undocumented buffer pointer to groups. */ + uint32 user_flgs; /* user flags */ + + uint8 user_sess_key[16]; /* unused user session key */ + + UNIHDR hdr_logon_srv; /* logon server unicode string header */ + UNIHDR hdr_logon_dom; /* logon domain unicode string header */ + + uint32 buffer_dom_id; /* undocumented logon domain id pointer */ + uint8 padding[40]; /* unused padding bytes. expansion room */ + + uint32 num_other_sids; /* 0 - num_sids */ + uint32 buffer_other_sids; /* NULL - undocumented pointer to SIDs. */ + + UNISTR2 uni_user_name; /* username unicode string */ + UNISTR2 uni_full_name; /* user's full name unicode string */ + UNISTR2 uni_logon_script; /* logon script unicode string */ + UNISTR2 uni_profile_path; /* profile path unicode string */ + UNISTR2 uni_home_dir; /* home directory unicode string */ + UNISTR2 uni_dir_drive; /* home directory drive unicode string */ + + uint32 num_groups2; /* num groups */ + DOM_GID *gids; /* group info */ + + UNISTR2 uni_logon_srv; /* logon server unicode string */ + UNISTR2 uni_logon_dom; /* logon domain unicode string */ + + DOM_SID2 dom_sid; /* domain SID */ + + uint32 num_other_groups; /* other groups */ + DOM_GID *other_gids; /* group info */ + DOM_SID2 *other_sids; /* undocumented - domain SIDs */ + +} NET_USER_INFO_3; + + +/* NETLOGON_INFO_1 - pdc status info, i presume */ +typedef struct netlogon_1_info +{ + uint32 flags; /* 0x0 - undocumented */ + uint32 pdc_status; /* 0x0 - undocumented */ + +} NETLOGON_INFO_1; + +/* NETLOGON_INFO_2 - pdc status info, plus trusted domain info */ +typedef struct netlogon_2_info +{ + uint32 flags; /* 0x0 - undocumented */ + uint32 pdc_status; /* 0x0 - undocumented */ + uint32 ptr_trusted_dc_name; /* pointer to trusted domain controller name */ + uint32 tc_status; /* 0x051f - ERROR_NO_LOGON_SERVERS */ + UNISTR2 uni_trusted_dc_name; /* unicode string - trusted dc name */ + +} NETLOGON_INFO_2; + +/* NETLOGON_INFO_3 - logon status info, i presume */ +typedef struct netlogon_3_info +{ + uint32 flags; /* 0x0 - undocumented */ + uint32 logon_attempts; /* number of logon attempts */ + uint32 reserved_1; /* 0x0 - undocumented */ + uint32 reserved_2; /* 0x0 - undocumented */ + uint32 reserved_3; /* 0x0 - undocumented */ + uint32 reserved_4; /* 0x0 - undocumented */ + uint32 reserved_5; /* 0x0 - undocumented */ + +} NETLOGON_INFO_3; + +/******************************************************** + Logon Control Query + + This is generated by a nltest /bdc_query:DOMAIN + + query_level 0x1, function_code 0x1 + + ********************************************************/ + +/* NET_Q_LOGON_CTRL - LSA Netr Logon Control */ + +typedef struct net_q_logon_ctrl_info +{ + uint32 ptr; + UNISTR2 uni_server_name; + uint32 function_code; + uint32 query_level; +} NET_Q_LOGON_CTRL; + +/* NET_R_LOGON_CTRL - LSA Netr Logon Control */ + +typedef struct net_r_logon_ctrl_info +{ + uint32 switch_value; + uint32 ptr; + + union { + NETLOGON_INFO_1 info1; + } logon; + + NTSTATUS status; +} NET_R_LOGON_CTRL; + +/******************************************************** + Logon Control2 Query + + query_level 0x1 - pdc status + query_level 0x3 - number of logon attempts. + + ********************************************************/ + +/* NET_Q_LOGON_CTRL2 - LSA Netr Logon Control 2 */ +typedef struct net_q_logon_ctrl2_info +{ + uint32 ptr; /* undocumented buffer pointer */ + UNISTR2 uni_server_name; /* server name, starting with two '\'s */ + + uint32 function_code; /* 0x1 */ + uint32 query_level; /* 0x1, 0x3 */ + uint32 switch_value; /* 0x1 */ + +} NET_Q_LOGON_CTRL2; + +/******************************************************* + Logon Control Response + + switch_value is same as query_level in request + *******************************************************/ + +/* NET_R_LOGON_CTRL2 - response to LSA Logon Control2 */ +typedef struct net_r_logon_ctrl2_info +{ + uint32 switch_value; /* 0x1, 0x3 */ + uint32 ptr; + + union + { + NETLOGON_INFO_1 info1; + NETLOGON_INFO_2 info2; + NETLOGON_INFO_3 info3; + + } logon; + + NTSTATUS status; /* return code */ + +} NET_R_LOGON_CTRL2; + +/* NET_Q_TRUST_DOM_LIST - LSA Query Trusted Domains */ +typedef struct net_q_trust_dom_info +{ + uint32 ptr; /* undocumented buffer pointer */ + UNISTR2 uni_server_name; /* server name, starting with two '\'s */ + +} NET_Q_TRUST_DOM_LIST; + +#define MAX_TRUST_DOMS 1 + +/* NET_R_TRUST_DOM_LIST - response to LSA Trusted Domains */ +typedef struct net_r_trust_dom_info +{ + UNISTR2 uni_trust_dom_name[MAX_TRUST_DOMS]; + + NTSTATUS status; /* return code */ + +} NET_R_TRUST_DOM_LIST; + + +/* NEG_FLAGS */ +typedef struct neg_flags_info +{ + uint32 neg_flags; /* negotiated flags */ + +} NEG_FLAGS; + + +/* NET_Q_REQ_CHAL */ +typedef struct net_q_req_chal_info +{ + uint32 undoc_buffer; /* undocumented buffer pointer */ + UNISTR2 uni_logon_srv; /* logon server unicode string */ + UNISTR2 uni_logon_clnt; /* logon client unicode string */ + DOM_CHAL clnt_chal; /* client challenge */ + +} NET_Q_REQ_CHAL; + + +/* NET_R_REQ_CHAL */ +typedef struct net_r_req_chal_info +{ + DOM_CHAL srv_chal; /* server challenge */ + NTSTATUS status; /* return code */ +} NET_R_REQ_CHAL; + +/* NET_Q_AUTH */ +typedef struct net_q_auth_info +{ + DOM_LOG_INFO clnt_id; /* client identification info */ + DOM_CHAL clnt_chal; /* client-calculated credentials */ +} NET_Q_AUTH; + +/* NET_R_AUTH */ +typedef struct net_r_auth_info +{ + DOM_CHAL srv_chal; /* server-calculated credentials */ + NTSTATUS status; /* return code */ +} NET_R_AUTH; + +/* NET_Q_AUTH_2 */ +typedef struct net_q_auth2_info +{ + DOM_LOG_INFO clnt_id; /* client identification info */ + DOM_CHAL clnt_chal; /* client-calculated credentials */ + + NEG_FLAGS clnt_flgs; /* usually 0x0000 01ff */ + +} NET_Q_AUTH_2; + + +/* NET_R_AUTH_2 */ +typedef struct net_r_auth2_info +{ + DOM_CHAL srv_chal; /* server-calculated credentials */ + NEG_FLAGS srv_flgs; /* usually 0x0000 01ff */ + NTSTATUS status; /* return code */ +} NET_R_AUTH_2; + + +/* NET_Q_SRV_PWSET */ +typedef struct net_q_srv_pwset_info +{ + DOM_CLNT_INFO clnt_id; /* client identification/authentication info */ + uint8 pwd[16]; /* new password - undocumented. */ + +} NET_Q_SRV_PWSET; + +/* NET_R_SRV_PWSET */ +typedef struct net_r_srv_pwset_info +{ + DOM_CRED srv_cred; /* server-calculated credentials */ + + NTSTATUS status; /* return code */ + +} NET_R_SRV_PWSET; + +/* NET_ID_INFO_2 */ +typedef struct net_network_info_2 +{ + uint32 ptr_id_info2; /* pointer to id_info_2 */ + UNIHDR hdr_domain_name; /* domain name unicode header */ + uint32 param_ctrl; /* param control (0x2) */ + DOM_LOGON_ID logon_id; /* logon ID */ + UNIHDR hdr_user_name; /* user name unicode header */ + UNIHDR hdr_wksta_name; /* workstation name unicode header */ + uint8 lm_chal[8]; /* lan manager 8 byte challenge */ + STRHDR hdr_nt_chal_resp; /* nt challenge response */ + STRHDR hdr_lm_chal_resp; /* lm challenge response */ + + UNISTR2 uni_domain_name; /* domain name unicode string */ + UNISTR2 uni_user_name; /* user name unicode string */ + UNISTR2 uni_wksta_name; /* workgroup name unicode string */ + STRING2 nt_chal_resp; /* nt challenge response */ + STRING2 lm_chal_resp; /* lm challenge response */ + +} NET_ID_INFO_2; + +/* NET_ID_INFO_1 */ +typedef struct id_info_1 +{ + uint32 ptr_id_info1; /* pointer to id_info_1 */ + UNIHDR hdr_domain_name; /* domain name unicode header */ + uint32 param_ctrl; /* param control */ + DOM_LOGON_ID logon_id; /* logon ID */ + UNIHDR hdr_user_name; /* user name unicode header */ + UNIHDR hdr_wksta_name; /* workstation name unicode header */ + OWF_INFO lm_owf; /* LM OWF Password */ + OWF_INFO nt_owf; /* NT OWF Password */ + UNISTR2 uni_domain_name; /* domain name unicode string */ + UNISTR2 uni_user_name; /* user name unicode string */ + UNISTR2 uni_wksta_name; /* workgroup name unicode string */ + +} NET_ID_INFO_1; + +#define INTERACTIVE_LOGON_TYPE 1 +#define NET_LOGON_TYPE 2 + +/* NET_ID_INFO_CTR */ +typedef struct net_id_info_ctr_info +{ + uint16 switch_value; + + union + { + NET_ID_INFO_1 id1; /* auth-level 1 - interactive user login */ + NET_ID_INFO_2 id2; /* auth-level 2 - workstation referred login */ + + } auth; + +} NET_ID_INFO_CTR; + +/* SAM_INFO - sam logon/off id structure */ +typedef struct sam_info +{ + DOM_CLNT_INFO2 client; + uint32 ptr_rtn_cred; /* pointer to return credentials */ + DOM_CRED rtn_cred; /* return credentials */ + uint16 logon_level; + NET_ID_INFO_CTR *ctr; + +} DOM_SAM_INFO; + +/* NET_Q_SAM_LOGON */ +typedef struct net_q_sam_logon_info +{ + DOM_SAM_INFO sam_id; + uint16 validation_level; + +} NET_Q_SAM_LOGON; + +/* NET_R_SAM_LOGON */ +typedef struct net_r_sam_logon_info +{ + uint32 buffer_creds; /* undocumented buffer pointer */ + DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */ + + uint16 switch_value; /* 3 - indicates type of USER INFO */ + NET_USER_INFO_3 *user; + + uint32 auth_resp; /* 1 - Authoritative response; 0 - Non-Auth? */ + + NTSTATUS status; /* return code */ + +} NET_R_SAM_LOGON; + + +/* NET_Q_SAM_LOGOFF */ +typedef struct net_q_sam_logoff_info +{ + DOM_SAM_INFO sam_id; + +} NET_Q_SAM_LOGOFF; + +/* NET_R_SAM_LOGOFF */ +typedef struct net_r_sam_logoff_info +{ + uint32 buffer_creds; /* undocumented buffer pointer */ + DOM_CRED srv_creds; /* server credentials. server time stamp appears to be ignored. */ + + NTSTATUS status; /* return code */ + +} NET_R_SAM_LOGOFF; + +/* NET_Q_SAM_SYNC */ +typedef struct net_q_sam_sync_info +{ + UNISTR2 uni_srv_name; /* \\PDC */ + UNISTR2 uni_cli_name; /* BDC */ + DOM_CRED cli_creds; + DOM_CRED ret_creds; + + uint32 database_id; + uint32 restart_state; + uint32 sync_context; + + uint32 max_size; /* preferred maximum length */ + +} NET_Q_SAM_SYNC; + +/* SAM_DELTA_HDR */ +typedef struct sam_delta_hdr_info +{ + uint16 type; /* type of structure attached */ + uint16 type2; + uint32 target_rid; + + uint32 type3; + uint32 ptr_delta; + +} SAM_DELTA_HDR; + +/* SAM_DOMAIN_INFO (0x1) */ +typedef struct sam_domain_info_info +{ + UNIHDR hdr_dom_name; + UNIHDR hdr_oem_info; + + UINT64_S force_logoff; + uint16 min_pwd_len; + uint16 pwd_history_len; + UINT64_S max_pwd_age; + UINT64_S min_pwd_age; + UINT64_S dom_mod_count; + NTTIME creation_time; + + BUFHDR2 hdr_sec_desc; /* security descriptor */ + UNIHDR hdr_unknown; + uint8 reserved[40]; + + UNISTR2 uni_dom_name; + UNISTR2 buf_oem_info; /* never seen */ + + BUFFER4 buf_sec_desc; + UNISTR2 buf_unknown; + +} SAM_DOMAIN_INFO; + +/* SAM_GROUP_INFO (0x2) */ +typedef struct sam_group_info_info +{ + UNIHDR hdr_grp_name; + DOM_GID gid; + UNIHDR hdr_grp_desc; + BUFHDR2 hdr_sec_desc; /* security descriptor */ + uint8 reserved[48]; + + UNISTR2 uni_grp_name; + UNISTR2 uni_grp_desc; + BUFFER4 buf_sec_desc; + +} SAM_GROUP_INFO; + +/* SAM_PWD */ +typedef struct sam_passwd_info +{ + /* this structure probably contains password history */ + /* this is probably a count of lm/nt pairs */ + uint32 unk_0; /* 0x0000 0002 */ + + UNIHDR hdr_lm_pwd; + uint8 buf_lm_pwd[16]; + + UNIHDR hdr_nt_pwd; + uint8 buf_nt_pwd[16]; + + UNIHDR hdr_empty_lm; + UNIHDR hdr_empty_nt; + +} SAM_PWD; + +/* SAM_ACCOUNT_INFO (0x5) */ +typedef struct sam_account_info_info +{ + UNIHDR hdr_acct_name; + UNIHDR hdr_full_name; + + uint32 user_rid; + uint32 group_rid; + + UNIHDR hdr_home_dir; + UNIHDR hdr_dir_drive; + UNIHDR hdr_logon_script; + UNIHDR hdr_acct_desc; + UNIHDR hdr_workstations; + + NTTIME logon_time; + NTTIME logoff_time; + + uint32 logon_divs; /* 0xA8 */ + uint32 ptr_logon_hrs; + + uint16 bad_pwd_count; + uint16 logon_count; + NTTIME pwd_last_set_time; + NTTIME acct_expiry_time; + + uint32 acb_info; + uint8 nt_pwd[16]; + uint8 lm_pwd[16]; + uint8 nt_pwd_present; + uint8 lm_pwd_present; + uint8 pwd_expired; + + UNIHDR hdr_comment; + UNIHDR hdr_parameters; + uint16 country; + uint16 codepage; + + BUFHDR2 hdr_sec_desc; /* security descriptor */ + + UNIHDR hdr_profile; + UNIHDR hdr_reserved[3]; /* space for more strings */ + uint32 dw_reserved[4]; /* space for more data - first two seem to + be an NTTIME */ + + UNISTR2 uni_acct_name; + UNISTR2 uni_full_name; + UNISTR2 uni_home_dir; + UNISTR2 uni_dir_drive; + UNISTR2 uni_logon_script; + UNISTR2 uni_acct_desc; + UNISTR2 uni_workstations; + + uint32 unknown1; /* 0x4EC */ + uint32 unknown2; /* 0 */ + + BUFFER4 buf_logon_hrs; + UNISTR2 uni_comment; + UNISTR2 uni_parameters; + SAM_PWD pass; + BUFFER4 buf_sec_desc; + UNISTR2 uni_profile; + +} SAM_ACCOUNT_INFO; + +/* SAM_GROUP_MEM_INFO (0x8) */ +typedef struct sam_group_mem_info_info +{ + uint32 ptr_rids; + uint32 ptr_attribs; + uint32 num_members; + uint8 unknown[16]; + + uint32 num_members2; + uint32 *rids; + + uint32 num_members3; + uint32 *attribs; + +} SAM_GROUP_MEM_INFO; + +/* SAM_ALIAS_INFO (0x9) */ +typedef struct sam_alias_info_info +{ + UNIHDR hdr_als_name; + uint32 als_rid; + BUFHDR2 hdr_sec_desc; /* security descriptor */ + UNIHDR hdr_als_desc; + uint8 reserved[40]; + + UNISTR2 uni_als_name; + BUFFER4 buf_sec_desc; + UNISTR2 uni_als_desc; + +} SAM_ALIAS_INFO; + +/* SAM_ALIAS_MEM_INFO (0xC) */ +typedef struct sam_alias_mem_info_info +{ + uint32 num_members; + uint32 ptr_members; + uint8 unknown[16]; + + uint32 num_sids; + uint32 *ptr_sids; + DOM_SID2 *sids; + +} SAM_ALIAS_MEM_INFO; + + +/* SAM_DELTA_DOM (0x0D) */ +typedef struct +{ + uint32 unknown1; /* 0x5000 */ + uint32 unknown2; /* 0 */ + uint32 unknown3; /* 0 */ + uint32 unknown4; /* 0 */ + uint32 count1; + uint32 ptr1; + uint16 count2; + uint16 count3; + uint32 ptr2; + uint32 ptr3; + + uint32 unknown4b; /* 0x02000000 */ + uint32 unknown5; /* 0x00100000 */ + uint32 unknown6; /* 0x00010000 */ + uint32 unknown7; /* 0x0f000000 */ + uint32 unknown8; /* 0 */ + uint32 unknown9; /* 0 */ + uint32 unknown10; /* 0 */ + uint32 unknown11; /* 0x3c*/ + uint32 unknown12; /* 0*/ + + uint32 unknown13; /* a7080110 */ + uint32 unknown14; /* 01bfb0dd */ + uint32 unknown15; /* 0f */ + uint32 unknown16; /* 68 */ + uint32 unknown17; /* 00169000 */ + + uint32 count4; + uint32 unknown18; /* 0 times count4 */ + + uint32 unknown19; /* 8 */ + + uint32 unknown20; /* 0x04 times count1 */ + + uint32 ptr4; + + UNISTR2 domain_name; + DOM_SID2 domain_sid; + +} SAM_DELTA_DOM; + +/* SAM_DELTA_UNK0E (0x0e) */ +typedef struct +{ + uint32 buf_size; + SEC_DESC *sec_desc; + DOM_SID2 sid; + UNIHDR hdr_domain; + + uint32 unknown0; + uint32 unknown1; + uint32 unknown2; + + uint32 buf_size2; + uint32 ptr; + + uint32 unknown3; + UNISTR2 domain; + +} SAM_DELTA_UNK0E; + +/* SAM_DELTA_PRIVS (0x10) */ +typedef struct +{ + uint32 buf_size; + SEC_DESC *sec_desc; + DOM_SID2 sid; + + uint32 priv_count; + uint32 reserved1; /* 0x0 */ + + uint32 ptr1; + uint32 ptr2; + + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; + uint32 unknown4; + uint32 unknown5; + uint32 unknown6; + uint32 unknown7; + uint32 unknown8; + uint32 unknown9; + + uint32 buf_size2; + uint32 ptr3; + uint32 unknown10; /* 48 bytes 0x0*/ + + uint32 attribute_count; + uint32 *attributes; + + uint32 privlist_count; + UNIHDR *hdr_privslist; + UNISTR2 *uni_privslist; + + +} SAM_DELTA_PRIVS; + +/* SAM_DELTA_UNK12 (0x12) */ +typedef struct +{ + uint32 buf_size; + SEC_DESC *sec_desc; + UNISTR2 secret; + + uint32 count1; + uint32 count2; + uint32 ptr; + NTTIME time1; + uint32 count3; + uint32 count4; + uint32 ptr2; + NTTIME time2; + uint32 unknow1; + + uint32 buf_size2; + uint32 ptr3; + uint32 unknow2; /* 0x0 12 times */ + + uint32 chal_len; + uint32 reserved1; /* 0 */ + uint32 chal_len2; + uint8 chal[16]; + + uint32 key_len; + uint32 reserved2; /* 0 */ + uint32 key_len2; + uint8 key[8]; + + uint32 buf_size3; + SEC_DESC *sec_desc2; + +} SAM_DELTA_UNK12; + +/* SAM_DELTA_STAMP (0x16) */ +typedef struct +{ + uint32 seqnum; + uint32 dom_mod_count_ptr; + UINT64_S dom_mod_count; /* domain mod count at last sync */ +} SAM_DELTA_STAMP; + +typedef union sam_delta_ctr_info +{ + SAM_DOMAIN_INFO domain_info ; + SAM_GROUP_INFO group_info ; + SAM_ACCOUNT_INFO account_info; + SAM_GROUP_MEM_INFO grp_mem_info; + SAM_ALIAS_INFO alias_info ; + SAM_ALIAS_MEM_INFO als_mem_info; + SAM_DELTA_DOM dom_info; + SAM_DELTA_PRIVS privs_info; + SAM_DELTA_STAMP stamp; + SAM_DELTA_UNK0E unk0e_info; + SAM_DELTA_UNK12 unk12_info; +} SAM_DELTA_CTR; + +/* NET_R_SAM_SYNC */ +typedef struct net_r_sam_sync_info +{ + DOM_CRED srv_creds; + + uint32 sync_context; + + uint32 ptr_deltas; + uint32 num_deltas; + uint32 ptr_deltas2; + uint32 num_deltas2; + + SAM_DELTA_HDR *hdr_deltas; + SAM_DELTA_CTR *deltas; + + NTSTATUS status; +} NET_R_SAM_SYNC; + +/* NET_Q_SAM_DELTAS */ +typedef struct net_q_sam_deltas_info +{ + UNISTR2 uni_srv_name; + UNISTR2 uni_cli_name; + DOM_CRED cli_creds; + DOM_CRED ret_creds; + + uint32 database_id; + UINT64_S dom_mod_count; /* domain mod count at last sync */ + + uint32 max_size; /* preferred maximum length */ + +} NET_Q_SAM_DELTAS; + +/* NET_R_SAM_DELTAS */ +typedef struct net_r_sam_deltas_info +{ + DOM_CRED srv_creds; + + UINT64_S dom_mod_count; /* new domain mod count */ + + uint32 ptr_deltas; + uint32 num_deltas; + uint32 num_deltas2; + + SAM_DELTA_HDR *hdr_deltas; + SAM_DELTA_CTR *deltas; + + NTSTATUS status; +} NET_R_SAM_DELTAS; + +#endif /* _RPC_NETLOGON_H */ diff --git a/source3/include/rpc_parse.h b/source3/include/rpc_parse.h new file mode 100644 index 00000000000..73fbcb2b1be --- /dev/null +++ b/source3/include/rpc_parse.h @@ -0,0 +1,30 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Elrond 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_PARSE_H +#define _RPC_PARSE_H + +/* different dce/rpc pipes */ +#include "rpc_reg.h" +#include "rpc_brs.h" + +#endif /* _RPC_PARSE_H */ diff --git a/source3/include/rpc_reg.h b/source3/include/rpc_reg.h new file mode 100644 index 00000000000..a5aa6061207 --- /dev/null +++ b/source3/include/rpc_reg.h @@ -0,0 +1,552 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_REG_H /* _RPC_REG_H */ +#define _RPC_REG_H + + +/* winreg pipe defines */ +#define REG_OPEN_HKCR 0x00 +#define _REG_UNK_01 0x01 +#define REG_OPEN_HKLM 0x02 +#define _REG_UNK_03 0x03 +#define REG_OPEN_HKU 0x04 +#define REG_CLOSE 0x05 +#define REG_CREATE_KEY 0x06 +#define REG_DELETE_KEY 0x07 +#define REG_DELETE_VALUE 0x08 +#define REG_ENUM_KEY 0x09 +#define REG_ENUM_VALUE 0x0a +#define REG_FLUSH_KEY 0x0b +#define REG_GET_KEY_SEC 0x0c +#define _REG_UNK_0D 0x0d +#define _REG_UNK_0E 0x0e +#define REG_OPEN_ENTRY 0x0f +#define REG_QUERY_KEY 0x10 +#define REG_INFO 0x11 +#define _REG_UNK_12 0x12 +#define _REG_UNK_13 0x13 +#define _REG_UNK_14 0x14 +#define REG_SET_KEY_SEC 0x15 +#define REG_CREATE_VALUE 0x16 +#define _REG_UNK_17 0x17 +#define REG_SHUTDOWN 0x18 +#define REG_ABORT_SHUTDOWN 0x19 +#define REG_UNK_1A 0x1a + +#define HKEY_CLASSES_ROOT 0x80000000 +#define HKEY_CURRENT_USER 0x80000001 +#define HKEY_LOCAL_MACHINE 0x80000002 +#define HKEY_USERS 0x80000003 + +/* Registry data types */ + +#define REG_NONE 0 +#define REG_SZ 1 +#define REG_EXPAND_SZ 2 +#define REG_BINARY 3 +#define REG_DWORD 4 +#define REG_DWORD_LE 4 /* DWORD, little endian */ +#define REG_DWORD_BE 5 /* DWORD, big endian */ +#define REG_LINK 6 +#define REG_MULTI_SZ 7 +#define REG_RESOURCE_LIST 8 +#define REG_FULL_RESOURCE_DESCRIPTOR 9 +#define REG_RESOURCE_REQUIREMENTS_LIST 10 + +/* Shutdown options */ +#define REG_FORCE_SHUTDOWN 0x001 +#define REG_REBOOT_ON_SHUTDOWN 0x100 + +/* REG_Q_OPEN_HKCR */ +typedef struct q_reg_open_hkcr_info +{ + uint32 ptr; + uint16 unknown_0; /* 0x5428 - 16 bit unknown */ + uint16 unknown_1; /* random. changes */ + uint32 level; /* 0x0000 0002 - 32 bit unknown */ + +} REG_Q_OPEN_HKCR ; + +/* REG_R_OPEN_HKCR */ +typedef struct r_reg_open_hkcr_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} REG_R_OPEN_HKCR; + + +/* REG_Q_OPEN_HKLM */ +typedef struct q_reg_open_hklm_info +{ + uint32 ptr; + uint16 unknown_0; /* 0xE084 - 16 bit unknown */ + uint16 unknown_1; /* random. changes */ + uint32 access_mask; /* 0x0000 0002 - 32 bit unknown */ + +} +REG_Q_OPEN_HKLM; + +/* REG_R_OPEN_HKLM */ +typedef struct r_reg_open_hklm_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} +REG_R_OPEN_HKLM; + + +/* REG_Q_OPEN_HKU */ +typedef struct q_reg_open_hku_info +{ + uint32 ptr; + uint16 unknown_0; /* 0xE084 - 16 bit unknown */ + uint16 unknown_1; /* random. changes */ + uint32 level; /* 0x0000 0002 - 32 bit unknown */ + +} REG_Q_OPEN_HKU; + +/* REG_R_OPEN_HKU */ +typedef struct r_reg_open_hku_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} REG_R_OPEN_HKU; + + +/* REG_Q_FLUSH_KEY */ +typedef struct q_reg_open_flush_key_info +{ + POLICY_HND pol; /* policy handle */ + +} REG_Q_FLUSH_KEY; + +/* REG_R_FLUSH_KEY */ +typedef struct r_reg_open_flush_key_info +{ + NTSTATUS status; /* return status */ + +} REG_R_FLUSH_KEY; + + +/* REG_Q_SET_KEY_SEC */ +typedef struct q_reg_set_key_sec_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 sec_info; /* xxxx_SECURITY_INFORMATION */ + + uint32 ptr; /* pointer */ + BUFHDR hdr_sec; /* header for security data */ + SEC_DESC_BUF *data; /* security data */ + +} REG_Q_SET_KEY_SEC; + +/* REG_R_SET_KEY_SEC */ +typedef struct r_reg_set_key_sec_info +{ + NTSTATUS status; + +} REG_R_SET_KEY_SEC; + + +/* REG_Q_GET_KEY_SEC */ +typedef struct q_reg_get_key_sec_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 sec_info; /* xxxx_SECURITY_INFORMATION */ + + uint32 ptr; /* pointer */ + BUFHDR hdr_sec; /* header for security data */ + SEC_DESC_BUF *data; /* security data */ + +} REG_Q_GET_KEY_SEC; + +/* REG_R_GET_KEY_SEC */ +typedef struct r_reg_get_key_sec_info +{ + uint32 sec_info; /* xxxx_SECURITY_INFORMATION */ + + uint32 ptr; /* pointer */ + BUFHDR hdr_sec; /* header for security data */ + SEC_DESC_BUF *data; /* security data */ + + NTSTATUS status; + +} REG_R_GET_KEY_SEC; + +/* REG_Q_CREATE_VALUE */ +typedef struct q_reg_create_value_info +{ + POLICY_HND pol; /* policy handle */ + + UNIHDR hdr_name; /* name of value */ + UNISTR2 uni_name; + + uint32 type; /* 1 = UNISTR, 3 = BYTES, 4 = DWORD, 7 = MULTI_UNISTR */ + + BUFFER3 *buf_value; /* value, in byte buffer */ + +} REG_Q_CREATE_VALUE; + +/* REG_R_CREATE_VALUE */ +typedef struct r_reg_create_value_info +{ + NTSTATUS status; /* return status */ + +} REG_R_CREATE_VALUE; + +/* REG_Q_ENUM_VALUE */ +typedef struct q_reg_query_value_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 val_index; /* index */ + + UNIHDR hdr_name; /* name of value */ + UNISTR2 uni_name; + + uint32 ptr_type; /* pointer */ + uint32 type; /* 1 = UNISTR, 3 = BYTES, 4 = DWORD, 7 = MULTI_UNISTR */ + + uint32 ptr_value; /* pointer */ + BUFFER2 buf_value; /* value, in byte buffer */ + + uint32 ptr1; /* pointer */ + uint32 len_value1; /* */ + + uint32 ptr2; /* pointer */ + uint32 len_value2; /* */ + +} REG_Q_ENUM_VALUE; + +/* REG_R_ENUM_VALUE */ +typedef struct r_reg_enum_value_info +{ + UNIHDR hdr_name; /* name of value */ + UNISTR2 uni_name; + + uint32 ptr_type; /* pointer */ + uint32 type; /* 1 = UNISTR, 3 = BYTES, 4 = DWORD, 7 = MULTI_UNISTR */ + + uint32 ptr_value; /* pointer */ + BUFFER2 *buf_value; /* value, in byte buffer */ + + uint32 ptr1; /* pointer */ + uint32 len_value1; /* */ + + uint32 ptr2; /* pointer */ + uint32 len_value2; /* */ + + NTSTATUS status; /* return status */ + +} REG_R_ENUM_VALUE; + +/* REG_Q_CREATE_KEY */ +typedef struct q_reg_create_key_info +{ + POLICY_HND pnt_pol; /* parent key policy handle */ + + UNIHDR hdr_name; + UNISTR2 uni_name; + + UNIHDR hdr_class; + UNISTR2 uni_class; + + uint32 reserved; /* 0x0000 0000 */ + SEC_ACCESS sam_access; /* access rights flags, see rpc_secdes.h */ + + uint32 ptr1; + uint32 sec_info; /* xxxx_SECURITY_INFORMATION */ + + uint32 ptr2; /* pointer */ + BUFHDR hdr_sec; /* header for security data */ + uint32 ptr3; /* pointer */ + SEC_DESC_BUF *data; + + uint32 unknown_2; /* 0x0000 0000 */ + +} REG_Q_CREATE_KEY; + +/* REG_R_CREATE_KEY */ +typedef struct r_reg_create_key_info +{ + POLICY_HND key_pol; /* policy handle */ + uint32 unknown; /* 0x0000 0000 */ + + NTSTATUS status; /* return status */ + +} REG_R_CREATE_KEY; + +/* REG_Q_DELETE_KEY */ +typedef struct q_reg_delete_key_info +{ + POLICY_HND pnt_pol; /* parent key policy handle */ + + UNIHDR hdr_name; + UNISTR2 uni_name; +} REG_Q_DELETE_KEY; + +/* REG_R_DELETE_KEY */ +typedef struct r_reg_delete_key_info +{ + POLICY_HND key_pol; /* policy handle */ + + NTSTATUS status; /* return status */ + +} REG_R_DELETE_KEY; + +/* REG_Q_DELETE_VALUE */ +typedef struct q_reg_delete_val_info +{ + POLICY_HND pnt_pol; /* parent key policy handle */ + + UNIHDR hdr_name; + UNISTR2 uni_name; + +} REG_Q_DELETE_VALUE; + +/* REG_R_DELETE_VALUE */ +typedef struct r_reg_delete_val_info +{ + POLICY_HND key_pol; /* policy handle */ + + NTSTATUS status; /* return status */ + +} REG_R_DELETE_VALUE; + +/* REG_Q_QUERY_KEY */ +typedef struct q_reg_query_info +{ + POLICY_HND pol; /* policy handle */ + UNIHDR hdr_class; + UNISTR2 uni_class; + +} REG_Q_QUERY_KEY; + +/* REG_R_QUERY_KEY */ +typedef struct r_reg_query_key_info +{ + UNIHDR hdr_class; + UNISTR2 uni_class; + + uint32 num_subkeys; + uint32 max_subkeylen; + uint32 max_subkeysize; /* 0x0000 0000 */ + uint32 num_values; + uint32 max_valnamelen; + uint32 max_valbufsize; + uint32 sec_desc; /* 0x0000 0078 */ + NTTIME mod_time; /* modified time */ + + NTSTATUS status; /* return status */ + +} REG_R_QUERY_KEY; + + +/* REG_Q_UNK_1A */ +typedef struct q_reg_unk_1a_info +{ + POLICY_HND pol; /* policy handle */ + +} REG_Q_UNK_1A; + +/* REG_R_UNK_1A */ +typedef struct r_reg_unk_1a_info +{ + uint32 unknown; /* 0x0500 0000 */ + NTSTATUS status; /* return status */ + +} REG_R_UNK_1A; + + +/* REG_Q_CLOSE */ +typedef struct reg_q_close_info +{ + POLICY_HND pol; /* policy handle */ + +} REG_Q_CLOSE; + +/* REG_R_CLOSE */ +typedef struct reg_r_close_info +{ + POLICY_HND pol; /* policy handle. should be all zeros. */ + + NTSTATUS status; /* return code */ + +} REG_R_CLOSE; + + +/* REG_Q_ENUM_KEY */ +typedef struct q_reg_enum_value_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 key_index; + + uint16 key_name_len; /* 0x0000 */ + uint16 unknown_1; /* 0x0414 */ + + uint32 ptr1; /* pointer */ + uint32 unknown_2; /* 0x0000 020A */ + uint8 pad1[8]; /* padding - zeros */ + + uint32 ptr2; /* pointer */ + uint8 pad2[8]; /* padding - zeros */ + + uint32 ptr3; /* pointer */ + NTTIME time; /* current time? */ + +} REG_Q_ENUM_KEY; + +/* REG_R_ENUM_KEY */ +typedef struct r_reg_enum_key_info +{ + uint16 key_name_len; /* number of bytes in key name */ + uint16 unknown_1; /* 0x0414 - matches with query unknown_1 */ + + uint32 ptr1; /* pointer */ + uint32 unknown_2; /* 0x0000 020A */ + uint32 unknown_3; /* 0x0000 0000 */ + + UNISTR3 key_name; + + uint32 ptr2; /* pointer */ + uint8 pad2[8]; /* padding - zeros */ + + uint32 ptr3; /* pointer */ + NTTIME time; /* current time? */ + + NTSTATUS status; /* return status */ + +} REG_R_ENUM_KEY; + + +/* REG_Q_INFO */ +typedef struct q_reg_info_info +{ + POLICY_HND pol; /* policy handle */ + + UNIHDR hdr_type; /* unicode product type header */ + UNISTR2 uni_type; /* unicode product type - "ProductType" */ + + uint32 ptr_reserved; /* pointer */ + + uint32 ptr_buf; /* the next three fields follow if ptr_buf != 0 */ + uint32 ptr_bufsize; + uint32 bufsize; + uint32 buf_unk; + + uint32 unk1; + uint32 ptr_buflen; + uint32 buflen; + + uint32 ptr_buflen2; + uint32 buflen2; + +} REG_Q_INFO; + +/* REG_R_INFO */ +typedef struct r_reg_info_info +{ + uint32 ptr_type; /* key type pointer */ + uint32 type; /* key datatype */ + + uint32 ptr_uni_val; /* key value pointer */ + BUFFER2 *uni_val; /* key value */ + + uint32 ptr_max_len; + uint32 buf_max_len; + + uint32 ptr_len; + uint32 buf_len; + + NTSTATUS status; /* return status */ + +} REG_R_INFO; + + +/* REG_Q_OPEN_ENTRY */ +typedef struct q_reg_open_entry_info +{ + POLICY_HND pol; /* policy handle */ + + UNIHDR hdr_name; /* unicode registry string header */ + UNISTR2 uni_name; /* unicode registry string name */ + + uint32 unknown_0; /* 32 bit unknown - 0x0000 0000 */ + uint32 unknown_1; /* 32 bit unknown - 0x0200 0000 */ + +} REG_Q_OPEN_ENTRY; + + + +/* REG_R_OPEN_ENTRY */ +typedef struct r_reg_open_entry_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} REG_R_OPEN_ENTRY; + +/* REG_Q_SHUTDOWN */ +typedef struct q_reg_shutdown_info +{ + uint32 ptr_0; + uint32 ptr_1; + uint32 ptr_2; + UNIHDR hdr_msg; /* shutdown message */ + UNISTR2 uni_msg; /* seconds */ + uint32 timeout; /* seconds */ + uint16 flags; + +} REG_Q_SHUTDOWN; + +/* REG_R_SHUTDOWN */ +typedef struct r_reg_shutdown_info +{ + NTSTATUS status; /* return status */ + +} REG_R_SHUTDOWN; + +/* REG_Q_ABORT_SHUTDOWN */ +typedef struct q_reg_abort_shutdown_info +{ + uint32 ptr_server; + uint16 server; + +} REG_Q_ABORT_SHUTDOWN; + +/* REG_R_ABORT_SHUTDOWN */ +typedef struct r_reg_abort_shutdown_info +{ + NTSTATUS status; /* return status */ + +} REG_R_ABORT_SHUTDOWN; + + +#endif /* _RPC_REG_H */ + diff --git a/source3/include/rpc_samr.h b/source3/include/rpc_samr.h new file mode 100644 index 00000000000..191a3695fbf --- /dev/null +++ b/source3/include/rpc_samr.h @@ -0,0 +1,1817 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Paul Ashton 1997-2000 + Copyright (C) Jean François Micouleau 1998-2001. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_SAMR_H /* _RPC_SAMR_H */ +#define _RPC_SAMR_H + + +#include "rpc_misc.h" + + +/******************************************************************* + the following information comes from a QuickView on samsrv.dll, + and gives an idea of exactly what is needed: + +x SamrAddMemberToAlias +x SamrAddMemberToGroup +SamrAddMultipleMembersToAlias +x SamrChangePasswordUser +x SamrCloseHandle +x SamrConnect +x SamrCreateAliasInDomain +x SamrCreateGroupInDomain +x SamrCreateUserInDomain +? SamrDeleteAlias +SamrDeleteGroup +x SamrDeleteUser +x SamrEnumerateAliasesInDomain +SamrEnumerateDomainsInSamServer +x SamrEnumerateGroupsInDomain +x SamrEnumerateUsersInDomain +SamrGetUserDomainPasswordInformation +SamrLookupDomainInSamServer +? SamrLookupIdsInDomain +x SamrLookupNamesInDomain +x SamrOpenAlias +x SamrOpenDomain +x SamrOpenGroup +x SamrOpenUser +x SamrQueryDisplayInformation +x SamrQueryInformationAlias +SamrQueryInformationDomain +? SamrQueryInformationUser +x SamrQuerySecurityObject +SamrRemoveMemberFromAlias +SamrRemoveMemberFromForiegnDomain +SamrRemoveMemberFromGroup +SamrRemoveMultipleMembersFromAlias +x SamrSetInformationAlias +SamrSetInformationDomain +x SamrSetInformationGroup +x SamrSetInformationUser +SamrSetMemberAttributesOfGroup +SamrSetSecurityObject +SamrShutdownSamServer +SamrTestPrivateFunctionsDomain +SamrTestPrivateFunctionsUser + +********************************************************************/ + +#define SAMR_CONNECT_ANON 0x00 +#define SAMR_CLOSE_HND 0x01 +#define SAMR_UNKNOWN_2 0x02 /* set sec object? */ +#define SAMR_QUERY_SEC_OBJECT 0x03 + +#define SAMR_UNKNOWN_4 0x04 /* profile info? */ +#define SAMR_LOOKUP_DOMAIN 0x05 +#define SAMR_ENUM_DOMAINS 0x06 +#define SAMR_OPEN_DOMAIN 0x07 +#define SAMR_QUERY_DOMAIN_INFO 0x08 +#define SAMR_SET_DOMAIN_INFO 0x09 + +#define SAMR_CREATE_DOM_GROUP 0x0a +#define SAMR_ENUM_DOM_GROUPS 0x0b +#define SAMR_ENUM_DOM_USERS 0x0d +#define SAMR_CREATE_DOM_ALIAS 0x0e +#define SAMR_ENUM_DOM_ALIASES 0x0f +#define SAMR_QUERY_USERALIASES 0x10 + +#define SAMR_LOOKUP_NAMES 0x11 +#define SAMR_LOOKUP_RIDS 0x12 + +#define SAMR_OPEN_GROUP 0x13 +#define SAMR_QUERY_GROUPINFO 0x14 +#define SAMR_SET_GROUPINFO 0x15 +#define SAMR_ADD_GROUPMEM 0x16 +#define SAMR_DELETE_DOM_GROUP 0x17 +#define SAMR_DEL_GROUPMEM 0x18 +#define SAMR_QUERY_GROUPMEM 0x19 +#define SAMR_UNKNOWN_1A 0x1a + +#define SAMR_OPEN_ALIAS 0x1b +#define SAMR_QUERY_ALIASINFO 0x1c +#define SAMR_SET_ALIASINFO 0x1d +#define SAMR_DELETE_DOM_ALIAS 0x1e +#define SAMR_ADD_ALIASMEM 0x1f +#define SAMR_DEL_ALIASMEM 0x20 +#define SAMR_QUERY_ALIASMEM 0x21 + +#define SAMR_OPEN_USER 0x22 +#define SAMR_DELETE_DOM_USER 0x23 +#define SAMR_QUERY_USERINFO 0x24 +#define SAMR_SET_USERINFO2 0x25 +#define SAMR_QUERY_USERGROUPS 0x27 + +#define SAMR_QUERY_DISPINFO 0x28 +#define SAMR_UNKNOWN_29 0x29 +#define SAMR_UNKNOWN_2a 0x2a +#define SAMR_UNKNOWN_2b 0x2b +#define SAMR_GET_USRDOM_PWINFO 0x2c +#define SAMR_UNKNOWN_2D 0x2d +#define SAMR_UNKNOWN_2E 0x2e /* looks like an alias for SAMR_QUERY_DOMAIN_INFO */ +#define SAMR_UNKNOWN_2f 0x2f +#define SAMR_QUERY_DISPINFO3 0x30 /* Alias for SAMR_QUERY_DISPINFO + with info level 3 */ +#define SAMR_UNKNOWN_31 0x31 +#define SAMR_CREATE_USER 0x32 +#define SAMR_QUERY_DISPINFO4 0x33 /* Alias for SAMR_QUERY_DISPINFO + with info level 4 */ +#define SAMR_ADDMULTI_ALIASMEM 0x34 + +#define SAMR_UNKNOWN_35 0x35 +#define SAMR_UNKNOWN_36 0x36 +#define SAMR_CHGPASSWD_USER 0x37 +#define SAMR_GET_DOM_PWINFO 0x38 +#define SAMR_CONNECT 0x39 +#define SAMR_SET_USERINFO 0x3A + + +typedef struct _DISP_USER_INFO { + SAM_ACCOUNT *sam; +} DISP_USER_INFO; + +typedef struct _DISP_GROUP_INFO { + DOMAIN_GRP *grp; +} DISP_GROUP_INFO; + + +typedef struct logon_hours_info +{ + uint32 len; /* normally 21 bytes */ + uint8 hours[32]; + +} LOGON_HRS; + +/* SAM_USER_INFO_23 */ +typedef struct sam_user_info_23 +{ + /* TIMES MAY NOT IN RIGHT ORDER!!!! */ + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* NULL - user name unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_home_dir; /* home directory unicode string header */ + UNIHDR hdr_dir_drive; /* home drive unicode string header */ + UNIHDR hdr_logon_script; /* logon script unicode string header */ + UNIHDR hdr_profile_path; /* profile path unicode string header */ + UNIHDR hdr_acct_desc ; /* user description */ + UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */ + UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */ + UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */ + + uint8 lm_pwd[16]; /* lm user passwords */ + uint8 nt_pwd[16]; /* nt user passwords */ + + uint32 user_rid; /* Primary User ID */ + uint32 group_rid; /* Primary Group ID */ + + uint32 acb_info; /* account info (ACB_xxxx bit-mask) */ + + uint32 unknown_3; /* 0x09f8 27fa */ + + uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */ + /* uint8 pad[2] */ + uint32 ptr_logon_hrs; /* pointer to logon hours */ + + uint8 padding1[8]; + + uint32 unknown_5; /* 0x0001 0000 */ + + uint8 pass[516]; + + UNISTR2 uni_user_name; /* NULL - username unicode string */ + UNISTR2 uni_full_name; /* user's full name unicode string */ + UNISTR2 uni_home_dir; /* home directory unicode string */ + UNISTR2 uni_dir_drive; /* home directory drive unicode string */ + UNISTR2 uni_logon_script; /* logon script unicode string */ + UNISTR2 uni_profile_path; /* profile path unicode string */ + UNISTR2 uni_acct_desc ; /* user description unicode string */ + UNISTR2 uni_workstations; /* login from workstations unicode string */ + UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */ + UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */ + + uint32 unknown_6; /* 0x0000 04ec */ + uint32 padding4; + + LOGON_HRS logon_hrs; + +} SAM_USER_INFO_23; + +/* SAM_USER_INFO_24 */ +typedef struct sam_user_info_24 +{ + uint8 pass[516]; + uint16 pw_len; +} SAM_USER_INFO_24; + +/* + * NB. This structure is *definately* incorrect. It's my best guess + * currently for W2K SP2. The password field is encrypted in a different + * way than normal... And there are definately other problems. JRA. + */ + +/* SAM_USER_INFO_25 */ +typedef struct sam_user_info_25 +{ + /* TIMES MAY NOT IN RIGHT ORDER!!!! */ + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* NULL - user name unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_home_dir; /* home directory unicode string header */ + UNIHDR hdr_dir_drive; /* home drive unicode string header */ + UNIHDR hdr_logon_script; /* logon script unicode string header */ + UNIHDR hdr_profile_path; /* profile path unicode string header */ + UNIHDR hdr_acct_desc ; /* user description */ + UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */ + UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */ + UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */ + + uint8 lm_pwd[16]; /* lm user passwords */ + uint8 nt_pwd[16]; /* nt user passwords */ + + uint32 user_rid; /* Primary User ID */ + uint32 group_rid; /* Primary Group ID */ + + uint32 acb_info; /* account info (ACB_xxxx bit-mask) */ + + uint32 unknown_6[6]; + + uint8 pass[532]; + + UNISTR2 uni_user_name; /* NULL - username unicode string */ + UNISTR2 uni_full_name; /* user's full name unicode string */ + UNISTR2 uni_home_dir; /* home directory unicode string */ + UNISTR2 uni_dir_drive; /* home directory drive unicode string */ + UNISTR2 uni_logon_script; /* logon script unicode string */ + UNISTR2 uni_profile_path; /* profile path unicode string */ + UNISTR2 uni_acct_desc ; /* user description unicode string */ + UNISTR2 uni_workstations; /* login from workstations unicode string */ + UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */ + UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel no */ +} SAM_USER_INFO_25; + + +/* SAM_USER_INFO_21 */ +typedef struct sam_user_info_21 +{ + NTTIME logon_time; /* logon time */ + NTTIME logoff_time; /* logoff time */ + NTTIME kickoff_time; /* kickoff time */ + NTTIME pass_last_set_time; /* password last set time */ + NTTIME pass_can_change_time; /* password can change time */ + NTTIME pass_must_change_time; /* password must change time */ + + UNIHDR hdr_user_name; /* username unicode string header */ + UNIHDR hdr_full_name; /* user's full name unicode string header */ + UNIHDR hdr_home_dir; /* home directory unicode string header */ + UNIHDR hdr_dir_drive; /* home drive unicode string header */ + UNIHDR hdr_logon_script; /* logon script unicode string header */ + UNIHDR hdr_profile_path; /* profile path unicode string header */ + UNIHDR hdr_acct_desc ; /* user description */ + UNIHDR hdr_workstations; /* comma-separated workstations user can log in from */ + UNIHDR hdr_unknown_str ; /* don't know what this is, yet. */ + UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */ + + uint8 lm_pwd[16]; /* lm user passwords */ + uint8 nt_pwd[16]; /* nt user passwords */ + + uint32 user_rid; /* Primary User ID */ + uint32 group_rid; /* Primary Group ID */ + + uint32 acb_info; /* account info (ACB_xxxx bit-mask) */ + + uint32 unknown_3; /* 0x00ff ffff */ + + uint16 logon_divs; /* 0x0000 00a8 which is 168 which is num hrs in a week */ + /* uint8 pad[2] */ + uint32 ptr_logon_hrs; /* unknown pointer */ + + uint32 unknown_5; /* 0x0002 0000 */ + + uint8 padding1[8]; + + UNISTR2 uni_user_name; /* username unicode string */ + UNISTR2 uni_full_name; /* user's full name unicode string */ + UNISTR2 uni_home_dir; /* home directory unicode string */ + UNISTR2 uni_dir_drive; /* home directory drive unicode string */ + UNISTR2 uni_logon_script; /* logon script unicode string */ + UNISTR2 uni_profile_path; /* profile path unicode string */ + UNISTR2 uni_acct_desc ; /* user description unicode string */ + UNISTR2 uni_workstations; /* login from workstations unicode string */ + UNISTR2 uni_unknown_str ; /* don't know what this is, yet. */ + UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel number */ + + uint32 unknown_6; /* 0x0000 04ec */ + uint32 padding4; + + LOGON_HRS logon_hrs; + +} SAM_USER_INFO_21; + + +/* SAM_USER_INFO_20 */ +typedef struct sam_user_info_20 +{ + UNIHDR hdr_munged_dial ; /* munged path name and dial-back tel number */ + + UNISTR2 uni_munged_dial ; /* munged path name and dial-back tel number */ + +} SAM_USER_INFO_20; + +/* SAM_USER_INFO_12 */ +typedef struct sam_user_info_12 +{ + uint8 lm_pwd[16]; /* lm user passwords */ + uint8 nt_pwd[16]; /* nt user passwords */ + + uint8 lm_pwd_active; + uint8 nt_pwd_active; + +} SAM_USER_INFO_12; + +/* SAM_USER_INFO_11 */ +typedef struct sam_user_info_11 +{ + uint8 padding_0[16]; /* 0 - padding 16 bytes */ + NTTIME expiry; /* expiry time or something? */ + uint8 padding_1[24]; /* 0 - padding 24 bytes */ + + UNIHDR hdr_mach_acct; /* unicode header for machine account */ + uint32 padding_2; /* 0 - padding 4 bytes */ + + uint32 ptr_1; /* pointer */ + uint8 padding_3[32]; /* 0 - padding 32 bytes */ + uint32 padding_4; /* 0 - padding 4 bytes */ + + uint32 ptr_2; /* pointer */ + uint32 padding_5; /* 0 - padding 4 bytes */ + + uint32 ptr_3; /* pointer */ + uint8 padding_6[32]; /* 0 - padding 32 bytes */ + + uint32 rid_user; /* user RID */ + uint32 rid_group; /* group RID */ + + uint16 acct_ctrl; /* 0080 - ACB_XXXX */ + uint16 unknown_3; /* 16 bit padding */ + + uint16 unknown_4; /* 0x003f - 16 bit unknown */ + uint16 unknown_5; /* 0x003c - 16 bit unknown */ + + uint8 padding_7[16]; /* 0 - padding 16 bytes */ + uint32 padding_8; /* 0 - padding 4 bytes */ + + UNISTR2 uni_mach_acct; /* unicode string for machine account */ + + uint8 padding_9[48]; /* 0 - padding 48 bytes */ + +} SAM_USER_INFO_11; + + +/* SAM_USER_INFO_10 */ +typedef struct sam_user_info_10 +{ + uint32 acb_info; + +} SAM_USER_INFO_10; + + + +/* SAMR_Q_CLOSE_HND - probably a policy handle close */ +typedef struct q_samr_close_hnd_info +{ + POLICY_HND pol; /* policy handle */ + +} SAMR_Q_CLOSE_HND; + + +/* SAMR_R_CLOSE_HND - probably a policy handle close */ +typedef struct r_samr_close_hnd_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_CLOSE_HND; + + +/**************************************************************************** +SAMR_Q_GET_USRDOM_PWINFO - a "set user info" occurs just after this +*****************************************************************************/ + +/* SAMR_Q_GET_USRDOM_PWINFO */ +typedef struct q_samr_usrdom_pwinfo_info +{ + POLICY_HND user_pol; /* policy handle */ + +} SAMR_Q_GET_USRDOM_PWINFO; + + +/**************************************************************************** +SAMR_R_GET_USRDOM_PWINFO - a "set user info" occurs just after this +*****************************************************************************/ + +/* SAMR_R_GET_USRDOM_PWINFO */ +typedef struct r_samr_usrdom_pwinfo_info +{ + uint16 unknown_0; /* 0000 */ + uint16 unknown_1; /* 0x0016 or 0x0015 */ + uint32 unknown_2; /* 0x0000 0000 */ + NTSTATUS status; + +} SAMR_R_GET_USRDOM_PWINFO; + + +/**************************************************************************** +SAMR_Q_QUERY_SEC_OBJ - info level 4. returns SIDs. +*****************************************************************************/ + +/* SAMR_Q_QUERY_SEC_OBJ - probably get domain info... */ +typedef struct q_samr_query_sec_obj_info +{ + POLICY_HND user_pol; /* policy handle */ + uint32 sec_info; /* xxxx_SECURITY_INFORMATION 0x0000 0004 */ + +} SAMR_Q_QUERY_SEC_OBJ; + +/* SAMR_R_QUERY_SEC_OBJ - probably an open */ +typedef struct r_samr_query_sec_obj_info +{ + uint32 ptr; + SEC_DESC_BUF *buf; + + NTSTATUS status; /* return status */ + +} SAMR_R_QUERY_SEC_OBJ; + + +/**************************************************************************** +SAMR_Q_QUERY_DOMAIN_INFO - probably a query on domain group info. +*****************************************************************************/ + +/* SAMR_Q_QUERY_DOMAIN_INFO - */ +typedef struct q_samr_query_domain_info +{ + POLICY_HND domain_pol; /* policy handle */ + uint16 switch_value; /* 0x0002, 0x0001 */ + +} SAMR_Q_QUERY_DOMAIN_INFO; + +typedef struct sam_unknown_info_3_info +{ + NTTIME logout; + /* 0x8000 0000 */ /* DON'T forcibly disconnect remote users from server when logon hours expire*/ + + /* 0x0000 0000 */ /* forcibly disconnect remote users from server when logon hours expire*/ + +} SAM_UNK_INFO_3; + +typedef struct sam_unknown_info_6_info +{ + uint32 unknown_0; /* 0x0000 0000 */ + + uint32 ptr_0; /* pointer to unknown structure */ + uint8 padding[12]; /* 12 bytes zeros */ + +} SAM_UNK_INFO_6; + +typedef struct sam_unknown_info_7_info +{ + uint16 unknown_0; /* 0x0003 */ + +} SAM_UNK_INFO_7; + +typedef struct sam_unknown_info_12_inf +{ + NTTIME duration; + NTTIME reset_count; + uint16 bad_attempt_lockout; + +} SAM_UNK_INFO_12; + +typedef struct sam_unknown_info_5_inf +{ + UNIHDR hdr_server; /* server name unicode header */ + UNISTR2 uni_server; /* server name unicode string */ + +} SAM_UNK_INFO_5; + +typedef struct sam_unknown_info_2_inf +{ + uint32 unknown_0; /* 0x0000 0000 */ + uint32 unknown_1; /* 0x8000 0000 */ + uint32 unknown_2; /* 0x0000 0000 */ + + uint32 ptr_0; /* pointer to unknown structure */ + UNIHDR hdr_domain; /* domain name unicode header */ + UNIHDR hdr_server; /* server name unicode header */ + + /* put all the data in here, at the moment, including what the above + pointer is referring to + */ + + uint32 seq_num; /* some sort of incrementing sequence number? */ + uint32 unknown_3; /* 0x0000 0000 */ + + uint32 unknown_4; /* 0x0000 0001 */ + uint32 unknown_5; /* 0x0000 0003 */ + uint32 unknown_6; /* 0x0000 0001 */ + uint32 num_domain_usrs; /* number of users in domain */ + uint32 num_domain_grps; /* number of domain groups in domain */ + uint32 num_local_grps; /* number of local groups in domain */ + + uint8 padding[12]; /* 12 bytes zeros */ + + UNISTR2 uni_domain; /* domain name unicode string */ + UNISTR2 uni_server; /* server name unicode string */ + +} SAM_UNK_INFO_2; + +typedef struct sam_unknown_info_1_inf +{ + uint16 min_length_password; + uint16 password_history; + uint32 flag; + NTTIME expire; + NTTIME min_passwordage; + +} SAM_UNK_INFO_1; + + +typedef struct sam_unknown_ctr_info +{ + union + { + SAM_UNK_INFO_1 inf1; + SAM_UNK_INFO_2 inf2; + SAM_UNK_INFO_3 inf3; + SAM_UNK_INFO_5 inf5; + SAM_UNK_INFO_6 inf6; + SAM_UNK_INFO_7 inf7; + SAM_UNK_INFO_12 inf12; + + } info; + +} SAM_UNK_CTR; + + +/* SAMR_R_QUERY_DOMAIN_INFO - */ +typedef struct r_samr_query_domain_info +{ + uint32 ptr_0; + uint16 switch_value; /* same as in query */ + + SAM_UNK_CTR *ctr; + + NTSTATUS status; /* return status */ + +} SAMR_R_QUERY_DOMAIN_INFO; + + +/* SAMR_Q_LOOKUP_DOMAIN - obtain SID for a local domain */ +typedef struct q_samr_lookup_domain_info +{ + POLICY_HND connect_pol; + + UNIHDR hdr_domain; + UNISTR2 uni_domain; + +} SAMR_Q_LOOKUP_DOMAIN; + + +/* SAMR_R_LOOKUP_DOMAIN */ +typedef struct r_samr_lookup_domain_info +{ + uint32 ptr_sid; + DOM_SID2 dom_sid; + + NTSTATUS status; + +} SAMR_R_LOOKUP_DOMAIN; + + +/**************************************************************************** +SAMR_Q_OPEN_DOMAIN - unknown_0 values seen associated with SIDs: + +0x0000 03f1 and a specific domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0 +0x0000 0200 and a specific domain sid - S-1-5-21-44c01ca6-797e5c3d-33f83fd0 +*****************************************************************************/ + +/* SAMR_Q_OPEN_DOMAIN */ +typedef struct q_samr_open_domain_info +{ + POLICY_HND pol; /* policy handle */ + uint32 flags; /* 0x2000 0000; 0x0000 0211; 0x0000 0280; 0x0000 0200 - flags? */ + DOM_SID2 dom_sid; /* domain SID */ + +} SAMR_Q_OPEN_DOMAIN; + + +/* SAMR_R_OPEN_DOMAIN - probably an open */ +typedef struct r_samr_open_domain_info +{ + POLICY_HND domain_pol; /* policy handle associated with the SID */ + NTSTATUS status; /* return status */ + +} SAMR_R_OPEN_DOMAIN; + +#define MAX_SAM_ENTRIES_W2K 0x400 +#define MAX_SAM_ENTRIES_W95 50 +/* The following should be the greater of the preceeding two. */ +#define MAX_SAM_ENTRIES MAX_SAM_ENTRIES_W2K + +typedef struct samr_entry_info +{ + uint32 rid; + UNIHDR hdr_name; + +} SAM_ENTRY; + + +/* SAMR_Q_ENUM_DOMAINS - SAM rids and names */ +typedef struct q_samr_enum_domains_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 start_idx; /* enumeration handle */ + uint32 max_size; /* 0x0000 ffff */ + +} SAMR_Q_ENUM_DOMAINS; + +/* SAMR_R_ENUM_DOMAINS - SAM rids and Domain names */ +typedef struct r_samr_enum_domains_info +{ + uint32 next_idx; /* next starting index required for enum */ + uint32 ptr_entries1; + + uint32 num_entries2; + uint32 ptr_entries2; + + uint32 num_entries3; + + SAM_ENTRY *sam; + UNISTR2 *uni_dom_name; + + uint32 num_entries4; + + NTSTATUS status; + +} SAMR_R_ENUM_DOMAINS; + +/* SAMR_Q_ENUM_DOM_USERS - SAM rids and names */ +typedef struct q_samr_enum_dom_users_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 start_idx; /* number of values (0 indicates unlimited?) */ + uint16 acb_mask; /* 0x0000 indicates all */ + uint16 unknown_1; /* 0x0000 */ + + uint32 max_size; /* 0x0000 ffff */ + +} SAMR_Q_ENUM_DOM_USERS; + + +/* SAMR_R_ENUM_DOM_USERS - SAM rids and names */ +typedef struct r_samr_enum_dom_users_info +{ + uint32 next_idx; /* next starting index required for enum */ + uint32 ptr_entries1; + + uint32 num_entries2; + uint32 ptr_entries2; + + uint32 num_entries3; + + SAM_ENTRY *sam; + UNISTR2 *uni_acct_name; + + uint32 num_entries4; + + NTSTATUS status; + +} SAMR_R_ENUM_DOM_USERS; + + +/* SAMR_Q_ENUM_DOM_GROUPS - SAM rids and names */ +typedef struct q_samr_enum_dom_groups_info +{ + POLICY_HND pol; /* policy handle */ + + /* this is possibly an enumeration context handle... */ + uint32 start_idx; /* 0x0000 0000 */ + + uint32 max_size; /* 0x0000 ffff */ + +} SAMR_Q_ENUM_DOM_GROUPS; + + +/* SAMR_R_ENUM_DOM_GROUPS - SAM rids and names */ +typedef struct r_samr_enum_dom_groups_info +{ + uint32 next_idx; + uint32 ptr_entries1; + + uint32 num_entries2; + uint32 ptr_entries2; + + uint32 num_entries3; + + SAM_ENTRY *sam; + UNISTR2 *uni_grp_name; + + uint32 num_entries4; + + NTSTATUS status; + +} SAMR_R_ENUM_DOM_GROUPS; + + +/* SAMR_Q_ENUM_DOM_ALIASES - SAM rids and names */ +typedef struct q_samr_enum_dom_aliases_info +{ + POLICY_HND pol; /* policy handle */ + + /* this is possibly an enumeration context handle... */ + uint32 start_idx; /* 0x0000 0000 */ + + uint32 max_size; /* 0x0000 ffff */ + +} SAMR_Q_ENUM_DOM_ALIASES; + + +/* SAMR_R_ENUM_DOM_ALIASES - SAM rids and names */ +typedef struct r_samr_enum_dom_aliases_info +{ + uint32 next_idx; + uint32 ptr_entries1; + + uint32 num_entries2; + uint32 ptr_entries2; + + uint32 num_entries3; + + SAM_ENTRY *sam; + UNISTR2 *uni_grp_name; + + uint32 num_entries4; + + NTSTATUS status; + +} SAMR_R_ENUM_DOM_ALIASES; + + +/* -- Level 1 Display Info - User Information -- */ + +typedef struct samr_entry_info1 +{ + uint32 user_idx; + + uint32 rid_user; + uint16 acb_info; + + UNIHDR hdr_acct_name; + UNIHDR hdr_user_name; + UNIHDR hdr_user_desc; + +} SAM_ENTRY1; + +typedef struct samr_str_entry_info1 +{ + UNISTR2 uni_acct_name; + UNISTR2 uni_full_name; + UNISTR2 uni_acct_desc; + +} SAM_STR1; + +typedef struct sam_entry_info_1 +{ + SAM_ENTRY1 *sam; + SAM_STR1 *str; + +} SAM_DISPINFO_1; + + +/* -- Level 2 Display Info - Trust Account Information -- */ + +typedef struct samr_entry_info2 +{ + uint32 user_idx; + + uint32 rid_user; + uint16 acb_info; + + UNIHDR hdr_srv_name; + UNIHDR hdr_srv_desc; + +} SAM_ENTRY2; + +typedef struct samr_str_entry_info2 +{ + UNISTR2 uni_srv_name; + UNISTR2 uni_srv_desc; + +} SAM_STR2; + +typedef struct sam_entry_info_2 +{ + SAM_ENTRY2 *sam; + SAM_STR2 *str; + +} SAM_DISPINFO_2; + + +/* -- Level 3 Display Info - Domain Group Information -- */ + +typedef struct samr_entry_info3 +{ + uint32 grp_idx; + + uint32 rid_grp; + uint32 attr; /* SE_GROUP_xxx, usually 7 */ + + UNIHDR hdr_grp_name; + UNIHDR hdr_grp_desc; + +} SAM_ENTRY3; + +typedef struct samr_str_entry_info3 +{ + UNISTR2 uni_grp_name; + UNISTR2 uni_grp_desc; + +} SAM_STR3; + +typedef struct sam_entry_info_3 +{ + SAM_ENTRY3 *sam; + SAM_STR3 *str; + +} SAM_DISPINFO_3; + + +/* -- Level 4 Display Info - User List (ASCII) -- */ + +typedef struct samr_entry_info4 +{ + uint32 user_idx; + STRHDR hdr_acct_name; + +} SAM_ENTRY4; + +typedef struct samr_str_entry_info4 +{ + STRING2 acct_name; + +} SAM_STR4; + +typedef struct sam_entry_info_4 +{ + SAM_ENTRY4 *sam; + SAM_STR4 *str; + +} SAM_DISPINFO_4; + + +/* -- Level 5 Display Info - Group List (ASCII) -- */ + +typedef struct samr_entry_info5 +{ + uint32 grp_idx; + STRHDR hdr_grp_name; + +} SAM_ENTRY5; + +typedef struct samr_str_entry_info5 +{ + STRING2 grp_name; + +} SAM_STR5; + +typedef struct sam_entry_info_5 +{ + SAM_ENTRY5 *sam; + SAM_STR5 *str; + +} SAM_DISPINFO_5; + + +typedef struct sam_dispinfo_ctr_info +{ + union + { + SAM_DISPINFO_1 *info1; /* users/names/descriptions */ + SAM_DISPINFO_2 *info2; /* trust accounts */ + SAM_DISPINFO_3 *info3; /* domain groups/descriptions */ + SAM_DISPINFO_4 *info4; /* user list (ASCII) - used by Win95 */ + SAM_DISPINFO_5 *info5; /* group list (ASCII) */ + void *info; /* allows assignment without typecasting, */ + + } sam; + +} SAM_DISPINFO_CTR; + + +/* SAMR_Q_QUERY_DISPINFO - SAM rids, names and descriptions */ +typedef struct q_samr_query_disp_info +{ + POLICY_HND domain_pol; + + uint16 switch_level; /* see SAM_DISPINFO_CTR above */ + /* align */ + + uint32 start_idx; /* start enumeration index */ + uint32 max_entries; /* maximum number of entries to return */ + uint32 max_size; /* recommended data size; if exceeded server + should return STATUS_MORE_ENTRIES */ + +} SAMR_Q_QUERY_DISPINFO; + + +/* SAMR_R_QUERY_DISPINFO */ +typedef struct r_samr_query_dispinfo_info +{ + uint32 total_size; /* total data size for all matching entries + (0 = uncalculated) */ + uint32 data_size; /* actual data size returned = size of SAM_ENTRY + structures + total length of strings */ + + uint16 switch_level; /* see SAM_DISPINFO_CTR above */ + /* align */ + + uint32 num_entries; /* number of entries returned */ + uint32 ptr_entries; + uint32 num_entries2; + + SAM_DISPINFO_CTR *ctr; + + NTSTATUS status; + +} SAMR_R_QUERY_DISPINFO; + + +/* SAMR_Q_DELETE_DOM_GROUP - delete domain group */ +typedef struct q_samr_delete_dom_group_info +{ + POLICY_HND group_pol; /* policy handle */ + +} SAMR_Q_DELETE_DOM_GROUP; + + +/* SAMR_R_DELETE_DOM_GROUP - delete domain group */ +typedef struct r_samr_delete_dom_group_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_DELETE_DOM_GROUP; + + +/* SAMR_Q_CREATE_DOM_GROUP - SAM create group */ +typedef struct q_samr_create_dom_group_info +{ + POLICY_HND pol; /* policy handle */ + + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + + uint32 access_mask; + +} SAMR_Q_CREATE_DOM_GROUP; + +/* SAMR_R_CREATE_DOM_GROUP - SAM create group */ +typedef struct r_samr_create_dom_group_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 rid; + NTSTATUS status; + +} SAMR_R_CREATE_DOM_GROUP; + +/* SAMR_Q_QUERY_GROUPINFO - SAM Group Info */ +typedef struct q_samr_query_group_info +{ + POLICY_HND pol; /* policy handle */ + + uint16 switch_level; /* 0x0001 seen */ + +} SAMR_Q_QUERY_GROUPINFO; + +typedef struct samr_group_info1 +{ + UNIHDR hdr_acct_name; + + uint32 unknown_1; /* 0x0000 0003 - number of group members? */ + uint32 num_members; /* 0x0000 0001 - number of group members? */ + + UNIHDR hdr_acct_desc; + + UNISTR2 uni_acct_name; + UNISTR2 uni_acct_desc; + +} GROUP_INFO1; + +typedef struct samr_group_info3 +{ + uint32 unknown_1; /* 0x0000 0003 - number of group members? */ + +} GROUP_INFO3; + +typedef struct samr_group_info4 +{ + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + +} GROUP_INFO4; + +/* GROUP_INFO_CTR */ +typedef struct group_info_ctr +{ + uint16 switch_value1; + + union + { + GROUP_INFO1 info1; + GROUP_INFO3 info3; + GROUP_INFO4 info4; + + } group; + +} GROUP_INFO_CTR; + +/* SAMR_R_QUERY_GROUPINFO - SAM Group Info */ +typedef struct r_samr_query_groupinfo_info +{ + uint32 ptr; + GROUP_INFO_CTR *ctr; + + NTSTATUS status; + +} SAMR_R_QUERY_GROUPINFO; + + +/* SAMR_Q_SET_GROUPINFO - SAM Group Info */ +typedef struct q_samr_set_group_info +{ + POLICY_HND pol; /* policy handle */ + GROUP_INFO_CTR *ctr; + +} SAMR_Q_SET_GROUPINFO; + +/* SAMR_R_SET_GROUPINFO - SAM Group Info */ +typedef struct r_samr_set_group_info +{ + NTSTATUS status; + +} SAMR_R_SET_GROUPINFO; + + +/* SAMR_Q_DELETE_DOM_ALIAS - delete domain alias */ +typedef struct q_samr_delete_dom_alias_info +{ + POLICY_HND alias_pol; /* policy handle */ + +} SAMR_Q_DELETE_DOM_ALIAS; + + +/* SAMR_R_DELETE_DOM_ALIAS - delete domain alias */ +typedef struct r_samr_delete_dom_alias_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_DELETE_DOM_ALIAS; + + +/* SAMR_Q_CREATE_DOM_ALIAS - SAM create alias */ +typedef struct q_samr_create_dom_alias_info +{ + POLICY_HND dom_pol; /* policy handle */ + + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + + uint32 access_mask; /* 0x001f000f */ + +} SAMR_Q_CREATE_DOM_ALIAS; + +/* SAMR_R_CREATE_DOM_ALIAS - SAM create alias */ +typedef struct r_samr_create_dom_alias_info +{ + POLICY_HND alias_pol; /* policy handle */ + + uint32 rid; + NTSTATUS status; + +} SAMR_R_CREATE_DOM_ALIAS; + +/* SAMR_Q_QUERY_ALIASINFO - SAM Alias Info */ +typedef struct q_samr_query_alias_info +{ + POLICY_HND pol; /* policy handle */ + + uint16 switch_level; /* 0x0003 seen */ + +} SAMR_Q_QUERY_ALIASINFO; + +typedef struct samr_alias_info1 +{ + UNIHDR hdr_acct_name; + UNIHDR hdr_acct_desc; + uint32 num_member; + UNISTR2 uni_acct_name; + UNISTR2 uni_acct_desc; + +} ALIAS_INFO1; + +typedef struct samr_alias_info3 +{ + UNIHDR hdr_acct_desc; + UNISTR2 uni_acct_desc; + +} ALIAS_INFO3; + +/* ALIAS_INFO_CTR */ +typedef struct alias_info_ctr +{ + uint16 switch_value1; + uint16 switch_value2; + + union + { + ALIAS_INFO1 info1; + ALIAS_INFO3 info3; + + } alias; + +} ALIAS_INFO_CTR; + +/* SAMR_R_QUERY_ALIASINFO - SAM alias info */ +typedef struct r_samr_query_aliasinfo_info +{ + uint32 ptr; + ALIAS_INFO_CTR ctr; + + NTSTATUS status; + +} SAMR_R_QUERY_ALIASINFO; + + +/* SAMR_Q_SET_ALIASINFO - SAM Alias Info */ +typedef struct q_samr_set_alias_info +{ + POLICY_HND alias_pol; /* policy handle */ + ALIAS_INFO_CTR ctr; + +} SAMR_Q_SET_ALIASINFO; + +/* SAMR_R_SET_ALIASINFO - SAM alias info */ +typedef struct r_samr_set_aliasinfo_info +{ + NTSTATUS status; + +} SAMR_R_SET_ALIASINFO; + + +/* SAMR_Q_QUERY_USERGROUPS - */ +typedef struct q_samr_query_usergroup_info +{ + POLICY_HND pol; /* policy handle associated with unknown id */ + +} SAMR_Q_QUERY_USERGROUPS; + +/* SAMR_R_QUERY_USERGROUPS - probably a get sam info */ +typedef struct r_samr_query_usergroup_info +{ + uint32 ptr_0; /* pointer */ + uint32 num_entries; /* number of RID groups */ + uint32 ptr_1; /* pointer */ + uint32 num_entries2; /* number of RID groups */ + + DOM_GID *gid; /* group info */ + + NTSTATUS status; /* return status */ + +} SAMR_R_QUERY_USERGROUPS; + +/* SAM_USERINFO_CTR - sam user info */ +typedef struct sam_userinfo_ctr_info +{ + uint16 switch_value; + + union + { + SAM_USER_INFO_10 *id10; /* auth-level 0x10 */ + SAM_USER_INFO_11 *id11; /* auth-level 0x11 */ + SAM_USER_INFO_12 *id12; /* auth-level 0x12 */ + SAM_USER_INFO_20 *id20; /* auth-level 20 */ + SAM_USER_INFO_21 *id21; /* auth-level 21 */ + SAM_USER_INFO_23 *id23; /* auth-level 0x17 */ + SAM_USER_INFO_24 *id24; /* auth-level 0x18 */ + SAM_USER_INFO_25 *id25; /* auth-level 0x19 */ + void* id; /* to make typecasting easy */ + + } info; + +} SAM_USERINFO_CTR; + + +/* SAMR_Q_SET_USERINFO2 - set sam info */ +typedef struct q_samr_set_user_info2 +{ + POLICY_HND pol; /* policy handle associated with user */ + uint16 switch_value; /* 0x0010 */ + + SAM_USERINFO_CTR *ctr; + +} SAMR_Q_SET_USERINFO2; + +/* SAMR_R_SET_USERINFO2 - set sam info */ +typedef struct r_samr_set_user_info2 +{ + NTSTATUS status; /* return status */ + +} SAMR_R_SET_USERINFO2; + +/* SAMR_Q_SET_USERINFO - set sam info */ +typedef struct q_samr_set_user_info +{ + POLICY_HND pol; /* policy handle associated with user */ + uint16 switch_value; + SAM_USERINFO_CTR *ctr; + +} SAMR_Q_SET_USERINFO; + +/* SAMR_R_SET_USERINFO - set sam info */ +typedef struct r_samr_set_user_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_SET_USERINFO; + + +/* SAMR_Q_QUERY_USERINFO - probably a get sam info */ +typedef struct q_samr_query_user_info +{ + POLICY_HND pol; /* policy handle associated with unknown id */ + uint16 switch_value; /* 0x0015, 0x0011 or 0x0010 - 16 bit unknown */ + +} SAMR_Q_QUERY_USERINFO; + +/* SAMR_R_QUERY_USERINFO - probably a get sam info */ +typedef struct r_samr_query_user_info +{ + uint32 ptr; /* pointer */ + SAM_USERINFO_CTR *ctr; + + NTSTATUS status; /* return status */ + +} SAMR_R_QUERY_USERINFO; + + +/**************************************************************************** +SAMR_Q_QUERY_USERALIASES - do a conversion from name to RID. + +the policy handle allocated by an "samr open secret" call is associated +with a SID. this policy handle is what is queried here, *not* the SID +itself. the response to the lookup rids is relative to this SID. +*****************************************************************************/ +/* SAMR_Q_QUERY_USERALIASES */ +typedef struct q_samr_query_useraliases_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 num_sids1; /* number of rids being looked up */ + uint32 ptr; /* buffer pointer */ + uint32 num_sids2; /* number of rids being looked up */ + + uint32 *ptr_sid; /* pointers to sids to be looked up */ + DOM_SID2 *sid ; /* sids to be looked up. */ + +} SAMR_Q_QUERY_USERALIASES; + + +/* SAMR_R_QUERY_USERALIASES */ +typedef struct r_samr_query_useraliases_info +{ + uint32 num_entries; + uint32 ptr; /* undocumented buffer pointer */ + + uint32 num_entries2; + uint32 *rid; /* domain RIDs being looked up */ + + NTSTATUS status; /* return code */ + +} SAMR_R_QUERY_USERALIASES; + + +/**************************************************************************** +SAMR_Q_LOOKUP_NAMES - do a conversion from Names to RIDs+types. +*****************************************************************************/ +/* SAMR_Q_LOOKUP_NAMES */ +typedef struct q_samr_lookup_names_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 num_names1; /* number of names being looked up */ + uint32 flags; /* 0x0000 03e8 - unknown */ + uint32 ptr; /* 0x0000 0000 - 32 bit unknown */ + uint32 num_names2; /* number of names being looked up */ + + UNIHDR *hdr_name; /* unicode account name header */ + UNISTR2 *uni_name; /* unicode account name string */ + +} SAMR_Q_LOOKUP_NAMES; + + +/* SAMR_R_LOOKUP_NAMES */ +typedef struct r_samr_lookup_names_info +{ + uint32 num_rids1; /* number of aliases being looked up */ + uint32 ptr_rids; /* pointer to aliases */ + uint32 num_rids2; /* number of aliases being looked up */ + + uint32 *rids; /* rids */ + + uint32 num_types1; /* number of users in aliases being looked up */ + uint32 ptr_types; /* pointer to users in aliases */ + uint32 num_types2; /* number of users in aliases being looked up */ + + uint32 *types; /* SID_ENUM type */ + + NTSTATUS status; /* return code */ + +} SAMR_R_LOOKUP_NAMES; + + +/**************************************************************************** +SAMR_Q_LOOKUP_RIDS - do a conversion from RID groups to something. + +called to resolve domain RID groups. +*****************************************************************************/ +/* SAMR_Q_LOOKUP_RIDS */ +typedef struct q_samr_lookup_rids_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 num_rids1; /* number of rids being looked up */ + uint32 flags; /* 0x0000 03e8 - unknown */ + uint32 ptr; /* 0x0000 0000 - 32 bit unknown */ + uint32 num_rids2; /* number of rids being looked up */ + + uint32 *rid; /* domain RIDs being looked up */ + +} SAMR_Q_LOOKUP_RIDS; + + +/**************************************************************************** +SAMR_R_LOOKUP_RIDS - do a conversion from group RID to names + +*****************************************************************************/ +/* SAMR_R_LOOKUP_RIDS */ +typedef struct r_samr_lookup_rids_info +{ + uint32 num_names1; /* number of aliases being looked up */ + uint32 ptr_names; /* pointer to aliases */ + uint32 num_names2; /* number of aliases being looked up */ + + UNIHDR *hdr_name; /* unicode account name header */ + UNISTR2 *uni_name; /* unicode account name string */ + + uint32 num_types1; /* number of users in aliases being looked up */ + uint32 ptr_types; /* pointer to users in aliases */ + uint32 num_types2; /* number of users in aliases being looked up */ + + uint32 *type; /* SID_ENUM type */ + + NTSTATUS status; + +} SAMR_R_LOOKUP_RIDS; + + +/* SAMR_Q_OPEN_USER - probably an open */ +typedef struct q_samr_open_user_info +{ + POLICY_HND domain_pol; /* policy handle */ + uint32 access_mask; /* 32 bit unknown - 0x02011b */ + uint32 user_rid; /* user RID */ + +} SAMR_Q_OPEN_USER; + + +/* SAMR_R_OPEN_USER - probably an open */ +typedef struct r_samr_open_user_info +{ + POLICY_HND user_pol; /* policy handle associated with unknown id */ + NTSTATUS status; /* return status */ + +} SAMR_R_OPEN_USER; + + +/* SAMR_Q_CREATE_USER - probably a create */ +typedef struct q_samr_create_user_info +{ + POLICY_HND domain_pol; /* policy handle */ + + UNIHDR hdr_name; /* unicode account name header */ + UNISTR2 uni_name; /* unicode account name */ + + uint32 acb_info; /* account control info */ + uint32 access_mask; /* 0xe005 00b0 */ + +} SAMR_Q_CREATE_USER; + + +/* SAMR_R_CREATE_USER - probably a create */ +typedef struct r_samr_create_user_info +{ + POLICY_HND user_pol; /* policy handle associated with user */ + + uint32 unknown_0; /* 0x0007 03ff */ + uint32 user_rid; /* user RID */ + NTSTATUS status; /* return status */ + +} SAMR_R_CREATE_USER; + + +/* SAMR_Q_DELETE_DOM_USER - delete domain user */ +typedef struct q_samr_delete_dom_user_info +{ + POLICY_HND user_pol; /* policy handle */ + +} SAMR_Q_DELETE_DOM_USER; + + +/* SAMR_R_DELETE_DOM_USER - delete domain user */ +typedef struct r_samr_delete_dom_user_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_DELETE_DOM_USER; + + +/* SAMR_Q_QUERY_GROUPMEM - query group members */ +typedef struct q_samr_query_groupmem_info +{ + POLICY_HND group_pol; /* policy handle */ + +} SAMR_Q_QUERY_GROUPMEM; + + +/* SAMR_R_QUERY_GROUPMEM - query group members */ +typedef struct r_samr_query_groupmem_info +{ + uint32 ptr; + uint32 num_entries; + + uint32 ptr_rids; + uint32 ptr_attrs; + + uint32 num_rids; + uint32 *rid; + + uint32 num_attrs; + uint32 *attr; + + NTSTATUS status; + +} SAMR_R_QUERY_GROUPMEM; + + +/* SAMR_Q_DEL_GROUPMEM - probably an del group member */ +typedef struct q_samr_del_group_mem_info +{ + POLICY_HND pol; /* policy handle */ + uint32 rid; /* rid */ + +} SAMR_Q_DEL_GROUPMEM; + + +/* SAMR_R_DEL_GROUPMEM - probably an del group member */ +typedef struct r_samr_del_group_mem_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_DEL_GROUPMEM; + + +/* SAMR_Q_ADD_GROUPMEM - probably an add group member */ +typedef struct q_samr_add_group_mem_info +{ + POLICY_HND pol; /* policy handle */ + + uint32 rid; /* rid */ + uint32 unknown; /* 0x0000 0005 */ + +} SAMR_Q_ADD_GROUPMEM; + + +/* SAMR_R_ADD_GROUPMEM - probably an add group member */ +typedef struct r_samr_add_group_mem_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_ADD_GROUPMEM; + + +/* SAMR_Q_OPEN_GROUP - probably an open */ +typedef struct q_samr_open_group_info +{ + POLICY_HND domain_pol; /* policy handle */ + uint32 access_mask; /* 0x0000 0001, 0x0000 0003, 0x0000 001f */ + uint32 rid_group; /* rid */ + +} SAMR_Q_OPEN_GROUP; + + +/* SAMR_R_OPEN_GROUP - probably an open */ +typedef struct r_samr_open_group_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_OPEN_GROUP; + + +/* SAMR_Q_QUERY_ALIASMEM - query alias members */ +typedef struct q_samr_query_aliasmem_info +{ + POLICY_HND alias_pol; /* policy handle */ + +} SAMR_Q_QUERY_ALIASMEM; + + +/* SAMR_R_QUERY_ALIASMEM - query alias members */ +typedef struct r_samr_query_aliasmem_info +{ + uint32 num_sids; + uint32 ptr; + uint32 num_sids1; + + DOM_SID2 *sid; + + NTSTATUS status; + +} SAMR_R_QUERY_ALIASMEM; + + +/* SAMR_Q_ADD_ALIASMEM - add alias member */ +typedef struct q_samr_add_alias_mem_info +{ + POLICY_HND alias_pol; /* policy handle */ + + DOM_SID2 sid; /* member sid to be added to the alias */ + +} SAMR_Q_ADD_ALIASMEM; + + +/* SAMR_R_ADD_ALIASMEM - add alias member */ +typedef struct r_samr_add_alias_mem_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_ADD_ALIASMEM; + + +/* SAMR_Q_DEL_ALIASMEM - add an add alias member */ +typedef struct q_samr_del_alias_mem_info +{ + POLICY_HND alias_pol; /* policy handle */ + + DOM_SID2 sid; /* member sid to be added to alias */ + +} SAMR_Q_DEL_ALIASMEM; + + +/* SAMR_R_DEL_ALIASMEM - delete alias member */ +typedef struct r_samr_del_alias_mem_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_DEL_ALIASMEM; + + + +/* SAMR_Q_OPEN_ALIAS - probably an open */ +typedef struct q_samr_open_alias_info +{ + POLICY_HND dom_pol; + + uint32 access_mask; + uint32 rid_alias; + +} SAMR_Q_OPEN_ALIAS; + + +/* SAMR_R_OPEN_ALIAS - probably an open */ +typedef struct r_samr_open_alias_info +{ + POLICY_HND pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_OPEN_ALIAS; + + +/* SAMR_Q_CONNECT_ANON - probably an open */ +typedef struct q_samr_connect_anon_info +{ + uint32 ptr; /* ptr? */ + uint16 unknown_0; /* 0x005c */ + uint16 unknown_1; /* 0x0001 */ + uint32 access_mask; + +} SAMR_Q_CONNECT_ANON; + +/* SAMR_R_CONNECT_ANON - probably an open */ +typedef struct r_samr_connect_anon_info +{ + POLICY_HND connect_pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_CONNECT_ANON; + +/* SAMR_Q_CONNECT - probably an open */ +typedef struct q_samr_connect_info +{ + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* unicode server name starting with '\\' */ + + uint32 access_mask; + +} SAMR_Q_CONNECT; + + +/* SAMR_R_CONNECT - probably an open */ +typedef struct r_samr_connect_info +{ + POLICY_HND connect_pol; /* policy handle */ + NTSTATUS status; /* return status */ + +} SAMR_R_CONNECT; + +/* SAMR_Q_GET_DOM_PWINFO */ +typedef struct q_samr_get_dom_pwinfo +{ + uint32 ptr; + UNIHDR hdr_srv_name; + UNISTR2 uni_srv_name; + +} SAMR_Q_GET_DOM_PWINFO; + +/* SAMR_R_GET_DOM_PWINFO */ +typedef struct r_samr_get_dom_pwinfo +{ + uint16 unk_0; + uint16 unk_1; + uint16 unk_2; + NTSTATUS status; + +} SAMR_R_GET_DOM_PWINFO; + +/* SAMR_ENC_PASSWD */ +typedef struct enc_passwd_info +{ + uint32 ptr; + uint8 pass[516]; + +} SAMR_ENC_PASSWD; + +/* SAMR_ENC_HASH */ +typedef struct enc_hash_info +{ + uint32 ptr; + uint8 hash[16]; + +} SAMR_ENC_HASH; + +/* SAMR_Q_CHGPASSWD_USER */ +typedef struct q_samr_chgpasswd_user_info +{ + uint32 ptr_0; + + UNIHDR hdr_dest_host; /* server name unicode header */ + UNISTR2 uni_dest_host; /* server name unicode string */ + + UNIHDR hdr_user_name; /* username unicode string header */ + UNISTR2 uni_user_name; /* username unicode string */ + + SAMR_ENC_PASSWD nt_newpass; + SAMR_ENC_HASH nt_oldhash; + + uint32 unknown; /* 0x0000 0001 */ + + SAMR_ENC_PASSWD lm_newpass; + SAMR_ENC_HASH lm_oldhash; + +} SAMR_Q_CHGPASSWD_USER; + +/* SAMR_R_CHGPASSWD_USER */ +typedef struct r_samr_chgpasswd_user_info +{ + NTSTATUS status; /* 0 == OK, C000006A (NT_STATUS_WRONG_PASSWORD) */ + +} SAMR_R_CHGPASSWD_USER; + + +/* SAMR_Q_UNKNOWN_2D */ +typedef struct q_samr_unknown_2d_info +{ + POLICY_HND dom_pol; /* policy handle */ + DOM_SID2 sid; /* SID */ + +} SAMR_Q_UNKNOWN_2D; + + +/* SAMR_R_UNKNOWN_2D - probably an open */ +typedef struct r_samr_unknown_2d_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_UNKNOWN_2D; + + + +/* these are from the old rpc_samr.h - they are needed while the merge + is still going on */ +#define MAX_SAM_SIDS 15 + +/* DOM_SID3 - security id */ +typedef struct sid_info_3 +{ + uint16 len; /* length, bytes, including length of len :-) */ + /* uint8 pad[2]; */ + + DOM_SID sid; + +} DOM_SID3; + +/* SAMR_Q_UNKNOWN_2E */ +typedef struct q_samr_unknown_2e_info +{ + POLICY_HND domain_pol; /* policy handle */ + uint16 switch_value; + +} SAMR_Q_UNKNOWN_2E; + +/* SAMR_R_UNKNOWN_2E */ +typedef struct r_samr_unknown_2e_info +{ + uint32 ptr_0; + uint16 switch_value; + SAM_UNK_CTR *ctr; + NTSTATUS status; /* return status */ + +} SAMR_R_UNKNOWN_2E; + +/* SAMR_Q_SET_DOMAIN_INFO */ +typedef struct q_samr_set_domain_info +{ + POLICY_HND domain_pol; /* policy handle */ + uint16 switch_value0; + uint16 switch_value; + SAM_UNK_CTR *ctr; + +} SAMR_Q_SET_DOMAIN_INFO; + +/* SAMR_R_SET_DOMAIN_INFO */ +typedef struct r_samr_set_domain_info +{ + NTSTATUS status; /* return status */ + +} SAMR_R_SET_DOMAIN_INFO; + + +#endif /* _RPC_SAMR_H */ + diff --git a/source3/include/rpc_secdes.h b/source3/include/rpc_secdes.h new file mode 100644 index 00000000000..e51a5fd2f8f --- /dev/null +++ b/source3/include/rpc_secdes.h @@ -0,0 +1,214 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_SECDES_H /* _RPC_SECDES_H */ +#define _RPC_SECDES_H + +#define SEC_RIGHTS_QUERY_VALUE 0x00000001 +#define SEC_RIGHTS_SET_VALUE 0x00000002 +#define SEC_RIGHTS_CREATE_SUBKEY 0x00000004 +#define SEC_RIGHTS_ENUM_SUBKEYS 0x00000008 +#define SEC_RIGHTS_NOTIFY 0x00000010 +#define SEC_RIGHTS_CREATE_LINK 0x00000020 +#define SEC_RIGHTS_READ 0x00020019 +#define SEC_RIGHTS_FULL_CONTROL 0x000f003f +#define SEC_RIGHTS_MAXIMUM_ALLOWED 0x02000000 +/* for ADS */ +#define SEC_RIGHTS_LIST_CONTENTS 0x4 +#define SEC_RIGHTS_LIST_OBJECT 0x80 +#define SEC_RIGHTS_READ_ALL_PROP 0x10 +#define SEC_RIGHTS_READ_PERMS 0x20000 +#define SEC_RIGHTS_WRITE_ALL_VALID 0x8 +#define SEC_RIGHTS_WRITE_ALL_PROP 0x20 +#define SEC_RIGHTS_MODIFY_OWNER 0x80000 +#define SEC_RIGHTS_MODIFY_PERMS 0x40000 +#define SEC_RIGHTS_CREATE_CHILD 0x1 +#define SEC_RIGHTS_DELETE_CHILD 0x2 +#define SEC_RIGHTS_DELETE_SUBTREE 0x40 +#define SEC_RIGHTS_DELETE 0x10000 /* advanced/special/object/delete */ +#define SEC_RIGHTS_EXTENDED 0x100 /* change/reset password, receive/send as*/ +#define SEC_RIGHTS_CHANGE_PASSWD SEC_RIGHTS_EXTENDED +#define SEC_RIGHTS_RESET_PASSWD SEC_RIGHTS_EXTENDED +#define SEC_RIGHTS_FULL_CTRL 0xf01ff + +#define SEC_ACE_OBJECT_PRESENT 0x00000001 /* thanks for Jim McDonough */ +#define SEC_ACE_OBJECT_INHERITED_PRESENT 0x00000002 + +#define SEC_ACE_FLAG_OBJECT_INHERIT 0x1 +#define SEC_ACE_FLAG_CONTAINER_INHERIT 0x2 +#define SEC_ACE_FLAG_NO_PROPAGATE_INHERIT 0x4 +#define SEC_ACE_FLAG_INHERIT_ONLY 0x8 +#define SEC_ACE_FLAG_INHERITED_ACE 0x10 /* New for Windows 2000 */ +#define SEC_ACE_FLAG_VALID_INHERIT 0xf +#define SEC_ACE_FLAG_SUCCESSFUL_ACCESS 0x40 +#define SEC_ACE_FLAG_FAILED_ACCESS 0x80 + +#define SEC_ACE_TYPE_ACCESS_ALLOWED 0x0 +#define SEC_ACE_TYPE_ACCESS_DENIED 0x1 +#define SEC_ACE_TYPE_SYSTEM_AUDIT 0x2 +#define SEC_ACE_TYPE_SYSTEM_ALARM 0x3 +#define SEC_ACE_TYPE_ALLOWED_COMPOUND 0x4 +#define SEC_ACE_TYPE_ACCESS_ALLOWED_OBJECT 0x5 +#define SEC_ACE_TYPE_ACCESS_DENIED_OBJECT 0x6 +#define SEC_ACE_TYPE_SYSTEM_AUDIT_OBJECT 0x7 +#define SEC_ACE_TYPE_SYSTEM_ALARM_OBJECT 0x8 + +#define SEC_DESC_OWNER_DEFAULTED 0x0001 +#define SEC_DESC_GROUP_DEFAULTED 0x0002 +#define SEC_DESC_DACL_PRESENT 0x0004 +#define SEC_DESC_DACL_DEFAULTED 0x0008 +#define SEC_DESC_SACL_PRESENT 0x0010 +#define SEC_DESC_SACL_DEFAULTED 0x0020 +#define SEC_DESC_SELF_RELATIVE 0x8000 +/* + * New Windows 2000 bits. + */ +#define SE_DESC_DACL_AUTO_INHERIT_REQ 0x0100 +#define SE_DESC_SACL_AUTO_INHERIT_REQ 0x0200 +#define SE_DESC_DACL_AUTO_INHERITED 0x0400 +#define SE_DESC_SACL_AUTO_INHERITED 0x0800 +#define SE_DESC_DACL_PROTECTED 0x1000 +#define SE_DESC_SACL_PROTECTED 0x2000 + +/* security information */ +#define OWNER_SECURITY_INFORMATION 0x00000001 +#define GROUP_SECURITY_INFORMATION 0x00000002 +#define DACL_SECURITY_INFORMATION 0x00000004 +#define SACL_SECURITY_INFORMATION 0x00000008 + +#define ALL_SECURITY_INFORMATION (OWNER_SECURITY_INFORMATION|GROUP_SECURITY_INFORMATION|\ + DACL_SECURITY_INFORMATION|SACL_SECURITY_INFORMATION) + +/* Globally Unique ID */ +#define GUID_SIZE 16 +typedef struct guid_info +{ + uint8 info[GUID_SIZE]; +} GUID; + +/* SEC_ACCESS */ +typedef struct security_info_info +{ + uint32 mask; + +} SEC_ACCESS; + +/* SEC_ACE */ +typedef struct security_ace_info +{ + uint8 type; /* xxxx_xxxx_ACE_TYPE - e.g allowed / denied etc */ + uint8 flags; /* xxxx_INHERIT_xxxx - e.g OBJECT_INHERIT_ACE */ + uint16 size; + + SEC_ACCESS info; + + /* this stuff may be present when type is XXXX_TYPE_XXXX_OBJECT */ + uint32 obj_flags; /* xxxx_ACE_OBJECT_xxxx e.g present/inherited present etc */ + GUID obj_guid; /* object GUID */ + GUID inh_guid; /* inherited object GUID */ + /* eof object stuff */ + + DOM_SID trustee; + +} SEC_ACE; +#define SEC_ACE_HEADER_SIZE (2 * sizeof(uint8) + sizeof(uint16) + sizeof(uint32)) + +#ifndef ACL_REVISION +#define ACL_REVISION 0x3 +#endif + +#ifndef NT4_ACL_REVISION +#define NT4_ACL_REVISION 0x2 +#endif + +#ifndef _SEC_ACL +/* SEC_ACL */ +typedef struct security_acl_info +{ + uint16 revision; /* 0x0003 */ + uint16 size; /* size in bytes of the entire ACL structure */ + uint32 num_aces; /* number of Access Control Entries */ + + SEC_ACE *ace; + +} SEC_ACL; +#define SEC_ACL_HEADER_SIZE (2 * sizeof(uint16) + sizeof(uint32)) +#define _SEC_ACL +#endif + +#ifndef SEC_DESC_REVISION +#define SEC_DESC_REVISION 0x1 +#endif + +#ifndef _SEC_DESC +/* SEC_DESC */ +typedef struct security_descriptor_info +{ + uint16 revision; /* 0x0001 */ + uint16 type; /* SEC_DESC_xxxx flags */ + + uint32 off_owner_sid; /* offset to owner sid */ + uint32 off_grp_sid ; /* offset to group sid */ + uint32 off_sacl ; /* offset to system list of permissions */ + uint32 off_dacl ; /* offset to list of permissions */ + + SEC_ACL *dacl; /* user ACL */ + SEC_ACL *sacl; /* system ACL */ + DOM_SID *owner_sid; + DOM_SID *grp_sid; + +} SEC_DESC; +#define SEC_DESC_HEADER_SIZE (2 * sizeof(uint16) + 4 * sizeof(uint32)) +#define _SEC_DESC +#endif + +#ifndef _SEC_DESC_BUF +/* SEC_DESC_BUF */ +typedef struct sec_desc_buf_info +{ + uint32 max_len; + uint32 ptr; + uint32 len; + + SEC_DESC *sec; + +} SEC_DESC_BUF; +#define _SEC_DESC_BUF +#endif + +/* A type to describe the mapping of generic access rights to object + specific access rights. */ + +typedef struct generic_mapping { + uint32 generic_read; + uint32 generic_write; + uint32 generic_execute; + uint32 generic_all; +} GENERIC_MAPPING; + +typedef struct standard_mapping { + uint32 std_read; + uint32 std_write; + uint32 std_execute; + uint32 std_all; +} STANDARD_MAPPING; + +#endif /* _RPC_SECDES_H */ diff --git a/source3/include/rpc_spoolss.h b/source3/include/rpc_spoolss.h new file mode 100755 index 00000000000..71854b5d89f --- /dev/null +++ b/source3/include/rpc_spoolss.h @@ -0,0 +1,2117 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-2000, + Copyright (C) Luke Kenneth Casson Leighton 1996-2000, + Copyright (C) Jean Francois Micouleau 1998-2000. + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_SPOOLSS_H /* _RPC_SPOOLSS_H */ +#define _RPC_SPOOLSS_H + +#define INTEGER 1 +#define STRING 2 + +/* spoolss pipe: this are the calls which are not implemented ... +#define SPOOLSS_GETPRINTERDRIVER 0x0b +#define SPOOLSS_READPRINTER 0x16 +#define SPOOLSS_WAITFORPRINTERCHANGE 0x1c +#define SPOOLSS_ADDPORT 0x25 +#define SPOOLSS_CONFIGUREPORT 0x26 +#define SPOOLSS_DELETEPORT 0x27 +#define SPOOLSS_CREATEPRINTERIC 0x28 +#define SPOOLSS_PLAYGDISCRIPTONPRINTERIC 0x29 +#define SPOOLSS_DELETEPRINTERIC 0x2a +#define SPOOLSS_ADDPRINTERCONNECTION 0x2b +#define SPOOLSS_DELETEPRINTERCONNECTION 0x2c +#define SPOOLSS_PRINTERMESSAGEBOX 0x2d +#define SPOOLSS_ADDMONITOR 0x2e +#define SPOOLSS_DELETEMONITOR 0x2f +#define SPOOLSS_DELETEPRINTPROCESSOR 0x30 +#define SPOOLSS_ADDPRINTPROVIDOR 0x31 +#define SPOOLSS_DELETEPRINTPROVIDOR 0x32 +#define SPOOLSS_FINDFIRSTPRINTERCHANGENOTIFICATION 0x36 +#define SPOOLSS_FINDNEXTPRINTERCHANGENOTIFICATION 0x37 +#define SPOOLSS_ROUTERFINDFIRSTPRINTERNOTIFICATIONOLD 0x39 +#define SPOOLSS_ADDPORTEX 0x3d +#define SPOOLSS_REMOTEFINDFIRSTPRINTERCHANGENOTIFICATION0x3e +#define SPOOLSS_SPOOLERINIT 0x3f +#define SPOOLSS_RESETPRINTEREX 0x40 +#define SPOOLSS_DELETEPRINTERDATAEX 0x51 +#define SPOOLSS_DELETEPRINTERDRIVEREX 0x54 +#define SPOOLSS_ADDPRINTERDRIVEREX 0x59 +*/ + +/* those are implemented */ +#define SPOOLSS_ENUMPRINTERS 0x00 +#define SPOOLSS_OPENPRINTER 0x01 +#define SPOOLSS_SETJOB 0x02 +#define SPOOLSS_GETJOB 0x03 +#define SPOOLSS_ENUMJOBS 0x04 +#define SPOOLSS_ADDPRINTER 0x05 +#define SPOOLSS_DELETEPRINTER 0x06 +#define SPOOLSS_SETPRINTER 0x07 +#define SPOOLSS_GETPRINTER 0x08 +#define SPOOLSS_ADDPRINTERDRIVER 0x09 +#define SPOOLSS_ENUMPRINTERDRIVERS 0x0a +#define SPOOLSS_GETPRINTERDRIVERDIRECTORY 0x0c +#define SPOOLSS_DELETEPRINTERDRIVER 0x0d +#define SPOOLSS_ADDPRINTPROCESSOR 0x0e +#define SPOOLSS_ENUMPRINTPROCESSORS 0x0f +#define SPOOLSS_GETPRINTPROCESSORDIRECTORY 0x10 +#define SPOOLSS_STARTDOCPRINTER 0x11 +#define SPOOLSS_STARTPAGEPRINTER 0x12 +#define SPOOLSS_WRITEPRINTER 0x13 +#define SPOOLSS_ENDPAGEPRINTER 0x14 +#define SPOOLSS_ABORTPRINTER 0x15 +#define SPOOLSS_ENDDOCPRINTER 0x17 +#define SPOOLSS_ADDJOB 0x18 +#define SPOOLSS_SCHEDULEJOB 0x19 +#define SPOOLSS_GETPRINTERDATA 0x1a +#define SPOOLSS_SETPRINTERDATA 0x1b +#define SPOOLSS_CLOSEPRINTER 0x1d +#define SPOOLSS_ADDFORM 0x1e +#define SPOOLSS_DELETEFORM 0x1f +#define SPOOLSS_GETFORM 0x20 +#define SPOOLSS_SETFORM 0x21 +#define SPOOLSS_ENUMFORMS 0x22 +#define SPOOLSS_ENUMPORTS 0x23 +#define SPOOLSS_ENUMMONITORS 0x24 +#define SPOOLSS_ENUMPRINTPROCDATATYPES 0x33 +#define SPOOLSS_RESETPRINTER 0x34 +#define SPOOLSS_GETPRINTERDRIVER2 0x35 +#define SPOOLSS_FCPN 0x38 /* FindClosePrinterNotify */ +#define SPOOLSS_REPLYOPENPRINTER 0x3a +#define SPOOLSS_ROUTERREPLYPRINTER 0x3b +#define SPOOLSS_REPLYCLOSEPRINTER 0x3c +#define SPOOLSS_RFFPCNEX 0x41 /* RemoteFindFirstPrinterChangeNotifyEx */ +#define SPOOLSS_RRPCN 0x42 /* RouteRefreshPrinterChangeNotification */ +#define SPOOLSS_RFNPCNEX 0x43 /* RemoteFindNextPrinterChangeNotifyEx */ +#define SPOOLSS_OPENPRINTEREX 0x45 +#define SPOOLSS_ADDPRINTEREX 0x46 +#define SPOOLSS_ENUMPRINTERDATA 0x48 +#define SPOOLSS_DELETEPRINTERDATA 0x49 +#define SPOOLSS_SETPRINTERDATAEX 0x4d +#define SPOOLSS_GETPRINTERDATAEX 0x4e +#define SPOOLSS_ENUMPRINTERDATAEX 0x4f +#define SPOOLSS_ENUMPRINTERKEY 0x50 + + +#define PRINTER_CONTROL_UNPAUSE 0x00000000 +#define PRINTER_CONTROL_PAUSE 0x00000001 +#define PRINTER_CONTROL_RESUME 0x00000002 +#define PRINTER_CONTROL_PURGE 0x00000003 +#define PRINTER_CONTROL_SET_STATUS 0x00000004 + +#define PRINTER_STATUS_PAUSED 0x00000001 +#define PRINTER_STATUS_ERROR 0x00000002 +#define PRINTER_STATUS_PENDING_DELETION 0x00000004 +#define PRINTER_STATUS_PAPER_JAM 0x00000008 + +#define PRINTER_STATUS_PAPER_OUT 0x00000010 +#define PRINTER_STATUS_MANUAL_FEED 0x00000020 +#define PRINTER_STATUS_PAPER_PROBLEM 0x00000040 +#define PRINTER_STATUS_OFFLINE 0x00000080 + +#define PRINTER_STATUS_IO_ACTIVE 0x00000100 +#define PRINTER_STATUS_BUSY 0x00000200 +#define PRINTER_STATUS_PRINTING 0x00000400 +#define PRINTER_STATUS_OUTPUT_BIN_FULL 0x00000800 + +#define PRINTER_STATUS_NOT_AVAILABLE 0x00001000 +#define PRINTER_STATUS_WAITING 0x00002000 +#define PRINTER_STATUS_PROCESSING 0x00004000 +#define PRINTER_STATUS_INITIALIZING 0x00008000 + +#define PRINTER_STATUS_WARMING_UP 0x00010000 +#define PRINTER_STATUS_TONER_LOW 0x00020000 +#define PRINTER_STATUS_NO_TONER 0x00040000 +#define PRINTER_STATUS_PAGE_PUNT 0x00080000 + +#define PRINTER_STATUS_USER_INTERVENTION 0x00100000 +#define PRINTER_STATUS_OUT_OF_MEMORY 0x00200000 +#define PRINTER_STATUS_DOOR_OPEN 0x00400000 +#define PRINTER_STATUS_SERVER_UNKNOWN 0x00800000 + +#define PRINTER_STATUS_POWER_SAVE 0x01000000 + +#define SERVER_ACCESS_ADMINISTER 0x00000001 +#define SERVER_ACCESS_ENUMERATE 0x00000002 +#define PRINTER_ACCESS_ADMINISTER 0x00000004 +#define PRINTER_ACCESS_USE 0x00000008 +#define JOB_ACCESS_ADMINISTER 0x00000010 + +/* JOB status codes. */ + +#define JOB_STATUS_PAUSED 0x001 +#define JOB_STATUS_ERROR 0x002 +#define JOB_STATUS_DELETING 0x004 +#define JOB_STATUS_SPOOLING 0x008 +#define JOB_STATUS_PRINTING 0x010 +#define JOB_STATUS_OFFLINE 0x020 +#define JOB_STATUS_PAPEROUT 0x040 +#define JOB_STATUS_PRINTED 0x080 +#define JOB_STATUS_DELETED 0x100 +#define JOB_STATUS_BLOCKED 0x200 +#define JOB_STATUS_USER_INTERVENTION 0x400 + +/* ACE masks for the various print permissions */ + +#define PRINTER_ACE_FULL_CONTROL GENERIC_ALL_ACCESS +#define PRINTER_ACE_MANAGE_DOCUMENTS READ_CONTROL_ACCESS +#define PRINTER_ACE_PRINT \ + (GENERIC_READ_ACCESS | GENERIC_WRITE_ACCESS | GENERIC_EXECUTE_ACCESS) + +/* Access rights for print servers */ +#define SERVER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE +#define SERVER_READ STANDARD_RIGHTS_READ_ACCESS|SERVER_ACCESS_ENUMERATE +#define SERVER_WRITE STANDARD_RIGHTS_WRITE_ACCESS|SERVER_ACCESS_ADMINISTER|SERVER_ACCESS_ENUMERATE +#define SERVER_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|SERVER_ACCESS_ENUMERATE + +/* Access rights for printers */ +#define PRINTER_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|PRINTER_ACCESS_ADMINISTER|PRINTER_ACCESS_USE +#define PRINTER_READ STANDARD_RIGHTS_READ_ACCESS|PRINTER_ACCESS_USE +#define PRINTER_WRITE STANDARD_RIGHTS_WRITE_ACCESS|PRINTER_ACCESS_USE +#define PRINTER_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|PRINTER_ACCESS_USE + +/* Access rights for jobs */ +#define JOB_ALL_ACCESS STANDARD_RIGHTS_REQUIRED_ACCESS|JOB_ACCESS_ADMINISTER +#define JOB_READ STANDARD_RIGHTS_READ_ACCESS|JOB_ACCESS_ADMINISTER +#define JOB_WRITE STANDARD_RIGHTS_WRITE_ACCESS|JOB_ACCESS_ADMINISTER +#define JOB_EXECUTE STANDARD_RIGHTS_EXECUTE_ACCESS|JOB_ACCESS_ADMINISTER + +#define ONE_VALUE 1 +#define TWO_VALUE 2 +#define POINTER 3 + +#define PRINTER_NOTIFY_TYPE 0x00 +#define JOB_NOTIFY_TYPE 0x01 + +#define MAX_PRINTER_NOTIFY 26 +#define MAX_JOB_NOTIFY 24 + +#define MAX_NOTIFY_TYPE_FOR_NOW 26 + +#define PRINTER_NOTIFY_SERVER_NAME 0x00 +#define PRINTER_NOTIFY_PRINTER_NAME 0x01 +#define PRINTER_NOTIFY_SHARE_NAME 0x02 +#define PRINTER_NOTIFY_PORT_NAME 0x03 +#define PRINTER_NOTIFY_DRIVER_NAME 0x04 +#define PRINTER_NOTIFY_COMMENT 0x05 +#define PRINTER_NOTIFY_LOCATION 0x06 +#define PRINTER_NOTIFY_DEVMODE 0x07 +#define PRINTER_NOTIFY_SEPFILE 0x08 +#define PRINTER_NOTIFY_PRINT_PROCESSOR 0x09 +#define PRINTER_NOTIFY_PARAMETERS 0x0A +#define PRINTER_NOTIFY_DATATYPE 0x0B +#define PRINTER_NOTIFY_SECURITY_DESCRIPTOR 0x0C +#define PRINTER_NOTIFY_ATTRIBUTES 0x0D +#define PRINTER_NOTIFY_PRIORITY 0x0E +#define PRINTER_NOTIFY_DEFAULT_PRIORITY 0x0F +#define PRINTER_NOTIFY_START_TIME 0x10 +#define PRINTER_NOTIFY_UNTIL_TIME 0x11 +#define PRINTER_NOTIFY_STATUS 0x12 +#define PRINTER_NOTIFY_STATUS_STRING 0x13 +#define PRINTER_NOTIFY_CJOBS 0x14 +#define PRINTER_NOTIFY_AVERAGE_PPM 0x15 +#define PRINTER_NOTIFY_TOTAL_PAGES 0x16 +#define PRINTER_NOTIFY_PAGES_PRINTED 0x17 +#define PRINTER_NOTIFY_TOTAL_BYTES 0x18 +#define PRINTER_NOTIFY_BYTES_PRINTED 0x19 + +#define JOB_NOTIFY_PRINTER_NAME 0x00 +#define JOB_NOTIFY_MACHINE_NAME 0x01 +#define JOB_NOTIFY_PORT_NAME 0x02 +#define JOB_NOTIFY_USER_NAME 0x03 +#define JOB_NOTIFY_NOTIFY_NAME 0x04 +#define JOB_NOTIFY_DATATYPE 0x05 +#define JOB_NOTIFY_PRINT_PROCESSOR 0x06 +#define JOB_NOTIFY_PARAMETERS 0x07 +#define JOB_NOTIFY_DRIVER_NAME 0x08 +#define JOB_NOTIFY_DEVMODE 0x09 +#define JOB_NOTIFY_STATUS 0x0A +#define JOB_NOTIFY_STATUS_STRING 0x0B +#define JOB_NOTIFY_SECURITY_DESCRIPTOR 0x0C +#define JOB_NOTIFY_DOCUMENT 0x0D +#define JOB_NOTIFY_PRIORITY 0x0E +#define JOB_NOTIFY_POSITION 0x0F +#define JOB_NOTIFY_SUBMITTED 0x10 +#define JOB_NOTIFY_START_TIME 0x11 +#define JOB_NOTIFY_UNTIL_TIME 0x12 +#define JOB_NOTIFY_TIME 0x13 +#define JOB_NOTIFY_TOTAL_PAGES 0x14 +#define JOB_NOTIFY_PAGES_PRINTED 0x15 +#define JOB_NOTIFY_TOTAL_BYTES 0x16 +#define JOB_NOTIFY_BYTES_PRINTED 0x17 + +#define PRINTER_NOTIFY_OPTIONS_REFRESH 0x01 + +#define PRINTER_CHANGE_ADD_PRINTER 0x00000001 +#define PRINTER_CHANGE_SET_PRINTER 0x00000002 +#define PRINTER_CHANGE_DELETE_PRINTER 0x00000004 +#define PRINTER_CHANGE_FAILED_CONNECTION_PRINTER 0x00000008 +#define PRINTER_CHANGE_PRINTER (PRINTER_CHANGE_ADD_PRINTER | \ + PRINTER_CHANGE_SET_PRINTER | \ + PRINTER_CHANGE_DELETE_PRINTER | \ + PRINTER_CHANGE_FAILED_CONNECTION_PRINTER ) + +#define PRINTER_CHANGE_ADD_JOB 0x00000100 +#define PRINTER_CHANGE_SET_JOB 0x00000200 +#define PRINTER_CHANGE_DELETE_JOB 0x00000400 +#define PRINTER_CHANGE_WRITE_JOB 0x00000800 +#define PRINTER_CHANGE_JOB (PRINTER_CHANGE_ADD_JOB | \ + PRINTER_CHANGE_SET_JOB | \ + PRINTER_CHANGE_DELETE_JOB | \ + PRINTER_CHANGE_WRITE_JOB ) + +#define PRINTER_CHANGE_ADD_FORM 0x00010000 +#define PRINTER_CHANGE_SET_FORM 0x00020000 +#define PRINTER_CHANGE_DELETE_FORM 0x00040000 +#define PRINTER_CHANGE_FORM (PRINTER_CHANGE_ADD_FORM | \ + PRINTER_CHANGE_SET_FORM | \ + PRINTER_CHANGE_DELETE_FORM ) + +#define PRINTER_CHANGE_ADD_PORT 0x00100000 +#define PRINTER_CHANGE_CONFIGURE_PORT 0x00200000 +#define PRINTER_CHANGE_DELETE_PORT 0x00400000 +#define PRINTER_CHANGE_PORT (PRINTER_CHANGE_ADD_PORT | \ + PRINTER_CHANGE_CONFIGURE_PORT | \ + PRINTER_CHANGE_DELETE_PORT ) + +#define PRINTER_CHANGE_ADD_PRINT_PROCESSOR 0x01000000 +#define PRINTER_CHANGE_DELETE_PRINT_PROCESSOR 0x04000000 +#define PRINTER_CHANGE_PRINT_PROCESSOR (PRINTER_CHANGE_ADD_PRINT_PROCESSOR | \ + PRINTER_CHANGE_DELETE_PRINT_PROCESSOR ) + +#define PRINTER_CHANGE_ADD_PRINTER_DRIVER 0x10000000 +#define PRINTER_CHANGE_SET_PRINTER_DRIVER 0x20000000 +#define PRINTER_CHANGE_DELETE_PRINTER_DRIVER 0x40000000 +#define PRINTER_CHANGE_PRINTER_DRIVER (PRINTER_CHANGE_ADD_PRINTER_DRIVER | \ + PRINTER_CHANGE_SET_PRINTER_DRIVER | \ + PRINTER_CHANGE_DELETE_PRINTER_DRIVER ) + +#define PRINTER_CHANGE_TIMEOUT 0x80000000 +#define PRINTER_CHANGE_ALL (PRINTER_CHANGE_JOB | \ + PRINTER_CHANGE_FORM | \ + PRINTER_CHANGE_PORT | \ + PRINTER_CHANGE_PRINT_PROCESSOR | \ + PRINTER_CHANGE_PRINTER_DRIVER ) + +#define PRINTER_NOTIFY_INFO_DISCARDED 0x1 + +/* + * Set of macros for flagging what changed in the PRINTER_INFO_2 struct + * when sending messages to other smbd's + */ +#define PRINTER_MESSAGE_NULL 0x00000000 +#define PRINTER_MESSAGE_DRIVER 0x00000001 +#define PRINTER_MESSAGE_COMMENT 0x00000002 +#define PRINTER_MESSAGE_PRINTERNAME 0x00000004 +#define PRINTER_MESSAGE_LOCATION 0x00000008 +#define PRINTER_MESSAGE_DEVMODE 0x00000010 /* not curently supported */ +#define PRINTER_MESSAGE_SEPFILE 0x00000020 +#define PRINTER_MESSAGE_PRINTPROC 0x00000040 +#define PRINTER_MESSAGE_PARAMS 0x00000080 +#define PRINTER_MESSAGE_DATATYPE 0x00000100 +#define PRINTER_MESSAGE_SECDESC 0x00000200 +#define PRINTER_MESSAGE_CJOBS 0x00000400 +#define PRINTER_MESSAGE_PORT 0x00000800 +#define PRINTER_MESSAGE_SHARENAME 0x00001000 +#define PRINTER_MESSAGE_ATTRIBUTES 0x00002000 + +typedef struct printer_message_info { + uint32 low; /* PRINTER_CHANGE_XXX */ + uint32 high; /* PRINTER_CHANGE_XXX */ + fstring printer_name; + uint32 flags; /* PRINTER_MESSAGE_XXX */ +} +PRINTER_MESSAGE_INFO; + +/* + * The printer attributes. + * I #defined all of them (grabbed form MSDN) + * I'm only using: + * ( SHARED | NETWORK | RAW_ONLY ) + * RAW_ONLY _MUST_ be present otherwise NT will send an EMF file + */ + +#define PRINTER_ATTRIBUTE_QUEUED 0x00000001 +#define PRINTER_ATTRIBUTE_DIRECT 0x00000002 +#define PRINTER_ATTRIBUTE_DEFAULT 0x00000004 +#define PRINTER_ATTRIBUTE_SHARED 0x00000008 + +#define PRINTER_ATTRIBUTE_NETWORK 0x00000010 +#define PRINTER_ATTRIBUTE_HIDDEN 0x00000020 +#define PRINTER_ATTRIBUTE_LOCAL 0x00000040 +#define PRINTER_ATTRIBUTE_ENABLE_DEVQ 0x00000080 + +#define PRINTER_ATTRIBUTE_KEEPPRINTEDJOBS 0x00000100 +#define PRINTER_ATTRIBUTE_DO_COMPLETE_FIRST 0x00000200 +#define PRINTER_ATTRIBUTE_WORK_OFFLINE 0x00000400 +#define PRINTER_ATTRIBUTE_ENABLE_BIDI 0x00000800 + +#define PRINTER_ATTRIBUTE_RAW_ONLY 0x00001000 + +#define NO_PRIORITY 0 +#define MAX_PRIORITY 99 +#define MIN_PRIORITY 1 +#define DEF_PRIORITY 1 + +/* the flags of the query */ +#define PRINTER_ENUM_DEFAULT 0x00000001 +#define PRINTER_ENUM_LOCAL 0x00000002 +#define PRINTER_ENUM_CONNECTIONS 0x00000004 +#define PRINTER_ENUM_FAVORITE 0x00000004 +#define PRINTER_ENUM_NAME 0x00000008 +#define PRINTER_ENUM_REMOTE 0x00000010 +#define PRINTER_ENUM_SHARED 0x00000020 +#define PRINTER_ENUM_NETWORK 0x00000040 + +/* the flags of each printers */ +#define PRINTER_ENUM_UNKNOWN_8 0x00000008 +#define PRINTER_ENUM_EXPAND 0x00004000 +#define PRINTER_ENUM_CONTAINER 0x00008000 +#define PRINTER_ENUM_ICONMASK 0x00ff0000 +#define PRINTER_ENUM_ICON1 0x00010000 +#define PRINTER_ENUM_ICON2 0x00020000 +#define PRINTER_ENUM_ICON3 0x00040000 +#define PRINTER_ENUM_ICON4 0x00080000 +#define PRINTER_ENUM_ICON5 0x00100000 +#define PRINTER_ENUM_ICON6 0x00200000 +#define PRINTER_ENUM_ICON7 0x00400000 +#define PRINTER_ENUM_ICON8 0x00800000 + +/* this struct is undocumented */ +/* thanks to the ddk ... */ +typedef struct spool_user_1 +{ + uint32 size; /* length of user_name & client_name + 2? */ + uint32 client_name_ptr; + uint32 user_name_ptr; + uint32 build; + uint32 major; + uint32 minor; + uint32 processor; + UNISTR2 client_name; + UNISTR2 user_name; +} +SPOOL_USER_1; + +typedef struct spool_user_ctr_info +{ + uint32 level; + uint32 ptr; + SPOOL_USER_1 user1; +} +SPOOL_USER_CTR; + +/* + * various bits in the DEVICEMODE.fields member + */ + +#define DEVMODE_ORIENTATION 0x00000001 +#define DEVMODE_PAPERSIZE 0x00000002 +#define DEVMODE_PAPERLENGTH 0x00000004 +#define DEVMODE_PAPERWIDTH 0x00000008 +#define DEVMODE_SCALE 0x00000010 +#define DEVMODE_POSITION 0x00000020 +#define DEVMODE_NUP 0x00000040 +#define DEVMODE_COPIES 0x00000100 +#define DEVMODE_DEFAULTSOURCE 0x00000200 +#define DEVMODE_PRINTQUALITY 0x00000400 +#define DEVMODE_COLOR 0x00000800 +#define DEVMODE_DUPLEX 0x00001000 +#define DEVMODE_YRESOLUTION 0x00002000 +#define DEVMODE_TTOPTION 0x00004000 +#define DEVMODE_COLLATE 0x00008000 +#define DEVMODE_FORMNAME 0x00010000 +#define DEVMODE_LOGPIXELS 0x00020000 +#define DEVMODE_BITSPERPEL 0x00040000 +#define DEVMODE_PELSWIDTH 0x00080000 +#define DEVMODE_PELSHEIGHT 0x00100000 +#define DEVMODE_DISPLAYFLAGS 0x00200000 +#define DEVMODE_DISPLAYFREQUENCY 0x00400000 +#define DEVMODE_ICMMETHOD 0x00800000 +#define DEVMODE_ICMINTENT 0x01000000 +#define DEVMODE_MEDIATYPE 0x02000000 +#define DEVMODE_DITHERTYPE 0x04000000 +#define DEVMODE_PANNINGWIDTH 0x08000000 +#define DEVMODE_PANNINGHEIGHT 0x10000000 + + +/* + * Devicemode structure + */ + +typedef struct devicemode +{ + UNISTR devicename; + uint16 specversion; + uint16 driverversion; + uint16 size; + uint16 driverextra; + uint32 fields; + uint16 orientation; + uint16 papersize; + uint16 paperlength; + uint16 paperwidth; + uint16 scale; + uint16 copies; + uint16 defaultsource; + uint16 printquality; + uint16 color; + uint16 duplex; + uint16 yresolution; + uint16 ttoption; + uint16 collate; + UNISTR formname; + uint16 logpixels; + uint32 bitsperpel; + uint32 pelswidth; + uint32 pelsheight; + uint32 displayflags; + uint32 displayfrequency; + uint32 icmmethod; + uint32 icmintent; + uint32 mediatype; + uint32 dithertype; + uint32 reserved1; + uint32 reserved2; + uint32 panningwidth; + uint32 panningheight; + uint8 *private; +} +DEVICEMODE; + +typedef struct _devmode_cont +{ + uint32 size; + uint32 devmode_ptr; + DEVICEMODE *devmode; +} +DEVMODE_CTR; + +typedef struct _printer_default +{ + uint32 datatype_ptr; + UNISTR2 datatype; + DEVMODE_CTR devmode_cont; + uint32 access_required; +} +PRINTER_DEFAULT; + +/* SPOOL_Q_OPEN_PRINTER request to open a printer */ +typedef struct spool_q_open_printer +{ + uint32 printername_ptr; + UNISTR2 printername; + PRINTER_DEFAULT printer_default; +} +SPOOL_Q_OPEN_PRINTER; + +/* SPOOL_R_OPEN_PRINTER reply to an open printer */ +typedef struct spool_r_open_printer +{ + POLICY_HND handle; /* handle used along all transactions (20*uint8) */ + WERROR status; +} +SPOOL_R_OPEN_PRINTER; + +/* SPOOL_Q_OPEN_PRINTER_EX request to open a printer */ +typedef struct spool_q_open_printer_ex +{ + uint32 printername_ptr; + UNISTR2 printername; + PRINTER_DEFAULT printer_default; + uint32 user_switch; + SPOOL_USER_CTR user_ctr; +} +SPOOL_Q_OPEN_PRINTER_EX; + +/* SPOOL_R_OPEN_PRINTER_EX reply to an open printer */ +typedef struct spool_r_open_printer_ex +{ + POLICY_HND handle; /* handle used along all transactions (20*uint8) */ + WERROR status; +} +SPOOL_R_OPEN_PRINTER_EX; + +typedef struct spool_notify_option_type +{ + uint16 type; + uint16 reserved0; + uint32 reserved1; + uint32 reserved2; + uint32 count; + uint32 fields_ptr; + uint32 count2; + uint16 fields[MAX_NOTIFY_TYPE_FOR_NOW]; +} +SPOOL_NOTIFY_OPTION_TYPE; + +typedef struct spool_notify_option_type_ctr +{ + uint32 count; + SPOOL_NOTIFY_OPTION_TYPE *type; +} +SPOOL_NOTIFY_OPTION_TYPE_CTR; + + + +typedef struct s_header_type +{ + uint32 type; + union + { + uint32 value; + UNISTR string; + } + data; +} +HEADER_TYPE; + +typedef struct new_buffer +{ + uint32 ptr; + uint32 size; + prs_struct prs; + uint32 struct_start; + uint32 string_at_end; +} +NEW_BUFFER; + +typedef struct spool_q_getprinterdata +{ + POLICY_HND handle; + UNISTR2 valuename; + uint32 size; +} +SPOOL_Q_GETPRINTERDATA; + +typedef struct spool_r_getprinterdata +{ + uint32 type; + uint32 size; + uint8 *data; + uint32 needed; + WERROR status; +} +SPOOL_R_GETPRINTERDATA; + +typedef struct spool_q_deleteprinterdata +{ + POLICY_HND handle; + UNISTR2 valuename; +} +SPOOL_Q_DELETEPRINTERDATA; + +typedef struct spool_r_deleteprinterdata +{ + WERROR status; +} +SPOOL_R_DELETEPRINTERDATA; + +typedef struct spool_q_closeprinter +{ + POLICY_HND handle; +} +SPOOL_Q_CLOSEPRINTER; + +typedef struct spool_r_closeprinter +{ + POLICY_HND handle; + WERROR status; +} +SPOOL_R_CLOSEPRINTER; + +typedef struct spool_q_startpageprinter +{ + POLICY_HND handle; +} +SPOOL_Q_STARTPAGEPRINTER; + +typedef struct spool_r_startpageprinter +{ + WERROR status; +} +SPOOL_R_STARTPAGEPRINTER; + +typedef struct spool_q_endpageprinter +{ + POLICY_HND handle; +} +SPOOL_Q_ENDPAGEPRINTER; + +typedef struct spool_r_endpageprinter +{ + WERROR status; +} +SPOOL_R_ENDPAGEPRINTER; + + +typedef struct spool_q_deleteprinterdriver +{ + uint32 server_ptr; + UNISTR2 server; + UNISTR2 arch; + UNISTR2 driver; +} +SPOOL_Q_DELETEPRINTERDRIVER; + +typedef struct spool_r_deleteprinterdriver +{ + WERROR status; +} +SPOOL_R_DELETEPRINTERDRIVER; + + +typedef struct spool_doc_info_1 +{ + uint32 p_docname; + uint32 p_outputfile; + uint32 p_datatype; + UNISTR2 docname; + UNISTR2 outputfile; + UNISTR2 datatype; +} +DOC_INFO_1; + +typedef struct spool_doc_info +{ + uint32 switch_value; + DOC_INFO_1 doc_info_1; +} +DOC_INFO; + +typedef struct spool_doc_info_container +{ + uint32 level; + DOC_INFO docinfo; +} +DOC_INFO_CONTAINER; + +typedef struct spool_q_startdocprinter +{ + POLICY_HND handle; + DOC_INFO_CONTAINER doc_info_container; +} +SPOOL_Q_STARTDOCPRINTER; + +typedef struct spool_r_startdocprinter +{ + uint32 jobid; + WERROR status; +} +SPOOL_R_STARTDOCPRINTER; + +typedef struct spool_q_enddocprinter +{ + POLICY_HND handle; +} +SPOOL_Q_ENDDOCPRINTER; + +typedef struct spool_r_enddocprinter +{ + WERROR status; +} +SPOOL_R_ENDDOCPRINTER; + +typedef struct spool_q_writeprinter +{ + POLICY_HND handle; + uint32 buffer_size; + uint8 *buffer; + uint32 buffer_size2; +} +SPOOL_Q_WRITEPRINTER; + +typedef struct spool_r_writeprinter +{ + uint32 buffer_written; + WERROR status; +} +SPOOL_R_WRITEPRINTER; + +typedef struct spool_notify_option +{ + uint32 version; + uint32 flags; + uint32 count; + uint32 option_type_ptr; + SPOOL_NOTIFY_OPTION_TYPE_CTR ctr; +} +SPOOL_NOTIFY_OPTION; + +typedef struct spool_notify_info_data +{ + uint16 type; + uint16 field; + uint32 reserved; + uint32 id; + union + { + uint32 value[2]; + struct + { + uint32 length; + uint16 *string; + } + data; + } + notify_data; + uint32 size; + BOOL enc_type; +} SPOOL_NOTIFY_INFO_DATA; + +typedef struct spool_notify_info +{ + uint32 version; + uint32 flags; + uint32 count; + SPOOL_NOTIFY_INFO_DATA *data; +} +SPOOL_NOTIFY_INFO; + +/* If the struct name looks obscure, yes it is ! */ +/* RemoteFindFirstPrinterChangeNotificationEx query struct */ +typedef struct spoolss_q_rffpcnex +{ + POLICY_HND handle; + uint32 flags; + uint32 options; + uint32 localmachine_ptr; + UNISTR2 localmachine; + uint32 printerlocal; + uint32 option_ptr; + SPOOL_NOTIFY_OPTION *option; +} +SPOOL_Q_RFFPCNEX; + +typedef struct spool_r_rffpcnex +{ + WERROR status; +} +SPOOL_R_RFFPCNEX; + +/* Remote Find Next Printer Change Notify Ex */ +typedef struct spool_q_rfnpcnex +{ + POLICY_HND handle; + uint32 change; + uint32 option_ptr; + SPOOL_NOTIFY_OPTION *option; +} +SPOOL_Q_RFNPCNEX; + +typedef struct spool_r_rfnpcnex +{ + uint32 info_ptr; + SPOOL_NOTIFY_INFO info; + WERROR status; +} +SPOOL_R_RFNPCNEX; + +/* Find Close Printer Notify */ +typedef struct spool_q_fcpn +{ + POLICY_HND handle; +} +SPOOL_Q_FCPN; + +typedef struct spool_r_fcpn +{ + WERROR status; +} +SPOOL_R_FCPN; + + +typedef struct printer_info_0 +{ + UNISTR printername; + UNISTR servername; + uint32 cjobs; + uint32 total_jobs; + uint32 total_bytes; + + uint16 year; + uint16 month; + uint16 dayofweek; + uint16 day; + uint16 hour; + uint16 minute; + uint16 second; + uint16 milliseconds; + + uint32 global_counter; + uint32 total_pages; + + uint16 major_version; + uint16 build_version; + + uint32 unknown7; + uint32 unknown8; + uint32 unknown9; + uint32 session_counter; + uint32 unknown11; + uint32 printer_errors; + uint32 unknown13; + uint32 unknown14; + uint32 unknown15; + uint32 unknown16; + uint32 change_id; + uint32 unknown18; + uint32 status; + uint32 unknown20; + uint32 c_setprinter; + + uint16 unknown22; + uint16 unknown23; + uint16 unknown24; + uint16 unknown25; + uint16 unknown26; + uint16 unknown27; + uint16 unknown28; + uint16 unknown29; +} PRINTER_INFO_0; + +typedef struct printer_info_1 +{ + uint32 flags; + UNISTR description; + UNISTR name; + UNISTR comment; +} +PRINTER_INFO_1; + +typedef struct printer_info_2 +{ + UNISTR servername; + UNISTR printername; + UNISTR sharename; + UNISTR portname; + UNISTR drivername; + UNISTR comment; + UNISTR location; + DEVICEMODE *devmode; + UNISTR sepfile; + UNISTR printprocessor; + UNISTR datatype; + UNISTR parameters; + SEC_DESC *secdesc; + uint32 attributes; + uint32 priority; + uint32 defaultpriority; + uint32 starttime; + uint32 untiltime; + uint32 status; + uint32 cjobs; + uint32 averageppm; +} +PRINTER_INFO_2; + +typedef struct printer_info_3 +{ + uint32 flags; + SEC_DESC *secdesc; +} +PRINTER_INFO_3; + +typedef struct printer_info_4 +{ + UNISTR printername; + UNISTR servername; + uint32 attributes; +} +PRINTER_INFO_4; + +typedef struct printer_info_5 +{ + UNISTR printername; + UNISTR portname; + uint32 attributes; + uint32 device_not_selected_timeout; + uint32 transmission_retry_timeout; +} +PRINTER_INFO_5; + +typedef struct spool_q_enumprinters +{ + uint32 flags; + uint32 servername_ptr; + UNISTR2 servername; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMPRINTERS; + +typedef struct printer_info_ctr_info +{ + PRINTER_INFO_0 *printers_0; + PRINTER_INFO_1 *printers_1; + PRINTER_INFO_2 *printers_2; + PRINTER_INFO_3 *printers_3; + PRINTER_INFO_4 *printers_4; + PRINTER_INFO_5 *printers_5; +} +PRINTER_INFO_CTR; + +typedef struct spool_r_enumprinters +{ + NEW_BUFFER *buffer; + uint32 needed; /* bytes needed */ + uint32 returned; /* number of printers */ + WERROR status; +} +SPOOL_R_ENUMPRINTERS; + + +typedef struct spool_q_getprinter +{ + POLICY_HND handle; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_GETPRINTER; + +typedef struct printer_info_info +{ + union + { + PRINTER_INFO_0 *info0; + PRINTER_INFO_1 *info1; + PRINTER_INFO_2 *info2; + void *info; + } printer; +} PRINTER_INFO; + +typedef struct spool_r_getprinter +{ + NEW_BUFFER *buffer; + uint32 needed; + WERROR status; +} SPOOL_R_GETPRINTER; + +typedef struct driver_info_1 +{ + UNISTR name; +} DRIVER_INFO_1; + +typedef struct driver_info_2 +{ + uint32 version; + UNISTR name; + UNISTR architecture; + UNISTR driverpath; + UNISTR datafile; + UNISTR configfile; +} DRIVER_INFO_2; + +typedef struct driver_info_3 +{ + uint32 version; + UNISTR name; + UNISTR architecture; + UNISTR driverpath; + UNISTR datafile; + UNISTR configfile; + UNISTR helpfile; + uint16 *dependentfiles; + UNISTR monitorname; + UNISTR defaultdatatype; +} +DRIVER_INFO_3; + +typedef struct driver_info_6 +{ + uint32 version; + UNISTR name; + UNISTR architecture; + UNISTR driverpath; + UNISTR datafile; + UNISTR configfile; + UNISTR helpfile; + uint16 *dependentfiles; + UNISTR monitorname; + UNISTR defaultdatatype; + uint16* previousdrivernames; + NTTIME driver_date; + uint32 padding; + uint32 driver_version_low; + uint32 driver_version_high; + UNISTR mfgname; + UNISTR oem_url; + UNISTR hardware_id; + UNISTR provider; +} +DRIVER_INFO_6; + +typedef struct driver_info_info +{ + DRIVER_INFO_1 *info1; + DRIVER_INFO_2 *info2; + DRIVER_INFO_3 *info3; + DRIVER_INFO_6 *info6; +} +PRINTER_DRIVER_CTR; + +typedef struct spool_q_getprinterdriver2 +{ + POLICY_HND handle; + uint32 architecture_ptr; + UNISTR2 architecture; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; + uint32 clientmajorversion; + uint32 clientminorversion; +} +SPOOL_Q_GETPRINTERDRIVER2; + +typedef struct spool_r_getprinterdriver2 +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 servermajorversion; + uint32 serverminorversion; + WERROR status; +} +SPOOL_R_GETPRINTERDRIVER2; + + +typedef struct add_jobinfo_1 +{ + UNISTR path; + uint32 job_number; +} +ADD_JOBINFO_1; + + +typedef struct spool_q_addjob +{ + POLICY_HND handle; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ADDJOB; + +typedef struct spool_r_addjob +{ + NEW_BUFFER *buffer; + uint32 needed; + WERROR status; +} +SPOOL_R_ADDJOB; + +/* + * I'm really wondering how many different time formats + * I will have to cope with + * + * JFM, 09/13/98 In a mad mood ;-( +*/ +typedef struct systemtime +{ + uint16 year; + uint16 month; + uint16 dayofweek; + uint16 day; + uint16 hour; + uint16 minute; + uint16 second; + uint16 milliseconds; +} +SYSTEMTIME; + +typedef struct s_job_info_1 +{ + uint32 jobid; + UNISTR printername; + UNISTR machinename; + UNISTR username; + UNISTR document; + UNISTR datatype; + UNISTR text_status; + uint32 status; + uint32 priority; + uint32 position; + uint32 totalpages; + uint32 pagesprinted; + SYSTEMTIME submitted; +} +JOB_INFO_1; + +typedef struct s_job_info_2 +{ + uint32 jobid; + UNISTR printername; + UNISTR machinename; + UNISTR username; + UNISTR document; + UNISTR notifyname; + UNISTR datatype; + UNISTR printprocessor; + UNISTR parameters; + UNISTR drivername; + DEVICEMODE *devmode; + UNISTR text_status; +/* SEC_DESC sec_desc;*/ + uint32 status; + uint32 priority; + uint32 position; + uint32 starttime; + uint32 untiltime; + uint32 totalpages; + uint32 size; + SYSTEMTIME submitted; + uint32 timeelapsed; + uint32 pagesprinted; +} +JOB_INFO_2; + +typedef struct spool_q_enumjobs +{ + POLICY_HND handle; + uint32 firstjob; + uint32 numofjobs; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMJOBS; + +typedef struct job_info_ctr_info +{ + union + { + JOB_INFO_1 **job_info_1; + JOB_INFO_2 **job_info_2; + void *info; + } job; + +} JOB_INFO_CTR; + +typedef struct spool_r_enumjobs +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 returned; + WERROR status; +} +SPOOL_R_ENUMJOBS; + +typedef struct spool_q_schedulejob +{ + POLICY_HND handle; + uint32 jobid; +} +SPOOL_Q_SCHEDULEJOB; + +typedef struct spool_r_schedulejob +{ + WERROR status; +} +SPOOL_R_SCHEDULEJOB; + +typedef struct s_port_info_1 +{ + UNISTR port_name; +} +PORT_INFO_1; + +typedef struct s_port_info_2 +{ + UNISTR port_name; + UNISTR monitor_name; + UNISTR description; + uint32 port_type; + uint32 reserved; +} +PORT_INFO_2; + +typedef struct spool_q_enumports +{ + uint32 name_ptr; + UNISTR2 name; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMPORTS; + +typedef struct port_info_ctr_info +{ + union + { + PORT_INFO_1 *info_1; + PORT_INFO_2 *info_2; + } + port; + +} +PORT_INFO_CTR; + +typedef struct spool_r_enumports +{ + NEW_BUFFER *buffer; + uint32 needed; /* bytes needed */ + uint32 returned; /* number of printers */ + WERROR status; +} +SPOOL_R_ENUMPORTS; + +#define JOB_CONTROL_PAUSE 1 +#define JOB_CONTROL_RESUME 2 +#define JOB_CONTROL_CANCEL 3 +#define JOB_CONTROL_RESTART 4 +#define JOB_CONTROL_DELETE 5 + +typedef struct job_info_info +{ + union + { + JOB_INFO_1 job_info_1; + JOB_INFO_2 job_info_2; + } + job; + +} +JOB_INFO; + +typedef struct spool_q_setjob +{ + POLICY_HND handle; + uint32 jobid; + uint32 level; + JOB_INFO ctr; + uint32 command; + +} +SPOOL_Q_SETJOB; + +typedef struct spool_r_setjob +{ + WERROR status; + +} +SPOOL_R_SETJOB; + +typedef struct spool_q_enumprinterdrivers +{ + uint32 name_ptr; + UNISTR2 name; + uint32 environment_ptr; + UNISTR2 environment; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMPRINTERDRIVERS; + +typedef struct spool_r_enumprinterdrivers +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 returned; + WERROR status; +} +SPOOL_R_ENUMPRINTERDRIVERS; + +#define FORM_USER 0 +#define FORM_BUILTIN 1 +#define FORM_PRINTER 2 + +typedef struct spool_form_1 +{ + uint32 flag; + UNISTR name; + uint32 width; + uint32 length; + uint32 left; + uint32 top; + uint32 right; + uint32 bottom; +} +FORM_1; + +typedef struct spool_q_enumforms +{ + POLICY_HND handle; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMFORMS; + +typedef struct spool_r_enumforms +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 numofforms; + WERROR status; +} +SPOOL_R_ENUMFORMS; + +typedef struct spool_q_getform +{ + POLICY_HND handle; + UNISTR2 formname; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_GETFORM; + +typedef struct spool_r_getform +{ + NEW_BUFFER *buffer; + uint32 needed; + WERROR status; +} +SPOOL_R_GETFORM; + +typedef struct spool_printer_info_level_1 +{ + uint32 flags; + uint32 description_ptr; + uint32 name_ptr; + uint32 comment_ptr; + UNISTR2 description; + UNISTR2 name; + UNISTR2 comment; +} SPOOL_PRINTER_INFO_LEVEL_1; + +typedef struct spool_printer_info_level_2 +{ + uint32 servername_ptr; + uint32 printername_ptr; + uint32 sharename_ptr; + uint32 portname_ptr; + uint32 drivername_ptr; + uint32 comment_ptr; + uint32 location_ptr; + uint32 devmode_ptr; + uint32 sepfile_ptr; + uint32 printprocessor_ptr; + uint32 datatype_ptr; + uint32 parameters_ptr; + uint32 secdesc_ptr; + uint32 attributes; + uint32 priority; + uint32 default_priority; + uint32 starttime; + uint32 untiltime; + uint32 status; + uint32 cjobs; + uint32 averageppm; + UNISTR2 servername; + UNISTR2 printername; + UNISTR2 sharename; + UNISTR2 portname; + UNISTR2 drivername; + UNISTR2 comment; + UNISTR2 location; + UNISTR2 sepfile; + UNISTR2 printprocessor; + UNISTR2 datatype; + UNISTR2 parameters; +} +SPOOL_PRINTER_INFO_LEVEL_2; + +typedef struct spool_printer_info_level_3 +{ + uint32 secdesc_ptr; +} +SPOOL_PRINTER_INFO_LEVEL_3; + +typedef struct spool_printer_info_level +{ + uint32 level; + uint32 info_ptr; + SPOOL_PRINTER_INFO_LEVEL_1 *info_1; + SPOOL_PRINTER_INFO_LEVEL_2 *info_2; + SPOOL_PRINTER_INFO_LEVEL_3 *info_3; +} +SPOOL_PRINTER_INFO_LEVEL; + +typedef struct spool_printer_driver_info_level_3 +{ + uint32 cversion; + uint32 name_ptr; + uint32 environment_ptr; + uint32 driverpath_ptr; + uint32 datafile_ptr; + uint32 configfile_ptr; + uint32 helpfile_ptr; + uint32 monitorname_ptr; + uint32 defaultdatatype_ptr; + uint32 dependentfilessize; + uint32 dependentfiles_ptr; + + UNISTR2 name; + UNISTR2 environment; + UNISTR2 driverpath; + UNISTR2 datafile; + UNISTR2 configfile; + UNISTR2 helpfile; + UNISTR2 monitorname; + UNISTR2 defaultdatatype; + BUFFER5 dependentfiles; + +} +SPOOL_PRINTER_DRIVER_INFO_LEVEL_3; + +/* SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 structure */ +typedef struct { + uint32 version; + uint32 name_ptr; + uint32 environment_ptr; + uint32 driverpath_ptr; + uint32 datafile_ptr; + uint32 configfile_ptr; + uint32 helpfile_ptr; + uint32 monitorname_ptr; + uint32 defaultdatatype_ptr; + uint32 dependentfiles_len; + uint32 dependentfiles_ptr; + uint32 previousnames_len; + uint32 previousnames_ptr; + NTTIME driverdate; + UINT64_S driverversion; + uint32 dummy4; + uint32 mfgname_ptr; + uint32 oemurl_ptr; + uint32 hardwareid_ptr; + uint32 provider_ptr; + UNISTR2 name; + UNISTR2 environment; + UNISTR2 driverpath; + UNISTR2 datafile; + UNISTR2 configfile; + UNISTR2 helpfile; + UNISTR2 monitorname; + UNISTR2 defaultdatatype; + BUFFER5 dependentfiles; + BUFFER5 previousnames; + UNISTR2 mfgname; + UNISTR2 oemurl; + UNISTR2 hardwareid; + UNISTR2 provider; +} SPOOL_PRINTER_DRIVER_INFO_LEVEL_6; + + +typedef struct spool_printer_driver_info_level +{ + uint32 level; + uint32 ptr; + SPOOL_PRINTER_DRIVER_INFO_LEVEL_3 *info_3; + SPOOL_PRINTER_DRIVER_INFO_LEVEL_6 *info_6; +} +SPOOL_PRINTER_DRIVER_INFO_LEVEL; + + +/* this struct is undocumented */ +/* thanks to the ddk ... */ +typedef struct spool_user_level_1 +{ + uint32 size; + uint32 client_name_ptr; + uint32 user_name_ptr; + uint32 build; + uint32 major; + uint32 minor; + uint32 processor; + UNISTR2 client_name; + UNISTR2 user_name; +} +SPOOL_USER_LEVEL_1; + +typedef struct spool_user_level +{ + SPOOL_USER_LEVEL_1 *user_level_1; +} +SPOOL_USER_LEVEL; + +typedef struct spool_q_setprinter +{ + POLICY_HND handle; + uint32 level; + SPOOL_PRINTER_INFO_LEVEL info; + SEC_DESC_BUF *secdesc_ctr; + DEVMODE_CTR devmode_ctr; + + uint32 command; + +} +SPOOL_Q_SETPRINTER; + +typedef struct spool_r_setprinter +{ + WERROR status; +} +SPOOL_R_SETPRINTER; + +typedef struct spool_q_addprinter +{ + UNISTR2 server_name; + uint32 level; + SPOOL_PRINTER_INFO_LEVEL info; + DEVMODE_CTR devmode_ctr; + SEC_DESC_BUF *secdesc_ctr; + uint32 user_level; + SPOOL_USER_LEVEL user; +} +SPOOL_Q_ADDPRINTER; + +typedef struct spool_r_addprinter +{ + WERROR status; +} +SPOOL_R_ADDPRINTER; + +typedef struct spool_q_deleteprinter +{ + POLICY_HND handle; +} +SPOOL_Q_DELETEPRINTER; + +typedef struct spool_r_deleteprinter +{ + POLICY_HND handle; + WERROR status; +} +SPOOL_R_DELETEPRINTER; + +typedef struct spool_q_abortprinter +{ + POLICY_HND handle; +} +SPOOL_Q_ABORTPRINTER; + +typedef struct spool_r_abortprinter +{ + WERROR status; +} +SPOOL_R_ABORTPRINTER; + + +typedef struct spool_q_addprinterex +{ + uint32 server_name_ptr; + UNISTR2 server_name; + uint32 level; + SPOOL_PRINTER_INFO_LEVEL info; + DEVMODE_CTR devmode_ctr; + SEC_DESC_BUF *secdesc_ctr; + uint32 user_switch; + SPOOL_USER_CTR user_ctr; +} +SPOOL_Q_ADDPRINTEREX; + +typedef struct spool_r_addprinterex +{ + POLICY_HND handle; + WERROR status; +} +SPOOL_R_ADDPRINTEREX; + + +typedef struct spool_q_addprinterdriver +{ + uint32 server_name_ptr; + UNISTR2 server_name; + uint32 level; + SPOOL_PRINTER_DRIVER_INFO_LEVEL info; +} +SPOOL_Q_ADDPRINTERDRIVER; + +typedef struct spool_r_addprinterdriver +{ + WERROR status; +} +SPOOL_R_ADDPRINTERDRIVER; + + +typedef struct driver_directory_1 +{ + UNISTR name; +} +DRIVER_DIRECTORY_1; + +typedef struct driver_info_ctr_info +{ + DRIVER_DIRECTORY_1 *info1; +} +DRIVER_DIRECTORY_CTR; + +typedef struct spool_q_getprinterdriverdirectory +{ + uint32 name_ptr; + UNISTR2 name; + uint32 environment_ptr; + UNISTR2 environment; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_GETPRINTERDRIVERDIR; + +typedef struct spool_r_getprinterdriverdirectory +{ + NEW_BUFFER *buffer; + uint32 needed; + WERROR status; +} +SPOOL_R_GETPRINTERDRIVERDIR; + +typedef struct spool_q_addprintprocessor +{ + uint32 server_ptr; + UNISTR2 server; + UNISTR2 environment; + UNISTR2 path; + UNISTR2 name; +} +SPOOL_Q_ADDPRINTPROCESSOR; + +typedef struct spool_r_addprintprocessor +{ + WERROR status; +} +SPOOL_R_ADDPRINTPROCESSOR; + + +typedef struct spool_q_enumprintprocessors +{ + uint32 name_ptr; + UNISTR2 name; + uint32 environment_ptr; + UNISTR2 environment; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMPRINTPROCESSORS; + +typedef struct printprocessor_1 +{ + UNISTR name; +} +PRINTPROCESSOR_1; + +typedef struct spool_r_enumprintprocessors +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 returned; + WERROR status; +} +SPOOL_R_ENUMPRINTPROCESSORS; + +typedef struct spool_q_enumprintprocdatatypes +{ + uint32 name_ptr; + UNISTR2 name; + uint32 processor_ptr; + UNISTR2 processor; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMPRINTPROCDATATYPES; + +typedef struct ppdatatype_1 +{ + UNISTR name; +} +PRINTPROCDATATYPE_1; + +typedef struct spool_r_enumprintprocdatatypes +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 returned; + WERROR status; +} +SPOOL_R_ENUMPRINTPROCDATATYPES; + +typedef struct printmonitor_1 +{ + UNISTR name; +} +PRINTMONITOR_1; + +typedef struct printmonitor_2 +{ + UNISTR name; + UNISTR environment; + UNISTR dll_name; +} +PRINTMONITOR_2; + +typedef struct spool_q_enumprintmonitors +{ + uint32 name_ptr; + UNISTR2 name; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_ENUMPRINTMONITORS; + +typedef struct spool_r_enumprintmonitors +{ + NEW_BUFFER *buffer; + uint32 needed; + uint32 returned; + WERROR status; +} +SPOOL_R_ENUMPRINTMONITORS; + + +typedef struct spool_q_enumprinterdata +{ + POLICY_HND handle; + uint32 index; + uint32 valuesize; + uint32 datasize; +} +SPOOL_Q_ENUMPRINTERDATA; + +typedef struct spool_r_enumprinterdata +{ + uint32 valuesize; + uint16 *value; + uint32 realvaluesize; + uint32 type; + uint32 datasize; + uint8 *data; + uint32 realdatasize; + WERROR status; +} +SPOOL_R_ENUMPRINTERDATA; + +typedef struct spool_q_setprinterdata +{ + POLICY_HND handle; + UNISTR2 value; + uint32 type; + uint32 max_len; + uint8 *data; + uint32 real_len; + uint32 numeric_data; +} +SPOOL_Q_SETPRINTERDATA; + +typedef struct spool_r_setprinterdata +{ + WERROR status; +} +SPOOL_R_SETPRINTERDATA; + +typedef struct spool_q_resetprinter +{ + POLICY_HND handle; + uint32 datatype_ptr; + UNISTR2 datatype; + DEVMODE_CTR devmode_ctr; + +} SPOOL_Q_RESETPRINTER; + +typedef struct spool_r_resetprinter +{ + WERROR status; +} +SPOOL_R_RESETPRINTER; + + + +typedef struct _form +{ + uint32 flags; + uint32 name_ptr; + uint32 size_x; + uint32 size_y; + uint32 left; + uint32 top; + uint32 right; + uint32 bottom; + UNISTR2 name; +} +FORM; + +typedef struct spool_q_addform +{ + POLICY_HND handle; + uint32 level; + uint32 level2; /* This should really be part of the FORM structure */ + FORM form; +} +SPOOL_Q_ADDFORM; + +typedef struct spool_r_addform +{ + WERROR status; +} +SPOOL_R_ADDFORM; + +typedef struct spool_q_setform +{ + POLICY_HND handle; + UNISTR2 name; + uint32 level; + uint32 level2; + FORM form; +} +SPOOL_Q_SETFORM; + +typedef struct spool_r_setform +{ + WERROR status; +} +SPOOL_R_SETFORM; + +typedef struct spool_q_deleteform +{ + POLICY_HND handle; + UNISTR2 name; +} +SPOOL_Q_DELETEFORM; + +typedef struct spool_r_deleteform +{ + WERROR status; +} +SPOOL_R_DELETEFORM; + +typedef struct spool_q_getjob +{ + POLICY_HND handle; + uint32 jobid; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_GETJOB; + +typedef struct pjob_info_info +{ + union + { + JOB_INFO_1 *job_info_1; + JOB_INFO_2 *job_info_2; + void *info; + } + job; + +} +PJOB_INFO; + +typedef struct spool_r_getjob +{ + NEW_BUFFER *buffer; + uint32 needed; + WERROR status; +} +SPOOL_R_GETJOB; + +typedef struct spool_q_replyopenprinter +{ + UNISTR2 string; + uint32 printer; + uint32 type; + uint32 unknown0; + uint32 unknown1; +} +SPOOL_Q_REPLYOPENPRINTER; + +typedef struct spool_r_replyopenprinter +{ + POLICY_HND handle; + WERROR status; +} +SPOOL_R_REPLYOPENPRINTER; + +typedef struct spool_q_routerreplyprinter +{ + POLICY_HND handle; + uint32 condition; + uint32 unknown1; /* 0x00000001 */ + uint32 change_id; + uint8 unknown2[5]; /* 0x0000000001 */ +} +SPOOL_Q_ROUTERREPLYPRINTER; + +typedef struct spool_r_routerreplyprinter +{ + WERROR status; +} +SPOOL_R_ROUTERREPLYPRINTER; + +typedef struct spool_q_replycloseprinter +{ + POLICY_HND handle; +} +SPOOL_Q_REPLYCLOSEPRINTER; + +typedef struct spool_r_replycloseprinter +{ + POLICY_HND handle; + WERROR status; +} +SPOOL_R_REPLYCLOSEPRINTER; + +typedef struct spool_q_rrpcn +{ + POLICY_HND handle; + uint32 change_low; + uint32 change_high; + uint32 unknown0; + uint32 unknown1; + uint32 info_ptr; + SPOOL_NOTIFY_INFO info; +} +SPOOL_Q_REPLY_RRPCN; + +typedef struct spool_r_rrpcn +{ + uint32 unknown0; + WERROR status; +} +SPOOL_R_REPLY_RRPCN; + +typedef struct spool_q_getprinterdataex +{ + POLICY_HND handle; + UNISTR2 keyname; + UNISTR2 valuename; + uint32 size; +} +SPOOL_Q_GETPRINTERDATAEX; + +typedef struct spool_r_getprinterdataex +{ + uint32 type; + uint32 size; + uint8 *data; + uint32 needed; + WERROR status; +} +SPOOL_R_GETPRINTERDATAEX; + +typedef struct spool_q_setprinterdataex +{ + POLICY_HND handle; + UNISTR2 key; + UNISTR2 value; + uint32 type; + uint32 max_len; + uint8 *data; + uint32 real_len; + uint32 numeric_data; +} +SPOOL_Q_SETPRINTERDATAEX; + +typedef struct spool_r_setprinterdataex +{ + WERROR status; +} +SPOOL_R_SETPRINTERDATAEX; + + +typedef struct spool_q_enumprinterkey +{ + POLICY_HND handle; + UNISTR2 key; + uint32 size; +} +SPOOL_Q_ENUMPRINTERKEY; + +typedef struct spool_r_enumprinterkey +{ + BUFFER5 keys; + uint32 needed; /* in bytes */ + WERROR status; +} +SPOOL_R_ENUMPRINTERKEY; + +typedef struct printer_enum_values +{ + UNISTR valuename; + uint32 value_len; + uint32 type; + uint8 *data; + uint32 data_len; + +} +PRINTER_ENUM_VALUES; + +typedef struct printer_enum_values_ctr +{ + uint32 size; + uint32 size_of_array; + PRINTER_ENUM_VALUES *values; +} +PRINTER_ENUM_VALUES_CTR; + +typedef struct spool_q_enumprinterdataex +{ + POLICY_HND handle; + UNISTR2 key; + uint32 size; +} +SPOOL_Q_ENUMPRINTERDATAEX; + +typedef struct spool_r_enumprinterdataex +{ + PRINTER_ENUM_VALUES_CTR ctr; + uint32 needed; + uint32 returned; + WERROR status; +} +SPOOL_R_ENUMPRINTERDATAEX; + +typedef struct printprocessor_directory_1 +{ + UNISTR name; +} +PRINTPROCESSOR_DIRECTORY_1; + +typedef struct spool_q_getprintprocessordirectory +{ + UNISTR2 name; + UNISTR2 environment; + uint32 level; + NEW_BUFFER *buffer; + uint32 offered; +} +SPOOL_Q_GETPRINTPROCESSORDIRECTORY; + +typedef struct spool_r_getprintprocessordirectory +{ + NEW_BUFFER *buffer; + uint32 needed; + WERROR status; +} +SPOOL_R_GETPRINTPROCESSORDIRECTORY; + +#define PRINTER_DRIVER_VERSION 2 +#define PRINTER_DRIVER_ARCHITECTURE "Windows NT x86" + +#endif /* _RPC_SPOOLSS_H */ + diff --git a/source3/include/rpc_srvsvc.h b/source3/include/rpc_srvsvc.h new file mode 100644 index 00000000000..5ebb41036e8 --- /dev/null +++ b/source3/include/rpc_srvsvc.h @@ -0,0 +1,834 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_SRVSVC_H /* _RPC_SRVSVC_H */ +#define _RPC_SRVSVC_H + + +/* srvsvc pipe */ +#define SRV_NETCONNENUM 0x08 +#define SRV_NETFILEENUM 0x09 +#define SRV_NETSESSENUM 0x0c +#define SRV_NET_SHARE_ADD 0x0e +#define SRV_NETSHAREENUM_ALL 0x0f +#define SRV_NET_SHARE_GET_INFO 0x10 +#define SRV_NET_SHARE_SET_INFO 0x11 +#define SRV_NET_SHARE_DEL 0x12 +#define SRV_NET_SRV_GET_INFO 0x15 +#define SRV_NET_SRV_SET_INFO 0x16 +#define SRV_NET_DISK_ENUM 0x17 +#define SRV_NET_REMOTE_TOD 0x1c +#define SRV_NET_NAME_VALIDATE 0x21 +#define SRV_NETSHAREENUM 0x24 +#define SRV_NETFILEQUERYSECDESC 0x27 +#define SRV_NETFILESETSECDESC 0x28 + +#define MAX_SERVER_DISK_ENTRIES 15 + +typedef struct disk_info { + uint32 unknown; + UNISTR3 disk_name; +} DISK_INFO; + +typedef struct disk_enum_container { + uint32 level; + uint32 entries_read; + uint32 unknown; + uint32 disk_info_ptr; + DISK_INFO disk_info[MAX_SERVER_DISK_ENTRIES]; +} DISK_ENUM_CONTAINER; + +typedef struct net_srv_disk_enum { + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* server name */ + + DISK_ENUM_CONTAINER disk_enum_ctr; + + uint32 preferred_len; /* preferred maximum length (0xffff ffff) */ + uint32 total_entries; /* total number of entries */ + ENUM_HND enum_hnd; + WERROR status; /* return status */ +} SRV_Q_NET_DISK_ENUM, SRV_R_NET_DISK_ENUM; + +typedef struct net_name_validate { + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + UNISTR2 uni_name; /*name to validate*/ + uint32 type; + uint32 flags; + WERROR status; +} SRV_Q_NET_NAME_VALIDATE, SRV_R_NET_NAME_VALIDATE; + +/* SESS_INFO_0 (pointers to level 0 session info strings) */ +typedef struct ptr_sess_info0 +{ + uint32 ptr_name; /* pointer to name. */ + +} SESS_INFO_0; + +/* SESS_INFO_0_STR (level 0 session info strings) */ +typedef struct str_sess_info0 +{ + UNISTR2 uni_name; /* unicode string of name */ + +} SESS_INFO_0_STR; + +/* oops - this is going to take up a *massive* amount of stack. */ +/* the UNISTR2s already have 1024 uint16 chars in them... */ +#define MAX_SESS_ENTRIES 32 + +/* SRV_SESS_INFO_0 */ +typedef struct srv_sess_info_0_info +{ + uint32 num_entries_read; /* EntriesRead */ + uint32 ptr_sess_info; /* Buffer */ + uint32 num_entries_read2; /* EntriesRead */ + + SESS_INFO_0 info_0 [MAX_SESS_ENTRIES]; /* session entry pointers */ + SESS_INFO_0_STR info_0_str[MAX_SESS_ENTRIES]; /* session entry strings */ + +} SRV_SESS_INFO_0; + +/* SESS_INFO_1 (pointers to level 1 session info strings) */ +typedef struct ptr_sess_info1 +{ + uint32 ptr_name; /* pointer to name. */ + uint32 ptr_user; /* pointer to user name. */ + + uint32 num_opens; + uint32 open_time; + uint32 idle_time; + uint32 user_flags; + +} SESS_INFO_1; + +/* SESS_INFO_1_STR (level 1 session info strings) */ +typedef struct str_sess_info1 +{ + UNISTR2 uni_name; /* unicode string of name */ + UNISTR2 uni_user; /* unicode string of user */ + +} SESS_INFO_1_STR; + +/* SRV_SESS_INFO_1 */ +typedef struct srv_sess_info_1_info +{ + uint32 num_entries_read; /* EntriesRead */ + uint32 ptr_sess_info; /* Buffer */ + uint32 num_entries_read2; /* EntriesRead */ + + SESS_INFO_1 info_1 [MAX_SESS_ENTRIES]; /* session entry pointers */ + SESS_INFO_1_STR info_1_str[MAX_SESS_ENTRIES]; /* session entry strings */ + +} SRV_SESS_INFO_1; + +/* SRV_SESS_INFO_CTR */ +typedef struct srv_sess_info_ctr_info +{ + uint32 switch_value; /* switch value */ + uint32 ptr_sess_ctr; /* pointer to sess info union */ + union + { + SRV_SESS_INFO_0 info0; /* session info level 0 */ + SRV_SESS_INFO_1 info1; /* session info level 1 */ + + } sess; + +} SRV_SESS_INFO_CTR; + + +/* SRV_Q_NET_SESS_ENUM */ +typedef struct q_net_sess_enum_info +{ + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* server name */ + + uint32 ptr_qual_name; /* pointer (to qualifier name) */ + UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */ + + uint32 sess_level; /* session level */ + + SRV_SESS_INFO_CTR *ctr; + + uint32 preferred_len; /* preferred maximum length (0xffff ffff) */ + ENUM_HND enum_hnd; + +} SRV_Q_NET_SESS_ENUM; + +/* SRV_R_NET_SESS_ENUM */ +typedef struct r_net_sess_enum_info +{ + uint32 sess_level; /* share level */ + + SRV_SESS_INFO_CTR *ctr; + + uint32 total_entries; /* total number of entries */ + ENUM_HND enum_hnd; + + WERROR status; /* return status */ + +} SRV_R_NET_SESS_ENUM; + +/* CONN_INFO_0 (pointers to level 0 connection info strings) */ +typedef struct ptr_conn_info0 +{ + uint32 id; /* connection id. */ + +} CONN_INFO_0; + +/* oops - this is going to take up a *massive* amount of stack. */ +/* the UNISTR2s already have 1024 uint16 chars in them... */ +#define MAX_CONN_ENTRIES 32 + +/* SRV_CONN_INFO_0 */ +typedef struct srv_conn_info_0_info +{ + uint32 num_entries_read; /* EntriesRead */ + uint32 ptr_conn_info; /* Buffer */ + uint32 num_entries_read2; /* EntriesRead */ + + CONN_INFO_0 info_0 [MAX_CONN_ENTRIES]; /* connection entry pointers */ + +} SRV_CONN_INFO_0; + +/* CONN_INFO_1 (pointers to level 1 connection info strings) */ +typedef struct ptr_conn_info1 +{ + uint32 id; /* connection id */ + uint32 type; /* 0x3 */ + uint32 num_opens; + uint32 num_users; + uint32 open_time; + + uint32 ptr_usr_name; /* pointer to user name. */ + uint32 ptr_net_name; /* pointer to network name (e.g IPC$). */ + +} CONN_INFO_1; + +/* CONN_INFO_1_STR (level 1 connection info strings) */ +typedef struct str_conn_info1 +{ + UNISTR2 uni_usr_name; /* unicode string of user */ + UNISTR2 uni_net_name; /* unicode string of name */ + +} CONN_INFO_1_STR; + +/* SRV_CONN_INFO_1 */ +typedef struct srv_conn_info_1_info +{ + uint32 num_entries_read; /* EntriesRead */ + uint32 ptr_conn_info; /* Buffer */ + uint32 num_entries_read2; /* EntriesRead */ + + CONN_INFO_1 info_1 [MAX_CONN_ENTRIES]; /* connection entry pointers */ + CONN_INFO_1_STR info_1_str[MAX_CONN_ENTRIES]; /* connection entry strings */ + +} SRV_CONN_INFO_1; + +/* SRV_CONN_INFO_CTR */ +typedef struct srv_conn_info_ctr_info +{ + uint32 switch_value; /* switch value */ + uint32 ptr_conn_ctr; /* pointer to conn info union */ + union + { + SRV_CONN_INFO_0 info0; /* connection info level 0 */ + SRV_CONN_INFO_1 info1; /* connection info level 1 */ + + } conn; + +} SRV_CONN_INFO_CTR; + + +/* SRV_Q_NET_CONN_ENUM */ +typedef struct q_net_conn_enum_info +{ + uint32 ptr_srv_name; /* pointer (to server name) */ + UNISTR2 uni_srv_name; /* server name "\\server" */ + + uint32 ptr_qual_name; /* pointer (to qualifier name) */ + UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */ + + uint32 conn_level; /* connection level */ + + SRV_CONN_INFO_CTR *ctr; + + uint32 preferred_len; /* preferred maximum length (0xffff ffff) */ + ENUM_HND enum_hnd; + +} SRV_Q_NET_CONN_ENUM; + +/* SRV_R_NET_CONN_ENUM */ +typedef struct r_net_conn_enum_info +{ + uint32 conn_level; /* share level */ + + SRV_CONN_INFO_CTR *ctr; + + uint32 total_entries; /* total number of entries */ + ENUM_HND enum_hnd; + + WERROR status; /* return status */ + +} SRV_R_NET_CONN_ENUM; + +/* SH_INFO_1 (pointers to level 1 share info strings) */ +typedef struct ptr_share_info1 +{ + uint32 ptr_netname; /* pointer to net name. */ + uint32 type; /* ipc, print, disk ... */ + uint32 ptr_remark; /* pointer to comment. */ + +} SH_INFO_1; + +/* SH_INFO_1_STR (level 1 share info strings) */ +typedef struct str_share_info1 +{ + UNISTR2 uni_netname; /* unicode string of net name */ + UNISTR2 uni_remark; /* unicode string of comment */ + +} SH_INFO_1_STR; + +/* SRV_SHARE_INFO_1 */ +typedef struct share_info_1_info +{ + SH_INFO_1 info_1; + SH_INFO_1_STR info_1_str; + +} SRV_SHARE_INFO_1; + +/* SH_INFO_2 (pointers to level 2 share info strings) */ +typedef struct ptr_share_info2 +{ + uint32 ptr_netname; /* pointer to net name. */ + uint32 type; /* ipc, print, disk ... */ + uint32 ptr_remark; /* pointer to comment. */ + uint32 perms; /* permissions */ + uint32 max_uses; /* maximum uses */ + uint32 num_uses; /* current uses */ + uint32 ptr_path; /* pointer to path name */ + uint32 ptr_passwd; /* pointer to password */ + +} SH_INFO_2; + +/* SH_INFO_2_STR (level 2 share info strings) */ +typedef struct str_share_info2 +{ + UNISTR2 uni_netname; /* unicode string of net name (e.g NETLOGON) */ + UNISTR2 uni_remark; /* unicode string of comment (e.g "Logon server share") */ + UNISTR2 uni_path; /* unicode string of local path (e.g c:\winnt\system32\repl\import\scripts) */ + UNISTR2 uni_passwd; /* unicode string of password - presumably for share level security (e.g NULL) */ + +} SH_INFO_2_STR; + +/* SRV_SHARE_INFO_2 */ +typedef struct share_info_2_info +{ + SH_INFO_2 info_2; + SH_INFO_2_STR info_2_str; + +} SRV_SHARE_INFO_2; + +typedef struct ptr_share_info501 +{ + uint32 ptr_netname; /* pointer to net name */ + uint32 type; /* ipc, print, disk */ + uint32 ptr_remark; /* pointer to comment */ + uint32 csc_policy; /* client-side offline caching policy << 4 */ +} SH_INFO_501; + +typedef struct str_share_info501 +{ + UNISTR2 uni_netname; /* unicode string of net name */ + UNISTR2 uni_remark; /* unicode string of comment */ +} SH_INFO_501_STR; + +/* SRV_SHARE_INFO_501 */ +typedef struct share_info_501_info +{ + SH_INFO_501 info_501; + SH_INFO_501_STR info_501_str; +} SRV_SHARE_INFO_501; + +/* SH_INFO_502 (pointers to level 502 share info strings) */ +typedef struct ptr_share_info502 +{ + uint32 ptr_netname; /* pointer to net name. */ + uint32 type; /* ipc, print, disk ... */ + uint32 ptr_remark; /* pointer to comment. */ + uint32 perms; /* permissions */ + uint32 max_uses; /* maximum uses */ + uint32 num_uses; /* current uses */ + uint32 ptr_path; /* pointer to path name */ + uint32 ptr_passwd; /* pointer to password */ + uint32 sd_size; /* size of security descriptor */ + uint32 ptr_sd; /* pointer to security descriptor */ + +} SH_INFO_502; + +/* SH_INFO_502_STR (level 502 share info strings) */ +typedef struct str_share_info502 +{ + SH_INFO_502 *ptrs; + + UNISTR2 uni_netname; /* unicode string of net name (e.g NETLOGON) */ + UNISTR2 uni_remark; /* unicode string of comment (e.g "Logon server share") */ + UNISTR2 uni_path; /* unicode string of local path (e.g c:\winnt\system32\repl\import\scripts) */ + UNISTR2 uni_passwd; /* unicode string of password - presumably for share level security (e.g NULL) */ + + uint32 sd_size; + SEC_DESC *sd; + +} SH_INFO_502_STR; + +/* SRV_SHARE_INFO_502 */ +typedef struct share_info_502_info +{ + SH_INFO_502 info_502; + SH_INFO_502_STR info_502_str; + +} SRV_SHARE_INFO_502; + +/* SRV_SHARE_INFO_1005 */ +typedef struct share_info_1005_info +{ + uint32 dfs_root_flag; +} SRV_SHARE_INFO_1005; + +/* SRV_SHARE_INFO_1501 */ +typedef struct share_info_1501_info +{ + SEC_DESC_BUF *sdb; +} SRV_SHARE_INFO_1501; + +/* SRV_SHARE_INFO_CTR */ +typedef struct srv_share_info_ctr_info +{ + uint32 info_level; + uint32 switch_value; + uint32 ptr_share_info; + + uint32 num_entries; + uint32 ptr_entries; + uint32 num_entries2; + + union { + SRV_SHARE_INFO_1 *info1; /* share info level 1 */ + SRV_SHARE_INFO_2 *info2; /* share info level 2 */ + SRV_SHARE_INFO_501 *info501; /* share info level 501 */ + SRV_SHARE_INFO_502 *info502; /* share info level 502 */ + void *info; + + } share; + +} SRV_SHARE_INFO_CTR; + +/* SRV_Q_NET_SHARE_ENUM */ +typedef struct q_net_share_enum_info +{ + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* server name */ + + SRV_SHARE_INFO_CTR ctr; /* share info container */ + + uint32 preferred_len; /* preferred maximum length (0xffff ffff) */ + + ENUM_HND enum_hnd; + +} SRV_Q_NET_SHARE_ENUM; + + +/* SRV_R_NET_SHARE_ENUM */ +typedef struct r_net_share_enum_info +{ + SRV_SHARE_INFO_CTR ctr; /* share info container */ + + uint32 total_entries; /* total number of entries */ + ENUM_HND enum_hnd; + + WERROR status; /* return status */ + +} SRV_R_NET_SHARE_ENUM; + + +/* SRV_Q_NET_SHARE_GET_INFO */ +typedef struct q_net_share_get_info_info +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + + UNISTR2 uni_share_name; + uint32 info_level; + +} SRV_Q_NET_SHARE_GET_INFO; + +/* JRA. NB. We also need level 1004 and 1006 here. */ + +/* SRV_SHARE_INFO */ +typedef struct srv_share_info { + uint32 switch_value; + uint32 ptr_share_ctr; + + union { + SRV_SHARE_INFO_1 info1; + SRV_SHARE_INFO_2 info2; + SRV_SHARE_INFO_501 info501; + SRV_SHARE_INFO_502 info502; + SRV_SHARE_INFO_1005 info1005; + SRV_SHARE_INFO_1501 info1501; + } share; +} SRV_SHARE_INFO; + +/* SRV_R_NET_SHARE_GET_INFO */ +typedef struct r_net_share_get_info_info +{ + SRV_SHARE_INFO info; + WERROR status; + +} SRV_R_NET_SHARE_GET_INFO; + +/* SRV_Q_NET_SHARE_SET_INFO */ +typedef struct q_net_share_set_info_info +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + + UNISTR2 uni_share_name; + uint32 info_level; + + SRV_SHARE_INFO info; + +} SRV_Q_NET_SHARE_SET_INFO; + +/* SRV_R_NET_SHARE_SET_INFO */ +typedef struct r_net_share_set_info +{ + uint32 switch_value; /* switch value */ + + WERROR status; /* return status */ + +} SRV_R_NET_SHARE_SET_INFO; + +/* SRV_Q_NET_SHARE_ADD */ +typedef struct q_net_share_add +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + + uint32 info_level; + + SRV_SHARE_INFO info; + +} SRV_Q_NET_SHARE_ADD; + +/* SRV_R_NET_SHARE_ADD */ +typedef struct r_net_share_add +{ + uint32 switch_value; /* switch value */ + + WERROR status; /* return status */ + +} SRV_R_NET_SHARE_ADD; + +/* SRV_Q_NET_SHARE_DEL */ +typedef struct q_net_share_del +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + UNISTR2 uni_share_name; + +} SRV_Q_NET_SHARE_DEL; + +/* SRV_R_NET_SHARE_DEL */ +typedef struct r_net_share_del +{ + WERROR status; /* return status */ + +} SRV_R_NET_SHARE_DEL; + +/* FILE_INFO_3 (level 3 file info strings) */ +typedef struct file_info3_info +{ + uint32 id; /* file index */ + uint32 perms; /* file permissions. don't know what format */ + uint32 num_locks; /* file locks */ + uint32 ptr_path_name; /* file name */ + uint32 ptr_user_name; /* file owner */ + +} FILE_INFO_3; + +/* FILE_INFO_3_STR (level 3 file info strings) */ +typedef struct str_file_info3_info +{ + UNISTR2 uni_path_name; /* unicode string of file name */ + UNISTR2 uni_user_name; /* unicode string of file owner. */ + +} FILE_INFO_3_STR; + +/* oops - this is going to take up a *massive* amount of stack. */ +/* the UNISTR2s already have 1024 uint16 chars in them... */ +#define MAX_FILE_ENTRIES 32 + +/* SRV_FILE_INFO_3 */ +typedef struct srv_file_info_3 +{ + uint32 num_entries_read; /* EntriesRead */ + uint32 ptr_file_info; /* Buffer */ + + uint32 num_entries_read2; /* EntriesRead */ + + FILE_INFO_3 info_3 [MAX_FILE_ENTRIES]; /* file entry details */ + FILE_INFO_3_STR info_3_str[MAX_FILE_ENTRIES]; /* file entry strings */ + +} SRV_FILE_INFO_3; + +/* SRV_FILE_INFO_CTR */ +typedef struct srv_file_info_3_info +{ + uint32 switch_value; /* switch value */ + uint32 ptr_file_ctr; /* pointer to file info union */ + union + { + SRV_FILE_INFO_3 info3; /* file info with 0 entries */ + + } file; + +} SRV_FILE_INFO_CTR; + + +/* SRV_Q_NET_FILE_ENUM */ +typedef struct q_net_file_enum_info +{ + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* server name */ + + uint32 ptr_qual_name; /* pointer (to qualifier name) */ + UNISTR2 uni_qual_name; /* qualifier name "\\qualifier" */ + + uint32 file_level; /* file level */ + + SRV_FILE_INFO_CTR *ctr; + + uint32 preferred_len; /* preferred maximum length (0xffff ffff) */ + ENUM_HND enum_hnd; + +} SRV_Q_NET_FILE_ENUM; + + +/* SRV_R_NET_FILE_ENUM */ +typedef struct r_net_file_enum_info +{ + uint32 file_level; /* file level */ + + SRV_FILE_INFO_CTR *ctr; + + uint32 total_entries; /* total number of files */ + ENUM_HND enum_hnd; + + WERROR status; /* return status */ + +} SRV_R_NET_FILE_ENUM; + +/* SRV_INFO_100 */ +typedef struct srv_info_100_info +{ + uint32 platform_id; /* 0x500 */ + uint32 ptr_name; /* pointer to server name */ + + UNISTR2 uni_name; /* server name "server" */ + +} SRV_INFO_100; + +/* SRV_INFO_101 */ +typedef struct srv_info_101_info +{ + uint32 platform_id; /* 0x500 */ + uint32 ptr_name; /* pointer to server name */ + uint32 ver_major; /* 0x4 */ + uint32 ver_minor; /* 0x2 */ + uint32 srv_type; /* browse etc type */ + uint32 ptr_comment; /* pointer to server comment */ + + UNISTR2 uni_name; /* server name "server" */ + UNISTR2 uni_comment; /* server comment "samba x.x.x blah" */ + +} SRV_INFO_101; + +/* SRV_INFO_102 */ +typedef struct srv_info_102_info +{ + uint32 platform_id; /* 0x500 */ + uint32 ptr_name; /* pointer to server name */ + uint32 ver_major; /* 0x4 */ + uint32 ver_minor; /* 0x2 */ + uint32 srv_type; /* browse etc type */ + uint32 ptr_comment; /* pointer to server comment */ + uint32 users; /* 0xffff ffff*/ + uint32 disc; /* 0xf */ + uint32 hidden; /* 0x0 */ + uint32 announce; /* 240 */ + uint32 ann_delta; /* 3000 */ + uint32 licenses; /* 0 */ + uint32 ptr_usr_path; /* pointer to user path */ + + UNISTR2 uni_name; /* server name "server" */ + UNISTR2 uni_comment; /* server comment "samba x.x.x blah" */ + UNISTR2 uni_usr_path; /* "c:\" (eh?) */ + +} SRV_INFO_102; + + +/* SRV_INFO_CTR */ +typedef struct srv_info_ctr_info +{ + uint32 switch_value; /* switch value */ + uint32 ptr_srv_ctr; /* pointer to server info */ + union + { + SRV_INFO_102 sv102; /* server info level 102 */ + SRV_INFO_101 sv101; /* server info level 101 */ + SRV_INFO_100 sv100; /* server info level 100 */ + + } srv; + +} SRV_INFO_CTR; + +/* SRV_Q_NET_SRV_GET_INFO */ +typedef struct q_net_srv_get_info +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; /* "\\server" */ + uint32 switch_value; + +} SRV_Q_NET_SRV_GET_INFO; + +/* SRV_R_NET_SRV_GET_INFO */ +typedef struct r_net_srv_get_info +{ + SRV_INFO_CTR *ctr; + + WERROR status; /* return status */ + +} SRV_R_NET_SRV_GET_INFO; + +/* SRV_Q_NET_SRV_SET_INFO */ +typedef struct q_net_srv_set_info +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; /* "\\server" */ + uint32 switch_value; + + SRV_INFO_CTR *ctr; + +} SRV_Q_NET_SRV_SET_INFO; + + +/* SRV_R_NET_SRV_SET_INFO */ +typedef struct r_net_srv_set_info +{ + uint32 switch_value; /* switch value */ + + WERROR status; /* return status */ + +} SRV_R_NET_SRV_SET_INFO; + +/* SRV_Q_NET_REMOTE_TOD */ +typedef struct q_net_remote_tod +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; /* "\\server" */ + +} SRV_Q_NET_REMOTE_TOD; + +/* TIME_OF_DAY_INFO */ +typedef struct time_of_day_info +{ + uint32 elapsedt; + uint32 msecs; + uint32 hours; + uint32 mins; + uint32 secs; + uint32 hunds; + uint32 zone; + uint32 tintervals; + uint32 day; + uint32 month; + uint32 year; + uint32 weekday; + +} TIME_OF_DAY_INFO; + +/* SRV_R_NET_REMOTE_TOD */ +typedef struct r_net_remote_tod +{ + uint32 ptr_srv_tod; /* pointer to TOD */ + TIME_OF_DAY_INFO *tod; + + WERROR status; /* return status */ + +} SRV_R_NET_REMOTE_TOD; + +/* SRV_Q_NET_FILE_QUERY_SECDESC */ +typedef struct q_net_file_query_secdesc +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + uint32 ptr_qual_name; + UNISTR2 uni_qual_name; + UNISTR2 uni_file_name; + uint32 unknown1; + uint32 unknown2; + uint32 unknown3; +} SRV_Q_NET_FILE_QUERY_SECDESC; + +/* SRV_R_NET_FILE_QUERY_SECDESC */ +typedef struct r_net_file_query_secdesc +{ + uint32 ptr_response; + uint32 size_response; + uint32 ptr_secdesc; + uint32 size_secdesc; + SEC_DESC *sec_desc; + WERROR status; +} SRV_R_NET_FILE_QUERY_SECDESC; + +/* SRV_Q_NET_FILE_SET_SECDESC */ +typedef struct q_net_file_set_secdesc +{ + uint32 ptr_srv_name; + UNISTR2 uni_srv_name; + uint32 ptr_qual_name; + UNISTR2 uni_qual_name; + UNISTR2 uni_file_name; + uint32 sec_info; + uint32 size_set; + uint32 ptr_secdesc; + uint32 size_secdesc; + SEC_DESC *sec_desc; +} SRV_Q_NET_FILE_SET_SECDESC; + +/* SRV_R_NET_FILE_SET_SECDESC */ +typedef struct r_net_file_set_secdesc +{ + WERROR status; +} SRV_R_NET_FILE_SET_SECDESC; +#endif /* _RPC_SRVSVC_H */ diff --git a/source3/include/rpc_wkssvc.h b/source3/include/rpc_wkssvc.h new file mode 100644 index 00000000000..adc37c255b2 --- /dev/null +++ b/source3/include/rpc_wkssvc.h @@ -0,0 +1,72 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-1997 + Copyright (C) Luke Kenneth Casson Leighton 1996-1997 + Copyright (C) Paul Ashton 1997 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _RPC_WKS_H /* _RPC_WKS_H */ +#define _RPC_WKS_H + + +/* wkssvc pipe */ +#define WKS_QUERY_INFO 0x00 + + +/* WKS_Q_QUERY_INFO - probably a capabilities request */ +typedef struct q_wks_query_info_info +{ + uint32 ptr_srv_name; /* pointer (to server name?) */ + UNISTR2 uni_srv_name; /* unicode server name starting with '\\' */ + + uint16 switch_value; /* info level 100 (0x64) */ + +} WKS_Q_QUERY_INFO; + + +/* WKS_INFO_100 - level 100 info */ +typedef struct wks_info_100_info +{ + uint32 platform_id; /* 0x0000 01f4 - unknown */ + uint32 ptr_compname; /* pointer to server name */ + uint32 ptr_lan_grp ; /* pointer to domain name */ + uint32 ver_major; /* 4 - unknown */ + uint32 ver_minor; /* 0 - unknown */ + + UNISTR2 uni_compname; /* unicode server name */ + UNISTR2 uni_lan_grp ; /* unicode domain name */ + +} WKS_INFO_100; + + +/* WKS_R_QUERY_INFO - probably a capabilities request */ +typedef struct r_wks_query_info_info +{ + uint16 switch_value; /* 100 (0x64) - switch value */ + + /* for now, only level 100 is supported. this should be an enum container */ + uint32 ptr_1; /* pointer 1 */ + WKS_INFO_100 *wks100; /* workstation info level 100 */ + + NTSTATUS status; /* return status */ + +} WKS_R_QUERY_INFO; + + +#endif /* _RPC_WKS_H */ + diff --git a/source3/include/safe_string.h b/source3/include/safe_string.h new file mode 100644 index 00000000000..1ee97833c5d --- /dev/null +++ b/source3/include/safe_string.h @@ -0,0 +1,66 @@ +/* + Unix SMB/CIFS implementation. + Safe string handling routines. + Copyright (C) Andrew Tridgell 1994-1998 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _SAFE_STRING_H +#define _SAFE_STRING_H + +#ifndef _SPLINT_ /* http://www.splint.org */ + +/* Some macros to ensure people don't use buffer overflow vulnerable string + functions. */ + +#ifdef bcopy +#undef bcopy +#endif /* bcopy */ +#define bcopy(src,dest,size) __ERROR__XX__NEVER_USE_BCOPY___; + +#ifdef strcpy +#undef strcpy +#endif /* strcpy */ +#define strcpy(dest,src) __ERROR__XX__NEVER_USE_STRCPY___; + +#ifdef strcat +#undef strcat +#endif /* strcat */ +#define strcat(dest,src) __ERROR__XX__NEVER_USE_STRCAT___; + +#ifdef sprintf +#undef sprintf +#endif /* sprintf */ +#define sprintf __ERROR__XX__NEVER_USE_SPRINTF__; + +#endif /* !_SPLINT_ */ + +#define pstrcpy(d,s) safe_strcpy((d), (s),sizeof(pstring)-1) +#define pstrcat(d,s) safe_strcat((d), (s),sizeof(pstring)-1) +#define fstrcpy(d,s) safe_strcpy((d),(s),sizeof(fstring)-1) +#define fstrcat(d,s) safe_strcat((d),(s),sizeof(fstring)-1) + +#define wpstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wpstring)) +#define wpstrcat(d,s) safe_strcat_w((d),(s),sizeof(wpstring)) +#define wfstrcpy(d,s) safe_strcpy_w((d),(s),sizeof(wfstring)) +#define wfstrcat(d,s) safe_strcat_w((d),(s),sizeof(wfstring)) + +/* replace some string functions with multi-byte + versions */ +#define strlower(s) strlower_m(s) +#define strupper(s) strupper_m(s) + +#endif diff --git a/source3/include/secrets.h b/source3/include/secrets.h new file mode 100644 index 00000000000..69ab4f6c8dc --- /dev/null +++ b/source3/include/secrets.h @@ -0,0 +1,59 @@ +/* + * Unix SMB/CIFS implementation. + * secrets.tdb file format info + * Copyright (C) Andrew Tridgell 2000 + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for + * more details. + * + * You should have received a copy of the GNU General Public License along with + * this program; if not, write to the Free Software Foundation, Inc., 675 + * Mass Ave, Cambridge, MA 02139, USA. + */ + +#ifndef _SECRETS_H +#define _SECRETS_H + +/* the first one is for the hashed password (NT4 style) the latter + for plaintext (ADS) +*/ +#define SECRETS_MACHINE_ACCT_PASS "SECRETS/$MACHINE.ACC" +#define SECRETS_MACHINE_PASSWORD "SECRETS/MACHINE_PASSWORD" + +/* this one is for storing trusted domain account password */ +#define SECRETS_DOMTRUST_ACCT_PASS "SECRETS/$DOMTRUST.ACC" + +/* The domain sid and our sid are stored here even though they aren't + really secret. */ +#define SECRETS_DOMAIN_SID "SECRETS/SID" +#define SECRETS_SAM_SID "SAM/SID" + +/* Authenticated user info is stored in secrets.tdb under these keys */ + +#define SECRETS_AUTH_USER "SECRETS/AUTH_USER" +#define SECRETS_AUTH_DOMAIN "SECRETS/AUTH_DOMAIN" +#define SECRETS_AUTH_PASSWORD "SECRETS/AUTH_PASSWORD" + +/* structure for storing machine account password + (ie. when samba server is member of a domain */ +struct machine_acct_pass { + uint8 hash[16]; + time_t mod_time; +}; + +/* structure for storing trusted domain password */ +struct trusted_dom_pass { + int pass_len; + fstring pass; + time_t mod_time; + DOM_SID domain_sid; /* remote domain's sid */ +}; + +#endif /* _SECRETS_H */ diff --git a/source3/include/session.h b/source3/include/session.h new file mode 100644 index 00000000000..f613afee09a --- /dev/null +++ b/source3/include/session.h @@ -0,0 +1,40 @@ +/* + Unix SMB/CIFS implementation. + session handling for recording currently vailid vuids + Copyright (C) tridge@samba.org 2001 + Copyright (C) Andew Bartlett 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +/* a "session" is claimed when we do a SessionSetupX operation + and is yielded when the corresponding vuid is destroyed. + + sessions are used to populate utmp and PAM session structures +*/ + +struct sessionid { + uid_t uid; + gid_t gid; + fstring username; + fstring hostname; + fstring netbios_name; + fstring remote_machine; + fstring id_str; + uint32 id_num; + uint32 pid; + fstring ip_addr; +}; + diff --git a/source3/include/sids.h b/source3/include/sids.h new file mode 100644 index 00000000000..860d96b193f --- /dev/null +++ b/source3/include/sids.h @@ -0,0 +1,39 @@ +/* + Unix SMB/CIFS implementation. + SMB parameters and setup + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Elrond 2000 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. +*/ + +#ifndef _SIDS_H +#define _SIDS_H + +extern DOM_SID global_sam_sid; +extern fstring global_sam_name; + +extern DOM_SID global_member_sid; + +extern DOM_SID global_sid_S_1_5_32; /* local well-known domain */ +extern DOM_SID global_sid_S_1_1; /* Global Domain */ +extern DOM_SID global_sid_NULL; + +extern const DOM_SID *global_sid_everyone; +extern const DOM_SID *global_sid_system; /* SYSTEM */ +extern const DOM_SID *global_sid_builtin; + +#endif /* _SIDS_H */ diff --git a/source3/include/smb.h b/source3/include/smb.h index b7faffa9e92..8963528e9ae 100644 --- a/source3/include/smb.h +++ b/source3/include/smb.h @@ -1,8 +1,13 @@ /* - Unix SMB/Netbios implementation. - Version 1.9. - SMB parameters and setup - Copyright (C) Andrew Tridgell 1992-1995 + Unix SMB/CIFS implementation. + SMB parameters and setup, plus a whole lot more. + + Copyright (C) Andrew Tridgell 1992-2000 + Copyright (C) John H Terpstra 1996-2000 + Copyright (C) Luke Kenneth Casson Leighton 1996-2000 + Copyright (C) Paul Ashton 1998-2000 + Copyright (C) Simo Sorce 2001-2002 + Copyright (C) Martin Pool 2002 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -18,59 +23,34 @@ along with this program; if not, write to the Free Software Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ + #ifndef _SMB_H #define _SMB_H -#ifndef MAX_CONNECTIONS -#define MAX_CONNECTIONS 127 -#endif - -#ifndef MAX_OPEN_FILES -#define MAX_OPEN_FILES 50 -#endif - -#ifndef GUEST_ACCOUNT -#define GUEST_ACCOUNT "nobody" +#if defined(LARGE_SMB_OFF_T) +#define BUFFER_SIZE (128*1024) +#else /* no large readwrite possible */ +#define BUFFER_SIZE (0xFFFF) #endif -#define BUFFER_SIZE (0xFFFF) #define SAFETY_MARGIN 1024 +#define LARGE_WRITEX_HDR_SIZE 65 -#ifndef EXTERN -# define EXTERN extern -#endif +#define NMB_PORT 137 +#define DGRAM_PORT 138 +#define SMB_PORT 139 #define False (0) #define True (1) -#define BOOLSTR(b) ((b) ? "Yes" : "No") -#define BITSETB(ptr,bit) ((((char *)ptr)[0] & (1<<(bit)))!=0) -#define BITSETW(ptr,bit) ((SVAL(ptr,0) & (1<<(bit)))!=0) -#define PTR_DIFF(p1,p2) ((ptrdiff_t)(((char *)(p1)) - (char *)(p2))) +#define Auto (2) +#ifndef _BOOL typedef int BOOL; - -/* - Samba needs type definitions for int16, int32, uint16 and uint32. - - Normally these are signed and unsigned 16 and 32 bit integers, but - they actually only need to be at least 16 and 32 bits - respectively. Thus if your word size is 8 bytes just defining them - as signed and unsigned int will work. -*/ - -/* afs/stds.h defines int16 and int32 */ -#ifndef AFS_AUTH -typedef short int16; -typedef int int32; +#define _BOOL /* So we don't typedef BOOL again in vfs.h */ #endif -#ifndef uint16 -typedef unsigned short uint16; -#endif - -#ifndef uint32 -typedef unsigned int uint32; -#endif +/* limiting size of ipc replies */ +#define REALLOC(ptr,size) Realloc(ptr,MAX((size),4*1024)) #define SIZEOFWORD 2 @@ -78,35 +58,33 @@ typedef unsigned int uint32; #define DEF_CREATE_MASK (0755) #endif -#ifndef DEFAULT_PIPE_TIMEOUT -#define DEFAULT_PIPE_TIMEOUT 10000000 /* Ten seconds */ -#endif +/* string manipulation flags - see clistr.c and srvstr.c */ +#define STR_TERMINATE 1 +#define STR_UPPER 2 +#define STR_ASCII 4 +#define STR_UNICODE 8 +#define STR_NOALIGN 16 -/* debugging code */ -#ifndef SYSLOG -#define DEBUG(level,body) ((DEBUGLEVEL>=(level))?(Debug1 body):0) -#else -EXTERN int syslog_level; +/* how long to wait for secondary SMB packets (milli-seconds) */ +#define SMB_SECONDARY_WAIT (60*1000) -#define DEBUG(level,body) ((DEBUGLEVEL>=(level))? \ - (syslog_level = (level), Debug1 body):0) -#endif +/* Debugging stuff */ +#include "debug.h" -#define DIR_STRUCT_SIZE 43 +/* this defines the error codes that receive_smb can put in smb_read_error */ +#define READ_TIMEOUT 1 +#define READ_EOF 2 +#define READ_ERROR 3 -/* these define all the command types recognised by the server - there -are lots of gaps so probably there are some rare commands that are not -implemented */ - -#define pSETDIR '\377' +#define DIR_STRUCT_SIZE 43 /* these define the attribute byte as seen by DOS */ -#define aRONLY (1L<<0) -#define aHIDDEN (1L<<1) -#define aSYSTEM (1L<<2) -#define aVOLID (1L<<3) -#define aDIR (1L<<4) -#define aARCH (1L<<5) +#define aRONLY (1L<<0) /* 0x01 */ +#define aHIDDEN (1L<<1) /* 0x02 */ +#define aSYSTEM (1L<<2) /* 0x04 */ +#define aVOLID (1L<<3) /* 0x08 */ +#define aDIR (1L<<4) /* 0x10 */ +#define aARCH (1L<<5) /* 0x20 */ /* deny modes */ #define DENY_DOS 0 @@ -116,212 +94,424 @@ implemented */ #define DENY_NONE 4 #define DENY_FCB 7 +/* open modes */ +#define DOS_OPEN_RDONLY 0 +#define DOS_OPEN_WRONLY 1 +#define DOS_OPEN_RDWR 2 +#define DOS_OPEN_FCB 0xF + +/* define shifts and masks for share and open modes. */ +#define OPEN_MODE_MASK 0xF +#define SHARE_MODE_SHIFT 4 +#define SHARE_MODE_MASK 0x7 +#define GET_OPEN_MODE(x) ((x) & OPEN_MODE_MASK) +#define SET_OPEN_MODE(x) ((x) & OPEN_MODE_MASK) +#define GET_DENY_MODE(x) (((x)>>SHARE_MODE_SHIFT) & SHARE_MODE_MASK) +#define SET_DENY_MODE(x) (((x) & SHARE_MODE_MASK) <